| CVE | CVSS | EPSS | Posts | Repos | Nuclei | Updated | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-4673 | 8.8 | 0.06% | 4 | 0 | 2026-03-24T16:54:37.343000 | Heap buffer overflow in WebAudio in Google Chrome prior to 146.0.7680.165 allowe | |
| CVE-2026-4676 | 8.8 | 0.07% | 2 | 0 | 2026-03-24T16:50:03.117000 | Use after free in Dawn in Google Chrome prior to 146.0.7680.165 allowed a remote | |
| CVE-2026-33649 | 8.1 | 0.01% | 2 | 0 | 2026-03-24T16:16:34.487000 | WWBN AVideo is an open source video platform. In versions up to and including 26 | |
| CVE-2026-4368 | 0 | 0.02% | 6 | 0 | 2026-03-24T15:54:09.400000 | Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configur | |
| CVE-2026-3055 | 0 | 0.02% | 6 | 0 | 2026-03-24T15:54:09.400000 | Insufficient input validation in NetScaler ADC and NetScaler Gateway when config | |
| CVE-2026-25075 | 7.5 | 0.12% | 1 | 0 | 2026-03-24T15:54:09.400000 | strongSwan versions 4.5.0 prior to 6.0.5 contain an integer underflow vulnerabil | |
| CVE-2026-33512 | 7.5 | 0.03% | 1 | 0 | 2026-03-24T15:54:09.400000 | WWBN AVideo is an open source video platform. In versions up to and including 26 | |
| CVE-2026-33651 | 8.1 | 0.03% | 1 | 0 | 2026-03-24T15:54:09.400000 | WWBN AVideo is an open source video platform. In versions up to and including 26 | |
| CVE-2026-33650 | 7.6 | 0.03% | 1 | 0 | 2026-03-24T15:54:09.400000 | WWBN AVideo is an open source video platform. In versions up to and including 26 | |
| CVE-2026-26828 | 7.5 | 0.04% | 1 | 0 | 2026-03-24T15:54:09.400000 | A NULL pointer dereference in the daap_reply_playlists function (src/httpd_daap. | |
| CVE-2026-26829 | 7.5 | 0.73% | 1 | 0 | 2026-03-24T15:54:09.400000 | A NULL pointer dereference in the safe_atou64 function (src/misc.c) of owntone-s | |
| CVE-2026-33483 | 7.5 | 0.15% | 1 | 0 | 2026-03-24T15:54:09.400000 | WWBN AVideo is an open source video platform. In versions up to and including 26 | |
| CVE-2026-33478 | 10.0 | 0.66% | 1 | 0 | 2026-03-24T15:54:09.400000 | WWBN AVideo is an open source video platform. In versions up to and including 26 | |
| CVE-2026-4001 | 9.8 | 0.14% | 2 | 0 | 2026-03-24T15:53:48.067000 | The Woocommerce Custom Product Addons Pro plugin for WordPress is vulnerable to | |
| CVE-2026-4739 | 0 | 0.04% | 4 | 0 | 2026-03-24T15:53:48.067000 | Integer Overflow or Wraparound vulnerability in InsightSoftwareConsortium ITK ( | |
| CVE-2026-3509 | 7.5 | 0.08% | 2 | 0 | 2026-03-24T15:53:48.067000 | An unauthenticated remote attacker may be able to control the format string of m | |
| CVE-2026-4753 | 9.1 | 0.04% | 2 | 0 | 2026-03-24T15:53:48.067000 | Out-of-bounds Read vulnerability in slajerek RetroDebugger.This issue affects Re | |
| CVE-2026-4746 | 0 | 0.04% | 2 | 0 | 2026-03-24T15:53:48.067000 | Out-of-bounds Write vulnerability in timeplus-io proton (base/poco/Foundation/sr | |
| CVE-2026-4744 | 0 | 0.01% | 2 | 0 | 2026-03-24T15:53:48.067000 | Out-of-bounds Read vulnerability in rizonesoft Notepad3 (scintilla/oniguruma/sr | |
| CVE-2026-22739 | 8.6 | 0.02% | 2 | 0 | 2026-03-24T15:53:48.067000 | Vulnerability in Spring Cloud when substituting the profile parameter from a req | |
| CVE-2026-33250 | 7.5 | 0.21% | 3 | 0 | 2026-03-24T15:53:48.067000 | Freeciv21 is a free open source, turn-based, empire-building strategy game. Vers | |
| CVE-2026-33282 | 7.5 | 0.02% | 1 | 0 | 2026-03-24T15:53:48.067000 | Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 pa | |
| CVE-2026-4306 | 7.5 | 0.07% | 1 | 0 | 2026-03-24T15:53:48.067000 | The WP Job Portal plugin for WordPress is vulnerable to SQL Injection via the 'r | |
| CVE-2026-32278 | 8.2 | 0.04% | 2 | 0 | 2026-03-24T15:53:48.067000 | Connect-CMS is a content management system. In versions on the 1.x series up to | |
| CVE-2026-32300 | 8.1 | 0.03% | 1 | 0 | 2026-03-24T15:53:48.067000 | Connect-CMS is a content management system. In versions on the 1.x series up to | |
| CVE-2025-41660 | 8.8 | 0.21% | 2 | 0 | 2026-03-24T09:30:41 | A low-privileged remote attacker may be able to replace the boot application of | |
| CVE-2026-4755 | 9.8 | 0.06% | 2 | 0 | 2026-03-24T09:30:41 | CWE-20 vulnerability in MolotovCherry Android-ImageMagick7.This issue affects An | |
| CVE-2026-4745 | None | 0.05% | 2 | 0 | 2026-03-24T06:31:25 | Improper Control of Generation of Code ('Code Injection') vulnerability in dendi | |
| CVE-2026-4750 | 9.1 | 0.04% | 2 | 0 | 2026-03-24T06:31:25 | Out-of-bounds Read vulnerability in fabiangreffrath woof.This issue affects woof | |
| CVE-2026-4662 | 7.5 | 0.08% | 2 | 0 | 2026-03-24T06:31:25 | The JetEngine plugin for WordPress is vulnerable to SQL Injection via the `listi | |
| CVE-2026-4640 | 7.5 | 0.07% | 2 | 0 | 2026-03-24T06:31:25 | Vitals ESP developed by Galaxy Software Services has a Missing Authentication vu | |
| CVE-2026-4283 | 9.1 | 0.10% | 2 | 0 | 2026-03-24T06:31:20 | The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to unauthorized acc | |
| CVE-2026-4639 | 8.8 | 0.10% | 4 | 0 | 2026-03-24T06:31:14 | Vitals ESP developed by Galaxy Software Services has a Incorrect Authorization v | |
| CVE-2026-4674 | 8.8 | 0.07% | 4 | 0 | 2026-03-24T03:31:25 | Out of bounds read in CSS in Google Chrome prior to 146.0.7680.165 allowed a rem | |
| CVE-2026-4679 | 8.8 | 0.07% | 2 | 0 | 2026-03-24T03:31:25 | Integer overflow in Fonts in Google Chrome prior to 146.0.7680.165 allowed a rem | |
| CVE-2026-4678 | 8.8 | 0.07% | 2 | 0 | 2026-03-24T03:31:25 | Use after free in WebGPU in Google Chrome prior to 146.0.7680.165 allowed a remo | |
| CVE-2026-4677 | 8.8 | 0.06% | 2 | 0 | 2026-03-24T03:31:25 | Inappropriate implementation in WebAudio in Google Chrome prior to 146.0.7680.16 | |
| CVE-2026-4675 | 8.8 | 0.06% | 2 | 0 | 2026-03-24T03:31:25 | Heap buffer overflow in WebGL in Google Chrome prior to 146.0.7680.165 allowed a | |
| CVE-2026-4680 | 8.8 | 0.08% | 2 | 0 | 2026-03-24T03:31:25 | Use after free in FedCM in Google Chrome prior to 146.0.7680.165 allowed a remot | |
| CVE-2026-4021 | 8.1 | 0.12% | 1 | 0 | 2026-03-24T00:30:34 | The Contest Gallery plugin for WordPress is vulnerable to an authentication bypa | |
| CVE-2026-3533 | 8.8 | 0.22% | 1 | 0 | 2026-03-24T00:30:33 | The Jupiter X Core plugin for WordPress is vulnerable to limited file uploads du | |
| CVE-2025-60947 | 8.8 | 0.19% | 1 | 0 | 2026-03-24T00:30:28 | Census CSWeb 8.0.1 allows arbitrary file upload. A remote, authenticated attacke | |
| CVE-2025-60949 | 9.1 | 0.03% | 1 | 0 | 2026-03-24T00:30:28 | Census CSWeb 8.0.1 allows "app/config" to be reachable via HTTP in some deployme | |
| CVE-2026-32902 | None | 0.00% | 1 | 0 | 2026-03-24T00:30:28 | Rejected reason: This CVE ID has been rejected. | |
| CVE-2025-60946 | 8.8 | 0.12% | 1 | 0 | 2026-03-24T00:30:24 | Census CSWeb 8.0.1 allows arbitrary file path input. A remote, authenticated att | |
| CVE-2026-32907 | 0 | 0.00% | 1 | 0 | 2026-03-23T23:17:12.130000 | Rejected reason: This CVE ID has been rejected. | |
| CVE-2026-32913 | 7.5 | 0.03% | 1 | 1 | 2026-03-23T21:54:50 | OpenClaw's `fetchWithSsrFGuard(...)` followed cross-origin redirects while prese | |
| CVE-2026-32066 | None | 0.00% | 1 | 0 | 2026-03-23T21:52:25 | ### Summary Unauthenticated requests to a reachable Zalo webhook endpoint could | |
| CVE-2026-32845 | 8.4 | 0.01% | 1 | 0 | 2026-03-23T21:31:53 | cgltf version 1.15 and prior contain an integer overflow vulnerability in the cg | |
| CVE-2026-32299 | 7.5 | 0.03% | 1 | 0 | 2026-03-23T20:38:17 | # Security Advisory — Page Content Retrieval (Improper Authorization) ## Summar | |
| CVE-2026-32277 | 8.7 | 0.03% | 2 | 0 | 2026-03-23T20:35:51 | # Security Advisory — Cabinet Plugin (DOM-based XSS) ## Summary A DOM-based Cr | |
| CVE-2026-32276 | 8.8 | 0.07% | 1 | 0 | 2026-03-23T20:33:35 | # Security Advisory — Code Study Plugin ## Summary An authenticated user may b | |
| CVE-2026-26209 | 7.5 | 0.04% | 1 | 0 | 2026-03-23T20:24:00 | ### Summary - The `cbor2` library is vulnerable to a Denial of Service (DoS) at | |
| CVE-2026-33228 | 9.8 | 0.03% | 1 | 0 | 2026-03-23T19:14:31.040000 | flatted is a circular JSON parser. Prior to version 3.4.2, the parse() function | |
| CVE-2026-4437 | 7.5 | 0.04% | 1 | 0 | 2026-03-23T18:31:30 | Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that sp | |
| CVE-2026-4404 | 9.4 | 0.04% | 1 | 0 | 2026-03-23T18:30:31 | Use of hard coded credentials in GoHarbor Harbor version 2.15.0 and below, allow | |
| CVE-2026-33513 | 8.6 | 0.15% | 1 | 0 | 2026-03-23T17:31:53 | ### Summary An unauthenticated API endpoint (`APIName=locale`) concatenates user | |
| CVE-2026-32049 | 7.5 | 0.12% | 1 | 0 | 2026-03-23T17:09:08.487000 | OpenClaw versions prior to 2026.2.22 fail to consistently enforce configured inb | |
| CVE-2026-33292 | 7.5 | 0.04% | 1 | 0 | 2026-03-23T16:18:24.447000 | WWBN AVideo is an open source video platform. Prior to version 26.0, the HLS str | |
| CVE-2026-4599 | 9.1 | 0.03% | 3 | 0 | 2026-03-23T16:17:45.400000 | Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are vulnerable to | |
| CVE-2026-33017 | 0 | 0.36% | 3 | 3 | 2026-03-23T16:16:48.757000 | Langflow is a tool for building and deploying AI-powered agents and workflows. I | |
| CVE-2026-24060 | 9.1 | 0.02% | 1 | 0 | 2026-03-23T16:16:43.553000 | Service information is not encrypted when transmitted as BACnet packets over th | |
| CVE-2026-4602 | 7.5 | 0.04% | 2 | 0 | 2026-03-23T16:08:58.320000 | Versions of the package jsrsasign before 11.1.1 are vulnerable to Incorrect Conv | |
| CVE-2026-33352 | 9.8 | 0.03% | 1 | 0 | 2026-03-23T15:56:03.963000 | WWBN AVideo is an open source video platform. Prior to version 26.0, an unauthen | |
| CVE-2025-46597 | 7.5 | 0.03% | 1 | 0 | 2026-03-23T15:31:42 | Bitcoin Core 0.13.0 through 29.x has an integer overflow. | |
| CVE-2026-22163 | 7.9 | 0.01% | 2 | 0 | 2026-03-23T15:31:41 | Requires malware code to misuse the DDK kernel module IOCTL interface. Such cod | |
| CVE-2026-21992 | 9.8 | 0.04% | 5 | 0 | 2026-03-23T15:30:30.950000 | Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware | |
| CVE-2026-4434 | 8.1 | 0.02% | 1 | 0 | 2026-03-23T15:16:35.523000 | Improper certificate validation in the PAM propagation WinRM connections allows | |
| CVE-2026-23554 | 7.8 | 0.01% | 2 | 0 | 2026-03-23T15:16:32.060000 | The Intel EPT paging code uses an optimization to defer flushing of any cached E | |
| CVE-2026-21732 | 9.6 | 0.04% | 1 | 0 | 2026-03-23T15:16:31.653000 | A web page that contains unusual GPU shader code is loaded into the GPU compiler | |
| CVE-2025-63261 | 7.8 | 0.05% | 1 | 0 | 2026-03-23T15:16:29.387000 | AWStats 8.0 is vulnerable to Command Injection via the open function | |
| CVE-2026-4497 | 7.3 | 2.40% | 1 | 0 | 2026-03-23T14:32:02.800000 | A vulnerability was determined in Totolink WA300 5.2cu.7112_B20190227. Affected | |
| CVE-2026-31904 | 7.5 | 0.08% | 1 | 0 | 2026-03-23T14:32:02.800000 | The WebSocket Application Programming Interface lacks restrictions on the number | |
| CVE-2026-33180 | 7.5 | 0.03% | 1 | 0 | 2026-03-23T14:32:02.800000 | HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare i | |
| CVE-2026-33243 | 8.2 | 0.01% | 1 | 0 | 2026-03-23T14:32:02.800000 | barebox is a bootloader. In barebox from version 2016.03.0 to before version 202 | |
| CVE-2026-32048 | 7.5 | 0.04% | 1 | 0 | 2026-03-23T14:32:02.800000 | OpenClaw versions prior to 2026.3.1 fail to enforce sandbox inheritance during c | |
| CVE-2026-4585 | 9.8 | 0.15% | 2 | 0 | 2026-03-23T14:31:37.267000 | A vulnerability has been found in Tiandy Easy7 Integrated Management Platform up | |
| CVE-2026-4567 | 9.8 | 0.09% | 2 | 0 | 2026-03-23T14:31:37.267000 | A vulnerability has been found in Tenda A15 15.13.07.13. The impacted element is | |
| CVE-2026-4534 | 8.8 | 0.05% | 2 | 0 | 2026-03-23T14:31:37.267000 | A flaw has been found in Tenda FH451 1.0.0.9. This affects the function formWrlE | |
| CVE-2026-4552 | 8.8 | 0.05% | 1 | 0 | 2026-03-23T14:31:37.267000 | A vulnerability was determined in Tenda F453 1.0.0.3. This issue affects the fun | |
| CVE-2026-4551 | 8.8 | 0.05% | 1 | 0 | 2026-03-23T14:31:37.267000 | A vulnerability was found in Tenda F453 1.0.0.3. This vulnerability affects the | |
| CVE-2026-4540 | 7.3 | 0.03% | 1 | 0 | 2026-03-23T14:31:37.267000 | A vulnerability was detected in projectworlds Online Notes Sharing System 1.0. T | |
| CVE-2026-4529 | 8.8 | 0.04% | 2 | 0 | 2026-03-23T14:31:37.267000 | A vulnerability was identified in D-Link DHP-1320 1.00WWB04. This affects the fu | |
| CVE-2026-32969 | 7.5 | 0.15% | 4 | 0 | 2026-03-23T12:30:36 | An unauthenticated remote attacker can exploit a Pre-Auth blind SQL Injection vu | |
| CVE-2026-32968 | 9.8 | 0.11% | 3 | 0 | 2026-03-23T12:30:31 | Due to the improper neutralisation of special elements used in an OS command, an | |
| CVE-2026-3587 | 10.0 | 0.09% | 3 | 1 | 2026-03-23T09:30:29 | An unauthenticated remote attacker can exploit a hidden function in the CLI prom | |
| CVE-2026-4601 | 8.7 | 0.02% | 2 | 0 | 2026-03-23T06:30:39 | Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Crypto | |
| CVE-2026-4598 | 7.5 | 0.04% | 2 | 0 | 2026-03-23T06:30:39 | Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop | |
| CVE-2026-4606 | None | 0.04% | 1 | 0 | 2026-03-23T03:31:45 | GV Edge Recording Manager (ERM) v2.3.1 improperly runs application components wi | |
| CVE-2026-4566 | 8.8 | 0.04% | 2 | 0 | 2026-03-23T03:31:45 | A flaw has been found in Belkin F9K1122 1.00.33. The affected element is the fun | |
| CVE-2026-4565 | 8.8 | 0.09% | 2 | 0 | 2026-03-23T03:31:45 | A vulnerability was detected in Tenda AC21 16.03.08.16. Impacted is the function | |
| CVE-2026-2580 | 7.5 | 0.07% | 2 | 1 | 2026-03-23T00:31:08 | The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & | |
| CVE-2026-4553 | 8.8 | 0.02% | 1 | 0 | 2026-03-22T18:30:22 | A vulnerability was identified in Tenda F453 1.0.0.3. Impacted is the function f | |
| CVE-2026-4555 | 8.8 | 0.04% | 1 | 0 | 2026-03-22T18:30:22 | A weakness has been identified in D-Link DIR-513 1.10. The impacted element is t | |
| CVE-2026-4558 | 8.8 | 0.15% | 1 | 0 | 2026-03-22T18:30:22 | A flaw has been found in Linksys MR9600 2.0.6.206937. Affected is the function s | |
| CVE-2026-4543 | 6.3 | 0.18% | 1 | 0 | 2026-03-22T12:32:35 | A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is | |
| CVE-2026-4314 | 8.8 | 0.04% | 1 | 0 | 2026-03-22T06:30:22 | The 'The Ultimate WordPress Toolkit – WP Extended' plugin for WordPress is vulne | |
| CVE-2026-4535 | 8.8 | 0.05% | 2 | 0 | 2026-03-22T06:30:22 | A vulnerability has been found in Tenda FH451 1.0.0.9. This vulnerability affect | |
