| CVE | CVSS | EPSS | Posts | Repos | Nuclei | Updated | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-2517 | 5.3 | 0.00% | 2 | 0 | 2026-02-15T13:16:16.690000 | A security flaw has been discovered in Open5GS up to 2.7.6. This vulnerability a | |
| CVE-2026-2516 | 7.0 | 0.00% | 2 | 0 | 2026-02-15T13:16:16.423000 | A vulnerability was identified in Unidocs ezPDF DRM Reader and ezPDF Reader 2.0/ | |
| CVE-2026-2540 | 0 | 0.02% | 2 | 0 | 2026-02-15T11:15:55.070000 | The Micca KE700 system contains flawed resynchronization logic and is vulnerable | |
| CVE-2026-1793 | 6.5 | 0.05% | 2 | 0 | 2026-02-15T04:15:54.260000 | The Element Pack Addons for Elementor plugin for WordPress is vulnerable to arbi | |
| CVE-2026-1750 | 8.8 | 0.03% | 2 | 0 | 2026-02-15T04:15:54.113000 | The Ecwid by Lightspeed Ecommerce Shopping Cart plugin for WordPress is vulnerab | |
| CVE-2026-1490 | 9.8 | 0.08% | 2 | 1 | 2026-02-15T04:15:53.783000 | The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vu | |
| CVE-2026-0753 | 7.2 | 0.09% | 2 | 0 | 2026-02-14T09:31:45 | The Super Simple Contact Form plugin for WordPress is vulnerable to Reflected Cr | |
| CVE-2025-8572 | 9.8 | 0.04% | 2 | 1 | 2026-02-14T09:31:44 | The Truelysell Core plugin for WordPress is vulnerable to privilege escalation i | |
| CVE-2026-1843 | 7.2 | 0.07% | 1 | 0 | 2026-02-14T09:31:44 | The Super Page Cache plugin for WordPress is vulnerable to Stored Cross-Site Scr | |
| CVE-2026-2024 | 7.5 | 0.07% | 3 | 0 | 2026-02-14T07:16:13.020000 | The PhotoStack Gallery plugin for WordPress is vulnerable to SQL Injection via t | |
| CVE-2026-1988 | 7.5 | 0.12% | 3 | 0 | 2026-02-14T07:16:12.670000 | The Flexi Product Slider and Grid for WooCommerce plugin for WordPress is vulner | |
| CVE-2026-1306 | 9.8 | 0.14% | 4 | 1 | 2026-02-14T07:16:10.150000 | The midi-Synth plugin for WordPress is vulnerable to arbitrary file uploads due | |
| CVE-2026-0745 | 7.2 | 0.03% | 2 | 1 | 2026-02-14T07:16:09.113000 | The User Language Switch plugin for WordPress is vulnerable to Server-Side Reque | |
| CVE-2026-0692 | 7.5 | 0.06% | 1 | 0 | 2026-02-14T06:31:04 | The BlueSnap Payment Gateway for WooCommerce plugin for WordPress is vulnerable | |
| CVE-2026-2144 | 8.1 | 0.05% | 1 | 6 | 2026-02-14T06:31:04 | The Magic Login Mail or QR Code plugin for WordPress is vulnerable to Privilege | |
| CVE-2026-2469 | 7.6 | 0.01% | 1 | 0 | 2026-02-14T05:16:22.270000 | Versions of the package directorytree/imapengine before 1.22.3 are vulnerable to | |
| CVE-2025-69634 | 9.0 | 0.05% | 1 | 0 | 2026-02-14T05:16:13.900000 | Cross Site Request Forgery vulnerability in Dolibarr ERP & CRM v.22.0.9 allows a | |
| CVE-2026-1731 | 0 | 61.38% | 14 | 3 | template | 2026-02-14T01:16:07.740000 | BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote |
| CVE-2026-24853 | 8.1 | 0.04% | 1 | 0 | 2026-02-13T23:16:11.800000 | Caido is a web security auditing toolkit. Prior to 0.55.0, Caido blocks non whit | |
| CVE-2026-26273 | 9.8 | 0.08% | 2 | 0 | 2026-02-13T22:49:30 | ### Summary A Critical Broken Authentication vulnerability exists in Known 1.6.2 | |
| CVE-2026-26269 | 5.4 | 0.03% | 1 | 0 | 2026-02-13T22:16:11.220000 | Vim is an open source, command line text editor. Prior to 9.1.2148, a stack buff | |
| CVE-2025-15157 | 8.8 | 0.01% | 2 | 0 | 2026-02-13T22:16:08.427000 | The Starfish Review Generation & Marketing for WordPress plugin for WordPress is | |
| CVE-2026-26187 | 8.1 | 0.05% | 1 | 0 | 2026-02-13T22:11:50 | ## Summary Two path traversal vulnerabilities in the local block adapter allow | |
| CVE-2026-20615 | 7.8 | 0.02% | 1 | 0 | 2026-02-13T21:43:42.930000 | A path handling issue was addressed with improved validation. This issue is fixe | |
| CVE-2025-69770 | 10.0 | 0.09% | 2 | 0 | 2026-02-13T21:43:11.137000 | A zip slip vulnerability in the /DesignTools/SkinList.aspx endpoint of MojoPorta | |
| CVE-2026-26221 | 0 | 0.52% | 1 | 0 | 2026-02-13T21:43:11.137000 | Hyland OnBase contains an unauthenticated .NET Remoting exposure in the OnBase W | |
| CVE-2026-25991 | 7.7 | 0.03% | 1 | 0 | 2026-02-13T21:43:11.137000 | Tandoor Recipes is an application for managing recipes, planning meals, and buil | |
| CVE-2026-21878 | 7.5 | 0.04% | 1 | 0 | 2026-02-13T21:43:11.137000 | BACnet Stack is a BACnet open source protocol stack C library for embedded syste | |
| CVE-2026-20045 | 8.2 | 1.10% | 1 | 1 | 2026-02-13T21:37:06.717000 | A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unif | |
| CVE-2026-20620 | 7.7 | 0.01% | 1 | 0 | 2026-02-13T21:34:12 | An out-of-bounds read issue was addressed with improved input validation. This i | |
| CVE-2026-26335 | None | 0.08% | 1 | 1 | 2026-02-13T21:31:50 | Calero VeraSMART versions prior to 2022 R1 use static ASP.NET/IIS machineKey val | |
| CVE-2026-26333 | None | 0.10% | 1 | 0 | 2026-02-13T21:31:50 | Calero VeraSMART versions prior to 2022 R1 expose an unauthenticated .NET Remoti | |
| CVE-2026-2441 | 8.8 | 0.03% | 6 | 0 | 2026-02-13T21:31:40 | Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote a | |
| CVE-2025-70123 | 7.5 | 0.10% | 3 | 0 | 2026-02-13T21:31:36 | An improper input validation and protocol compliance vulnerability in free5GC v4 | |
| CVE-2025-70121 | 7.5 | 0.11% | 1 | 0 | 2026-02-13T21:31:36 | An array index out of bounds vulnerability in the AMF component of free5GC v4.0. | |
| CVE-2025-70122 | 7.5 | 0.10% | 1 | 0 | 2026-02-13T21:31:36 | A heap buffer overflow vulnerability in the UPF component of free5GC v4.0.1 allo | |
| CVE-2026-20667 | 8.8 | 0.01% | 1 | 0 | 2026-02-13T21:31:36 | A logic issue was addressed with improved checks. This issue is fixed in watchOS | |
| CVE-2026-20614 | 7.8 | 0.02% | 1 | 0 | 2026-02-13T21:31:35 | A path handling issue was addressed with improved validation. This issue is fixe | |
| CVE-2026-20617 | 7.0 | 0.01% | 1 | 0 | 2026-02-13T21:31:35 | A race condition was addressed with improved state handling. This issue is fixed | |
| CVE-2026-20649 | 7.5 | 0.03% | 1 | 0 | 2026-02-13T18:31:25 | A logging issue was addressed with improved data redaction. This issue is fixed | |
| CVE-2026-26011 | 0 | 0.06% | 1 | 0 | 2026-02-13T18:16:19.943000 | navigation2 is a ROS 2 Navigation Framework and System. In 1.3.11 and earlier, a | |
| CVE-2026-20660 | 7.5 | 0.06% | 1 | 0 | 2026-02-13T18:16:19.127000 | A path handling issue was addressed with improved logic. This issue is fixed in | |
| CVE-2026-26190 | 9.8 | 0.11% | 2 | 0 | 2026-02-13T17:17:13 | ## Summary Milvus exposes TCP port 9091 by default with two critical authentica | |
| CVE-2026-26056 | 8.8 | 0.04% | 1 | 0 | 2026-02-13T17:15:44 | # Arbitrary WASM Code Execution via AnnotationOverrideFlight Injection in Yoke A | |
| CVE-2026-20610 | 7.8 | 0.03% | 1 | 0 | 2026-02-13T15:45:52.137000 | This issue was addressed with improved handling of symlinks. This issue is fixed | |
| CVE-2026-20654 | 5.5 | 0.01% | 1 | 0 | 2026-02-13T15:31:29 | The issue was addressed with improved memory handling. This issue is fixed in wa | |
| CVE-2026-2321 | 8.8 | 0.11% | 1 | 0 | 2026-02-13T15:31:28 | Use after free in Ozone in Google Chrome prior to 145.0.7632.45 allowed a remote | |
| CVE-2026-20658 | 7.8 | 0.01% | 1 | 0 | 2026-02-13T15:31:28 | A package validation issue was addressed by blocking the vulnerable package. Thi | |
| CVE-2026-1619 | 8.3 | 0.04% | 1 | 0 | 2026-02-13T15:30:27 | Authorization Bypass Through User-Controlled Key vulnerability in Universal Soft | |
| CVE-2025-15556 | 7.5 | 3.19% | 4 | 2 | 2026-02-13T15:30:24 | Notepad++ versions prior to 8.8.9, when using the WinGUp updater, contain an upd | |
| CVE-2025-46290 | 7.5 | 0.12% | 1 | 0 | 2026-02-13T14:50:10.343000 | A logic issue was addressed with improved checks. This issue is fixed in macOS S | |
| CVE-2026-26216 | 10.0 | 0.20% | 3 | 0 | 2026-02-13T14:23:48.007000 | Crawl4AI versions prior to 0.8.0 contain a remote code execution vulnerability i | |
| CVE-2026-1618 | 8.8 | 0.06% | 1 | 0 | 2026-02-13T14:23:48.007000 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Univer | |
| CVE-2025-14349 | 8.8 | 0.05% | 1 | 0 | 2026-02-13T14:23:48.007000 | Privilege Defined With Unsafe Actions, Missing Authentication for Critical Funct | |
| CVE-2026-25227 | 9.1 | 0.03% | 3 | 0 | 2026-02-13T14:23:48.007000 | authentik is an open-source identity provider. From 2021.3.1 to before 2025.8.6, | |
| CVE-2026-26219 | 9.1 | 0.02% | 2 | 0 | 2026-02-13T14:23:48.007000 | newbee-mall stores and verifies user passwords using an unsalted MD5 hashing alg | |
| CVE-2026-24044 | 0 | 0.04% | 1 | 0 | 2026-02-13T14:23:48.007000 | Element Server Suite Community Edition (ESS Community) deploys a Matrix stack us | |
| CVE-2026-26020 | 0 | 0.08% | 1 | 0 | 2026-02-13T14:23:48.007000 | AutoGPT is a platform that allows users to create, deploy, and manage continuous | |
| CVE-2026-26055 | 7.5 | 0.07% | 1 | 0 | 2026-02-13T14:23:48.007000 | Yoke is a Helm-inspired infrastructure-as-code (IaC) package deployer. In 0.19.0 | |
| CVE-2025-14014 | 9.8 | 0.04% | 1 | 0 | 2026-02-13T14:23:48.007000 | Unrestricted Upload of File with Dangerous Type vulnerability in NTN Information | |
| CVE-2026-26217 | 8.6 | 0.06% | 2 | 0 | 2026-02-13T14:23:48.007000 | Crawl4AI versions prior to 0.8.0 contain a local file inclusion vulnerability in | |
| CVE-2025-61880 | 8.8 | 0.42% | 1 | 0 | 2026-02-13T14:23:48.007000 | In Infoblox NIOS through 9.0.7, insecure deserialization can result in remote co | |
| CVE-2025-70981 | 9.8 | 0.03% | 1 | 0 | 2026-02-13T14:23:48.007000 | CordysCRM 1.4.1 is vulnerable to SQL Injection in the employee list query interf | |
| CVE-2025-63421 | 7.8 | 0.02% | 1 | 0 | 2026-02-13T14:23:48.007000 | An issue in filosoft Comerc.32 Commercial Invoicing v.16.0.0.3 allows a local at | |
| CVE-2025-67432 | 7.5 | 0.04% | 1 | 0 | 2026-02-13T14:23:48.007000 | A stack overflow in the ZBarcode_Encode function of Monkeybread Software MBS Dyn | |
| CVE-2024-43468 | 9.8 | 87.46% | 10 | 3 | 2026-02-13T14:04:05.243000 | Microsoft Configuration Manager Remote Code Execution Vulnerability | |
| CVE-2026-20700 | 7.8 | 0.13% | 14 | 1 | 2026-02-13T14:03:58.537000 | A memory corruption issue was addressed with improved state management. This iss | |
| CVE-2026-25108 | 8.8 | 0.25% | 2 | 0 | 2026-02-13T06:30:48 | FileZen contains an OS command injection vulnerability. When FileZen Antivirus C | |
| CVE-2026-20650 | 7.5 | 0.05% | 1 | 0 | 2026-02-13T00:33:56 | A denial-of-service issue was addressed with improved validation. This issue is | |
| CVE-2026-1358 | 9.8 | 0.13% | 2 | 0 | 2026-02-13T00:33:00 | Airleader Master versions 6.381 and prior allow for file uploads without restri | |
| CVE-2025-70886 | 7.5 | 0.10% | 1 | 1 | 2026-02-13T00:32:51 | An issue in halo v.2.22.4 and before allows a remote attacker to cause a denial | |
| CVE-2026-25949 | 7.5 | 0.01% | 1 | 0 | 2026-02-12T22:08:03 | ## Impact There is a potential vulnerability in Traefik managing STARTTLS reque | |
| CVE-2025-69807 | 7.5 | 0.07% | 1 | 0 | 2026-02-12T21:32:31 | p2r3 Bareiron commit: 8e4d4020d is vulnerable to Buffer Overflow, which allows u | |
| CVE-2026-20652 | 7.5 | 0.12% | 1 | 0 | 2026-02-12T21:32:30 | The issue was addressed with improved memory handling. This issue is fixed in ma | |
| CVE-2026-20677 | 9.1 | 0.05% | 1 | 0 | 2026-02-12T21:32:30 | A race condition was addressed with improved handling of symbolic links. This is | |
| CVE-2025-61879 | 7.7 | 0.03% | 1 | 0 | 2026-02-12T21:32:30 | In Infoblox NIOS through 9.0.7, a High-Privileged User Can Trigger an Arbitrary | |
| CVE-2025-40536 | 8.1 | 71.41% | 4 | 0 | 2026-02-12T21:32:29 | SolarWinds Web Help Desk was found to be susceptible to a security control bypas | |
| CVE-2026-26218 | 9.8 | 0.07% | 1 | 0 | 2026-02-12T21:31:34 | newbee-mall includes pre-seeded administrator accounts in its database initializ | |
| CVE-2025-70314 | 9.8 | 0.04% | 1 | 0 | 2026-02-12T21:31:34 | webfsd 1.21 is vulnerable to a Buffer Overflow via a crafted request. This is du | |
| CVE-2026-20841 | 7.8 | 0.11% | 6 | 9 | 2026-02-12T20:16:05.143000 | Improper neutralization of special elements used in a command ('command injectio | |
| CVE-2025-69872 | None | 0.08% | 1 | 0 | 2026-02-12T20:08:45 | DiskCache (python-diskcache) through 5.6.3 uses Python pickle for serialization | |
| CVE-2025-70085 | 9.8 | 0.04% | 1 | 0 | 2026-02-12T18:31:25 | An issue was discovered in OpenSatKit 2.2.1. The EventErrStr buffer has a fixed | |
| CVE-2026-20626 | 7.8 | 0.01% | 1 | 0 | 2026-02-12T18:31:25 | This issue was addressed with improved checks. This issue is fixed in macOS Sequ | |
| CVE-2025-69871 | 8.1 | 0.04% | 1 | 0 | 2026-02-12T18:31:24 | A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and earlier in | |
| CVE-2025-54756 | 8.4 | 0.01% | 1 | 0 | 2026-02-12T18:30:27 | BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or series | |
| CVE-2026-26235 | 7.5 | 0.07% | 2 | 1 | 2026-02-12T16:16:17.917000 | JUNG Smart Visu Server 1.1.1050 contains a denial of service vulnerability that | |
| CVE-2025-69873 | 7.5 | 0.07% | 1 | 0 | 2026-02-12T16:16:05.583000 | ajv (Another JSON Schema Validator) through version 8.17.1 is vulnerable to Regu | |
| CVE-2025-67135 | 9.8 | 0.04% | 1 | 0 | 2026-02-12T16:16:04.620000 | Weak Security in the PF-50 1.2 keyfob of PGST PG107 Alarm System 1.25.05.hf allo | |
| CVE-2025-70083 | 7.8 | 0.01% | 1 | 0 | 2026-02-12T15:33:51 | An issue was discovered in OpenSatKit 2.2.1. The DirName field in the telecomman | |
| CVE-2025-70029 | 7.5 | 0.02% | 1 | 0 | 2026-02-12T15:33:50 | An issue in Sunbird-Ed SunbirdEd-portal v1.13.4 allows attackers to obtain sensi | |
| CVE-2026-2004 | 8.8 | 0.10% | 2 | 1 | 2026-02-12T15:32:55 | Missing validation of type of input in PostgreSQL intarray extension selectivity | |
| CVE-2025-10969 | 9.8 | 0.03% | 1 | 0 | 2026-02-12T15:32:54 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2026-2007 | 8.2 | 0.04% | 1 | 0 | 2026-02-12T15:32:54 | Heap buffer overflow in PostgreSQL pg_trgm allows a database user to achieve unk | |
| CVE-2026-1104 | 8.8 | 0.04% | 1 | 0 | 2026-02-12T15:32:54 | The FastDup – Fastest WordPress Migration & Duplicator plugin for WordPress is v | |
| CVE-2025-13002 | 8.2 | 0.04% | 1 | 0 | 2026-02-12T15:32:53 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site | |
