##
Updated at UTC 2026-07-07T00:05:49.118456
| CVE | CVSS | EPSS | Posts | Repos | Nuclei | Updated | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-14803 | 6.5 | 0.19% | 1 | 0 | 2026-07-06T21:31:39 | Mojo::JSON versions before 9.47 for Perl allow memory exhaustion via unbounded r | |
| CVE-2026-57571 | 9.6 | 0.00% | 1 | 0 | 2026-07-06T21:16:57.907000 | Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, | |
| CVE-2026-58290 | 7.5 | 0.26% | 1 | 0 | 2026-07-06T20:03:14.557000 | Access of resource using incompatible type ('type confusion') in Microsoft Edge | |
| CVE-2026-52830 | 9.4 | 0.42% | 1 | 0 | 2026-07-06T19:41:00.653000 | fast-mcp-telegram is a Telegram MCP Server. Prior to 0.19.1, fast-mcp-telegram v | |
| CVE-2026-59510 | 0 | 0.37% | 1 | 0 | 2026-07-06T19:36:05.123000 | AIL Framework contains a path traversal vulnerability in its PDF object handling | |
| CVE-2026-53359 | 0 | 0.18% | 17 | 0 | 2026-07-06T19:17:07.980000 | In the Linux kernel, the following vulnerability has been resolved: KVM: x86: F | |
| CVE-2026-43865 | 8.1 | 0.49% | 2 | 0 | 2026-07-06T19:17:03.453000 | Deserialization of Untrusted Data vulnerability in Apache Camel Hazelcast compon | |
| CVE-2026-42527 | 8.1 | 0.31% | 1 | 0 | 2026-07-06T19:17:01.467000 | Deserialization of Untrusted Data vulnerability in Apache Camel. The default Ob | |
| CVE-2026-40140 | 0 | 0.00% | 2 | 0 | 2026-07-06T19:17:00.713000 | BeyondTrust Remote Support and Privileged Remote Access contain a high-severity | |
| CVE-2026-40138 | 0 | 0.00% | 4 | 0 | 2026-07-06T19:17:00.473000 | A critical pre-authentication vulnerability exists in the authentication subsyst | |
| CVE-2026-58284 | 8.3 | 0.41% | 1 | 0 | 2026-07-06T19:15:04.297000 | Improper authorization in Microsoft Edge (Chromium-based) allows an unauthorized | |
| CVE-2026-54998 | 8.8 | 0.64% | 1 | 1 | 2026-07-06T18:58:54.077000 | Incorrect authorization in Microsoft Exchange Online allows an authorized attack | |
| CVE-2026-14355 | 5.6 | 0.28% | 1 | 0 | 2026-07-06T18:58:13.770000 | In PHP versions 8.2.* before 8.2.32, 8.3.* before 8.3.32, 8.4.* before 8.4.23, 8 | |
| CVE-2026-12686 | 0 | 0.00% | 2 | 0 | 2026-07-06T18:41:46.210000 | An authenticated user could manipulate a company ID parameter in a POST request | |
| CVE-2025-71364 | 8.1 | 0.56% | 1 | 0 | 2026-07-06T18:41:46.210000 | picklescan before 0.0.30 fails to detect the asyncio.unix_events._UnixSubprocess | |
| CVE-2025-71375 | 8.1 | 0.36% | 1 | 0 | 2026-07-06T18:41:46.210000 | picklescan before 0.0.34 fails to detect the _operator.methodcaller built-in fun | |
| CVE-2026-40139 | None | 0.00% | 2 | 0 | 2026-07-06T18:31:15 | A critical pre-authentication vulnerability exists in the authentication subsyst | |
| CVE-2026-41106 | 9.3 | 0.54% | 1 | 0 | 2026-07-06T18:21:48.790000 | Url redirection to untrusted site ('open redirect') in M365 Copilot allows an un | |
| CVE-2026-57983 | 8.7 | 0.46% | 1 | 0 | 2026-07-06T18:21:48.790000 | Improper authorization in Microsoft Edge (Chromium-based) allows an unauthorized | |
| CVE-2026-57981 | 8.8 | 0.57% | 1 | 0 | 2026-07-06T18:21:48.790000 | Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacke | |
| CVE-2026-58287 | 8.3 | 0.45% | 1 | 0 | 2026-07-06T18:21:48.790000 | Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacke | |
| CVE-2026-58294 | 7.5 | 0.35% | 1 | 0 | 2026-07-06T18:21:48.790000 | Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacke | |
| CVE-2025-71353 | 8.1 | 0.30% | 1 | 0 | 2026-07-06T18:19:55.220000 | picklescan before 0.0.28 fails to detect malicious pickle files that exploit tor | |
| CVE-2025-71343 | 8.1 | 0.30% | 1 | 0 | 2026-07-06T18:19:55.220000 | picklescan before 0.0.30 fails to detect malicious pickle files that exploit lib | |
| CVE-2025-71369 | 8.1 | 0.45% | 1 | 0 | 2026-07-06T18:19:55.220000 | picklescan before 0.0.28 fails to detect malicious pickle files that use torch.u | |
| CVE-2025-71356 | 8.1 | 0.30% | 1 | 0 | 2026-07-06T18:19:55.220000 | picklescan before 0.0.28 fails to detect malicious torch.fx.experimental.symboli | |
| CVE-2026-58424 | 8.9 | 0.20% | 1 | 0 | 2026-07-06T18:18:46.870000 | Permanent Fork PR Workflow Approval Gate Bypass | |
| CVE-2026-27771 | 8.2 | 40.74% | 2 | 2 | template | 2026-07-06T18:17:26.860000 | Gitea versions up to and including 1.26.1 have insufficient permission checks fo |
| CVE-2026-20896 | 9.8 | 0.78% | 1 | 2 | 2026-07-06T18:17:26.860000 | Gitea Docker image versions up to and including 1.26.2 use REVERSE_PROXY_TRUSTED | |
| CVE-2026-28737 | 8.7 | 0.34% | 1 | 0 | 2026-07-06T18:17:26.860000 | Gitea versions from 1.25.0 before 1.26.0 allow stored cross-site scripting throu | |
| CVE-2026-28744 | 8.1 | 0.34% | 1 | 0 | 2026-07-06T18:17:26.860000 | Gitea versions up to and including 1.26.1 allow Git smart HTTP requests authenti | |
| CVE-2026-4321 | 9.8 | 0.27% | 1 | 0 | 2026-07-06T18:16:46.247000 | Improper neutralization of special elements used in an SQL command ('SQL injecti | |
| CVE-2026-14460 | 8.8 | 0.16% | 1 | 1 | 2026-07-06T18:16:45.163000 | Missing Authorization vulnerability in TUBITAK BILGEM Software Technologies Rese | |
| CVE-2026-14751 | 6.3 | 0.20% | 1 | 0 | 2026-07-06T18:16:40 | A weakness has been identified in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef | |
| CVE-2026-9725 | 9.1 | 0.74% | 2 | 0 | 2026-07-06T18:02:49.450000 | The Printcart Web to Print Product Designer for WooCommerce plugin for WordPress | |
| CVE-2026-14738 | 3.7 | 0.21% | 1 | 0 | 2026-07-06T18:02:49.450000 | A security flaw has been discovered in exo-explore exo up to 1.0.71. Affected is | |
| CVE-2026-14605 | 7.8 | 0.14% | 1 | 0 | 2026-07-06T18:02:49.450000 | A vulnerability was identified in RT-Thread up to 5.0.2. Affected by this vulner | |
| CVE-2026-14570 | 7.5 | 0.21% | 1 | 0 | 2026-07-06T15:30:47 | Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private | |
| CVE-2026-53913 | None | 0.29% | 2 | 0 | 2026-07-06T09:30:38 | Improper Authentication, Missing Authentication for Critical Function, Not Faili | |
| CVE-2026-14807 | 9.8 | 0.46% | 2 | 0 | 2026-07-06T09:30:37 | ERP App developed by PROG MIS has a Use of Hard-coded Credentials vulnerability, | |
| CVE-2026-14808 | 9.8 | 0.51% | 2 | 0 | 2026-07-06T09:30:37 | Prog Management System developed by PROG MIS has a Exposure of Sensitive Inf | |
| CVE-2026-9085 | 8.8 | 0.10% | 1 | 0 | 2026-07-05T15:30:34 | Incorrect Permission Assignment for Critical Resource, Improper Access Control v | |
| CVE-2026-6509 | 7.8 | 0.10% | 1 | 0 | 2026-07-05T15:30:34 | Missing Authorization vulnerability in TUBITAK BILGEM Software Technologies Rese | |
| CVE-2026-14753 | 7.3 | 0.31% | 1 | 0 | 2026-07-05T15:30:33 | A vulnerability was detected in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8e | |
| CVE-2026-14754 | 7.3 | 0.27% | 1 | 0 | 2026-07-05T15:30:33 | A flaw has been found in code-projects Hotel and Tourism Reservation 1.0. Affect | |
| CVE-2026-59509 | None | 0.35% | 1 | 0 | 2026-07-05T15:30:33 | An unauthenticated improper input validation vulnerability in the POST /fetch_cv | |
| CVE-2026-12250 | 7.9 | 0.11% | 1 | 0 | 2026-07-05T15:30:33 | Invocation of process using visible sensitive information vulnerability in TUBIT | |
| CVE-2026-14721 | 8.8 | 0.45% | 2 | 0 | 2026-07-05T09:30:24 | A vulnerability has been found in UTT HiPER 1250GW up to 3.2.7-210907-180535. Th | |
| CVE-2026-14781 | 4.8 | 0.20% | 1 | 0 | 2026-07-05T09:30:23 | A flaw exists in the org.keycloak.broker.oidc package where the OIDC broker inco | |
| CVE-2026-14703 | 6.3 | 0.20% | 1 | 0 | 2026-07-05T06:30:33 | A vulnerability has been found in itsourcecode Hospital Management System 1.0. A | |
| CVE-2026-14691 | 6.3 | 0.24% | 1 | 0 | 2026-07-05T03:32:41 | A security vulnerability has been detected in SourceCodester Multi-Vendor Online | |
| CVE-2026-14652 | 7.3 | 0.41% | 1 | 0 | 2026-07-04T21:30:31 | A vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script | |
| CVE-2026-14637 | 8.2 | 0.60% | 1 | 0 | 2026-07-04T18:30:31 | A security vulnerability has been detected in kirilkirkov Ecommerce-CodeIgniter- | |
| CVE-2026-14534 | 8.8 | 0.33% | 1 | 0 | 2026-07-04T15:30:24 | Trail of Bits fickling versions up to and including 0.1.10 do not include the Py | |
| CVE-2026-14535 | 8.8 | 0.30% | 1 | 0 | 2026-07-04T15:30:24 | In Trail of Bits fickling versions up to and including 0.1.11, the UnsafeImports | |
| CVE-2026-53360 | None | 0.27% | 1 | 1 | 2026-07-04T12:30:39 | In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: R | |
| CVE-2026-46242 | 7.8 | 0.12% | 11 | 1 | 2026-07-04T12:16:57.160000 | In the Linux kernel, the following vulnerability has been resolved: eventpoll: | |
| CVE-2026-12252 | 7.8 | 0.15% | 1 | 0 | 2026-07-04T03:31:13 | In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes (Stanfo | |
| CVE-2026-54424 | 8.4 | 0.24% | 1 | 1 | 2026-07-04T03:31:08 | An Incorrect Use of Privileged APIs vulnerability in Unity Parsec on Windows hos | |
| CVE-2025-71345 | 8.1 | 0.43% | 1 | 0 | 2026-07-04T03:31:08 | picklescan before 0.0.30 fails to detect malicious pickle files that invoke torc | |
| CVE-2025-71342 | 8.1 | 0.43% | 1 | 0 | 2026-07-04T03:31:08 | picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.ru | |
| CVE-2025-71367 | 8.1 | 0.45% | 1 | 0 | 2026-07-04T03:31:08 | picklescan before 0.0.34 fails to detect _operator.attrgetter function calls in | |
| CVE-2025-71366 | 8.1 | 0.45% | 1 | 0 | 2026-07-04T03:31:08 | picklescan before 0.0.28 fails to detect malicious torch.utils.bottleneck.__main | |
| CVE-2025-71362 | 8.1 | 0.30% | 1 | 0 | 2026-07-04T03:31:08 | picklescan before 0.0.33 fails to detect unsafe deserialization when numpy.f2py. | |
| CVE-2025-71360 | 8.1 | 0.30% | 1 | 0 | 2026-07-04T03:31:08 | picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.ca | |
| CVE-2025-71380 | 8.8 | 0.41% | 1 | 0 | 2026-07-04T03:31:08 | The Execute Command node in n8n allows authenticated users to execute arbitrary | |
| CVE-2025-71373 | 8.1 | 0.44% | 1 | 0 | 2026-07-04T03:31:08 | picklescan before 0.0.33 fails to detect operator.methodcaller function calls in | |
| CVE-2025-71372 | 8.1 | 0.38% | 1 | 0 | 2026-07-04T03:31:08 | Picklescan before 0.0.33 fails to detect the numpy.f2py.crackfortran.getlincoef | |
| CVE-2025-71347 | 8.1 | 0.45% | 1 | 0 | 2026-07-04T03:31:02 | picklescan before 0.0.33 fails to detect malicious pickle files using numpy.f2py | |
| CVE-2025-71359 | 8.1 | 0.43% | 1 | 0 | 2026-07-04T03:31:02 | picklescan before 0.0.29 fails to detect malicious pickle payloads that utilize | |
| CVE-2026-57974 | 8.8 | 0.57% | 1 | 0 | 2026-07-03T21:31:47 | Integer overflow or wraparound in Microsoft Edge (Chromium-based) allows an unau | |
| CVE-2026-56645 | 8.8 | 0.57% | 1 | 0 | 2026-07-03T21:31:47 | Heap-based buffer overflow in Microsoft Edge (Chromium-based) allows an unauthor | |
| CVE-2026-57986 | 7.5 | 0.44% | 1 | 0 | 2026-07-03T21:31:47 | Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacke | |
| CVE-2026-57985 | 7.6 | 0.42% | 1 | 0 | 2026-07-03T21:31:47 | Improper input validation in Microsoft Edge (Chromium-based) allows an unauthori | |
| CVE-2026-58283 | 8.1 | 0.41% | 1 | 0 | 2026-07-03T21:31:47 | Access of resource using incompatible type ('type confusion') in Microsoft Edge | |
| CVE-2026-58282 | 8.1 | 0.39% | 1 | 0 | 2026-07-03T21:31:47 | Improper access control in Microsoft Edge (Chromium-based) allows an unauthorize | |
| CVE-2026-58276 | 7.5 | 0.44% | 1 | 0 | 2026-07-03T21:31:47 | Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacke | |
| CVE-2026-58289 | 9.0 | 0.53% | 1 | 0 | 2026-07-03T21:31:47 | Access of resource using incompatible type ('type confusion') in Microsoft Edge | |
| CVE-2026-58288 | 8.3 | 0.45% | 1 | 0 | 2026-07-03T21:31:47 | Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacke | |
| CVE-2026-58286 | 8.1 | 0.39% | 1 | 0 | 2026-07-03T21:31:47 | Improper access control in Microsoft Edge (Chromium-based) allows an unauthorize | |
| CVE-2026-58285 | 8.3 | 0.45% | 1 | 0 | 2026-07-03T21:31:47 | Access of resource using incompatible type ('type confusion') in Microsoft Edge | |
| CVE-2026-58299 | 7.5 | 0.28% | 1 | 0 | 2026-07-03T21:31:47 | Time-of-check time-of-use (toctou) race condition in Microsoft Edge for Android | |
| CVE-2026-58293 | 8.1 | 0.53% | 1 | 0 | 2026-07-03T21:31:47 | External control of file name or path in Microsoft Edge (Chromium-based) allows | |
| CVE-2026-58292 | 7.5 | 0.29% | 1 | 0 | 2026-07-03T21:31:47 | Improper input validation in Microsoft Edge (Chromium-based) allows an unauthori | |
| CVE-2026-57975 | 7.5 | 0.44% | 1 | 0 | 2026-07-03T21:31:46 | Access of resource using incompatible type ('type confusion') in Microsoft Edge | |
| CVE-2026-58295 | 8.3 | 0.38% | 1 | 0 | 2026-07-03T21:31:41 | Access of resource using incompatible type ('type confusion') in Microsoft Edge | |
| CVE-2026-12481 | 8.8 | 0.40% | 1 | 0 | 2026-07-03T21:31:40 | A vulnerability in keras-team/keras version 3.14.0 allows for arbitrary code exe | |
| CVE-2026-57992 | 7.5 | 0.44% | 1 | 0 | 2026-07-03T21:31:40 | Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacke | |
| CVE-2026-57984 | 7.5 | 0.44% | 1 | 0 | 2026-07-03T21:31:39 | Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacke | |
| CVE-2026-14606 | 7.8 | 0.14% | 1 | 0 | 2026-07-03T21:31:36 | A security flaw has been discovered in RT-Thread up to 5.0.2. Affected by this i | |
| CVE-2026-14459 | 8.8 | 0.20% | 1 | 1 | 2026-07-03T15:31:59 | Improper neutralization of argument delimiters in a command ('argument injection | |
| CVE-2026-13341 | 7.4 | 0.26% | 1 | 0 | 2026-07-03T12:31:51 | A vulnerability exists in the Kong Konnect Model Context Protocol (MCP) server p | |
| CVE-2026-14544 | 9.8 | 0.51% | 2 | 0 | 2026-07-03T09:31:35 | A flaw was found in HPLIP (HP Linux Imaging and Printing Software). This vulnera | |
| CVE-2026-4967 | 7.5 | 0.40% | 1 | 0 | 2026-07-03T09:31:26 | In IMS, there is a possible out of bounds read due to a missing bounds check. Th | |
| CVE-2026-14352 | 7.5 | 0.47% | 1 | 0 | 2026-07-03T06:32:11 | The AR for WooCommerce plugin for WordPress is vulnerable to Directory Traversal | |
| CVE-2026-44941 | 8.4 | 0.49% | 1 | 0 | 2026-07-03T04:17:53.300000 | A relative path traversal in the "keyhint" option in repomd.xml parsing of libzy | |
| CVE-2026-14398 | 9.6 | 0.21% | 1 | 0 | 2026-07-03T04:17:44.787000 | Use after free in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote | |
| CVE-2026-14327 | 7.5 | 0.46% | 1 | 0 | 2026-07-03T03:34:19 | The AR for WordPress plugin for WordPress is vulnerable to Directory Traversal i | |
| CVE-2026-13768 | 10.0 | 0.56% | 2 | 1 | 2026-07-03T00:32:02 | Gardyn devices expose a privileged iothubowner key. Access to this key will allo | |
| CVE-2026-13368 | None | 0.59% | 3 | 0 | 2026-07-03T00:31:57 | WatchGuard Fireware OS contains a race condition leading to a use-after-free vul | |
| CVE-2026-57100 | 9.9 | 0.64% | 1 | 0 | 2026-07-03T00:31:57 | Server-side request forgery (ssrf) in Microsoft Entra Provisioning Service (Sync | |
| CVE-2026-45499 | 9.9 | 0.62% | 1 | 0 | 2026-07-03T00:31:53 | Server-side request forgery (ssrf) in Azure OpenAI allows an authorized attacker | |
| CVE-2026-57517 | 9.8 | 0.59% | 1 | 1 | 2026-07-02T21:33:17 | Control Web Panel before 0.9.8.1225 contains a blind SQL injection vulnerability | |
| CVE-2026-58460 | 7.7 | 0.14% | 1 | 0 | 2026-07-02T21:32:21 | react-native-receive-sharing-intent contains a path traversal vulnerability that | |
| CVE-2026-59099 | 9.1 | 0.36% | 1 | 0 | 2026-07-02T21:32:15 | Apereo CAS 7.3.0 before 8.0.0-RC6 contains a cryptographic vulnerability that al | |
| CVE-2026-58455 | 9.8 | 1.19% | 1 | 0 | 2026-07-02T18:36:28 | Dockwatch through 0.6.567 contains an unauthenticated OS command injection vulne | |
| CVE-2026-56004 | 10.0 | 0.38% | 1 | 0 | 2026-07-02T17:45:44.830000 | A shellcode injection in the mercurial handler of the obs tar_scm source service | |
| CVE-2026-58138 | 9.8 | 0.94% | 1 | 1 | 2026-07-02T17:42:23.640000 | Orkes Conductor 3.21.21 before 3.30.2 contains an unauthenticated remote code ex | |
| CVE-2026-54403 | 8.6 | 0.48% | 1 | 0 | 2026-07-02T17:17:01.760000 | A malicious actor with access to the network could exploit a Path Traversal vuln | |
| CVE-2026-57683 | 9.3 | 0.25% | 1 | 0 | 2026-07-02T16:16:34.820000 | Unauthenticated SQL Injection in WP Fast Total Search <= 1.80.280 versions. | |
| CVE-2026-10104 | 4.4 | 0.26% | 2 | 1 | 2026-07-02T16:16:29.503000 | The Product Video Gallery for Woocommerce plugin for WordPress is vulnerable to | |
| CVE-2026-55112 | 7.5 | 0.19% | 1 | 0 | 2026-07-02T15:32:20 | A malicious actor with access to the network and low privileges and under certai | |
| CVE-2026-56842 | 7.5 | 0.19% | 1 | 0 | 2026-07-02T15:32:20 | A malicious actor with access to the network and under certain conditions could | |
| CVE-2026-56841 | 8.8 | 0.24% | 1 | 0 | 2026-07-02T15:32:20 | A malicious actor with access to the network and low privileges could exploit an | |
