| CVE | CVSS | EPSS | Posts | Repos | Nuclei | Updated | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-32530 | 8.8 | 0.04% | 1 | 0 | 2026-03-30T13:27:12.923000 | Incorrect Privilege Assignment vulnerability in WPFunnels Creator LMS creatorlms | |
| CVE-2026-30457 | 9.8 | 0.07% | 2 | 0 | 2026-03-30T13:26:50.827000 | An issue in the /parser/dwoo component of Daylight Studio FuelCMS v1.5.2 allows | |
| CVE-2026-30458 | 9.1 | 0.03% | 2 | 0 | 2026-03-30T13:26:50.827000 | An issue in Daylight Studio FuelCMS v1.5.2 allows attackers to exfiltrate users' | |
| CVE-2026-33669 | 9.8 | 0.04% | 1 | 0 | 2026-03-30T13:26:50.827000 | SiYuan is a personal knowledge management system. Prior to version 3.6.2, docume | |
| CVE-2026-4862 | 8.8 | 0.04% | 1 | 0 | 2026-03-30T13:26:50.827000 | A security vulnerability has been detected in UTT HiPER 1250GW up to 3.2.7-21090 | |
| CVE-2026-3098 | 6.5 | 0.03% | 1 | 1 | 2026-03-30T13:26:29.793000 | The Smart Slider 3 plugin for WordPress is vulnerable to Arbitrary File Read in | |
| CVE-2026-33697 | 7.5 | 0.00% | 2 | 0 | 2026-03-30T13:26:29.793000 | Cocos AI is a confidential computing system for AI. The current implementation o | |
| CVE-2026-33718 | 7.6 | 0.23% | 2 | 0 | 2026-03-30T13:26:29.793000 | OpenHands is software for AI-driven development. Starting in version 1.5.0, a Co | |
| CVE-2026-4906 | 8.8 | 0.05% | 2 | 0 | 2026-03-30T13:26:29.793000 | A vulnerability was determined in Tenda AC5 15.03.06.47. The affected element is | |
| CVE-2026-22743 | 7.5 | 0.04% | 2 | 0 | 2026-03-30T13:26:29.793000 | Spring AI's spring-ai-neo4j-store contains a Cypher injection vulnerability in N | |
| CVE-2026-32678 | 7.5 | 0.07% | 2 | 0 | 2026-03-30T13:26:29.793000 | Authentication bypass issue exists in BUFFALO Wi-Fi router products, which may a | |
| CVE-2026-32669 | 8.8 | 0.04% | 2 | 0 | 2026-03-30T13:26:29.793000 | Code injection vulnerability exists in BUFFALO Wi-Fi router products. If this vu | |
| CVE-2026-27650 | 8.8 | 0.12% | 2 | 0 | 2026-03-30T13:26:29.793000 | OS Command Injection vulnerability exists in BUFFALO Wi-Fi router products. If t | |
| CVE-2026-27880 | 7.5 | 0.01% | 2 | 0 | 2026-03-30T13:26:29.793000 | The OpenFeature feature toggle evaluation endpoint reads unbounded values into m | |
| CVE-2026-34374 | 9.1 | 0.03% | 2 | 0 | 2026-03-30T13:26:29.793000 | WWBN AVideo is an open source video platform. In versions up to and including 26 | |
| CVE-2026-27858 | 7.5 | 0.05% | 2 | 0 | 2026-03-30T13:26:29.793000 | Attacker can send a specifically crafted message before authentication that caus | |
| CVE-2026-29871 | 7.5 | 0.04% | 1 | 0 | 2026-03-30T13:26:29.793000 | A path traversal vulnerability exists in the awesome-llm-apps project in commit | |
| CVE-2026-33755 | 8.8 | 0.03% | 1 | 0 | 2026-03-30T13:26:29.793000 | Group-Office is an enterprise customer relationship management and groupware too | |
| CVE-2025-15381 | 8.1 | 0.01% | 1 | 0 | 2026-03-30T13:26:29.793000 | In the latest version of mlflow/mlflow, when the `basic-auth` app is enabled, tr | |
| CVE-2026-28368 | 8.7 | 0.10% | 1 | 0 | 2026-03-30T13:26:29.793000 | A flaw was found in Undertow. This vulnerability allows a remote attacker to con | |
| CVE-2026-4960 | 8.8 | 0.05% | 1 | 0 | 2026-03-30T13:26:29.793000 | A vulnerability was determined in Tenda AC6 15.03.05.16. Affected is the functio | |
| CVE-2026-32241 | 7.5 | 0.13% | 2 | 0 | 2026-03-30T13:26:29.793000 | Flannel is a network fabric for containers, designed for Kubernetes. The Flannel | |
| CVE-2026-31943 | 8.5 | 0.03% | 1 | 0 | 2026-03-30T13:26:29.793000 | LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.3, ` | |
| CVE-2026-5026 | 0 | 0.07% | 1 | 0 | 2026-03-30T13:26:29.793000 | The '/api/v1/files/images/{flow_id}/{file_name}' endpoint serves SVG files with | |
| CVE-2026-33728 | 0 | 0.57% | 1 | 0 | 2026-03-30T13:26:29.793000 | dd-trace-java is a Datadog APM client for Java. In versions of dd-trace-java 0.4 | |
| CVE-2026-5128 | 10.0 | 0.11% | 2 | 0 | 2026-03-30T13:26:07.647000 | A sensitive information exposure vulnerability exists in ArthurFiorette steam-tr | |
| CVE-2026-4415 | 8.1 | 0.37% | 4 | 0 | 2026-03-30T13:26:07.647000 | Gigabyte Control Center developed by GIGABYTE has an Arbitrary File Write vulner | |
| CVE-2025-15379 | 10.0 | 0.17% | 2 | 0 | 2026-03-30T13:26:07.647000 | A command injection vulnerability exists in MLflow's model serving container ini | |
| CVE-2026-3945 | 7.5 | 0.05% | 2 | 0 | 2026-03-30T13:26:07.647000 | An integer overflow vulnerability in the HTTP chunked transfer encoding parser i | |
| CVE-2026-2328 | 7.5 | 0.02% | 4 | 0 | 2026-03-30T13:26:07.647000 | An unauthenticated remote attacker can exploit insufficient input validation to | |
| CVE-2026-5046 | 8.8 | 0.05% | 4 | 0 | 2026-03-30T13:26:07.647000 | A flaw has been found in Tenda FH1201 1.2.0.14(408). Affected is the function fo | |
| CVE-2025-15036 | 9.6 | 0.05% | 2 | 0 | 2026-03-30T13:26:07.647000 | A path traversal vulnerability exists in the `extract_archive_to_dir` function w | |
| CVE-2026-0560 | 7.5 | 0.14% | 4 | 0 | 2026-03-30T13:26:07.647000 | A Server-Side Request Forgery (SSRF) vulnerability exists in parisneo/lollms ver | |
| CVE-2026-0558 | 7.5 | 0.11% | 4 | 0 | 2026-03-30T13:26:07.647000 | A vulnerability in parisneo/lollms, up to and including version 2.2.0, allows un | |
| CVE-2026-5045 | 8.8 | 0.05% | 2 | 0 | 2026-03-30T13:26:07.647000 | A vulnerability was detected in Tenda FH1201 1.2.0.14(408). This impacts the fun | |
| CVE-2026-32915 | 8.8 | 0.01% | 2 | 0 | 2026-03-30T13:26:07.647000 | OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability allow | |
| CVE-2026-32924 | 9.8 | 0.04% | 2 | 0 | 2026-03-30T13:26:07.647000 | OpenClaw before 2026.3.12 contains an authorization bypass vulnerability where F | |
| CVE-2026-32978 | 8.0 | 0.04% | 2 | 0 | 2026-03-30T13:26:07.647000 | OpenClaw before 2026.3.11 contains an approval integrity vulnerability where sys | |
| CVE-2026-32975 | 9.8 | 0.06% | 2 | 0 | 2026-03-30T13:26:07.647000 | OpenClaw before 2026.3.12 contains a weak authorization vulnerability in Zalouse | |
| CVE-2026-5044 | 8.8 | 0.04% | 4 | 0 | 2026-03-30T13:26:07.647000 | A security vulnerability has been detected in Belkin F9K1122 1.00.33. This affec | |
| CVE-2026-33572 | 8.4 | 0.01% | 2 | 0 | 2026-03-30T13:26:07.647000 | OpenClaw before 2026.2.17 creates session transcript JSONL files with overly bro | |
| CVE-2026-5041 | 4.7 | 0.23% | 2 | 0 | 2026-03-30T13:26:07.647000 | A vulnerability was identified in code-projects Chamber of Commerce Membership M | |
| CVE-2026-5036 | 8.8 | 0.05% | 4 | 0 | 2026-03-30T13:26:07.647000 | A vulnerability was found in Tenda 4G06 04.06.01.29. This vulnerability affects | |
| CVE-2026-5033 | 7.3 | 0.03% | 2 | 0 | 2026-03-30T13:26:07.647000 | A vulnerability was detected in code-projects Accounting System 1.0. Affected by | |
| CVE-2026-5024 | 8.8 | 0.04% | 4 | 0 | 2026-03-30T13:26:07.647000 | A vulnerability was found in D-Link DIR-513 1.10. This issue affects the functio | |
| CVE-2026-4987 | 7.5 | 0.07% | 5 | 0 | 2026-03-30T13:26:07.647000 | The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin fo | |
| CVE-2026-33976 | 9.6 | 0.14% | 5 | 0 | 2026-03-30T13:26:07.647000 | Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop and 3.3.1 | |
| CVE-2026-33875 | 9.3 | 0.05% | 3 | 0 | 2026-03-30T13:26:07.647000 | Gematik Authenticator securely authenticates users for login to digital health a | |
| CVE-2026-33939 | 7.5 | 0.04% | 1 | 0 | 2026-03-30T13:26:07.647000 | Handlebars provides the power necessary to let users build semantic templates. I | |
| CVE-2026-33943 | 8.8 | 0.07% | 1 | 0 | 2026-03-30T13:26:07.647000 | Happy DOM is a JavaScript implementation of a web browser without its graphical | |
| CVE-2026-33989 | 8.1 | 0.04% | 2 | 0 | 2026-03-30T13:26:07.647000 | Mobile Next is an MCP server for mobile development and automation. Prior to ver | |
| CVE-2026-33980 | 8.3 | 0.05% | 1 | 0 | 2026-03-30T13:26:07.647000 | Azure Data Explorer MCP Server is a Model Context Protocol (MCP) server that ena | |
| CVE-2026-33955 | 8.6 | 0.06% | 1 | 0 | 2026-03-30T13:26:07.647000 | Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop, a cross- | |
| CVE-2026-33895 | 7.5 | 0.03% | 2 | 0 | 2026-03-30T13:26:07.647000 | Forge (also called `node-forge`) is a native implementation of Transport Layer S | |
| CVE-2026-4976 | 8.8 | 0.08% | 1 | 0 | 2026-03-30T13:26:07.647000 | A vulnerability was found in Totolink LR350 9.3.5u.6369_B20220309. This vulnerab | |
| CVE-2026-4974 | 8.8 | 0.05% | 1 | 0 | 2026-03-30T13:26:07.647000 | A flaw has been found in Tenda AC7 15.03.06.44. Affected by this issue is the fu | |
| CVE-2026-4416 | 7.8 | 0.02% | 2 | 0 | 2026-03-30T09:31:38 | The Performance Library component of Gigabyte Control Center has an Insecure Des | |
| CVE-2026-4176 | None | 0.01% | 2 | 0 | 2026-03-30T06:31:31 | Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from | |
| CVE-2026-3124 | 7.5 | 0.03% | 4 | 0 | 2026-03-30T03:30:24 | The Download Monitor plugin for WordPress is vulnerable to Insecure Direct Objec | |
| CVE-2026-2370 | 8.1 | 0.01% | 2 | 0 | 2026-03-30T00:31:18 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.3 | |
| CVE-2026-33894 | 7.5 | 0.03% | 2 | 0 | 2026-03-29T21:41:48 | ## Summary RSASSA PKCS#1 v1.5 signature verification accepts forged signatures f | |
| CVE-2026-4946 | 8.8 | 0.04% | 4 | 0 | 2026-03-29T21:30:32 | Ghidra versions prior to 12.0.3 improperly process annotation directives embedde | |
| CVE-2026-34005 | 8.8 | 0.09% | 4 | 1 | 2026-03-29T18:30:30 | In Sofia on Xiongmai DVR/NVR (AHB7008T-MH-V2 and NBD7024H-P) 4.03.R11 devices, r | |
| CVE-2026-0562 | 8.3 | 0.05% | 4 | 0 | 2026-03-29T18:30:30 | A critical security vulnerability in parisneo/lollms versions up to 2.2.0 allows | |
| CVE-2026-22744 | 7.5 | 0.03% | 2 | 0 | 2026-03-29T15:36:29 | In RedisFilterExpressionConverter of spring-ai-redis-store, when a user-controll | |
| CVE-2026-22742 | 8.6 | 0.03% | 2 | 0 | 2026-03-29T15:33:26 | Spring AI's spring-ai-bedrock-converse contains a Server-Side Request Forgery (S | |
| CVE-2026-22738 | 9.8 | 0.07% | 3 | 0 | 2026-03-29T15:31:54 | In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a | |
| CVE-2026-33573 | 8.8 | 0.04% | 4 | 0 | 2026-03-29T15:30:29 | OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in the | |
| CVE-2026-32980 | 7.5 | 0.06% | 4 | 0 | 2026-03-29T15:30:29 | OpenClaw before 2026.3.13 reads and buffers Telegram webhook request bodies befo | |
| CVE-2026-33575 | 7.5 | 0.03% | 4 | 0 | 2026-03-29T15:30:29 | OpenClaw before 2026.3.12 embeds long-lived shared gateway credentials directly | |
| CVE-2026-32987 | 9.8 | 0.04% | 2 | 0 | 2026-03-29T15:30:29 | OpenClaw before 2026.3.13 allows bootstrap setup codes to be replayed during dev | |
| CVE-2026-32922 | 10.0 | 0.21% | 4 | 0 | 2026-03-29T15:30:28 | OpenClaw before 2026.3.11 contains a privilege escalation vulnerability in devic | |
| CVE-2026-32974 | 8.6 | 0.07% | 6 | 0 | 2026-03-29T15:30:28 | OpenClaw before 2026.3.12 contains an authentication bypass vulnerability in Fei | |
| CVE-2026-32973 | 9.8 | 0.05% | 6 | 0 | 2026-03-29T15:30:28 | OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability where | |
| CVE-2026-32914 | 8.8 | 0.04% | 2 | 0 | 2026-03-29T15:30:28 | OpenClaw before 2026.3.12 contains an insufficient access control vulnerability | |
| CVE-2026-32918 | 8.4 | 0.01% | 2 | 0 | 2026-03-29T15:30:28 | OpenClaw before 2026.3.11 contains a session sandbox escape vulnerability in the | |
| CVE-2026-34226 | 7.5 | 0.03% | 1 | 0 | 2026-03-29T15:23:57 | ### Summary `happy-dom` may attach cookies from the current page origin (`window | |
| CVE-2026-5043 | 8.8 | 0.04% | 2 | 0 | 2026-03-29T12:31:25 | A weakness has been identified in Belkin F9K1122 1.00.33. The impacted element i | |
| CVE-2026-5042 | 8.8 | 0.04% | 2 | 0 | 2026-03-29T12:31:25 | A security flaw has been discovered in Belkin F9K1122 1.00.33. The affected elem | |
| CVE-2026-5035 | 7.3 | 0.03% | 2 | 0 | 2026-03-29T09:30:17 | A vulnerability has been found in code-projects Accounting System 1.0. This affe | |
| CVE-2026-5021 | 8.8 | 0.05% | 4 | 0 | 2026-03-29T03:30:24 | A flaw has been found in Tenda F453 1.0.0.3. This affects the function fromPPTPU | |
| CVE-2026-4851 | None | 0.09% | 4 | 0 | 2026-03-29T03:30:17 | GRID::Machine versions through 0.127 for Perl allows arbitrary code execution vi | |
| CVE-2026-5019 | 7.3 | 0.03% | 2 | 0 | 2026-03-29T00:31:05 | A security vulnerability has been detected in code-projects Simple Food Order Sy | |
| CVE-2026-5004 | 8.8 | 0.04% | 4 | 0 | 2026-03-28T18:30:20 | A vulnerability was determined in Wavlink WL-WN579X3-C 231124. This impacts the | |
| CVE-2017-20225 | 9.8 | 0.07% | 1 | 0 | 2026-03-28T12:30:36 | TiEmu 2.08 and prior contains a stack-based buffer overflow vulnerability that a | |
| CVE-2017-20227 | 9.8 | 0.07% | 1 | 0 | 2026-03-28T12:30:36 | JAD Java Decompiler 1.5.8e-1kali1 and prior contains a stack-based buffer overfl | |
| CVE-2026-4248 | 8.0 | 0.03% | 2 | 0 | 2026-03-28T00:31:24 | The Ultimate Member plugin for WordPress is vulnerable to Sensitive Information | |
| CVE-2026-27309 | 7.8 | 0.03% | 1 | 0 | 2026-03-28T00:31:19 | Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free | |
| CVE-2025-53521 | 9.8 | 19.16% | 12 | 0 | 2026-03-27T22:00:02.283000 | When a BIG-IP APM access policy is configured on a virtual server, specific mali | |
| CVE-2026-33938 | 8.1 | 0.07% | 1 | 0 | 2026-03-27T21:52:26 | ## Summary The `@partial-block` special variable is stored in the template data | |
| CVE-2026-33937 | 9.8 | 0.25% | 3 | 1 | 2026-03-27T21:52:19 | ## Summary `Handlebars.compile()` accepts a pre-parsed AST object in addition t | |
| CVE-2026-33891 | 7.5 | 0.04% | 1 | 0 | 2026-03-27T21:50:32 | ## Summary A Denial of Service (DoS) vulnerability exists in the node-forge lib | |