| CVE-2026-4533 | 6.3 | 0.03% | 1 | 0 | 2026-03-22T03:30:31 | A vulnerability was detected in code-projects Simple Food Ordering System 1.0. A | |
| CVE-2026-3629 | 8.1 | 0.04% | 2 | 0 | 2026-03-22T00:30:33 | The Import and export users and customers plugin for WordPress is vulnerable to | |
| CVE-2026-32042 | 8.8 | 0.11% | 1 | 0 | 2026-03-21T03:31:17 | OpenClaw versions 2026.2.22 prior to 2026.2.25 contain a privilege escalation vu | |
| CVE-2026-25192 | 9.4 | 0.13% | 1 | 0 | 2026-03-21T00:32:47 | WebSocket endpoints lack proper authentication mechanisms, enabling attackers to | |
| CVE-2026-31903 | 7.5 | 0.07% | 1 | 0 | 2026-03-21T00:32:47 | The WebSocket Application Programming Interface lacks restrictions on the number | |
| CVE-2026-29796 | 9.4 | 0.10% | 1 | 0 | 2026-03-21T00:31:52 | WebSocket endpoints lack proper authentication mechanisms, enabling attackers to | |
| CVE-2026-32666 | 7.5 | 0.04% | 1 | 0 | 2026-03-21T00:31:52 | WebCTRL systems that communicate over BACnet inherit the protocol's lack of net | |
| CVE-2026-25086 | 7.7 | 0.01% | 1 | 0 | 2026-03-21T00:31:51 | Under certain conditions, an attacker could bind to the same port used by WebCT | |
| CVE-2026-33502 | 9.3 | 0.04% | 1 | 0 | 2026-03-20T22:07:02 | ### Summary An unauthenticated server-side request forgery vulnerability in `plu | |
| CVE-2026-33507 | 8.8 | 0.06% | 1 | 0 | 2026-03-20T21:47:51 | ## Summary The `objects/pluginImport.json.php` endpoint allows admin users to u | |
| CVE-2026-33143 | None | 0.02% | 2 | 0 | 2026-03-20T21:33:34 | ### Summary The WhatsApp POST webhook handler (`/notification/whatsapp/webhook` | |
| CVE-2026-32933 | 7.5 | 0.04% | 1 | 0 | 2026-03-20T21:20:06 | ### Summary AutoMapper is vulnerable to a Denial of Service (DoS) attack. When | |
| CVE-2026-33485 | 7.5 | 0.19% | 1 | 0 | 2026-03-20T20:47:20 | ## Summary The RTMP `on_publish` callback at `plugin/Live/on_publish.php` is ac | |
| CVE-2026-33482 | 8.1 | 0.15% | 1 | 0 | 2026-03-20T20:46:42 | ## Summary The `sanitizeFFmpegCommand()` function in `plugin/API/standAlone/fun | |
| CVE-2026-33480 | 8.6 | 0.03% | 1 | 0 | 2026-03-20T20:44:12 | ## Summary The `isSSRFSafeURL()` function in AVideo can be bypassed using IPv4- | |
| CVE-2026-33479 | 8.8 | 0.15% | 1 | 0 | 2026-03-20T20:44:04 | ## Summary The Gallery plugin's `saveSort.json.php` endpoint passes unsanitized | |
| CVE-2026-33476 | 7.5 | 0.61% | 1 | 0 | 2026-03-20T20:43:22 | ## Summary The Siyuan kernel exposes an unauthenticated file-serving endpoint | |
| CVE-2026-4445 | 8.8 | 0.09% | 1 | 0 | 2026-03-20T19:32:35.237000 | Use after free in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remo | |
| CVE-2025-43520 | 7.1 | 0.47% | 16 | 0 | 2026-03-20T18:39:07.610000 | A memory corruption issue was addressed with improved memory handling. This issu | |
| CVE-2026-4452 | 8.8 | 0.07% | 1 | 0 | 2026-03-20T18:32:23 | Integer overflow in ANGLE in Google Chrome on Windows prior to 146.0.7680.153 al | |
| CVE-2025-67260 | None | 0.06% | 1 | 0 | 2026-03-20T18:31:19 | The Terrapack software, from ASTER TEC / ASTER S.p.A., with the indicated compon | |
| CVE-2026-4464 | 8.8 | 0.07% | 1 | 0 | 2026-03-20T18:31:18 | Integer overflow in ANGLE in Google Chrome prior to 146.0.7680.153 allowed a rem | |
| CVE-2026-4451 | 8.8 | 0.10% | 1 | 0 | 2026-03-20T18:05:44.367000 | Insufficient validation of untrusted input in Navigation in Google Chrome prior | |
| CVE-2026-4455 | 8.8 | 0.07% | 1 | 0 | 2026-03-20T17:59:44.053000 | Heap buffer overflow in PDFium in Google Chrome prior to 146.0.7680.153 allowed | |
| CVE-2026-4456 | 8.8 | 0.10% | 1 | 0 | 2026-03-20T17:59:23.127000 | Use after free in Digital Credentials API in Google Chrome prior to 146.0.7680.1 | |
| CVE-2026-4458 | 8.8 | 0.03% | 1 | 0 | 2026-03-20T17:58:37.903000 | Use after free in Extensions in Google Chrome prior to 146.0.7680.153 allowed an | |
| CVE-2026-4462 | 8.8 | 0.07% | 1 | 0 | 2026-03-20T17:57:26.947000 | Out of bounds read in Blink in Google Chrome prior to 146.0.7680.153 allowed a r | |
| CVE-2026-33056 | None | 0.02% | 3 | 0 | 2026-03-20T17:25:11 | ## Summary When unpacking a tar archive, the `tar` crate's `unpack_dir` functio | |
| CVE-2026-33286 | 9.1 | 0.04% | 3 | 0 | 2026-03-20T15:58:17 | ### Summary An arbitrary method execution vulnerability has been found which af | |
| CVE-2026-4463 | 8.8 | 0.06% | 1 | 0 | 2026-03-20T15:32:14 | Heap buffer overflow in WebRTC in Google Chrome prior to 146.0.7680.153 allowed | |
| CVE-2026-4447 | 8.8 | 0.09% | 1 | 0 | 2026-03-20T15:32:13 | Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.153 allo | |
| CVE-2026-4446 | 8.8 | 0.09% | 1 | 0 | 2026-03-20T15:32:13 | Use after free in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remo | |
| CVE-2026-4444 | 8.8 | 0.06% | 1 | 0 | 2026-03-20T15:32:13 | Stack buffer overflow in WebRTC in Google Chrome prior to 146.0.7680.153 allowed | |
| CVE-2026-4457 | 8.8 | 0.07% | 1 | 0 | 2026-03-20T15:31:12 | Type Confusion in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote a | |
| CVE-2026-4454 | 8.8 | 0.10% | 1 | 0 | 2026-03-20T15:31:12 | Use after free in Network in Google Chrome prior to 146.0.7680.153 allowed a rem | |
| CVE-2026-4461 | 8.8 | 0.07% | 1 | 0 | 2026-03-20T15:31:12 | Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.153 allo | |
| CVE-2026-4460 | 8.8 | 0.07% | 1 | 0 | 2026-03-20T15:31:12 | Out of bounds read in Skia in Google Chrome prior to 146.0.7680.153 allowed a re | |
| CVE-2026-4459 | 8.8 | 0.07% | 1 | 0 | 2026-03-20T15:31:12 | Out of bounds read and write in WebAudio in Google Chrome prior to 146.0.7680.15 | |
| CVE-2025-71258 | 4.3 | 1.87% | 1 | 0 | template | 2026-03-20T13:39:46.493000 | BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind serve |
| CVE-2025-71259 | 4.3 | 1.87% | 1 | 0 | template | 2026-03-20T13:39:46.493000 | BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind serve |
| CVE-2026-32596 | None | 4.20% | 1 | 0 | template | 2026-03-19T21:01:58 | ### Summary Glances web server runs without authentication by default when start |
| CVE-2026-33354 | 7.6 | 0.04% | 1 | 0 | 2026-03-19T19:34:07 | ## Summary `POST /objects/aVideoEncoder.json.php` accepts a requester-controlled | |
| CVE-2026-33351 | 9.1 | 0.07% | 1 | 0 | 2026-03-19T19:13:30 | ### Summary A Server-Side Request Forgery (SSRF) vulnerability exists in `plugi | |
| CVE-2026-20131 | 10.0 | 0.65% | 2 | 3 | 2026-03-19T18:32:21 | A vulnerability in the web-based management interface of Cisco Secure Firewall M | |
| CVE-2026-27459 | None | 0.02% | 1 | 0 | 2026-03-19T18:28:12 | If a user provided callback to `set_cookie_generate_callback` returned a cookie | |
| CVE-2026-33297 | None | 0.03% | 2 | 0 | 2026-03-19T17:25:37 | ### Summary The `setPassword.json.php` endpoint in the CustomizeUser plugin all | |
| CVE-2026-33293 | 8.1 | 0.04% | 1 | 0 | 2026-03-19T17:12:05 | ## Summary The `deleteDump` parameter in `plugin/CloneSite/cloneServer.json.php | |
| CVE-2025-71260 | 8.8 | 8.28% | 1 | 1 | 2026-03-19T15:31:27 | BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a deserializa | |
| CVE-2025-71257 | 7.3 | 3.58% | 1 | 1 | template | 2026-03-19T15:31:21 | BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain an authentica |
| CVE-2026-33242 | 7.5 | 0.02% | 2 | 0 | 2026-03-19T12:44:28 | ### Details A Path Traversal and Access Control Bypass vulnerability was discov | |
| CVE-2026-33236 | 8.1 | 0.04% | 1 | 0 | 2026-03-19T12:42:43 | ## Vulnerability Description The NLTK downloader does not validate the `subdir` | |
| CVE-2026-33231 | 7.5 | 0.04% | 1 | 0 | 2026-03-19T12:42:23 | ### Summary `nltk.app.wordnet_app` allows unauthenticated remote shutdown of the | |
| CVE-2026-33226 | 8.7 | 0.01% | 1 | 0 | 2026-03-18T20:22:12 | ### Summary The REST datasource query preview endpoint (`POST /api/queries/previ | |
| CVE-2026-33211 | 9.6 | 0.02% | 3 | 0 | 2026-03-18T20:20:10 | ### Summary The Tekton Pipelines git resolver is vulnerable to path traversal v | |
| CVE-2026-33204 | 7.5 | 0.04% | 1 | 0 | 2026-03-18T20:16:59 | ## Summary An unauthenticated attacker can perform a Denial of Service via JWE | |
| CVE-2026-33203 | 7.5 | 0.11% | 1 | 0 | 2026-03-18T20:11:01 | ## Summary The SiYuan kernel WebSocket server accepts unauthenticated connection | |
| CVE-2026-33186 | 9.1 | 0.01% | 1 | 0 | 2026-03-18T20:10:30 | ### Impact _What kind of vulnerability is it? Who is impacted?_ It is an **Auth | |
| CVE-2026-3888 | 7.9 | 0.01% | 1 | 5 | 2026-03-18T06:31:20 | Local privilege escalation in snapd on Linux allows local attackers to get root | |
| CVE-2026-3838 | 8.8 | 1.57% | 1 | 0 | 2026-03-17T14:18:58.587000 | Unraid Update Request Path Traversal Remote Code Execution Vulnerability. This v | |
| CVE-2026-32583 | 5.3 | 2.73% | 1 | 0 | template | 2026-03-16T18:32:14 | Missing Authorization vulnerability in Webnus Inc. Modern Events Calendar allows |
| CVE-2026-31979 | 8.8 | 0.02% | 1 | 0 | 2026-03-16T18:18:34.750000 | Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. | |
| CVE-2026-2493 | 7.5 | 15.24% | 1 | 0 | 2026-03-16T15:30:55 | IceWarp collaboration Directory Traversal Information Disclosure Vulnerability. | |
| CVE-2025-15060 | 9.8 | 1.71% | 1 | 0 | 2026-03-16T15:30:53 | claude-hovercraft executeClaudeCode Command Injection Remote Code Execution Vuln | |
| CVE-2026-3909 | 8.8 | 4.44% | 2 | 0 | 2026-03-13T21:32:59 | Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a re | |
| CVE-2026-27446 | None | 0.12% | 1 | 0 | 2026-03-05T15:28:06 | Missing Authentication for Critical Function (CWE-306) vulnerability in Apache A | |
| CVE-2026-27210 | 6.1 | 0.03% | 2 | 0 | 2026-03-02T15:21:06.073000 | Pannellum is a lightweight, free, and open source panorama viewer for the web. I | |
| CVE-2026-26119 | 8.8 | 0.05% | 1 | 0 | 2026-02-18T00:30:22 | Improper authentication in Windows Admin Center allows an authorized attacker to | |
| CVE-2026-1207 | 5.4 | 5.38% | 1 | 0 | template | 2026-02-04T17:34:46.147000 | An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4 |
| CVE-2026-25253 | 8.8 | 0.08% | 1 | 8 | 2026-02-02T23:41:06 | ## Summary The Control UI trusts `gatewayUrl` from the query string without val | |
| CVE-2025-68602 | 6.1 | 1.44% | 1 | 0 | template | 2026-01-20T15:33:48 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Scott Pater |
| CVE-2026-20817 | 7.8 | 0.02% | 1 | 1 | 2026-01-14T20:31:32.760000 | Improper handling of insufficient permissions or privileges in Windows Error Rep | |
| CVE-2025-55182 | 10.0 | 65.08% | 1 | 100 | template | 2025-12-09T16:53:25 | ### Impact There is an unauthenticated remote code execution vulnerability in R |
| CVE-2025-32975 | 10.0 | 0.17% | 2 | 0 | 2025-11-03T20:18:29.263000 | Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x bef | |
| CVE-2025-20720 | 8.8 | 0.03% | 1 | 0 | 2025-10-15T21:31:40 | In wlan AP driver, there is a possible out of bounds write due to an incorrect b | |
| CVE-2025-41241 | 4.4 | 0.05% | 1 | 0 | 2025-07-29T14:14:29.590000 | VMware vCenter contains a denial-of-service vulnerability. A malicious actor who | |
| CVE-2018-0204 | 7.5 | 1.69% | 1 | 0 | 2023-02-01T05:08:53 | A vulnerability in the web portal of the Cisco Prime Collaboration Provisioning | |
| CVE-2026-33872 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2025-33244 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-33307 | 0 | 0.03% | 2 | 0 | N/A | ||
| CVE-2026-33298 | 0 | 0.04% | 4 | 0 | N/A | ||
| CVE-2026-32948 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-33634 | 0 | 0.04% | 1 | 0 | N/A | ||
| CVE-2026-33164 | 0 | 0.05% | 1 | 0 | N/A | ||
| CVE-2026-33648 | 0 | 0.09% | 1 | 0 | N/A | ||
| CVE-2026-33647 | 0 | 0.21% | 1 | 0 | N/A | ||
| CVE-2026-33717 | 0 | 0.04% | 2 | 0 | N/A | ||
| CVE-2026-33716 | 0 | 0.08% | 2 | 0 | N/A | ||
| CVE-2026-33719 | 0 | 0.12% | 1 | 0 | N/A | ||
| CVE-2026-4645 | 0 | 0.11% | 1 | 0 | N/A | ||
| CVE-2023-4567 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-32888 | 0 | 0.03% | 1 | 0 | N/A |
updated 2026-03-24T16:54:37.343000
4 posts
🟠 CVE-2026-4673 - High (8.8)
Heap buffer overflow in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4673/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4673 - High (8.8)
Heap buffer overflow in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4673/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4673 - High (8.8)
Heap buffer overflow in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4673/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4673 - High (8.8)
Heap buffer overflow in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4673/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-24T16:50:03.117000
2 posts
🟠 CVE-2026-4676 - High (8.8)
Use after free in Dawn in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4676/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4676 - High (8.8)
Use after free in Dawn in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4676/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-24T16:16:34.487000
2 posts
🟠 CVE-2026-33649 - High (8.1)
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `plugin/Permissions/setPermission.json.php` endpoint accepts GET parameters for a state-changing operation that modifies user group permissions. The endpoint h...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33649/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33649 - High (8.1)
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `plugin/Permissions/setPermission.json.php` endpoint accepts GET parameters for a state-changing operation that modifies user group permissions. The endpoint h...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33649/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-24T15:54:09.400000
6 posts
Citrix patched this yesterday.
Arctic Wolf: CVE‑2026‑3055: Critical Unauthenticated Memory-Read Vulnerability in Citrix NetScaler ADC and Gateway https://arcticwolf.com/resources/blog/cve-2026-3055/
Citrix: NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2026-3055 and CVE-2026-4368 https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300&articleURL=NetScaler_ADC_and_NetScaler_Gateway_Security_Bulletin_for_CVE_2026_3055_and_CVE_2026_4368 #infosec #vulnerability
##Critical Memory Leak and Session Hijacking Vulnerabilities Patched in Citrix NetScaler
Citrix patched a critical memory overread (CVE-2026-3055) and a high-severity session-swapping race condition (CVE-2026-4368) in NetScaler ADC and Gateway. These vulnerabilities allow unauthenticated attackers to leak sensitive memory data or hijack user sessions in environments configured for SAML or VPN services.