| CVE-2025-70084 | 7.5 | 0.24% | 1 | 0 | 2026-02-12T15:16:05.350000 | Directory traversal vulnerability in OpenSatKit 2.2.1 allows attackers to gain a | |
| CVE-2025-15573 | 9.4 | 0.02% | 1 | 0 | 2026-02-12T15:16:03.043000 | The affected devices do not validate the server certificate when connecting to t | |
| CVE-2025-14892 | 9.8 | 0.04% | 1 | 0 | 2026-02-12T15:16:02.840000 | The Prime Listing Manager WordPress plugin through 1.1 allows an attacker to gai | |
| CVE-2026-2006 | 8.8 | 0.06% | 1 | 0 | 2026-02-12T15:10:37.307000 | Missing validation of multibyte character length in PostgreSQL text manipulation | |
| CVE-2026-2005 | 8.8 | 0.06% | 1 | 0 | 2026-02-12T15:10:37.307000 | Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to exec | |
| CVE-2026-1320 | 7.2 | 0.02% | 1 | 0 | 2026-02-12T15:10:37.307000 | The Secure Copy Content Protection and Content Locking plugin for WordPress is v | |
| CVE-2026-26215 | 0 | 0.11% | 1 | 1 | 2026-02-12T15:10:37.307000 | manga-image-translator version beta-0.3 and prior in shared API mode contains an | |
| CVE-2026-23856 | 7.8 | 0.01% | 1 | 0 | 2026-02-12T15:10:37.307000 | Dell iDRAC Service Module (iSM) for Windows, versions prior to 6.0.3.1, and Dell | |
| CVE-2026-26021 | None | 0.05% | 1 | 0 | 2026-02-12T14:19:15 | ### Summary A prototype pollution vulnerability exists in the the npm package se | |
| CVE-2026-25676 | 7.8 | 0.01% | 2 | 1 | 2026-02-12T06:30:21 | The installer of M-Track Duo HD version 1.0.0 contains an issue with the DLL sea | |
| CVE-2026-26234 | 8.8 | 0.07% | 2 | 0 | 2026-02-12T06:30:21 | JUNG Smart Visu Server 1.1.1050 contains a request header manipulation vulnerabi | |
| CVE-2026-23857 | 8.3 | 0.01% | 2 | 0 | 2026-02-12T03:31:06 | Dell Update Package (DUP) Framework, versions 23.12.00 through 24.12.00, contain | |
| CVE-2026-1729 | 9.8 | 0.19% | 3 | 1 | 2026-02-12T03:31:06 | The AdForest theme for WordPress is vulnerable to authentication bypass in all v | |
| CVE-2026-0969 | 8.8 | 0.07% | 6 | 0 | 2026-02-12T03:31:01 | The serialize function used to compile MDX in next-mdx-remote is vulnerable to a | |
| CVE-2026-25990 | None | 0.01% | 1 | 0 | 2026-02-11T23:14:49 | ### Impact An out-of-bounds write may be triggered when loading a specially craf | |
| CVE-2026-21236 | 7.8 | 0.03% | 1 | 0 | 2026-02-11T21:30:37 | Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allo | |
| CVE-2026-21245 | 7.8 | 0.03% | 1 | 0 | 2026-02-11T21:30:37 | Heap-based buffer overflow in Windows Kernel allows an authorized attacker to el | |
| CVE-2026-21229 | 8.0 | 0.07% | 1 | 0 | 2026-02-11T21:15:13.490000 | Improper input validation in Power BI allows an authorized attacker to execute c | |
| CVE-2026-21239 | 7.8 | 0.03% | 1 | 0 | 2026-02-11T21:00:30.630000 | Heap-based buffer overflow in Windows Kernel allows an authorized attacker to el | |
| CVE-2025-69874 | None | 0.17% | 1 | 0 | 2026-02-11T18:56:24 | nanotar through 0.2.0 has a path traversal vulnerability in parseTar() and parse | |
| CVE-2026-24061 | 9.8 | 82.70% | 3 | 59 | template | 2026-02-11T15:40:42.937000 | telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a " |
| CVE-2026-1357 | 9.8 | 0.40% | 2 | 5 | 2026-02-11T06:30:48 | The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress | |
| CVE-2026-21240 | 7.8 | 0.02% | 1 | 0 | 2026-02-10T18:30:51 | Time-of-check time-of-use (toctou) race condition in Windows HTTP.sys allows an | |
| CVE-2026-21243 | 7.5 | 0.06% | 1 | 0 | 2026-02-10T18:30:51 | Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol | |
| CVE-2026-21228 | 8.1 | 0.04% | 1 | 0 | 2026-02-10T18:30:50 | Improper certificate validation in Azure Local allows an unauthorized attacker t | |
| CVE-2026-1603 | 8.6 | 0.18% | 1 | 0 | 2026-02-10T18:30:49 | An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allo | |
| CVE-2026-21238 | 7.8 | 0.03% | 1 | 0 | 2026-02-10T18:30:49 | Improper access control in Windows Ancillary Function Driver for WinSock allows | |
| CVE-2026-1602 | 6.5 | 0.05% | 1 | 0 | 2026-02-10T18:30:38 | SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote | |
| CVE-2025-66630 | None | 0.02% | 1 | 0 | 2026-02-09T18:49:19 | Fiber v2 contains an internal vendored copy of `gofiber/utils`, and its function | |
| CVE-2026-1868 | 10.0 | 0.03% | 1 | 0 | 2026-02-09T09:30:28 | GitLab has remediated a vulnerability in the Duo Workflow Service component of G | |
| CVE-2026-21643 | 9.8 | 0.17% | 1 | 0 | 2026-02-06T15:14:47.703000 | An improper neutralization of special elements used in an sql command ('sql inje | |
| CVE-2025-64712 | 9.8 | 0.08% | 4 | 0 | 2026-02-04T19:53:06 | A Path Traversal vulnerability in the `partition_msg` function allows an attacke | |
| CVE-2026-20119 | 7.5 | 0.09% | 1 | 0 | 2026-02-04T18:30:51 | A vulnerability in the text rendering subsystem of Cisco TelePresence Collaborat | |
| CVE-2026-1340 | 9.8 | 40.23% | 1 | 1 | 2026-02-04T16:34:21.763000 | A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve | |
| CVE-2026-25253 | 8.8 | 0.04% | 1 | 4 | 2026-02-02T23:41:06 | ## Summary The Control UI trusts `gatewayUrl` from the query string without val | |
| CVE-2026-1281 | 9.8 | 54.26% | 1 | 1 | 2026-01-30T13:28:18.610000 | A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve | |
| CVE-2025-14523 | 8.2 | 0.06% | 1 | 0 | 2026-01-29T18:31:31 | A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a requ | |
| CVE-2026-23760 | 9.8 | 55.52% | 1 | 2 | template | 2026-01-27T16:16:55.327000 | SmarterTools SmarterMail versions prior to build 9511 contain an authentication |
| CVE-2026-20804 | 7.7 | 0.06% | 2 | 0 | 2026-01-13T18:31:14 | Incorrect privilege assignment in Windows Hello allows an unauthorized attacker | |
| CVE-2025-20359 | 6.5 | 0.35% | 1 | 0 | 2025-10-15T18:31:58 | Multiple Cisco products are affected by a vulnerability in the Snort 3 HTTP Deco | |
| CVE-2025-20360 | 5.8 | 0.16% | 1 | 0 | 2025-10-15T18:31:58 | Multiple Cisco products are affected by a vulnerability in the Snort 3 HTTP Deco | |
| CVE-2024-6387 | 8.1 | 25.87% | 1 | 96 | 2025-09-30T13:52:23.540000 | A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). | |
| CVE-2016-0777 | 6.5 | 67.20% | 1 | 1 | 2025-04-12T12:56:54 | The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, | |
| CVE-2024-53114 | 5.5 | 0.01% | 1 | 0 | 2024-12-11T21:31:57 | In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD | |
| CVE-2017-12542 | 10.0 | 94.25% | 1 | 3 | template | 2024-11-21T03:09:43.333000 | A authentication bypass and execution of code vulnerability in HPE Integrated Li |
| CVE-2026-26268 | 0 | 0.04% | 2 | 0 | N/A | ||
| CVE-2026-26208 | 0 | 0.42% | 1 | 0 | N/A | ||
| CVE-2026-26012 | 0 | 0.02% | 1 | 0 | N/A | ||
| CVE-2026-25922 | 0 | 0.01% | 2 | 0 | N/A | ||
| CVE-2026-25748 | 0 | 0.03% | 2 | 0 | N/A | ||
| CVE-2026-26068 | 0 | 0.57% | 1 | 0 | N/A | ||
| CVE-2026-26069 | 0 | 0.04% | 1 | 0 | N/A | ||
| CVE-2026-26080 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-26081 | 0 | 0.00% | 1 | 0 | N/A |
updated 2026-02-15T13:16:16.690000
2 posts
CVE-2026-2517: MEDIUM severity DoS in Open5GS SMF (2.7.0 – 2.7.6). Remote, unauthenticated crash via malformed GTPv2 traffic. Exploit is public — patch & monitor GTPv2 now! https://radar.offseq.com/threat/cve-2026-2517-denial-of-service-in-open5gs-08313086 #OffSeq #Open5GS #CVE20262517 #DoS #5G
##CVE-2026-2517: MEDIUM severity DoS in Open5GS SMF (2.7.0 – 2.7.6). Remote, unauthenticated crash via malformed GTPv2 traffic. Exploit is public — patch & monitor GTPv2 now! https://radar.offseq.com/threat/cve-2026-2517-denial-of-service-in-open5gs-08313086 #OffSeq #Open5GS #CVE20262517 #DoS #5G
##updated 2026-02-15T13:16:16.423000
2 posts
⚠️ HIGH severity: CVE-2026-2516 in Unidocs ezPDF DRM Reader 2.0 & 3.0.0.4 (32-bit). Uncontrolled DLL search path lets local attackers run code — exploit is public, no patch. Restrict local access & monitor endpoints. https://radar.offseq.com/threat/cve-2026-2516-uncontrolled-search-path-in-unidocs--c9898b25 #OffSeq #Vuln #BlueTeam
##⚠️ HIGH severity: CVE-2026-2516 in Unidocs ezPDF DRM Reader 2.0 & 3.0.0.4 (32-bit). Uncontrolled DLL search path lets local attackers run code — exploit is public, no patch. Restrict local access & monitor endpoints. https://radar.offseq.com/threat/cve-2026-2516-uncontrolled-search-path-in-unidocs--c9898b25 #OffSeq #Vuln #BlueTeam
##updated 2026-02-15T11:15:55.070000
2 posts
🚨 CVE-2026-2540 (HIGH, CVSS 8.4): Micca KE700 car alarms are vulnerable to replay attacks via flawed resynchronization. Attackers can clone keys to lock/unlock vehicles. No patch available — review mitigations. https://radar.offseq.com/threat/cve-2026-2540-cwe-288-authentication-bypass-using--06adb1fa #OffSeq #CarSecurity #Vuln
##🚨 CVE-2026-2540 (HIGH, CVSS 8.4): Micca KE700 car alarms are vulnerable to replay attacks via flawed resynchronization. Attackers can clone keys to lock/unlock vehicles. No patch available — review mitigations. https://radar.offseq.com/threat/cve-2026-2540-cwe-288-authentication-bypass-using--06adb1fa #OffSeq #CarSecurity #Vuln
##updated 2026-02-15T04:15:54.260000
2 posts
⚠️ CVE-2026-1793 (MEDIUM): Path traversal in bdthemes Element Pack Addons for Elementor (≤8.3.17) lets contributor+ users read arbitrary files. No public exploits yet — audit roles, monitor file access & apply WAF rules. https://radar.offseq.com/threat/cve-2026-1793-cwe-22-improper-limitation-of-a-path-4752164f #OffSeq #WordPress #Vuln #WebSecurity
##⚠️ CVE-2026-1793 (MEDIUM): Path traversal in bdthemes Element Pack Addons for Elementor (≤8.3.17) lets contributor+ users read arbitrary files. No public exploits yet — audit roles, monitor file access & apply WAF rules. https://radar.offseq.com/threat/cve-2026-1793-cwe-22-improper-limitation-of-a-path-4752164f #OffSeq #WordPress #Vuln #WebSecurity
##updated 2026-02-15T04:15:54.113000
2 posts
🔒 CVE-2026-1750 (HIGH): Privilege escalation in Ecwid by Lightspeed Shopping Cart for WordPress (≤7.0.7). Authenticated users can gain store manager access via missing capability checks. Patch when available, audit roles now. https://radar.offseq.com/threat/cve-2026-1750-cwe-269-improper-privilege-managemen-02c6a8ce #OffSeq #WordPress #Infosec
##🔒 CVE-2026-1750 (HIGH): Privilege escalation in Ecwid by Lightspeed Shopping Cart for WordPress (≤7.0.7). Authenticated users can gain store manager access via missing capability checks. Patch when available, audit roles now. https://radar.offseq.com/threat/cve-2026-1750-cwe-269-improper-privilege-managemen-02c6a8ce #OffSeq #WordPress #Infosec
##updated 2026-02-15T04:15:53.783000
2 posts
1 repos
🚨 CVE-2026-1490: CleanTalk Spam Protection plugin (WordPress) CRITICAL vuln (CVSS 9.8) lets unauth attackers install plugins via reverse DNS spoofing if API key is invalid. Audit keys & restrict plugin installs! https://radar.offseq.com/threat/cve-2026-1490-cwe-350-reliance-on-reverse-dns-reso-0fc3066a #OffSeq #WordPress #CVE20261490
##🚨 CVE-2026-1490: CleanTalk Spam Protection plugin (WordPress) CRITICAL vuln (CVSS 9.8) lets unauth attackers install plugins via reverse DNS spoofing if API key is invalid. Audit keys & restrict plugin installs! https://radar.offseq.com/threat/cve-2026-1490-cwe-350-reliance-on-reverse-dns-reso-0fc3066a #OffSeq #WordPress #CVE20261490
##updated 2026-02-14T09:31:45
2 posts
⚠️ HIGH severity: CVE-2026-0753 in Super Simple Contact Form (≤1.6.2) for WordPress allows unauth XSS via 'sscf_name'. Disable or remove plugin until fixed. Monitor for suspicious requests. https://radar.offseq.com/threat/cve-2026-0753-cwe-79-improper-neutralization-of-in-6158470c #OffSeq #WordPress #XSS #infosec
##⚠️ HIGH severity: CVE-2026-0753 in Super Simple Contact Form (≤1.6.2) for WordPress allows unauth XSS via 'sscf_name'. Disable or remove plugin until fixed. Monitor for suspicious requests. https://radar.offseq.com/threat/cve-2026-0753-cwe-79-improper-neutralization-of-in-6158470c #OffSeq #WordPress #XSS #infosec
##updated 2026-02-14T09:31:44
2 posts
1 repos
🔴 CVE-2025-8572 - Critical (9.8)
The Truelysell Core plugin for WordPress is vulnerable to privilege escalation in versions less than, or equal to, 1.8.7. This is due to insufficient validation of the user_role parameter during user registration. This makes it possible for unauth...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-8572/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-8572 - Critical (9.8)
The Truelysell Core plugin for WordPress is vulnerable to privilege escalation in versions less than, or equal to, 1.8.7. This is due to insufficient validation of the user_role parameter during user registration. This makes it possible for unauth...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-8572/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-14T09:31:44
1 posts
🚨 CVE-2026-1843: HIGH-severity stored XSS in optimole Super Page Cache plugin affects all versions. Unauthenticated attackers can inject scripts via Activity Log. Patch pending — disable plugin/feature, add XSS WAF rules, and audit inputs. https://radar.offseq.com/threat/cve-2026-1843-cwe-79-improper-neutralization-of-in-da8cc8a7 #OffSeq #XSS #WordPress #Vuln
##updated 2026-02-14T07:16:13.020000
3 posts
⚠️ HIGH severity: CVE-2026-2024 SQL Injection in all savitasoni PhotoStack Gallery WordPress plugin versions. Exploitable via 'postid', no auth needed. Disable the plugin & deploy WAF for SQLi. Full details: https://radar.offseq.com/threat/cve-2026-2024-cwe-89-improper-neutralization-of-sp-e9679b86 #OffSeq #WordPress #Infosec #SQLInjection
##⚠️ HIGH severity: CVE-2026-2024 SQL Injection in all savitasoni PhotoStack Gallery WordPress plugin versions. Exploitable via 'postid', no auth needed. Disable the plugin & deploy WAF for SQLi. Full details: https://radar.offseq.com/threat/cve-2026-2024-cwe-89-improper-neutralization-of-sp-e9679b86 #OffSeq #WordPress #Infosec #SQLInjection
##🟠 CVE-2026-2024 - High (7.5)
The PhotoStack Gallery plugin for WordPress is vulnerable to SQL Injection via the 'postid' parameter in all versions up to, and including, 0.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2024/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-14T07:16:12.670000
3 posts