| CVE-2026-33870 | 7.5 | 0.03% | 2 | 0 | 2026-03-27T21:49:46 | ## Summary Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer | |
| CVE-2026-33873 | None | 0.08% | 1 | 0 | 2026-03-27T21:49:28 | ## Description ### 1. Summary The Agentic Assistant feature in Langflow execut | |
| CVE-2026-33747 | 8.4 | 0.01% | 2 | 0 | 2026-03-27T21:37:40 | ### Impact When using a custom BuildKit frontend, the frontend can craft an API | |
| CVE-2026-33744 | 7.8 | 0.02% | 2 | 0 | 2026-03-27T21:37:34 | ## Summary The `docker.system_packages` field in `bentofile.yaml` accepts arbit | |
| CVE-2026-33701 | None | 0.50% | 1 | 0 | 2026-03-27T21:37:05 | In versions prior to 2.26.1, the RMI instrumentation registered a custom endpoin | |
| CVE-2026-30529 | 8.8 | 0.01% | 1 | 0 | 2026-03-27T21:32:40 | A SQL Injection vulnerability exists in SourceCodester Online Food Ordering Syst | |
| CVE-2026-30303 | 9.8 | 0.35% | 1 | 0 | 2026-03-27T21:32:40 | The command auto-approval module in Axon Code contains an OS Command Injection v | |
| CVE-2026-30637 | 7.5 | 0.08% | 1 | 0 | 2026-03-27T21:32:40 | Server-Side Request Forgery (SSRF) vulnerability exists in the AnnounContent of | |
| CVE-2026-30463 | 7.7 | 0.03% | 2 | 0 | 2026-03-27T21:32:39 | Daylight Studio FuelCMS v1.5.2 was discovered to contain a SQL injection vulnera | |
| CVE-2026-30689 | 7.5 | 0.03% | 1 | 0 | 2026-03-27T21:32:39 | A blog.admin v.8.0 and before system's getinfobytoken API interface contains an | |
| CVE-2026-30304 | 9.7 | 0.06% | 1 | 0 | 2026-03-27T21:32:39 | In its design for automatic terminal command execution, AI Code offers two optio | |
| CVE-2026-30302 | 10.0 | 0.41% | 1 | 0 | 2026-03-27T21:32:39 | The command auto-approval module in CodeRider-Kilo contains an OS Command Inject | |
| CVE-2026-4975 | 8.8 | 0.05% | 1 | 0 | 2026-03-27T21:31:44 | A vulnerability has been found in Tenda AC15 15.03.05.19. This affects the funct | |
| CVE-2026-33757 | 9.6 | 0.06% | 1 | 0 | 2026-03-27T21:31:24 | ### Impact OpenBao does not prompt for user confirmation when logging in via JW | |
| CVE-2026-33942 | None | 0.33% | 1 | 0 | 2026-03-27T18:33:44 | ### Impact Users of the OAuth2 utilities in Saloon, specifically the `AccessToke | |
| CVE-2026-32857 | 8.6 | 0.03% | 2 | 0 | 2026-03-27T18:32:30 | Firecrawl version 2.8.0 and prior contain a server-side request forgery (SSRF) p | |
| CVE-2026-28367 | 8.7 | 0.04% | 1 | 0 | 2026-03-27T18:31:34 | A flaw was found in Undertow. A remote attacker can exploit this vulnerability b | |
| CVE-2026-28369 | 8.7 | 0.13% | 1 | 0 | 2026-03-27T18:31:34 | A flaw was found in Undertow. When Undertow receives an HTTP request where the f | |
| CVE-2026-4961 | 8.8 | 0.05% | 1 | 0 | 2026-03-27T18:31:34 | A vulnerability was identified in Tenda AC6 15.03.05.16. Affected by this vulner | |
| CVE-2026-27876 | 9.1 | 0.08% | 2 | 0 | 2026-03-27T18:31:26 | A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to | |
| CVE-2026-33941 | 8.3 | 0.02% | 1 | 0 | 2026-03-27T18:22:12 | ## Summary The Handlebars CLI precompiler (`bin/handlebars` / `lib/precompiler. | |
| CVE-2026-33940 | 8.1 | 0.04% | 1 | 0 | 2026-03-27T18:21:45 | ## Summary A crafted object placed in the template context can bypass all condi | |
| CVE-2026-33979 | 8.2 | 0.01% | 2 | 0 | 2026-03-27T17:56:47 | ## Description A vulnerability has been identified in express-xss-sanitizer (<= | |
| CVE-2026-33945 | 10.0 | 0.06% | 3 | 0 | 2026-03-27T17:22:35 | ### Summary Incus instances have an option to provide credentials to systemd in | |
| CVE-2026-33898 | 8.8 | 0.06% | 2 | 0 | 2026-03-27T17:21:35 | ### Summary The web server spawned by `incus webui` incorrectly validates the au | |
| CVE-2026-33897 | 10.0 | 0.05% | 1 | 0 | 2026-03-27T17:17:04 | ### Summary Instance template files can be used to cause arbitrary read or write | |
| CVE-2026-4984 | 8.2 | 0.03% | 2 | 0 | 2026-03-27T15:30:32 | The Twilio integration webhook handler accepts any POST request without validati | |
| CVE-2026-5027 | 8.8 | 0.05% | 2 | 0 | 2026-03-27T15:30:32 | The 'POST /api/v2/files' endpoint does not sanitize the 'filename' parameter fro | |
| CVE-2026-27893 | 8.8 | 0.03% | 2 | 0 | 2026-03-27T15:27:20 | ### Summary Two model implementation files hardcode `trust_remote_code=True` | |
| CVE-2026-33634 | 8.8 | 20.84% | 3 | 1 | 2026-03-27T13:26:11.020000 | Trivy is a security scanner. On March 19, 2026, a threat actor used compromised | |
| CVE-2026-24031 | 7.7 | 0.05% | 1 | 0 | 2026-03-27T09:31:19 | Dovecot SQL based authentication can be bypassed when auth_username_chars is cle | |
| CVE-2025-59032 | 7.5 | 0.06% | 2 | 0 | 2026-03-27T09:31:18 | ManageSieve AUTHENTICATE command crashes when using literal as SASL initial resp | |
| CVE-2026-4905 | 8.8 | 0.05% | 2 | 0 | 2026-03-27T00:31:32 | A vulnerability was found in Tenda AC5 15.03.06.47. Impacted is the function for | |
| CVE-2026-4904 | 8.8 | 0.05% | 2 | 0 | 2026-03-27T00:31:32 | A vulnerability has been found in Tenda AC5 15.03.06.47. This issue affects the | |
| CVE-2026-32522 | 8.6 | 0.05% | 1 | 0 | 2026-03-26T21:32:31 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') v | |
| CVE-2026-33396 | 9.9 | 0.76% | 2 | 0 | 2026-03-26T20:40:52.840000 | OneUptime is an open-source monitoring and observability platform. Prior to vers | |
| CVE-2025-15101 | 8.8 | 0.02% | 1 | 0 | 2026-03-26T16:43:20.300000 | A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Web | |
| CVE-2026-33696 | 10.0 | 0.24% | 1 | 0 | 2026-03-26T16:41:02 | ## Impact An authenticated user with permission to create or modify workflows co | |
| CVE-2026-24068 | 8.8 | 0.04% | 1 | 0 | 2026-03-26T15:31:40 | The VSL privileged helper does utilize NSXPC for IPC. The implementation of the | |
| CVE-2026-32523 | 10.0 | 0.04% | 1 | 0 | 2026-03-26T15:31:39 | Unrestricted Upload of File with Dangerous Type vulnerability in denishua WPJAM | |
| CVE-2026-4747 | 8.8 | 0.15% | 1 | 0 | 2026-03-26T15:31:39 | Each RPCSEC_GSS data packet is validated by a routine which checks a signature i | |
| CVE-2026-4652 | 7.5 | 0.05% | 1 | 0 | 2026-03-26T15:31:38 | On a system exposing an NVMe/TCP target, a remote client can trigger a kernel pa | |
| CVE-2026-4247 | 7.5 | 0.02% | 1 | 0 | 2026-03-26T15:16:41.263000 | When a challenge ACK is to be sent tcp_respond() constructs and sends the challe | |
| CVE-2026-33515 | 0 | 0.96% | 2 | 0 | 2026-03-26T15:13:15.790000 | Squid is a caching proxy for the Web. Prior to version 7.5, due to improper inpu | |
| CVE-2026-33526 | 0 | 1.98% | 2 | 0 | 2026-03-26T15:13:15.790000 | Squid is a caching proxy for the Web. Prior to version 7.5, due to heap Use-Afte | |
| CVE-2026-33017 | 9.8 | 5.65% | 1 | 5 | 2026-03-26T13:26:16.393000 | Langflow is a tool for building and deploying AI-powered agents and workflows. I | |
| CVE-2026-4861 | 8.8 | 0.04% | 1 | 0 | 2026-03-26T09:30:34 | A weakness has been identified in Wavlink WL-NU516U1 260227. This vulnerability | |
| CVE-2019-25630 | 8.8 | 0.67% | 2 | 0 | 2026-03-26T00:30:54 | PhreeBooks ERP 5.2.3 contains an arbitrary file upload vulnerability in the Imag | |
| CVE-2026-33660 | 10.0 | 0.11% | 1 | 0 | 2026-03-25T21:07:45 | ## Impact An authenticated user with permission to create or modify workflows co | |
| CVE-2026-33478 | 10.0 | 1.95% | 2 | 0 | 2026-03-25T18:49:55 | ## Summary Multiple vulnerabilities in AVideo's CloneSite plugin chain together | |
| CVE-2025-33244 | 9.1 | 0.06% | 1 | 0 | 2026-03-24T21:31:35 | NVIDIA APEX for Linux contains a vulnerability where an unauthorized attacker co | |
| CVE-2026-3055 | 0 | 0.03% | 29 | 2 | template | 2026-03-24T15:54:09.400000 | Insufficient input validation in NetScaler ADC and NetScaler Gateway when config |
| CVE-2026-33167 | 0 | 0.02% | 1 | 0 | 2026-03-24T15:53:48.067000 | Action Pack is a Rubygem for building web applications on the Rails framework. I | |
| CVE-2026-4681 | 0 | 0.50% | 1 | 0 | 2026-03-24T15:53:48.067000 | A critical remote code execution (RCE) vulnerability has been reported in PTC Wi | |
| CVE-2026-4611 | 7.2 | 1.01% | 2 | 0 | 2026-03-24T00:30:29 | A flaw has been found in TOTOLINK X6000R 9.4.0cu.1360_B20241207/9.4.0cu.1498_B20 | |
| CVE-2026-26829 | 7.5 | 0.90% | 2 | 0 | 2026-03-23T18:30:39 | A NULL pointer dereference in the safe_atou64 function (src/misc.c) of owntone-s | |
| CVE-2026-4438 | 5.4 | 0.03% | 2 | 0 | 2026-03-23T15:16:35.680000 | Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that sp | |
| CVE-2026-3584 | 9.8 | 0.29% | 3 | 1 | 2026-03-23T14:32:02.800000 | The Kali Forms plugin for WordPress is vulnerable to Remote Code Execution in al | |
| CVE-2026-3587 | 10.0 | 0.12% | 1 | 1 | 2026-03-23T09:30:29 | An unauthenticated remote attacker can exploit a hidden function in the CLI prom | |
| CVE-2006-10003 | 9.8 | 0.07% | 1 | 0 | 2026-03-19T18:32:22 | XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflo | |
| CVE-2026-31853 | 5.7 | 0.01% | 2 | 0 | 2026-03-19T18:26:38 | An overflow on 32-bit systems can cause a crash in the SFW decoder when process | |
| CVE-2026-30929 | 7.7 | 0.01% | 2 | 0 | 2026-03-13T17:02:14.297000 | ImageMagick is free and open-source software used for editing and manipulating d | |
| CVE-2026-30931 | 6.8 | 0.01% | 2 | 0 | 2026-03-13T16:59:45.720000 | ImageMagick is free and open-source software used for editing and manipulating d | |
| CVE-2026-28493 | 6.5 | 0.06% | 2 | 0 | 2026-03-12T15:19:11.260000 | ImageMagick is free and open-source software used for editing and manipulating d | |
| CVE-2026-28689 | 6.3 | 0.01% | 2 | 0 | 2026-03-12T14:46:19.103000 | ImageMagick is free and open-source software used for editing and manipulating d | |
| CVE-2026-30937 | 6.8 | 0.01% | 2 | 0 | 2026-03-12T14:16:53 | A 32-bit unsigned integer overflow in the XWD (X Windows) encoder can cause an u | |
| CVE-2026-28693 | 8.1 | 0.06% | 2 | 0 | 2026-03-12T14:12:57 | An integer overflow in DIB coder can result in out of bounds read or write | |
| CVE-2026-28691 | 7.5 | 0.06% | 2 | 0 | 2026-03-12T14:12:05 | An uninitialized pointer dereference vulnerability exists in the JBIG decoder du | |
| CVE-2026-28690 | 6.9 | 0.01% | 2 | 0 | 2026-03-12T14:11:49 | A stack buffer overflow vulnerability exists in the MNG encoder. There is a boun | |
| CVE-2026-28688 | 4.0 | 0.04% | 2 | 0 | 2026-03-12T14:11:34 | A heap-use-after-free vulnerability exists in the MSL encoder, where a cloned im | |
| CVE-2026-28687 | 5.3 | 0.05% | 2 | 0 | 2026-03-12T14:09:34 | A heap use-after-free vulnerability in ImageMagick's MSL decoder allows an attac | |
| CVE-2026-28686 | 6.8 | 0.02% | 2 | 0 | 2026-03-12T14:09:13 | A heap-buffer-overflow vulnerability exists in the PCL encode due to an undersiz | |
| CVE-2026-28494 | 7.1 | 0.01% | 2 | 0 | 2026-03-12T14:08:48 | A stack buffer overflow exists in ImageMagick's morphology kernel parsing functi | |
| CVE-2026-30936 | 5.5 | 0.02% | 2 | 0 | 2026-03-11T17:48:46.670000 | ImageMagick is free and open-source software used for editing and manipulating d | |
| CVE-2026-30935 | 4.4 | 0.01% | 2 | 0 | 2026-03-11T17:45:20.950000 | ImageMagick is free and open-source software used for editing and manipulating d | |
| CVE-2026-30883 | 5.7 | 0.01% | 2 | 0 | 2026-03-10T21:05:04 | An extremely large image profile could result in a heap overflow when encoding a | |
| CVE-2026-28692 | 4.8 | 0.02% | 2 | 0 | 2026-03-10T21:02:43 | In MAT decoder uses 32-bit arithmetic due to incorrect parenthesization resultin | |
| CVE-2026-0848 | 10.0 | 0.48% | 3 | 1 | 2026-03-09T13:36:08.413000 | NLTK versions <=3.9.2 are vulnerable to arbitrary code execution due to improper | |
| CVE-2026-27799 | 4.0 | 0.01% | 2 | 0 | 2026-02-27T22:17:07 | A heap Buffer Over-read vulnerability exists in the DJVU image format handler. T | |
| CVE-2026-27798 | 4.0 | 0.01% | 2 | 0 | 2026-02-27T16:03:31.390000 | ImageMagick is free and open-source software used for editing and manipulating d | |
| CVE-2026-24484 | 5.3 | 0.06% | 2 | 0 | 2026-02-27T14:37:34.207000 | ImageMagick is free and open-source software used for editing and manipulating d | |
| CVE-2026-24485 | 7.5 | 0.06% | 2 | 0 | 2026-02-27T14:34:13.443000 | ImageMagick is free and open-source software used for editing and manipulating d | |
| CVE-2026-25897 | 6.5 | 0.06% | 2 | 0 | 2026-02-24T18:44:12.467000 | ImageMagick is free and open-source software used for editing and manipulating d | |
| CVE-2026-25989 | 7.5 | 0.02% | 2 | 0 | 2026-02-24T18:43:16.560000 | ImageMagick is free and open-source software used for editing and manipulating d | |
| CVE-2026-26283 | 6.2 | 0.02% | 2 | 0 | 2026-02-24T18:41:35.010000 | ImageMagick is free and open-source software used for editing and manipulating d | |
| CVE-2026-25638 | 5.3 | 0.06% | 2 | 0 | 2026-02-24T17:29:35.520000 | ImageMagick is free and open-source software used for editing and manipulating d | |
| CVE-2026-26983 | 5.3 | 0.02% | 2 | 0 | 2026-02-24T15:46:51 | The MSL interpreter crashes when processing a invalid `<map>` element that cause | |
| CVE-2026-26066 | 6.2 | 0.02% | 2 | 0 | 2026-02-24T15:46:05 | A crafted profile contain invalid IPTC data may cause an infinite loop when writ | |
| CVE-2026-25988 | 5.3 | 0.02% | 2 | 0 | 2026-02-24T15:45:15 | Sometimes msl.c fails to update the stack index, so an image is stored in the wr | |
| CVE-2026-25987 | 5.3 | 0.01% | 2 | 0 | 2026-02-24T15:44:50 | A heap buffer over-read vulnerability exists in the MAP image decoder when proce | |
| CVE-2026-25985 | 7.5 | 0.02% | 2 | 0 | 2026-02-24T15:44:21 | A crafted SVG file containing an malicious element causes ImageMagick to attempt | |
| CVE-2026-25983 | 5.3 | 0.03% | 2 | 0 | 2026-02-24T15:43:55 | A crafted MSL script triggers a heap-use-after-free. The operation element handl | |
| CVE-2026-25969 | 5.3 | 0.06% | 2 | 0 | 2026-02-24T15:43:30 | Memory leak exists in `coders/ashlar.c`. The `WriteASHLARImage` allocates a stru | |