**If possible, make sure your NetScaler ADC and Gateway appliances are isolated from the internet and accessible from trusted networks only. Them plan a quick update. If you can't isolate from the internet, this is urgent. Update the firmware to the fixed versions (14.1-66.59, 13.1-62.23, or 13.1-37.262 for FIPS/NDcPP). Attackers have previously exploited similar flaws via the CitrixBleed exploit.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-memory-leak-and-session-hijacking-vulnerabilities-patched-in-citrix-netscaler-s-x-0-i-0/gD2P6Ple2L
New Episode: SANS Stormcast Tuesday, March 24th, 2026: Tax Scam to EDR Kill; Netscaler Patches; gRPC-Go Authz Bypass;
Shownotes:
From W-2 to BYOVD: How a Tax Search Leads to Kernel-Mode AV/EDR Kill
https://www.huntress.com/blog/w2-malvertising-to-kernel-mode-edr-kill
NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2026-3055 and CVE-2026-4368
https:
AntennaPod | Anytime Player | Apple Podcasts | Castamatic | CurioCaster | Fountain | gPodder | Overcast | Pocket Casts | Podcast Addict | Podcast Guru | Podnews | Podverse | Truefans
Or Listen right here.
##Citrix patched this yesterday.
Arctic Wolf: CVE‑2026‑3055: Critical Unauthenticated Memory-Read Vulnerability in Citrix NetScaler ADC and Gateway https://arcticwolf.com/resources/blog/cve-2026-3055/
Citrix: NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2026-3055 and CVE-2026-4368 https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300&articleURL=NetScaler_ADC_and_NetScaler_Gateway_Security_Bulletin_for_CVE_2026_3055_and_CVE_2026_4368 #infosec #vulnerability
##Critical Memory Leak and Session Hijacking Vulnerabilities Patched in Citrix NetScaler
Citrix patched a critical memory overread (CVE-2026-3055) and a high-severity session-swapping race condition (CVE-2026-4368) in NetScaler ADC and Gateway. These vulnerabilities allow unauthenticated attackers to leak sensitive memory data or hijack user sessions in environments configured for SAML or VPN services.
**If possible, make sure your NetScaler ADC and Gateway appliances are isolated from the internet and accessible from trusted networks only. Them plan a quick update. If you can't isolate from the internet, this is urgent. Update the firmware to the fixed versions (14.1-66.59, 13.1-62.23, or 13.1-37.262 for FIPS/NDcPP). Attackers have previously exploited similar flaws via the CitrixBleed exploit.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-memory-leak-and-session-hijacking-vulnerabilities-patched-in-citrix-netscaler-s-x-0-i-0/gD2P6Ple2L
➡️ CVE-2026-3055 👀
👇
https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300
CVE-2026-3055 - Out-of-Bounds Read vulnerability - CVSSv4 base score: 9.3
Note: Citrix NetScaler ADC or Citrix Gateway must be configured as SAML IDP to be vulnerable to CVE-2026-3055.
updated 2026-03-24T15:54:09.400000
6 posts
Citrix patched this yesterday.
Arctic Wolf: CVE‑2026‑3055: Critical Unauthenticated Memory-Read Vulnerability in Citrix NetScaler ADC and Gateway https://arcticwolf.com/resources/blog/cve-2026-3055/
Citrix: NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2026-3055 and CVE-2026-4368 https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300&articleURL=NetScaler_ADC_and_NetScaler_Gateway_Security_Bulletin_for_CVE_2026_3055_and_CVE_2026_4368 #infosec #vulnerability
##Critical Memory Leak and Session Hijacking Vulnerabilities Patched in Citrix NetScaler
Citrix patched a critical memory overread (CVE-2026-3055) and a high-severity session-swapping race condition (CVE-2026-4368) in NetScaler ADC and Gateway. These vulnerabilities allow unauthenticated attackers to leak sensitive memory data or hijack user sessions in environments configured for SAML or VPN services.
**If possible, make sure your NetScaler ADC and Gateway appliances are isolated from the internet and accessible from trusted networks only. Them plan a quick update. If you can't isolate from the internet, this is urgent. Update the firmware to the fixed versions (14.1-66.59, 13.1-62.23, or 13.1-37.262 for FIPS/NDcPP). Attackers have previously exploited similar flaws via the CitrixBleed exploit.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-memory-leak-and-session-hijacking-vulnerabilities-patched-in-citrix-netscaler-s-x-0-i-0/gD2P6Ple2L
New Episode: SANS Stormcast Tuesday, March 24th, 2026: Tax Scam to EDR Kill; Netscaler Patches; gRPC-Go Authz Bypass;
Shownotes:
From W-2 to BYOVD: How a Tax Search Leads to Kernel-Mode AV/EDR Kill
https://www.huntress.com/blog/w2-malvertising-to-kernel-mode-edr-kill
NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2026-3055 and CVE-2026-4368
https:
AntennaPod | Anytime Player | Apple Podcasts | Castamatic | CurioCaster | Fountain | gPodder | Overcast | Pocket Casts | Podcast Addict | Podcast Guru | Podnews | Podverse | Truefans
Or Listen right here.
##Citrix patched this yesterday.
Arctic Wolf: CVE‑2026‑3055: Critical Unauthenticated Memory-Read Vulnerability in Citrix NetScaler ADC and Gateway https://arcticwolf.com/resources/blog/cve-2026-3055/
Citrix: NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2026-3055 and CVE-2026-4368 https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300&articleURL=NetScaler_ADC_and_NetScaler_Gateway_Security_Bulletin_for_CVE_2026_3055_and_CVE_2026_4368 #infosec #vulnerability
##Critical Memory Leak and Session Hijacking Vulnerabilities Patched in Citrix NetScaler
Citrix patched a critical memory overread (CVE-2026-3055) and a high-severity session-swapping race condition (CVE-2026-4368) in NetScaler ADC and Gateway. These vulnerabilities allow unauthenticated attackers to leak sensitive memory data or hijack user sessions in environments configured for SAML or VPN services.
**If possible, make sure your NetScaler ADC and Gateway appliances are isolated from the internet and accessible from trusted networks only. Them plan a quick update. If you can't isolate from the internet, this is urgent. Update the firmware to the fixed versions (14.1-66.59, 13.1-62.23, or 13.1-37.262 for FIPS/NDcPP). Attackers have previously exploited similar flaws via the CitrixBleed exploit.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-memory-leak-and-session-hijacking-vulnerabilities-patched-in-citrix-netscaler-s-x-0-i-0/gD2P6Ple2L
➡️ CVE-2026-3055 👀
👇
https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300
CVE-2026-3055 - Out-of-Bounds Read vulnerability - CVSSv4 base score: 9.3
Note: Citrix NetScaler ADC or Citrix Gateway must be configured as SAML IDP to be vulnerable to CVE-2026-3055.
updated 2026-03-24T15:54:09.400000
1 posts
🟠 CVE-2026-25075 - High (7.5)
strongSwan versions 4.5.0 prior to 6.0.5 contain an integer underflow vulnerability in the EAP-TTLS AVP parser that allows unauthenticated remote attackers to cause a denial of service by sending crafted AVP data with invalid length fields during ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25075/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-24T15:54:09.400000
1 posts
🟠 CVE-2026-33512 - High (7.5)
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the API plugin exposes a `decryptString` action without any authentication. Anyone can submit ciphertext and receive plaintext. Ciphertext is issued publicly (e.g....
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33512/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-24T15:54:09.400000
1 posts
🟠 CVE-2026-33651 - High (8.1)
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `remindMe.json.php` endpoint passes `$_REQUEST['live_schedule_id']` through multiple functions without sanitization until it reaches `Scheduler_commands::getAl...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33651/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-24T15:54:09.400000
1 posts
🟠 CVE-2026-33650 - High (7.6)
WWBN AVideo is an open source video platform. In versions up to and including 26.0, a user with the "Videos Moderator" permission can escalate privileges to perform full video management operations — including ownership transfer and deletion of ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33650/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-24T15:54:09.400000
1 posts
🟠 CVE-2026-26828 - High (7.5)
A NULL pointer dereference in the daap_reply_playlists function (src/httpd_daap.c) of owntone-server commit 3d1652d allows attackers to cause a Denial of Service (DoS) via sending a crafted DAAP request to the server
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26828/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-24T15:54:09.400000
1 posts
🟠 CVE-2026-26829 - High (7.5)
A NULL pointer dereference in the safe_atou64 function (src/misc.c) of owntone-server through commit c4d57aa allows attackers to cause a Denial of Service (DoS) via sending a series of crafted HTTP requests to the server.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26829/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-24T15:54:09.400000
1 posts
🟠 CVE-2026-33483 - High (7.5)
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `aVideoEncoderChunk.json.php` endpoint is a completely standalone PHP script with no authentication, no framework includes, and no resource limits. An unauthen...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33483/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-24T15:54:09.400000
1 posts
🔴 CVE-2026-33478 - Critical (10)
WWBN AVideo is an open source video platform. In versions up to and including 26.0, multiple vulnerabilities in AVideo's CloneSite plugin chain together to allow a completely unauthenticated attacker to achieve remote code execution. The `clones.j...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33478/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-24T15:53:48.067000
2 posts
⛔ New security advisory:
CVE-2026-4001 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-4001-woocommerce-custom-product-addons-pro-rce
🔴 CVE-2026-4001 - Critical (9.8)
The Woocommerce Custom Product Addons Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.4.1 via the custom pricing formula eval() in the process_custom_formula() function within includes/proces...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4001/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-24T15:53:48.067000
4 posts
🛡️ #Cybersecurity news & tips across the #fediverse 👇
“🚨 CVE-2026-4739 (CRITICAL, CVSS 9.4) in ITK: Integer overflow in Expat XML parser enables remote code execution or DoS in medical/scientific apps. Update to v2.7.1 now. User interaction required. Details: https:// ra...”
https://infosec.exchange/@offseq/116283685757971538
🤖 via RSS feed. Not an endorsement.
##🚨 CVE-2026-4739 (CRITICAL, CVSS 9.4) in ITK: Integer overflow in Expat XML parser enables remote code execution or DoS in medical/scientific apps. Update to v2.7.1 now. User interaction required. Details: https://radar.offseq.com/threat/cve-2026-4739-cwe-190-integer-overflow-or-wraparou-4dc9a6b8 #OffSeq #Vulnerability #ITK #Infosec
##🛡️ #Cybersecurity news & tips across the #fediverse 👇
“🚨 CVE-2026-4739 (CRITICAL, CVSS 9.4) in ITK: Integer overflow in Expat XML parser enables remote code execution or DoS in medical/scientific apps. Update to v2.7.1 now. User interaction required. Details: https:// ra...”
https://infosec.exchange/@offseq/116283685757971538
🤖 via RSS feed. Not an endorsement.
##🚨 CVE-2026-4739 (CRITICAL, CVSS 9.4) in ITK: Integer overflow in Expat XML parser enables remote code execution or DoS in medical/scientific apps. Update to v2.7.1 now. User interaction required. Details: https://radar.offseq.com/threat/cve-2026-4739-cwe-190-integer-overflow-or-wraparou-4dc9a6b8 #OffSeq #Vulnerability #ITK #Infosec
##updated 2026-03-24T15:53:48.067000
2 posts
#OT #Advisory VDE-2026-018
CODESYS Control V3 - Externally-controlled format string in Auditlog
The CODESYS Control runtime system's CmpAuditLog component allows potentially unauthenticated remote attackers to control the format string of processed log messages. Due to the internal processing logic, the impact is limited to a crash of the CODESYS Control runtime.
#CVE CVE-2026-3509
https://certvde.com/en/advisories/vde-2026-018/
#CSAF https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2026/advisory2026-03_vde-2026-018.json
###OT #Advisory VDE-2026-018
CODESYS Control V3 - Externally-controlled format string in Auditlog
The CODESYS Control runtime system's CmpAuditLog component allows potentially unauthenticated remote attackers to control the format string of processed log messages. Due to the internal processing logic, the impact is limited to a crash of the CODESYS Control runtime.
#CVE CVE-2026-3509
https://certvde.com/en/advisories/vde-2026-018/
#CSAF https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2026/advisory2026-03_vde-2026-018.json
##updated 2026-03-24T15:53:48.067000
2 posts
🔴 CVE-2026-4753 - Critical (9.1)
Out-of-bounds Read vulnerability in slajerek RetroDebugger.This issue affects RetroDebugger: before v0.64.72.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4753/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-4753 - Critical (9.1)
Out-of-bounds Read vulnerability in slajerek RetroDebugger.This issue affects RetroDebugger: before v0.64.72.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4753/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-24T15:53:48.067000
2 posts
🚨 CRITICAL: CVE-2026-4746 in timeplus-io proton (<1.6.16) allows remote out-of-bounds writes — risk of code execution, system takeover. No auth or user action needed. Patch when available, restrict access now. Details: https://radar.offseq.com/threat/cve-2026-4746-cwe-787-out-of-bounds-write-in-timep-fbe0e14b #OffSeq #CVE20264746 #Vuln
##🚨 CRITICAL: CVE-2026-4746 in timeplus-io proton (<1.6.16) allows remote out-of-bounds writes — risk of code execution, system takeover. No auth or user action needed. Patch when available, restrict access now. Details: https://radar.offseq.com/threat/cve-2026-4746-cwe-787-out-of-bounds-write-in-timep-fbe0e14b #OffSeq #CVE20264746 #Vuln
##updated 2026-03-24T15:53:48.067000
2 posts
🛡️ CRITICAL: CVE-2026-4744 in rizonesoft Notepad3 (<6.25.714.1) enables out-of-bounds reads — possible data disclosure & crashes. Patch ASAP, restrict access, and avoid untrusted files. More info: https://radar.offseq.com/threat/cve-2026-4744-cwe-125-out-of-bounds-read-in-rizone-16fef5f9 #OffSeq #CVE20264744 #infosec #vuln
##🛡️ CRITICAL: CVE-2026-4744 in rizonesoft Notepad3 (<6.25.714.1) enables out-of-bounds reads — possible data disclosure & crashes. Patch ASAP, restrict access, and avoid untrusted files. More info: https://radar.offseq.com/threat/cve-2026-4744-cwe-125-out-of-bounds-read-in-rizone-16fef5f9 #OffSeq #CVE20264744 #infosec #vuln
##updated 2026-03-24T15:53:48.067000
2 posts
🟠 CVE-2026-22739 - High (8.6)
Vulnerability in Spring Cloud when substituting the profile parameter from a request made to the Spring Cloud Config Server configured to the native file system as a backend, because it was possible to access files outside of the configured search...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22739/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-22739 - High (8.6)
Vulnerability in Spring Cloud when substituting the profile parameter from a request made to the Spring Cloud Config Server configured to the native file system as a backend, because it was possible to access files outside of the configured search...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22739/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-24T15:53:48.067000
3 posts
🟠 CVE-2026-33250 - High (7.5)
Freeciv21 is a free open source, turn-based, empire-building strategy game. Versions prior to 3.1.1 crash with a stack overflow when receiving specially-crafted packets. A remote attacker can use this to take down any public server. A malicious se...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33250/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33250 - High (7.5)
Freeciv21 is a free open source, turn-based, empire-building strategy game. Versions prior to 3.1.1 crash with a stack overflow when receiving specially-crafted packets. A remote attacker can use this to take down any public server. A malicious se...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33250/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-24T15:53:48.067000
1 posts
🟠 CVE-2026-33282 - High (7.5)
Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing a malformed NGAP LocationReport message with `ue-presence-in-area-of-interest` event type and omitting the optional `UEPresenceInAreaOfInterestLis...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33282/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-24T15:53:48.067000
1 posts
🟠 CVE-2026-4306 - High (7.5)
The WP Job Portal plugin for WordPress is vulnerable to SQL Injection via the 'radius' parameter in all versions up to, and including, 2.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the exis...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4306/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-24T15:53:48.067000
2 posts
🟠 CVE-2026-32278 - High (8.2)
Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, a Stored Cross-site Scripting (XSS) issue exists in the file field of the Form Plugin. ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32278/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32278 - High (8.2)
Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, a Stored Cross-site Scripting (XSS) issue exists in the file field of the Form Plugin. ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32278/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-24T15:53:48.067000
1 posts
🟠 CVE-2026-32300 - High (8.1)
Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the My Page profile update feature may allow modific...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32300/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-24T09:30:41
2 posts
#OT #Advisory VDE-2026-011
CODESYS Control V3 - Untrusted boot application
The CODESYS Control runtime system provides a user management mechanism with multiple privilege groups. While only the privileged Administrators and Developer groups are intended to load or debug applications on the controller, users in the restricted Service group are allowed to perform maintenance operations, including explicitly replacing the boot application.
#CVE CVE-2025-41660
https://certvde.com/en/advisories/vde-2026-011/
#CSAF https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2026/advisory2026-02_vde-2026-011.json
###OT #Advisory VDE-2026-011
CODESYS Control V3 - Untrusted boot application
The CODESYS Control runtime system provides a user management mechanism with multiple privilege groups. While only the privileged Administrators and Developer groups are intended to load or debug applications on the controller, users in the restricted Service group are allowed to perform maintenance operations, including explicitly replacing the boot application.