| CVE-2026-50027 | 9.8 | 0.00% | 1 | 0 | 2026-07-02T15:26:24 | ## Missing Authentication on Document API Endpoints Allows Unauthenticated Memor | |
| CVE-2026-5524 | 9.8 | 0.54% | 1 | 1 | 2026-07-02T15:17:11.707000 | The Divi Form Builder plugin for WordPress is vulnerable to Arbitrary File Uploa | |
| CVE-2026-6688 | 7.6 | 0.21% | 1 | 0 | 2026-07-02T14:38:46.120000 | FatFs R0.16 and earlier contains a downstream-caller vulnerability pattern assoc | |
| CVE-2026-43503 | 8.8 | 0.14% | 1 | 8 | 2026-07-02T12:31:55 | In the Linux kernel, the following vulnerability has been resolved: net: skbuff | |
| CVE-2026-14423 | 9.6 | 0.22% | 1 | 0 | 2026-07-02T00:31:50 | Type Confusion in Tint in Google Chrome prior to 150.0.7871.46 allowed a remote | |
| CVE-2026-14390 | 9.6 | 0.24% | 1 | 0 | 2026-07-02T00:31:49 | Use after free in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote | |
| CVE-2026-58457 | 9.8 | 1.67% | 1 | 0 | 2026-07-01T21:36:26 | Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) contains an unauthenti | |
| CVE-2026-54428 | 7.5 | 0.41% | 1 | 0 | 2026-07-01T21:36:16 | Allocation of resources without limits or throttling in the HTTP/2 HPACK decoder | |
| CVE-2026-45659 | 8.8 | 3.22% | 6 | 3 | 2026-07-01T21:35:53 | Deserialization of untrusted data in Microsoft Office SharePoint allows an autho | |
| CVE-2026-44935 | 9.9 | 0.57% | 1 | 0 | 2026-07-01T20:45:42 | ### Impact A vulnerability in Fleet for Rancher Manager affects multi-tenancy en | |
| CVE-2026-58452 | 8.8 | 2.42% | 1 | 0 | 2026-07-01T18:32:05 | JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain an | |
| CVE-2026-58453 | 9.8 | 1.69% | 1 | 0 | 2026-07-01T18:32:04 | JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain a h | |
| CVE-2026-54399 | 7.5 | 0.41% | 1 | 0 | 2026-07-01T18:32:04 | Uncontrolled Resource Consumption vulnerability in the HTTP/1.1 message parser i | |
| CVE-2026-20191 | 7.5 | 0.76% | 2 | 0 | 2026-07-01T18:31:59 | A vulnerability in Cisco Catalyst Center could allow an unauthenticated, remote | |
| CVE-2026-13775 | 9.8 | 0.31% | 1 | 0 | 2026-07-01T18:31:27 | Use after free in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote a | |
| CVE-2026-8451 | 7.5 | 0.50% | 4 | 4 | 2026-07-01T18:31:24 | Insufficient input validation in NetScaler ADC and NetScaler Gateway leading to | |
| CVE-2026-7840 | 9.8 | 1.20% | 1 | 0 | 2026-07-01T18:29:00.013000 | UltraVNC repeater through 1.8.2.2 contains a global buffer overflow in its embed | |
| CVE-2026-56413 | 10.0 | 3.08% | 1 | 0 | 2026-07-01T18:17:31.553000 | Storage Concentrator (SC & SCVM) contains a command injection vulnerability in t | |
| CVE-2026-6682 | 7.6 | 0.21% | 2 | 0 | 2026-07-01T15:35:27 | In FatFS R0.16 and earlier contains a FAT32 integer overflow bug in mount_volume | |
| CVE-2026-13774 | 8.1 | 0.30% | 1 | 0 | 2026-07-01T15:35:00 | Use after free in Extensions in Google Chrome prior to 150.0.7871.47 allowed an | |
| CVE-2026-41991 | 4.7 | 0.10% | 1 | 0 | 2026-07-01T15:34:56 | GNU gzip contains a vulnerability in the gzexe utility related to insecure tempo | |
| CVE-2025-15666 | 5.3 | 0.12% | 1 | 0 | 2026-07-01T15:16:23.077000 | A security vulnerability has been detected in Open Asset Import Library Assimp u | |
| CVE-2026-14191 | 7.8 | 0.29% | 1 | 0 | 2026-07-01T06:31:32 | An out-of-bounds heap write exists in the RAR5 recovery-volume (.rev) parser in | |
| CVE-2026-48282 | 10.0 | 1.02% | 8 | 1 | 2026-07-01T05:16:21.907000 | ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limi | |
| CVE-2026-56700 | 9.8 | 1.68% | 1 | 0 | 2026-07-01T00:34:43 | Grav CMS before 2.0.0-beta.2 contains multiple code-execution vulnerabilities. T | |
| CVE-2026-56415 | 10.0 | 3.07% | 1 | 0 | 2026-07-01T00:34:43 | Storage Concentrator (SC & SCVM) contains a command injection vulnerability with | |
| CVE-2026-50003 | 9.8 | 0.43% | 1 | 0 | 2026-07-01T00:34:02 | A malicious or compromised server can make a DCMTK client using bit-preserving C | |
| CVE-2026-11712 | 9.3 | 0.22% | 1 | 0 | 2026-06-30T21:31:52 | IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site script | |
| CVE-2026-13773 | 6.0 | 3.42% | 1 | 0 | 2026-06-30T21:31:52 | IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 Approximately 50 generated C | |
| CVE-2026-10134 | 10.0 | 0.31% | 1 | 0 | 2026-06-30T21:31:44 | IBM Langflow OSS 1.0.0 through 1.9.3 allows an attacker to read every secret ava | |
| CVE-2026-13545 | 8.8 | 2.71% | 1 | 0 | 2026-06-30T17:31:09.510000 | A vulnerability has been found in D-Link DCS-935L 1.10.01. This affects the func | |
| CVE-2026-54475 | 7.5 | 0.59% | 1 | 0 | 2026-06-30T15:30:45 | Missing Authorization vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ A | |
| CVE-2026-8037 | 9.6 | 29.64% | 3 | 1 | template | 2026-06-30T15:30:32 | OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC |
| CVE-2026-8631 | 9.8 | 1.33% | 1 | 0 | 2026-06-30T03:36:46 | A potential security vulnerability has been identified in the HP Linux Imaging a | |
| CVE-2026-13763 | 9.8 | 0.47% | 1 | 0 | 2026-06-29T21:32:12 | Inconsistent interpretation of HTTP/2 requests in AWS Application Load Balancer | |
| CVE-2026-13762 | 9.8 | 0.44% | 1 | 0 | 2026-06-29T21:32:12 | Inconsistent interpretation of HTTP/2 requests in Amazon CloudFront with AWS WAF | |
| CVE-2026-56782 | 9.8 | 3.02% | 1 | 2 | template | 2026-06-29T18:32:03 | Gorse before 0.5.10 contains an authentication bypass vulnerability in the /api/ |
| CVE-2026-20230 | 8.6 | 41.69% | 1 | 3 | 2026-06-25T21:31:23 | A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco U | |
| CVE-2026-22555 | 8.1 | 0.30% | 1 | 0 | 2026-06-17T18:08:00 | ## Summary The API endpoint `POST /api/v1/repos/{owner}/{repo}/forks` only chec | |
| CVE-2026-6637 | 8.8 | 0.38% | 1 | 0 | 2026-06-17T11:01:08.343000 | Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged datab | |
| CVE-2026-48612 | 8.0 | 0.12% | 1 | 0 | 2026-06-17T10:55:09.517000 | Improper state verification in the OAuth implementation could allow an attacker | |
| CVE-2026-43456 | 7.8 | 0.16% | 1 | 0 | 2026-06-17T10:49:38.170000 | In the Linux kernel, the following vulnerability has been resolved: bonding: fi | |
| CVE-2026-34182 | 9.1 | 0.24% | 1 | 0 | 2026-06-17T10:38:36.970000 | Issue Summary: Cryptographic Message Services (CMS) processing fails to perform | |
| CVE-2026-26231 | 8.5 | 0.29% | 1 | 0 | 2026-06-16T23:41:03 | ## Summary Any authenticated low-privilege user with read access to a repositor | |
| CVE-2026-28699 | 8.1 | 0.57% | 2 | 1 | 2026-06-16T23:40:35 | ### Summary Gitea fails to enforce OAuth2 access token scopes when the token is | |
| CVE-2026-35273 | 9.8 | 92.33% | 1 | 4 | template | 2026-06-12T18:31:50 | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleS |
| CVE-2026-48611 | 9.8 | 0.66% | 2 | 2 | template | 2026-06-12T06:33:21 | Improper authentication checks in the OAuth implementation allow account hijacki |
| CVE-2026-44963 | None | 2.04% | 1 | 3 | 2026-06-10T00:31:50 | A vulnerability allowing remote code execution (RCE) on the Backup Server by an | |
| CVE-2026-45504 | 8.8 | 0.46% | 1 | 1 | 2026-06-09T18:30:58 | Server-side request forgery (ssrf) in Microsoft Exchange Server allows an author | |
| CVE-2026-46817 | 9.8 | 0.68% | 2 | 2 | 2026-05-29T18:31:20 | Vulnerability in the Oracle Payments product of Oracle E-Business Suite (compone | |
| CVE-2026-26128 | 7.8 | 0.45% | 1 | 2 | 2026-05-26T18:31:37 | Improper authentication in Windows SMB Server allows an authorized attacker to e | |
| CVE-2026-35368 | 7.8 | 0.14% | 1 | 0 | 2026-04-30T17:50:13 | A vulnerability exists in the chroot utility of uutils coreutils when using the | |
| CVE-2025-3248 | None | 99.97% | 3 | 27 | template | 2025-11-05T20:12:46 | Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v |
| CVE-2025-5777 | 7.5 | 99.90% | 1 | 25 | template | 2025-10-22T00:34:22 | Insufficient input validation leading to memory overread on the NetScaler Manage |
| CVE-2026-50548 | 0 | 0.64% | 4 | 0 | N/A | ||
| CVE-2026-12184 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-49420 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-49429 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-49422 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-52747 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-10054 | 0 | 0.16% | 1 | 0 | N/A | ||
| CVE-2026-22874 | 0 | 0.46% | 1 | 2 | N/A | ||
| CVE-2026-58426 | 0 | 0.18% | 2 | 0 | N/A | ||
| CVE-2026-58423 | 0 | 0.31% | 1 | 0 | N/A | ||
| CVE-2026-10055 | 0 | 0.30% | 2 | 0 | N/A | ||
| CVE-2026-50549 | 0 | 0.64% | 1 | 0 | N/A |
updated 2026-07-06T21:31:39
1 posts
CVE-2026-14803: HIGH severity vuln in Mojo::JSON <9.47 — pure-Perl decoder allows uncontrolled recursion. Apps may face DoS if Cpanel::JSON::XS isn’t enabled. Install XS module or limit JSON depth. https://radar.offseq.com/threat/cve-2026-14803-cwe-674-uncontrolled-recursion-in-s-622d5e94b9c3bd9b #OffSeq #infosec #Perl #DoS
##updated 2026-07-06T21:16:57.907000
1 posts
CVE-2026-57571 - Critical RCE in Crawl4AI. Unrestricted file write via path traversal in filename handling. CVSS 9.6. No patch available. Disable file saving or use sandboxing immediately. #CVE #infosec #cybersecurity
##updated 2026-07-06T20:03:14.557000
1 posts
🟠 CVE-2026-58290 - High (7.5)
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-58290/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-06T19:41:00.653000
1 posts
🔴 CVE-2026-52830 - Critical (9.4)
fast-mcp-telegram is a Telegram MCP Server. Prior to 0.19.1, fast-mcp-telegram validates HTTP Bearer tokens by joining the raw token string into a session-file path. The verifier rejects the exact reserved token telegram, but it does not reject pa...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-52830/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-06T19:36:05.123000
1 posts
CVE-2026-59510: ail-framework ≤6.9.0 has a HIGH path traversal flaw 🗂️. Authenticated attackers can access sensitive files outside the PDF dir. Restrict PDF ops access & monitor activity. Patch when released. https://radar.offseq.com/threat/cve-2026-59510-cwe-22-improper-limitation-of-a-pat-adb7f29895187030 #OffSeq #vulnerability #pathtraversal
##updated 2026-07-06T19:17:07.980000
17 posts
Januscape (CVE-2026-53359): A Silent 16-Year Linux KVM Flaw That Can Collapse Cloud Hosts From Inside a Guest Machine + Video
Introduction: A Hidden Crack Inside the Virtualization Core of Linux A newly disclosed vulnerability in the Linux Kernel-based Virtual Machine (KVM) subsystem has shaken the virtualization security landscape. Named Januscape (CVE-2026-53359), the flaw allows a malicious virtual machine to trigger a use-after-free condition inside the host’s…
##Januscape: Guest-to-Host Escape in KVM/x86 [CVE-2026-53359]
Link: https://github.com/V4bel/Januscape
Discussion: https://news.ycombinator.com/item?id=48807908
Januscape: Guest-to-Host Escape in KVM/x86 [CVE-2026-53359] - https://github.com/V4bel/Januscape
##Januscape: Guest-to-Host Escape in KVM/x86 [CVE-2026-53359]
https://github.com/V4bel/Januscape
Comments: https://news.ycombinator.com/item?id=48807908
#HackerNews #Januscape #KVM #CVE-2026-53359 #virtualization #security #exploits
##📰 Today's Top 22 Hacker News Stories (Sorted by Score) 📰
----------------------------------------
🔖 Title: Real-time map of Great Britain's rail network
🔗 URL: https://www.map.signalbox.io
👍 Score: [338]
💬 Discussion: https://news.ycombinator.com/item?id=48802535
----------------------------------------
🔖 Title: Road to Elm 1.0
🔗 URL: https://elm-lang.org/news/faster-builds
👍 Score: [255]
💬 Discussion: https://news.ycombinator.com/item?id=48803364
----------------------------------------
🔖 Title: Resetting Xbox
🔗 URL: https://news.xbox.com/en-us/2026/07/06/resetting-xbox/
👍 Score: [227]
💬 Discussion: https://news.ycombinator.com/item?id=48804993
----------------------------------------
🔖 Title: Aluminum foil (2021)
🔗 URL: https://dernocua.github.io/notes/aluminum-foil.html
👍 Score: [186]
💬 Discussion: https://news.ycombinator.com/item?id=48804297
----------------------------------------
🔖 Title: Introduction to Genomics for Engineers
🔗 URL: https://learngenomics.dev/docs/biological-foundations/cells-genomes-dna-chromosomes/
👍 Score: [183]
💬 Discussion: https://news.ycombinator.com/item?id=48760424
----------------------------------------
🔖 Title: AMD Ryzen AI Halo – $4k AI Dev Kit
🔗 URL: https://www.lttlabs.com/articles/2026/07/06/amd-ryzen-ai-halo
👍 Score: [173]
💬 Discussion: https://news.ycombinator.com/item?id=48805624
----------------------------------------
🔖 Title: Fable 5 On Vending-Bench: Misbehaving, With Plausible Deniability
🔗 URL: https://andonlabs.com/blog/fable5-vending-bench
👍 Score: [138]
💬 Discussion: https://news.ycombinator.com/item?id=48803762
----------------------------------------
🔖 Title: Clojure 1.13 adds support for checked keys
🔗 URL: https://clojure.org/news/2026/07/02/clojure-1-13-alpha1
👍 Score: [137]
💬 Discussion: https://news.ycombinator.com/item?id=48767211
----------------------------------------
🔖 Title: Kani: A Model Checker for Rust
🔗 URL: https://arxiv.org/abs/2607.01504
👍 Score: [67]
💬 Discussion: https://news.ycombinator.com/item?id=48806410
----------------------------------------
🔖 Title: The Supreme Court Just Lit a Fuse Under Flock's License Plate Camera Empire
🔗 URL: https://www.yahoo.com/news/politics/articles/supreme-court-just-lit-fuse-130900307.html
👍 Score: [64]
💬 Discussion: https://news.ycombinator.com/item?id=48807383
----------------------------------------
🔖 Title: Egypt Is Building a New Nile
🔗 URL: https://www.theb1m.com/video/egypt-is-building-a-new-nile
👍 Score: [62]
💬 Discussion: https://news.ycombinator.com/item?id=48779274
----------------------------------------
🔖 Title: OpenWrt One – Open Hardware Router
🔗 URL: https://openwrt.org/toh/openwrt/one
👍 Score: [59]
💬 Discussion: https://news.ycombinator.com/item?id=48808482
----------------------------------------
🔖 Title: 1k Words: A Writing Contest
🔗 URL: https://writingclub.world/1picture1000words
👍 Score: [58]
💬 Discussion: https://news.ycombinator.com/item?id=48806073
----------------------------------------
🔖 Title: Big Tech Has Suddenly Flipped on the AI Jobs Wipeout Scenario
🔗 URL: https://www.wsj.com/tech/ai/ai-workers-tech-ceos-job-losses-afc71e15
👍 Score: [56]
💬 Discussion: https://news.ycombinator.com/item?id=48807651
----------------------------------------
🔖 Title: Show HN: Pulpie – Models for Cleaning the Web
🔗 URL: https://usefeyn.com/blog/pulpie-pareto-optimal-models-for-cleaning-the-web/
👍 Score: [43]
💬 Discussion: https://news.ycombinator.com/item?id=48806575
----------------------------------------
🔖 Title: CS2 Fog Of War: Server-sided anti-wallhack occlusion culling for CS2 servers
🔗 URL: https://github.com/karola3vax/CS2FOW
👍 Score: [43]
💬 Discussion: https://news.ycombinator.com/item?id=48805965
----------------------------------------
🔖 Title: The AI Superforecasters Are Here
🔗 URL: https://www.astralcodexten.com/p/the-ai-superforecasters-are-here
👍 Score: [43]
💬 Discussion: https://news.ycombinator.com/item?id=48806296
----------------------------------------
🔖 Title: Pros and Cons of Solo Development
🔗 URL: https://johnjeffers.com/pros-and-cons-of-solo-development/
👍 Score: [39]
💬 Discussion: https://news.ycombinator.com/item?id=48808508
----------------------------------------
🔖 Title: OfficeCLI: Office suite for AI agents to read and edit Microsoft Office files
🔗 URL: https://github.com/iOfficeAI/OfficeCLI
👍 Score: [30]
💬 Discussion: https://news.ycombinator.com/item?id=48807225
----------------------------------------
🔖 Title: I Like Small Keyboards
🔗 URL: https://samsm.ch/small-keyboards/
👍 Score: [29]
💬 Discussion: https://news.ycombinator.com/item?id=48746939
----------------------------------------
🔖 Title: Januscape: Guest-to-Host Escape in KVM/x86 [CVE-2026-53359]
🔗 URL: https://github.com/V4bel/Januscape
👍 Score: [12]
💬 Discussion: https://news.ycombinator.com/item?id=48807908
----------------------------------------
🔖 Title: A global workspace in language models
🔗 URL: https://www.anthropic.com/research/global-workspace
👍 Score: [10]
💬 Discussion: https://news.ycombinator.com/item?id=48808002
----------------------------------------
Januscape: Guest-to-Host Escape in KVM/x86 [CVE-2026-53359]
##Linux KVM Flaw Lets Guest VMs Escape to Host on Intel, AMD Systems
A newly discovered 16-year-old flaw in Linux's KVM, nicknamed "Januscape," allows guest virtual machines to break free and interact with their host systems on Intel and AMD machines, potentially leading to full host code execution. This vulnerability, tracked as CVE-2026-53359, can cause a host to panic and be exploited for…
#LinuxKvm #Cve202653359 #Virtualization #Vulnerability #UseafterfreeBug
##‼️ New Dark Web Informer Blog Post!