📢 HIGH severity: CVE-2026-1988 in wpdecent Flexi Product Slider & Grid for WooCommerce allows Contributor+ users to exploit the 'theme' parameter for LFI and potential RCE. No patch yet — restrict roles, audit users, and monitor logs. https://radar.offseq.com/threat/cve-2026-1988-cwe-98-improper-control-of-filename--9af2696b #OffSeq #WordPress #WooCommerce
##📢 HIGH severity: CVE-2026-1988 in wpdecent Flexi Product Slider & Grid for WooCommerce allows Contributor+ users to exploit the 'theme' parameter for LFI and potential RCE. No patch yet — restrict roles, audit users, and monitor logs. https://radar.offseq.com/threat/cve-2026-1988-cwe-98-improper-control-of-filename--9af2696b #OffSeq #WordPress #WooCommerce
##🟠 CVE-2026-1988 - High (7.5)
The Flexi Product Slider and Grid for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0.5 via the `flexipsg_carousel` shortcode. This is due to the `theme` parameter being directly con...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1988/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-14T07:16:10.150000
4 posts
1 repos
🚨 CRITICAL: CVE-2026-1306 in midi-Synth plugin for WordPress (≤1.1.0) enables unauthenticated file uploads — trivial RCE risk due to exposed nonce in JS. Disable plugin or apply mitigations now. https://radar.offseq.com/threat/cve-2026-1306-cwe-434-unrestricted-upload-of-file--95798a0f #OffSeq #WordPress #Vuln #CVE20261306
##🚨 CRITICAL: CVE-2026-1306 in midi-Synth plugin for WordPress (≤1.1.0) enables unauthenticated file uploads — trivial RCE risk due to exposed nonce in JS. Disable plugin or apply mitigations now. https://radar.offseq.com/threat/cve-2026-1306-cwe-434-unrestricted-upload-of-file--95798a0f #OffSeq #WordPress #Vuln #CVE20261306
##🔴 CVE-2026-1306 - Critical (9.8)
The midi-Synth plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type and file extension validation in the 'export' AJAX action in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1306/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CRITICAL: CVE-2026-1306 in adminkov midi-Synth for WordPress allows unauthenticated file uploads, leading to potential RCE. All versions affected. Remove or update plugin, restrict uploads, monitor activity. https://radar.offseq.com/threat/cve-2026-1306-cwe-434-unrestricted-upload-of-file--95798a0f #OffSeq #WordPress #Vuln #CVE20261306
##updated 2026-02-14T07:16:09.113000
2 posts
1 repos
SSRF vulnerability (HIGH, CVE-2026-0745) in WordPress User Language Switch plugin (all versions). Admin-level users can access internal services. Audit, limit admin access, and monitor for suspicious requests. No patch yet. https://radar.offseq.com/threat/cve-2026-0745-cwe-918-server-side-request-forgery--d2649c34 #OffSeq #WordPress #SSRF
##SSRF vulnerability (HIGH, CVE-2026-0745) in WordPress User Language Switch plugin (all versions). Admin-level users can access internal services. Audit, limit admin access, and monitor for suspicious requests. No patch yet. https://radar.offseq.com/threat/cve-2026-0745-cwe-918-server-side-request-forgery--d2649c34 #OffSeq #WordPress #SSRF
##updated 2026-02-14T06:31:04
1 posts
🟠 CVE-2026-0692 - High (7.5)
The BlueSnap Payment Gateway for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.3.0. This is due to the plugin relying on WooCommerce's `WC_Geolocation::get_ip_address()` function to...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0692/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-14T06:31:04
1 posts
6 repos
https://github.com/k0nnect/cve-2026-21440-writeup-poc
https://github.com/TibbersV6/CVE-2026-21440-POC-EXP
https://github.com/redpack-kr/Ashwesker-CVE-2026-21440
https://github.com/jermaine22sei/CVE-2026-2144-exploit
🟠 CVE-2026-2144 - High (8.1)
The Magic Login Mail or QR Code plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.05. This is due to the plugin storing the magic login QR code image with a predictable, static filename (QR_Code.png...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2144/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-14T05:16:22.270000
1 posts
🟠 CVE-2026-2469 - High (7.6)
Versions of the package directorytree/imapengine before 1.22.3 are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') via the id() function in ImapConnection.php due to improperly escap...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2469/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-14T05:16:13.900000
1 posts
🔴 CVE-2025-69634 - Critical (9)
Cross Site Request Forgery vulnerability in Dolibarr ERP & CRM v.22.0.9 allows a remote attacker to escalate privileges via the notes field in perms.php
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69634/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-14T01:16:07.740000
14 posts
3 repos
https://github.com/cybrdude/cve-2026-1731-scanner
Attackers exploit BeyondTrust CVE-2026-1731 within hours of PoC release https://securityaffairs.com/187962/uncategorized/attackers-exploit-beyondtrust-cve-2026-1731-within-hours-of-poc-release.html
##Exploitation of a recent RCE in BeyondTrust remote access products, tracked as CVE-2026-1731, reportedly started less than 24h after a PoC was published
https://www.greynoise.io/blog/reconnaissance-beyondtrust-rce-cve-2026-1731
##Critical cybersecurity alert: North Korea's UNC2970 is weaponizing Google Gemini for reconnaissance. A CVSS 9.9 BeyondTrust vulnerability (CVE-2026-1731) is also under active exploitation, enabling remote code execution. Meanwhile, the Munich Security Conference highlighted deepening transatlantic tensions.
##Attackers exploit BeyondTrust CVE-2026-1731 within hours of PoC release https://securityaffairs.com/187962/uncategorized/attackers-exploit-beyondtrust-cve-2026-1731-within-hours-of-poc-release.html
##Exploitation of a recent RCE in BeyondTrust remote access products, tracked as CVE-2026-1731, reportedly started less than 24h after a PoC was published
https://www.greynoise.io/blog/reconnaissance-beyondtrust-rce-cve-2026-1731
##Critical cybersecurity alert: North Korea's UNC2970 is weaponizing Google Gemini for reconnaissance. A CVSS 9.9 BeyondTrust vulnerability (CVE-2026-1731) is also under active exploitation, enabling remote code execution. Meanwhile, the Munich Security Conference highlighted deepening transatlantic tensions.
##BeyondTrust and CISA Warn of Active Exploitation of Remote Support and Privileged Remote Access Flaw
CISA and BeyondTrust report active exploitation of CVE-2026-1731 in BeyondTrust Remote Support and Privileged Remote Access products. Attacks began within 24 hours of a public proof-of-concept.
**Patch your BeyondTrust instances, start patching NOT. Attackers are using public exploit code to target these systems within hours of disclosure. Where possible, isolate all systems from the internet.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/beyondtrust-and-cisa-warn-of-active-exploitation-targeting-critical-infrastructure-e-b-6-0-k/gD2P6Ple2L
🚨 [CISA-2026:0213] CISA Adds One Known Exploited Vulnerability to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0213)
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2026-1731 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1731)
- Name: BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: BeyondTrust
- Product: Remote Support (RS) and Privileged Remote Access (PRA)
- Notes: Please adhere to the vendor's guidelines to assess exposure and mitigate risks. Check for signs of potential compromise on all internet accessible BeyondTrust products affected by this vulnerability. For more information please: see: https://www.beyondtrust.com/trust-center/security-advisories/bt26-02 ; https://nvd.nist.gov/vuln/detail/CVE-2026-1731
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260213 #cisa20260213 #cve_2026_1731 #cve20261731
##CVE ID: CVE-2026-1731
Vendor: BeyondTrust
Product: Remote Support (RS) and Privileged Remote Access (PRA)
Date Added: 2026-02-13
Notes: Please adhere to the vendor's guidelines to assess exposure and mitigate risks. Check for signs of potential compromise on all internet accessible BeyondTrust products affected by this vulnerability. For more information please: see: https://www.beyondtrust.com/trust-center/security-advisories/bt26-02 ; https://nvd.nist.gov/vuln/detail/CVE-2026-1731
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-1731
Exploitation attempts target CVE-2026-1731, a critical unauthenticated remote code execution flaw in BeyondTrust Remote Support. https://www.securityweek.com/beyondtrust-vulnerability-targeted-by-hackers-within-24-hours-of-poc-release/
##Here's a summary of the latest critical news in technology and cybersecurity:
State-backed hackers are reportedly leveraging Google's Gemini AI for reconnaissance and attack support. A critical BeyondTrust Remote Code Execution vulnerability (CVE-2026-1731) is being actively exploited in the wild. CISA has added four new exploited vulnerabilities to its Known Exploited Vulnerabilities Catalog. In technology, Samsung commenced shipping of industry-first HBM4 memory for AI computing, and HKUST announced a major advance in calcium-ion battery technology.
##Hackers are breaking into BeyondTrust systems worldwide without even needing a password, and attacks started just hours after the flaw went public. Is your organization already compromised?
https://thedefendopsdiaries.com/how-attackers-are-exploiting-the-beyondtrust-rce-flaw-cve-2026-1731/
##New.
GreyNoise: Reconnaissance Has Begun for the New BeyondTrust RCE (CVE-2026-1731): Here's What We See So Far https://www.greynoise.io/blog/reconnaissance-beyondtrust-rce-cve-2026-1731 @greynoise #infosec #vulnerability
##Reconnaissance Has Begun for the New BeyondTrust RCE (CVE-2026-1731): Here's What We See So Far
#CVE_2026_1731
https://www.greynoise.io/blog/reconnaissance-beyondtrust-rce-cve-2026-1731
updated 2026-02-13T23:16:11.800000
1 posts
🟠 CVE-2026-24853 - High (8.1)
Caido is a web security auditing toolkit. Prior to 0.55.0, Caido blocks non whitelisted domains to reach out through the 8080 port, and shows Host/IP is not allowed to connect to Caido on all endpoints. But this is bypassable by injecting a X-Forw...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24853/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T22:49:30
2 posts
🔴 CRITICAL: CVE-2026-26273 in Known <1.6.3 leaks password reset tokens in HTML — full account takeover possible without email access. Upgrade to 1.6.3+ & audit reset flows. https://radar.offseq.com/threat/cve-2026-26273-cwe-200-exposure-of-sensitive-infor-d59f1dbb #OffSeq #CVE202626273 #Vuln #Security
##🔴 CVE-2026-26273 - Critical (9.8)
Known is a social publishing platform. Prior to 1.6.3, a Critical Broken Authentication vulnerability exists in Known 1.6.2 and earlier. The application leaks the password reset token within a hidden HTML input field on the password reset page. Th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26273/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T22:16:11.220000
1 posts
🔐 CVE-2026-26269
📊 CVSS: 5.4 · Medium
📅 02/13/2026, 08:17 PM
🛡️ CWE: CWE-121
📦 Affected: #vim vim (< 9.1.2148)
📚 https://github.com/vim/vim/security/advisories/GHSA-9w5c-hwr9-hc68 https://github.com/vim/vim/commit/c5f312aad8e4179e437f81ad39a860cd0ef11970
updated 2026-02-13T22:16:08.427000
2 posts
🟠 CVE-2025-15157 - High (8.8)
The Starfish Review Generation & Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'srm_restore_options_defaults' function...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-15157/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-15157 - High (8.8)
The Starfish Review Generation & Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'srm_restore_options_defaults' function...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-15157/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T22:11:50
1 posts
🟠 CVE-2026-26187 - High (8.1)
lakeFS is an open-source tool that transforms object storage into a Git-like repositories. Prior to 1.77.0, the local block adapter (pkg/block/local/adapter.go) allows authenticated users to read and write files outside their designated storage bo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26187/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T21:43:42.930000
1 posts
🟠 CVE-2026-20615 - High (7.8)
A path handling issue was addressed with improved validation. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, visionOS 26.3. An app may be able to gain root privileges.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20615/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T21:43:11.137000
2 posts
🔴 New security advisory:
CVE-2025-69770 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://advisory.yazoul.net/cve/cve-2025-69770
🔴 CVE-2025-69770 - Critical (10)
A zip slip vulnerability in the /DesignTools/SkinList.aspx endpoint of MojoPortal CMS v2.9.0.1 allows attackers to execute arbitrary commands via uploading a crafted zip file.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69770/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T21:43:11.137000
1 posts
CVE-2026-26221 (CRITICAL): Hyland OnBase 8.0’s Workflow Timer Service exposes .NET Remoting on TCP/8900 — allows unauth RCE, file ops, and NTLM relay. Restrict access & monitor for abuse. Patch when released! https://radar.offseq.com/threat/cve-2026-26221-cwe-502-deserialization-of-untruste-9949df79 #OffSeq #Hyland #CVE #CyberSec
##updated 2026-02-13T21:43:11.137000
1 posts
🟠 CVE-2026-25991 - High (7.7)
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.5.1, there is a Blind Server-Side Request Forgery (SSRF) vulnerability in the Cookmate recipe import feature of Tandoor Recipes. The ap...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25991/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T21:43:11.137000
1 posts
🟠 CVE-2026-21878 - High (7.5)
BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.5.0.rc3, a vulnerability has been discovered in BACnet Stack's file writing functionality where there is no validation of user-provided file paths, allo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21878/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T21:37:06.717000
1 posts
1 repos
New advisory.