#CVE CVE-2025-41660
https://certvde.com/en/advisories/vde-2026-011/
#CSAF https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2026/advisory2026-02_vde-2026-011.json
##updated 2026-03-24T09:30:41
2 posts
⚠️ CVE-2026-4755: Critical vuln in MolotovCherry Android-ImageMagick7 (<7.1.2-11). Remote, unauthenticated RCE possible due to improper input validation. Patch ASAP & enforce input checks. Details: https://radar.offseq.com/threat/cve-2026-4755-cwe-20-cwe-20-in-molotovcherry-andro-fb2c95b0 #OffSeq #Android #Vuln #ImageMagick #CVE2026_4755
##⚠️ CVE-2026-4755: Critical vuln in MolotovCherry Android-ImageMagick7 (<7.1.2-11). Remote, unauthenticated RCE possible due to improper input validation. Patch ASAP & enforce input checks. Details: https://radar.offseq.com/threat/cve-2026-4755-cwe-20-cwe-20-in-molotovcherry-andro-fb2c95b0 #OffSeq #Android #Vuln #ImageMagick #CVE2026_4755
##updated 2026-03-24T06:31:25
2 posts
🚨 CRITICAL: CVE-2026-4745 in dendibakh perf-ninja (CVSS 10) — remote code injection flaw in labs/misc/pgo/lua & ldo.C. No exploits yet, but restrict access, monitor logs, and prep for urgent patches. Full system compromise risk. https://radar.offseq.com/threat/cve-2026-4745-cwe-94-improper-control-of-generatio-1708b5aa #OffSeq #Vuln #AppSec
##🚨 CRITICAL: CVE-2026-4745 in dendibakh perf-ninja (CVSS 10) — remote code injection flaw in labs/misc/pgo/lua & ldo.C. No exploits yet, but restrict access, monitor logs, and prep for urgent patches. Full system compromise risk. https://radar.offseq.com/threat/cve-2026-4745-cwe-94-improper-control-of-generatio-1708b5aa #OffSeq #Vuln #AppSec
##updated 2026-03-24T06:31:25
2 posts
🔴 CVE-2026-4750 - Critical (9.1)
Out-of-bounds Read vulnerability in fabiangreffrath woof.This issue affects woof: before woof_15.3.0.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4750/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-4750 - Critical (9.1)
Out-of-bounds Read vulnerability in fabiangreffrath woof.This issue affects woof: before woof_15.3.0.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4750/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-24T06:31:25
2 posts
🟠 CVE-2026-4662 - High (7.5)
The JetEngine plugin for WordPress is vulnerable to SQL Injection via the `listing_load_more` AJAX action in all versions up to, and including, 3.8.6.1. This is due to the `filtered_query` parameter being excluded from the HMAC signature validatio...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4662/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4662 - High (7.5)
The JetEngine plugin for WordPress is vulnerable to SQL Injection via the `listing_load_more` AJAX action in all versions up to, and including, 3.8.6.1. This is due to the `filtered_query` parameter being excluded from the HMAC signature validatio...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4662/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-24T06:31:25
2 posts
🟠 CVE-2026-4640 - High (7.5)
Vitals ESP developed by Galaxy Software Services has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to execute certain functions to obtain sensitive information.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4640/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4640 - High (7.5)
Vitals ESP developed by Galaxy Software Services has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to execute certain functions to obtain sensitive information.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4640/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-24T06:31:20
2 posts
🔴 CVE-2026-4283 - Critical (9.1)
The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to unauthorized account destruction in all versions up to, and including, 3.1.38. This is due to the `super-unsubscribe` AJAX action accepting a `process_now` parameter from unauthentica...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4283/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-4283 - Critical (9.1)
The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to unauthorized account destruction in all versions up to, and including, 3.1.38. This is due to the `super-unsubscribe` AJAX action accepting a `process_now` parameter from unauthentica...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4283/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-24T06:31:14
4 posts
🛡️ #Cybersecurity news & tips across the #fediverse 👇
“🟠 CVE-2026-4639 - High (8.8) Vitals ESP developed by Galaxy Software Services has a Incorrect Authorization vulnerability, allowing authenticated remote attackers to perform certain administrative functions, thereby es...”
https://mastodon.social/@thehackerwire/116282484405537793
🤖 via RSS feed. Not an endorsement.
##🟠 CVE-2026-4639 - High (8.8)
Vitals ESP developed by Galaxy Software Services has a Incorrect Authorization vulnerability, allowing authenticated remote attackers to perform certain administrative functions, thereby escalating privileges.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4639/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🛡️ #Cybersecurity news & tips across the #fediverse 👇
“🟠 CVE-2026-4639 - High (8.8) Vitals ESP developed by Galaxy Software Services has a Incorrect Authorization vulnerability, allowing authenticated remote attackers to perform certain administrative functions, thereby es...”
https://mastodon.social/@thehackerwire/116282484405537793
🤖 via RSS feed. Not an endorsement.
##🟠 CVE-2026-4639 - High (8.8)
Vitals ESP developed by Galaxy Software Services has a Incorrect Authorization vulnerability, allowing authenticated remote attackers to perform certain administrative functions, thereby escalating privileges.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4639/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-24T03:31:25
4 posts
🟠 CVE-2026-4674 - High (8.8)
Out of bounds read in CSS in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4674/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4674 - High (8.8)
Out of bounds read in CSS in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4674/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4674 - High (8.8)
Out of bounds read in CSS in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4674/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4674 - High (8.8)
Out of bounds read in CSS in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4674/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-24T03:31:25
2 posts
🟠 CVE-2026-4679 - High (8.8)
Integer overflow in Fonts in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4679/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4679 - High (8.8)
Integer overflow in Fonts in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4679/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-24T03:31:25
2 posts
🟠 CVE-2026-4678 - High (8.8)
Use after free in WebGPU in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4678/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4678 - High (8.8)
Use after free in WebGPU in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4678/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-24T03:31:25
2 posts
🟠 CVE-2026-4677 - High (8.8)
Inappropriate implementation in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4677/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4677 - High (8.8)
Inappropriate implementation in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4677/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-24T03:31:25
2 posts
🟠 CVE-2026-4675 - High (8.8)
Heap buffer overflow in WebGL in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4675/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4675 - High (8.8)
Heap buffer overflow in WebGL in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4675/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-24T03:31:25
2 posts
🟠 CVE-2026-4680 - High (8.8)
Use after free in FedCM in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4680/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4680 - High (8.8)
Use after free in FedCM in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4680/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-24T00:30:34
1 posts
🟠 CVE-2026-4021 - High (8.1)
The Contest Gallery plugin for WordPress is vulnerable to an authentication bypass leading to admin account takeover in all versions up to, and including, 28.1.5. This is due to the email confirmation handler in `users-registry-check-after-email-o...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4021/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-24T00:30:33
1 posts
🟠 CVE-2026-3533 - High (8.8)
The Jupiter X Core plugin for WordPress is vulnerable to limited file uploads due to missing authorization on import_popup_templates() function as well as insufficient file type validation in the upload_files() function in all versions up to, and ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3533/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-24T00:30:28
1 posts
🟠 CVE-2025-60947 - High (8.8)
Census CSWeb 8.0.1 allows arbitrary file upload. A remote, authenticated attacker could upload a malicious file, possibly leading to remote code execution. Fixed in 8.1.0 alpha.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-60947/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-24T00:30:28
1 posts
🔴 CVE-2025-60949 - Critical (9.1)
Census CSWeb 8.0.1 allows "app/config" to be reachable via HTTP in some deployments. A remote, unauthenticated attacker could send requests to configuration files and obtain leaked secrets. Fixed in 8.1.0 alpha.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-60949/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-24T00:30:28
1 posts
🟠 CVE-2026-32902 - High (8.3)
OpenClaw before 2026.3.1 contains a server-side request forgery vulnerability in web_search citation redirect resolution that allows attackers to target private-network destinations. Attackers who influence citation redirect targets can trigger in...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32902/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-24T00:30:24
1 posts
🟠 CVE-2025-60946 - High (8.8)
Census CSWeb 8.0.1 allows arbitrary file path input. A remote, authenticated attacker could access unintended file directories. Fixed in 8.1.0 alpha.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-60946/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T23:17:12.130000
1 posts
🟠 CVE-2026-32907 - High (7.8)
OpenClaw before 2026.2.19 contains a local command injection vulnerability in Windows scheduled task script generation that allows attackers to execute arbitrary commands by injecting cmd metacharacters into unsafe gateway.cmd arguments. Attackers...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32907/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T21:54:50
1 posts
1 repos
🔴 CVE-2026-32913 - Critical (9.3)
OpenClaw before 2026.3.7 contains an improper header validation vulnerability in fetchWithSsrFGuard that forwards custom authorization headers across cross-origin redirects. Attackers can trigger redirects to different origins to intercept sensiti...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32913/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T21:52:25
1 posts
🟠 CVE-2026-32066 - High (7.5)
OpenClaw before 2026.3.1 contains an unbounded memory growth vulnerability in the Zalo webhook endpoint that allows unauthenticated attackers to trigger memory exhaustion by varying query strings. Attackers can send repeated requests with differen...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32066/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T21:31:53
1 posts
🟠 CVE-2026-32845 - High (8.4)
cgltf version 1.15 and prior contain an integer overflow vulnerability in the cgltf_validate() function when validating sparse accessors that allows attackers to trigger out-of-bounds reads by supplying crafted glTF/GLB input files with attacker-c...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32845/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T20:38:17
1 posts
🟠 CVE-2026-32299 - High (7.5)
Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the page content retrieval feature may allow retriev...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32299/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T20:35:51
2 posts
🟠 CVE-2026-32277 - High (8.7)
Connect-CMS is a content management system. In versions 1.35.0 through 1.41.0 and 2.35.0 through 2.41.0, a DOM-based Cross-Site Scripting (XSS) issue exists in the Cabinet Plugin list view. Versions 1.41.1 and 2.41.1 contain a patch.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32277/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32277 - High (8.7)
Connect-CMS is a content management system. In versions 1.35.0 through 1.41.0 and 2.35.0 through 2.41.0, a DOM-based Cross-Site Scripting (XSS) issue exists in the Cabinet Plugin list view. Versions 1.41.1 and 2.41.1 contain a patch.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32277/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T20:33:35
1 posts
🟠 CVE-2026-32276 - High (8.8)
Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an authenticated user may be able to execute arbitrary code in the Code Study Plugin. V...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32276/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T20:24:00
1 posts
🟠 CVE-2026-26209 - High (7.5)
cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) serialization format. Versions prior to 5.9.0 are vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding deeply nested ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26209/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T19:14:31.040000
1 posts
🔴 CVE-2026-33228 - Critical (9.8)
flatted is a circular JSON parser. Prior to version 3.4.2, the parse() function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating that they are numeric. Since the internal inpu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33228/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T18:31:30
1 posts
🟠 CVE-2026-4437 - High (7.5)
Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violatio...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4437/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T18:30:31
1 posts
🔴 CVE-2026-4404 - Critical (9.4)
Use of hard coded credentials in GoHarbor Harbor version 2.15.0 and below, allows attackers to use the default password and gain access to the web UI.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4404/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T17:31:53
1 posts
🟠 CVE-2026-33513 - High (8.6)
WWBN AVideo is an open source video platform. In versions up to and including 26.0, an unauthenticated API endpoint (`APIName=locale`) concatenates user input into an `include` path with no canonicalization or whitelist. Path traversal is accepted...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33513/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T17:09:08.487000
1 posts
🟠 CVE-2026-32049 - High (7.5)
OpenClaw versions prior to 2026.2.22 fail to consistently enforce configured inbound media byte limits before buffering remote media across multiple channel ingestion paths. Remote attackers can send oversized media payloads to trigger elevated me...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32049/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T16:18:24.447000
1 posts
🟠 CVE-2026-33292 - High (7.5)
WWBN AVideo is an open source video platform. Prior to version 26.0, the HLS streaming endpoint (`view/hls.php`) is vulnerable to a path traversal attack that allows an unauthenticated attacker to stream any private or paid video on the platform. ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33292/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T16:17:45.400000
3 posts
🔥 CRITICAL: CVE-2026-4599 in jsrsasign 7.0.0 – 11.1.1 lets attackers recover private keys via DSA nonce bias. No auth needed — patch ASAP or add nonce checks! https://radar.offseq.com/threat/cve-2026-4599-incomplete-comparison-with-missing-f-9aee8aa7 #OffSeq #Vulnerability #Cryptography #CVE20264599
##🔴 CVE-2026-4599 - Critical (9.1)
Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are vulnerable to Incomplete Comparison with Missing Factors via the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions in src/crypto-1.1.js; an attacker can recove...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4599/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-4599 - Critical (9.1)
Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are vulnerable to Incomplete Comparison with Missing Factors via the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions in src/crypto-1.1.js; an attacker can recove...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4599/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T16:16:48.757000
3 posts
3 repos
https://github.com/SimoesCTT/Sovereign-Echo-33017
https://github.com/omer-efe-curkus/CVE-2026-33017-Langflow-RCE-PoC
CVE-2026-33017: How attackers compromised Langflow AI pipelines in 20 hours
#CVE_2026_33017
https://www.sysdig.com/blog/cve-2026-33017-how-attackers-compromised-langflow-ai-pipelines-in-20-hours
Langflow Got Hacked Twice Through the Same exec() Call - CVE-2026-33017 (CVSS 9.3) exploited in 20 hours with no public PoC https://blog.barrack.ai/langflow-exec-rce-cve-2026-33017/
##CVE-2026–33017: How I Found an Unauthenticated RCE in Langflow by Reading the Code They Already Fixed
#CVE_2026–33017
https://medium.com/@aviral23/cve-2026-33017-how-i-found-an-unauthenticated-rce-in-langflow-by-reading-the-code-they-already-dc96cdce5896
updated 2026-03-23T16:16:43.553000
1 posts
🔴 CVE-2026-24060 - Critical (9.1)
Service information is not encrypted when transmitted as BACnet packets
over the wire, and can be sniffed, intercepted, and modified by an
attacker. Valuable information such as the File Start Position and File
Data can be sniffed from network ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24060/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T16:08:58.320000
2 posts
🟠 CVE-2026-4602 - High (7.5)
Versions of the package jsrsasign before 11.1.1 are vulnerable to Incorrect Conversion between Numeric Types due to handling negative exponents in ext/jsbn2.js. An attacker can force the computation of incorrect modular inverses and break signatur...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4602/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4602 - High (7.5)
Versions of the package jsrsasign before 11.1.1 are vulnerable to Incorrect Conversion between Numeric Types due to handling negative exponents in ext/jsbn2.js. An attacker can force the computation of incorrect modular inverses and break signatur...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4602/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T15:56:03.963000
1 posts
🔴 CVE-2026-33352 - Critical (9.8)
WWBN AVideo is an open source video platform. Prior to version 26.0, an unauthenticated SQL injection vulnerability exists in `objects/category.php` in the `getAllCategories()` method. The `doNotShowCats` request parameter is sanitized only by str...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33352/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T15:31:42
1 posts
🟠 CVE-2025-46597 - High (7.5)
Bitcoin Core 0.13.0 through 29.x has an integer overflow.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-46597/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T15:31:41
2 posts
🟠 CVE-2026-22163 - High (7.8)
Requires malware code to misuse the DDK kernel module IOCTL interface.
Such code can use the interface in an unsupported way that allows subversion of the GPU to perform writes to arbitrary physical memory pages.
The product utilises a shared re...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22163/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-22163 - High (7.8)
Requires malware code to misuse the DDK kernel module IOCTL interface.
Such code can use the interface in an unsupported way that allows subversion of the GPU to perform writes to arbitrary physical memory pages.
The product utilises a shared re...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22163/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T15:30:30.950000
5 posts
CVE-2026-21992 can be used without authentication for remote code execution and it may have been exploited in the wild. https://www.securityweek.com/oracle-releases-emergency-patch-for-critical-identity-manager-vulnerability/
##CVE-2026-21992 can be used without authentication for remote code execution and it may have been exploited in the wild. https://www.securityweek.com/oracle-releases-emergency-patch-for-critical-identity-manager-vulnerability/
##Oracle alert 🚨
CVE-2026-21992 → unauth RCE (9.8)
Identity systems = high-value target
Emergency patch released
Assume breach? 👇
Follow @technadu
🔴 CRITICAL: Oracle Identity Manager RCE (CVE-2026-21992) allows unauthenticated remote code execution. No active exploitation reported yet, but patch now to avoid full compromise. Review deployments and restrict access. https://radar.offseq.com/threat/oracle-releases-emergency-patch-for-critical-ident-3d33a815 #OffSeq #Oracle #Vuln #Patch
##🔴 CVE-2026-21992 - Critical (9.8)
Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: REST WebServices) and Oracle Web Services Manager product of Oracle Fusion Middleware (component: Web Services Security). Supported versions that are aff...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21992/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T15:16:35.523000
1 posts
🟠 CVE-2026-4434 - High (8.1)
Improper certificate validation in the PAM propagation WinRM connections
allows a network attacker to perform a man-in-the-middle attack via
disabled TLS certificate verification.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4434/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T15:16:32.060000
2 posts
🟠 CVE-2026-23554 - High (7.8)
The Intel EPT paging code uses an optimization to defer flushing of any cached
EPT state until the p2m lock is dropped, so that multiple modifications done
under the same locked region only issue a single flush.
Freeing of paging structures howev...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23554/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-23554 - High (7.8)
The Intel EPT paging code uses an optimization to defer flushing of any cached
EPT state until the p2m lock is dropped, so that multiple modifications done
under the same locked region only issue a single flush.