Title: A Long-Lived KVM Bug Resurfaces: Shadow Paging Use-After-Free in the Linux Kernel (CVE-2026-53359)
##Researchers disclosed a PoC for the Januscape KVM escape (CVE-2026-53359). This use-after-free KVM bug impacts public clouds, allowing host panics and LPE.
##Oh, goodie. KVM Guest-to-Host escape
"Januscape (CVE-2026-53359)" -- https://github.com/V4bel/Januscape
##Januscape: Guest-to-Host Escape in KVM/x86 [CVE-2026-53359]
Link: https://github.com/V4bel/Januscape
Discussion: https://news.ycombinator.com/item?id=48807908
Januscape: Guest-to-Host Escape in KVM/x86 [CVE-2026-53359] - https://github.com/V4bel/Januscape
##Januscape: Guest-to-Host Escape in KVM/x86 [CVE-2026-53359]
https://github.com/V4bel/Januscape
Comments: https://news.ycombinator.com/item?id=48807908
#HackerNews #Januscape #KVM #CVE-2026-53359 #virtualization #security #exploits
##Januscape: Guest-to-Host Escape in KVM/x86 [CVE-2026-53359]
##‼️ New Dark Web Informer Blog Post!
Title: A Long-Lived KVM Bug Resurfaces: Shadow Paging Use-After-Free in the Linux Kernel (CVE-2026-53359)
##Researchers disclosed a PoC for the Januscape KVM escape (CVE-2026-53359). This use-after-free KVM bug impacts public clouds, allowing host panics and LPE.
##Oh, goodie. KVM Guest-to-Host escape
"Januscape (CVE-2026-53359)" -- https://github.com/V4bel/Januscape
##updated 2026-07-06T19:17:03.453000
2 posts
CVE-2026-43865 (CRITICAL): Apache Camel Hazelcast component deserializes untrusted data by default, enabling RCE if attacker accesses the cluster. Patch: 4.21.0, 4.18.3, or 4.14.8. Harden configs if upgrade isn't possible. https://radar.offseq.com/threat/cve-2026-43865-cwe-502-deserialization-of-untruste-d2e34a1a7ce10b73 #OffSeq #CVE #ApacheCamel
##CVE-2026-43865 (CRITICAL): Apache Camel Hazelcast component deserializes untrusted data by default, enabling RCE if attacker accesses the cluster. Patch: 4.21.0, 4.18.3, or 4.14.8. Harden configs if upgrade isn't possible. https://radar.offseq.com/threat/cve-2026-43865-cwe-502-deserialization-of-untruste-d2e34a1a7ce10b73 #OffSeq #CVE #ApacheCamel
##updated 2026-07-06T19:17:01.467000
1 posts
CVE-2026-42527: Apache Camel: Permissive default ObjectInputFilter pattern admits java.net.** and enables DNS-based information disclosure
https://atlas.whatip.xyz/post.php?slug=cve-2026-42527-apache-camel-permissive-default-objectinputfilter-pattern-admits-javanet-and-enables-dns-based-information-disclosure
Key insight: <p>Posted by Andrea Cosentino on Jul 05Severity
#permissive #apache #before #camel
updated 2026-07-06T19:17:00.713000
2 posts
BeyondTrust patched a critical pre-authentication vulnerability (CVE-2026-40138, CVE-2026-40139, CVE-2026-40140). Update Remote Support instances now.
#BeyondTrust #Vulnerability #CVE202640138 #CyberSecurity #RemoteSupport
##BeyondTrust patched a critical pre-authentication vulnerability (CVE-2026-40138, CVE-2026-40139, CVE-2026-40140). Update Remote Support instances now.
#BeyondTrust #Vulnerability #CVE202640138 #CyberSecurity #RemoteSupport
##updated 2026-07-06T19:17:00.473000
4 posts
‼️ New Dark Web Informer Blog Post!
Title: Pre-Auth Access-Control Bypass in BeyondTrust Remote Support and PRA (CVE-2026-40138)
##BeyondTrust patched a critical pre-authentication vulnerability (CVE-2026-40138, CVE-2026-40139, CVE-2026-40140). Update Remote Support instances now.
#BeyondTrust #Vulnerability #CVE202640138 #CyberSecurity #RemoteSupport
##‼️ New Dark Web Informer Blog Post!
Title: Pre-Auth Access-Control Bypass in BeyondTrust Remote Support and PRA (CVE-2026-40138)
##BeyondTrust patched a critical pre-authentication vulnerability (CVE-2026-40138, CVE-2026-40139, CVE-2026-40140). Update Remote Support instances now.
#BeyondTrust #Vulnerability #CVE202640138 #CyberSecurity #RemoteSupport
##updated 2026-07-06T19:15:04.297000
1 posts
🟠 CVE-2026-58284 - High (8.3)
Improper authorization in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-58284/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-06T18:58:54.077000
1 posts
1 repos
🟠 CVE-2026-54998 - High (8.8)
Incorrect authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-54998/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-06T18:58:13.770000
1 posts
Two PHP flaws are patched. CVE-2026-12184 is a PHP remote DoS that crashes PHP-FPM, and CVE-2026-14355 causes memory corruption. Update PHP now.
#PHP #RemoteDoS #DoS #PHPFPM #CyberSecurity #Vulnerability #InfoSec
##updated 2026-07-06T18:41:46.210000
2 posts
Adiss Biloop v6.1.1: CRITICAL CVE-2026-12686 enables authenticated users to bypass authorization via manipulated company ID, exposing cross-tenant data. Monitor logs and limit exposure while awaiting patch. https://radar.offseq.com/threat/cve-2026-12686-cwe-639-authorization-bypass-throug-3166bcbbfec7c2c9 #OffSeq #CVE202612686 #infosec #vuln
##Adiss Biloop v6.1.1: CRITICAL CVE-2026-12686 enables authenticated users to bypass authorization via manipulated company ID, exposing cross-tenant data. Monitor logs and limit exposure while awaiting patch. https://radar.offseq.com/threat/cve-2026-12686-cwe-639-authorization-bypass-throug-3166bcbbfec7c2c9 #OffSeq #CVE202612686 #infosec #vuln
##updated 2026-07-06T18:41:46.210000
1 posts
🟠 CVE-2025-71364 - High (8.1)
picklescan before 0.0.30 fails to detect the asyncio.unix_events._UnixSubprocessTransport._start function in pickle reduce methods, allowing remote code execution. Attackers can craft malicious pickle files embedding this built-in function that ev...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71364/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-06T18:41:46.210000
1 posts
🟠 CVE-2025-71375 - High (8.1)
picklescan before 0.0.34 fails to detect the _operator.methodcaller built-in function when scanning pickle files for malicious code. Attackers can craft malicious pickle payloads using _operator.methodcaller that evade detection and execute arbitr...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71375/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-06T18:31:15
2 posts
BeyondTrust patched a critical pre-authentication vulnerability (CVE-2026-40138, CVE-2026-40139, CVE-2026-40140). Update Remote Support instances now.
#BeyondTrust #Vulnerability #CVE202640138 #CyberSecurity #RemoteSupport
##BeyondTrust patched a critical pre-authentication vulnerability (CVE-2026-40138, CVE-2026-40139, CVE-2026-40140). Update Remote Support instances now.
#BeyondTrust #Vulnerability #CVE202640138 #CyberSecurity #RemoteSupport
##updated 2026-07-06T18:21:48.790000
1 posts
🔴 CVE-2026-41106 - Critical (9.3)
Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41106/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-06T18:21:48.790000
1 posts
🟠 CVE-2026-57983 - High (8.7)
Improper authorization in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-57983/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-06T18:21:48.790000
1 posts
🟠 CVE-2026-57981 - High (8.8)
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-57981/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-06T18:21:48.790000
1 posts
🟠 CVE-2026-58287 - High (8.3)
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-58287/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-06T18:21:48.790000
1 posts
🟠 CVE-2026-58294 - High (7.5)
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-58294/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-06T18:19:55.220000
1 posts
🟠 CVE-2025-71353 - High (8.1)
picklescan before 0.0.28 fails to detect malicious pickle files that exploit torch._dynamo.guards.GuardBuilder.get function in reduce methods. Attackers can craft pickle files with embedded code that evades picklescan detection and executes arbitr...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71353/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-06T18:19:55.220000
1 posts
🟠 CVE-2025-71343 - High (8.1)
picklescan before 0.0.30 fails to detect malicious pickle files that exploit lib2to3.pgen2.pgen.ParserGenerator.make_label function in the reduce method. Attackers can craft malicious pickle files with embedded code that evades detection but execu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71343/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-06T18:19:55.220000
1 posts
🟠 CVE-2025-71369 - High (8.1)
picklescan before 0.0.28 fails to detect malicious pickle files that use torch.utils.data.datapipes.utils.decoder.basichandlers in reduce methods, allowing attackers to bypass safety checks. Remote attackers can embed undetected malicious code in ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71369/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-06T18:19:55.220000
1 posts
🟠 CVE-2025-71356 - High (8.1)
picklescan before 0.0.28 fails to detect malicious torch.fx.experimental.symbolic_shapes.ShapeEnv.evaluate_guards_expression function calls in pickle files. Attackers can embed undetected code in pickle files that executes remote code when loaded ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71356/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-06T18:18:46.870000
1 posts
🟠 CVE-2026-58424 - High (8.9)
Permanent Fork PR Workflow Approval Gate Bypass
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-58424/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-06T18:17:26.860000
2 posts
2 repos
📈 CVE Published in last 7 days (2026-06-29 - 2026-06-29)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs:
Severity:
- Critical: 195
- High: 612
- Medium: 729
- Low: 114
- None: 230
Status:
- UNKNOWN: 68
- Analyzed: 534
- Awaiting Analysis: 109
- Deferred: 568
- Modified: 39
- Received: 443
- Rejected: 6
- Undergoing Analysis: 113
CISA KEVs:
- CISA-2026:0629 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0629)
- CISA-2026:0701 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0701)
Top CNAs:
- Chrome: 434
- VulnCheck: 177
- VulDB: 162
- Patchstack: 125
- Wordfence: 96
- GitHub, Inc.: 81
- N/A: 68
- Microsoft Corporation: 49
- IBM Corporation: 43
- Gitea Limited: 40
Top Affected Products:
- UNKNOWN: 1234
- Google Chrome: 401
- Geovision Inc. Geowebplayer: 16
- Imagemagick: 13
- Langflow: 11
- Nvidia Nemo Megatron Bridge: 11
- Adobe Coldfusion: 10
- Uvnc Ultravnc: 9
- Apache Activemq: 9
- Ibm Websphere Application Server: 8
Top EPSS Score:
- CVE-2026-27771 - 40.74 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-27771)
- CVE-2026-13773 - 3.41 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-13773)
- CVE-2026-56413 - 3.08 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-56413)
- CVE-2026-56415 - 3.07 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-56415)
- CVE-2026-56782 - 3.02 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-56782)
- CVE-2026-13545 - 2.71 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-13545)
- CVE-2026-58452 - 2.42 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-58452)
- CVE-2026-58453 - 1.69 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-58453)
- CVE-2026-56700 - 1.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-56700)
- CVE-2026-58457 - 1.67 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-58457)
🟠 CVE-2026-27771 - High (8.2)
Gitea versions up to and including 1.26.1 have insufficient permission checks for Composer package source links, which can expose private or internal package source information.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27771/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-06T18:17:26.860000
1 posts
2 repos
🔴 CVE-2026-20896 - Critical (9.8)
Gitea Docker image versions up to and including 1.26.2 use REVERSE_PROXY_TRUSTED_PROXIES=* by default, allowing any source IP to impersonate a user when reverse-proxy authentication headers such as X-WEBAUTH-USER are enabled.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20896/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-06T18:17:26.860000
1 posts
🟠 CVE-2026-28737 - High (8.7)
Gitea versions from 1.25.0 before 1.26.0 allow stored cross-site scripting through the extensionsRequired field in glTF files rendered by the 3D file viewer.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28737/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-06T18:17:26.860000
1 posts
🟠 CVE-2026-28744 - High (8.1)
Gitea versions up to and including 1.26.1 allow Git smart HTTP requests authenticated with bearer tokens to bypass repository token scope checks.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28744/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-06T18:16:46.247000
1 posts
🔴 CVE-2026-4321 - Critical (9.8)
Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Raera - Ankara Web Design and Digital Advertising Agency Destekz allows SQL Injection.
This issue affects Destekz: through 02062026. NOTE: The ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4321/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-06T18:16:45.163000
1 posts
1 repos
https://github.com/dasokkk/CVE-2026-14459-14460-pardus-software
🟠 CVE-2026-14460 - High (8.8)
Missing Authorization vulnerability in TUBITAK BILGEM Software Technologies Research Institute pardus-software allows Argument Injection.