| CVE-2026-25967 | 7.4 | 0.06% | 2 | 0 | 2026-02-24T15:43:05 | ### Summary A stack-based buffer overflow exists in the ImageMagick FTXT image r | |
| CVE-2026-25966 | 5.9 | 0.01% | 2 | 0 | 2026-02-24T15:42:39 | The shipped “secure” security policy includes a rule intended to prevent reading | |
| CVE-2026-25965 | 8.6 | 0.05% | 2 | 0 | 2026-02-24T15:40:08 | ImageMagick’s path security policy is enforced on the raw filename string before | |
| CVE-2026-25898 | 6.5 | 0.06% | 2 | 0 | 2026-02-24T15:39:16 | The UIL and XPM image encoder do not validate the pixel index value returned by | |
| CVE-2026-25799 | 5.3 | 0.06% | 2 | 0 | 2026-02-24T15:37:56 | A logic error in YUV sampling factor validation allows an invalid sampling facto | |
| CVE-2026-25798 | 5.3 | 0.15% | 2 | 0 | 2026-02-24T15:36:10 | A NULL pointer dereference in ClonePixelCacheRepository allows a remote attacker | |
| CVE-2026-25797 | 5.7 | 0.03% | 2 | 0 | 2026-02-24T15:34:27 | The ps encoders, responsible for writing PostScript files, fails to sanitize the | |
| CVE-2026-25796 | 5.3 | 0.06% | 2 | 0 | 2026-02-24T15:34:00 | ### Summary In `ReadSTEGANOImage()` (`coders/stegano.c`), the `watermark` Image | |
| CVE-2026-25795 | 5.3 | 0.06% | 2 | 0 | 2026-02-24T15:32:39 | In `ReadSFWImage()` (`coders/sfw.c`), when temporary file creation fails, `read_ | |
| CVE-2026-25794 | 8.2 | 0.06% | 2 | 0 | 2026-02-24T15:31:59 | `WriteUHDRImage` in `coders/uhdr.c` uses `int` arithmetic to compute the pixel b | |
| CVE-2026-25637 | 5.3 | 0.06% | 2 | 0 | 2026-02-24T15:30:17 | A memory leak in the ASHLAR image writer allows an attacker to exhaust process m | |
| CVE-2026-25576 | 5.1 | 0.01% | 2 | 0 | 2026-02-24T15:29:48 | A heap buffer over-read vulnerability exists in multiple raw image format handle | |
| CVE-2026-24481 | 7.5 | 0.05% | 2 | 0 | 2026-02-24T15:27:31 | ### Description A heap information disclosure vulnerability exists in ImageMagic | |
| CVE-2026-21962 | 10.0 | 0.02% | 1 | 8 | 2026-02-03T00:16:10.653000 | Vulnerability in the Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in pr | |
| CVE-2025-12548 | 9.0 | 44.19% | 1 | 0 | 2026-01-14T16:26:00.933000 | A flaw was found in Eclipse Che che-machine-exec. This vulnerability allows unau | |
| CVE-2025-14325 | 7.3 | 0.09% | 1 | 0 | 2026-01-07T16:15:49.840000 | JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability a | |
| CVE-2024-54492 | 9.8 | 0.27% | 1 | 0 | 2025-11-04T00:32:14 | This issue was addressed by using HTTPS when sending information over the networ | |
| CVE-2025-32975 | 10.0 | 0.17% | 2 | 0 | 2025-11-03T21:35:11 | Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x bef | |
| CVE-2020-14882 | 9.8 | 94.45% | 1 | 41 | template | 2025-10-27T17:09:11.960000 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware |
| CVE-2025-33073 | 8.8 | 44.13% | 1 | 7 | 2025-10-22T00:34:22 | Improper access control in Windows SMB allows an authorized attacker to elevate | |
| CVE-2023-2868 | 9.4 | 90.02% | 1 | 4 | 2025-10-22T00:33:51 | A remote command injection vulnerability exists in the Barracuda Email Security | |
| CVE-2017-10271 | 7.5 | 94.44% | 1 | 31 | template | 2025-10-22T00:31:29 | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar |
| CVE-2025-55315 | 9.9 | 0.21% | 2 | 7 | 2025-10-21T21:04:55 | # Microsoft Security Advisory CVE-2025-55315: .NET Security Feature Bypass Vulne | |
| CVE-2025-5063 | 8.8 | 0.46% | 1 | 0 | 2025-05-28T15:35:30 | Use after free in Compositing in Google Chrome prior to 137.0.7151.55 allowed a | |
| CVE-2020-8561 | 4.1 | 0.18% | 1 | 0 | 2024-11-21T05:39:02.050000 | A security issue was discovered in Kubernetes where actors that control the resp | |
| CVE-2026-31893 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-32854 | 0 | 1.37% | 2 | 0 | N/A | ||
| CVE-2026-32748 | 0 | 0.98% | 3 | 0 | N/A | ||
| CVE-2026-33991 | 0 | 0.05% | 2 | 0 | N/A | ||
| CVE-2026-1679 | 0 | 0.03% | 1 | 0 | N/A | ||
| CVE-2026-34205 | 0 | 0.02% | 2 | 0 | N/A | ||
| CVE-2026-33953 | 0 | 0.03% | 1 | 0 | N/A | ||
| CVE-2026-34375 | 0 | 0.03% | 2 | 0 | N/A | ||
| CVE-2026-33874 | 0 | 0.07% | 1 | 0 | N/A | ||
| CVE-2026-31945 | 0 | 0.03% | 1 | 0 | N/A | ||
| CVE-2026-1678 | 0 | 0.05% | 1 | 0 | N/A |
updated 2026-03-30T13:27:12.923000
1 posts
🟠 CVE-2026-32530 - High (8.8)
Incorrect Privilege Assignment vulnerability in WPFunnels Creator LMS creatorlms allows Privilege Escalation.This issue affects Creator LMS: from n/a through <= 1.1.18.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32530/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-30T13:26:50.827000
2 posts
🔴 CVE-2026-30457 - Critical (9.8)
An issue in the /parser/dwoo component of Daylight Studio FuelCMS v1.5.2 allows attackers to execute arbitrary code via crafted PHP code.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30457/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-30457 - Critical (9.8)
An issue in the /parser/dwoo component of Daylight Studio FuelCMS v1.5.2 allows attackers to execute arbitrary code via crafted PHP code.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30457/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-30T13:26:50.827000
2 posts
🔴 CVE-2026-30458 - Critical (9.1)
An issue in Daylight Studio FuelCMS v1.5.2 allows attackers to exfiltrate users' password reset tokens via a mail splitting attack.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30458/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-30458 - Critical (9.1)
An issue in Daylight Studio FuelCMS v1.5.2 allows attackers to exfiltrate users' password reset tokens via a mail splitting attack.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30458/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-30T13:26:50.827000
1 posts
🚨 CVE-2026-33669: SiYuan (<3.6.2) has a CRITICAL out-of-bounds read flaw (CVSS 9.8). No auth/user interaction needed — remote attackers can leak sensitive memory. Upgrade to 3.6.2 ASAP! https://radar.offseq.com/threat/cve-2026-33669-cwe-125-out-of-bounds-read-in-siyua-064aace2 #OffSeq #Vulnerability #SiYuan #Cybersecurity
##updated 2026-03-30T13:26:50.827000
1 posts
🟠 CVE-2026-4862 - High (8.8)
A security vulnerability has been detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file /goform/formConfigDnsFilterGlobal of the component Parameter Handler. Such manipulation of the argument Gr...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4862/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-30T13:26:29.793000
1 posts
1 repos
https://github.com/George0Papasotiriou/LLM-Jailbreak-via-Chain-of-Logic-Injection-CVE-2026-3098
📢 CVE-2026-3098 : faille de lecture de fichiers dans Smart Slider 3 expose 500 000 sites WordPress
📝 ## 🔍 Contexte
Publié le 29 mars 2026 par BleepingComputer, cet a...
📖 cyberveille : https://cyberveille.ch/posts/2026-03-30-cve-2026-3098-faille-de-lecture-de-fichiers-dans-smart-slider-3-expose-500-000-sites-wordpress/
🌐 source : https://www.bleepingcomputer.com/news/security/file-read-flaw-in-smart-slider-plugin-impacts-500k-wordpress-sites/
#CVE_2026_3098 #IOC #Cyberveille
updated 2026-03-30T13:26:29.793000
2 posts
🟠 CVE-2026-33697 - High (7.5)
Cocos AI is a confidential computing system for AI. The current implementation of attested TLS (aTLS) in CoCoS is vulnerable to a relay attack affecting all versions from v0.4.0 through v0.8.2. This vulnerability is present in both the AMD SEV-SNP...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33697/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33697 - High (7.5)
Cocos AI is a confidential computing system for AI. The current implementation of attested TLS (aTLS) in CoCoS is vulnerable to a relay attack affecting all versions from v0.4.0 through v0.8.2. This vulnerability is present in both the AMD SEV-SNP...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33697/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-30T13:26:29.793000
2 posts
🟠 CVE-2026-33718 - High (7.6)
OpenHands is software for AI-driven development. Starting in version 1.5.0, a Command Injection vulnerability exists in the `get_git_diff()` method at `openhands/runtime/utils/git_handler.py:134`. The `path` parameter from the `/api/conversations/...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33718/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33718 - High (7.6)
OpenHands is software for AI-driven development. Starting in version 1.5.0, a Command Injection vulnerability exists in the `get_git_diff()` method at `openhands/runtime/utils/git_handler.py:134`. The `path` parameter from the `/api/conversations/...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33718/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-30T13:26:29.793000
2 posts
🟠 CVE-2026-4906 - High (8.8)
A vulnerability was determined in Tenda AC5 15.03.06.47. The affected element is the function decodePwd of the file /goform/WizardHandle of the component POST Request Handler. Executing a manipulation of the argument WANT/WANS can lead to stack-ba...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4906/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4906 - High (8.8)
A vulnerability was determined in Tenda AC5 15.03.06.47. The affected element is the function decodePwd of the file /goform/WizardHandle of the component POST Request Handler. Executing a manipulation of the argument WANT/WANS can lead to stack-ba...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4906/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-30T13:26:29.793000
2 posts
🟠 CVE-2026-22743 - High (7.5)
Spring AI's spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpressionConverter. When a user-controlled string is passed as a filter expression key in Neo4jVectorFilterExpressionConverter of spring-ai-neo4...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22743/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-22743 - High (7.5)
Spring AI's spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpressionConverter. When a user-controlled string is passed as a filter expression key in Neo4jVectorFilterExpressionConverter of spring-ai-neo4...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22743/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-30T13:26:29.793000
2 posts
🟠 CVE-2026-32678 - High (7.5)
Authentication bypass issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to alter critical configuration settings without authentication.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32678/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32678 - High (7.5)
Authentication bypass issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to alter critical configuration settings without authentication.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32678/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-30T13:26:29.793000
2 posts
🟠 CVE-2026-32669 - High (8.8)
Code injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary code may be executed on the products.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32669/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32669 - High (8.8)
Code injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary code may be executed on the products.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32669/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-30T13:26:29.793000
2 posts
🟠 CVE-2026-27650 - High (8.8)
OS Command Injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary OS command may be executed on the products.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27650/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27650 - High (8.8)
OS Command Injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary OS command may be executed on the products.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27650/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-30T13:26:29.793000
2 posts
- Syncthing got a 2.0 release and switched from LevelDB to SQLite https://github.com/syncthing/syncthing/releases
- macOS did that weird (a) Upgrade https://support.apple.com/de-de/126604 and is now at 2.6.4 with 8 (eight!) new emojis https://support.apple.com/en-us/122868
- Grafana security fix 12.4.1 -> 12.4.2 https://grafana.com/blog/grafana-security-release-critical-and-high-severity-security-fixes-for-cve-2026-27876-and-cve-2026-27880/
- TandoorRecipes got shared shopping lists and pantry inventory with 2.6.0 and an security update to 2.6.1 https://github.com/TandoorRecipes/recipes/releases
- Grist, qbittorrent and smokeping got updates for their containers. I haven't figured out what changed. https://hub.docker.com/r/gristlabs/grist https://github.com/linuxserver/docker-qbittorrent/releases https://github.com/linuxserver/docker-smokeping/releases
- Redis 8.6.2 with some bugfixes https://github.com/redis/redis/releases
- Home Assistant 2026.3.3 -> 2026.3.4. Nothing interesting. https://github.com/home-assistant/core/releases
- oh-my-zsh with tiny changes https://github.com/ohmyzsh/ohmyzsh/commits/master/
- Next section is done by homebrew. I don't even know what half of the stuff is used for. Don't judge for having fish and zsh.
ffmpeg 8.0.1_4 -> 8.1
pandoc 3.9 -> 3.9.0.2
nghttp2 1.68.0_1 -> 1.68.1
simdjson 4.4.0 -> 4.4.2
freetype 2.14.2 -> 2.14.3
cryptography 46.0.5 -> 46.0.6
ipython 9.11.0 -> 9.12.0
libavif 1.4.0 -> 1.4.1
harfbuzz 13.1.1 -> 13.2.1
glib 2.86.4 -> 2.88.0
aom 3.13.1 -> 3.13.2
svt-av1 4.0.1 -> 4.1.0
libnghttp2 1.68.0 -> 1.68.1
openexr 3.4.6 -> 3.4.8
ca-certificates 2025-12-02 -> 2026-03-19
esphome 2026.2.4 -> 2026.3.1
jupyterlab 4.5.6 -> 4.5.6_1
ada-url 3.4.3 -> 3.4.4
node 25.8.1_1 -> 25.8.2
fish 4.5.0 -> 4.6.0
icu4c@78 78.2 -> 78.3
jpeg-turbo 3.1.3 -> 3.1.4
- tailscale 1.96.2 now with easy file transfers "taildrop" https://tailscale.com/changelog
- Xcode 26.4 https://developer.apple.com/documentation/xcode-release-notes/xcode-26_4-release-notes
I haven't touched my desktop yet and probably won't.