Freeing of paging structures howev...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23554/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T15:16:31.653000
1 posts
🔴 CVE-2026-21732 - Critical (9.6)
A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21732/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T15:16:29.387000
1 posts
🟠 CVE-2025-63261 - High (7.8)
AWStats 8.0 is vulnerable to Command Injection via the open function
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-63261/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T14:32:02.800000
1 posts
📈 CVE Published in last 7 days (2026-03-16 - 2026-03-23)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1444
Severity:
- Critical: 89
- High: 472
- Medium: 648
- Low: 83
- None: 152
Status:
- : 57
- Analyzed: 366
- Awaiting Analysis: 475
- Modified: 12
- Received: 339
- Rejected: 13
- Undergoing Analysis: 182
Top CNAs:
- GitHub, Inc.: 376
- VulnCheck: 209
- VulDB: 151
- Wordfence: 133
- MITRE: 72
- N/A: 57
- kernel.org: 45
- Patchstack: 39
- Chrome: 26
- Zero Day Initiative: 23
Top Affected Products:
- UNKNOWN: 994
- Openclaw: 79
- Google Chrome: 26
- Mattermost Server: 20
- Canva Affinity: 19
- Dlink Dns-321 Firmware: 15
- Dlink Dns-320 Firmware: 15
- Dlink Dns-345 Firmware: 15
- Dlink Dns-326 Firmware: 15
- Dlink Dns-1100-4 Firmware: 15
Top EPSS Score:
- CVE-2026-2493 - 15.24 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2493)
- CVE-2025-71260 - 6.54 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71260)
- CVE-2025-71257 - 3.58 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71257)
- CVE-2026-32596 - 2.26 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32596)
- CVE-2026-32583 - 2.09 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32583)
- CVE-2026-4497 - 1.91 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4497)
- CVE-2025-71259 - 1.87 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71259)
- CVE-2025-15060 - 1.71 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-15060)
- CVE-2025-71258 - 1.62 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71258)
- CVE-2026-3838 - 1.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3838)
updated 2026-03-23T14:32:02.800000
1 posts
🟠 CVE-2026-31904 - High (7.5)
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charge...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31904/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T14:32:02.800000
1 posts
🟠 CVE-2026-33180 - High (7.5)
HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.0, when setting headers in HTTP requests, the internal HTTP client sends headers first to the host in the initial URL but...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33180/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T14:32:02.800000
1 posts
🟠 CVE-2026-33243 - High (8.2)
barebox is a bootloader. In barebox from version 2016.03.0 to before version 2025.09.3 and from version 2025.10.0 to before version 2026.03.1, when creating a FIT, mkimage(1) sets the hashed-nodes property of the FIT signature node to list which n...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33243/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T14:32:02.800000
1 posts
🟠 CVE-2026-32048 - High (7.5)
OpenClaw versions prior to 2026.3.1 fail to enforce sandbox inheritance during cross-agent sessions_spawn operations, allowing sandboxed sessions to create child processes under unsandboxed agents. An attacker with a sandboxed session can exploit ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32048/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T14:31:37.267000
2 posts
🔴 CVE-2026-4585 - Critical (9.8)
A vulnerability has been found in Tiandy Easy7 Integrated Management Platform up to 7.17.0. This vulnerability affects unknown code of the file /Easy7/apps/WebService/ImportSystemConfiguration.jsp of the component Configuration Handler. The manipu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4585/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-4585 - Critical (9.8)
A vulnerability has been found in Tiandy Easy7 Integrated Management Platform up to 7.17.0. This vulnerability affects unknown code of the file /Easy7/apps/WebService/ImportSystemConfiguration.jsp of the component Configuration Handler. The manipu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4585/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T14:31:37.267000
2 posts
🔴 CVE-2026-4567 - Critical (9.8)
A vulnerability has been found in Tenda A15 15.13.07.13. The impacted element is the function UploadCfg of the file /cgi-bin/UploadCfg. The manipulation of the argument File leads to stack-based buffer overflow. The attack may be initiated remotel...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4567/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔥 CVE-2026-4567: Critical stack buffer overflow in Tenda A15 (v15.13.07.13). Remote, unauthenticated code execution possible via /cgi-bin/UploadCfg. Patch or restrict access immediately! https://radar.offseq.com/threat/cve-2026-4567-stack-based-buffer-overflow-in-tenda-27ff1845 #OffSeq #infosec #routersecurity #CVE20264567
##updated 2026-03-23T14:31:37.267000
2 posts
🟠 CVE-2026-4534 - High (8.8)
A flaw has been found in Tenda FH451 1.0.0.9. This affects the function formWrlExtraSet of the file /goform/WrlExtraSet. This manipulation of the argument GO causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4534/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔎 CVE-2026-4534 (HIGH, CVSS 8.7): Stack-based buffer overflow in Tenda FH451 (v1.0.0.9) lets remote attackers execute code. PoC exploit published. Patch/mitigate now — restrict access & monitor for attacks. Info: https://radar.offseq.com/threat/cve-2026-4534-stack-based-buffer-overflow-in-tenda-65a33e73 #OffSeq #Vulnerability #Tenda #InfoSec
##updated 2026-03-23T14:31:37.267000
1 posts
🟠 CVE-2026-4552 - High (8.8)
A vulnerability was determined in Tenda F453 1.0.0.3. This issue affects the function fromVirtualSer of the file /goform/VirtualSer of the component Parameters Handler. Executing a manipulation of the argument page can lead to stack-based buffer o...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4552/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T14:31:37.267000
1 posts
🟠 CVE-2026-4551 - High (8.8)
A vulnerability was found in Tenda F453 1.0.0.3. This vulnerability affects the function fromSafeClientFilter of the file /goform/SafeClientFilter of the component Parameters Handler. Performing a manipulation of the argument menufacturer/Go resul...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4551/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T14:31:37.267000
1 posts
🛡️ CVE-2026-4540: MEDIUM-severity SQL Injection in projectworlds Online Notes Sharing System v1.0. Exploit code is public, no active attacks yet. Patch or mitigate — focus on the 'Benutzer' param in /login.php. More info: https://radar.offseq.com/threat/cve-2026-4540-sql-injection-in-projectworlds-onlin-4351ab2e #OffSeq #SQLInjection #Vuln
##updated 2026-03-23T14:31:37.267000
2 posts
🚨 CVE-2026-4529: HIGH severity stack-based buffer overflow in D-Link DHP-1320 (1.00WWB04) via SOAP Handler. Public exploit out. Device is EOL, no patch — isolate or replace now! https://radar.offseq.com/threat/cve-2026-4529-stack-based-buffer-overflow-in-d-lin-7f100378 #OffSeq #Vulnerability #DLink #BufferOverflow #InfoSec
##🟠 CVE-2026-4529 - High (8.8)
A vulnerability was identified in D-Link DHP-1320 1.00WWB04. This affects the function redirect_count_down_page of the component SOAP Handler. Such manipulation leads to stack-based buffer overflow. The attack can be executed remotely. The exploit...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4529/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T12:30:36
4 posts
🟠 CVE-2026-32969 - High (7.5)
An unauthenticated remote attacker can exploit a Pre-Auth blind SQL Injection vulnerability in the userinfo endpoint’s authentication method due to improper neutralization of special elements in a SQL SELECT command. This can result in a total l...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32969/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32969 - High (7.5)
An unauthenticated remote attacker can exploit a Pre-Auth blind SQL Injection vulnerability in the userinfo endpoint’s authentication method due to improper neutralization of special elements in a SQL SELECT command. This can result in a total l...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32969/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
###OT #Advisory VDE-2026-025
Helmholz: Multiple Vulnerabilities in myREX24V2 / myREX24V2.virtual
Multiple vulnerabilities have been discovered in Helmholz myREX24V2 / myREX24V2.virtual that could allow unauthenticated RCE or SQLi.
#CVE CVE-2026-32968, CVE-2026-32969
https://certvde.com/en/advisories/vde-2026-025/
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-025.json
###OT #Advisory VDE-2026-024
MB connect line: Multiple Vulnerabilities in mbCONNECT24/mymbCONNECT24
Multiple vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24 that could allow unauthenticated RCE or SQLi.
#CVE CVE-2026-32968, CVE-2026-32969
https://certvde.com/en/advisories/vde-2026-024/
#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-024.json
##updated 2026-03-23T12:30:31
3 posts
🔴 CVE-2026-32968 - Critical (9.8)
Due to the improper neutralisation of special elements used in an OS command, an unauthenticated remote attacker can exploit an RCE vulnerability in the com_mb24sysapi module, resulting in full system compromise. This vulnerability is a variant at...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32968/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
###OT #Advisory VDE-2026-025
Helmholz: Multiple Vulnerabilities in myREX24V2 / myREX24V2.virtual
Multiple vulnerabilities have been discovered in Helmholz myREX24V2 / myREX24V2.virtual that could allow unauthenticated RCE or SQLi.
#CVE CVE-2026-32968, CVE-2026-32969
https://certvde.com/en/advisories/vde-2026-025/
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-025.json
###OT #Advisory VDE-2026-024
MB connect line: Multiple Vulnerabilities in mbCONNECT24/mymbCONNECT24
Multiple vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24 that could allow unauthenticated RCE or SQLi.
#CVE CVE-2026-32968, CVE-2026-32969
https://certvde.com/en/advisories/vde-2026-024/
#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-024.json
##updated 2026-03-23T09:30:29
3 posts
1 repos
WAGO 852-1812 switch hit with CRITICAL CVE-2026-3587 (CVSS 10.0): hidden CLI lets remote attackers gain root with no auth. No patch yet. Isolate, restrict access, & monitor closely. https://radar.offseq.com/threat/cve-2026-3587-cwe-912-hidden-functionality-in-wago-a4c55a72 #OffSeq #ICS #Infosec #Vulnerability
##🔴 CVE-2026-3587 - Critical (10)
An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface and gain root access to the underlying Linux based OS, leading to full compromise of the device.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3587/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
###OT #Advisory VDE-2026-020
WAGO: Vulnerability in managed switches
A vulnerability has been found affecting the Managed Switches of WAGO. An unauthenticated attacker can fully compromise the device via an undocumented function.
#CVE CVE-2026-3587
https://certvde.com/en/advisories/vde-2026-020/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-020.json
##updated 2026-03-23T06:30:39
2 posts
🛡️ CVE-2026-4601: CRITICAL bug in jsrsasign <11.1.1 misses a vital DSA signing step, letting attackers recover private keys if exploited. No active attacks yet, but update ASAP! Details: https://radar.offseq.com/threat/cve-2026-4601-missing-cryptographic-step-in-jsrsas-1b19c447 #OffSeq #CVE20264601 #Crypto #Vuln
##🟠 CVE-2026-4601 - High (8.7)
Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the DSA signing implementation. An attacker can recover the private key by forcing r or s to be zer...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4601/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T06:30:39
2 posts
🟠 CVE-2026-4598 - High (7.5)
Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse implementation receives zero or negative inputs, allowing an attacker to hang the process ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4598/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4598 - High (7.5)
Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse implementation receives zero or negative inputs, allowing an attacker to hang the process ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4598/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T03:31:45
1 posts
🚨 CRITICAL: CVE-2026-4606 in GeoVision GV-Edge Recording Manager 2.3.1 allows any local user to escalate to SYSTEM privileges (CVSS 10.0). Patch or restrict local access now! https://radar.offseq.com/threat/cve-2026-4606-cwe-250-execution-with-unnecessary-p-39d565c1 #OffSeq #Vulnerability #WindowsSecurity #GeoVision
##updated 2026-03-23T03:31:45
2 posts
🟠 CVE-2026-4566 - High (8.8)
A flaw has been found in Belkin F9K1122 1.00.33. The affected element is the function formWISP5G of the file /goform/formWISP5G. Executing a manipulation of the argument webpage can lead to stack-based buffer overflow. The attack can be launched r...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4566/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4566 - High (8.8)
A flaw has been found in Belkin F9K1122 1.00.33. The affected element is the function formWISP5G of the file /goform/formWISP5G. Executing a manipulation of the argument webpage can lead to stack-based buffer overflow. The attack can be launched r...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4566/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T03:31:45
2 posts
🚨 HIGH: CVE-2026-4565 — Tenda AC21 (16.03.08.16) has a remote buffer overflow in /goform/SetNetControlList. Public exploit out; full device compromise possible. Disable WAN admin, monitor, and segment networks ASAP. https://radar.offseq.com/threat/cve-2026-4565-buffer-overflow-in-tenda-ac21-5d23ce15 #OffSeq #Vulnerability #NetSec #Router
##🟠 CVE-2026-4565 - High (8.8)
A vulnerability was detected in Tenda AC21 16.03.08.16. Impacted is the function formSetQosBand of the file /goform/SetNetControlList. Performing a manipulation of the argument list results in buffer overflow. The attack can be initiated remotely....
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4565/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T00:31:08
2 posts
1 repos
🟠 CVE-2026-2580 - High (7.5)
The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 4.9.1 due to insufficie...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2580/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ HIGH severity alert: CVE-2026-2580 – SQL Injection in flippercode WP Maps plugin for WordPress (all versions). Unauthenticated attackers can exfiltrate data via 'orderby'. Patch or mitigate ASAP. https://radar.offseq.com/threat/cve-2026-2580-cwe-89-improper-neutralization-of-sp-b93f1b1b #OffSeq #WordPress #Vuln #SQLi
##updated 2026-03-22T18:30:22
1 posts
🟠 CVE-2026-4553 - High (8.8)
A vulnerability was identified in Tenda F453 1.0.0.3. Impacted is the function fromNatlimit of the file /goform/Natlimit of the component Parameters Handler. The manipulation of the argument page leads to stack-based buffer overflow. It is possibl...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4553/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-22T18:30:22
1 posts
🟠 CVE-2026-4555 - High (8.8)
A weakness has been identified in D-Link DIR-513 1.10. The impacted element is the function formEasySetTimezone of the file /goform/formEasySetTimezone of the component boa. This manipulation of the argument curTime causes stack-based buffer overf...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4555/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-22T18:30:22
1 posts
🟠 CVE-2026-4558 - High (8.8)
A flaw has been found in Linksys MR9600 2.0.6.206937. Affected is the function smartConnectConfigure of the file SmartConnect.lua. Executing a manipulation of the argument configApSsid/configApPassphrase/srpLogin/srpPassword can lead to os command...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4558/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-22T12:32:35
1 posts
⚠️ CVE-2026-4543: Wavlink WL-WN578W2 (v221110) has a MEDIUM severity command injection flaw in /cgi-bin/firewall.cgi. No patch; public exploit exists. Isolate, restrict access, and monitor traffic urgently. https://radar.offseq.com/threat/cve-2026-4543-command-injection-in-wavlink-wl-wn57-50f96d33 #OffSeq #Infosec #Vulnerability #Router
##updated 2026-03-22T06:30:22
1 posts
🟠 CVE-2026-4314 - High (8.8)
The 'The Ultimate WordPress Toolkit – WP Extended' plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.2.4. This is due to the `isDashboardOrProfileRequest()` method in the Menu Editor module using ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4314/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-22T06:30:22
2 posts
🟠 CVE-2026-4535 - High (8.8)
A vulnerability has been found in Tenda FH451 1.0.0.9. This vulnerability affects the function WrlclientSet of the file /goform/WrlclientSet. Such manipulation of the argument GO leads to stack-based buffer overflow. The attack can be launched rem...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4535/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ HIGH severity: CVE-2026-4535 in Tenda FH451 (v1.0.0.9) — stack-based buffer overflow in /goform/WrlclientSet. Remote, unauthenticated code execution possible. Patch or mitigate now! https://radar.offseq.com/threat/cve-2026-4535-stack-based-buffer-overflow-in-tenda-8f2fc263 #OffSeq #vulnerability #IoT #bufferOverflow
##updated 2026-03-22T03:30:31
1 posts
⚠️ MEDIUM: CVE-2026-4533 in code-projects Simple Food Ordering System v1.0 allows unauthenticated SQL injection via 'Status' in all-tickets.php. Public exploit code exists — patch or mitigate now! https://radar.offseq.com/threat/cve-2026-4533-sql-injection-in-code-projects-simpl-c9dcca98 #OffSeq #Infosec #SQLInjection #CVE2026_4533
##updated 2026-03-22T00:30:33
2 posts
⚠️ CVE-2026-3629: HIGH severity in carazo's 'Import and export users and customers' WP plugin (≤1.29.7). Privilege escalation to admin possible if 'Show fields in profile' is on and CSV with 'wp_capabilities' imported. Mitigate now! https://radar.offseq.com/threat/cve-2026-3629-cwe-269-improper-privilege-managemen-61196a39 #OffSeq #WordPress #Infosec
##🟠 CVE-2026-3629 - High (8.1)
The Import and export users and customers plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.29.7. This is due to the 'save_extra_user_profile_fields' function not properly restricting which user met...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3629/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-21T03:31:17
1 posts
🟠 CVE-2026-32042 - High (8.8)
OpenClaw versions 2026.2.22 prior to 2026.2.25 contain a privilege escalation vulnerability allowing unpaired device identities to bypass operator pairing requirements and self-assign elevated operator scopes including operator.admin. Attackers wi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32042/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-21T00:32:47
1 posts
🔴 CVE-2026-25192 - Critical (9.4)
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a kno...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25192/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-21T00:32:47
1 posts
🟠 CVE-2026-31903 - High (7.5)
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31903/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-21T00:31:52
1 posts
🔴 CVE-2026-29796 - Critical (9.4)
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a kno...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-29796/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-21T00:31:52
1 posts
🟠 CVE-2026-32666 - High (7.5)
WebCTRL systems that communicate over BACnet inherit the protocol's lack
of network layer authentication. WebCTRL does not implement additional
validation of BACnet traffic so an attacker with network access could
spoof BACnet packets directed ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32666/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-21T00:31:51
1 posts
🟠 CVE-2026-25086 - High (7.7)
Under certain conditions, an attacker could bind to the same port used
by WebCTRL. This could allow the attacker to craft and send malicious
packets and impersonate the WebCTRL service without requiring code
injection into the WebCTRL software.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25086/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T22:07:02
1 posts
🔴 CVE-2026-33502 - Critical (9.3)
WWBN AVideo is an open source video platform. In versions up to and including 26.0, an unauthenticated server-side request forgery vulnerability in `plugin/Live/test.php` allows any remote user to make the AVideo server send HTTP requests to arbit...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33502/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T21:47:51
1 posts
🟠 CVE-2026-33507 - High (8.8)
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `objects/pluginImport.json.php` endpoint allows admin users to upload and install plugin ZIP files containing executable PHP code, but lacks any CSRF protectio...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33507/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T21:33:34
2 posts
🛡️ #Cybersecurity news & tips across the #fediverse 👇
“🟠 CVE-2026-33143 - High (7.5) OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.34, the WhatsApp POST webhook handler (/notification/whatsapp/webhook) processes incoming status ...”
https://mastodon.social/@thehackerwire/116280734653900107
🤖 via RSS feed. Not an endorsement.
##🟠 CVE-2026-33143 - High (7.5)
OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.34, the WhatsApp POST webhook handler (/notification/whatsapp/webhook) processes incoming status update events without verifying the Meta/WhatsApp X-Hub-Sig...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33143/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T21:20:06
1 posts
🟠 CVE-2026-32933 - High (7.5)
AutoMapper is a convention-based object-object mapper in .NET. Versions prior to 15.1.1 and 16.1.1 are vulnerable to a Denial of Service (DoS) attack. When mapping deeply nested object graphs, the library uses recursive method calls without enforc...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32933/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T20:47:20
1 posts
🟠 CVE-2026-33485 - High (7.5)
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the RTMP `on_publish` callback at `plugin/Live/on_publish.php` is accessible without authentication. The `$_POST['name']` parameter (stream key) is interpolated di...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33485/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T20:46:42
1 posts
🟠 CVE-2026-33482 - High (8.1)
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `sanitizeFFmpegCommand()` function in `plugin/API/standAlone/functions.php` is designed to prevent OS command injection in ffmpeg commands by stripping dangero...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33482/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T20:44:12
1 posts
🟠 CVE-2026-33480 - High (8.6)
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `isSSRFSafeURL()` function in AVideo can be bypassed using IPv4-mapped IPv6 addresses (`::ffff:x.x.x.x`). The unauthenticated `plugin/LiveLinks/proxy.php` endp...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33480/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T20:44:04
1 posts
🟠 CVE-2026-33479 - High (8.8)
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the Gallery plugin's `saveSort.json.php` endpoint passes unsanitized user input from `$_REQUEST['sections']` array values directly into PHP's `eval()` function. Wh...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33479/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T20:43:22
1 posts
🟠 CVE-2026-33476 - High (7.5)
SiYuan is a personal knowledge management system. Prior to version 3.6.2, the Siyuan kernel exposes an unauthenticated file-serving endpoint under `/appearance/*filepath.` Due to improper path sanitization, attackers can perform directory traversa...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33476/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T19:32:35.237000
1 posts
🟠 CVE-2026-4445 - High (8.8)
Use after free in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4445/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T18:39:07.610000
16 posts
Unfortunately it looks like CVE-2025-43520 was patched in iOS 26.1b4, the exact build I happened to leave my test device on...