This updates a critical Cisco vulnerability first published in january.
CVE-2026-20045: Cisco Unified Communications Products Remote Code Execution Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b
From yesterday:
CVE-2026-20119: Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tce-roomos-dos-9V9jrC2q
CVE-2025-20359 and CVE-2025-20360: Multiple Cisco Products Snort 3 MIME Denial of Service Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort3-mime-vulns-tTL8PgVH @TalosSecurity #Cisco #infosec #vulnerability
##updated 2026-02-13T21:34:12
1 posts
🟠 CVE-2026-20620 - High (7.7)
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3, macOS Sonoma 14.8.4. An attacker may be able to cause unexpected system termination or read kernel memory.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20620/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T21:31:50
1 posts
1 repos
https://github.com/mbanyamer/CVE-2026-26335-Calero-VeraSMART-RCE
CVE-2026-26335 (CRITICAL, CVSS 9.3): Calero VeraSMART <2022 R1 uses hard-coded crypto keys, enabling unauth RCE via crafted ViewState in ASP.NET. No exploits yet, but immediate upgrade or key rotation essential! https://radar.offseq.com/threat/cve-2026-26335-cwe-321-use-of-hard-coded-cryptogra-07023d75 #OffSeq #Vulnerability #Calero #RCE
##updated 2026-02-13T21:31:50
1 posts
🚨 CRITICAL: CVE-2026-26333 in Calero VeraSMART (pre-2022 R1) allows unauth RCE via exposed .NET Remoting on port 8001. Attackers can read configs, steal machineKeys, and capture NTLMv2 hashes. Restrict access & patch! https://radar.offseq.com/threat/cve-2026-26333-cwe-306-missing-authentication-for--bbf1e7d2 #OffSeq #CVE202626333 #BlueTeam
##updated 2026-02-13T21:31:40
6 posts
Thursday: New Chrome release! It reverts one commit, a "trivial" performance optimization suspected of causing crashes.
https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_12.html
Friday: New Chrome release! A zero day! "CVE-2026-2441: Use after free in CSS."
https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_13.html
##Trivalent 145.0.7632.75-442755 released:
github.com/secureblue/T...
Google is aware that an exploit for CVE-2026-2441 exists in the wild.
Release 145.0.7632.75-442755 ·...
This build has a fix for CVE-2026-2441 (Use after free in CSS), which has a known exploit in the wild.
##@secbox @vivaldiversiontracker
It might seem strange but this build has a fix for CVE-2026-2441 (Use after free in CSS), which has a known exploit in the wild. 🤷
##This build has a fix for CVE-2026-2441 (Use after free in CSS), which has a known exploit in the wild.
Note: Vivaldi 7.8.3925.66 also has that fix.
##🟠 CVE-2026-2441 - High (8.8)
Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2441/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T21:31:36
3 posts
🟠 CVE-2025-70123 - High (7.5)
An improper input validation and protocol compliance vulnerability in free5GC v4.0.1 allows remote attackers to cause a denial of service. The UPF incorrectly accepts a malformed PFCP Association Setup Request, violating 3GPP TS 29.244. This place...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70123/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-70123 - High (7.5)
An improper input validation and protocol compliance vulnerability in free5GC v4.0.1 allows remote attackers to cause a denial of service. The UPF incorrectly accepts a malformed PFCP Association Setup Request, violating 3GPP TS 29.244. This place...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70123/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-70123 - High (7.5)
An improper input validation and protocol compliance vulnerability in free5GC v4.0.1 allows remote attackers to cause a denial of service. The UPF incorrectly accepts a malformed PFCP Association Setup Request, violating 3GPP TS 29.244. This place...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70123/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T21:31:36
1 posts
🟠 CVE-2025-70121 - High (7.5)
An array index out of bounds vulnerability in the AMF component of free5GC v4.0.1 allows remote attackers to cause a denial of service via a crafted 5GS Mobile Identity in a NAS Registration Request message. The issue occurs in the GetSUCI method ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70121/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T21:31:36
1 posts
🟠 CVE-2025-70122 - High (7.5)
A heap buffer overflow vulnerability in the UPF component of free5GC v4.0.1 allows remote attackers to cause a denial of service via a crafted PFCP Session Modification Request. The issue occurs in the SDFFilterFields.UnmarshalBinary function (sdf...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70122/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T21:31:36
1 posts
🟠 CVE-2026-20667 - High (8.8)
A logic issue was addressed with improved checks. This issue is fixed in watchOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 26.3 and iPadOS 26.3. An app may be able to break out of its sandbox.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20667/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T21:31:35
1 posts
🟠 CVE-2026-20614 - High (7.8)
A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3, macOS Sonoma 14.8.4. An app may be able to gain root privileges.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20614/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T21:31:35
1 posts
🚨 CVE-2026-20617 (CRITICAL): Race condition lets malicious apps escalate to root on macOS & Apple OS. No exploits in the wild yet — patch to Sonoma 14.8.4, Tahoe 26.3 ASAP! https://radar.offseq.com/threat/cve-2026-20617-an-app-may-be-able-to-gain-root-pri-42394d40 #OffSeq #macOS #Apple #Infosec #CVE202620617
##updated 2026-02-13T18:31:25
1 posts
🟠 CVE-2026-20649 - High (7.5)
A logging issue was addressed with improved data redaction. This issue is fixed in watchOS 26.3, iOS 26.3 and iPadOS 26.3, tvOS 26.3, macOS Tahoe 26.3. A user may be able to view sensitive user information.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20649/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T18:16:19.943000
1 posts
🚨 CRITICAL: CVE-2026-26011 in ROS 2 navigation2 (≤1.3.11) allows unauth attackers in the same DDS domain to trigger heap out-of-bounds writes via /initialpose, causing DoS or further exploit. Isolate & patch! https://radar.offseq.com/threat/cve-2026-26011-cwe-787-out-of-bounds-write-in-ros--a5e729c2 #OffSeq #ROS2 #infosec #robotics
##updated 2026-02-13T18:16:19.127000
1 posts
🟠 CVE-2026-20660 - High (7.5)
A path handling issue was addressed with improved logic. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3, Safari 26.3. A remote user may be able to write arbitrary...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20660/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T17:17:13
2 posts
🔴 CVE-2026-26190: CRITICAL auth bypass in Milvus (<2.5.27, 2.6.0-2.6.9). REST API & /expr debug endpoint exposed via port 9091, enabling unauth access to data & creds. Patch to 2.5.27/2.6.10 ASAP! Details: https://radar.offseq.com/threat/cve-2026-26190-cwe-306-missing-authentication-for--6b5551d3 #OffSeq #infosec #AIsecurity
##🔴 CVE-2026-26190 - Critical (9.8)
Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default au...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26190/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T17:15:44
1 posts
🟠 CVE-2026-26056 - High (8.8)
Yoke is a Helm-inspired infrastructure-as-code (IaC) package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller (ATC) component of Yoke. It allows users with CR create/update permissions to execute arbitrary WASM...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26056/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T15:45:52.137000
1 posts
🟠 CVE-2026-20610 - High (7.8)
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Tahoe 26.3. An app may be able to gain root privileges.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20610/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T15:31:29
1 posts
Got my first Apple CVE!
CVE-2026-20654
At the age of 19, I have finally achieved my goal.
Weird thing is, the 2025 CVE isn't addressed yet haha
More exciting news coming soon!
Thank you everyone for the support 🥹🙏
##updated 2026-02-13T15:31:28
1 posts
🟠 CVE-2026-2321 - High (8.8)
Use after free in Ozone in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2321/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T15:31:28
1 posts
🟠 CVE-2026-20658 - High (7.8)
A package validation issue was addressed by blocking the vulnerable package. This issue is fixed in macOS Tahoe 26.3. An app may be able to gain root privileges.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20658/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T15:30:27
1 posts
🟠 CVE-2026-1619 - High (8.3)
Authorization Bypass Through User-Controlled Key vulnerability in Universal Software Inc. FlexCity/Kiosk allows Exploitation of Trusted Identifiers.This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1619/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T15:30:24
4 posts
2 repos
https://github.com/George0Papasotiriou/CVE-2025-15556-Notepad-WinGUp-Updater-RCE
🚨 [CISA-2026:0212] CISA Adds 4 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0212)
CISA has added 4 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2024-43468 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-43468)
- Name: Microsoft Configuration Manager SQL Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Configuration Manager
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43468 ; https://nvd.nist.gov/vuln/detail/CVE-2024-43468
⚠️ CVE-2025-15556 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-15556)
- Name: Notepad++ Download of Code Without Integrity Check Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Notepad++
- Product: Notepad++
- Notes: https://notepad-plus-plus.org/news/clarification-security-incident/ ; https://community.notepad-plus-plus.org/topic/27298/notepad-v8-8-9-vulnerability-fix ; https://nvd.nist.gov/vuln/detail/CVE-2025-15556
⚠️ CVE-2025-40536 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-40536)
- Name: SolarWinds Web Help Desk Security Control Bypass Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SolarWinds
- Product: Web Help Desk
- Notes: https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm ; https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40536 ; https://nvd.nist.gov/vuln/detail/CVE-2025-40536
⚠️ CVE-2026-20700 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20700)
- Name: Apple Multiple Buffer Overflow Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: Multiple Products
- Notes: https://support.apple.com/en-us/126346 ; https://support.apple.com/en-us/126348 ; https://support.apple.com/en-us/126351 ; https://support.apple.com/en-us/126352 ; https://support.apple.com/en-us/126353 ; https://nvd.nist.gov/vuln/detail/CVE-2026-20700
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260212 #cisa20260212 #cve_2024_43468 #cve_2025_15556 #cve_2025_40536 #cve_2026_20700 #cve202443468 #cve202515556 #cve202540536 #cve202620700
##CISA has updated the KEV catalogue. I see Notepad++ has made it to the list.
- CVE-2025-40536: SolarWinds Web Help Desk Security Control Bypass Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-40536
- CVE-2025-15556: Notepad++ Download of Code Without Integrity Check Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-15556
- CVE-2024-43468: Microsoft Configuration Manager SQL Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-43468
- CVE-2026-20700: Apple Multiple Buffer Overflow Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-20700
There are also several industrial advisories here: https://www.cisa.gov/ #CISA #infosec #vulnerability #Apple #Microsoft #Notepad #SolarWinds
##CVE ID: CVE-2025-15556
Vendor: Notepad++
Product: Notepad++
Date Added: 2026-02-12
Notes: https://notepad-plus-plus.org/news/clarification-security-incident/ ; https://community.notepad-plus-plus.org/topic/27298/notepad-v8-8-9-vulnerability-fix ; https://nvd.nist.gov/vuln/detail/CVE-2025-15556
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-15556
‼️ CISA has added 3 vulnerabilities to the KEV Catalog
CVE-2025-15556: Notepad++ Download of Code Without Integrity Check Vulnerability: Notepad++ when using the WinGUp updater, contains a download of code without integrity check vulnerability that could allow an attacker to intercept or redirect update traffic to download and execute an attacker-controlled installer. This could lead to arbitrary code execution with the privileges of the user.
CVE-2026-20700: Apple Multiple Buffer Overflow Vulnerability: Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow an attacker with memory write the capability to execute arbitrary code.
CVE-2024-43468: Microsoft Configuration Manager SQL Injection Vulnerability: Microsoft Configuration Manager contains an SQL injection vulnerability. An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target environment which are processed in an unsafe manner enabling the attacker to execute commands on the server and/or underlying database.