Edit 1
I missed the Nextcloud update because I use that weird Nextcloud All-In-One container. nextcloud.com/changelog/
Edit 2
How did I miss the Mastodon upgrade from 4.5.7 to 4.5.8. I may be gone for a moment. https://github.com/mastodon/mastodon/releases
Edit 3
Why do I run a server in the garage?
evcc 0.209.6 -> 0.303.2 https://github.com/evcc-io/evcc/releases
🟠 CVE-2026-27880 - High (7.5)
The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27880/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-30T13:26:29.793000
2 posts
🚨 CRITICAL: CVE-2026-34374 in WWBN AVideo ≤26.0 allows unauthenticated SQL injection via stream key lookup during RTMP authentication. No patch out yet. Restrict access, use WAFs, & monitor logs. Details: https://radar.offseq.com/threat/cve-2026-34374-cwe-89-improper-neutralization-of-s-171f2208 #OffSeq #SQLInjection #WWBN #VideoSecurity
##🔴 CVE-2026-34374 - Critical (9.1)
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `Live_schedule::keyExists()` method constructs a SQL query by interpolating a stream key directly into the query string without parameterization. This method i...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34374/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-30T13:26:29.793000
2 posts
🟠 CVE-2026-27858 - High (7.5)
Attacker can send a specifically crafted message before authentication that causes managesieve to allocate large amount of memory.
Attacker can force managesieve-login to be unavailable by repeatedly crashing the process. Protect access to manag...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27858/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CVE-2026-27858 (HIGH, 7.5): OX Dovecot Pro’s managesieve is at risk of remote DoS via unauthenticated memory exhaustion. Restrict access, monitor logs, and patch ASAP. No public exploits yet, but stay alert. https://radar.offseq.com/threat/cve-2026-27858-uncontrolled-resource-consumption-i-4ea18f33 #OffSeq #Dovecot #EmailSecurity
##updated 2026-03-30T13:26:29.793000
1 posts
🟠 CVE-2026-29871 - High (7.5)
A path traversal vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80a9877fab52acacf7ab8251 (2026-01-19) in the Beifong AI News and Podcast Agent backend in FastAPI backend, stream-audio endpoint, in file routers/podca...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-29871/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-30T13:26:29.793000
1 posts
🟠 CVE-2026-33755 - High (8.8)
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.158, 25.0.92, and 26.0.17, an authenticated SQL Injection vulnerability in the JMAP `Contact/query` endpoint allows any authenticated user wit...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33755/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-30T13:26:29.793000
1 posts
🟠 CVE-2025-15381 - High (8.1)
In the latest version of mlflow/mlflow, when the `basic-auth` app is enabled, tracing and assessment endpoints are not protected by permission validators. This allows any authenticated user, including those with `NO_PERMISSIONS` on the experiment,...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-15381/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-30T13:26:29.793000
1 posts
🟠 CVE-2026-28368 - High (8.7)
A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where header names are parsed differently by Undertow compared to upstream proxies. This discrepancy in header interpretation can be ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28368/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-30T13:26:29.793000
1 posts
🟠 CVE-2026-4960 - High (8.8)
A vulnerability was determined in Tenda AC6 15.03.05.16. Affected is the function fromWizardHandle of the file /goform/WizardHandle of the component POST Request Handler. Executing a manipulation of the argument WANT/WANS can lead to stack-based b...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4960/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-30T13:26:29.793000
2 posts
🟠 CVE-2026-32241 - High (7.5)
Flannel is a network fabric for containers, designed for Kubernetes. The Flannel project includes an experimental Extension backend that allows users to easily prototype new backend types. In versions of Flannel prior to 0.28.2, this Extension bac...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32241/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32241 - High (7.5)
Flannel is a network fabric for containers, designed for Kubernetes. The Flannel project includes an experimental Extension backend that allows users to easily prototype new backend types. In versions of Flannel prior to 0.28.2, this Extension bac...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32241/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-30T13:26:29.793000
1 posts
🟠 CVE-2026-31943 - High (8.5)
LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.3, `isPrivateIP()` in `packages/api/src/auth/domain.ts` fails to detect IPv4-mapped IPv6 addresses in their hex-normalized form, allowing any authenticated user to bypass ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31943/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-30T13:26:29.793000
1 posts
Tenable Research Advisories have listed several vulnerabilities, three of them high-severity.
High: CVE-2026-5027: Langflow - Path Traversal Arbitrary File Write via upload_user_file https://www.tenable.com/security/research/tra-2026-26
High: CVE-2026-5026: Langflow - Stored XSS via Malicious SVG Upload https://www.tenable.com/security/research/tra-2026-25
High: CVE-2026-4984: Botpress - Credential Disclosure via Twilio Webhook Handler https://www.tenable.com/security/research/tra-2026-22
More here: https://www.tenable.com/security/research @tenable #infosec #vulnerability
##updated 2026-03-30T13:26:29.793000
1 posts
⚠️ CRITICAL: CVE-2026-33728 in DataDog dd-trace-java (0.40.0 - <1.60.3) allows unauth RCE via unsafe deserialization if JMX/RMI port is exposed on JDK ≤16. Upgrade to 1.60.3+ & restrict access! https://radar.offseq.com/threat/cve-2026-33728-cwe-502-deserialization-of-untruste-d41c376a #OffSeq #Java #Infosec #CVE202633728
##updated 2026-03-30T13:26:07.647000
2 posts
🔴 CVE-2026-5128 - Critical (10)
A sensitive information exposure vulnerability exists in ArthurFiorette steam-trader 2.1.1. An unauthenticated attacker can send a request to the /users API endpoint to retrieve highly sensitive Steam account data, including the account username,...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5128/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-5128 - Critical (10)
A sensitive information exposure vulnerability exists in ArthurFiorette steam-trader 2.1.1. An unauthenticated attacker can send a request to the /users API endpoint to retrieve highly sensitive Steam account data, including the account username,...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5128/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-30T13:26:07.647000
4 posts
🚨 CVE-2026-4415 (CRITICAL, CVSS 9.2) hits Gigabyte Control Center: unauth’d remote attackers can write files anywhere if pairing is enabled. No patch yet — disable pairing & monitor for anomalies. https://radar.offseq.com/threat/cve-2026-4415-cwe-23-relative-path-traversal-in-gi-d148431b #OffSeq #Vuln #Gigabyte #Infosec
##🟠 CVE-2026-4415 - High (8.1)
Gigabyte Control Center developed by GIGABYTE has an Arbitrary File Write vulnerability. When the pairing feature is enabled, unauthenticated remote attackers can write arbitrary files to any location on the underlying operating system, leading to...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4415/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CVE-2026-4415 (CRITICAL, CVSS 9.2) hits Gigabyte Control Center: unauth’d remote attackers can write files anywhere if pairing is enabled. No patch yet — disable pairing & monitor for anomalies. https://radar.offseq.com/threat/cve-2026-4415-cwe-23-relative-path-traversal-in-gi-d148431b #OffSeq #Vuln #Gigabyte #Infosec
##🟠 CVE-2026-4415 - High (8.1)
Gigabyte Control Center developed by GIGABYTE has an Arbitrary File Write vulnerability. When the pairing feature is enabled, unauthenticated remote attackers can write arbitrary files to any location on the underlying operating system, leading to...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4415/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-30T13:26:07.647000
2 posts
🔴 CVE-2025-15379 - Critical (10)
A command injection vulnerability exists in MLflow's model serving container initialization code, specifically in the `_install_model_dependencies_to_env()` function. When deploying a model with `env_manager=LOCAL`, MLflow reads dependency specifi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-15379/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-15379 - Critical (10)
A command injection vulnerability exists in MLflow's model serving container initialization code, specifically in the `_install_model_dependencies_to_env()` function. When deploying a model with `env_manager=LOCAL`, MLflow reads dependency specifi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-15379/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-30T13:26:07.647000
2 posts
🟠 CVE-2026-3945 - High (7.5)
An integer overflow vulnerability in the HTTP chunked transfer encoding parser in tinyproxy up to and including version 1.11.3 allows an unauthenticated remote attacker to cause a denial of service (DoS). The issue occurs because chunk size values...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3945/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-3945 - High (7.5)
An integer overflow vulnerability in the HTTP chunked transfer encoding parser in tinyproxy up to and including version 1.11.3 allows an unauthenticated remote attacker to cause a denial of service (DoS). The issue occurs because chunk size values...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3945/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-30T13:26:07.647000
4 posts
🟠 CVE-2026-2328 - High (7.5)
An unauthenticated remote attacker can exploit insufficient input validation to access backend components beyond their intended scope via path traversal, resulting in exposure of sensitive information.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2328/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
###OT #Advisory VDE-2026-010
WAGO: Multiple Vulnerabilities in WAGO Solution Builder and WAGO Device Sphere
Multiple vulnerabilities have been identified in WAGO Solution Builder and WAGO Device Sphere that affect components responsible for authentication and system communication.
#CVE CVE-2025-55315, CVE-2026-2328
https://certvde.com/en/advisories/vde-2026-010/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-010.json
##🟠 CVE-2026-2328 - High (7.5)
An unauthenticated remote attacker can exploit insufficient input validation to access backend components beyond their intended scope via path traversal, resulting in exposure of sensitive information.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2328/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
###OT #Advisory VDE-2026-010
WAGO: Multiple Vulnerabilities in WAGO Solution Builder and WAGO Device Sphere
Multiple vulnerabilities have been identified in WAGO Solution Builder and WAGO Device Sphere that affect components responsible for authentication and system communication.
#CVE CVE-2025-55315, CVE-2026-2328
https://certvde.com/en/advisories/vde-2026-010/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-010.json
##updated 2026-03-30T13:26:07.647000
4 posts
⚠️ CVE-2026-5046 (HIGH): Tenda FH1201 v1.2.0.14(408) suffers stack-based buffer overflow via /goform/WrlExtraSet. Public exploit available — restrict remote access, monitor logs, and segment affected devices. https://radar.offseq.com/threat/cve-2026-5046-stack-based-buffer-overflow-in-tenda-7d25f76d #OffSeq #Infosec #RouterSecurity
##🟠 CVE-2026-5046 - High (8.8)
A flaw has been found in Tenda FH1201 1.2.0.14(408). Affected is the function formWrlExtraSet of the file /goform/WrlExtraSet of the component Parameter Handler. Executing a manipulation of the argument GO can lead to stack-based buffer overflow. ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5046/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CVE-2026-5046 (HIGH): Tenda FH1201 v1.2.0.14(408) suffers stack-based buffer overflow via /goform/WrlExtraSet. Public exploit available — restrict remote access, monitor logs, and segment affected devices. https://radar.offseq.com/threat/cve-2026-5046-stack-based-buffer-overflow-in-tenda-7d25f76d #OffSeq #Infosec #RouterSecurity
##🟠 CVE-2026-5046 - High (8.8)
A flaw has been found in Tenda FH1201 1.2.0.14(408). Affected is the function formWrlExtraSet of the file /goform/WrlExtraSet of the component Parameter Handler. Executing a manipulation of the argument GO can lead to stack-based buffer overflow. ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5046/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-30T13:26:07.647000
2 posts
🔴 CVE-2025-15036 - Critical (9.6)
A path traversal vulnerability exists in the `extract_archive_to_dir` function within the `mlflow/pyfunc/dbconnect_artifact_cache.py` file of the mlflow/mlflow repository. This vulnerability, present in versions before v3.7.0, arises due to the la...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-15036/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-15036 - Critical (9.6)
A path traversal vulnerability exists in the `extract_archive_to_dir` function within the `mlflow/pyfunc/dbconnect_artifact_cache.py` file of the mlflow/mlflow repository. This vulnerability, present in versions before v3.7.0, arises due to the la...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-15036/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-30T13:26:07.647000
4 posts
⚠️ CVE-2026-0560: HIGH-severity SSRF in parisneo/lollms (<2.2.0) allows remote attackers to access internal network/cloud endpoints via /api/files/export-content. Patch to 2.2.0+ or block unsafe URLs now! https://radar.offseq.com/threat/cve-2026-0560-cwe-918-server-side-request-forgery--5103940b #OffSeq #SSRF #Vuln #AppSec
##🟠 CVE-2026-0560 - High (7.5)
A Server-Side Request Forgery (SSRF) vulnerability exists in parisneo/lollms versions prior to 2.2.0, specifically in the `/api/files/export-content` endpoint. The `_download_image_to_temp()` function in `backend/routers/files.py` fails to validat...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0560/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CVE-2026-0560: HIGH-severity SSRF in parisneo/lollms (<2.2.0) allows remote attackers to access internal network/cloud endpoints via /api/files/export-content. Patch to 2.2.0+ or block unsafe URLs now! https://radar.offseq.com/threat/cve-2026-0560-cwe-918-server-side-request-forgery--5103940b #OffSeq #SSRF #Vuln #AppSec
##🟠 CVE-2026-0560 - High (7.5)
A Server-Side Request Forgery (SSRF) vulnerability exists in parisneo/lollms versions prior to 2.2.0, specifically in the `/api/files/export-content` endpoint. The `_download_image_to_temp()` function in `backend/routers/files.py` fails to validat...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0560/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-30T13:26:07.647000
4 posts
🚨 HIGH severity: CVE-2026-0558 in parisneo/lollms (≤2.2.0) — /api/files/extract-text allows unauthenticated file uploads, risking DoS & info leaks. Restrict access, enforce auth, and monitor activity. No patch yet. https://radar.offseq.com/threat/cve-2026-0558-cwe-287-improper-authentication-in-p-51fddf90 #OffSeq #Vuln #AppSec
##🟠 CVE-2026-0558 - High (7.5)
A vulnerability in parisneo/lollms, up to and including version 2.2.0, allows unauthenticated users to upload and process files through the `/api/files/extract-text` endpoint. This endpoint does not enforce authentication, unlike other file-relate...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0558/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 HIGH severity: CVE-2026-0558 in parisneo/lollms (≤2.2.0) — /api/files/extract-text allows unauthenticated file uploads, risking DoS & info leaks. Restrict access, enforce auth, and monitor activity. No patch yet. https://radar.offseq.com/threat/cve-2026-0558-cwe-287-improper-authentication-in-p-51fddf90 #OffSeq #Vuln #AppSec
##🟠 CVE-2026-0558 - High (7.5)
A vulnerability in parisneo/lollms, up to and including version 2.2.0, allows unauthenticated users to upload and process files through the `/api/files/extract-text` endpoint. This endpoint does not enforce authentication, unlike other file-relate...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0558/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-30T13:26:07.647000
2 posts
🟠 CVE-2026-5045 - High (8.8)
A vulnerability was detected in Tenda FH1201 1.2.0.14(408). This impacts the function WrlclientSet of the file /goform/WrlclientSet of the component Parameter Handler. Performing a manipulation of the argument GO results in stack-based buffer over...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5045/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-5045 - High (8.8)
A vulnerability was detected in Tenda FH1201 1.2.0.14(408). This impacts the function WrlclientSet of the file /goform/WrlclientSet of the component Parameter Handler. Performing a manipulation of the argument GO results in stack-based buffer over...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5045/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-30T13:26:07.647000
2 posts
🟠 CVE-2026-32915 - High (8.8)
OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability allowing leaf subagents to access the subagents control surface and resolve against parent requester scope instead of their own session tree. A low-privilege sandboxed leaf...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32915/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32915 - High (8.8)
OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability allowing leaf subagents to access the subagents control surface and resolve against parent requester scope instead of their own session tree. A low-privilege sandboxed leaf...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32915/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-30T13:26:07.647000
2 posts
🔴 CVE-2026-32924 - Critical (9.8)
OpenClaw before 2026.3.12 contains an authorization bypass vulnerability where Feishu reaction events with omitted chat_type are misclassified as p2p conversations instead of group chats. Attackers can exploit this misclassification to bypass grou...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32924/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-32924 - Critical (9.8)
OpenClaw before 2026.3.12 contains an authorization bypass vulnerability where Feishu reaction events with omitted chat_type are misclassified as p2p conversations instead of group chats. Attackers can exploit this misclassification to bypass grou...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32924/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-30T13:26:07.647000
2 posts
🟠 CVE-2026-32978 - High (8)
OpenClaw before 2026.3.11 contains an approval integrity vulnerability where system.run approvals fail to bind mutable file operands for certain script runners like tsx and jiti. Attackers can obtain approval for benign script commands, rewrite re...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32978/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32978 - High (8)
OpenClaw before 2026.3.11 contains an approval integrity vulnerability where system.run approvals fail to bind mutable file operands for certain script runners like tsx and jiti. Attackers can obtain approval for benign script commands, rewrite re...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32978/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-30T13:26:07.647000
2 posts
🔴 CVE-2026-32975 - Critical (9.8)
OpenClaw before 2026.3.12 contains a weak authorization vulnerability in Zalouser allowlist mode that matches mutable group display names instead of stable group identifiers. Attackers can create groups with identical names to allowlisted groups t...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32975/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-32975 - Critical (9.8)
OpenClaw before 2026.3.12 contains a weak authorization vulnerability in Zalouser allowlist mode that matches mutable group display names instead of stable group identifiers. Attackers can create groups with identical names to allowlisted groups t...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32975/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-30T13:26:07.647000
4 posts
🟠 CVE-2026-5044 - High (8.8)
A security vulnerability has been detected in Belkin F9K1122 1.00.33. This affects the function formSetSystemSettings of the file /goform/formSetSystemSettings of the component Setting Handler. Such manipulation of the argument webpage leads to st...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5044/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-5044 - High (8.8)