I might play around with it on my Mac or in one of the new iOS pccvre VMs though.
##There has been a lot of sloppy reporting regarding DarkSword, with basically every news outlet saying that iOS 18 is vulnerable. It’s not, if you have the latest 18.7.3.
Google has a more in depth analysis, with a lot more information on the specific versions of iOS that are affected.
TL;DR It doesn’t seem to affect 18.7.3 at least (might also not work on 18.7.2 given that CVE-2025-43520, which DarkSword uses, has been patched in .2).
https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain
##@peternlewis sloppy reporting, as usual.
Google has a more in depth analysis, with a lot more information on the specific versions of iOS that are affected.
TL;DR It doesn’t seem to affect 18.7.3 at least (might also not work on 18.7.2 given that CVE-2025-43520, which DarkSword uses, has been patched in .2).
https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain
##Google has a more in-depth analysis, with a lot more information on the specific versions of iOS that are affected.
TL;DR It doesn’t seem to affect 18.7.3 at least (might also not work on 18.7.2 given that CVE-2025-43520, which DarkSword uses, has been patched in .2).
https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain
##@helge the reporting on DarkSword is incredibly sloppy.
Google has a more in depth analysis, with a lot more information on the specific versions of iOS that are affected.
TL;DR It doesn’t seem to affect 18.7.3 at least (might also not work on 18.7.2 given that CVE-2025-43520, which DarkSword uses, has been patched in .2).
https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain
##@slightlyoff @owa
Google has a more in depth analysis, with a lot more information on the specific versions of iOS that are affected.
TL;DR It doesn’t seem to affect 18.7.3 at least (might also not work on 18.7.2 given that CVE-2025-43520, which DarkSword uses, has been patched in .2).
https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain
##@9to5Mac sloppy reporting, as usual.
Google has a more in depth analysis, with a lot more information on the specific versions of iOS that are affected.
TL;DR It doesn’t seem to affect 18.7.3 at least (might also not work on 18.7.2 given that CVE-2025-43520, which DarkSword uses, has been patched in .2).
https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain
##Google has a more in depth analysis, with a lot more information on the specific versions of iOS that are affected.
TL;DR It doesn’t seem to affect 18.7.3 at least (might also not work on 18.7.2 given that CVE-2025-43520, which DarkSword uses, has been patched in .2).
https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain
##Unfortunately it looks like CVE-2025-43520 was patched in iOS 26.1b4, the exact build I happened to leave my test device on...
I might play around with it on my Mac or in one of the new iOS pccvre VMs though.
##There has been a lot of sloppy reporting regarding DarkSword, with basically every news outlet saying that iOS 18 is vulnerable. It’s not, if you have the latest 18.7.3.
Google has a more in depth analysis, with a lot more information on the specific versions of iOS that are affected.
TL;DR It doesn’t seem to affect 18.7.3 at least (might also not work on 18.7.2 given that CVE-2025-43520, which DarkSword uses, has been patched in .2).
https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain
##@peternlewis sloppy reporting, as usual.
Google has a more in depth analysis, with a lot more information on the specific versions of iOS that are affected.
TL;DR It doesn’t seem to affect 18.7.3 at least (might also not work on 18.7.2 given that CVE-2025-43520, which DarkSword uses, has been patched in .2).
https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain
##Google has a more in-depth analysis, with a lot more information on the specific versions of iOS that are affected.
TL;DR It doesn’t seem to affect 18.7.3 at least (might also not work on 18.7.2 given that CVE-2025-43520, which DarkSword uses, has been patched in .2).
https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain
##@helge the reporting on DarkSword is incredibly sloppy.
Google has a more in depth analysis, with a lot more information on the specific versions of iOS that are affected.
TL;DR It doesn’t seem to affect 18.7.3 at least (might also not work on 18.7.2 given that CVE-2025-43520, which DarkSword uses, has been patched in .2).
https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain
##@slightlyoff @owa
Google has a more in depth analysis, with a lot more information on the specific versions of iOS that are affected.
TL;DR It doesn’t seem to affect 18.7.3 at least (might also not work on 18.7.2 given that CVE-2025-43520, which DarkSword uses, has been patched in .2).
https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain
##@9to5Mac sloppy reporting, as usual.
Google has a more in depth analysis, with a lot more information on the specific versions of iOS that are affected.
TL;DR It doesn’t seem to affect 18.7.3 at least (might also not work on 18.7.2 given that CVE-2025-43520, which DarkSword uses, has been patched in .2).
https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain
##Google has a more in depth analysis, with a lot more information on the specific versions of iOS that are affected.
TL;DR It doesn’t seem to affect 18.7.3 at least (might also not work on 18.7.2 given that CVE-2025-43520, which DarkSword uses, has been patched in .2).
https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain
##updated 2026-03-20T18:32:23
1 posts
🟠 CVE-2026-4452 - High (8.8)
Integer overflow in ANGLE in Google Chrome on Windows prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4452/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T18:31:19
1 posts
🟠 CVE-2025-67260 - High (8.8)
The Terrapack software, from ASTER TEC / ASTER S.p.A., with the indicated components and versions has a file upload vulnerability that may allow attackers to execute arbitrary code. Vulnerable components include Terrapack TkWebCoreNG:: 1.0.2020091...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-67260/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T18:31:18
1 posts
🟠 CVE-2026-4464 - High (8.8)
Integer overflow in ANGLE in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4464/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T18:05:44.367000
1 posts
🟠 CVE-2026-4451 - High (8.8)
Insufficient validation of untrusted input in Navigation in Google Chrome prior to 146.0.7680.153 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium securit...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4451/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T17:59:44.053000
1 posts
🟠 CVE-2026-4455 - High (8.8)
Heap buffer overflow in PDFium in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4455/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T17:59:23.127000
1 posts
🟠 CVE-2026-4456 - High (8.8)
Use after free in Digital Credentials API in Google Chrome prior to 146.0.7680.153 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4456/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T17:58:37.903000
1 posts
🟠 CVE-2026-4458 - High (8.8)
Use after free in Extensions in Google Chrome prior to 146.0.7680.153 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4458/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T17:57:26.947000
1 posts
🟠 CVE-2026-4462 - High (8.8)
Out of bounds read in Blink in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4462/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T17:25:11
3 posts
Blip blop, I'm a #mastobot.
Here is a summary (in beta) of the latest posts in #programmingAtKukei https://masto.kukei.eu/browse/programming category:
- **AI coding tools & agentic frameworks**: Claude Code, Cursor Composer 2, GitHub Copilot SDK, OpenClaw security flaws, AI-generated insecure code (Trivy attack).
- **Programming language updates**: Python 3.15 JIT, Rust supply-chain vulnerability (CVE-2026-33056), Vite 8.0, Gren 26.03.
- **Security & vulnerabilities**: VMware vCenter DoS [1/2]
Code does not become better out of thin air just because you rewrite it in #rustlang. TOCTOUs are typically language agnostic. Here's one for tar: https://blog.rust-lang.org/2026/03/21/cve-2026-33056/ #security
##Security advisory for Cargo https://lobste.rs/s/hmb3mz #rust #security
https://blog.rust-lang.org/2026/03/21/cve-2026-33056/
updated 2026-03-20T15:58:17
3 posts
🚨 CRITICAL: CVE-2026-33286 in Graphiti (<1.10.2) lets unauthenticated attackers invoke arbitrary public methods via JSONAPI write requests. Patch to v1.10.2, restrict access, and validate inputs! https://radar.offseq.com/threat/cve-2026-33286-cwe-913-improper-control-of-dynamic-fd76d864 #OffSeq #CVE202633286 #Ruby #APIsecurity
##🚨 CRITICAL: CVE-2026-33286 in Graphiti (<1.10.2) lets unauthenticated attackers invoke arbitrary public methods via JSONAPI write requests. Patch to v1.10.2, restrict access, and validate inputs! https://radar.offseq.com/threat/cve-2026-33286-cwe-913-improper-control-of-dynamic-fd76d864 #OffSeq #CVE202633286 #Ruby #APIsecurity
##🔴 CVE-2026-33286 - Critical (9.1)
Graphiti is a framework that sits on top of models and exposes them via a JSON:API-compliant interface. Versions prior to 1.10.2 have an arbitrary method execution vulnerability that affects Graphiti's JSONAPI write functionality. An attacker can ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33286/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T15:32:14
1 posts
🟠 CVE-2026-4463 - High (8.8)
Heap buffer overflow in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4463/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T15:32:13
1 posts
🟠 CVE-2026-4447 - High (8.8)
Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4447/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T15:32:13
1 posts
🟠 CVE-2026-4446 - High (8.8)
Use after free in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4446/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T15:32:13
1 posts
🟠 CVE-2026-4444 - High (8.8)
Stack buffer overflow in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4444/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T15:31:12
1 posts
🟠 CVE-2026-4457 - High (8.8)
Type Confusion in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4457/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T15:31:12
1 posts
🟠 CVE-2026-4454 - High (8.8)
Use after free in Network in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4454/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T15:31:12
1 posts
🟠 CVE-2026-4461 - High (8.8)
Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4461/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T15:31:12
1 posts
🟠 CVE-2026-4460 - High (8.8)
Out of bounds read in Skia in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4460/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T15:31:12
1 posts
🟠 CVE-2026-4459 - High (8.8)
Out of bounds read and write in WebAudio in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4459/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T13:39:46.493000
1 posts
📈 CVE Published in last 7 days (2026-03-16 - 2026-03-23)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1444
Severity:
- Critical: 89
- High: 472
- Medium: 648
- Low: 83
- None: 152
Status:
- : 57
- Analyzed: 366
- Awaiting Analysis: 475
- Modified: 12
- Received: 339
- Rejected: 13
- Undergoing Analysis: 182
Top CNAs:
- GitHub, Inc.: 376
- VulnCheck: 209
- VulDB: 151
- Wordfence: 133
- MITRE: 72
- N/A: 57
- kernel.org: 45
- Patchstack: 39
- Chrome: 26
- Zero Day Initiative: 23
Top Affected Products:
- UNKNOWN: 994
- Openclaw: 79
- Google Chrome: 26
- Mattermost Server: 20
- Canva Affinity: 19
- Dlink Dns-321 Firmware: 15
- Dlink Dns-320 Firmware: 15
- Dlink Dns-345 Firmware: 15
- Dlink Dns-326 Firmware: 15
- Dlink Dns-1100-4 Firmware: 15
Top EPSS Score:
- CVE-2026-2493 - 15.24 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2493)
- CVE-2025-71260 - 6.54 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71260)
- CVE-2025-71257 - 3.58 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71257)
- CVE-2026-32596 - 2.26 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32596)
- CVE-2026-32583 - 2.09 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32583)
- CVE-2026-4497 - 1.91 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4497)
- CVE-2025-71259 - 1.87 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71259)
- CVE-2025-15060 - 1.71 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-15060)
- CVE-2025-71258 - 1.62 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71258)
- CVE-2026-3838 - 1.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3838)
updated 2026-03-20T13:39:46.493000
1 posts
📈 CVE Published in last 7 days (2026-03-16 - 2026-03-23)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1444
Severity:
- Critical: 89
- High: 472
- Medium: 648
- Low: 83
- None: 152
Status:
- : 57
- Analyzed: 366
- Awaiting Analysis: 475
- Modified: 12
- Received: 339
- Rejected: 13
- Undergoing Analysis: 182
Top CNAs:
- GitHub, Inc.: 376
- VulnCheck: 209
- VulDB: 151
- Wordfence: 133
- MITRE: 72
- N/A: 57
- kernel.org: 45
- Patchstack: 39
- Chrome: 26
- Zero Day Initiative: 23
Top Affected Products:
- UNKNOWN: 994
- Openclaw: 79
- Google Chrome: 26
- Mattermost Server: 20
- Canva Affinity: 19
- Dlink Dns-321 Firmware: 15
- Dlink Dns-320 Firmware: 15
- Dlink Dns-345 Firmware: 15
- Dlink Dns-326 Firmware: 15
- Dlink Dns-1100-4 Firmware: 15
Top EPSS Score:
- CVE-2026-2493 - 15.24 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2493)
- CVE-2025-71260 - 6.54 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71260)
- CVE-2025-71257 - 3.58 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71257)
- CVE-2026-32596 - 2.26 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32596)
- CVE-2026-32583 - 2.09 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32583)
- CVE-2026-4497 - 1.91 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4497)
- CVE-2025-71259 - 1.87 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71259)
- CVE-2025-15060 - 1.71 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-15060)
- CVE-2025-71258 - 1.62 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71258)
- CVE-2026-3838 - 1.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3838)
updated 2026-03-19T21:01:58
1 posts
📈 CVE Published in last 7 days (2026-03-16 - 2026-03-23)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1444
Severity:
- Critical: 89
- High: 472
- Medium: 648
- Low: 83
- None: 152
Status:
- : 57
- Analyzed: 366
- Awaiting Analysis: 475
- Modified: 12
- Received: 339
- Rejected: 13
- Undergoing Analysis: 182
Top CNAs:
- GitHub, Inc.: 376
- VulnCheck: 209
- VulDB: 151
- Wordfence: 133
- MITRE: 72
- N/A: 57
- kernel.org: 45
- Patchstack: 39
- Chrome: 26
- Zero Day Initiative: 23
Top Affected Products:
- UNKNOWN: 994
- Openclaw: 79
- Google Chrome: 26
- Mattermost Server: 20
- Canva Affinity: 19
- Dlink Dns-321 Firmware: 15
- Dlink Dns-320 Firmware: 15
- Dlink Dns-345 Firmware: 15
- Dlink Dns-326 Firmware: 15
- Dlink Dns-1100-4 Firmware: 15
Top EPSS Score:
- CVE-2026-2493 - 15.24 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2493)
- CVE-2025-71260 - 6.54 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71260)
- CVE-2025-71257 - 3.58 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71257)
- CVE-2026-32596 - 2.26 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32596)
- CVE-2026-32583 - 2.09 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32583)
- CVE-2026-4497 - 1.91 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4497)
- CVE-2025-71259 - 1.87 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71259)
- CVE-2025-15060 - 1.71 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-15060)
- CVE-2025-71258 - 1.62 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71258)
- CVE-2026-3838 - 1.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3838)
updated 2026-03-19T19:34:07
1 posts
🟠 CVE-2026-33354 - High (7.6)
WWBN AVideo is an open source video platform. In versions up to and including 26.0, `POST /objects/aVideoEncoder.json.php` accepts a requester-controlled `chunkFile` parameter intended for staged upload chunks. Instead of restricting that path to ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33354/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-19T19:13:30
1 posts
🔴 CVE-2026-33351 - Critical (9.1)
WWBN AVideo is an open source video platform. Prior to version 26.0, a Server-Side Request Forgery (SSRF) vulnerability exists in `plugin/Live/standAloneFiles/saveDVR.json.php`. When the AVideo Live plugin is deployed in standalone mode (the inten...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33351/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-19T18:32:21
2 posts
3 repos
https://github.com/Sushilsin/CVE-2026-20131
Critical patch alert: The US government has ordered a maximum severity patch for a Cisco vulnerability (CVE-2026-20131) that's being exploited in ransomware campaigns.
Read more: https://steelefortress.com/86cy1e
#Encryption #ThreatIntel #Security #DataPrivacy #CyberDefense
##Critical patch alert: The US government has ordered a maximum severity patch for a Cisco vulnerability (CVE-2026-20131) that's being exploited in ransomware campaigns.