##updated 2026-02-13T14:50:10.343000
1 posts
🟠 CVE-2025-46290 - High (7.5)
A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4. A remote attacker may be able to cause a denial-of-service.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-46290/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T14:23:48.007000
3 posts
🔴 New security advisory:
CVE-2026-26216 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://advisory.yazoul.net/cve/cve-2026-26216
🔴 CVE-2026-26216 - Critical (10)
Crawl4AI versions prior to 0.8.0 contain a remote code execution vulnerability in the Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec(). The __import__ builtin was included in...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26216/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CRITICAL RCE (CVE-2026-26216) in Crawl4AI <0.8.0: /crawl endpoint allows unauthenticated Python code injection via exec(), enabling server takeover & lateral movement. Restrict access, monitor activity, upgrade ASAP. https://radar.offseq.com/threat/cve-2026-26216-cwe-94-improper-control-of-generati-09f71e54 #OffSeq #CVE202626216 #infosec #RCE
##updated 2026-02-13T14:23:48.007000
1 posts
🟠 CVE-2026-1618 - High (8.8)
Authentication Bypass Using an Alternate Path or Channel vulnerability in Universal Software Inc. FlexCity/Kiosk allows Privilege Escalation.This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1618/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T14:23:48.007000
1 posts
🟠 CVE-2025-14349 - High (8.8)
Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software Inc. FlexCity/Kiosk allows Accessing Functionality Not Properly Constrained by ACLs, Privilege Escalation.This issue affects Fl...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-14349/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T14:23:48.007000
3 posts
🔐 CVE-2026-25227
CVE-2026-25227
📊 CVSS Score: 9.1
⚠️ Severity: Critical
📅 Published: 02/12/2026, 08:16 PM
🏷️ Aliases: CVE-2026-25227
🛡️ CWE: CWE-94
🔗 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H (security-advisories@github.com)
📚 References: https://github.com/goauthentik/authentik/commit/c691afaef164cf73c10a26a944ef2f11dbb1ac80 https://github.com/goauthentik/authentik/releases/tag/version/2025.10.4
⚠️ CVE-2026-25227 (CRITICAL, CVSS 9.1): Code injection in goauthentik authentik via delegated permissions. Patch to 2025.8.6, 2025.10.4, or 2025.12.4 urgently. Audit permissions & monitor test endpoint usage. https://radar.offseq.com/threat/cve-2026-25227-cwe-94-improper-control-of-generati-cc39f642 #OffSeq #authentik #infosec #CVE
##🔴 CVE-2026-25227 - Critical (9.1)
authentik is an open-source identity provider. From 2021.3.1 to before 2025.8.6, 2025.10.4, and 2025.12.4, when using delegated permissions, a User that has the permission Can view * Property Mapping or Can view Expression Policy is able to execut...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25227/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T14:23:48.007000
2 posts
🚨 CVE-2026-26219 (CRITICAL): newbee-mall 1.0.0 uses unsalted MD5 for password storage — enabling fast offline attacks if hashes leak. Upgrade to secure hashing (Argon2, bcrypt, PBKDF2) ASAP! https://radar.offseq.com/threat/cve-2026-26219-cwe-327-use-of-a-broken-or-risky-cr-46123275 #OffSeq #infosec #vuln #ecommerce
##🔴 CVE-2026-26219 - Critical (9.1)
newbee-mall stores and verifies user passwords using an unsalted MD5 hashing algorithm. The implementation does not incorporate per-user salts or computational cost controls, enabling attackers who obtain password hashes through database exposure,...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26219/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T14:23:48.007000
1 posts
🚨 CRITICAL: CVE-2026-24044 in element-hq ess-helm (<25.12.1) uses an insecure PRNG for Matrix server keys. Attackers can recreate keys, impersonate servers & disrupt comms. Upgrade to 25.12.1+ & rotate keys! https://radar.offseq.com/threat/cve-2026-24044-cwe-336-same-seed-in-pseudo-random--1eb14671 #OffSeq #Matrix #CVE202624044 #Helm
##updated 2026-02-13T14:23:48.007000
1 posts
🚨 CRITICAL: CVE-2026-26020 in AutoGPT (<0.6.48) allows authenticated RCE via improper authorization of BlockInstallationBlock. Patch to 0.6.48+ ASAP! Monitor for suspicious graph configs. https://radar.offseq.com/threat/cve-2026-26020-cwe-285-improper-authorization-in-s-31ca744c #OffSeq #AutoGPT #Infosec #Vulnerability
##updated 2026-02-13T14:23:48.007000
1 posts
🟠 CVE-2026-26055 - High (7.5)
Yoke is a Helm-inspired infrastructure-as-code (IaC) package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller (ATC) component of Yoke. The ATC webhook endpoints lack proper authentication mechanisms, allowing a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26055/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T14:23:48.007000
1 posts
🔴 CVE-2025-14014 - Critical (9.8)
Unrestricted Upload of File with Dangerous Type vulnerability in NTN Information Processing Services Computer Software Hardware Industry and Trade Ltd. Co. Smart Panel allows Accessing Functionality Not Properly Constrained by ACLs.This issue affe...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-14014/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T14:23:48.007000
2 posts
🟠 CVE-2026-26217 - High (8.6)
Crawl4AI versions prior to 0.8.0 contain a local file inclusion vulnerability in the Docker API deployment. The /execute_js, /screenshot, /pdf, and /html endpoints accept file:// URLs, allowing unauthenticated remote attackers to read arbitrary fi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26217/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CRITICAL: CVE-2026-26217 in Crawl4AI (<0.8.0) enables unauthenticated file read via Docker API endpoints. Attackers can access /etc/passwd, configs, and secrets. Upgrade to 0.8.0+! https://radar.offseq.com/threat/cve-2026-26217-cwe-22-improper-limitation-of-a-pat-0f89b04d #OffSeq #CVE202626217 #infosec
##updated 2026-02-13T14:23:48.007000
1 posts
🟠 CVE-2025-61880 - High (8.8)
In Infoblox NIOS through 9.0.7, insecure deserialization can result in remote code execution.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-61880/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T14:23:48.007000
1 posts
🔴 CVE-2025-70981 - Critical (9.8)
CordysCRM 1.4.1 is vulnerable to SQL Injection in the employee list query interface (/user/list) via the departmentIds parameter.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70981/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T14:23:48.007000
1 posts
🟠 CVE-2025-63421 - High (7.8)
An issue in filosoft Comerc.32 Commercial Invoicing v.16.0.0.3 allows a local attacker to execute arbitrary code via the comeinst.exe file
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-63421/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T14:23:48.007000
1 posts
🟠 CVE-2025-67432 - High (7.5)
A stack overflow in the ZBarcode_Encode function of Monkeybread Software MBS DynaPDF Plugin v21.3.1.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-67432/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T14:04:05.243000
10 posts
3 repos
https://github.com/nikallass/CVE-2024-43468_mTLS_go
CISA: "critical remote code execution vulnerability (CVE-2024-43468) in Microsoft Configuration Manager is being actively exploited" www.linkedin.com/posts/cisowh... #cybersec #natsec "What CISOs should do:"
##Feb 14-15, 2026: The Munich Security Conference highlights deepening transatlantic tensions and calls for EU strategic autonomy, amid US-Greenland territorial friction. China debuted the first sodium-ion EV. CISA warned of an actively exploited SQL injection vulnerability in Microsoft Configuration Manager (CVE-2024-43468), urging immediate patching. "Agentic AI" is rapidly escalating cyber threats, with many CISOs unprepared for new attack surfaces and speeds.
##CISA Warns of Active Exploitation in Microsoft Configuration Manager SQL Injection Flaw
CISA reports active exploitation of a critical SQL injection vulnerability in Microsoft Configuration Manager (CVE-2024-43468). The flaw allows unauthenticated attackers to execute arbitrary commands with system-level privileges on management servers and site databases.
**If you are using Microsoft Configuration Manager and haven't patched since 2024, this is urgent. Your MCM is being attacked. If possible, always isolate from the internet. And patch, because any isolation will be compromised given enough time.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/cisa-warns-of-active-exploitation-in-microsoft-configuration-manager-sql-injection-flaw-t-a-l-p-8/gD2P6Ple2L
Feb 14-15, 2026: The Munich Security Conference highlights deepening transatlantic tensions and calls for EU strategic autonomy, amid US-Greenland territorial friction. China debuted the first sodium-ion EV. CISA warned of an actively exploited SQL injection vulnerability in Microsoft Configuration Manager (CVE-2024-43468), urging immediate patching. "Agentic AI" is rapidly escalating cyber threats, with many CISOs unprepared for new attack surfaces and speeds.
##CISA Warns of Active Exploitation in Microsoft Configuration Manager SQL Injection Flaw
CISA reports active exploitation of a critical SQL injection vulnerability in Microsoft Configuration Manager (CVE-2024-43468). The flaw allows unauthenticated attackers to execute arbitrary commands with system-level privileges on management servers and site databases.
**If you are using Microsoft Configuration Manager and haven't patched since 2024, this is urgent. Your MCM is being attacked. If possible, always isolate from the internet. And patch, because any isolation will be compromised given enough time.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/cisa-warns-of-active-exploitation-in-microsoft-configuration-manager-sql-injection-flaw-t-a-l-p-8/gD2P6Ple2L
A Microsoft ConfigMgr flaw went from “too complex to worry about” to a full-blown crisis almost overnight after public exploit code dropped. How did this one slip through the cracks?
##🚨 [CISA-2026:0212] CISA Adds 4 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0212)
CISA has added 4 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2024-43468 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-43468)
- Name: Microsoft Configuration Manager SQL Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Configuration Manager
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43468 ; https://nvd.nist.gov/vuln/detail/CVE-2024-43468
⚠️ CVE-2025-15556 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-15556)
- Name: Notepad++ Download of Code Without Integrity Check Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Notepad++
- Product: Notepad++
- Notes: https://notepad-plus-plus.org/news/clarification-security-incident/ ; https://community.notepad-plus-plus.org/topic/27298/notepad-v8-8-9-vulnerability-fix ; https://nvd.nist.gov/vuln/detail/CVE-2025-15556
⚠️ CVE-2025-40536 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-40536)
- Name: SolarWinds Web Help Desk Security Control Bypass Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SolarWinds
- Product: Web Help Desk
- Notes: https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm ; https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40536 ; https://nvd.nist.gov/vuln/detail/CVE-2025-40536
⚠️ CVE-2026-20700 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20700)
- Name: Apple Multiple Buffer Overflow Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: Multiple Products
- Notes: https://support.apple.com/en-us/126346 ; https://support.apple.com/en-us/126348 ; https://support.apple.com/en-us/126351 ; https://support.apple.com/en-us/126352 ; https://support.apple.com/en-us/126353 ; https://nvd.nist.gov/vuln/detail/CVE-2026-20700
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260212 #cisa20260212 #cve_2024_43468 #cve_2025_15556 #cve_2025_40536 #cve_2026_20700 #cve202443468 #cve202515556 #cve202540536 #cve202620700
##CISA has updated the KEV catalogue. I see Notepad++ has made it to the list.
- CVE-2025-40536: SolarWinds Web Help Desk Security Control Bypass Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-40536
- CVE-2025-15556: Notepad++ Download of Code Without Integrity Check Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-15556
- CVE-2024-43468: Microsoft Configuration Manager SQL Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-43468
- CVE-2026-20700: Apple Multiple Buffer Overflow Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-20700
There are also several industrial advisories here: https://www.cisa.gov/ #CISA #infosec #vulnerability #Apple #Microsoft #Notepad #SolarWinds
##CVE ID: CVE-2024-43468
Vendor: Microsoft
Product: Configuration Manager
Date Added: 2026-02-12
Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43468 ; https://nvd.nist.gov/vuln/detail/CVE-2024-43468
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2024-43468
‼️ CISA has added 3 vulnerabilities to the KEV Catalog
CVE-2025-15556: Notepad++ Download of Code Without Integrity Check Vulnerability: Notepad++ when using the WinGUp updater, contains a download of code without integrity check vulnerability that could allow an attacker to intercept or redirect update traffic to download and execute an attacker-controlled installer. This could lead to arbitrary code execution with the privileges of the user.
CVE-2026-20700: Apple Multiple Buffer Overflow Vulnerability: Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow an attacker with memory write the capability to execute arbitrary code.
CVE-2024-43468: Microsoft Configuration Manager SQL Injection Vulnerability: Microsoft Configuration Manager contains an SQL injection vulnerability. An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target environment which are processed in an unsafe manner enabling the attacker to execute commands on the server and/or underlying database.
##updated 2026-02-13T14:03:58.537000
14 posts
1 repos
Here's a snapshot of recent geopolitical, technology, and cybersecurity developments:
**Geopolitical:** Iranian FM Araghchi stated on Feb 14, 2026, that the EU has lost its geopolitical weight, criticizing the Munich Security Conference on Iran. African leaders held their AU Summit Feb 14-15, focusing on water security and Sudan's conflict.
**Technology:** AI faces significant energy bottlenecks in February 2026, potentially altering industry growth. Singapore committed $155B to a nationwide AI push on Feb 14, 2026.
**Cybersecurity:** Apple patched CVE-2026-20700, an actively exploited zero-day, on Feb 11, 2026. Malicious Chrome extensions were discovered stealing sensitive business and email data around Feb 13-14, 2026.
##⚠️ Apple patches decade-old iOS zero-day exploited in the wild
「 CVE-2026-20700, discovered by Google's Threat Analysis Group, affects dyld - Apple's dynamic linker - and allows attackers with memory write capability to execute arbitrary code. Apple said the flaw was exploited in the wild and may have been part of an exploit chain 」
##Here's a snapshot of recent geopolitical, technology, and cybersecurity developments:
**Geopolitical:** Iranian FM Araghchi stated on Feb 14, 2026, that the EU has lost its geopolitical weight, criticizing the Munich Security Conference on Iran. African leaders held their AU Summit Feb 14-15, focusing on water security and Sudan's conflict.
**Technology:** AI faces significant energy bottlenecks in February 2026, potentially altering industry growth. Singapore committed $155B to a nationwide AI push on Feb 14, 2026.
**Cybersecurity:** Apple patched CVE-2026-20700, an actively exploited zero-day, on Feb 11, 2026. Malicious Chrome extensions were discovered stealing sensitive business and email data around Feb 13-14, 2026.
##⚠️ Apple patches decade-old iOS zero-day exploited in the wild
「 CVE-2026-20700, discovered by Google's Threat Analysis Group, affects dyld - Apple's dynamic linker - and allows attackers with memory write capability to execute arbitrary code. Apple said the flaw was exploited in the wild and may have been part of an exploit chain 」
##Global cybersecurity remains critical: Threat actors are actively exploiting Google's Gemini AI for varied attack stages, from reconnaissance to phishing. Apple has patched a critical zero-day vulnerability (CVE-2026-20700) exploited in sophisticated attacks. CISA updated its KEV Catalog with four new vulnerabilities, urging immediate remediation. Furthermore, the EU launched a new ICT Supply Chain Security Toolbox to enhance risk mitigation. (Feb 12-13, 2026)
##Apple Patches Actively Exploited Flaw, Over 90 Vulnerabilities in macOS, iOS, and iPadOS in February 2026 Security Updates
Apple released security updates on February 11, 2026, patching over 90 vulnerabilities across macOS, iOS, and iPadOS, including an actively exploited zero-day (CVE-2026-20700) — a memory corruption flaw in dyld enabling arbitrary code execution, likely used by nation-state actors or commercial spyware vendors against targeted individuals.
**Time to update your Apple devices. Prioritize iOS 26 devices, especially if you are a journalist or active in economy and policy - those are the first ones targeted by state actors to take control of mobile phones. Then all the rest of devices. Even if you are not a high profile target, update because hackers will learn to exploit the same flaws, so it will be open season on every vulnerable device.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/apple-patches-actively-exploited-flaw-over-90-vulnerabilities-in-macos-ios-and-ipados-in-february-2026-security-updates-j-a-7-e-o/gD2P6Ple2L
CVE-2026-20700 – Apple corrige sa première faille zero-day de 2026 : patchez ! https://www.it-connect.fr/cve-2026-20700-apple-corrige-sa-premiere-faille-zero-day-de-2026-patchez/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Apple
##Here's a summary of recent global, technology, and cybersecurity news from the last 24 hours:
Globally, Canada mourned 10 lives lost in a mass shooting in British Columbia (February 12).
In technology, Samsung began mass production of HBM4 with ultimate performance for AI computing (February 12). Waymo also launched fully autonomous operations with its 6th-generation Driver (February 12).
For cybersecurity, Google reported state-backed hackers are using Gemini AI for reconnaissance and attack support (February 12). Apple patched an actively exploited zero-day vulnerability (CVE-2026-20700) affecting iOS, macOS, and other devices (February 12). Additionally, Palo Alto Networks reportedly chose not to publicly link a global cyberespionage campaign to China over fears of retaliation (February 13).
##🟠 CVE-2026-20700 - High (7.8)
A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An attacker with memory write capability may be able to execute arbi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20700/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 [CISA-2026:0212] CISA Adds 4 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0212)
CISA has added 4 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2024-43468 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-43468)
- Name: Microsoft Configuration Manager SQL Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Configuration Manager
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43468 ; https://nvd.nist.gov/vuln/detail/CVE-2024-43468
⚠️ CVE-2025-15556 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-15556)
- Name: Notepad++ Download of Code Without Integrity Check Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Notepad++
- Product: Notepad++
- Notes: https://notepad-plus-plus.org/news/clarification-security-incident/ ; https://community.notepad-plus-plus.org/topic/27298/notepad-v8-8-9-vulnerability-fix ; https://nvd.nist.gov/vuln/detail/CVE-2025-15556
⚠️ CVE-2025-40536 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-40536)
- Name: SolarWinds Web Help Desk Security Control Bypass Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SolarWinds
- Product: Web Help Desk
- Notes: https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm ; https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40536 ; https://nvd.nist.gov/vuln/detail/CVE-2025-40536
⚠️ CVE-2026-20700 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20700)
- Name: Apple Multiple Buffer Overflow Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: Multiple Products
- Notes: https://support.apple.com/en-us/126346 ; https://support.apple.com/en-us/126348 ; https://support.apple.com/en-us/126351 ; https://support.apple.com/en-us/126352 ; https://support.apple.com/en-us/126353 ; https://nvd.nist.gov/vuln/detail/CVE-2026-20700
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260212 #cisa20260212 #cve_2024_43468 #cve_2025_15556 #cve_2025_40536 #cve_2026_20700 #cve202443468 #cve202515556 #cve202540536 #cve202620700
##CISA has updated the KEV catalogue. I see Notepad++ has made it to the list.
- CVE-2025-40536: SolarWinds Web Help Desk Security Control Bypass Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-40536
- CVE-2025-15556: Notepad++ Download of Code Without Integrity Check Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-15556
- CVE-2024-43468: Microsoft Configuration Manager SQL Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-43468
- CVE-2026-20700: Apple Multiple Buffer Overflow Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-20700
There are also several industrial advisories here: https://www.cisa.gov/ #CISA #infosec #vulnerability #Apple #Microsoft #Notepad #SolarWinds
##CVE ID: CVE-2026-20700
Vendor: Apple
Product: Multiple Products
Date Added: 2026-02-12
Notes: https://support.apple.com/en-us/126346 ; https://support.apple.com/en-us/126348 ; https://support.apple.com/en-us/126351 ; https://support.apple.com/en-us/126352 ; https://support.apple.com/en-us/126353 ; https://nvd.nist.gov/vuln/detail/CVE-2026-20700
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-20700
‼️ CISA has added 3 vulnerabilities to the KEV Catalog
CVE-2025-15556: Notepad++ Download of Code Without Integrity Check Vulnerability: Notepad++ when using the WinGUp updater, contains a download of code without integrity check vulnerability that could allow an attacker to intercept or redirect update traffic to download and execute an attacker-controlled installer. This could lead to arbitrary code execution with the privileges of the user.