A security vulnerability has been detected in Belkin F9K1122 1.00.33. This affects the function formSetSystemSettings of the file /goform/formSetSystemSettings of the component Setting Handler. Such manipulation of the argument webpage leads to st...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5044/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-5044 - High (8.8)
A security vulnerability has been detected in Belkin F9K1122 1.00.33. This affects the function formSetSystemSettings of the file /goform/formSetSystemSettings of the component Setting Handler. Such manipulation of the argument webpage leads to st...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5044/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-5044 - High (8.8)
A security vulnerability has been detected in Belkin F9K1122 1.00.33. This affects the function formSetSystemSettings of the file /goform/formSetSystemSettings of the component Setting Handler. Such manipulation of the argument webpage leads to st...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5044/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-30T13:26:07.647000
2 posts
🟠 CVE-2026-33572 - High (8.4)
OpenClaw before 2026.2.17 creates session transcript JSONL files with overly broad default permissions, allowing local users to read transcript contents. Attackers with local access can read transcript files to extract sensitive information includ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33572/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33572 - High (8.4)
OpenClaw before 2026.2.17 creates session transcript JSONL files with overly broad default permissions, allowing local users to read transcript contents. Attackers with local access can read transcript files to extract sensitive information includ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33572/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-30T13:26:07.647000
2 posts
⚠️ CVE-2026-5041 (MEDIUM): Command injection in Chamber of Commerce Membership Mgmt System v1.0 via admin/pageMail.php. High privileges needed, public exploit exists. Input validation & patching advised. https://radar.offseq.com/threat/cve-2026-5041-command-injection-in-code-projects-c-82c5a99c #OffSeq #Vuln #CommandInjection #InfoSec
##⚠️ CVE-2026-5041 (MEDIUM): Command injection in Chamber of Commerce Membership Mgmt System v1.0 via admin/pageMail.php. High privileges needed, public exploit exists. Input validation & patching advised. https://radar.offseq.com/threat/cve-2026-5041-command-injection-in-code-projects-c-82c5a99c #OffSeq #Vuln #CommandInjection #InfoSec
##updated 2026-03-30T13:26:07.647000
4 posts
🚨 CVE-2026-5036: HIGH severity stack buffer overflow in Tenda 4G06 (04.06.01.29) enables remote code execution. Exploit code is public — patch or mitigate now. Watch for attacks on /goform/DhcpListClient. https://radar.offseq.com/threat/cve-2026-5036-stack-based-buffer-overflow-in-tenda-210df5d9 #OffSeq #CVE20265036 #RouterSecurity
##🟠 CVE-2026-5036 - High (8.8)
A vulnerability was found in Tenda 4G06 04.06.01.29. This vulnerability affects the function fromDhcpListClient of the file /goform/DhcpListClient of the component Endpoint. Performing a manipulation of the argument page results in stack-based buf...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5036/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CVE-2026-5036: HIGH severity stack buffer overflow in Tenda 4G06 (04.06.01.29) enables remote code execution. Exploit code is public — patch or mitigate now. Watch for attacks on /goform/DhcpListClient. https://radar.offseq.com/threat/cve-2026-5036-stack-based-buffer-overflow-in-tenda-210df5d9 #OffSeq #CVE20265036 #RouterSecurity
##🟠 CVE-2026-5036 - High (8.8)
A vulnerability was found in Tenda 4G06 04.06.01.29. This vulnerability affects the function fromDhcpListClient of the file /goform/DhcpListClient of the component Endpoint. Performing a manipulation of the argument page results in stack-based buf...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5036/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-30T13:26:07.647000
2 posts
🚨 CVE-2026-5033 (MEDIUM): SQL injection in code-projects Accounting System 1.0 (/view_costumer.php, cos_id) is being actively exploited. Remote risk — monitor and patch as soon as fixes arrive. More: https://radar.offseq.com/threat/cve-2026-5033-sql-injection-in-code-projects-accou-9e1a8bbd #OffSeq #SQLInjection #VulnResearch
##🚨 CVE-2026-5033 (MEDIUM): SQL injection in code-projects Accounting System 1.0 (/view_costumer.php, cos_id) is being actively exploited. Remote risk — monitor and patch as soon as fixes arrive. More: https://radar.offseq.com/threat/cve-2026-5033-sql-injection-in-code-projects-accou-9e1a8bbd #OffSeq #SQLInjection #VulnResearch
##updated 2026-03-30T13:26:07.647000
4 posts
🔴 CVE-2026-5024: HIGH-severity stack buffer overflow in D-Link DIR-513 (v1.10). Remote, no auth needed, public exploit released. Replace ASAP or isolate device & restrict access. No patch from vendor. https://radar.offseq.com/threat/cve-2026-5024-stack-based-buffer-overflow-in-d-lin-e70f155a #OffSeq #Vulnerability #RouterSecurity
##🟠 CVE-2026-5024 - High (8.8)
A vulnerability was found in D-Link DIR-513 1.10. This issue affects the function formSetEmail of the file /goform/formSetEmail. Performing a manipulation of the argument curTime results in stack-based buffer overflow. The attack is possible to be...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5024/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-5024: HIGH-severity stack buffer overflow in D-Link DIR-513 (v1.10). Remote, no auth needed, public exploit released. Replace ASAP or isolate device & restrict access. No patch from vendor. https://radar.offseq.com/threat/cve-2026-5024-stack-based-buffer-overflow-in-d-lin-e70f155a #OffSeq #Vulnerability #RouterSecurity
##🟠 CVE-2026-5024 - High (8.8)
A vulnerability was found in D-Link DIR-513 1.10. This issue affects the function formSetEmail of the file /goform/formSetEmail. Performing a manipulation of the argument curTime results in stack-based buffer overflow. The attack is possible to be...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5024/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-30T13:26:07.647000
5 posts
⚠️ CVE-2026-4987 (HIGH): SureForms plugin for WordPress lets attackers bypass payment amount validation by setting form_id to 0 — no auth needed, all versions <=2.5.2 at risk. Patch or mitigate now! https://radar.offseq.com/threat/cve-2026-4987-cwe-20-improper-input-validation-in--6438ea07 #OffSeq #WordPress #Vuln #PaymentSecurity
##🟠 CVE-2026-4987 - High (7.5)
The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and including, 2.5.2. This is due to the create_payment_intent() function performing a paym...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4987/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CVE-2026-4987 (HIGH): SureForms plugin for WordPress lets attackers bypass payment amount validation by setting form_id to 0 — no auth needed, all versions <=2.5.2 at risk. Patch or mitigate now! https://radar.offseq.com/threat/cve-2026-4987-cwe-20-improper-input-validation-in--6438ea07 #OffSeq #WordPress #Vuln #PaymentSecurity
##🟠 CVE-2026-4987 - High (7.5)
The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and including, 2.5.2. This is due to the create_payment_intent() function performing a paym...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4987/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##CVE-2026-4987 (HIGH): SureForms for WordPress lets unauthenticated attackers bypass payment validation via form_id=0. All versions vulnerable — financial loss risk. Patch when available or apply server-side validation. https://radar.offseq.com/threat/cve-2026-4987-cwe-20-improper-input-validation-in--6438ea07 #OffSeq #WordPress #Vuln
##updated 2026-03-30T13:26:07.647000
5 posts
🚨 CVE-2026-33976 (CRITICAL, CVSS 9.7): Notesnook Web/Desktop <3.3.11 vulnerable to stored XSS → RCE via Web Clipper. Patch ASAP & review Electron settings. Details: https://radar.offseq.com/threat/cve-2026-33976-cwe-79-improper-neutralization-of-i-cedece5d #OffSeq #Cybersecurity #Infosec #Vulnerability
##🚨 CVE-2026-33976 (CRITICAL, CVSS 9.7): Notesnook Web/Desktop <3.3.11 vulnerable to stored XSS → RCE via Web Clipper. Patch ASAP & review Electron settings. Details: https://radar.offseq.com/threat/cve-2026-33976-cwe-79-improper-neutralization-of-i-cedece5d #OffSeq #Cybersecurity #Infosec #Vulnerability
##🔴 CVE-2026-33976 - Critical (9.6)
Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop and 3.3.17 on Android/iOS, a stored XSS in the Web Clipper rendering flow can be escalated to remote code execution in the desktop app. The root cause is that the clipper prese...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33976/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-33976 - Critical (9.6)
Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop and 3.3.17 on Android/iOS, a stored XSS in the Web Clipper rendering flow can be escalated to remote code execution in the desktop app. The root cause is that the clipper prese...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33976/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨CRITICAL: CVE-2026-33976 in Notesnook Web/Desktop <3.3.11 — stored XSS in Web Clipper leads to RCE via Electron misconfig. Patch ASAP & review Electron security settings. More: https://radar.offseq.com/threat/cve-2026-33976-cwe-79-improper-neutralization-of-i-cedece5d #OffSeq #XSS #CyberSecurity #RCE
##updated 2026-03-30T13:26:07.647000
3 posts
🚨 CVE-2026-33875 (CRITICAL, CVSS 9.3): gematik app-Authenticator <4.16.0 is vulnerable to authentication hijack via malicious deep links. No workarounds — update to 4.16.0+ urgently! https://radar.offseq.com/threat/cve-2026-33875-cwe-940-improper-verification-of-so-189b5f61 #OffSeq #CVE202633875 #HealthIT #VulnAlert
##🔴 CVE-2026-33875 - Critical (9.3)
Gematik Authenticator securely authenticates users for login to digital health applications. Versions prior to 4.16.0 are vulnerable to authentication flow hijacking, potentially allowing attackers to authenticate with the identities of victim use...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33875/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-33875 - Critical (9.3)
Gematik Authenticator securely authenticates users for login to digital health applications. Versions prior to 4.16.0 are vulnerable to authentication flow hijacking, potentially allowing attackers to authenticate with the identities of victim use...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33875/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-30T13:26:07.647000
1 posts
🟠 CVE-2026-33939 - High (7.5)
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, when a Handlebars template contains decorator syntax referencing an unregistered decorator (e.g. `{{*n}}`), the compiled template calls...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33939/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-30T13:26:07.647000
1 posts
🟠 CVE-2026-33943 - High (8.8)
Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. In versions 15.10.0 through 20.8.7, a code injection vulnerability in `ECMAScriptModuleCompiler` allows an attacker to achieve Remote Code Execution (R...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33943/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-30T13:26:07.647000
2 posts
🟠 CVE-2026-33989 - High (8.1)
Mobile Next is an MCP server for mobile development and automation. Prior to version 0.0.49, the `@mobilenext/mobile-mcp` server contains a Path Traversal vulnerability in the `mobile_save_screenshot` and `mobile_start_screen_recording` tools. The...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33989/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33989 - High (8.1)
Mobile Next is an MCP server for mobile development and automation. Prior to version 0.0.49, the `@mobilenext/mobile-mcp` server contains a Path Traversal vulnerability in the `mobile_save_screenshot` and `mobile_start_screen_recording` tools. The...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33989/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-30T13:26:07.647000
1 posts
🟠 CVE-2026-33980 - High (8.3)
Azure Data Explorer MCP Server is a Model Context Protocol (MCP) server that enables AI assistants to execute KQL queries and explore Azure Data Explorer (ADX/Kusto) databases through standardized interfaces. Versions up to and including 0.1.1 con...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33980/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-30T13:26:07.647000
1 posts
🟠 CVE-2026-33955 - High (8.6)
Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop, a cross-site scripting vulnerability stored in the note history comparison viewer can escalate to remote code execution in a desktop application. The issue is triggered when a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33955/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-30T13:26:07.647000
2 posts
🟠 CVE-2026-33895 - High (7.5)
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, Ed25519 signature verification accepts forged non-canonical signatures where the scalar S is not reduced modulo the grou...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33895/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33895 - High (7.5)
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, Ed25519 signature verification accepts forged non-canonical signatures where the scalar S is not reduced modulo the grou...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33895/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-30T13:26:07.647000
1 posts
🟠 CVE-2026-4976 - High (8.8)
A vulnerability was found in Totolink LR350 9.3.5u.6369_B20220309. This vulnerability affects the function setWiFiGuestCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid results in buffer overflow. The attack can be launch...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4976/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-30T13:26:07.647000
1 posts
🟠 CVE-2026-4974 - High (8.8)
A flaw has been found in Tenda AC7 15.03.06.44. Affected by this issue is the function fromSetSysTime of the file /goform/SetSysTimeCfg of the component POST Request Handler. Executing a manipulation of the argument Time can lead to stack-based bu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4974/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-30T09:31:38
2 posts
🟠 CVE-2026-4416 - High (7.8)
The Performance Library component of Gigabyte Control Center has an Insecure Deserialization vulnerability. Authenticated local attackers can send a malicious serialized payload to the EasyTune Engine service, resulting in privilege escalation.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4416/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4416 - High (7.8)
The Performance Library component of Gigabyte Control Center has an Insecure Deserialization vulnerability. Authenticated local attackers can send a malicious serialized payload to the EasyTune Engine service, resulting in privilege escalation.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4416/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-30T06:31:31
2 posts
⚠️ CVE-2026-4176 (HIGH): Perl Compress::Raw::Zlib uses a vulnerable zlib, risking memory corruption or code execution. Affects 5.9.4 – 5.43.0. Update to Compress::Raw::Zlib 2.221+ ASAP! https://radar.offseq.com/threat/cve-2026-4176-cwe-1395-dependency-on-vulnerable-th-556b643e #OffSeq #Perl #Vuln #SysAdmin
##⚠️ CVE-2026-4176 (HIGH): Perl Compress::Raw::Zlib uses a vulnerable zlib, risking memory corruption or code execution. Affects 5.9.4 – 5.43.0. Update to Compress::Raw::Zlib 2.221+ ASAP! https://radar.offseq.com/threat/cve-2026-4176-cwe-1395-dependency-on-vulnerable-th-556b643e #OffSeq #Perl #Vuln #SysAdmin
##updated 2026-03-30T03:30:24
4 posts
🛑 CVE-2026-3124: HIGH-severity IDOR in wpchill Download Monitor (all versions) lets unauth attackers finalize orders by reusing PayPal tokens — digital goods can be stolen. Patch or apply strict validation ASAP! https://radar.offseq.com/threat/cve-2026-3124-cwe-639-authorization-bypass-through-6397300c #OffSeq #WordPress #Vulnerability #IDOR
##🟠 CVE-2026-3124 - High (7.5)
The Download Monitor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.7 via the executePayment() function due to missing validation on a user controlled key. This makes it possible fo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3124/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🛑 CVE-2026-3124: HIGH-severity IDOR in wpchill Download Monitor (all versions) lets unauth attackers finalize orders by reusing PayPal tokens — digital goods can be stolen. Patch or apply strict validation ASAP! https://radar.offseq.com/threat/cve-2026-3124-cwe-639-authorization-bypass-through-6397300c #OffSeq #WordPress #Vulnerability #IDOR
##🟠 CVE-2026-3124 - High (7.5)
The Download Monitor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.7 via the executePayment() function due to missing validation on a user controlled key. This makes it possible fo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3124/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-30T00:31:18
2 posts
🟠 CVE-2026-2370 - High (8.1)
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.3 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 affecting Jira Connect installations that could have allowed an authenticated user with minimal workspace p...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2370/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2370 - High (8.1)
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.3 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 affecting Jira Connect installations that could have allowed an authenticated user with minimal workspace p...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2370/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-29T21:41:48
2 posts
🟠 CVE-2026-33894 - High (7.5)
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, RSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low public exponent keys (e=3). Attackers can fo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33894/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33894 - High (7.5)
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, RSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low public exponent keys (e=3). Attackers can fo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33894/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-29T21:30:32
4 posts
🛑 CVE-2026-4946: HIGH severity OS command injection in Ghidra <12.0.3. Crafted binaries can trigger arbitrary code via clickable @Execute annotations in the UI. Upgrade now & analyze unknown files in sandboxes. https://radar.offseq.com/threat/cve-2026-4946-cwe-78-improper-neutralization-of-sp-c53cae64 #OffSeq #Ghidra #BlueTeam
##🟠 CVE-2026-4946 - High (8.8)
Ghidra versions prior to 12.0.3 improperly process annotation directives embedded in automatically extracted binary data, resulting in arbitrary command execution when an analyst interacts with the UI. Specifically, the @execute annotation (which ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4946/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🛑 CVE-2026-4946: HIGH severity OS command injection in Ghidra <12.0.3. Crafted binaries can trigger arbitrary code via clickable @Execute annotations in the UI. Upgrade now & analyze unknown files in sandboxes. https://radar.offseq.com/threat/cve-2026-4946-cwe-78-improper-neutralization-of-sp-c53cae64 #OffSeq #Ghidra #BlueTeam
##🟠 CVE-2026-4946 - High (8.8)
Ghidra versions prior to 12.0.3 improperly process annotation directives embedded in automatically extracted binary data, resulting in arbitrary command execution when an analyst interacts with the UI. Specifically, the @execute annotation (which ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4946/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-29T18:30:30
4 posts
1 repos
🔎 CVE-2026-34005 (HIGH): Xiongmai DVR/NVR (v4.03.R11) root OS command injection via DVRIP (port 34567). Authenticated attackers can fully compromise devices. Restrict access, monitor, and segment ASAP. https://radar.offseq.com/threat/cve-2026-34005-cwe-78-improper-neutralization-of-s-b117df4c #OffSeq #Xiongmai #Infosec #Vuln
##🟠 CVE-2026-34005 - High (8.8)
In Sofia on Xiongmai DVR/NVR (AHB7008T-MH-V2 and NBD7024H-P) 4.03.R11 devices, root OS command injection can occur via shell metacharacters in the HostName value via an authenticated DVRIP protocol (TCP port 34567) request to the NetWork.NetCommon...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34005/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔎 CVE-2026-34005 (HIGH): Xiongmai DVR/NVR (v4.03.R11) root OS command injection via DVRIP (port 34567). Authenticated attackers can fully compromise devices. Restrict access, monitor, and segment ASAP. https://radar.offseq.com/threat/cve-2026-34005-cwe-78-improper-neutralization-of-s-b117df4c #OffSeq #Xiongmai #Infosec #Vuln
##🟠 CVE-2026-34005 - High (8.8)
In Sofia on Xiongmai DVR/NVR (AHB7008T-MH-V2 and NBD7024H-P) 4.03.R11 devices, root OS command injection can occur via shell metacharacters in the HostName value via an authenticated DVRIP protocol (TCP port 34567) request to the NetWork.NetCommon...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34005/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-29T18:30:30