This issue affects pardus-software: from <= 1.0.4 before 1.0.5.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-14460/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-06T18:16:40
1 posts
SQL injection (MEDIUM, CVE-2026-14751) in mjperpinosa stumasy: All versions at risk via Notes_controller::search_scratch_data. No patch yet, public exploit exists. Sanitize field_name & restrict access. Details: https://radar.offseq.com/threat/cve-2026-14751-sql-injection-in-mjperpinosa-stumas-6dc8c79135cda9b5 #OffSeq #SQLInjection #Vulnerability #AppSec
##updated 2026-07-06T18:02:49.450000
2 posts
🔴 CVE-2026-9725 - Critical (9.1)
The Printcart Web to Print Product Designer for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 2.5.2 This is due to insufficient path validation in the store_design_data() function, whic...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-9725/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##CRITICAL: CVE-2026-9725 in Printcart Web to Print Product Designer for WooCommerce ≤2.5.2 enables unauthenticated file deletion via path traversal. No patch yet — restrict AJAX endpoints & monitor logs. https://radar.offseq.com/threat/cve-2026-9725-cwe-22-improper-limitation-of-a-path-a96c709af943903a #OffSeq #WordPress #CVE2026_9725 #PathTraversal
##updated 2026-07-06T18:02:49.450000
1 posts
CVE-2026-14738 (MEDIUM, CVSS 6.3) impacts exo-explore exo ≤1.0.71. Weak hash in Vision Feature Cache, remote exploit released, high complexity. Patch pending. Review deployments & monitor for updates. https://radar.offseq.com/threat/cve-2026-14738-use-of-weak-hash-in-exo-explore-exo-d776a3211767a5cf #OffSeq #Vulnerability #CVE202614738 #Infosec
##updated 2026-07-06T18:02:49.450000
1 posts
🟠 CVE-2026-14605 - High (7.8)
A vulnerability was identified in RT-Thread up to 5.0.2. Affected by this vulnerability is the function recvmsg in the library bsp/loongson/ls1cdev/libraries/ls1c_can.h of the component ls1c CAN Handler. Such manipulation leads to stack-based buff...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-14605/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-06T15:30:47
1 posts
CVE-2026-14570: HIGH severity in TIMLEGGE Crypt::DSA (<1.22) — insufficiently random values in DSA signing allow attackers to recover private keys using lattice attacks. Replace all affected keys and upgrade to 1.22+. https://radar.offseq.com/threat/cve-2026-14570-cwe-330-use-of-insufficiently-rando-539cd2ae349f5a7a #OffSeq #Vuln #Perl #Crypto
##updated 2026-07-06T09:30:38
2 posts
CVE-2026-53913 | CRITICAL | Apache Camel Keycloak: Default KeycloakSecurityPolicy skips token verification, enabling unauthenticated access and possible RCE on 4.15.0 – 4.18.2 & 4.19.0 – 4.20.x. Upgrade to 4.21.0/4.18.3. https://radar.offseq.com/threat/cve-2026-53913-cwe-287-improper-authentication-in--29482412e19e3f00 #OffSeq #ApacheCamel #CVE202653913
##CVE-2026-53913 | CRITICAL | Apache Camel Keycloak: Default KeycloakSecurityPolicy skips token verification, enabling unauthenticated access and possible RCE on 4.15.0 – 4.18.2 & 4.19.0 – 4.20.x. Upgrade to 4.21.0/4.18.3. https://radar.offseq.com/threat/cve-2026-53913-cwe-287-improper-authentication-in--29482412e19e3f00 #OffSeq #ApacheCamel #CVE202653913
##updated 2026-07-06T09:30:37
2 posts
CVE-2026-14807: CRITICAL hard-coded credentials in PROG MIS ERP App allow unauthenticated remote access to source code & DB creds. No patch available — restrict access & monitor activity. CVSS 9.3 https://radar.offseq.com/threat/cve-2026-14807-cwe-798-use-of-hard-coded-credentia-f736ee8ed603a6fe #OffSeq #CVE202614807 #ERP #infosec
##CVE-2026-14807: CRITICAL hard-coded credentials in PROG MIS ERP App allow unauthenticated remote access to source code & DB creds. No patch available — restrict access & monitor activity. CVSS 9.3 https://radar.offseq.com/threat/cve-2026-14807-cwe-798-use-of-hard-coded-credentia-f736ee8ed603a6fe #OffSeq #CVE202614807 #ERP #infosec
##updated 2026-07-06T09:30:37
2 posts
PROG MIS Prog Management System hit with CRITICAL vuln (CVE-2026-14808): unauthenticated attackers can access DB user & password. No patch yet — limit access & monitor systems. Details: https://radar.offseq.com/threat/cve-2026-14808-cwe-497-exposure-of-sensitive-syste-326a6d8e79a35bf1 #OffSeq #CVE202614808 #Vuln #InfoSec
##PROG MIS Prog Management System hit with CRITICAL vuln (CVE-2026-14808): unauthenticated attackers can access DB user & password. No patch yet — limit access & monitor systems. Details: https://radar.offseq.com/threat/cve-2026-14808-cwe-497-exposure-of-sensitive-syste-326a6d8e79a35bf1 #OffSeq #CVE202614808 #Vuln #InfoSec
##updated 2026-07-05T15:30:34
1 posts
🟠 CVE-2026-9085 - High (8.8)
Incorrect Permission Assignment for Critical Resource, Improper Access Control vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus-Parental-Control allows DNS Spoofing.
This issue affects Pardus-Parental-Control: from ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-9085/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-05T15:30:34
1 posts
🟠 CVE-2026-6509 - High (7.8)
Missing Authorization vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Update allows Privilege Escalation.
This issue affects Pardus Update: from <=0.6.3 before 0.6.6.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6509/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-05T15:30:33
1 posts
CVE-2026-14753 - Authorization Bypass in mjperpinosa stumasy. Remote exploit public. CVSS 7.3. No patch available. Restrict access to /PHP/objects/notes immediately. #CVE #infosec #cybersecurity
##updated 2026-07-05T15:30:33
1 posts
CVE-2026-14754 - SQLi in code-projects Hotel and Tourism Reservation 1.0. Remote exploit available. CVSS 7.3. Unpatched. Update or mitigate immediately. #CVE #infosec #cybersecurity
##updated 2026-07-05T15:30:33
1 posts
CVE-2026-59509 (CRITICAL): cve-search POST /fetch_cve_data allows unauth'd access to arbitrary MongoDB collections, exposing admin creds for offline cracking. Restrict endpoint, monitor activity, check vendor updates. https://radar.offseq.com/threat/ghsa-3fmp-59v6-4qw2-ddbb46f84ba1bbe2 #OffSeq #infosec #CVE202659509
##updated 2026-07-05T15:30:33
1 posts
🟠 CVE-2026-12250 - High (7.9)
Invocation of process using visible sensitive information vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Domain Joiner allows Excavation.
This issue affects Pardus Domain Joiner: from 0.5.2 before 0.5.4.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-12250/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-05T09:30:24
2 posts
UTT HiPER 1250GW (v3.2.7-210907-180535) hit by HIGH severity stack buffer overflow (CVE-2026-14721). Remote code execution possible via 'ssid' in /goform/ConfigWirelessBase_5g. No patch — restrict access. https://radar.offseq.com/threat/cve-2026-14721-stack-based-buffer-overflow-in-utt--61b09d8093b25eb2 #OffSeq #CVE #Infosec #NetSec
##🟠 CVE-2026-14721 - High (8.8)
A vulnerability has been found in UTT HiPER 1250GW up to 3.2.7-210907-180535. This affects an unknown function of the file /goform/ConfigWirelessBase_5g of the component Web Endpoint. The manipulation of the argument ssid leads to stack-based buff...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-14721/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-05T09:30:23
1 posts
CVE-2026-14781 (MEDIUM): Red Hat Build of Keycloak flaw in OIDC broker email_verified claim sync. If trustEmail=true & userinfo enabled, attacker can mark emails as verified. Review config & monitor fixes. https://radar.offseq.com/threat/cve-2026-14781-improper-validation-of-consistency--d19be74f7ead5808 #OffSeq #Keycloak #Vuln #IAM
##updated 2026-07-05T06:30:33
1 posts
SQL injection (MEDIUM severity) found in itsourcecode Hospital Management System 1.0 via 'editid' in /patientorder.php (CVE-2026-14703). No patch yet — enforce input validation & parameterized queries. https://radar.offseq.com/threat/cve-2026-14703-sql-injection-in-itsourcecode-hospi-f942c28e535ca531 #OffSeq #SQLInjection #Vuln #HealthcareIT
##updated 2026-07-05T03:32:41
1 posts
CVE-2026-14691 (MEDIUM): SourceCodester Multi-Vendor Online Grocery Management System 1.0 is vulnerable to remote code injection via update_settings_info in SystemSettings.php. Exploit is public. Monitor & restrict access until fix released. https://radar.offseq.com/threat/cve-2026-14691-code-injection-in-sourcecodester-mu-dfa4f0d89d3ba2d7 #OffSeq #Vuln #AppSec
##updated 2026-07-04T21:30:31
1 posts
CVE-2026-14652 SQLi in SourceCodester Simple Shopping Cart. Unpatched. CVSS 7.3. Attackers can exploit admin login via username param. Patch or update immediately. #CVE #infosec #Sourcecodester
##updated 2026-07-04T18:30:31
1 posts
🟠 CVE-2026-14637 - High (8.2)
A security vulnerability has been detected in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 13fd582aaf49aeab7438acc0fc3eb973a1f5e6a7. The affected element is the function getCartItems in the library application/libraries/ShoppingCart.php. The ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-14637/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-04T15:30:24
1 posts
🟠 CVE-2026-14534 - High (8.8)
Trail of Bits fickling versions up to and including 0.1.10 do not include the Python standard library modules _posixsubprocess, site, and atexit in the UNSAFE_IMPORTS denylist (fickle.py). Because these modules are absent from the denylist, fickli...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-14534/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-04T15:30:24
1 posts
🟠 CVE-2026-14535 - High (8.8)
In Trail of Bits fickling versions up to and including 0.1.11, the UnsafeImportsML analysis pass unconditionally calls AnalysisContext.shorten_code(node) on every import node it inspects, regardless of whether the import is flagged as unsafe. This...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-14535/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-04T12:30:39
1 posts
1 repos
CVE-2026-53360: Linux kernel KVM SEV-SNP HIGH vuln allows SEV-SNP guests OOB read/write on host heap memory 🐧. Heap corruption & info leaks possible. Patch status unclear — avoid untrusted guests & check advisories. https://radar.offseq.com/threat/ghsa-4pq2-jh73-g3hw-1f03f05c22f6fb26 #OffSeq #Linux #Vuln
##updated 2026-07-04T12:16:57.160000
11 posts
1 repos
The new Linux kernel threat that outsmarted AI: Bad Epoll! 🚨
Discover the deep technical mechanics of CVE-2026-46242, how it escapes Chrome's sandbox to gain root, and its critical impact on Android/Linux systems. 👇
🔗 https://denizhalil.com/2026/07/06/bad-epoll-cve-2026-46242-linux-kernel-flaw/
##📰 New 'Bad Epoll' Linux Kernel Zero-Day (CVE-2026-46242) Grants Full Root Access
🚨 CRITICAL ZERO-DAY: 'Bad Epoll' (CVE-2026-46242) in Linux Kernel allows any local user to gain full root access. The use-after-free bug affects servers, desktops & Android. PoC exists. Patch immediately! 🐧💥 #Linux #CyberSecurity #ZeroDay #Infosec
🌐 cyber[.]netsecops[.]io
##A critical Bad Epoll vulnerability (CVE-2026-46242) allows local users to gain root access on Linux and Android devices. Patch your systems immediately.
#LinuxSecurity #BadEpoll #CyberSecurity #ZeroDay #CVE202646242
https://meterpreter.org/bad-epoll-vulnerability/?utm_source=mastodon&utm_medium=jetpack_social
##The new Linux kernel threat that outsmarted AI: Bad Epoll! 🚨
Discover the deep technical mechanics of CVE-2026-46242, how it escapes Chrome's sandbox to gain root, and its critical impact on Android/Linux systems. 👇
🔗 https://denizhalil.com/2026/07/06/bad-epoll-cve-2026-46242-linux-kernel-flaw/
##📰 New 'Bad Epoll' Linux Kernel Zero-Day (CVE-2026-46242) Grants Full Root Access
🚨 CRITICAL ZERO-DAY: 'Bad Epoll' (CVE-2026-46242) in Linux Kernel allows any local user to gain full root access. The use-after-free bug affects servers, desktops & Android. PoC exists. Patch immediately! 🐧💥 #Linux #CyberSecurity #ZeroDay #Infosec
🌐 cyber[.]netsecops[.]io
##A critical Bad Epoll vulnerability (CVE-2026-46242) allows local users to gain root access on Linux and Android devices. Patch your systems immediately.
#LinuxSecurity #BadEpoll #CyberSecurity #ZeroDay #CVE202646242
https://meterpreter.org/bad-epoll-vulnerability/?utm_source=mastodon&utm_medium=jetpack_social
##Here's a summary of the latest geopolitical, technology, and cybersecurity news:
Geopolitics: Russian President Putin and U.S. President Trump held a 90-minute call on July 4th. Russia claims to have captured Kostyantynivka in eastern Donetsk, Ukraine.
Technology: Grok 4.5 has entered private beta at SpaceX/Tesla. Meta plans to rent out its AI computing power. Micron is expanding high-bandwidth memory (HBM) production in Japan. Five Eyes alliance warns AI-fueled cyberattacks are "months away."
Cybersecurity: A critical "Bad Epoll" Linux kernel flaw (CVE-2026-46242) allows root access on Linux/Android. AI-automated JadePuffer ransomware has been detected. Lazarus Group is pushing 108 malicious packages.
https://thecybersecguru.com/exploits/cve-2026-46242-bad-epoll-linux-vulnerability/
##Bad Epoll (CVE-2026-46242) https://lobste.rs/s/drf6my #linux #security
https://github.com/J-jaeyoung/bad-epoll
🚨 Bad Epoll (CVE-2026-46242) has been identified as a notable vulnerability.
In the Linux kernel, the following vulnerability has been resolved:
eventpoll: fix ep_remove struct eventpoll / struct file UAF
ℹ️ Additional information on ZEN SecDB:
- BadEpoll: https://secdb.nttzen.cloud/updates/79198418-b310-4e40-80cd-d98ba3da0b2a/bad-epoll-vulnerability
- CVE details, sightings and advisories: https://secdb.nttzen.cloud/cve/detail/CVE-2026-46242
#InfoSec #BadEpoll #CVE202646242 #Linux #Kernel
#NTTDATA #Zen #SecDB #VulnerabilityIntelligence #Security
New “Bad Epoll” Linux Kernel Flaw Lets Unprivileged Users Gain Root, Hits Android
A newly disclosed Linux kernel flaw called Bad Epoll (CVE-2026-46242) lets an ordinary user with no special access…
#NewsBeep #News #US #USA #UnitedStates #UnitedStatesOfAmerica #Technology
https://www.newsbeep.com/us/742153/
updated 2026-07-04T03:31:13
1 posts
🟠 CVE-2026-12252 - High (7.8)
In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes (StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and StanfordNeuralDependencyParser) are vulnerable to untrusted JAR code execution. These cla...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-12252/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-04T03:31:08
1 posts
1 repos
🟠 CVE-2026-54424 - High (8.4)
An Incorrect Use of Privileged APIs vulnerability in Unity Parsec on Windows hosts leads to a potential Elevation of Privilege. This issue affects Parsec through v2026-05-04.0. The patched version is Parsec for Windows version 150-104a. A user ca...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-54424/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-04T03:31:08
1 posts
🟠 CVE-2025-71345 - High (8.1)
picklescan before 0.0.30 fails to detect malicious pickle files that invoke torch.utils.bottleneck.__main__.run_autograd_prof function. Attackers can embed undetected code in pickle files that executes during deserialization, enabling remote code ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71345/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-04T03:31:08
1 posts
🟠 CVE-2025-71342 - High (8.1)
picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.run.Executive.runcode in reduce methods. Attackers can embed undetected code in pickle files that executes during pickle.load, enabling remote code execution in PyTorch ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71342/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-04T03:31:08
1 posts
🟠 CVE-2025-71367 - High (8.1)
picklescan before 0.0.34 fails to detect _operator.attrgetter function calls in pickle payloads, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle files using _operator.attrgetter in reduce methods to execut...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71367/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-04T03:31:08
1 posts
🟠 CVE-2025-71366 - High (8.1)
picklescan before 0.0.28 fails to detect malicious torch.utils.bottleneck.__main__.run_cprofile function calls in pickle files, allowing attackers to bypass safety checks. Remote attackers can embed undetected code in pickle files to achieve arbit...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71366/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-04T03:31:08
1 posts
🟠 CVE-2025-71362 - High (8.1)
picklescan before 0.0.33 fails to detect unsafe deserialization when numpy.f2py.crackfortran functions call eval on arbitrary strings. Attackers can embed malicious code in pickle files that executes when loaded from untrusted sources.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71362/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-04T03:31:08
1 posts
🟠 CVE-2025-71360 - High (8.1)
picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.calltip.get_entity function in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71360/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-04T03:31:08
1 posts
🟠 CVE-2025-71380 - High (8.8)
The Execute Command node in n8n allows authenticated users to execute arbitrary commands on the host system where n8n runs. Attackers with user access or compromised credentials can exploit this node to run malicious commands, potentially leading ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71380/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-04T03:31:08
1 posts
🟠 CVE-2025-71373 - High (8.1)
picklescan before 0.0.33 fails to detect operator.methodcaller function calls in pickle files, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle payloads using operator.methodcaller that execute arbitrary co...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71373/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-04T03:31:08
1 posts
🟠 CVE-2025-71372 - High (8.1)
Picklescan before 0.0.33 fails to detect the numpy.f2py.crackfortran.getlincoef gadget in pickle __reduce__ methods, allowing arbitrary code execution. Attackers can craft malicious pickle files that execute arbitrary Python code when loaded, bypa...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71372/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-04T03:31:02
1 posts
🟠 CVE-2025-71347 - High (8.1)
picklescan before 0.0.33 fails to detect malicious pickle files using numpy.f2py.crackfortran.param_eval function in reduce methods, allowing attackers to bypass security checks. Remote attackers can embed undetected code in pickle files that exec...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71347/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-04T03:31:02
1 posts
🟠 CVE-2025-71359 - High (8.1)
picklescan before 0.0.29 fails to detect malicious pickle payloads that utilize lib2to3.pgen2.grammar.Grammar.loads in the reduce method, allowing remote code execution. Attackers can craft pickle files embedding dangerous code that evades pickles...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71359/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-03T21:31:47
1 posts
🟠 CVE-2026-57974 - High (8.8)
Integer overflow or wraparound in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-57974/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-03T21:31:47
1 posts
🟠 CVE-2026-56645 - High (8.8)
Heap-based buffer overflow in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-56645/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-03T21:31:47
1 posts
🟠 CVE-2026-57986 - High (7.5)
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-57986/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-03T21:31:47
1 posts
🟠 CVE-2026-57985 - High (7.6)
Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-57985/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-03T21:31:47
1 posts
🟠 CVE-2026-58283 - High (8.1)
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-58283/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-03T21:31:47
1 posts
🟠 CVE-2026-58282 - High (8.1)
Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-58282/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-03T21:31:47
1 posts
🟠 CVE-2026-58276 - High (7.5)
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-58276/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-03T21:31:47
1 posts
🔴 CVE-2026-58289 - Critical (9)
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-58289/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-03T21:31:47
1 posts
🟠 CVE-2026-58288 - High (8.3)
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-58288/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-03T21:31:47
1 posts
🟠 CVE-2026-58286 - High (8.1)
Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-58286/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-03T21:31:47
1 posts
🟠 CVE-2026-58285 - High (8.3)
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-58285/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-03T21:31:47
1 posts
🟠 CVE-2026-58299 - High (7.5)
Time-of-check time-of-use (toctou) race condition in Microsoft Edge for Android allows an unauthorized attacker to execute code over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-58299/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-03T21:31:47
1 posts
🟠 CVE-2026-58293 - High (8.1)
External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-58293/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-03T21:31:47
1 posts
🟠 CVE-2026-58292 - High (7.5)
Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-58292/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-03T21:31:46
1 posts
🟠 CVE-2026-57975 - High (7.5)
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-57975/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-03T21:31:41
1 posts
🟠 CVE-2026-58295 - High (8.3)
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-58295/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-03T21:31:40
1 posts
🟠 CVE-2026-12481 - High (8.8)
A vulnerability in keras-team/keras version 3.14.0 allows for arbitrary code execution due to improper handling of deserialization in the `Lambda` layer. Specifically, the `_raise_for_lambda_deserialization()` function fails to enforce the safe-mo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-12481/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-03T21:31:40
1 posts
🟠 CVE-2026-57992 - High (7.5)
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-57992/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-03T21:31:39
1 posts
🟠 CVE-2026-57984 - High (7.5)
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-57984/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-03T21:31:36
1 posts
🟠 CVE-2026-14606 - High (7.8)
A security flaw has been discovered in RT-Thread up to 5.0.2. Affected by this issue is the function CAN_Receive in the library bsp/synwit/libraries/SWM341_CSL/CMSIS/DeviceSupport/SWM341.h of the component SWM341 CAN Handler. Performing a manipula...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-14606/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-03T15:31:59
1 posts
1 repos
https://github.com/dasokkk/CVE-2026-14459-14460-pardus-software
🟠 CVE-2026-14459 - High (8.8)
Improper neutralization of argument delimiters in a command ('argument injection') vulnerability in TUBITAK BILGEM Software Technologies Research Institute pardus-software allows Argument Injection.