CVE-2026-20700: Apple Multiple Buffer Overflow Vulnerability: Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow an attacker with memory write the capability to execute arbitrary code.
CVE-2024-43468: Microsoft Configuration Manager SQL Injection Vulnerability: Microsoft Configuration Manager contains an SQL injection vulnerability. An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target environment which are processed in an unsafe manner enabling the attacker to execute commands on the server and/or underlying database.
##The vulnerability, tracked as CVE-2026-20700 (CVSS score: N/A), has been described as a memory corruption issue in dyld, Apple's Dynamic Link Editor. https://thehackernews.com/2026/02/apple-fixes-exploited-zero-day.html
##updated 2026-02-13T06:30:48
2 posts
🟠 CVE-2026-25108 - High (8.8)
FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25108/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25108 - High (8.8)
FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25108/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T00:33:56
1 posts
🟠 CVE-2026-20650 - High (7.5)
A denial-of-service issue was addressed with improved validation. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An attacker in a privileged network position may be able to perform denial...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20650/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T00:33:00
2 posts
🚨 CVE-2026-1358 (CRITICAL, CVSS 9.8): Airleader Master (≤6.381) allows unauthenticated file uploads, enabling remote code execution. ICS & building automation in Europe at risk — patch ASAP, restrict uploads, segment networks. https://radar.offseq.com/threat/cve-2026-1358-cwe-434-in-airleader-gmbh-airleader--2b35e562 #OffSeq #CVE20261358 #ICS #InfoSec
##🔴 CVE-2026-1358 - Critical (9.8)
Airleader Master versions 6.381 and prior allow for file uploads without
restriction to multiple webpages running maximum privileges. This could
allow an unauthenticated user to potentially obtain remote code
execution on the server.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1358/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T00:32:51
1 posts
1 repos
🟠 CVE-2025-70886 - High (7.5)
An issue in halo v.2.22.4 and before allows a remote attacker to cause a denial of service via a crafted payload to the public comment submission endpoint
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70886/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T22:08:03
1 posts
🟠 CVE-2026-25949 - High (7.5)
Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.8, there is a potential vulnerability in Traefik managing STARTTLS requests. An unauthenticated client can bypass Traefik entrypoint respondingTimeouts.readTimeout by sending the 8-b...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25949/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T21:32:31
1 posts
🟠 CVE-2025-69807 - High (7.5)
p2r3 Bareiron commit: 8e4d4020d is vulnerable to Buffer Overflow, which allows unauthenticated remote attackers to cause a denial of service via a packet sent to the server.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69807/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T21:32:30
1 posts
🟠 CVE-2026-20652 - High (7.5)
The issue was addressed with improved memory handling. This issue is fixed in macOS Tahoe 26.3, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3, Safari 26.3. A remote attacker may be able to cause a denial-of-service.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20652/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T21:32:30
1 posts
🔴 CVE-2026-20677 - Critical (9)
A race condition was addressed with improved handling of symbolic links. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. A shortcut may be able to bypass sandbox ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20677/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T21:32:30
1 posts
🟠 CVE-2025-61879 - High (7.7)
In Infoblox NIOS through 9.0.7, a High-Privileged User Can Trigger an Arbitrary File Write via the Account Creation Mechanism.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-61879/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T21:32:29
4 posts
🚨 [CISA-2026:0212] CISA Adds 4 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0212)
CISA has added 4 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2024-43468 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-43468)
- Name: Microsoft Configuration Manager SQL Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Configuration Manager
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43468 ; https://nvd.nist.gov/vuln/detail/CVE-2024-43468
⚠️ CVE-2025-15556 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-15556)
- Name: Notepad++ Download of Code Without Integrity Check Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Notepad++
- Product: Notepad++
- Notes: https://notepad-plus-plus.org/news/clarification-security-incident/ ; https://community.notepad-plus-plus.org/topic/27298/notepad-v8-8-9-vulnerability-fix ; https://nvd.nist.gov/vuln/detail/CVE-2025-15556
⚠️ CVE-2025-40536 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-40536)
- Name: SolarWinds Web Help Desk Security Control Bypass Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SolarWinds
- Product: Web Help Desk
- Notes: https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm ; https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40536 ; https://nvd.nist.gov/vuln/detail/CVE-2025-40536
⚠️ CVE-2026-20700 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20700)
- Name: Apple Multiple Buffer Overflow Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: Multiple Products
- Notes: https://support.apple.com/en-us/126346 ; https://support.apple.com/en-us/126348 ; https://support.apple.com/en-us/126351 ; https://support.apple.com/en-us/126352 ; https://support.apple.com/en-us/126353 ; https://nvd.nist.gov/vuln/detail/CVE-2026-20700
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260212 #cisa20260212 #cve_2024_43468 #cve_2025_15556 #cve_2025_40536 #cve_2026_20700 #cve202443468 #cve202515556 #cve202540536 #cve202620700
##CISA has updated the KEV catalogue. I see Notepad++ has made it to the list.
- CVE-2025-40536: SolarWinds Web Help Desk Security Control Bypass Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-40536
- CVE-2025-15556: Notepad++ Download of Code Without Integrity Check Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-15556
- CVE-2024-43468: Microsoft Configuration Manager SQL Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-43468
- CVE-2026-20700: Apple Multiple Buffer Overflow Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-20700
There are also several industrial advisories here: https://www.cisa.gov/ #CISA #infosec #vulnerability #Apple #Microsoft #Notepad #SolarWinds
##CVE ID: CVE-2025-40536
Vendor: SolarWinds
Product: Web Help Desk
Date Added: 2026-02-12
Notes: https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm ; https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40536 ; https://nvd.nist.gov/vuln/detail/CVE-2025-40536
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-40536
‼️ CISA added one more vulnerability to the KEV Catalog today...
CVE-2025-40536: SolarWinds Web Help Desk Security Control Bypass Vulnerability: SolarWinds Web Help Desk contains a security control bypass vulnerability that could allow an unauthenticated attacker to gain access to certain restricted functionality.
##updated 2026-02-12T21:31:34
1 posts
🔴 CVE-2026-26218 - Critical (9.8)
newbee-mall includes pre-seeded administrator accounts in its database initialization script. These accounts are provisioned with a predictable default password. Deployments that initialize or reset the database using the provided schema and fail ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26218/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T21:31:34
1 posts
🔴 CVE-2025-70314 - Critical (9.8)
webfsd 1.21 is vulnerable to a Buffer Overflow via a crafted request. This is due to the filename variable
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70314/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T20:16:05.143000
6 posts
9 repos
https://github.com/uky007/CVE-2026-20841_notepad_analysis
https://github.com/SecureWithUmer/CVE-2026-20841
https://github.com/tangent65536/CVE-2026-20841
https://github.com/BTtea/CVE-2026-20841-PoC
https://github.com/dogukankurnaz/CVE-2026-20841-PoC
https://github.com/atiilla/CVE-2026-20841
https://github.com/patchpoint/CVE-2026-20841
Microsoft, the company known for such amazing achievements as Teams, Github's uptime, Copilot etc. has managed to add features to Notepad in such a way, they introduced a remote code execution vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##Czytam, że #Microsoft "poprawił" Notatnik (#Notepad).
Tak, ten program, który nie był dotykany, od 40 lat robił tylko to, co miał robić.
Dodali mu sztuczną inteligencję, dostęp do sieci, obsługę Markdown. A może Copilot dodał?🤔
CVE-2026-20841. CVSS 8.8. Zdalne wykonywanie kodu.
https://sekurak.pl/podatnosc-klasy-rce-w-windowsowym-notatniku-windows-11/
##Czytam, że #Microsoft "poprawił" Notatnik (#Notepad).
Tak, ten program, który nie był dotykany, od 40 lat robił tylko to, co miał robić.
Dodali mu sztuczną inteligencję, dostęp do sieci, obsługę Markdown. A może Copilot dodał?🤔
CVE-2026-20841. CVSS 8.8. Zdalne wykonywanie kodu.
https://sekurak.pl/podatnosc-klasy-rce-w-windowsowym-notatniku-windows-11/
##Windows Notepad RCE - CVE-2026-20841
A crafted Markdown link could trigger command execution via protocol handler abuse on Windows 11 Notepad.
##https://www.cve.org/CVERecord?id=CVE-2026-20841
AI enabled remote code execution in Windows Notepad if you open the wrong text file.
Microsoft's Notepad Got Pwned (CVE-2026-20841) https://foss-daily.org/posts/microsoft-notepad-2026/
##updated 2026-02-12T20:08:45
1 posts
🔴 CVE-2025-69872 - Critical (9.8)
DiskCache (python-diskcache) through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve arbitrary code execution when a victim application reads from the cache.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69872/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T18:31:25
1 posts
🔴 CVE-2025-70085 - Critical (9.8)
An issue was discovered in OpenSatKit 2.2.1. The EventErrStr buffer has a fixed size of 256 bytes. The code uses sprintf to format two filenames (Source1Filename and the string returned by FileUtil_FileStateStr) into this buffer without any length...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70085/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T18:31:25
1 posts
🟠 CVE-2026-20626 - High (7.8)
This issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A malicious app may be able to gain root privileges.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20626/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T18:31:24
1 posts
🟠 CVE-2025-69871 - High (8.1)
A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and earlier in the registerUsage() function of the promotion module. The function performs a non-atomic read-check-update operation when enforcing promotion usage limits. This allows...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69871/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T18:30:27
1 posts
🟠 CVE-2025-54756 - High (8.4)
BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or
series 5 prior to v9.0.166 use a default password that is guessable with
knowledge of the device information. The latest release fixes this
issue for new installations; use...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-54756/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T16:16:17.917000
2 posts
1 repos
https://github.com/mbanyamer/CVE-2026-26235-JUNG-Smart-Visu-Server-Unauthenticated-Reboot-Shutdown
🟠 CVE-2026-26235 - High (7.5)
JUNG Smart Visu Server 1.1.1050 contains a denial of service vulnerability that allows unauthenticated attackers to remotely shutdown or reboot the server. Attackers can send a single POST request to trigger the server reboot without requiring any...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26235/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CVE-2026-26235 (HIGH): JUNG Smart Visu Server 1.1.1050 lets unauthenticated users remotely shut down or reboot the server via POST request. Restrict network access, monitor logs, and await vendor patch. Details: https://radar.offseq.com/threat/cve-2026-26235-missing-authentication-for-critical-64624540 #OffSeq #Vulnerability #OTSecurity
##updated 2026-02-12T16:16:05.583000
1 posts
🟠 CVE-2025-69873 - High (7.5)
ajv (Another JSON Schema Validator) through version 8.17.1 is vulnerable to Regular Expression Denial of Service (ReDoS) when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax ($data reference), which is...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69873/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T16:16:04.620000
1 posts
🔴 CVE-2025-67135 - Critical (9.8)
Weak Security in the PF-50 1.2 keyfob of PGST PG107 Alarm System 1.25.05.hf allows attackers to compromise access control via a code replay attack.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-67135/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T15:33:51
1 posts
🟠 CVE-2025-70083 - High (7.8)
An issue was discovered in OpenSatKit 2.2.1. The DirName field in the telecommand is provided by the ground segment and must be treated as untrusted input. The program copies DirName into the local buffer DirWithSep using strcpy. The size of this ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70083/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T15:33:50
1 posts
🟠 CVE-2025-70029 - High (7.5)
An issue in Sunbird-Ed SunbirdEd-portal v1.13.4 allows attackers to obtain sensitive information. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in HTTP request options
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70029/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T15:32:55
2 posts
1 repos
🟠 CVE-2026-2004 - High (8.8)
Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2004/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##few new #postgresql vulns out there today
🔐 CVE-2026-2004
CVE-2026-2004
Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database.
📊 CVSS Score: 8.8
⚠️ Severity: High
📅 Published: 02/12/2026, 02:16 PM
🏷️ Aliases: CVE-2026-2004
🛡️ CWE: CWE-1287
📚 References: https://www.postgresql.org/support/security/CVE-2026-2004/
updated 2026-02-12T15:32:54
1 posts
🔴 CVE-2025-10969 - Critical (9.8)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Blind SQL Injection.This issue affects E-Commerce Package: through 27112025.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-10969/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T15:32:54
1 posts
🟠 CVE-2026-2007 - High (8.2)
Heap buffer overflow in PostgreSQL pg_trgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the viability of attacks tha...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2007/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T15:32:54
1 posts
🟠 CVE-2026-1104 - High (8.8)
The FastDup – Fastest WordPress Migration & Duplicator plugin for WordPress is vulnerable to unauthorized backup creation and download due to a missing capability check on REST API endpoints in all versions up to, and including, 2.7.1. This make...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1104/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T15:32:53
1 posts
🟠 CVE-2025-13002 - High (8.2)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Cross-Site Scripting (XSS).This issue affects E-Commerce Package: thro...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-13002/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T15:16:05.350000
1 posts
🟠 CVE-2025-70084 - High (7.5)
Directory traversal vulnerability in OpenSatKit 2.2.1 allows attackers to gain access to sensitive information or delete arbitrary files via crafted value to the FileUtil_GetFileInfo function.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70084/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T15:16:03.043000
1 posts
🔴 CVE-2025-15573 - Critical (9.4)
The affected devices do not validate the server certificate when connecting to the SolaX Cloud MQTTS server hosted in the Alibaba Cloud (mqtt001.solaxcloud.com, TCP 8883). This allows attackers in a man-in-the-middle position to act as the legitim...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-15573/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T15:16:02.840000
1 posts
🔴 CVE-2025-14892 - Critical (9.8)
The Prime Listing Manager WordPress plugin through 1.1 allows an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions due to a hardcoded secret.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-14892/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T15:10:37.307000
1 posts
🟠 CVE-2026-2006 - High (8.8)
Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the datab...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2006/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T15:10:37.307000
1 posts
🟠 CVE-2026-2005 - High (8.8)
Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2005/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T15:10:37.307000
1 posts
⚠️ HIGH severity alert: CVE-2026-1320 impacts ays-pro Secure Copy Content Protection & Content Locking (all versions) — Stored XSS via 'X-Forwarded-For' lets unauth attackers inject scripts. Monitor and restrict input. More: https://radar.offseq.com/threat/cve-2026-1320-cwe-79-improper-neutralization-of-in-70548f61 #OffSeq #WordPress #XSS
##updated 2026-02-12T15:10:37.307000
1 posts
1 repos
https://github.com/mbanyamer/-CVE-2026-26215-manga-image-translator-RCE
CVE-2026-26215: CRITICAL RCE in zyddnys manga-image-translator (beta-0.3 & earlier). Unauthenticated attackers can exploit unsafe pickle.loads() in FastAPI endpoints to execute code. Disable endpoints & monitor for threats! https://radar.offseq.com/threat/cve-2026-26215-cwe-502-deserialization-of-untruste-e3572f04 #OffSeq #CVE202626215 #infosec
##updated 2026-02-12T15:10:37.307000
1 posts
🟠 CVE-2026-23856 - High (7.8)
Dell iDRAC Service Module (iSM) for Windows, versions prior to 6.0.3.1, and Dell iDRAC Service Module (iSM) for Linux, versions prior to 5.4.1.1, contain an Improper Access Control vulnerability. A low privileged attacker with local access could p...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23856/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T14:19:15
1 posts
🔴 CVE-2026-26021 - Critical (9.8)
set-in provides the set value of nested associative structure given array of keys. A prototype pollution vulnerability exists in the the npm package set-in (>=2.0.1, < 2.0.5). Despite a previous fix that attempted to mitigate prototype pollutio...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26021/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T06:30:21
2 posts
1 repos
🟠 CVE-2026-25676 - High (7.8)
The installer of M-Track Duo HD version 1.0.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrator privileges.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25676/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CVE-2026-25676: HIGH-severity DLL search path vuln in M-Audio M-Track Duo HD v1.0.0 installer. Local attackers can hijack DLLs to run code as admin. Restrict installer use, monitor for patches! https://radar.offseq.com/threat/cve-2026-25676-uncontrolled-search-path-element-in-108bd32e #OffSeq #Vulnerability #Infosec #CVE2026_25676
##updated 2026-02-12T06:30:21
2 posts
🔎 CVE-2026-26234 (HIGH): JUNG Smart Visu Server (v1.0.830 – 1.1.1050) allows unauthenticated X-Forwarded-Host header injection — leads to cache poisoning, phishing, and redirects. Patch when available, restrict access, monitor logs. https://radar.offseq.com/threat/cve-2026-26234-improper-neutralization-of-http-hea-13dc0f5b #OffSeq #Vuln #IoT
##🟠 CVE-2026-26234 - High (8.8)
JUNG Smart Visu Server 1.1.1050 contains a request header manipulation vulnerability that allows unauthenticated attackers to override request URLs by injecting arbitrary values in the X-Forwarded-Host header. Attackers can manipulate proxied requ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26234/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T03:31:06
2 posts
Dell Update Package Framework (23.12.00 – 24.12.00) hit by HIGH severity (CVSS 8.2) vuln: improper permission checks enable local privilege escalation. Restrict access & monitor for updates. CVE-2026-23857 🛡️ https://radar.offseq.com/threat/cve-2026-23857-cwe-280-improper-handling-of-insuff-a6a15377 #OffSeq #Dell #PrivilegeEscalation #Vuln
##🟠 CVE-2026-23857 - High (8.2)
Dell Update Package (DUP) Framework, versions 23.12.00 through 24.12.00, contains an Improper Handling of Insufficient Permissions or Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerabilit...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23857/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T03:31:06
3 posts
1 repos
https://github.com/ninjazan420/CVE-2026-1729-PoC-AdForest-WordPress-Authentication-Bypass
🚨 CRITICAL: CVE-2026-1729 in AdForest (≤6.0.12) enables unauthenticated OTP login as any user — including admins. No patch yet. Block vulnerable OTP function, monitor logs, and deploy WAF rules ASAP. https://radar.offseq.com/threat/cve-2026-1729-cwe-306-missing-authentication-for-c-1533b53f #OffSeq #WordPress #Vulnerability
##🚨 CVE-2026-1729 (CRITICAL): AdForest WordPress theme authentication bypass lets attackers log in as any user — including admin! All versions affected, no patch yet. Disable OTP login & deploy WAF rules ASAP. More: https://radar.offseq.com/threat/cve-2026-1729-cwe-306-missing-authentication-for-c-1533b53f #OffSeq #WordPress #CVE20261729 #WebSecurity
##🔴 CVE-2026-1729 - Critical (9.8)
The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.0.12. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the 'sb_login_user_with_o...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1729/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T03:31:01
6 posts
New CVE-2026-0969 in MDX Remote popped up. I hadn't realized it was an issue, npm audit and dependency-bot hadn't reported anything, but Vercel suddenly stopped letting me deploy last night. Easy enough fix to update to 6.0.0!