4 posts
🚨 CVE-2026-0562 (HIGH, CVSS 8.3) in parisneo/lollms ≤2.2.0: Authenticated users can accept/reject others' friend requests via IDOR in /api/friends/requests/{friendship_id}. Upgrade to 2.2.0+ and audit API auth now! https://radar.offseq.com/threat/cve-2026-0562-cwe-863-incorrect-authorization-in-p-77e45474 #OffSeq #CVE20260562 #IDOR #AppSec
##🟠 CVE-2026-0562 - High (8.3)
A critical security vulnerability in parisneo/lollms versions up to 2.2.0 allows any authenticated user to accept or reject friend requests belonging to other users. The `respond_request()` function in `backend/routers/friends.py` does not impleme...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0562/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CVE-2026-0562 (HIGH, CVSS 8.3) in parisneo/lollms ≤2.2.0: Authenticated users can accept/reject others' friend requests via IDOR in /api/friends/requests/{friendship_id}. Upgrade to 2.2.0+ and audit API auth now! https://radar.offseq.com/threat/cve-2026-0562-cwe-863-incorrect-authorization-in-p-77e45474 #OffSeq #CVE20260562 #IDOR #AppSec
##🟠 CVE-2026-0562 - High (8.3)
A critical security vulnerability in parisneo/lollms versions up to 2.2.0 allows any authenticated user to accept or reject friend requests belonging to other users. The `respond_request()` function in `backend/routers/friends.py` does not impleme...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0562/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-29T15:36:29
2 posts
🟠 CVE-2026-22744 - High (7.5)
In RedisFilterExpressionConverter of spring-ai-redis-store, when a user-controlled string is passed as a filter value for a TAG field, stringValue() inserts the value directly into the @field:{VALUE} RediSearch TAG block without escaping ch...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22744/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-22744 - High (7.5)
In RedisFilterExpressionConverter of spring-ai-redis-store, when a user-controlled string is passed as a filter value for a TAG field, stringValue() inserts the value directly into the @field:{VALUE} RediSearch TAG block without escaping ch...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22744/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-29T15:33:26
2 posts
🟠 CVE-2026-22742 - High (8.6)
Spring AI's spring-ai-bedrock-converse contains a Server-Side Request Forgery (SSRF) vulnerability in BedrockProxyChatModel when processing multimodal messages that include user-supplied media URLs. Insufficient validation of those URLs allows ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22742/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-22742 - High (8.6)
Spring AI's spring-ai-bedrock-converse contains a Server-Side Request Forgery (SSRF) vulnerability in BedrockProxyChatModel when processing multimodal messages that include user-supplied media URLs. Insufficient validation of those URLs allows ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22742/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-29T15:31:54
3 posts
🔴 CVE-2026-22738 - Critical (9.8)
In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A malicious actor could exploit this to execute arbitrary code. Only applications that use SimpleVectorStor...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22738/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-22738 - Critical (9.8)
In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A malicious actor could exploit this to execute arbitrary code. Only applications that use SimpleVectorStor...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22738/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CRITICAL: CVE-2026-22738 in Spring AI SimpleVectorStore allows unauth RCE via SpEL injection (1.0.0 – 1.0.4, 1.1.0 – 1.1.3). Patch to 1.0.5/1.1.4 when released. Validate input now! https://radar.offseq.com/threat/cve-2026-22738-vulnerability-in-spring-spring-ai-473dec2d #OffSeq #SpringAI #infosec #CVE202622738
##updated 2026-03-29T15:30:29
4 posts
🟠 CVE-2026-33573 - High (8.8)
OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in the gateway agent RPC that allows authenticated operators with operator.write permission to override workspace boundaries by supplying attacker-controlled spawnedBy and wo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33573/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33573 - High (8.8)
OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in the gateway agent RPC that allows authenticated operators with operator.write permission to override workspace boundaries by supplying attacker-controlled spawnedBy and wo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33573/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33573 - High (8.8)
OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in the gateway agent RPC that allows authenticated operators with operator.write permission to override workspace boundaries by supplying attacker-controlled spawnedBy and wo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33573/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33573 - High (8.8)
OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in the gateway agent RPC that allows authenticated operators with operator.write permission to override workspace boundaries by supplying attacker-controlled spawnedBy and wo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33573/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-29T15:30:29
4 posts
🟠 CVE-2026-32980 - High (7.5)
OpenClaw before 2026.3.13 reads and buffers Telegram webhook request bodies before validating the x-telegram-bot-api-secret-token header, allowing unauthenticated attackers to exhaust server resources. Attackers can send POST requests to the webho...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32980/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32980 - High (7.5)
OpenClaw before 2026.3.13 reads and buffers Telegram webhook request bodies before validating the x-telegram-bot-api-secret-token header, allowing unauthenticated attackers to exhaust server resources. Attackers can send POST requests to the webho...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32980/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32980 - High (7.5)
OpenClaw before 2026.3.13 reads and buffers Telegram webhook request bodies before validating the x-telegram-bot-api-secret-token header, allowing unauthenticated attackers to exhaust server resources. Attackers can send POST requests to the webho...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32980/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32980 - High (7.5)
OpenClaw before 2026.3.13 reads and buffers Telegram webhook request bodies before validating the x-telegram-bot-api-secret-token header, allowing unauthenticated attackers to exhaust server resources. Attackers can send POST requests to the webho...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32980/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-29T15:30:29
4 posts
🟠 CVE-2026-33575 - High (7.5)
OpenClaw before 2026.3.12 embeds long-lived shared gateway credentials directly in pairing setup codes generated by /pair endpoint and OpenClaw qr command. Attackers with access to leaked setup codes from chat history, logs, or screenshots can rec...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33575/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33575 - High (7.5)
OpenClaw before 2026.3.12 embeds long-lived shared gateway credentials directly in pairing setup codes generated by /pair endpoint and OpenClaw qr command. Attackers with access to leaked setup codes from chat history, logs, or screenshots can rec...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33575/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33575 - High (7.5)
OpenClaw before 2026.3.12 embeds long-lived shared gateway credentials directly in pairing setup codes generated by /pair endpoint and OpenClaw qr command. Attackers with access to leaked setup codes from chat history, logs, or screenshots can rec...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33575/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33575 - High (7.5)
OpenClaw before 2026.3.12 embeds long-lived shared gateway credentials directly in pairing setup codes generated by /pair endpoint and OpenClaw qr command. Attackers with access to leaked setup codes from chat history, logs, or screenshots can rec...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33575/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-29T15:30:29
2 posts
🔴 CVE-2026-32987 - Critical (9.8)
OpenClaw before 2026.3.13 allows bootstrap setup codes to be replayed during device pairing verification in src/infra/device-bootstrap.ts. Attackers can verify a valid bootstrap code multiple times before approval to escalate pending pairing scope...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32987/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-32987 - Critical (9.8)
OpenClaw before 2026.3.13 allows bootstrap setup codes to be replayed during device pairing verification in src/infra/device-bootstrap.ts. Attackers can verify a valid bootstrap code multiple times before approval to escalate pending pairing scope...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32987/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-29T15:30:28
4 posts
🔴 CVE-2026-32922 - Critical (9.9)
OpenClaw before 2026.3.11 contains a privilege escalation vulnerability in device.token.rotate that allows callers with operator.pairing scope to mint tokens with broader scopes by failing to constrain newly minted scopes to the caller's current s...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32922/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-32922 - Critical (9.9)
OpenClaw before 2026.3.11 contains a privilege escalation vulnerability in device.token.rotate that allows callers with operator.pairing scope to mint tokens with broader scopes by failing to constrain newly minted scopes to the caller's current s...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32922/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-32922 - Critical (9.9)
OpenClaw before 2026.3.11 contains a privilege escalation vulnerability in device.token.rotate that allows callers with operator.pairing scope to mint tokens with broader scopes by failing to constrain newly minted scopes to the caller's current s...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32922/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-32922 - Critical (9.9)
OpenClaw before 2026.3.11 contains a privilege escalation vulnerability in device.token.rotate that allows callers with operator.pairing scope to mint tokens with broader scopes by failing to constrain newly minted scopes to the caller's current s...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32922/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-29T15:30:28
6 posts
🟠 CVE-2026-32974 - High (8.6)
OpenClaw before 2026.3.12 contains an authentication bypass vulnerability in Feishu webhook mode when only verificationToken is configured without encryptKey, allowing acceptance of forged events. Unauthenticated network attackers can inject forge...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32974/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32974 - High (8.6)
OpenClaw before 2026.3.12 contains an authentication bypass vulnerability in Feishu webhook mode when only verificationToken is configured without encryptKey, allowing acceptance of forged events. Unauthenticated network attackers can inject forge...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32974/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32974 - High (8.6)
OpenClaw before 2026.3.12 contains an authentication bypass vulnerability in Feishu webhook mode when only verificationToken is configured without encryptKey, allowing acceptance of forged events. Unauthenticated network attackers can inject forge...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32974/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32974 - High (8.6)
OpenClaw before 2026.3.12 contains an authentication bypass vulnerability in Feishu webhook mode when only verificationToken is configured without encryptKey, allowing acceptance of forged events. Unauthenticated network attackers can inject forge...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32974/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32974 - High (8.6)
OpenClaw before 2026.3.12 contains an authentication bypass vulnerability in Feishu webhook mode when only verificationToken is configured without encryptKey, allowing acceptance of forged events. Unauthenticated network attackers can inject forge...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32974/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32974 - High (8.6)
OpenClaw before 2026.3.12 contains an authentication bypass vulnerability in Feishu webhook mode when only verificationToken is configured without encryptKey, allowing acceptance of forged events. Unauthenticated network attackers can inject forge...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32974/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-29T15:30:28
6 posts
🔴 CVE-2026-32973 - Critical (9.8)
OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability where matchesExecAllowlistPattern improperly normalizes patterns with lowercasing and glob matching that overmatches on POSIX paths. Attackers can exploit the ? wildcard mat...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32973/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-32973 - Critical (9.8)
OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability where matchesExecAllowlistPattern improperly normalizes patterns with lowercasing and glob matching that overmatches on POSIX paths. Attackers can exploit the ? wildcard mat...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32973/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-32973 - Critical (9.8)
OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability where matchesExecAllowlistPattern improperly normalizes patterns with lowercasing and glob matching that overmatches on POSIX paths. Attackers can exploit the ? wildcard mat...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32973/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-32973 - Critical (9.8)
OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability where matchesExecAllowlistPattern improperly normalizes patterns with lowercasing and glob matching that overmatches on POSIX paths. Attackers can exploit the ? wildcard mat...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32973/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-32973 - Critical (9.8)
OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability where matchesExecAllowlistPattern improperly normalizes patterns with lowercasing and glob matching that overmatches on POSIX paths. Attackers can exploit the ? wildcard mat...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32973/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-32973 - Critical (9.8)
OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability where matchesExecAllowlistPattern improperly normalizes patterns with lowercasing and glob matching that overmatches on POSIX paths. Attackers can exploit the ? wildcard mat...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32973/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-29T15:30:28
2 posts
🟠 CVE-2026-32914 - High (8.8)
OpenClaw before 2026.3.12 contains an insufficient access control vulnerability in the /config and /debug command handlers that allows command-authorized non-owners to access owner-only surfaces. Attackers with command authorization can read or mo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32914/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32914 - High (8.8)
OpenClaw before 2026.3.12 contains an insufficient access control vulnerability in the /config and /debug command handlers that allows command-authorized non-owners to access owner-only surfaces. Attackers with command authorization can read or mo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32914/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-29T15:30:28
2 posts
🟠 CVE-2026-32918 - High (8.4)
OpenClaw before 2026.3.11 contains a session sandbox escape vulnerability in the session_status tool that allows sandboxed subagents to access parent or sibling session state. Attackers can supply arbitrary sessionKey values to read or modify sess...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32918/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32918 - High (8.4)
OpenClaw before 2026.3.11 contains a session sandbox escape vulnerability in the session_status tool that allows sandboxed subagents to access parent or sibling session state. Attackers can supply arbitrary sessionKey values to read or modify sess...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32918/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-29T15:23:57
1 posts
🟠 CVE-2026-34226 - High (7.5)
Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Versions prior to 20.8.9 may attach cookies from the current page origin (`window.location`) instead of the request target URL when `fetch(..., { crede...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34226/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-29T12:31:25
2 posts
🟠 CVE-2026-5043 - High (8.8)
A weakness has been identified in Belkin F9K1122 1.00.33. The impacted element is the function formSetPassword of the file /goform/formSetPassword of the component Parameter Handler. This manipulation of the argument webpage causes stack-based buf...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5043/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-5043 - High (8.8)
A weakness has been identified in Belkin F9K1122 1.00.33. The impacted element is the function formSetPassword of the file /goform/formSetPassword of the component Parameter Handler. This manipulation of the argument webpage causes stack-based buf...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5043/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-29T12:31:25
2 posts
🟠 CVE-2026-5042 - High (8.8)
A security flaw has been discovered in Belkin F9K1122 1.00.33. The affected element is the function formCrossBandSwitch of the file /goform/formCrossBandSwitch of the component Parameter Handler. The manipulation of the argument webpage results in...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5042/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-5042 - High (8.8)
A security flaw has been discovered in Belkin F9K1122 1.00.33. The affected element is the function formCrossBandSwitch of the file /goform/formCrossBandSwitch of the component Parameter Handler. The manipulation of the argument webpage results in...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5042/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-29T09:30:17
2 posts
⚠️ MEDIUM severity SQL Injection (CVE-2026-5035) found in code-projects Accounting System 1.0 (/view_work.php, Parameter Handler). Public exploit available — review your systems and restrict access if possible. https://radar.offseq.com/threat/cve-2026-5035-sql-injection-in-code-projects-accou-b844fbad #OffSeq #SQLInjection #Vuln
##⚠️ MEDIUM severity SQL Injection (CVE-2026-5035) found in code-projects Accounting System 1.0 (/view_work.php, Parameter Handler). Public exploit available — review your systems and restrict access if possible. https://radar.offseq.com/threat/cve-2026-5035-sql-injection-in-code-projects-accou-b844fbad #OffSeq #SQLInjection #Vuln
##updated 2026-03-29T03:30:24
4 posts
🔎 HIGH: CVE-2026-5021 in Tenda F453 v1.0.0.3 enables remote stack buffer overflow via /goform/PPTPUserSetting — no auth needed! PoC is public; patch/mitigate now to block total device compromise. https://radar.offseq.com/threat/cve-2026-5021-stack-based-buffer-overflow-in-tenda-f1fb8811 #OffSeq #CVE20265021 #Infosec #Router
##🟠 CVE-2026-5021 - High (8.8)
A flaw has been found in Tenda F453 1.0.0.3. This affects the function fromPPTPUserSetting of the file /goform/PPTPUserSetting of the component httpd. This manipulation of the argument delno causes stack-based buffer overflow. Remote exploitation ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5021/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔎 HIGH: CVE-2026-5021 in Tenda F453 v1.0.0.3 enables remote stack buffer overflow via /goform/PPTPUserSetting — no auth needed! PoC is public; patch/mitigate now to block total device compromise. https://radar.offseq.com/threat/cve-2026-5021-stack-based-buffer-overflow-in-tenda-f1fb8811 #OffSeq #CVE20265021 #Infosec #Router
##🟠 CVE-2026-5021 - High (8.8)
A flaw has been found in Tenda F453 1.0.0.3. This affects the function fromPPTPUserSetting of the file /goform/PPTPUserSetting of the component httpd. This manipulation of the argument delno causes stack-based buffer overflow. Remote exploitation ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5021/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-29T03:30:17
4 posts
CRITICAL: CVE-2026-4851 affects CASIANO GRID::Machine
... which is abandonware last updated in 2011.