Read more: https://steelefortress.com/86cy1e
#Encryption #ThreatIntel #Security #DataPrivacy #CyberDefense
##updated 2026-03-19T18:28:12
1 posts
updated 2026-03-19T17:25:37
2 posts
🔴 CVE-2026-33297 - Critical (9.1)
WWBN AVideo is an open source video platform. Prior to version 26.0, the `setPassword.json.php` endpoint in the CustomizeUser plugin allows administrators to set a channel password for any user. Due to a logic error in how the submitted password v...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33297/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-33297 - Critical (9.1)
WWBN AVideo is an open source video platform. Prior to version 26.0, the `setPassword.json.php` endpoint in the CustomizeUser plugin allows administrators to set a channel password for any user. Due to a logic error in how the submitted password v...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33297/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-19T17:12:05
1 posts
🟠 CVE-2026-33293 - High (8.1)
WWBN AVideo is an open source video platform. Prior to version 26.0, the `deleteDump` parameter in `plugin/CloneSite/cloneServer.json.php` is passed directly to `unlink()` without any path sanitization. An attacker with valid clone credentials can...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33293/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-19T15:31:27
1 posts
1 repos
https://github.com/watchtowrlabs/watchTowr-vs-BMC-Footprints-RCE-CVE-2025-71257-CVE-2025-71260
📈 CVE Published in last 7 days (2026-03-16 - 2026-03-23)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1444
Severity:
- Critical: 89
- High: 472
- Medium: 648
- Low: 83
- None: 152
Status:
- : 57
- Analyzed: 366
- Awaiting Analysis: 475
- Modified: 12
- Received: 339
- Rejected: 13
- Undergoing Analysis: 182
Top CNAs:
- GitHub, Inc.: 376
- VulnCheck: 209
- VulDB: 151
- Wordfence: 133
- MITRE: 72
- N/A: 57
- kernel.org: 45
- Patchstack: 39
- Chrome: 26
- Zero Day Initiative: 23
Top Affected Products:
- UNKNOWN: 994
- Openclaw: 79
- Google Chrome: 26
- Mattermost Server: 20
- Canva Affinity: 19
- Dlink Dns-321 Firmware: 15
- Dlink Dns-320 Firmware: 15
- Dlink Dns-345 Firmware: 15
- Dlink Dns-326 Firmware: 15
- Dlink Dns-1100-4 Firmware: 15
Top EPSS Score:
- CVE-2026-2493 - 15.24 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2493)
- CVE-2025-71260 - 6.54 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71260)
- CVE-2025-71257 - 3.58 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71257)
- CVE-2026-32596 - 2.26 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32596)
- CVE-2026-32583 - 2.09 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32583)
- CVE-2026-4497 - 1.91 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4497)
- CVE-2025-71259 - 1.87 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71259)
- CVE-2025-15060 - 1.71 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-15060)
- CVE-2025-71258 - 1.62 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71258)
- CVE-2026-3838 - 1.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3838)
updated 2026-03-19T15:31:21
1 posts
1 repos
https://github.com/watchtowrlabs/watchTowr-vs-BMC-Footprints-RCE-CVE-2025-71257-CVE-2025-71260
📈 CVE Published in last 7 days (2026-03-16 - 2026-03-23)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1444
Severity:
- Critical: 89
- High: 472
- Medium: 648
- Low: 83
- None: 152
Status:
- : 57
- Analyzed: 366
- Awaiting Analysis: 475
- Modified: 12
- Received: 339
- Rejected: 13
- Undergoing Analysis: 182
Top CNAs:
- GitHub, Inc.: 376
- VulnCheck: 209
- VulDB: 151
- Wordfence: 133
- MITRE: 72
- N/A: 57
- kernel.org: 45
- Patchstack: 39
- Chrome: 26
- Zero Day Initiative: 23
Top Affected Products:
- UNKNOWN: 994
- Openclaw: 79
- Google Chrome: 26
- Mattermost Server: 20
- Canva Affinity: 19
- Dlink Dns-321 Firmware: 15
- Dlink Dns-320 Firmware: 15
- Dlink Dns-345 Firmware: 15
- Dlink Dns-326 Firmware: 15
- Dlink Dns-1100-4 Firmware: 15
Top EPSS Score:
- CVE-2026-2493 - 15.24 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2493)
- CVE-2025-71260 - 6.54 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71260)
- CVE-2025-71257 - 3.58 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71257)
- CVE-2026-32596 - 2.26 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32596)
- CVE-2026-32583 - 2.09 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32583)
- CVE-2026-4497 - 1.91 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4497)
- CVE-2025-71259 - 1.87 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71259)
- CVE-2025-15060 - 1.71 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-15060)
- CVE-2025-71258 - 1.62 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71258)
- CVE-2026-3838 - 1.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3838)
updated 2026-03-19T12:44:28
2 posts
🟠 CVE-2026-33242 - High (7.5)
Salvo is a Rust web framework. Versions 0.39.0 through 0.89.2 have a Path Traversal and Access Control Bypass vulnerability in the salvo-proxy component. The vulnerability allows an unauthenticated external attacker to bypass proxy routing constra...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33242/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33242 - High (7.5)
Salvo is a Rust web framework. Versions 0.39.0 through 0.89.2 have a Path Traversal and Access Control Bypass vulnerability in the salvo-proxy component. The vulnerability allows an unauthenticated external attacker to bypass proxy routing constra...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33242/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-19T12:42:43
1 posts
🟠 CVE-2026-33236 - High (8.1)
NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, the NLTK downloader does not validate the `subdir` ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33236/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-19T12:42:23
1 posts
🟠 CVE-2026-33231 - High (7.5)
NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, `nltk.app.wordnet_app` allows unauthenticated remot...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33231/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T20:22:12
1 posts
🟠 CVE-2026-33226 - High (8.7)
Budibase is a low code platform for creating internal tools, workflows, and admin panels. In versions from 3.30.6 and prior, the REST datasource query preview endpoint (POST /api/queries/preview) makes server-side HTTP requests to any URL supplied...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33226/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T20:20:10
3 posts
🚨 CRITICAL: CVE-2026-33211 in Tekton Pipelines (git resolver) enables path traversal attacks via pathInRepo, exposing sensitive files (like ServiceAccount tokens). Upgrade to fixed versions immediately. Details: https://radar.offseq.com/threat/cve-2026-33211-cwe-22-improper-limitation-of-a-pat-2bb49643 #OffSeq #Tekton #Kubernetes #Infosec
##🚨 CRITICAL: CVE-2026-33211 in Tekton Pipelines (git resolver) enables path traversal attacks via pathInRepo, exposing sensitive files (like ServiceAccount tokens). Upgrade to fixed versions immediately. Details: https://radar.offseq.com/threat/cve-2026-33211-cwe-22-improper-limitation-of-a-pat-2bb49643 #OffSeq #Tekton #Kubernetes #Infosec
##🔴 CVE-2026-33211 - Critical (9.6)
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2, the Tekton Pipelines git resolver is vulnerable to path traversal vi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33211/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T20:16:59
1 posts
🟠 CVE-2026-33204 - High (7.5)
SimpleJWT is a simple JSON web token library written in PHP. Prior to version 1.1.1, an unauthenticated attacker can perform a Denial of Service via JWE header tampering when PBES2 algorithms are used. Applications that call JWE::decrypt() on atta...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33204/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T20:11:01
1 posts
🟠 CVE-2026-33203 - High (7.5)
SiYuan is a personal knowledge management system. Prior to version 3.6.2, the SiYuan kernel WebSocket server accepts unauthenticated connections when a specific "auth keepalive" query parameter is present. After connection, incoming messages are p...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33203/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T20:10:30
1 posts
🔴 CVE-2026-33186 - Critical (9.1)
gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepti...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33186/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T06:31:20
1 posts
5 repos
https://github.com/fevar54/CVE-2026-3888-POC-all-from-the-Qualys-platform.
https://github.com/Many-Hat-Group/Ubuntu-CVE-2026-3888-patcher
https://github.com/nomaisthere/CVE-2026-3888
https://github.com/netw0rk7/CVE-2026-3888-PoC
https://github.com/TheCyberGeek/CVE-2026-3888-snap-confine-systemd-tmpfiles-LPE
⚪️ Ubuntu vulnerability lets attackers gain root privileges
🗨️ A serious vulnerability has been discovered in default installations of Ubuntu Desktop 24.04 and later (CVE-2026-3888, scored 7.8 on the CVSS scale), which allows a local attacker to escalate privileges to root. The issue was discovered by specialists from the…
##updated 2026-03-17T14:18:58.587000
1 posts
📈 CVE Published in last 7 days (2026-03-16 - 2026-03-23)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1444
Severity:
- Critical: 89
- High: 472
- Medium: 648
- Low: 83
- None: 152
Status:
- : 57
- Analyzed: 366
- Awaiting Analysis: 475
- Modified: 12
- Received: 339
- Rejected: 13
- Undergoing Analysis: 182
Top CNAs:
- GitHub, Inc.: 376
- VulnCheck: 209
- VulDB: 151
- Wordfence: 133
- MITRE: 72
- N/A: 57
- kernel.org: 45
- Patchstack: 39
- Chrome: 26
- Zero Day Initiative: 23
Top Affected Products:
- UNKNOWN: 994
- Openclaw: 79
- Google Chrome: 26
- Mattermost Server: 20
- Canva Affinity: 19
- Dlink Dns-321 Firmware: 15
- Dlink Dns-320 Firmware: 15
- Dlink Dns-345 Firmware: 15
- Dlink Dns-326 Firmware: 15
- Dlink Dns-1100-4 Firmware: 15
Top EPSS Score:
- CVE-2026-2493 - 15.24 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2493)
- CVE-2025-71260 - 6.54 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71260)
- CVE-2025-71257 - 3.58 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71257)
- CVE-2026-32596 - 2.26 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32596)
- CVE-2026-32583 - 2.09 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32583)
- CVE-2026-4497 - 1.91 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4497)
- CVE-2025-71259 - 1.87 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71259)
- CVE-2025-15060 - 1.71 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-15060)
- CVE-2025-71258 - 1.62 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71258)
- CVE-2026-3838 - 1.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3838)
updated 2026-03-16T18:32:14
1 posts
📈 CVE Published in last 7 days (2026-03-16 - 2026-03-23)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1444
Severity:
- Critical: 89
- High: 472
- Medium: 648
- Low: 83
- None: 152
Status:
- : 57
- Analyzed: 366
- Awaiting Analysis: 475
- Modified: 12
- Received: 339
- Rejected: 13
- Undergoing Analysis: 182
Top CNAs:
- GitHub, Inc.: 376
- VulnCheck: 209
- VulDB: 151
- Wordfence: 133
- MITRE: 72
- N/A: 57
- kernel.org: 45
- Patchstack: 39
- Chrome: 26
- Zero Day Initiative: 23
Top Affected Products:
- UNKNOWN: 994
- Openclaw: 79
- Google Chrome: 26
- Mattermost Server: 20
- Canva Affinity: 19
- Dlink Dns-321 Firmware: 15
- Dlink Dns-320 Firmware: 15
- Dlink Dns-345 Firmware: 15
- Dlink Dns-326 Firmware: 15
- Dlink Dns-1100-4 Firmware: 15
Top EPSS Score:
- CVE-2026-2493 - 15.24 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2493)
- CVE-2025-71260 - 6.54 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71260)
- CVE-2025-71257 - 3.58 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71257)
- CVE-2026-32596 - 2.26 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32596)
- CVE-2026-32583 - 2.09 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32583)
- CVE-2026-4497 - 1.91 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4497)
- CVE-2025-71259 - 1.87 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71259)
- CVE-2025-15060 - 1.71 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-15060)
- CVE-2025-71258 - 1.62 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71258)
- CVE-2026-3838 - 1.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3838)
updated 2026-03-16T18:18:34.750000
1 posts
A vulnerability in a Linux enterprise app can allow attackers root access over devices
The issue impacts Himmelblau, an interoperability suite to integrate Linux with Entra ID and Intune networks.
##updated 2026-03-16T15:30:55
1 posts
📈 CVE Published in last 7 days (2026-03-16 - 2026-03-23)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1444
Severity:
- Critical: 89
- High: 472
- Medium: 648
- Low: 83
- None: 152
Status:
- : 57
- Analyzed: 366
- Awaiting Analysis: 475
- Modified: 12
- Received: 339
- Rejected: 13
- Undergoing Analysis: 182
Top CNAs:
- GitHub, Inc.: 376
- VulnCheck: 209
- VulDB: 151
- Wordfence: 133
- MITRE: 72
- N/A: 57
- kernel.org: 45
- Patchstack: 39
- Chrome: 26
- Zero Day Initiative: 23
Top Affected Products:
- UNKNOWN: 994
- Openclaw: 79
- Google Chrome: 26
- Mattermost Server: 20
- Canva Affinity: 19
- Dlink Dns-321 Firmware: 15
- Dlink Dns-320 Firmware: 15
- Dlink Dns-345 Firmware: 15
- Dlink Dns-326 Firmware: 15
- Dlink Dns-1100-4 Firmware: 15
Top EPSS Score:
- CVE-2026-2493 - 15.24 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2493)
- CVE-2025-71260 - 6.54 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71260)
- CVE-2025-71257 - 3.58 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71257)
- CVE-2026-32596 - 2.26 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32596)
- CVE-2026-32583 - 2.09 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32583)
- CVE-2026-4497 - 1.91 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4497)
- CVE-2025-71259 - 1.87 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71259)
- CVE-2025-15060 - 1.71 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-15060)
- CVE-2025-71258 - 1.62 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71258)
- CVE-2026-3838 - 1.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3838)
updated 2026-03-16T15:30:53
1 posts
📈 CVE Published in last 7 days (2026-03-16 - 2026-03-23)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1444
Severity:
- Critical: 89
- High: 472
- Medium: 648
- Low: 83
- None: 152
Status:
- : 57
- Analyzed: 366
- Awaiting Analysis: 475
- Modified: 12
- Received: 339
- Rejected: 13
- Undergoing Analysis: 182
Top CNAs:
- GitHub, Inc.: 376
- VulnCheck: 209
- VulDB: 151
- Wordfence: 133
- MITRE: 72
- N/A: 57
- kernel.org: 45
- Patchstack: 39
- Chrome: 26
- Zero Day Initiative: 23
Top Affected Products:
- UNKNOWN: 994
- Openclaw: 79
- Google Chrome: 26
- Mattermost Server: 20
- Canva Affinity: 19
- Dlink Dns-321 Firmware: 15
- Dlink Dns-320 Firmware: 15
- Dlink Dns-345 Firmware: 15
- Dlink Dns-326 Firmware: 15
- Dlink Dns-1100-4 Firmware: 15
Top EPSS Score:
- CVE-2026-2493 - 15.24 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2493)
- CVE-2025-71260 - 6.54 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71260)
- CVE-2025-71257 - 3.58 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71257)
- CVE-2026-32596 - 2.26 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32596)
- CVE-2026-32583 - 2.09 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32583)
- CVE-2026-4497 - 1.91 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4497)
- CVE-2025-71259 - 1.87 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71259)
- CVE-2025-15060 - 1.71 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-15060)
- CVE-2025-71258 - 1.62 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71258)
- CVE-2026-3838 - 1.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3838)
updated 2026-03-13T21:32:59
2 posts
Global cybersecurity alerts include active exploitation of Chrome Zero-Days (CVE-2026-3909/3910) and a Quest KACE SMA flaw for credential harvesting. Advanced threats like Android haptic keyloggers and deepfake identity fraud are emerging. Geopolitically, Persian Gulf tensions remain high, while the US announced a new cyber strategy to defend companies from foreign adversaries. In tech, NVIDIA Nemotron 3 Super is now on Amazon Bedrock.
##Global cybersecurity alerts include active exploitation of Chrome Zero-Days (CVE-2026-3909/3910) and a Quest KACE SMA flaw for credential harvesting. Advanced threats like Android haptic keyloggers and deepfake identity fraud are emerging. Geopolitically, Persian Gulf tensions remain high, while the US announced a new cyber strategy to defend companies from foreign adversaries. In tech, NVIDIA Nemotron 3 Super is now on Amazon Bedrock.
##updated 2026-03-05T15:28:06
1 posts
🚨 EUVD-2026-14786
📊 Score: 5.3/10 (CVSS v3.1)
📦 Product: KNIME Business Hub, KNIME Business Hub, KNIME Business Hub
🏢 Vendor: KNIME
📅 Updated: 2026-03-24
📝 Apache Artemis before version 2.52.0 is affected by an authentication bypass flaw which allows reading all messages exchanged via the broker and injection of new message ( CVE-2026-27446 https://www.cve.org/CV...
🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-14786
##updated 2026-03-02T15:21:06.073000
2 posts
Dios mio! While researching a particular type of Colombian folk music, we stumbled across a .edu domain selling... accordions? Our first thought was potentially domain hijacking, but it appears to be more likely an exploitation of CVE-2026-27210 (TLDR; cross-site scripting). While the vulnerability has been patched in the plugin itself, not all pages have updated their plugins, and search engines have already indexed the poisoned pages! Pivoting led to 50+ additional domains found spread across three risky TLDs: .sbs, .pics, and .shop. The domains on .sbs and .pics appear to be config servers to exploit the vulnerability; the domains on .shop are the landing pages where victims can be scammed.
IOCs:
000o[.]sbs,0pen[.]sbs,123buys[.]shop,123me[.]shop,1bg[.]pics,1ki[.]pics,1mage[.]sbs,1ql[.]pics,1ty[.]pics,1vi[.]pics,1wr[.]pics,2ty[.]pics,569oagri[.]shop,66buys[.]shop,6ip[.]pics,6ym[.]pics,7rt[.]pics,8pi[.]pics,99buys[.]shop,99i[.]pics,9gwe[.]shop,a25n[.]shop,bk2[.]pics,bk59t[.]shop,buysok[.]shop,c68k[.]shop,cc1[.]pics,doo[.]pics,ep7[.]pics,estore-1[.]com,g9gvv[.]sbs,gaer896[.]shop,gm5[.]pics,gosok[.]shop,gt3[.]pics,h66p[.]shop,hh6[.]pics,iilvw[.]sbs,im9[.]pics,img1[.]sbs,in6[.]pics,jj3[.]pics,kk9[.]pics,lilil[.]sbs,llvvw[.]sbs,m66p6[.]shop,mebuys[.]shop,mg6[.]pics,mh8f6k[.]shop,mkk[.]pics,ms1[.]pics,nn6[.]pics,onsgs[.]com,p6[.]pics,p888p[.]shop,pan1[.]top,pic1[.]sbs,pic2[.]sbs,pt11[.]sbs,py3y[.]com,qq1[.]pics,rey89p[.]shop,shop56[.]shop,t88t8[.]shop,tp1[.]pics,tp9[.]pics,trues[.]sbs,up9[.]pics,upimg[.]sbs,uu2[.]pics,vt5[.]pics,vteyu[.]shop,vvf1[.]sbs,vvp1[.]sbs,w2w[.]pics,w88p[.]shop,wp59q[.]shop,wvlll[.]sbs,wvv1[.]sbs,wvvvv[.]sbs,x2p[.]pics,xyaer548[.]shop,yi1[.]pics
#dns #threatintel #threatintelligence #cybercrime #cybersecurity #infosec #infoblox #infobloxthreatintel #scam #seo_poisoning #seopoisoning
##Dios mio! While researching a particular type of Colombian folk music, we stumbled across a .edu domain selling... accordions? Our first thought was potentially domain hijacking, but it appears to be more likely an exploitation of CVE-2026-27210 (TLDR; cross-site scripting). While the vulnerability has been patched in the plugin itself, not all pages have updated their plugins, and search engines have already indexed the poisoned pages! Pivoting led to 50+ additional domains found spread across three risky TLDs: .sbs, .pics, and .shop. The domains on .sbs and .pics appear to be config servers to exploit the vulnerability; the domains on .shop are the landing pages where victims can be scammed.