This issue affects pardus-software: from <= ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-14459/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-03T12:31:51
1 posts
KongHQ mcp-konnect (<1.0.0) has a HIGH severity flaw (CVE-2026-13341, CVSS 7.4) allowing remote prompt injection with risk to confidentiality. No patch — monitor vendor updates. https://radar.offseq.com/threat/cve-2026-13341-cwe-20-improper-input-validation-in-a1d90aa86cfef676 #OffSeq #KongHQ #Infosec #Vulnerability
##updated 2026-07-03T09:31:35
2 posts
🔴 CVE-2026-14544 - Critical (9.8)
A flaw was found in HPLIP (HP Linux Imaging and Printing Software). This vulnerability, an incomplete fix for CVE-2026-8631, may allow a remote attacker to escalate privileges or achieve arbitrary code execution. This can occur through an integer ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-14544/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##CVE-2026-14544: CRITICAL integer overflow in HPLIP (RHEL 10) enables remote code execution or privilege escalation via crafted print data 🖨️. Patch status not confirmed. Stay updated: https://radar.offseq.com/threat/cve-2026-14544-integer-overflow-or-wraparound-in-r-d57463ec7bf8b710 #OffSeq #CVE202614544 #LinuxSecurity
##updated 2026-07-03T09:31:26
1 posts
🟠 CVE-2026-4967 - High (7.5)
In IMS, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4967/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-03T06:32:11
1 posts
🟠 CVE-2026-14352 - High (7.5)
The AR for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.40 via the 'file' parameter parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-14352/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-03T04:17:53.300000
1 posts
🟠 CVE-2026-44941 - High (8.4)
A relative path traversal in the "keyhint" option in repomd.xml parsing of libzypp before 17.38.12 can be used by attackers able to supply a malicious repository to inject or overwrite files in the target system as root.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44941/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-03T04:17:44.787000
1 posts
CRITICAL use-after-free in Chrome ANGLE (CVE-2026-14398) enables remote sandbox escape via crafted HTML. Affected: versions before 150.0.7871.46. Patch ASAP! Details: https://radar.offseq.com/threat/cve-2026-14398-use-after-free-in-google-chrome-da42cd40eed38355 #OffSeq #Chrome #Vuln #CVE202614398
##updated 2026-07-03T03:34:19
1 posts
🟠 CVE-2026-14327 - High (7.5)
The AR for WordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.40 via the 'file' parameter parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary fi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-14327/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-03T00:32:02
2 posts
1 repos
🔴 CVE-2026-13768 - Critical (10)
Gardyn devices expose a privileged iothubowner key. Access to this key will allow a malicious user to invoke an IoTHub Registry Manager function which returns connection information for all Gardyn Home Kit and Studio devices. Access to this key al...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-13768/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##CVE-2026-13768: Gardyn Home Firmware (CRITICAL, CVSS 10) exposes a privileged iothubowner key, enabling attackers to control devices & move laterally on networks. No patch yet. Monitor and segment IoT devices. https://radar.offseq.com/threat/cve-2026-13768-cwe-798-in-gardyn-gardyn-home-firmw-08332214fc38f3ba #OffSeq #IoTSecurity #CVE202613768
##updated 2026-07-03T00:31:57
3 posts
WatchGuard Patches Third Critical IKEv2 RCE in Firebox Appliances
WatchGuard patched a critical pre-authentication RCE vulnerability (CVE-2026-13368) in Firebox appliances. The vulnerability allows unauthenticated attackers to gain administrative control. Legacy T15 and T35 models currently do not have a patch.
**If you use WatchGuard Firebox firewalls, read the advisory in detail. Plan a very quick update to Fireware OS 2026.2.1 or 12.12.1. If you run legacy T15/T35 models, disable external LDAP authentication for IKEv2 as a temporary fix, and if you're on version 11.x, migrate to supported hardware since no patch is coming.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/watchguard-patches-third-critical-ikev2-rce-in-firebox-appliances-l-z-o-j-u/gD2P6Ple2L
WatchGuard Firebox vulnerabilities include a critical unauthenticated RCE (CVE-2026-13368, CVSS 9.2) plus six more Fireware OS flaws. Patch now.
#WatchGuard #Firebox #CVE202613368 #FirewareOS #CyberSecurity
##CVE-2026-13368 (CRITICAL, CVSS 9.2): WatchGuard Fireware OS LDAP auth flaw in Mobile VPN with IKEv2 allows remote code execution (iked process). Disable affected configs or restrict access until patch. https://radar.offseq.com/threat/cve-2026-13368-cwe-416-use-after-free-in-watchguar-10bc07017e60512c #OffSeq #WatchGuard #CVE202613368 #Infosec
##updated 2026-07-03T00:31:57
1 posts
🔴 CVE-2026-57100 - Critical (9.9)
Server-side request forgery (ssrf) in Microsoft Entra Provisioning Service (SyncFabric) allows an authorized attacker to elevate privileges over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-57100/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-03T00:31:53
1 posts
🔴 CVE-2026-45499 - Critical (9.9)
Server-side request forgery (ssrf) in Azure OpenAI allows an authorized attacker to elevate privileges over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45499/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-02T21:33:17
1 posts
1 repos
A public PoC is available for CVE-2026-57517, a critical CVSS 9.8 Control Web Panel SQLi flaw allowing unauthenticated remote code execution.
#CVE202657517 #ControlWebPanel #SQLInjection #CyberSecurity #Vulnerability
##updated 2026-07-02T21:32:21
1 posts
🟠 CVE-2026-58460 - High (7.7)
react-native-receive-sharing-intent contains a path traversal vulnerability that allows a co-resident malicious application to write files outside the intended cache directory by supplying a crafted _display_name value containing dot-dot path comp...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-58460/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-02T21:32:15
1 posts
🔴 CVE-2026-59099 - Critical (9.1)
Apereo CAS 7.3.0 before 8.0.0-RC6 contains a cryptographic vulnerability that allows remote unauthenticated attackers to recover plaintext conversation state by exploiting AES-GCM initialization vector reuse across the server lifetime. Attackers c...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-59099/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-02T18:36:28
1 posts
🔴 CVE-2026-58455 - Critical (9.8)
Dockwatch through 0.6.567 contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute arbitrary shell commands by exploiting a missing exit() after an authentication redirect in loader.php combined with u...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-58455/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-02T17:45:44.830000
1 posts
🔴 CVE-2026-56004 - Critical (10)
A shellcode injection in the mercurial handler of the obs tar_scm source service before version 0.12.4 could be used by attackers able to provide a _service file to execute code as the source service or the local user checking out the malicious se...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-56004/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-02T17:42:23.640000
1 posts
1 repos
https://github.com/BiiTts/CVE-2026-58138-Conductor-Unauth-RCE
🔵 THREAT INTELLIGENCE
Weekly Threat Roundup: 2026-06-29 to 2026-07-05
Roundup | CRITICAL
CVEs: CVE-2026-58138
Cybersecurity roundup for 2026-06-29 to 2026-07-05. 1 CVE advisories, 1 breach reports, 3 threat news stories.
Full analysis:
https://www.yazoul.net/news/article/2026-w27-weekly-threat-roundup
updated 2026-07-02T17:17:01.760000
1 posts
@cR0w ../ spotted!
Summary 7 of 25
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices running UniFi OS to bypass authentication of such UniFi OS devices or instances.
CVE-2026-54403
##updated 2026-07-02T16:16:34.820000
1 posts
CVE-2026-57683: CRITICAL SQL injection (CVSS 9.3) in Epsiloncool WP Fast Total Search ≤1.80.280 enables unauthenticated exploitation. Patch pending — monitor for fixes and restrict access. https://radar.offseq.com/threat/cve-2026-57683-cwe-89-improper-neutralization-of-s-608880638f90634f #OffSeq #WordPress #Infosec #Vuln
##updated 2026-07-02T16:16:29.503000
2 posts
1 repos
🚨 CVE-2026-10104 PoC published
GitHub: https://github.com/Ravi-lk/CVE-2026-10104-POC
A PoC is available for an authenticated stored XSS issue in Product Video Gallery for WooCommerce.
The flaw affects older versions of the WordPress plugin and can allow JavaScript execution on public product pages after a user with product-editing access injects the payload.
Fixed in 1.5.1.9.
##🚨 CVE-2026-10104 PoC published
GitHub: https://github.com/Ravi-lk/CVE-2026-10104-POC
A PoC is available for an authenticated stored XSS issue in Product Video Gallery for WooCommerce.
The flaw affects older versions of the WordPress plugin and can allow JavaScript execution on public product pages after a user with product-editing access injects the payload.
Fixed in 1.5.1.9.
##updated 2026-07-02T15:32:20
1 posts
🟠 CVE-2026-55112 - High (7.5)
A malicious actor with access to the network and low privileges and under certain conditions could exploit an Improper Access Control vulnerability found in UniFi OS with UniFi Protect Application to escalate privileges on the host device.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-55112/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-02T15:32:20
1 posts
🟠 CVE-2026-56842 - High (7.5)
A malicious actor with access to the network and under certain conditions could exploit an Incorrect Authorization vulnerability found in UniFi Network Application to persist privileges within UniFi Network Application after such access had been r...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-56842/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-02T15:32:20
1 posts
🟠 CVE-2026-56841 - High (8.8)
A malicious actor with access to the network and low privileges could exploit an authenticated SQL Injection vulnerability found in UniFi Protect Application to escalate privileges on the host device.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-56841/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-02T15:26:24
1 posts
CVE-2026-50027: mcp-memory-service (<10.67.1) has a CRITICAL auth bypass in /api/documents/* 🚨. Unauthenticated attackers can read, write, delete memory data. Restrict access or disable endpoints until fixed. https://radar.offseq.com/threat/ghsa-84hp-mqvj-3p8h-mcp-memory-service-missing-aut-09a7b270b55ce238 #OffSeq #CVE202650027 #APIsecurity
##updated 2026-07-02T15:17:11.707000
1 posts
1 repos
CVE-2026-5524: Divi Form Builder <=5.1.8 has a CRITICAL file upload vuln (CVSS 9.8). Unauth RCE possible via PHP extensions not blocked by .htaccess, esp. on Nginx. Restrict uploads, monitor for patch. https://radar.offseq.com/threat/cve-2026-5524-cwe-434-unrestricted-upload-of-file--ef397843e92862b0 #OffSeq #WordPress #Infosec #CVE2026_5524
##updated 2026-07-02T14:38:46.120000
1 posts
🤖 Researchers at runZero say AI-assisted testing found 7 security flaws in the FatFs FAT/exFAT filesystem library (CVE-2026-6682 to CVE-2026-6688), potentially exposing millions of embedded devices via malicious USB drives/SD cards—and sometimes OTA update paths. 🔓📉 https://cyberinsider.com/ai-helps-find-flaws-in-fatfs-library-used-in-millions-of-devices/ #cybersecurity #IoT #vulnerabilities #embedded
##updated 2026-07-02T12:31:55
1 posts
8 repos
https://github.com/SecureWithUmer/CVE-2026-43503
https://github.com/gl1tch0x1/DirtyClone
https://github.com/entra1337/DirtyClone
https://github.com/sec0x/CVE-2026-43503
https://github.com/mooder1/dirtyclone-CVE-2026-43503
https://github.com/douglasmun/pagecache-lpe-containment-kit
Dissecting and Exploiting Linux LPE Variant: DirtyClone (CVE-2026-43503) https://lobste.rs/s/adgyhb #linux #security
https://research.jfrog.com/post/dissecting-and-exploiting-linux-lpe-variant-dirtyclone-cve-2026-43503/
updated 2026-07-02T00:31:50
1 posts
CVE-2026-14423: Type confusion in Chrome (pre-150.0.7871.46) enables sandbox escape via crafted HTML. HIGH severity — update Chrome ASAP to patch. Details: https://radar.offseq.com/threat/cve-2026-14423-type-confusion-in-google-chrome-ebdcbaa0782002d1 #OffSeq #Chrome #Vuln #BrowserSecurity
##updated 2026-07-02T00:31:49
1 posts
CVE-2026-14390: Use-after-free in Chrome ANGLE (High severity, ≤150.0.7871.45) can enable sandbox escape via crafted HTML. Update to 150.0.7871.46+ to mitigate. No active exploits reported. https://radar.offseq.com/threat/cve-2026-14390-use-after-free-in-google-chrome-7f7b248bc3c84ce8 #OffSeq #GoogleChrome #Infosec #Vulnerability
##updated 2026-07-01T21:36:26
1 posts
📈 CVE Published in last 7 days (2026-06-29 - 2026-06-29)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs:
Severity:
- Critical: 195
- High: 612
- Medium: 729
- Low: 114
- None: 230
Status:
- UNKNOWN: 68
- Analyzed: 534
- Awaiting Analysis: 109
- Deferred: 568
- Modified: 39
- Received: 443
- Rejected: 6
- Undergoing Analysis: 113
CISA KEVs:
- CISA-2026:0629 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0629)
- CISA-2026:0701 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0701)
Top CNAs:
- Chrome: 434
- VulnCheck: 177
- VulDB: 162
- Patchstack: 125
- Wordfence: 96
- GitHub, Inc.: 81
- N/A: 68
- Microsoft Corporation: 49
- IBM Corporation: 43
- Gitea Limited: 40
Top Affected Products:
- UNKNOWN: 1234
- Google Chrome: 401
- Geovision Inc. Geowebplayer: 16
- Imagemagick: 13
- Langflow: 11
- Nvidia Nemo Megatron Bridge: 11
- Adobe Coldfusion: 10
- Uvnc Ultravnc: 9
- Apache Activemq: 9
- Ibm Websphere Application Server: 8
Top EPSS Score:
- CVE-2026-27771 - 40.74 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-27771)
- CVE-2026-13773 - 3.41 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-13773)
- CVE-2026-56413 - 3.08 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-56413)
- CVE-2026-56415 - 3.07 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-56415)
- CVE-2026-56782 - 3.02 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-56782)
- CVE-2026-13545 - 2.71 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-13545)
- CVE-2026-58452 - 2.42 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-58452)
- CVE-2026-58453 - 1.69 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-58453)
- CVE-2026-56700 - 1.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-56700)
- CVE-2026-58457 - 1.67 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-58457)
updated 2026-07-01T21:36:16
1 posts
Apache HttpComponents Core vulnerabilities CVE-2026-54399 and CVE-2026-54428 allow remote denial of service through memory exhaustion. Upgrade now.
##updated 2026-07-01T21:35:53
6 posts
3 repos
https://github.com/mistbarbarianspot/CVE-2026-45659-SharePoint-RCE
Here's a brief on recent geopolitical, technology, and cybersecurity developments:
Geopolitically, Russia claims control of Kostyantynivka in Ukraine, and Presidents Putin and Trump discussed Ukraine ahead of the upcoming NATO summit. In technology, Amazon launched its satellite internet service to compete with Starlink, and Alibaba banned Anthropic AI usage amidst a data dispute. Cybersecurity noted a US government entity paid $1 million in a data-theft extortion, while a critical SharePoint RCE (CVE-2026-45659) is actively exploited. AI-powered phishing and scams are also targeting the World Cup 2026.
##Geopolitical: US-Iran talks paused for funeral (July 4-5, 2026). Ukraine's Zelenskiy and Trump discussed the Russia-Ukraine war.
Technology: SK Telecom plans a 15GW AI data center in Asia (July 5, 2026). OpenAI reportedly eyes US government equity.
Cybersecurity: CISA urged patching an actively exploited SharePoint RCE (CVE-2026-45659) by July 4, 2026. Ransomware attacks typically spike during US holidays. A Homeland Security network (HSIN) breach was reported.