##⚠️ CRITICAL: CVE-2026-4851 affects CASIANO GRID::Machine (≤0.127). Malicious remote hosts can trigger client-side RCE via unsafe eval() deserialization. Only connect to trusted hosts & review code paths. Details: https://radar.offseq.com/threat/cve-2026-4851-cwe-502-deserialization-of-untrusted-4ee6eb90 #OffSeq #CVE20264851 #Perl #Security
##CRITICAL: CVE-2026-4851 affects CASIANO GRID::Machine
... which is abandonware last updated in 2011.
##⚠️ CRITICAL: CVE-2026-4851 affects CASIANO GRID::Machine (≤0.127). Malicious remote hosts can trigger client-side RCE via unsafe eval() deserialization. Only connect to trusted hosts & review code paths. Details: https://radar.offseq.com/threat/cve-2026-4851-cwe-502-deserialization-of-untrusted-4ee6eb90 #OffSeq #CVE20264851 #Perl #Security
##updated 2026-03-29T00:31:05
2 posts
⚠️ CVE-2026-5019: SQL injection in code-projects Simple Food Order System 1.0 (all-orders.php, Status param). MEDIUM severity, public exploit available — remote attackers at risk. Monitor and restrict exposure. https://radar.offseq.com/threat/cve-2026-5019-sql-injection-in-code-projects-simpl-bb8230db #OffSeq #SQLi #Vuln
##⚠️ CVE-2026-5019: SQL injection in code-projects Simple Food Order System 1.0 (all-orders.php, Status param). MEDIUM severity, public exploit available — remote attackers at risk. Monitor and restrict exposure. https://radar.offseq.com/threat/cve-2026-5019-sql-injection-in-code-projects-simpl-bb8230db #OffSeq #SQLi #Vuln
##updated 2026-03-28T18:30:20
4 posts
🚨 HIGH severity buffer overflow in Wavlink WL-WN579X3-C (231124): Remote attackers can exploit UPnP Handler to run code. No patch from vendor. Disable UPnP & block remote access immediately. CVE-2026-5004 https://radar.offseq.com/threat/cve-2026-5004-stack-based-buffer-overflow-in-wavli-7ae39014 #OffSeq #Infosec #RouterSecurity #CVE20265004
##🟠 CVE-2026-5004 - High (8.8)
A vulnerability was determined in Wavlink WL-WN579X3-C 231124. This impacts the function sub_4019FC of the file /cgi-bin/firewall.cgi of the component UPNP Handler. Executing a manipulation of the argument UpnpEnabled can lead to stack-based buffe...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5004/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 HIGH severity buffer overflow in Wavlink WL-WN579X3-C (231124): Remote attackers can exploit UPnP Handler to run code. No patch from vendor. Disable UPnP & block remote access immediately. CVE-2026-5004 https://radar.offseq.com/threat/cve-2026-5004-stack-based-buffer-overflow-in-wavli-7ae39014 #OffSeq #Infosec #RouterSecurity #CVE20265004
##🟠 CVE-2026-5004 - High (8.8)
A vulnerability was determined in Wavlink WL-WN579X3-C 231124. This impacts the function sub_4019FC of the file /cgi-bin/firewall.cgi of the component UPNP Handler. Executing a manipulation of the argument UpnpEnabled can lead to stack-based buffe...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5004/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-28T12:30:36
1 posts
🔴 New security advisory:
CVE-2017-20225 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2017-20225-tiemu-stack-buffer-overflow
updated 2026-03-28T12:30:36
1 posts
🔴 New security advisory:
CVE-2017-20227 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2017-20227-jad-java-decompiler-buffer-overflow-update-now
updated 2026-03-28T00:31:24
2 posts
🔥 HIGH severity: CVE-2026-4248 in Ultimate Member plugin (≤2.11.2) lets Contributor users trigger admin password resets via malicious post preview — risking full site takeover. Restrict access & monitor now! https://radar.offseq.com/threat/cve-2026-4248-cwe-285-improper-authorization-in-ul-0446e863 #OffSeq #WordPress #CVE20264248 #Vuln
##🟠 CVE-2026-4248 - High (8)
The Ultimate Member plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11.2. This is due to the '{usermeta:password_reset_link}' template tag being processed within post content via the '[u...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4248/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-28T00:31:19
1 posts
🟠 CVE-2026-27309 - High (7.8)
Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27309/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-27T22:00:02.283000
12 posts
📢 Exploitation active de CVE-2025-53521 : F5 BIG-IP APM reclassifié en RCE critique
📝 ## 🔍 Contexte
Source : BleepingComputer, publié le 30 mars 2026.
📖 cyberveille : https://cyberveille.ch/posts/2026-03-30-exploitation-active-de-cve-2025-53521-f5-big-ip-apm-reclassifie-en-rce-critique/
🌐 source : https://www.bleepingcomputer.com/news/security/hackers-now-exploit-critical-f5-big-ip-flaw-in-attacks-patch-now/
#CISA_KEV #CVE_2025_53521 #Cyberveille
@offseq There has literally been a CVE and patch for this since October - https://www.runzero.com/blog/f5-bigip-instances/#latest-f5-big-ip-vulnerability-cve-2025-53521
##Critical alert: Attackers are actively exploiting a remote code execution vulnerability in BIG-IP APM systems (CVE-2025-53521). Financial services, government, and public sector organizations are targeted. Understand the threat landscape and essential defensive measures.
##March 28, 2026
European Commission confirms breach of cloud infrastructure. The European Commission disclosed on March 27 that attackers compromised its AWS account hosting the Europa.eu web platform, potentially exfiltrating over 350 GB of data including databases. The Commission stated its internal systems were not affected and that it detected and contained the intrusion on March 24. An investigation is underway to determine the full scope of the breach and affected Union entities are being notified.
FDD analysis warns Iranian cyber operations exploit weakened U.S. defenses. A March 27 report from the Foundation for Defense of Democracies highlights that CISA is operating at roughly 60 percent furlough even as Iranian threat actors escalate attacks on U.S. critical infrastructure. The analysis cites two healthcare-sector incidents in two weeks: a late-February ransomware attack on an unnamed U.S. healthcare provider and the March 11 Handala wiper attack on medical device firm Stryker, which disrupted emergency medical services and hospitals in Maryland.
CISA adds critical F5 BIG-IP vulnerability to exploited catalog. CISA flagged a critical flaw in F5 BIG-IP Access Policy Manager (CVE-2025-53521, CVSS 9.3) as actively exploited, reclassifying it from denial-of-service to remote code execution after new intelligence obtained in March 2026. Separately, a critical Citrix NetScaler vulnerability (CVE-2026-3055, CVSS 9.3) is seeing active reconnaissance activity in the wild.
Handala reconstitutes after FBI domain seizure. On March 20, the DOJ and FBI seized four domains tied to Iran-linked Handala Hack Team, which had been used for psychological operations, extortion messaging, and doxxing. Within approximately one day, Handala restored its online presence and resumed publishing. The group remains one of several Iranian state-aligned collectives operating under the Electronic Operations Room established on February 28, 2026.
DNI Gabbard's 2026 Annual Threat Assessment omits foreign election interference. The ODNI released its 2026 Annual Threat Assessment on March 18. Notably, the report omits a section on foreign election interference that had been a consistent feature in prior years. The assessment identifies China, Russia, Iran, and North Korea as persistent cyber and intelligence threats to U.S. government and private-sector networks, and flags AI and quantum computing as critical emerging technology challenges.
Kremlin-aligned Matryoshka network targeted 2026 Winter Olympics. A Russian-linked influence network seeded at least 28 fabricated reports during the 2026 Winter Olympics, impersonating outlets such as CBC and Reuters. AI-enhanced clips falsely portrayed Ukrainian athletes as criminals and cheaters, continuing Moscow's pattern of weaponizing sporting events for narrative advantage.
Iran deploys AI-generated imagery in wartime messaging. Iranian state-affiliated channels have circulated AI-generated imagery to amplify wartime narratives, including a fabricated image of a bloody children's backpack posted by the Iranian embassy in Austria, falsely linked to a strike on a girls' school in Minab.
UK espionage trial underway at Old Bailey. Chung Biu "Bill" Yuen and Chi Leung "Peter" Wai are currently on trial in London under the National Security Act 2023, charged with assisting a foreign intelligence service and foreign interference. The trial commenced in early March and is expected to conclude in April.
Three men arrested in UK on suspicion of spying for China. London Metropolitan Police counter-terrorism officers arrested three men on March 4 under the National Security Act 2023. Among those detained was David Taylor, 39, husband of Labour MP Joani Reid and director at Asia House, a London-based think tank. The arrests followed an MI5 espionage alert issued to UK parliamentarians in November warning that Chinese intelligence services were actively recruiting individuals with access to government.
U.S. charges individuals in AI technology diversion and North Korean sanctions evasion. In March 2026, the DOJ charged three individuals with conspiring to unlawfully divert U.S. artificial intelligence technology to China, and separately sentenced three others for facilitating computer access in a North Korean sanctions evasion scheme. The 2026 threat assessment noted that North Korea stole approximately $2 billion via a cryptocurrency heist in 2025 to fund weapons programs.
##Confused by the recent F5 BIG-IP vulnerability alerts? 🚨 We broke down exactly what this legacy appliance is, why its centralized architecture is a massive single point of failure, and how to replace it with sovereign, zero-trust hardware. Read the plain breakdown.
#Ransier_Sentinel
@offseq There has literally been a CVE and patch for this since October - https://www.runzero.com/blog/f5-bigip-instances/#latest-f5-big-ip-vulnerability-cve-2025-53521
##March 28, 2026
European Commission confirms breach of cloud infrastructure. The European Commission disclosed on March 27 that attackers compromised its AWS account hosting the Europa.eu web platform, potentially exfiltrating over 350 GB of data including databases. The Commission stated its internal systems were not affected and that it detected and contained the intrusion on March 24. An investigation is underway to determine the full scope of the breach and affected Union entities are being notified.
FDD analysis warns Iranian cyber operations exploit weakened U.S. defenses. A March 27 report from the Foundation for Defense of Democracies highlights that CISA is operating at roughly 60 percent furlough even as Iranian threat actors escalate attacks on U.S. critical infrastructure. The analysis cites two healthcare-sector incidents in two weeks: a late-February ransomware attack on an unnamed U.S. healthcare provider and the March 11 Handala wiper attack on medical device firm Stryker, which disrupted emergency medical services and hospitals in Maryland.
CISA adds critical F5 BIG-IP vulnerability to exploited catalog. CISA flagged a critical flaw in F5 BIG-IP Access Policy Manager (CVE-2025-53521, CVSS 9.3) as actively exploited, reclassifying it from denial-of-service to remote code execution after new intelligence obtained in March 2026. Separately, a critical Citrix NetScaler vulnerability (CVE-2026-3055, CVSS 9.3) is seeing active reconnaissance activity in the wild.
Handala reconstitutes after FBI domain seizure. On March 20, the DOJ and FBI seized four domains tied to Iran-linked Handala Hack Team, which had been used for psychological operations, extortion messaging, and doxxing. Within approximately one day, Handala restored its online presence and resumed publishing. The group remains one of several Iranian state-aligned collectives operating under the Electronic Operations Room established on February 28, 2026.
DNI Gabbard's 2026 Annual Threat Assessment omits foreign election interference. The ODNI released its 2026 Annual Threat Assessment on March 18. Notably, the report omits a section on foreign election interference that had been a consistent feature in prior years. The assessment identifies China, Russia, Iran, and North Korea as persistent cyber and intelligence threats to U.S. government and private-sector networks, and flags AI and quantum computing as critical emerging technology challenges.
Kremlin-aligned Matryoshka network targeted 2026 Winter Olympics. A Russian-linked influence network seeded at least 28 fabricated reports during the 2026 Winter Olympics, impersonating outlets such as CBC and Reuters. AI-enhanced clips falsely portrayed Ukrainian athletes as criminals and cheaters, continuing Moscow's pattern of weaponizing sporting events for narrative advantage.
Iran deploys AI-generated imagery in wartime messaging. Iranian state-affiliated channels have circulated AI-generated imagery to amplify wartime narratives, including a fabricated image of a bloody children's backpack posted by the Iranian embassy in Austria, falsely linked to a strike on a girls' school in Minab.
UK espionage trial underway at Old Bailey. Chung Biu "Bill" Yuen and Chi Leung "Peter" Wai are currently on trial in London under the National Security Act 2023, charged with assisting a foreign intelligence service and foreign interference. The trial commenced in early March and is expected to conclude in April.
Three men arrested in UK on suspicion of spying for China. London Metropolitan Police counter-terrorism officers arrested three men on March 4 under the National Security Act 2023. Among those detained was David Taylor, 39, husband of Labour MP Joani Reid and director at Asia House, a London-based think tank. The arrests followed an MI5 espionage alert issued to UK parliamentarians in November warning that Chinese intelligence services were actively recruiting individuals with access to government.
U.S. charges individuals in AI technology diversion and North Korean sanctions evasion. In March 2026, the DOJ charged three individuals with conspiring to unlawfully divert U.S. artificial intelligence technology to China, and separately sentenced three others for facilitating computer access in a North Korean sanctions evasion scheme. The 2026 threat assessment noted that North Korea stole approximately $2 billion via a cryptocurrency heist in 2025 to fund weapons programs.
##Confused by the recent F5 BIG-IP vulnerability alerts? 🚨 We broke down exactly what this legacy appliance is, why its centralized architecture is a massive single point of failure, and how to replace it with sovereign, zero-trust hardware. Read the plain breakdown.
#Ransier_Sentinel
F5 Warns of Critical BIG-IP APM Zero-Day Exploited by Nation-State Actors
F5 re-categorized a BIG-IP APM vulnerability (CVE-2025-53521) from a DoS to a critical 9.8 RCE after discovering active exploitation by a nation-state actor using memory-only webshells and lateral movement tools. The flaw allows unauthenticated attackers to execute code and gain full control over network access infrastructure.