IOCs:
000o[.]sbs,0pen[.]sbs,123buys[.]shop,123me[.]shop,1bg[.]pics,1ki[.]pics,1mage[.]sbs,1ql[.]pics,1ty[.]pics,1vi[.]pics,1wr[.]pics,2ty[.]pics,569oagri[.]shop,66buys[.]shop,6ip[.]pics,6ym[.]pics,7rt[.]pics,8pi[.]pics,99buys[.]shop,99i[.]pics,9gwe[.]shop,a25n[.]shop,bk2[.]pics,bk59t[.]shop,buysok[.]shop,c68k[.]shop,cc1[.]pics,doo[.]pics,ep7[.]pics,estore-1[.]com,g9gvv[.]sbs,gaer896[.]shop,gm5[.]pics,gosok[.]shop,gt3[.]pics,h66p[.]shop,hh6[.]pics,iilvw[.]sbs,im9[.]pics,img1[.]sbs,in6[.]pics,jj3[.]pics,kk9[.]pics,lilil[.]sbs,llvvw[.]sbs,m66p6[.]shop,mebuys[.]shop,mg6[.]pics,mh8f6k[.]shop,mkk[.]pics,ms1[.]pics,nn6[.]pics,onsgs[.]com,p6[.]pics,p888p[.]shop,pan1[.]top,pic1[.]sbs,pic2[.]sbs,pt11[.]sbs,py3y[.]com,qq1[.]pics,rey89p[.]shop,shop56[.]shop,t88t8[.]shop,tp1[.]pics,tp9[.]pics,trues[.]sbs,up9[.]pics,upimg[.]sbs,uu2[.]pics,vt5[.]pics,vteyu[.]shop,vvf1[.]sbs,vvp1[.]sbs,w2w[.]pics,w88p[.]shop,wp59q[.]shop,wvlll[.]sbs,wvv1[.]sbs,wvvvv[.]sbs,x2p[.]pics,xyaer548[.]shop,yi1[.]pics
#dns #threatintel #threatintelligence #cybercrime #cybersecurity #infosec #infoblox #infobloxthreatintel #scam #seo_poisoning #seopoisoning
##updated 2026-02-18T00:30:22
1 posts
What You Need to Know: Windows Admin Center Remote Privilege Escalation (CVE-2026-26119) https://www.semperis.com/blog/what-you-need-to-know-windows-admin-center-remote-privilege-escalation-cve-2026-26119/
##updated 2026-02-04T17:34:46.147000
1 posts
📢 CVE-2026-1207 : Injection SQL dans Django/GeoDjango activement exploitée dans la nature
📝 ## 🔍 Contexte
Publié le 23 mars 2026 par CrowdSec, cet article rapporte la confirmation par la plateforme de l'exploitation active de *...
📖 cyberveille : https://cyberveille.ch/posts/2026-03-23-cve-2026-1207-injection-sql-dans-django-geodjango-activement-exploitee-dans-la-nature/
🌐 source : https://www.crowdsec.net/vulntracking-report/cve-2026-1207
#CVE_2026_1207 #Django #Cyberveille
updated 2026-02-02T23:41:06
1 posts
8 repos
https://github.com/EQSTLab/CVE-2026-25253
https://github.com/al4n4n/CVE-2026-25253-research
https://github.com/ZhaoymOvO/openclaw-1click-rce-env
https://github.com/ethiack/moltbot-1click-rce
https://github.com/FrigateCaptain/openclaw_vulnerabilities_and_solutions
https://github.com/Ckokoski/moatbot-security
OpenClaw CVE-2026-25253 is worse than it looks (quick security checklist) https://blink.new/blog/openclaw-security-audit-checklist-2026
##updated 2026-01-20T15:33:48
1 posts
Accept Donations with PayPal <= 1.5.2 - Open Redirect (CVE-2025-68602)
Short summary: https://hackerworkspace.com/article/accept-donations-with-paypal-1-5-2-open-redirect-cve-2025-68602
##updated 2026-01-14T20:31:32.760000
1 posts
1 repos
This is my analysis (and PoC) for CVE-2026-20817, a privilege escalation in the Windows Error Reporting service.
👉 https://itm4n.github.io/cve-2026-20817-wersvc-eop/
Credit goes to Denis Faiustov and Ruslan Sayfiev for the discovery.
TL;DR A low privilege user could send an ALPC message to the WER service and coerce it to start a WerFault.exe process as SYSTEM with user-controlled arguments and options. I did not achieve arbitrary code execution, but perhaps someone knows how this can be done? 🤷♂️
##updated 2025-12-09T16:53:25
1 posts
100 repos
https://github.com/hackersatyamrastogi/react2shell-ultimate
https://github.com/Dh4v4l8/CVE-2025-55182-poc-tool
https://github.com/BankkRoll/Quickcheck-CVE-2025-55182-React-and-CVE-2025-66478-Next.js
https://github.com/momika233/CVE-2025-55182-bypass
https://github.com/heiheishushu/rsc_detect_CVE-2025-55182
https://github.com/keklick1337/CVE-2025-55182-golang-PoC
https://github.com/Faithtiannn/CVE-2025-55182
https://github.com/pyroxenites/Nextjs_RCE_Exploit_Tool
https://github.com/hualy13/CVE-2025-55182
https://github.com/lachlan2k/React2Shell-CVE-2025-55182-original-poc
https://github.com/vijay-shirhatti/RSC-Detect-CVE-2025-55182
https://github.com/freeqaz/react2shell
https://github.com/Rsatan/Next.js-Exploit-Tool
https://github.com/songsanggggg/CVE-2025-55182
https://github.com/VeilVulp/RscScan-cve-2025-55182
https://github.com/xalgord/React2Shell
https://github.com/sumanrox/rschunter
https://github.com/kavienanj/CVE-2025-55182
https://github.com/zzhorc/CVE-2025-55182
https://github.com/xcanwin/CVE-2025-55182-React-RCE
https://github.com/jf0x3a/CVE-2025-55182-exploit
https://github.com/sudo-Yangziran/CVE-2025-55182POC
https://github.com/Cillian-Collins/CVE-2025-55182
https://github.com/Pizz33/CVE-2025-55182-burpscanner
https://github.com/ynsmroztas/NextRce
https://github.com/RuoJi6/CVE-2025-55182-RCE-shell
https://github.com/theman001/CVE-2025-55182
https://github.com/LemonTeatw1/CVE-2025-55182-exploit
https://github.com/acheong08/CVE-2025-55182-poc
https://github.com/RavinduRathnayaka/CVE-2025-55182-PoC
https://github.com/BeichenDream/CVE-2025-55182-GodzillaMemoryShell
https://github.com/BlackTechX011/React2Shell
https://github.com/kondukto-io/vulnerable-next-js-poc
https://github.com/Updatelap/CVE-2025-55182
https://github.com/Spritualkb/CVE-2025-55182-exp
https://github.com/alsaut1/react2shell-lab
https://github.com/pax-k/react2shell-CVE-2025-55182-full-rce-script
https://github.com/AliHzSec/CVE-2025-55182
https://github.com/shamo0/react2shell-PoC
https://github.com/ejpir/CVE-2025-55182-bypass
https://github.com/subhdotsol/CVE-2025-55182
https://github.com/EynaExp/CVE-2025-55182-POC
https://github.com/fatguru/CVE-2025-55182-scanner
https://github.com/zack0x01/CVE-2025-55182-advanced-scanner-
https://github.com/nehkark/CVE-2025-55182
https://github.com/vulncheck-oss/cve-2025-55182
https://github.com/tobiasGuta/Next.js-RSC-RCE-Scanner-Burp-Suite-Extension
https://github.com/alfazhossain/CVE-2025-55182-Exploiter
https://github.com/anuththara2007-W/CVE-2025-55182-Exploit-extension
https://github.com/zr0n/react2shell
https://github.com/M4xSec/CVE-2025-55182-React2Shell-RCE-Shell
https://github.com/im-ezboy/CVE-2025-55182-zoomeye
https://github.com/logesh-GIT001/CVE-2025-55182
https://github.com/zack0x01/vuln-app-CVE-2025-55182
https://github.com/AdityaBhatt3010/React2Shell-CVE-2025-55182
https://github.com/mrknow001/RSC_Detector
https://github.com/websecuritylabs/React2Shell-Library
https://github.com/CymulateResearch/React2Shell-Scanner
https://github.com/timsonner/React2Shell-CVE-2025-55182
https://github.com/theori-io/reactguard
https://github.com/emredavut/CVE-2025-55182
https://github.com/assetnote/react2shell-scanner
https://github.com/dwisiswant0/CVE-2025-55182
https://github.com/msanft/CVE-2025-55182
https://github.com/CirqueiraDev/MassExploit-CVE-2025-55182
https://github.com/hoosin/CVE-2025-55182
https://github.com/surajhacx/react2shellpoc
https://github.com/rix4uni/CVE-2025-55182
https://github.com/santihabib/CVE-2025-55182-analysis
https://github.com/shyambhanushali/React2Shell
https://github.com/kOaDT/poc-cve-2025-55182
https://github.com/MoLeft/React2Shell-Toolbox
https://github.com/snipevx/React2Shell-POC
https://github.com/Cr4at0r/Next.js-RCE-Scanner-BurpSuite-Extension-
https://github.com/Chocapikk/CVE-2025-55182
https://github.com/alptexans/RSC-Detect-CVE-2025-55182
https://github.com/MrR0b0t19/CVE-2025-55182-shellinteractive
https://github.com/c0rydoras/CVE-2025-55182
https://github.com/gensecaihq/react2shell-scanner
https://github.com/hidden-investigations/react2shell-scanner
https://github.com/MemerGamer/CVE-2025-55182
https://github.com/StealthMoud/CVE-2025-55182-Scanner
https://github.com/chrahman/react2shell-CVE-2025-55182-full-rce-script
https://github.com/Archerkong/CVE-2025-55182
https://github.com/ZihxS/check-react-rce-cve-2025-55182
https://github.com/techgaun/cve-2025-55182-scanner
https://github.com/sickwell/CVE-2025-55182
https://github.com/Syrins/CVE-2025-55182-React2Shell-RCE
https://github.com/ThemeHackers/CVE-2025-55182
https://github.com/Tiger-Foxx/exploit-react-CVE-2025-55182
https://github.com/jctommasi/react2shellVulnApp
https://github.com/whiteov3rflow/CVE-2025-55182-poc
https://github.com/xkillbit/cve-2025-55182-scanner
https://github.com/aliclub0x00/CVE-2025-55182-POC-NEXTJS
https://github.com/ejpir/CVE-2025-55182-research
https://github.com/yanoshercohen/React2Shell_CVE-2025-55182
"These two environments only communicate through serialized messages, which allows safe execution of AI-generated code and makes the sandbox a good fit for inline UI produced by chat agents."
hmm yes serialization that's bulletproof *cough* CVE-2025-55182 *cough*
(at least they're not pretending to review code anymore)
##updated 2025-11-03T20:18:29.263000
2 posts
Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems
https://thehackernews.com/2026/03/hackers-exploit-cve-2025-32975-cvss-100.html
Short summary: https://hackerworkspace.com/article/hackers-exploit-cve-2025-32975-cvss-10-0-to-hijack-unpatched-quest-kace-sma-systems
##⚠️ CRITICAL: Quest KACE vuln (CVE-2025-32975) under active exploitation, mainly in education. No patch yet — segment networks, monitor KACE activity, and restrict access. Global risk. Details: https://radar.offseq.com/threat/critical-quest-kace-vulnerability-potentially-expl-c5cd699f #OffSeq #Vulnerability #QuestKACE #Education
##updated 2025-10-15T21:31:40
1 posts
PolyShell Vulnerability Exposes Adobe Commerce and Magento to Remote Code Execution
Sansec reports "PolyShell," an unrestricted file upload vulnerability (CVE-2025-20720) in Magento and Adobe Commerce that allows unauthenticated attackers to achieve remote code execution via the REST API.
**If you are using Adobe Commerce and Magento Open Source, restrict web server access to the pub/media/custom_options/ directory to prevent the execution of uploaded malicious scripts. Since a production patch is currently not afailable, deploy a web application firewall to block exploit attempts in real-time.**
#cybersecurity #infosec #advisory #databreach
https://beyondmachines.net/event_details/polyshell-vulnerability-exposes-adobe-commerce-and-magento-to-remote-code-execution-9-b-r-8-z/gD2P6Ple2L
updated 2025-07-29T14:14:29.590000
1 posts
(CVE-2025-41241), McKinsey AI platform hack (SQL injection), systemd age verification field.
- **Open-source tools & libraries**: Libreboot’s `mkhtemp` hardening, libdvd-package, Floci (AWS emulator), Grafeo (graph database), Regex Blaster.
- **Retro computing & niche projects**: FPGA 3dfx Voodoo implementation, AmigaOS updates (atrace, amigactl). [2/2]
updated 2023-02-01T05:08:53
1 posts
From a Silent Math Error to Certificate Bypass: Uncovering an Integer Overflow in a TLS Parser
This article details an integer overflow vulnerability within a Transport Layer Security (TLS) parser. The flaw allowed attackers to bypass certificate checks due to improper validation of parsed values. When the server received maliciously crafted client hello messages containing excessively large extensions, it failed to handle the unexpected data size. As a result, an integer overflow occurred, leading to buffer overflows and arbitrary code execution. The researcher exploited this vulnerability by sending a specially crafted TLS handshake request with extended client hello payloads that contained large, incorrectly parsed values. By modifying the length of extension fields, they tricked the parser into interpreting non-existent data as valid, causing unintended execution of malicious code and certificate bypass. The exploit resulted in a high severity vulnerability (CVE-2018-0204) with a CVSS score of 9.8. The researcher was awarded $36,000 for their findings, and the vendor promptly released patches to address this issue. To prevent similar issues, developers should perform rigorous input validation and limit the size of parsed values during TLS handshake processing. Key lesson: Proper input validation is crucial in TLS parsing to avoid buffer overflows and other security vulnerabilities #BugBounty #Cryptography #TLS #IntegerOverflow #BufferOverFlow
If you're using the #ElixirLang NodeJS package, be advised there's an information disclosure security vulnerability (CVE-2026-33872).
It'd be quite difficult for an attacker to intentionally exploit, but fairly easy to accidentally trigger yourself. Update to 3.1.4 ASAP.
https://github.com/revelrylabs/elixir-nodejs/security/advisories/GHSA-rwcr-rpcc-3g9m
##New Nvidia advisories. This is a long list of vulnerabilities with varying severity.
Of note is the critical CVE-2025-33244: Security Bulletin: NVIDIA Apex - March 2026 https://nvidia.custhelp.com/app/answers/detail/a_id/5782
The rest: https://www.nvidia.com/en-us/product-security/ #infosec #Nvidia #vulnerability
##New Nvidia advisories. This is a long list of vulnerabilities with varying severity.
Of note is the critical CVE-2025-33244: Security Bulletin: NVIDIA Apex - March 2026 https://nvidia.custhelp.com/app/answers/detail/a_id/5782
The rest: https://www.nvidia.com/en-us/product-security/ #infosec #Nvidia #vulnerability
##🟠 CVE-2026-33307 - High (7.5)
Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS. In versions prior to 0.12.3 and 0.13.0, code for client certificate verification imported the certificate chain sent by the client into a fixed size `gnutls_x509_crt_t x509[]` array with...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33307/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33307 - High (7.5)
Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS. In versions prior to 0.12.3 and 0.13.0, code for client certificate verification imported the certificate chain sent by the client into a fixed size `gnutls_x509_crt_t x509[]` array with...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33307/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33298 - High (7.8)
llama.cpp is an inference of several LLM models in C/C++. Prior to b7824, an integer overflow vulnerability in the `ggml_nbytes` function allows an attacker to bypass memory validation by crafting a GGUF file with specific tensor dimensions. This ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33298/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33298 - High (7.8)
llama.cpp is an inference of several LLM models in C/C++. Prior to b7824, an integer overflow vulnerability in the `ggml_nbytes` function allows an attacker to bypass memory validation by crafting a GGUF file with specific tensor dimensions. This ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33298/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33298 - High (7.8)
llama.cpp is an inference of several LLM models in C/C++. Prior to b7824, an integer overflow vulnerability in the `ggml_nbytes` function allows an attacker to bypass memory validation by crafting a GGUF file with specific tensor dimensions. This ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33298/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33298 - High (7.8)
llama.cpp is an inference of several LLM models in C/C++. Prior to b7824, an integer overflow vulnerability in the `ggml_nbytes` function allows an attacker to bypass memory validation by crafting a GGUF file with specific tensor dimensions. This ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33298/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔐 released sbt 1.12.7, featuring a security fix for CVE-2026-32948, Source dependency feature (via crafted VCS URL) leading to arbitrary code execution on Windows
this was discovered and fixed by Anatolii "Toli" Kmetiuk at Scala Center, who is also a new sbt committer
https://eed3si9n.com/sbt-1.12.7 #Scala
CVE-2026-33634: CRITICAL supply chain vuln in aquasecurity Trivy & GitHub Actions (<0.2.6) — credential-stealing malware deployed. Rotate all secrets, use safe versions, audit logs for 'tpcp-docs'. Full details: https://radar.offseq.com/threat/cve-2026-33634-cwe-506-embedded-malicious-code-in--163a34d0 #OffSeq #SupplyChain #CVE2026_33634
##🟠 CVE-2026-33164 - High (7.5)
libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a malformed H.265 PPS NAL unit causes a segmentation fault in pic_parameter_set::set_derived_values(). This issue has been patched in version 1.0.17.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33164/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33648 - High (8.8)
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the restreamer endpoint constructs a log file path by embedding user-controlled `users_id` and `liveTransmitionHistory_id` values from the JSON request body withou...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33648/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33647 - High (8.8)
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `ImageGallery::saveFile()` method validates uploaded file content using `finfo` MIME type detection but derives the saved filename extension from the user-supp...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33647/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33717 - High (8.8)
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `downloadVideoFromDownloadURL()` function in `objects/aVideoEncoder.json.php` saves remote content to a web-accessible temporary directory using the original U...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33717/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33717 - High (8.8)
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `downloadVideoFromDownloadURL()` function in `objects/aVideoEncoder.json.php` saves remote content to a web-accessible temporary directory using the original U...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33717/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-33716 - Critical (9.4)
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the standalone live stream control endpoint at `plugin/Live/standAloneFiles/control.json.php` accepts a user-supplied `streamerURL` parameter that overrides where ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33716/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-33716 - Critical (9.4)
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the standalone live stream control endpoint at `plugin/Live/standAloneFiles/control.json.php` accepts a user-supplied `streamerURL` parameter that overrides where ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33716/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33719 - High (8.6)
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the CDN plugin endpoints `plugin/CDN/status.json.php` and `plugin/CDN/disable.json.php` use key-based authentication with an empty string default key. When the CDN...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33719/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4645 - High (7.5)
A flaw was found in the `github.com/antchfx/xpath` component. A remote attacker could exploit this vulnerability by submitting crafted Boolean XPath expressions that evaluate to true. This can cause an infinite loop in the `logicalQuery.Select` fu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4645/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32888 - High (8.8)
Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Versions contain an SQL Injection in the Items search functionality. When the custom attribute search feature is enabled (search_custom ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32888/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##