##OpenAI voluntarily limited new AI models at government request on July 2. Cybersecurity threats remain high with critical Citrix Bleed 2 (CVE-2025-5777) and Microsoft SharePoint RCE (CVE-2026-45659) vulnerabilities being actively exploited, as reported on July 2-3. Google, in collaboration with the FBI, disrupted NetNut, a major residential proxy network spanning 2 million devices. Geopolitically, Iran issued warnings to ships regarding unapproved routes in the Strait of Hormuz on July 3.
##CISA Reports Active Exploitation of SharePoint RCE Flaw
CISA warned that attackers are exploiting a high-severity SharePoint vulnerability (CVE-2026-45659) that allows authenticated users to run arbitrary code.
**If you run on-premises Microsoft SharePoint Server (Subscription Edition, 2019, or 2016), this is urgent. Your Sharepoint is under attack. Apply Microsoft's security update for CVE-2026-45659 immediately. Prioritize any internet-facing SharePoint instances first, and confirm every server is updated to the latest secure version. If possible, isolate SharePoint from the Internet.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/cisa-reports-active-exploitation-of-sharepoint-rce-flaw-a-p-5-o-0/gD2P6Ple2L
https://thecybersecguru.com/news/hsin-breach-dhs-sharepoint-hack/
##C-Suite Alert: CVE-2026-45659 is actively exploited. CISA BOD 26-04 mandates immediate action. Is your organization compliant? My executive briefing provides the risk assessment and strategic roadmap to secure your SharePoint assets and mitigate enterprise liability. https://thecybermind.co/x3h5
#Governance #InfoSec #SharePoint
updated 2026-07-01T20:45:42
1 posts
🔴 CVE-2026-44935 - Critical (9.9)
Missing validation of "valuesFrom" references in Helm Deployer of SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 could be used by owners of one tenant to access fleet credentials of other ten...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44935/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-01T18:32:05
1 posts
📈 CVE Published in last 7 days (2026-06-29 - 2026-06-29)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs:
Severity:
- Critical: 195
- High: 612
- Medium: 729
- Low: 114
- None: 230
Status:
- UNKNOWN: 68
- Analyzed: 534
- Awaiting Analysis: 109
- Deferred: 568
- Modified: 39
- Received: 443
- Rejected: 6
- Undergoing Analysis: 113
CISA KEVs:
- CISA-2026:0629 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0629)
- CISA-2026:0701 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0701)
Top CNAs:
- Chrome: 434
- VulnCheck: 177
- VulDB: 162
- Patchstack: 125
- Wordfence: 96
- GitHub, Inc.: 81
- N/A: 68
- Microsoft Corporation: 49
- IBM Corporation: 43
- Gitea Limited: 40
Top Affected Products:
- UNKNOWN: 1234
- Google Chrome: 401
- Geovision Inc. Geowebplayer: 16
- Imagemagick: 13
- Langflow: 11
- Nvidia Nemo Megatron Bridge: 11
- Adobe Coldfusion: 10
- Uvnc Ultravnc: 9
- Apache Activemq: 9
- Ibm Websphere Application Server: 8
Top EPSS Score:
- CVE-2026-27771 - 40.74 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-27771)
- CVE-2026-13773 - 3.41 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-13773)
- CVE-2026-56413 - 3.08 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-56413)
- CVE-2026-56415 - 3.07 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-56415)
- CVE-2026-56782 - 3.02 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-56782)
- CVE-2026-13545 - 2.71 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-13545)
- CVE-2026-58452 - 2.42 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-58452)
- CVE-2026-58453 - 1.69 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-58453)
- CVE-2026-56700 - 1.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-56700)
- CVE-2026-58457 - 1.67 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-58457)
updated 2026-07-01T18:32:04
1 posts
📈 CVE Published in last 7 days (2026-06-29 - 2026-06-29)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs:
Severity:
- Critical: 195
- High: 612
- Medium: 729
- Low: 114
- None: 230
Status:
- UNKNOWN: 68
- Analyzed: 534
- Awaiting Analysis: 109
- Deferred: 568
- Modified: 39
- Received: 443
- Rejected: 6
- Undergoing Analysis: 113
CISA KEVs:
- CISA-2026:0629 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0629)
- CISA-2026:0701 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0701)
Top CNAs:
- Chrome: 434
- VulnCheck: 177
- VulDB: 162
- Patchstack: 125
- Wordfence: 96
- GitHub, Inc.: 81
- N/A: 68
- Microsoft Corporation: 49
- IBM Corporation: 43
- Gitea Limited: 40
Top Affected Products:
- UNKNOWN: 1234
- Google Chrome: 401
- Geovision Inc. Geowebplayer: 16
- Imagemagick: 13
- Langflow: 11
- Nvidia Nemo Megatron Bridge: 11
- Adobe Coldfusion: 10
- Uvnc Ultravnc: 9
- Apache Activemq: 9
- Ibm Websphere Application Server: 8
Top EPSS Score:
- CVE-2026-27771 - 40.74 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-27771)
- CVE-2026-13773 - 3.41 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-13773)
- CVE-2026-56413 - 3.08 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-56413)
- CVE-2026-56415 - 3.07 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-56415)
- CVE-2026-56782 - 3.02 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-56782)
- CVE-2026-13545 - 2.71 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-13545)
- CVE-2026-58452 - 2.42 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-58452)
- CVE-2026-58453 - 1.69 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-58453)
- CVE-2026-56700 - 1.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-56700)
- CVE-2026-58457 - 1.67 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-58457)
updated 2026-07-01T18:32:04
1 posts
Apache HttpComponents Core vulnerabilities CVE-2026-54399 and CVE-2026-54428 allow remote denial of service through memory exhaustion. Upgrade now.
##updated 2026-07-01T18:31:59
2 posts
At least Cisco is undeterred by the news slump over the long July 4 holiday. This is a new advisory:
High-severity CVE-2026-20191: Cisco Catalyst Center Arbitrary File Read Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catc-file-read-wLH2vf8X @TalosSecurity #infosec #Cisco #vulnerability
##At least Cisco is undeterred by the news slump over the long July 4 holiday. This is a new advisory:
High-severity CVE-2026-20191: Cisco Catalyst Center Arbitrary File Read Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catc-file-read-wLH2vf8X @TalosSecurity #infosec #Cisco #vulnerability
##updated 2026-07-01T18:31:27
1 posts
For the second time in a row, a post by cr0w on Mastodon regarding the Chrome release blog appearing to not render anything resulted in me firing up lynx to show a sub-second load and render, then finally doing something a bit more tangible about the situation.
The Google Blogger pages load an ancient copy of jQuery (1.11.3, from 2015) synchronously in the <head>, alongside a 53KB widgets.js Blogger framework. Then, posts like this one — https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html — stuff 433 CVE entries into the DOM — 670KB of HTML, 5,045 nodes. The Blogger WidgetManager processes all of that against the DOM using jQuery’s notoriously slow selector engine, and the main thread stays locked for 81 seconds. Nothing else runs. Not even the HTTP request for the DoubleClick tracking pixel queued behind it (because ofc there’s a DoubleClick tracking pixel).
The Safari Navigation Timing API numbers make it embarrassingly concrete:
responseEnd: 143msdomInteractive: 231msdomContentLoaded: 81,280msThat’s 81 seconds between “DOM is ready” and “page is loaded.” All burning prescious CPU cycles with zero network activity during that window.
This is the second time I’ve felt compelled to dig into this particular mess. The Chrome Releases page is a real/tangible operational resource — security teams, vulnerability managers, and researchers (somewhat, at least) depend on it for CVE data. When it’s broken, it creates a bottleneck for people who have real jobs to do.
The 433 CVE entries choking the page are exactly what people came to read. But they’re baked into the HTML as rendered text, not exposed as structured data anywhere. So even when the page eventually loads, you’re still scraping HTML to get at anything useful.
unjam solves that problem. It’s a small CLI that connects to a Blogger page and extracts structured data — both the widget configuration from the _WidgetManager._SetDataContext inline script and the CVE entries from Chrome Release posts — without touching a browser at all.
It’s a single Deno binary for macOS, Linux, and Windows. No dependencies, no configuration overhead, just download and run:
unjam --cve https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html
[
{
"issueId": "506558270",
"issueUrl": "https://issues.chromium.org/issues/506558270",
"severity": "Critical",
"cveId": "CVE-2026-13774",
"description": "Use after free in Extensions.",
"reporter": "Google",
"reportedOn": "2026-04-26"
},
{
"issueId": "511766407",
"issueUrl": "https://issues.chromium.org/issues/511766407",
"severity": "Critical",
"cveId": "CVE-2026-13775",
"description": "Use after free in GPU.",
"reporter": "Google",
"reportedOn": "2026-05-10"
},
…
]
Getting CVE data from one of these posts used to mean waiting 81 seconds for a browser tab to finish wrestling with jQuery, then hand-scraping HTML. Now it takes about a second and returns clean JSON. The --cve flag parses each entry into structured fields — CVE ID, severity, description, issue tracker URL, reporter, and date reported — ready to pipe into jq, load into a database, or feed into whatever vulnerability management pipeline you’re running.
The tool also handles the general case: any Blogger page carrying the _WidgetManager._SetDataContext inline script can be unwedged with the default mode, which converts the JavaScript object literal into proper JSON. That turned out to be useful enough to bake in as default functionality.
The project’s at https://git.sr.ht/~hrbrmstr/unjam and has pre-built binaries for popular platforms.
I don’t expect this page to stay broken forever…I mean, someone at Google will eventually update the template (right, Anakin? right? Anakin?), and may even quietly drop the DoubleClick pixel (LOL) — but until then, unjam fills the gap cleanly.
updated 2026-07-01T18:31:24
4 posts
4 repos
https://github.com/derekpreston81/CVE_ADC_IOC_2026
https://github.com/attarwahyup/Netscaler-CVE-2026-8451
https://github.com/watchtowrlabs/watchTowr-vs-Netscaler-CVE-2026-8451
📰 CitrixBleed-Like Flaw (CVE-2026-8451) Exploited Within 24 Hours
New CitrixBleed-like flaw CVE-2026-8451 in NetScaler is being exploited in the wild less than 24 hours after disclosure! The bug can leak sensitive memory. Patch and terminate all sessions NOW. 🚨 #Citrix #NetScaler #CyberSecurity #CVE
🌐 cyber[.]netsecops[.]io
##Citrix NetScaler vulnerability CVE-2026-8451 is exploited in the wild after a public PoC exposed a pre-auth memory overread. Patch now.
##CitrixBleed To Infinity And Beyond (Citrix NetScaler Pre-Auth Memory Overread CVE-2026-8451) https://labs.watchtowr.com/citrixbleed-to-infinity-and-beyond-citrix-netscaler-pre-auth-memory-overread-cve-2026-8451/ #bot #cybersecurity #infosec
##Citrix has patched a series of bugs this week, including another CitrixBleed-like vulnerability that can allow remote attackers to leak a device's memory and find goodies inside, such as auth or config data.
This impacts NetScaler ADC devices.
https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696604
##updated 2026-07-01T18:29:00.013000
1 posts
Two UltraVNC repeater vulnerabilities enable arbitrary code execution (CVE-2026-7840) plus admin access via a hardcoded password. Update now.
#UltraVNC #RemoteAccess #CVE20267839 #CVE20267840 #ArbitraryCodeExecution #BufferOverflow #Vulnerability
##updated 2026-07-01T18:17:31.553000
1 posts
📈 CVE Published in last 7 days (2026-06-29 - 2026-06-29)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs:
Severity:
- Critical: 195
- High: 612
- Medium: 729
- Low: 114
- None: 230
Status:
- UNKNOWN: 68
- Analyzed: 534
- Awaiting Analysis: 109
- Deferred: 568
- Modified: 39
- Received: 443
- Rejected: 6
- Undergoing Analysis: 113
CISA KEVs:
- CISA-2026:0629 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0629)
- CISA-2026:0701 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0701)
Top CNAs:
- Chrome: 434
- VulnCheck: 177
- VulDB: 162
- Patchstack: 125
- Wordfence: 96
- GitHub, Inc.: 81
- N/A: 68
- Microsoft Corporation: 49
- IBM Corporation: 43
- Gitea Limited: 40
Top Affected Products:
- UNKNOWN: 1234
- Google Chrome: 401
- Geovision Inc. Geowebplayer: 16
- Imagemagick: 13
- Langflow: 11
- Nvidia Nemo Megatron Bridge: 11
- Adobe Coldfusion: 10
- Uvnc Ultravnc: 9
- Apache Activemq: 9
- Ibm Websphere Application Server: 8
Top EPSS Score:
- CVE-2026-27771 - 40.74 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-27771)
- CVE-2026-13773 - 3.41 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-13773)
- CVE-2026-56413 - 3.08 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-56413)
- CVE-2026-56415 - 3.07 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-56415)
- CVE-2026-56782 - 3.02 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-56782)
- CVE-2026-13545 - 2.71 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-13545)
- CVE-2026-58452 - 2.42 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-58452)
- CVE-2026-58453 - 1.69 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-58453)
- CVE-2026-56700 - 1.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-56700)
- CVE-2026-58457 - 1.67 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-58457)
updated 2026-07-01T15:35:27
2 posts
🤖 Researchers at runZero say AI-assisted testing found 7 security flaws in the FatFs FAT/exFAT filesystem library (CVE-2026-6682 to CVE-2026-6688), potentially exposing millions of embedded devices via malicious USB drives/SD cards—and sometimes OTA update paths. 🔓📉 https://cyberinsider.com/ai-helps-find-flaws-in-fatfs-library-used-in-millions-of-devices/ #cybersecurity #IoT #vulnerabilities #embedded
##🧩 Runzero warnt: Eine KI-gestützte Suche fand eine gefährliche Lücke im FatFs-Treiber. Schon das Anschließen eines USB-Sticks soll genügen, um über CVE-2026-6682 (CVSS 7,6) Schadcode einzuschleusen. Patch derzeit unklar. Angriff auch via manipulierte OTA-Updates möglich. 🔥
https://www.golem.de/news/angriff-per-usb-stick-ki-findet-gefaehrliche-luecke-in-populaerem-fatfs-treiber-2607-210484.html
#Security #IoT #Embedded #USB #CVE #Vulnerability
updated 2026-07-01T15:35:00
1 posts
For the second time in a row, a post by cr0w on Mastodon regarding the Chrome release blog appearing to not render anything resulted in me firing up lynx to show a sub-second load and render, then finally doing something a bit more tangible about the situation.
The Google Blogger pages load an ancient copy of jQuery (1.11.3, from 2015) synchronously in the <head>, alongside a 53KB widgets.js Blogger framework. Then, posts like this one — https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html — stuff 433 CVE entries into the DOM — 670KB of HTML, 5,045 nodes. The Blogger WidgetManager processes all of that against the DOM using jQuery’s notoriously slow selector engine, and the main thread stays locked for 81 seconds. Nothing else runs. Not even the HTTP request for the DoubleClick tracking pixel queued behind it (because ofc there’s a DoubleClick tracking pixel).
The Safari Navigation Timing API numbers make it embarrassingly concrete:
responseEnd: 143msdomInteractive: 231msdomContentLoaded: 81,280msThat’s 81 seconds between “DOM is ready” and “page is loaded.” All burning prescious CPU cycles with zero network activity during that window.
This is the second time I’ve felt compelled to dig into this particular mess. The Chrome Releases page is a real/tangible operational resource — security teams, vulnerability managers, and researchers (somewhat, at least) depend on it for CVE data. When it’s broken, it creates a bottleneck for people who have real jobs to do.
The 433 CVE entries choking the page are exactly what people came to read. But they’re baked into the HTML as rendered text, not exposed as structured data anywhere. So even when the page eventually loads, you’re still scraping HTML to get at anything useful.
unjam solves that problem. It’s a small CLI that connects to a Blogger page and extracts structured data — both the widget configuration from the _WidgetManager._SetDataContext inline script and the CVE entries from Chrome Release posts — without touching a browser at all.
It’s a single Deno binary for macOS, Linux, and Windows. No dependencies, no configuration overhead, just download and run:
unjam --cve https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html
[
{
"issueId": "506558270",
"issueUrl": "https://issues.chromium.org/issues/506558270",
"severity": "Critical",
"cveId": "CVE-2026-13774",
"description": "Use after free in Extensions.",
"reporter": "Google",
"reportedOn": "2026-04-26"
},
{
"issueId": "511766407",
"issueUrl": "https://issues.chromium.org/issues/511766407",
"severity": "Critical",
"cveId": "CVE-2026-13775",
"description": "Use after free in GPU.",
"reporter": "Google",
"reportedOn": "2026-05-10"
},
…
]
Getting CVE data from one of these posts used to mean waiting 81 seconds for a browser tab to finish wrestling with jQuery, then hand-scraping HTML. Now it takes about a second and returns clean JSON. The --cve flag parses each entry into structured fields — CVE ID, severity, description, issue tracker URL, reporter, and date reported — ready to pipe into jq, load into a database, or feed into whatever vulnerability management pipeline you’re running.
The tool also handles the general case: any Blogger page carrying the _WidgetManager._SetDataContext inline script can be unwedged with the default mode, which converts the JavaScript object literal into proper JSON. That turned out to be useful enough to bake in as default functionality.
The project’s at https://git.sr.ht/~hrbrmstr/unjam and has pre-built binaries for popular platforms.
I don’t expect this page to stay broken forever…I mean, someone at Google will eventually update the template (right, Anakin? right? Anakin?), and may even quietly drop the DoubleClick pixel (LOL) — but until then, unjam fills the gap cleanly.
updated 2026-07-01T15:34:56
1 posts
A GNU gzip vulnerability (CVE-2026-41991) lets a local attacker overwrite files through a gzexe symlink attack. Update to the patched gzip release now.
#GNUgzip #gzip #CVE202641991 #CVE202641992 #gzexe #LinuxSecurity #Vulnerability
##updated 2026-07-01T15:16:23.077000
1 posts
updated 2026-07-01T06:31:32
1 posts
updated 2026-07-01T05:16:21.907000
8 posts
1 repos
‼️ New Dark Web Informer Blog Post!
Title: Adobe ColdFusion flaw CVE-2026-48282 is now being Exploited in the Wild
Link: https://darkwebinformer.com/adobe-coldfusion-flaw-cve-2026-48282-is-now-being-exploited-in-the-wild/
##Adobe ColdFusion está sob ataque informático devido a uma vulnerabilidade classificada com o grau máximo de severidade, identificada como CVE-2026-48282. A plataforma de desenvolvimento web está a ser explorada ativamente por agentes maliciosos.