##HashiCorp Patches Critical RCE Vulnerability in next-mdx-remote Library
HashiCorp patched a critical remote code execution vulnerability (CVE-2026-0969) in the next-mdx-remote library that allowed attackers to execute arbitrary code during React server-side rendering.
**If your React application renders user-supplied MDX content, update next-mdx-remote to version 6.0.0 immediately to enable the new default security blocks. Avoid enabling JavaScript expressions for untrusted input, as even best-effort sanitization can be bypassed by determined attackers.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/hashicorp-patches-critical-rce-vulnerability-in-next-mdx-remote-library-t-u-a-5-2/gD2P6Ple2L
New CVE-2026-0969 in MDX Remote popped up. I hadn't realized it was an issue, npm audit and dependency-bot hadn't reported anything, but Vercel suddenly stopped letting me deploy last night. Easy enough fix to update to 6.0.0!
##HashiCorp Patches Critical RCE Vulnerability in next-mdx-remote Library
HashiCorp patched a critical remote code execution vulnerability (CVE-2026-0969) in the next-mdx-remote library that allowed attackers to execute arbitrary code during React server-side rendering.
**If your React application renders user-supplied MDX content, update next-mdx-remote to version 6.0.0 immediately to enable the new default security blocks. Avoid enabling JavaScript expressions for untrusted input, as even best-effort sanitization can be bypassed by determined attackers.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/hashicorp-patches-critical-rce-vulnerability-in-next-mdx-remote-library-t-u-a-5-2/gD2P6Ple2L
🟠 CVE-2026-0969 - High (8.8)
The serialize function used to compile MDX in next-mdx-remote is vulnerable to arbitrary code execution due to insufficient sanitization of MDX content.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0969/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-0969 - High (8.8)
The serialize function used to compile MDX in next-mdx-remote is vulnerable to arbitrary code execution due to insufficient sanitization of MDX content.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0969/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T23:14:49
1 posts
🟠 CVE-2026-25990 - High (7.5)
Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25990/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T21:30:37
1 posts
🟠 CVE-2026-21236 - High (7.8)
Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21236/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T21:30:37
1 posts
🟠 CVE-2026-21245 - High (7.8)
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21245/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T21:15:13.490000
1 posts
🟠 CVE-2026-21229 - High (8)
Improper input validation in Power BI allows an authorized attacker to execute code over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21229/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T21:00:30.630000
1 posts
🟠 CVE-2026-21239 - High (7.8)
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21239/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T18:56:24
1 posts
🔴 CVE-2025-69874 - Critical (9.8)
nanotar through 0.2.0 has a path traversal vulnerability in parseTar() and parseTarGzip() that allows remote attackers to write arbitrary files outside the intended extraction directory via a crafted tar archive containing path traversal sequence.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69874/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T15:40:42.937000
3 posts
59 repos
https://github.com/xuemian168/CVE-2026-24061
https://github.com/androidteacher/CVE-2026-24061-PoC-Telnetd
https://github.com/SeptembersEND/CVE--2026-24061
https://github.com/cyberpoul/CVE-2026-24061-POC
https://github.com/h3athen/CVE-2026-24061
https://github.com/parameciumzhang/Tell-Me-Root
https://github.com/BrainBob/Telnet-TestVuln-CVE-2026-24061
https://github.com/0xXyc/telnet-inetutils-auth-bypass-CVE-2026-24061
https://github.com/ridpath/Terrminus-CVE-2026-2406
https://github.com/franckferman/CVE_2026_24061_PoC
https://github.com/SystemVll/CVE-2026-24061
https://github.com/JayGLXR/CVE-2026-24061-POC
https://github.com/obrunolima1910/CVE-2026-24061
https://github.com/Lingzesec/CVE-2026-24061-GUI
https://github.com/SafeBreach-Labs/CVE-2026-24061
https://github.com/buzz075/CVE-2026-24061
https://github.com/z3n70/CVE-2026-24061
https://github.com/nrnw/CVE-2026-24061-GNU-inetutils-Telnet-Detector
https://github.com/Parad0x7e/CVE-2026-24061
https://github.com/ms0x08-dev/CVE-2026-24061-POC
https://github.com/dotelpenguin/telnetd_CVE-2026-24061_tester
https://github.com/yanxinwu946/CVE-2026-24061--telnetd
https://github.com/scumfrog/cve-2026-24061
https://github.com/canpilayda/inetutils-telnetd-cve-2026-24061
https://github.com/m3ngx1ng/cve_2026_24061_cli
https://github.com/LucasPDiniz/CVE-2026-24061
https://github.com/Mr-Zapi/CVE-2026-24061
https://github.com/BrainBob/CVE-2026-24061
https://github.com/0x7556/CVE-2026-24061
https://github.com/midox008/CVE-2026-24061
https://github.com/hackingyseguridad/root
https://github.com/leonjza/inetutils-telnetd-auth-bypass
https://github.com/hilwa24/CVE-2026-24061
https://github.com/infat0x/CVE-2026-24061
https://github.com/monstertsl/CVE-2026-24061
https://github.com/killsystema/scan-cve-2026-24061
https://github.com/lavabyte/telnet-CVE-2026-24061
https://github.com/cumakurt/tscan
https://github.com/MY0723/GNU-Inetutils-telnet-CVE-2026-24061-
https://github.com/typeconfused/CVE-2026-24061
https://github.com/Ali-brarou/telnest
https://github.com/tiborscholtz/CVE-2026-24061
https://github.com/novitahk/Exploit-CVE-2026-24061
https://github.com/balgan/CVE-2026-24061
https://github.com/Alter-N0X/CVE-2026-24061-POC
https://github.com/X-croot/CVE-2026-24061_POC
https://github.com/FurkanKAYAPINAR/CVE-2026-24061-telnet2root
https://github.com/ibrahmsql/CVE-2026-24061-PoC
https://github.com/r00tuser111/CVE-2026-24061
https://github.com/hyu164/Terrminus-CVE-2026-2406
https://github.com/Mefhika120/Ashwesker-CVE-2026-24061
https://github.com/TryA9ain/CVE-2026-24061
https://github.com/Gabs-hub/CVE-2026-24061_Lab
https://github.com/shivam-bathla/CVE-2026-24061-setup
https://github.com/madfxr/Twenty-Three-Scanner
https://github.com/XsanFlip/CVE-2026-24061-Scanner
https://github.com/duy-31/CVE-2026-24061---telnetd
names (SRC23); Dutch Venus-Earth-Earth bounce tests (1299 MHz).
- EV/auto tech: Audi unveils new 2026 electric SUV; Leapmotor OTA/LeapOS update.
- Open source and Fediverse governance: Mastodon moderation/tools debates; GitHub PR access controls to curb low‑quality contributions.
- Security patches and CVEs: CVE-2026-24061 telnet vulnerability and traffic drop; Chrome emergency patch. [2/2]
##2026-01-14: The Day the telnet Died
"On January 14, 2026, global telnet traffic observed by GreyNoise sensors fell off a cliff. A 59% sustained reduction, eighteen ASNs going completely silent, five countries vanishing from our data entirely. Six days later, CVE-2026-24061 dropped. Coincidence is one explanation."
Link: https://www.labs.greynoise.io/grimoire/2026-02-10-telnet-falls-silent/
#linkdump #blogpost #filtering #internet #iso #security #telnet
##USER='-f root' telnet -a ur.momma
root@ur.momma:~# got em!
https://www.cve.org/CVERecord?id=CVE-2026-24061
https://lists.gnu.org/archive/html/bug-inetutils/2026-01/msg00004.html
##updated 2026-02-11T06:30:48
2 posts
5 repos
https://github.com/cybertechajju/CVE-2026-1357-POC
https://github.com/halilkirazkaya/CVE-2026-1357
https://github.com/LucasM0ntes/POC-CVE-2026-1357
Critical RCE Vulnerability Reported in WPvivid Backup Plugin
WPvivid Backup & Migration plugin for WordPress patched a critical RCE vulnerability (CVE-2026-1357) that allows unauthenticated attackers to upload malicious PHP files via predictable cryptographic keys.
**If you are using WPvivid plugin, update to version 0.9.124 ASAP. If you cannot update right away, ensure the 'receive backup from another site' feature is disabled to close the primary attack vector.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-rce-vulnerability-reported-in-wpvivid-backup-plugin-3-d-o-v-9/gD2P6Ple2L
🔴 CVE-2026-1357 - Critical (9.8)
The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Upload in versions up to and including 0.9.123. This is due to improper error handling in the RSA decryption process...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1357/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:51
1 posts
🟠 CVE-2026-21240 - High (7.8)
Time-of-check time-of-use (toctou) race condition in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21240/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:51
1 posts
🟠 CVE-2026-21243 - High (7.5)
Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21243/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:50
1 posts
🟠 CVE-2026-21228 - High (8.1)
Improper certificate validation in Azure Local allows an unauthorized attacker to execute code over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21228/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:49
1 posts
Ivanti Patches High-Severity Authentication Bypass in Endpoint Manager
Ivanti patched a high-severity authentication bypass (CVE-2026-1603) and a SQL injection flaw (CVE-2026-1602) in its Endpoint Manager software that could allow attackers to steal credentials and sensitive database information.
**If you are using Ivanti EPM, one more patch cycle. Plan a quick update to Ivanti EPM instance to version 2024 SU5 or later. If possible, make sure your management servers are not exposed directly to the public internet.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/ivanti-patches-high-severity-authentication-bypass-in-endpoint-manager-d-7-x-9-j/gD2P6Ple2L
updated 2026-02-10T18:30:49
1 posts
🟠 CVE-2026-21238 - High (7.8)
Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21238/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:38
1 posts
Ivanti Patches High-Severity Authentication Bypass in Endpoint Manager
Ivanti patched a high-severity authentication bypass (CVE-2026-1603) and a SQL injection flaw (CVE-2026-1602) in its Endpoint Manager software that could allow attackers to steal credentials and sensitive database information.
**If you are using Ivanti EPM, one more patch cycle. Plan a quick update to Ivanti EPM instance to version 2024 SU5 or later. If possible, make sure your management servers are not exposed directly to the public internet.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/ivanti-patches-high-severity-authentication-bypass-in-endpoint-manager-d-7-x-9-j/gD2P6Ple2L
updated 2026-02-09T18:49:19
1 posts
Critical UUID Flaw in Fiber v2 Framework Enables Session Hijacking
Fiber v2 patched a critical vulnerability (CVE-2025-66630) that generates predictable all-zero UUIDs when secure randomness fails, enabling session hijacking and CSRF bypass.
**If you are running applications running Fiber v2, prioritize updating to version 2.52.11 and update environments to Go 1.24, This is a weird flaw that may not happen regularly and is hard to reproduce, but it will hit you if you leave the old version long enough. It's better to patch than to hope.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-uuid-flaw-in-fiber-v2-framework-enables-session-hijacking-s-n-a-1-9/gD2P6Ple2L
updated 2026-02-09T09:30:28
1 posts
🔐 CVE-2026-1868
📊 CVSS: 9.9 · Critical
📅 02/09/2026, 07:16 AM
🛡️ CWE: CWE-1336
📦 Affected: #GitLab GitLab AI Gateway (>= 18.1.6, < 18.6.2, >= 18.7.0, < 18.7.1, >= 18.8.0, < 18.8.1)
📚 References: https://about.gitlab.com/releases/2026/02/06/patch-release-gitlab-ai-gateway-18-8-1-released/
##updated 2026-02-06T15:14:47.703000
1 posts
🔐 CVE-2026-21643
📊 CVSS: 9.1 · Critical
📅 02/06/2026, 08:24 AM
🛡️ CWE: CWE-89
📦 Affected: Fortinet FortiClientEMS (7.4.4)
📚 https://fortiguard.fortinet.com/psirt/FG-IR-25-1142
updated 2026-02-04T19:53:06
4 posts
Critical Path Traversal Flaw in Unstructured.io AI Library Enables Remote Code Execution
Unstructured.io patched a critical path traversal vulnerability (CVE-2025-64712) that allows attackers to achieve remote code execution by processing malicious Outlook .msg files. The flaw enables arbitrary file writes, potentially compromising AI data pipelines across major cloud providers and Fortune 1000 enterprise environments.