##Max severity Adobe ColdFusion flaw now exploited in attacks
Attackers are now exploiting a maximum-severity Adobe ColdFusion vulnerability tracked as CVE-2026-48282, the Canadian Center for Cyber Security...
🔗️ [Bleepingcomputer] https://link.is.it/dtvaMC
##Adobe ColdFusion Flaw Exploited in Ongoing Attacks
A critical Adobe ColdFusion vulnerability, CVE-2026-48282, is under attack - and it's crucial to patch now to prevent remote code execution on your system. This maximum-severity flaw affects ColdFusion releases 2025.9, 2023.20, and earlier, and can be exploited without privileges.
#AdobeColdfusion #Cve202648282 #RemoteCodeExecution #EmergingThreats #ZeroDay
##‼️ New Dark Web Informer Blog Post!
Title: Adobe ColdFusion flaw CVE-2026-48282 is now being Exploited in the Wild
Link: https://darkwebinformer.com/adobe-coldfusion-flaw-cve-2026-48282-is-now-being-exploited-in-the-wild/
##Adobe ColdFusion está sob ataque informático devido a uma vulnerabilidade classificada com o grau máximo de severidade, identificada como CVE-2026-48282. A plataforma de desenvolvimento web está a ser explorada ativamente por agentes maliciosos.
##Max severity Adobe ColdFusion flaw now exploited in attacks
Attackers are now exploiting a maximum-severity Adobe ColdFusion vulnerability tracked as CVE-2026-48282, the Canadian Center for Cyber Security...
🔗️ [Bleepingcomputer] https://link.is.it/dtvaMC
##A critical CVSS 10 ColdFusion arbitrary code execution flaw (CVE-2026-48282) is actively exploited in the wild. Update immediately to prevent attacks.
#ColdFusion #CVE202648282 #CyberSecurity #Vulnerability #Infosec
##updated 2026-07-01T00:34:43
1 posts
📈 CVE Published in last 7 days (2026-06-29 - 2026-06-29)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs:
Severity:
- Critical: 195
- High: 612
- Medium: 729
- Low: 114
- None: 230
Status:
- UNKNOWN: 68
- Analyzed: 534
- Awaiting Analysis: 109
- Deferred: 568
- Modified: 39
- Received: 443
- Rejected: 6
- Undergoing Analysis: 113
CISA KEVs:
- CISA-2026:0629 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0629)
- CISA-2026:0701 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0701)
Top CNAs:
- Chrome: 434
- VulnCheck: 177
- VulDB: 162
- Patchstack: 125
- Wordfence: 96
- GitHub, Inc.: 81
- N/A: 68
- Microsoft Corporation: 49
- IBM Corporation: 43
- Gitea Limited: 40
Top Affected Products:
- UNKNOWN: 1234
- Google Chrome: 401
- Geovision Inc. Geowebplayer: 16
- Imagemagick: 13
- Langflow: 11
- Nvidia Nemo Megatron Bridge: 11
- Adobe Coldfusion: 10
- Uvnc Ultravnc: 9
- Apache Activemq: 9
- Ibm Websphere Application Server: 8
Top EPSS Score:
- CVE-2026-27771 - 40.74 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-27771)
- CVE-2026-13773 - 3.41 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-13773)
- CVE-2026-56413 - 3.08 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-56413)
- CVE-2026-56415 - 3.07 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-56415)
- CVE-2026-56782 - 3.02 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-56782)
- CVE-2026-13545 - 2.71 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-13545)
- CVE-2026-58452 - 2.42 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-58452)
- CVE-2026-58453 - 1.69 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-58453)
- CVE-2026-56700 - 1.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-56700)
- CVE-2026-58457 - 1.67 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-58457)
updated 2026-07-01T00:34:43
1 posts
📈 CVE Published in last 7 days (2026-06-29 - 2026-06-29)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs:
Severity:
- Critical: 195
- High: 612
- Medium: 729
- Low: 114
- None: 230
Status:
- UNKNOWN: 68
- Analyzed: 534
- Awaiting Analysis: 109
- Deferred: 568
- Modified: 39
- Received: 443
- Rejected: 6
- Undergoing Analysis: 113
CISA KEVs:
- CISA-2026:0629 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0629)
- CISA-2026:0701 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0701)
Top CNAs:
- Chrome: 434
- VulnCheck: 177
- VulDB: 162
- Patchstack: 125
- Wordfence: 96
- GitHub, Inc.: 81
- N/A: 68
- Microsoft Corporation: 49
- IBM Corporation: 43
- Gitea Limited: 40
Top Affected Products:
- UNKNOWN: 1234
- Google Chrome: 401
- Geovision Inc. Geowebplayer: 16
- Imagemagick: 13
- Langflow: 11
- Nvidia Nemo Megatron Bridge: 11
- Adobe Coldfusion: 10
- Uvnc Ultravnc: 9
- Apache Activemq: 9
- Ibm Websphere Application Server: 8
Top EPSS Score:
- CVE-2026-27771 - 40.74 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-27771)
- CVE-2026-13773 - 3.41 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-13773)
- CVE-2026-56413 - 3.08 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-56413)
- CVE-2026-56415 - 3.07 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-56415)
- CVE-2026-56782 - 3.02 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-56782)
- CVE-2026-13545 - 2.71 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-13545)
- CVE-2026-58452 - 2.42 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-58452)
- CVE-2026-58453 - 1.69 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-58453)
- CVE-2026-56700 - 1.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-56700)
- CVE-2026-58457 - 1.67 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-58457)
updated 2026-07-01T00:34:02
1 posts
Five DCMTK vulnerabilities hit the DICOM toolkit, including a CVSS 9.8 path traversal file write (CVE-2026-50003). Update DCMTK now.
#DCMTK #DICOM #PathTraversal #CVE202650003 #MedicalImaging #ICS #Vulnerability
##updated 2026-06-30T21:31:52
1 posts
IBM WebSphere vulnerabilities like CVE-2026-11712 expose servers to severe XSS and path traversal attacks. Patch systems immediately.
##updated 2026-06-30T21:31:52
1 posts
📈 CVE Published in last 7 days (2026-06-29 - 2026-06-29)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs:
Severity:
- Critical: 195
- High: 612
- Medium: 729
- Low: 114
- None: 230
Status:
- UNKNOWN: 68
- Analyzed: 534
- Awaiting Analysis: 109
- Deferred: 568
- Modified: 39
- Received: 443
- Rejected: 6
- Undergoing Analysis: 113
CISA KEVs:
- CISA-2026:0629 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0629)
- CISA-2026:0701 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0701)
Top CNAs:
- Chrome: 434
- VulnCheck: 177
- VulDB: 162
- Patchstack: 125
- Wordfence: 96
- GitHub, Inc.: 81
- N/A: 68
- Microsoft Corporation: 49
- IBM Corporation: 43
- Gitea Limited: 40
Top Affected Products:
- UNKNOWN: 1234
- Google Chrome: 401
- Geovision Inc. Geowebplayer: 16
- Imagemagick: 13
- Langflow: 11
- Nvidia Nemo Megatron Bridge: 11
- Adobe Coldfusion: 10
- Uvnc Ultravnc: 9
- Apache Activemq: 9
- Ibm Websphere Application Server: 8
Top EPSS Score:
- CVE-2026-27771 - 40.74 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-27771)
- CVE-2026-13773 - 3.41 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-13773)
- CVE-2026-56413 - 3.08 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-56413)
- CVE-2026-56415 - 3.07 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-56415)
- CVE-2026-56782 - 3.02 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-56782)
- CVE-2026-13545 - 2.71 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-13545)
- CVE-2026-58452 - 2.42 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-58452)
- CVE-2026-58453 - 1.69 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-58453)
- CVE-2026-56700 - 1.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-56700)
- CVE-2026-58457 - 1.67 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-58457)
updated 2026-06-30T21:31:44
1 posts
Multiple Langflow OSS vulnerabilities, including the critical CVE-2026-10134 flaw, expose servers to code execution. Patch immediately.
#Langflow #Vulnerabilities #CyberSecurity #CVE202610134 #InfoSec
##updated 2026-06-30T17:31:09.510000
1 posts
📈 CVE Published in last 7 days (2026-06-29 - 2026-06-29)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs:
Severity:
- Critical: 195
- High: 612
- Medium: 729
- Low: 114
- None: 230
Status:
- UNKNOWN: 68
- Analyzed: 534
- Awaiting Analysis: 109
- Deferred: 568
- Modified: 39
- Received: 443
- Rejected: 6
- Undergoing Analysis: 113
CISA KEVs:
- CISA-2026:0629 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0629)
- CISA-2026:0701 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0701)
Top CNAs:
- Chrome: 434
- VulnCheck: 177
- VulDB: 162
- Patchstack: 125
- Wordfence: 96
- GitHub, Inc.: 81
- N/A: 68
- Microsoft Corporation: 49
- IBM Corporation: 43
- Gitea Limited: 40
Top Affected Products:
- UNKNOWN: 1234
- Google Chrome: 401
- Geovision Inc. Geowebplayer: 16
- Imagemagick: 13
- Langflow: 11
- Nvidia Nemo Megatron Bridge: 11
- Adobe Coldfusion: 10
- Uvnc Ultravnc: 9
- Apache Activemq: 9
- Ibm Websphere Application Server: 8
Top EPSS Score:
- CVE-2026-27771 - 40.74 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-27771)
- CVE-2026-13773 - 3.41 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-13773)
- CVE-2026-56413 - 3.08 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-56413)
- CVE-2026-56415 - 3.07 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-56415)
- CVE-2026-56782 - 3.02 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-56782)
- CVE-2026-13545 - 2.71 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-13545)
- CVE-2026-58452 - 2.42 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-58452)
- CVE-2026-58453 - 1.69 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-58453)
- CVE-2026-56700 - 1.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-56700)
- CVE-2026-58457 - 1.67 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-58457)
updated 2026-06-30T15:30:45
1 posts
Nine Apache ActiveMQ vulnerabilities allow denial of service and a temporary destination takeover (CVE-2026-54475). Upgrade to 6.2.7 now.
#ApacheActiveMQ #ActiveMQ #CVE202654475 #DenialOfService #OpenWire #STOMP #MessageBroker #Vulnerability
##updated 2026-06-30T15:30:32
3 posts
1 repos
📰 Actively Exploited Kemp LoadMaster Flaw (CVE-2026-8037) Allows Pre-Auth RCE as Root
🚨 ACTIVE EXPLOITATION: A critical pre-auth RCE flaw in Progress Kemp LoadMaster (CVE-2026-8037) allows root access. PoC is public. Patch immediately to protect your network perimeter! #RCE #CVE #Kemp #Progress #CyberSecurity
🌐 cyber[.]netsecops[.]io
##⚠️ CRITICAL: Progress Kemp LoadMaster Pre-Auth RCE Flaw Faces Active Exploitation Attempts
A critical pre-auth RCE vulnerability (CVE-2026-8037, CVSS 9.6) in Progress Kemp LoadMaster is actively being exploited. The flaw allows unauthenticated attackers to execute arbitrary OS commands via the /accessv2 API endpoint. Any organization running Kemp LoadMaster is at immediate risk.
##Progress Kemp LoadMaster Vulnerability Actively Exploited
Progress Software's Kemp LoadMaster is reportedly actively attacked following the release of a proof-of-concept for a remote code execution flaw (CVE-2026-8037).
**This is now urgent. Make sure all your Kemp LoadMaster appliances are updated to the latest versions immediately, because you are being hacked. If you do not require the management API for daily operations, disable it or isolate it behind a secure VPN so it is reachable only from trusted internal networks.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/progress-kemp-loadmaster-vulnerability-actively-exploited-u-c-i-k-t/gD2P6Ple2L
updated 2026-06-30T03:36:46
1 posts
🔴 CVE-2026-14544 - Critical (9.8)
A flaw was found in HPLIP (HP Linux Imaging and Printing Software). This vulnerability, an incomplete fix for CVE-2026-8631, may allow a remote attacker to escalate privileges or achieve arbitrary code execution. This can occur through an integer ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-14544/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-29T21:32:12
1 posts
CVE-2026-13762 and CVE-2026-13763 - Issue with HTTP/2 multi-frame request body inspection in AWS WAF #devopsish https://aws.amazon.com/security/security-bulletins/2026-048-aws/
##updated 2026-06-29T21:32:12
1 posts
CVE-2026-13762 and CVE-2026-13763 - Issue with HTTP/2 multi-frame request body inspection in AWS WAF #devopsish https://aws.amazon.com/security/security-bulletins/2026-048-aws/
##updated 2026-06-29T18:32:03
1 posts
2 repos
📈 CVE Published in last 7 days (2026-06-29 - 2026-06-29)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs:
Severity:
- Critical: 195
- High: 612
- Medium: 729
- Low: 114
- None: 230
Status:
- UNKNOWN: 68
- Analyzed: 534
- Awaiting Analysis: 109
- Deferred: 568
- Modified: 39
- Received: 443
- Rejected: 6
- Undergoing Analysis: 113
CISA KEVs:
- CISA-2026:0629 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0629)
- CISA-2026:0701 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0701)
Top CNAs:
- Chrome: 434
- VulnCheck: 177
- VulDB: 162
- Patchstack: 125
- Wordfence: 96
- GitHub, Inc.: 81
- N/A: 68
- Microsoft Corporation: 49
- IBM Corporation: 43
- Gitea Limited: 40
Top Affected Products:
- UNKNOWN: 1234
- Google Chrome: 401
- Geovision Inc. Geowebplayer: 16
- Imagemagick: 13
- Langflow: 11
- Nvidia Nemo Megatron Bridge: 11
- Adobe Coldfusion: 10
- Uvnc Ultravnc: 9
- Apache Activemq: 9
- Ibm Websphere Application Server: 8
Top EPSS Score:
- CVE-2026-27771 - 40.74 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-27771)
- CVE-2026-13773 - 3.41 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-13773)
- CVE-2026-56413 - 3.08 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-56413)
- CVE-2026-56415 - 3.07 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-56415)
- CVE-2026-56782 - 3.02 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-56782)
- CVE-2026-13545 - 2.71 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-13545)
- CVE-2026-58452 - 2.42 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-58452)
- CVE-2026-58453 - 1.69 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-58453)
- CVE-2026-56700 - 1.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-56700)
- CVE-2026-58457 - 1.67 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-58457)
updated 2026-06-25T21:31:23
1 posts
3 repos
Cisco confirma exploração ativa de vulnerabilidade nos sistemas Unified CM. A empresa confirmou que agentes maliciosos estão a explorar a vulnerabilidade CVE-2026-20230, que permite ataques de falsificação de pedidos do lado do servidor. 🚨
##updated 2026-06-17T18:08:00
1 posts
🟠 CVE-2026-22555 - High (8.1)
Gitea versions before 1.26.0 allow API users to fork a repository into an organization without first passing the CanCreateOrgRepo check, which can expose organization secrets.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22555/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-17T11:01:08.343000
1 posts
Blip blop, I'm a #mastobot.
Here is a summary (in beta) of the latest posts in #programmingAtKukei https://masto.kukei.eu/browse/programming category:
- **AI/LLM-driven development**: Claude Code, Fable, GitHub Copilot, LangGraph, AI agent frameworks, GPT-5.5 Codex, AI-generated code bans (Godot Engine, Alibaba).
- **PostgreSQL updates**: PostgreSQL 19 beta (`WAIT FOR LSN`), TimescaleDB 2.28.1, pg_lake extension, CVE-2026-6637, durable execution (pgdurable).
- **Arduino/ESP32 libraries**: [1/3]
updated 2026-06-17T10:55:09.517000
1 posts
Remember the phpBB authentication bypass our research team found? We said the proof was coming. 💥 It's here.
Two working PoCs, one for each vulnerability, are now live in the research:
👉 PTT-2026-004 (CVE-2026-48611, 9.4): the PoC shows the full path from a single crafted request to a valid admin session. No credentials that work, no prior access, no user interaction. Just the request and the session cookie that _shouldn't_ exist.
👉 PTT-2026-005 (CVE-2026-48612, 8.3): the PoC walks through the silent OAuth account takeover, including the case where the victim only has to load a forum post for the chain to fire.
Talk is cheap in this line of work, so check out both PoCs, plus the mitigation steps: https://pentest-tools.com/research/phpbb-authentication-bypass
phpBB 3.3.17 fixes both. If you haven't patched, the PoCs are a good reason to move today.
##updated 2026-06-17T10:49:38.170000
1 posts
https://thecybersecguru.com/exploits/cve-2026-43456-linux-kernel-zero-day/
##updated 2026-06-17T10:38:36.970000
1 posts
#GnuPG 2.5.21-freepg has been released.
It contains all the latest bug fixes from upstream GnuPG, plus the usual FreePG patches.
Note that the FreePG project considers the 2.5.x branch to be experimental, and does not enable non-standard OpenPGP algorithms unless “--compliance=gnupg” is explicitly set.
Release notes
=============
Noteworthy changes in version 2.5.21-freepg (2026-07-03)
--------------------------------------------------------
* No FreePG-specific changes.
https://gitlab.com/freepg/gnupg/-/releases/gnupg-2.5.21-freepg
Upstream's release notes follow.
----
Noteworthy changes in version 2.5.21 (2026-07-02)
-------------------------------------------------
* New and extended features:
- gpg, gpgsm: Use partial file on decryption, remove on failure.
Disable with "--compatibility-flags=no-partial-file-guard".
[T7873]
- gpg: Use the INT_RCP_FPR subpacket in revocation signatures.
[T8252]
- Create a pkgversioninfo.txt file when building using the speedo
build system.
* Bug fixes:
- gpg: Fix potential use-after-free in batch key generation when
handling the keyserver URL option. [T8277]
- gpgsm: Fix regression in gpgsm_verify with expired certificates.
[T8188]
- gpgsm: Require a minimum tag length for GCM decryption.
[rG4c7e68cf3d, CVE-2026-34182]
- scd: Limit the size of returned APDU objects from faulty cards.
[T8281]
- scd: Fix condition to retrieve ATR. [rGca25a7a61b]
- scd:openpgp: Fix regression in CHV1 retry counter byte index.
[rG245330ebea]
- agent: Make batch import of Kyber keys work. [T8029]
- dirmngr: Add a validation check in get_dns_cert_standard.
[T8303]
- gpgconf: Raise an error on certain parse errors. [T8261]
- Fix use of usleep in file remove function on Windows. Regression
since 2.5.13. [rGab9ce5f5e7]
Release-info: https://dev.gnupg.org/T8262
##updated 2026-06-16T23:41:03
1 posts
🟠 CVE-2026-26231 - High (8.5)
Gitea versions up to and including 1.26.1 allow the Allow edits from maintainers permission path to authorize commits to repositories that the user can read but should not be able to write.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26231/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-16T23:40:35
2 posts
1 repos
CVE-2026-28699 - High severity supply chain attack in Gitea. OAuth2 scope bypass via HTTP Basic auth. CVSS 8.1. Unpatched. Update immediately if using affected versions. #CVE #Gitea #infosec
##🟠 CVE-2026-28699 - High (8.1)
Gitea versions up to and including 1.26.1 allow OAuth2 access token scope enforcement to be bypassed through HTTP Basic authentication.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28699/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-12T18:31:50
1 posts
4 repos
https://github.com/HORKimhab/CVE-2026-35273
https://github.com/ekomsSavior/POC_cve_2026_35273
updated 2026-06-12T06:33:21
2 posts
2 repos
https://github.com/citruscitruscitruscitruscitrusci/CVE-2026-48611-poc
Remember the phpBB authentication bypass our research team found? We said the proof was coming. 💥 It's here.
Two working PoCs, one for each vulnerability, are now live in the research:
👉 PTT-2026-004 (CVE-2026-48611, 9.4): the PoC shows the full path from a single crafted request to a valid admin session. No credentials that work, no prior access, no user interaction. Just the request and the session cookie that _shouldn't_ exist.
👉 PTT-2026-005 (CVE-2026-48612, 8.3): the PoC walks through the silent OAuth account takeover, including the case where the victim only has to load a forum post for the chain to fire.
Talk is cheap in this line of work, so check out both PoCs, plus the mitigation steps: https://pentest-tools.com/research/phpbb-authentication-bypass
phpBB 3.3.17 fixes both. If you haven't patched, the PoCs are a good reason to move today.
##Critical phpBB Authentication Bypass Allows Instant Account Takeover
phpBB version 3.3.17 patches a critical authentication bypass (CVE-2026-48611) that allows unauthenticated attackers to take over any account, including administrators, by manipulating the auth_provider parameter.
**If you run a phpBB forum (versions 3.1.0 through 3.3.16, or 4.0.0-a2), this is important and urgent. Update to version 3.3.17 immediately. If you can't patch right away, delete the apache.php and ldap.php files from the phpbb/auth/provider/ directory, and check your server logs for suspicious auth_provider=apache and mode=login_link requests. If found, reset all user sessions and assume those accounts are compromised.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-phpbb-authentication-bypass-allows-instant-account-takeover-b-z-9-a-7/gD2P6Ple2L
updated 2026-06-10T00:31:50
1 posts
3 repos
https://github.com/suce0155/CVE_2026_44963
Critical Veeam Backup Flaw Exposes Enterprise Recovery Systems to Full Remote Takeover + Video
Introduction: When Your Backup Becomes the Weakest Link Backups are supposed to be the last line of defense against cyberattacks. They protect businesses from ransomware, accidental deletion, hardware failures, and even insider threats. But what happens when the backup server itself becomes the attacker's first target? A newly disclosed critical vulnerability, CVE-2026-44963,…
##updated 2026-06-09T18:30:58
1 posts
1 repos
HawkTrace publicly disclosed Microsoft Exchange vulnerability CVE-2026-45504 with PoC exploit code. The SSRF flaw reads arbitrary files. Patch now.
#MicrosoftExchange #CVE202645504 #SSRF #Cybersecurity #PoC #Infosec
updated 2026-05-29T18:31:20
2 posts
2 repos
📰 Critical Oracle E-Business Suite RCE Flaw (CVE-2026-46817) Under Active Attack
🚨 CRITICAL ALERT: A 9.8 CVSS flaw in Oracle E-Business Suite (CVE-2026-46817) is being ACTIVELY EXPLOITED for unauthenticated RCE. Attackers can take over the entire application. Patch immediately! #Oracle #EBS #CyberSecurity #CVE #RCE
🌐 cyber[.]netsecops[.]io
##Oracle E-Business Suite under attack via critical flaw before exploit code emerged
https://1ban.news/oracle-ebs-attack-cve-2026-46817/
#1ban #oracle #ebs #attack #cve #tech
updated 2026-05-26T18:31:37
1 posts
2 repos
Synacktiv publicly disclosed a Kerberos reflection bypass, CVE-2026-26128, with PoC exploit code. It yields SYSTEM on most Windows builds. Patch now.
##updated 2026-04-30T17:50:13
1 posts
Root Privilege Escalation and Container Escape Flaw Discovered in Coreutils
A high-severity vulnerability (CVE-2026-35368) in the uutils coreutils chroot utility allows attackers to execute arbitrary code as root and escape containers. The flaw occurs when the utility loads untrusted libraries from a new root directory before dropping system privileges.
**Update your Rust-based coreutils to version 0.8.0 immediately to prevent attackers from gaining root access through the chroot command. If you can't patch right away, stop using the --userspec flag on any directory that an untrusted user can edit.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/root-privilege-escalation-and-container-escape-flaw-discovered-in-coreutils-n-9-7-w-o/gD2P6Ple2L
updated 2025-11-05T20:12:46
3 posts
27 repos
https://github.com/get-xor/coreweave-demo-2026-05
https://github.com/PuddinCat/CVE-2025-3248-POC
https://github.com/dennisec/Mass-CVE-2025-3248
https://github.com/nebari-playground/langflow-cve-2025-3248
https://github.com/ynsmroztas/CVE-2025-3248-Langflow-RCE
https://github.com/0xgh057r3c0n/CVE-2025-3248
https://github.com/xuemian168/CVE-2025-3248
https://github.com/0-d3y/langflow-rce-exploit
https://github.com/drackyjr/cve-2025-3248-exploit
https://github.com/EQSTLab/CVE-2025-3248
https://github.com/dennisec/CVE-2025-3248
https://github.com/verylazytech/CVE-2025-3248
https://github.com/vigilante-1337/CVE-2025-3248
https://github.com/zapstiko/CVE-2025-3248
https://github.com/Kiraly07/Demo_CVE-2025-3248
https://github.com/b0ySie7e/CVE-2025-3248-POC
https://github.com/tiemio/RCE-CVE-2025-3248
https://github.com/Vip3rLi0n/CVE-2025-3248
https://github.com/bambooqj/cve-2025-3248
https://github.com/Praison001/CVE-2025-3248
https://github.com/peiqiF4ck/WebFrameworkTools-5.5-enhance
https://github.com/12-test-12/CVE-2025-3248
https://github.com/r0otk3r/CVE-2025-3248
https://github.com/imbas007/CVE-2025-3248
https://github.com/wand3rlust/CVE-2025-3248
https://github.com/min8282/CVE-2025-3248
https://github.com/ill-deed/Langflow-CVE-2025-3248-Multi-target
We're here! AI Agent executed automated Ransomware operation.
JadePuffer used an autonomous AI agent for reconnaissance on the target, to steal credentials, move laterally, establish persistence, escalate privileges, and to encrypt data.
WHOA! “The operation also adapted in real time, retrying failed steps within refined parameters. In one sequence, it went from a failed login to a working fix in 31 seconds,”
NIST CVE (CVE-2025-3248) posted here: https://nvd.nist.gov/vuln/detail/CVE-2025-3248 #JadePuffer #Ransomware #Security #Hackers #NIST_CVE #CVE2025_3248 #AgenticThreatActors #AI #AIAgents #CyberAttack #CyberSecurity #LLMs #MySQL #PostgreSQL #CVE #JadePuffer
##We're here! AI Agent executed automated Ransomware operation.
JadePuffer used an autonomous AI agent for reconnaissance on the target, to steal credentials, move laterally, establish persistence, escalate privileges, and to encrypt data.
WHOA! “The operation also adapted in real time, retrying failed steps within refined parameters. In one sequence, it went from a failed login to a working fix in 31 seconds,”
NIST CVE (CVE-2025-3248) posted here: https://nvd.nist.gov/vuln/detail/CVE-2025-3248 #JadePuffer #Ransomware #Security #Hackers #NIST_CVE #CVE2025_3248 #AgenticThreatActors #AI #AIAgents #CyberAttack #CyberSecurity #LLMs #MySQL #PostgreSQL #CVE #JadePuffer
##----------------
🎯 AI
===================
Sysdig Threat Research Team documented what they assess as the first case of agentic ransomware, an operation dubbed JADEPUFFER. The entire extortion campaign, from initial access to destructive database encryption, was driven by a large language model rather than a human operator.
Initial Access and Vulnerability
JADEPUFFER gained entry through CVE-2025-3248, a missing-authentication flaw in Langflow's code validation endpoint that allows unauthenticated Python execution. Langflow, an open-source framework for building LLM-driven applications, is frequently exposed on the internet with weak network controls and often holds API keys and cloud credentials.
Attack Chain Analysis
The operation unfolded across two distinct targets: the internet-facing Langflow instance and a separate production database server, the true objective.
Phase 1 on the Langflow instance:
1. Reconnaissance: The LLM enumerated the host (id, uname -a, hostname, network interfaces, running processes) and swept for secrets in parallel: LLM provider API keys (OpenAI, Anthropic, DeepSeek, Gemini), cloud credentials (AWS, GCP, Azure, and Chinese providers: ALIBABA_, ALIYUN_, TENCENT_, HUAWEI_), cryptocurrency wallets and seed phrases, and database credentials.
2. Local data looting: Dumped Langflow's backing Postgres database, harvested stored credentials and API keys, staged output locally, reviewed it, then deleted staging files.
3. Internal lateral discovery: Scanned the internal address space for databases, object storage, secret stores, and service-discovery endpoints, probing with default credentials.
4. MinIO enumeration: Probed minio.internal:9000 and 127.0.0.1:9000 for the S3-compatible object store.
What Makes This Different
Two characteristics distinguish JADEPUFFER from conventional ransomware:
1. Self-narrating payloads: The LLM-generated code contained natural language reasoning, target prioritization, and detailed annotations. Human operators rarely embed this kind of commentary. The payloads documented their own decision-making process.
2. Real-time adaptation: When a step failed, the LLM refined its approach and retried within seconds. In one observed sequence, it went from a failed authentication attempt to a corrected working login in 31 seconds.
Detection Considerations
• Patch Langflow instances against CVE-2025-3248 immediately
• Do not expose Langflow to the internet without authentication and network controls
• Monitor for credential-sweeping patterns targeting LLM API keys and cloud credentials in parallel
• Treat self-annotating scripts as a potential indicator of LLM-generated payloads
• The "first documented case" assessment comes from Sysdig TRT alone; independent verification is recommended
🔹 JADEPUFFER #Ransomware #AI #LLM #CVE_2025_3248
🔗 Source: https://www.sysdig.com/blog/jadepuffer-agentic-ransomware-for-automated-database-extortion
##updated 2025-10-22T00:34:22
1 posts
25 repos
https://github.com/FrenzisRed/CVE-2025-5777
https://github.com/ndr-repo/CVE-2025-5777
https://github.com/rashedhasan090/CVE-2025-5777
https://github.com/Chocapikk/CVE-2025-5777
https://github.com/below0day/Honeypot-Logs-CVE-2025-5777
https://github.com/SleepNotF0und/CVE-2025-5777
https://github.com/rootxsushant/Citrix-NetScaler-Memory-Leak-CVE-2025-5777
https://github.com/Shivshantp/CVE-2025-5777-TrendMicro-ApexCentral-RCE
https://github.com/idobarel/CVE-2025-5777
https://github.com/cyberleelawat/ExploitVeer
https://github.com/0xBlackash/CVE-2025-5777
https://github.com/RickGeex/CVE-2025-5777-CitrixBleed
https://github.com/bughuntar/CVE-2025-5777
https://github.com/rob0tstxt/POC-CVE-2025-5777
https://github.com/soltanali0/CVE-2025-5777-Exploit
https://github.com/0xgh057r3c0n/CVE-2025-5777
https://github.com/mingshenhk/CitrixBleed-2-CVE-2025-5777-PoC-
https://github.com/fox-it/citrix-netscaler-triage
https://github.com/Anshika2709/Citrixbleed2-CVE-2025-5777
https://github.com/RaR1991/citrix_bleed_2
https://github.com/mr-r3b00t/CVE-2025-5777
https://github.com/win3zz/CVE-2025-5777
https://github.com/nocerainfosec/cve-2025-5777
OpenAI voluntarily limited new AI models at government request on July 2. Cybersecurity threats remain high with critical Citrix Bleed 2 (CVE-2025-5777) and Microsoft SharePoint RCE (CVE-2026-45659) vulnerabilities being actively exploited, as reported on July 2-3. Google, in collaboration with the FBI, disrupted NetNut, a major residential proxy network spanning 2 million devices. Geopolitically, Iran issued warnings to ships regarding unapproved routes in the Strait of Hormuz on July 3.
##Discover the new Cursor IDE RCE vulnerability called DuneSlide. This critical sandbox escape flaw assigned CVE-2026-50548 threatens developer environments.
##Discover the new Cursor IDE RCE vulnerability called DuneSlide. This critical sandbox escape flaw assigned CVE-2026-50548 threatens developer environments.
##DuneSlide (CVE-2026-50548/50549): CRITICAL zero-click RCE in Cursor AI editor <3.0. Flaws in sandbox & symlink handling enable attackers to escape IDE, compromise OS. Upgrade to v3.0+ now. https://radar.offseq.com/threat/critical-cursor-ai-code-editor-flaws-could-lead-to-2cf2d4969fcd376b #OffSeq #Infosec #Vuln #RCE
##DuneSlide: Zero-Click RCE Vulnerabilities Discovered in Cursor IDE
Cato AI Labs identified two critical vulnerabilities (CVE-2026-50548 and CVE-2026-50549) in Cursor IDE that allow attackers to achieve remote code execution via zero-click prompt injection. The flaws enable sandbox escapes by overwriting system binaries through manipulated working directories and symlink resolution errors.
**If you use Cursor IDE, update ASAP to version 3.0 or later, because these flaws will be attacked very soon. Be cautious about letting the AI agent pull in content from untrusted external sources (like websites or files), since a malicious prompt hidden there is enough to trigger the attack with no other action from you.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/duneslide-zero-click-rce-vulnerabilities-discovered-in-cursor-ide-5-n-j-t-d/gD2P6Ple2L
Two PHP flaws are patched. CVE-2026-12184 is a PHP remote DoS that crashes PHP-FPM, and CVE-2026-14355 causes memory corruption. Update PHP now.
#PHP #RemoteDoS #DoS #PHPFPM #CyberSecurity #Vulnerability #InfoSec
##Recent FreeBSD security advisories detail severe flaws like CVE-2026-49420, CVE-2026-49429, and CVE-2026-49422. Patch immediately to stop attacks.
##Recent FreeBSD security advisories detail severe flaws like CVE-2026-49420, CVE-2026-49429, and CVE-2026-49422. Patch immediately to stop attacks.
##Recent FreeBSD security advisories detail severe flaws like CVE-2026-49420, CVE-2026-49429, and CVE-2026-49422. Patch immediately to stop attacks.
##Two ModSecurity vulnerabilities let attackers slip past WAF rules via a multipart parser bug (CVE-2026-52747). Update to ModSecurity v3.0.16 now.
#ModSecurity #WAF #WAFBypass #OWASP #CVE202652747 #CVE202652761 #Vulnerability
##🟠 CVE-2026-10054 - High (8.8)
In affected versions of Eclipse Theia (1.8.1 and later), the browser backend exposes privileged terminal RPC over WebSocket (/services/shell-terminal, /services/terminals/:id) without service-level authentication.
WebSocket origin validation i...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-10054/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##1 posts
2 repos
https://github.com/M8seven/cve-2026-22874-gitea-ssrf-allowlist
🔴 CVE-2026-22874 - Critical (9.6)
Gitea versions up to and including 1.26.2 have incomplete SSRF protection in webhook and migration allow-list filtering.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22874/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-58426 - Critical (9.6)
Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-58426/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##CVE-2026-58426 | CRITICAL in Gitea 1.22.0: Ambiguous HMAC signing enables cross-repo artifact reads & cross-task upload tampering. No patch available — restrict access, monitor activity. Details: https://radar.offseq.com/threat/cve-2026-58426-cwe-347-in-gitea-gitea-open-source--93937e1ae55d7b31 #OffSeq #CVE202658426 #Gitea #infosec
##🟠 CVE-2026-58423 - High (7.7)
LFS authentication bypass via malformed SSH sub-verb allows unauthorized read access to private repositories
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-58423/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-10055 - High (8.5)
In Eclipse Theia since version 1.26.0, the backend /services/request-service RPC accepts an attacker-controlled URL from any client connected to the standard /services messaging endpoint, performs the HTTP request server-side, and returns the full...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-10055/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Server-Side Request Forgery (SSRF) in Eclipse Theia 1.26.0 (CVE-2026-10055, HIGH, CVSS 8.5). Attackers with access to the service connection can target internal resources. Restrict access now. https://radar.offseq.com/threat/cve-2026-10055-cwe-918-server-side-request-forgery-66116bce3c83a4f6 #OffSeq #SSRF #EclipseTheia #Cybersecurity
##DuneSlide: Zero-Click RCE Vulnerabilities Discovered in Cursor IDE
Cato AI Labs identified two critical vulnerabilities (CVE-2026-50548 and CVE-2026-50549) in Cursor IDE that allow attackers to achieve remote code execution via zero-click prompt injection. The flaws enable sandbox escapes by overwriting system binaries through manipulated working directories and symlink resolution errors.
**If you use Cursor IDE, update ASAP to version 3.0 or later, because these flaws will be attacked very soon. Be cautious about letting the AI agent pull in content from untrusted external sources (like websites or files), since a malicious prompt hidden there is enough to trigger the attack with no other action from you.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/duneslide-zero-click-rce-vulnerabilities-discovered-in-cursor-ide-5-n-j-t-d/gD2P6Ple2L