**If you are processing mail attachments throuh AI, this is an important advisory. Check if you directly use Unstructured.io or update the systems that import and use this library. If you cannot update right away, disable attachment processing in your code and implement controls to sanitize filename attachments.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-path-traversal-flaw-in-unstructured-io-ai-library-enables-remote-code-execution-x-z-5-d-g/gD2P6Ple2L
Critical Path Traversal Flaw in Unstructured.io AI Library Enables Remote Code Execution
Unstructured.io patched a critical path traversal vulnerability (CVE-2025-64712) that allows attackers to achieve remote code execution by processing malicious Outlook .msg files. The flaw enables arbitrary file writes, potentially compromising AI data pipelines across major cloud providers and Fortune 1000 enterprise environments.
**If you are processing mail attachments throuh AI, this is an important advisory. Check if you directly use Unstructured.io or update the systems that import and use this library. If you cannot update right away, disable attachment processing in your code and implement controls to sanitize filename attachments.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-path-traversal-flaw-in-unstructured-io-ai-library-enables-remote-code-execution-x-z-5-d-g/gD2P6Ple2L
DESTRUCTURED - Critical Vulnerability in Unstructured.io (CVE-2025–64712) https://www.cyera.com/research-labs/inside-destructured---critical-vulnerability-in-unstructured-io-cve-2025-64712
##Critical RCE Vulnerability in Unstructured.io (CVE-2025–64712) - CVSS 9.8 https://www.cyera.com/research-labs/inside-destructured---critical-vulnerability-in-unstructured-io-cve-2025-64712
##updated 2026-02-04T18:30:51
1 posts
New advisory.
This updates a critical Cisco vulnerability first published in january.
CVE-2026-20045: Cisco Unified Communications Products Remote Code Execution Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b
From yesterday:
CVE-2026-20119: Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tce-roomos-dos-9V9jrC2q
CVE-2025-20359 and CVE-2025-20360: Multiple Cisco Products Snort 3 MIME Denial of Service Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort3-mime-vulns-tTL8PgVH @TalosSecurity #Cisco #infosec #vulnerability
##updated 2026-02-04T16:34:21.763000
1 posts
1 repos
https://github.com/MehdiLeDeaut/CVE-2026-1281-Ivanti-EPMM-RCE
updated 2026-02-02T23:41:06
1 posts
4 repos
https://github.com/ethiack/moltbot-1click-rce
https://github.com/adibirzu/openclaw-security-monitor
OpenClaw Vulnerability!
CVE-2026-25253 enables attackers to steal authentication tokens of OpenClaw AI Systems!
##updated 2026-01-30T13:28:18.610000
1 posts
1 repos
https://github.com/MehdiLeDeaut/CVE-2026-1281-Ivanti-EPMM-RCE
updated 2026-01-29T18:31:31
1 posts
updated 2026-01-27T16:16:55.327000
1 posts
2 repos
https://github.com/MaxMnMl/smartermail-CVE-2026-23760-poc
https://github.com/hilwa24/CVE-2026-23760_SmarterMail-Auth-Bypass-and-RCE
Storm-2603 Exploits CVE-2026-23760 to Stage Warlock Ransomware
#Storm_2603 #CVE_2026_23760 #WarlockRansomware
https://reliaquest.com/blog/threat-spotlight-storm-2603-exploits-CVE-2026-23760-to-stage-warlock-ransomware
updated 2026-01-13T18:31:14
2 posts
Microsoft Blocks Credential Autofill to Fix Windows Hello Flaw
#Microsoft #Windows11 #February2026PatchTuesday #Cybersecurity #Authentication #WindowsHello #Biometrics #RemoteDesktop
##Microsoft Blocks Credential Autofill to Fix Windows Hello Flaw
#Microsoft #Windows11 #February2026PatchTuesday #Cybersecurity #Authentication #WindowsHello #Biometrics #RemoteDesktop
##updated 2025-10-15T18:31:58
1 posts
New advisory.
This updates a critical Cisco vulnerability first published in january.
CVE-2026-20045: Cisco Unified Communications Products Remote Code Execution Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b
From yesterday:
CVE-2026-20119: Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tce-roomos-dos-9V9jrC2q
CVE-2025-20359 and CVE-2025-20360: Multiple Cisco Products Snort 3 MIME Denial of Service Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort3-mime-vulns-tTL8PgVH @TalosSecurity #Cisco #infosec #vulnerability
##updated 2025-10-15T18:31:58
1 posts
New advisory.
This updates a critical Cisco vulnerability first published in january.
CVE-2026-20045: Cisco Unified Communications Products Remote Code Execution Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b
From yesterday:
CVE-2026-20119: Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tce-roomos-dos-9V9jrC2q
CVE-2025-20359 and CVE-2025-20360: Multiple Cisco Products Snort 3 MIME Denial of Service Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort3-mime-vulns-tTL8PgVH @TalosSecurity #Cisco #infosec #vulnerability
##updated 2025-09-30T13:52:23.540000
1 posts
96 repos
https://github.com/CognisysGroup/CVE-2024-6387-Checker
https://github.com/dream434/CVE-2024-6387
https://github.com/anhvutuan/CVE-2024-6387-poc-1
https://github.com/Mufti22/CVE-2024-6387-checkher
https://github.com/P4x1s/CVE-2024-6387
https://github.com/mrmtwoj/CVE-2024-6387
https://github.com/awusan125/test_for6387
https://github.com/xonoxitron/regreSSHion
https://github.com/rumochnaya/openssh-cve-2024-6387.sh
https://github.com/ahlfors/CVE-2024-6387
https://github.com/bigb0x/CVE-2024-6387
https://github.com/0x4D31/cve-2024-6387_hassh
https://github.com/4lxprime/regreSSHive
https://github.com/JackSparrowhk/ssh-CVE-2024-6387-poc
https://github.com/vkaushik-chef/regreSSHion
https://github.com/jack0we/CVE-2024-6387
https://github.com/MrR0b0t19/CVE-2024-6387-Exploit-POC
https://github.com/filipi86/CVE-2024-6387-Vulnerability-Checker
https://github.com/TAM-K592/CVE-2024-6387
https://github.com/getdrive/CVE-2024-6387-PoC
https://github.com/d0rb/CVE-2024-6387
https://github.com/ACHUX21/checker-CVE-2024-6387
https://github.com/theaog/spirit
https://github.com/Ngagne-Demba-Dia/CVE-2024-6387-corrigee
https://github.com/DimaMend/cve-2024-6387-poc
https://github.com/dgourillon/mitigate-CVE-2024-6387
https://github.com/l-urk/CVE-2024-6387
https://github.com/OhDamnn/Noregressh
https://github.com/turbobit/CVE-2024-6387-OpenSSH-Vulnerability-Checker
https://github.com/t3rry327/cve-2024-6387-poc
https://github.com/jocker2410/CVE-2024-6387_poc
https://github.com/passwa11/cve-2024-6387-poc
https://github.com/no-one-sec/CVE-2024-6387
https://github.com/RickGeex/CVE-2024-6387-Checker
https://github.com/xonoxitron/regreSSHion-checker
https://github.com/CiderAndWhisky/regression-scanner
https://github.com/X-Projetion/CVE-2023-4596-OpenSSH-Multi-Checker
https://github.com/YassDEV221608/CVE-2024-6387_PoC
https://github.com/shamo0/CVE-2024-6387_PoC
https://github.com/xaitax/CVE-2024-6387_Check
https://github.com/harshinsecurity/sentinelssh
https://github.com/paradessia/CVE-2024-6387-nmap
https://github.com/dawnl3ss/CVE-2024-6387
https://github.com/devarshishimpi/CVE-2024-6387-Check
https://github.com/sardine-web/CVE-2024-6387-template
https://github.com/wiggels/regresshion-check
https://github.com/prelearn-code/CVE-2024-6387
https://github.com/Karmakstylez/CVE-2024-6387
https://github.com/xristos8574/regreSSHion-nmap-scanner
https://github.com/daniel-odrinski/CVE-2024-6387-Mitigation-Ansible-Playbook
https://github.com/identity-threat-labs/Article-RegreSSHion-CVE-2024-6387
https://github.com/SkyGodling/CVE-2024-6387-POC
https://github.com/zenzue/CVE-2024-6387-Mitigation
https://github.com/kubota/CVE-2024-6387-Vulnerability-Checker
https://github.com/l0n3m4n/CVE-2024-6387
https://github.com/AiGptCode/ssh_exploiter_CVE-2024-6387
https://github.com/thegenetic/CVE-2024-6387-exploit
https://github.com/n1cks0n/Test_CVE-2024-6387
https://github.com/redux-sibi-jose/mitigate_ssh
https://github.com/BrandonLynch2402/cve-2024-6387-nuclei-template
https://github.com/hssmo/cve-2024-6387_AImade
https://github.com/R4Tw1z/CVE-2024-6387
https://github.com/invaderslabs/regreSSHion-CVE-2024-6387-
https://github.com/lflare/cve-2024-6387-poc
https://github.com/zgzhang/cve-2024-6387-poc
https://github.com/grupooruss/CVE-2024-6387
https://github.com/almogopp/OpenSSH-CVE-2024-6387-Fix
https://github.com/password123456/cve-security-response-guidelines
https://github.com/MaulikxLakhani/SSHScout
https://github.com/kinu404/CVE-2024-6387
https://github.com/arielrbrdev/redteamlab1
https://github.com/YassDEV221608/CVE-2024-6387
https://github.com/azurejoga/CVE-2024-6387-how-to-fix
https://github.com/Symbolexe/CVE-2024-6387
https://github.com/muyuanlove/CVE-2024-6387fixshell
https://github.com/sardine-web/CVE-2024-6387_Check
https://github.com/edsonjt81/CVE-2024-6387_Check
https://github.com/sms2056/CVE-2024-6387
https://github.com/HadesNull123/CVE-2024-6387_Check
https://github.com/kuffsit/check_cve_2024_6387
https://github.com/identity-threat-labs/CVE-2024-6387-Vulnerability-Checker
https://github.com/imv7/CVE-2024-6387
https://github.com/teamos-hub/regreSSHion
https://github.com/shyrwall/cve-2024-6387-poc
https://github.com/sxlmnwb/CVE-2024-6387
https://github.com/PrincipalAnthony/CVE-2024-6387-Updated-x64bit
https://github.com/alex14324/ssh_poc2024
https://github.com/FerasAlrimali/CVE-2024-6387-POC
https://github.com/moften/regreSSHion-CVE-2024-6387
https://github.com/th3gokul/CVE-2024-6387
https://github.com/betancour/OpenSSH-Vulnerability-test
https://github.com/lala-amber/CVE-2024-6387
https://github.com/ThatNotEasy/CVE-2024-6387
https://github.com/xiw1ll/CVE-2024-6387_Checker
https://github.com/s1d6point7bugcrowd/CVE-2024-6387-Race-Condition-in-Signal-Handling-for-OpenSSH
@r @ireneista it should be possible to package a secure messenger client in a stable linux distro like debian and have it still be usable 3+ years after release with only fixes for specific vulns backported.
and there should be a single digit number of these vulns, if any, if you designed your network and parsing architecture right.
Like, if you exclude DOSes and bugs in non-default features, CVE-2024-6387 is the last SSH vuln that I actually worry about. The last one of substance before that was the 2023 double-free that's not believed exploitable, then we get all the way back to CVE-2016-0777 and 0778 for another bad one.
Why can we not make a messenger with that kind of security record? One where running an early-2025 release today is perfectly safe?
##updated 2025-04-12T12:56:54
1 posts
1 repos
https://github.com/Abdirisaq-ali-aynab/openssh-vulnerability-assessment
@r @ireneista it should be possible to package a secure messenger client in a stable linux distro like debian and have it still be usable 3+ years after release with only fixes for specific vulns backported.
and there should be a single digit number of these vulns, if any, if you designed your network and parsing architecture right.
Like, if you exclude DOSes and bugs in non-default features, CVE-2024-6387 is the last SSH vuln that I actually worry about. The last one of substance before that was the 2023 double-free that's not believed exploitable, then we get all the way back to CVE-2016-0777 and 0778 for another bad one.
Why can we not make a messenger with that kind of security record? One where running an early-2025 release today is perfectly safe?
##updated 2024-12-11T21:31:57
1 posts
updated 2024-11-21T03:09:43.333000
1 posts
3 repos
https://github.com/VijayShankar22/CVE-2017-12542
🟠 CVE-2026-26268 - High (8)
Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in versions prior to 2.5. A malicious agent (ie prompt injection) could write to improperly protected .git settings, including git ho...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26268/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26268 - High (8)
Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in versions prior to 2.5. A malicious agent (ie prompt injection) could write to improperly protected .git settings, including git ho...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26268/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26208 - High (7.8)
ADB Explorer is a fluent UI for ADB on Windows. Prior to Beta 0.9.26020, ADB Explorer is vulnerable to Insecure Deserialization leading to Remote Code Execution. The application attempts to deserialize the App.txt settings file using Newtonsoft.Js...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26208/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Vaultwarden – CVE-2026-26012 : cette faille expose vos mots de passe aux autres utilisateurs ! https://www.it-connect.fr/vaultwarden-cve-2026-26012-cette-faille-expose-vos-mots-de-passe-aux-autres-utilisateurs/ #ActuCybersécurité #Cybersécurité #Vulnérabilité
##🔐 CVE-2026-25922
CVE-2026-25922
📊 CVSS Score: 8.8
⚠️ Severity: High
📅 Published: 02/12/2026, 08:16 PM
🏷️ Aliases: CVE-2026-25922
🛡️ CWE: CWE-287, CWE-347
🔗 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (security-advisories@github.com)
📚 References: https://github.com/goauthentik/authentik/releases/tag/version/2025.10.4 https://github.com/goauthentik/authentik/releases/tag/version/2025.12.4
🟠 CVE-2026-25922 - High (8.8)
authentik is an open-source identity provider. Prior to 2025.8.6, 2025.10.4, and 2025.12.4, when using a SAML Source that has the option Verify Assertion Signature under Verification Certificate enabled and not Verify Response Signature, or does n...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25922/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔐 CVE-2026-25748 CVE-2026-25748 📊 CVSS Score: 8.6 ⚠️ Severity: High 📅 Published: 02/12/2026, 08:16 PM 🏷️ Aliases: CVE-2026-25748 🛡️ CWE: CWE-287 🔗 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N (security-advisories@github.com) 📚 References: https://github.com/goauthentik/authentik/releases/tag/version/2025.10.4 https://github.com/goauthentik/authentik/releases/tag/version/2025.12.4 🔗 https://hecate.pw/vulnerability/CVE-2026-25748 #cve #vulnerability #hecate
##🟠 CVE-2026-25748 - High (8.6)
authentik is an open-source identity provider. Prior to 2025.10.4 and 2025.12.4, with a malformed cookie it was possible to bypass authentication when using forward authentication in the authentik Proxy Provider when used in conjunction with Traef...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25748/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CRITICAL: CVE-2026-26068 impacts jm33-m0 emp3r0r (<3.21.1), allowing unauthenticated RCE via command injection on operator hosts. Upgrade to 3.21.1+ now and restrict access. Details: https://radar.offseq.com/threat/cve-2026-26068-cwe-77-improper-neutralization-of-s-58777eec #OffSeq #Linux #Vuln #C2
##🚨 CVE-2026-26069 (CRITICAL, CVSS 9.1): Scraparr v3.0.0-beta to <3.0.2 leaks Readarr API keys via /metrics if no alias is set. Upgrade to 3.0.2+, restrict /metrics access, and check for exposed endpoints. https://radar.offseq.com/threat/cve-2026-26069-cwe-200-exposure-of-sensitive-infor-4d72e5e9 #OffSeq #Vuln #Scraparr #APISecurity
##2 vulnerabilities in HAProxy have been fixed:
CVE-2026-26080 and CVE-2026-26081. DoS affecting QUIC
https://www.haproxy.com/blog/cves-2026-quic-denial-of-service
##2 vulnerabilities in HAProxy have been fixed:
CVE-2026-26080 and CVE-2026-26081. DoS affecting QUIC
https://www.haproxy.com/blog/cves-2026-quic-denial-of-service
##