**If you have F5 BIG-IP APM devices, if possible make sure they are isolated from the internet and accessible from trusted networks only. Then immediately update to the fixed firmware versions (17.5.1.3, 17.1.3, 16.1.6.1, or 15.1.10.8). If you suspect a device has already been compromised, rebuild it from scratch - don't restore from backups, as they may contain persistent malware. Also, audit for disabled SELinux and unauthorized webshells.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/f5-warns-of-critical-big-ip-apm-zero-day-exploited-by-nation-state-actors-4-j-u-k-9/gD2P6Ple2L
🚨 [CISA-2026:0327] CISA Adds One Known Exploited Vulnerability to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0327)
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2025-53521 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-53521)
- Name: F5 BIG-IP Unspecified Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: F5
- Product: BIG-IP
- Notes: Please adhere to F5’s guidelines to assess exposure and mitigate risks. Check for signs of potential compromise on all internet accessible F5 products affected by this vulnerability. For more information please see: https://my.f5.com/manage/s/article/K000156741 ; https://my.f5.com/manage/s/article/K000160486 ; https://my.f5.com/manage/s/article/K11438344 ; https://nvd.nist.gov/vuln/detail/CVE-2025-53521
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260327 #cisa20260327 #cve_2025_53521 #cve202553521
##For F5 BIG-IP APM customers, CVE-2025-53521 is being exploited in the wild by a nation state threat actor
It allows unauth RCE and applies to the data plane (not the management interface) - the one available over the internet.
https://my.f5.com/manage/s/article/K000156741
Attackers have been deploying webshells, so boxes are still vuln post patching if already exploited prior.
##CVE ID: CVE-2025-53521
Vendor: F5
Product: BIG-IP
Date Added: 2026-03-27
Notes: Please adhere to F5’s guidelines to assess exposure and mitigate risks. Check for signs of potential compromise on all internet accessible F5 products affected by this vulnerability. For more information please see: https://my.f5.com/manage/s/article/K000156741 ; https://my.f5.com/manage/s/article/K000160486 ; https://my.f5.com/manage/s/article/K11438344 ; https://nvd.nist.gov/vuln/detail/CVE-2025-53521
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-53521
updated 2026-03-27T21:52:26
1 posts
🟠 CVE-2026-33938 - High (8.1)
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the `@partial-block` special variable is stored in the template data context and is reachable and mutable from within a template via he...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33938/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-27T21:52:19
3 posts
1 repos
🚨 New security advisory:
CVE-2026-33937 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-33937-handlebars-remote-code-execution
⚠️ CRITICAL: handlebars.js v4.0.0 – 4.7.8 vulnerable (CVE-2026-33937). Type confusion in compile() lets attackers inject JS & gain RCE via crafted AST. Upgrade to 4.7.9+, validate inputs, use runtime-only build if possible. https://radar.offseq.com/threat/cve-2026-33937-cwe-843-access-of-resource-using-in-5708b559 #OffSeq #CVE202633937 #infosec
##🔴 CVE-2026-33937 - Critical (9.8)
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, `Handlebars.compile()` accepts a pre-parsed AST object in addition to a template string. The `value` field of a `NumberLiteral` AST nod...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33937/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-27T21:50:32
1 posts
🟠 CVE-2026-33891 - High (7.5)
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service (DoS) vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modIn...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33891/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-27T21:49:46
2 posts
🟠 CVE-2026-33870 - High (7.5)
Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33870/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33870 - High (7.5)
Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33870/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-27T21:49:28
1 posts
⚠️ CRITICAL vuln in langflow-ai langflow < 1.9.0 (CVE-2026-33873): Agentic Assistant allows remote code injection via LLM-generated Python. Patch to 1.9.0+ or restrict feature access immediately. Details: https://radar.offseq.com/threat/cve-2026-33873-cwe-94-improper-control-of-generati-cafbe4ee #OffSeq #CVE202633873 #AIsecurity
##updated 2026-03-27T21:37:40
2 posts
🟠 CVE-2026-33747 - High (8.4)
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, when using a custom BuildKit frontend, the frontend can craft an API message that causes files to be wr...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33747/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33747 - High (8.4)
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, when using a custom BuildKit frontend, the frontend can craft an API message that causes files to be wr...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33747/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-27T21:37:34
2 posts
🟠 CVE-2026-33744 - High (7.8)
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.37, the `docker.system_packages` field in `bentofile.yaml` accepts arbitrary strings that are interpolated directly into Docker...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33744/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33744 - High (7.8)
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.37, the `docker.system_packages` field in `bentofile.yaml` accepts arbitrary strings that are interpolated directly into Docker...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33744/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-27T21:37:05
1 posts
🚨 CRITICAL: CVE-2026-33701 affects opentelemetry-java-instrumentation <2.26.1. Unauthenticated RCE possible on Java ≤16 via unsafe RMI deserialization. Upgrade to 2.26.1+ or disable RMI now! Details: https://radar.offseq.com/threat/cve-2026-33701-cwe-502-deserialization-of-untruste-08578920 #OffSeq #Java #RCE #Vuln
##updated 2026-03-27T21:32:40
1 posts
🟠 New security advisory:
CVE-2026-30529 affects multiple systems.
• Impact: Significant security breach potential
• Risk: Unauthorized access or data exposure
• Mitigation: Apply patches within 24-48 hours
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-30529-sourcecodester-food-ordering-system-sql-injection-update-now
updated 2026-03-27T21:32:40
1 posts
🔴 CVE-2026-30303 - Critical (9.8)
The command auto-approval module in Axon Code contains an OS Command Injection vulnerability, rendering its whitelist security mechanism ineffective. The vulnerability stems from the incorrect use of an incompatible command parser (the Unix-based ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30303/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-27T21:32:40
1 posts
🟠 CVE-2026-30637 - High (7.5)
Server-Side Request Forgery (SSRF) vulnerability exists in the AnnounContent of the /admin/read.php in OTCMS V7.66 and before. The vulnerability allows remote attackers to craft HTTP requests, without authentication, containing a URL pointing to i...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30637/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-27T21:32:39
2 posts
🟠 CVE-2026-30463 - High (7.7)
Daylight Studio FuelCMS v1.5.2 was discovered to contain a SQL injection vulnerability via the /controllers/Login.php component.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30463/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-30463 - High (7.7)
Daylight Studio FuelCMS v1.5.2 was discovered to contain a SQL injection vulnerability via the /controllers/Login.php component.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30463/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-27T21:32:39
1 posts
🟠 CVE-2026-30689 - High (7.5)
A blog.admin v.8.0 and before system's getinfobytoken API interface contains an improper access control which leads to sensitive data exposure. Unauthorized parties can obtain sensitive administrator account information via a valid token, threaten...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30689/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-27T21:32:39
1 posts
🔴 CVE-2026-30304 - Critical (9.6)
In its design for automatic terminal command execution, AI Code offers two options: Execute safe commands and execute all commands. The description for the former states that commands determined by the model to be safe will be automatically execut...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30304/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-27T21:32:39
1 posts
🔴 CVE-2026-30302 - Critical (10)
The command auto-approval module in CodeRider-Kilo contains an OS Command Injection vulnerability, rendering its whitelist security mechanism ineffective. The vulnerability stems from the incorrect use of an incompatible command parser (the Unix-b...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30302/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-27T21:31:44
1 posts
🟠 CVE-2026-4975 - High (8.8)
A vulnerability has been found in Tenda AC15 15.03.05.19. This affects the function formSetCfm of the file /goform/setcfm of the component POST Request Handler. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4975/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-27T21:31:24
1 posts
🔴 CVE-2026-33757 - Critical (9.6)
OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao does not prompt for user confirmation when logging in via JWT/OIDC and a role with `callback_mode` set to `direct`. This allows an attacker to star...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33757/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-27T18:33:44
1 posts
🔴 CVE-2026-33942 - Critical (9.8)
Saloon is a PHP library that gives users tools to build API integrations and SDKs. Versions prior to 4.0.0 used PHP's unserialize() in AccessTokenAuthenticator::unserialize() to restore OAuth token state from cache or storage, with allowed_classes...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33942/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-27T18:32:30
2 posts
🟠 CVE-2026-32857 - High (8.6)
Firecrawl version 2.8.0 and prior contain a server-side request forgery (SSRF) protection bypass vulnerability in the Playwright scraping service where network policy validation is applied only to the initial user-supplied URL and not to subsequen...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32857/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32857 - High (8.6)
Firecrawl version 2.8.0 and prior contain a server-side request forgery (SSRF) protection bypass vulnerability in the Playwright scraping service where network policy validation is applied only to the initial user-supplied URL and not to subsequen...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32857/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-27T18:31:34
1 posts
🟠 CVE-2026-28367 - High (8.7)
A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending `\r\r\r` as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28367/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-27T18:31:34
1 posts
🟠 CVE-2026-28369 - High (8.7)
A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spaces, it incorrectly processes the request by stripping these leading spaces. This behavior, which violates HTTP standards, ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28369/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-27T18:31:34
1 posts
🟠 CVE-2026-4961 - High (8.8)
A vulnerability was identified in Tenda AC6 15.03.05.16. Affected by this vulnerability is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. The manipulation of the argument PPPOEPassword leads to st...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4961/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-27T18:31:26
2 posts
- Syncthing got a 2.0 release and switched from LevelDB to SQLite https://github.com/syncthing/syncthing/releases
- macOS did that weird (a) Upgrade https://support.apple.com/de-de/126604 and is now at 2.6.4 with 8 (eight!) new emojis https://support.apple.com/en-us/122868
- Grafana security fix 12.4.1 -> 12.4.2 https://grafana.com/blog/grafana-security-release-critical-and-high-severity-security-fixes-for-cve-2026-27876-and-cve-2026-27880/
- TandoorRecipes got shared shopping lists and pantry inventory with 2.6.0 and an security update to 2.6.1 https://github.com/TandoorRecipes/recipes/releases
- Grist, qbittorrent and smokeping got updates for their containers. I haven't figured out what changed. https://hub.docker.com/r/gristlabs/grist https://github.com/linuxserver/docker-qbittorrent/releases https://github.com/linuxserver/docker-smokeping/releases
- Redis 8.6.2 with some bugfixes https://github.com/redis/redis/releases
- Home Assistant 2026.3.3 -> 2026.3.4. Nothing interesting. https://github.com/home-assistant/core/releases
- oh-my-zsh with tiny changes https://github.com/ohmyzsh/ohmyzsh/commits/master/
- Next section is done by homebrew. I don't even know what half of the stuff is used for. Don't judge for having fish and zsh.
ffmpeg 8.0.1_4 -> 8.1
pandoc 3.9 -> 3.9.0.2
nghttp2 1.68.0_1 -> 1.68.1
simdjson 4.4.0 -> 4.4.2
freetype 2.14.2 -> 2.14.3
cryptography 46.0.5 -> 46.0.6
ipython 9.11.0 -> 9.12.0
libavif 1.4.0 -> 1.4.1
harfbuzz 13.1.1 -> 13.2.1
glib 2.86.4 -> 2.88.0
aom 3.13.1 -> 3.13.2
svt-av1 4.0.1 -> 4.1.0
libnghttp2 1.68.0 -> 1.68.1
openexr 3.4.6 -> 3.4.8
ca-certificates 2025-12-02 -> 2026-03-19
esphome 2026.2.4 -> 2026.3.1
jupyterlab 4.5.6 -> 4.5.6_1
ada-url 3.4.3 -> 3.4.4
node 25.8.1_1 -> 25.8.2
fish 4.5.0 -> 4.6.0
icu4c@78 78.2 -> 78.3
jpeg-turbo 3.1.3 -> 3.1.4
- tailscale 1.96.2 now with easy file transfers "taildrop" https://tailscale.com/changelog
- Xcode 26.4 https://developer.apple.com/documentation/xcode-release-notes/xcode-26_4-release-notes
I haven't touched my desktop yet and probably won't.
Edit 1
I missed the Nextcloud update because I use that weird Nextcloud All-In-One container. nextcloud.com/changelog/
Edit 2
How did I miss the Mastodon upgrade from 4.5.7 to 4.5.8. I may be gone for a moment. https://github.com/mastodon/mastodon/releases
Edit 3
Why do I run a server in the garage?
evcc 0.209.6 -> 0.303.2 https://github.com/evcc-io/evcc/releases
🔴 CVE-2026-27876 - Critical (9.1)
A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact (RCE). This is enabled by a feature in Grafana (OSS), so all users are always recommended to update to avoid future attack ve...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27876/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-27T18:22:12
1 posts
🟠 CVE-2026-33941 - High (8.2)
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the Handlebars CLI precompiler (`bin/handlebars` / `lib/precompiler.js`) concatenates user-controlled strings — template file names a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33941/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-27T18:21:45
1 posts
🟠 CVE-2026-33940 - High (8.1)
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, a crafted object placed in the template context can bypass all conditional guards in `resolvePartial()` and cause `invokePartial()` to ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33940/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-27T17:56:47
2 posts
🟠 CVE-2026-33979 - High (8.2)
Express XSS Sanitizer is Express 4.x and 5.x middleware which sanitizes user input data (in req.body, req.query, req.headers and req.params) to prevent Cross Site Scripting (XSS) attack. A vulnerability has been identified in versions prior to 2.0...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33979/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33979 - High (8.2)
Express XSS Sanitizer is Express 4.x and 5.x middleware which sanitizes user input data (in req.body, req.query, req.headers and req.params) to prevent Cross Site Scripting (XSS) attack. A vulnerability has been identified in versions prior to 2.0...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33979/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-27T17:22:35
3 posts
🔴 CVE-2026-33945 - Critical (9.9)
Incus is a system container and virtual machine manager. Incus instances have an option to provide credentials to systemd in the guest. For containers, this is handled through a shared directory. Prior to version 6.23.0, an attacker can set a conf...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33945/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-33945 - Critical (9.9)
Incus is a system container and virtual machine manager. Incus instances have an option to provide credentials to systemd in the guest. For containers, this is handled through a shared directory. Prior to version 6.23.0, an attacker can set a conf...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33945/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CVE-2026-33945 (CRITICAL, CVSS 10): lxc incus <6.23.0 is vulnerable to path traversal, enabling attackers to write as root & escalate privileges. Upgrade to 6.23.0+ ASAP, restrict config access! https://radar.offseq.com/threat/cve-2026-33945-cwe-22-improper-limitation-of-a-pat-4b327a65 #OffSeq #CVE202633945 #ContainerSecurity
##updated 2026-03-27T17:21:35
2 posts
🟠 CVE-2026-33898 - High (8.8)
Incus is a system container and virtual machine manager. Prior to version 6.23.0, the web server spawned by `incus webui` incorrectly validates the authentication token such that an invalid value will be accepted. `incus webui` runs a local web se...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33898/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33898 - High (8.8)
Incus is a system container and virtual machine manager. Prior to version 6.23.0, the web server spawned by `incus webui` incorrectly validates the authentication token such that an invalid value will be accepted. `incus webui` runs a local web se...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33898/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-27T17:17:04
1 posts
🚨 CVE-2026-33897 (CRITICAL, CVSS 10): Incus <6.23.0 flaw in pongo2 template isolation lets attackers with local access escape containers & gain root on host. Upgrade ASAP! https://radar.offseq.com/threat/cve-2026-33897-cwe-1336-improper-neutralization-of-fafd9faa #OffSeq #LinuxSecurity #CVE202633897 #Containers
##updated 2026-03-27T15:30:32
2 posts
🟠 CVE-2026-4984 - High (8.2)
The Twilio integration webhook handler accepts any POST request without validating Twilio's 'X-Twilio-Signature'.
When processing media messages, it fetches user-controlled URLs ('MediaUrlN' parameters) using HTTP requests that include the integr...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4984/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Tenable Research Advisories have listed several vulnerabilities, three of them high-severity.
High: CVE-2026-5027: Langflow - Path Traversal Arbitrary File Write via upload_user_file https://www.tenable.com/security/research/tra-2026-26
High: CVE-2026-5026: Langflow - Stored XSS via Malicious SVG Upload https://www.tenable.com/security/research/tra-2026-25
High: CVE-2026-4984: Botpress - Credential Disclosure via Twilio Webhook Handler https://www.tenable.com/security/research/tra-2026-22
More here: https://www.tenable.com/security/research @tenable #infosec #vulnerability
##updated 2026-03-27T15:30:32
2 posts
🟠 CVE-2026-5027 - High (8.8)
The 'POST /api/v2/files' endpoint does not sanitize the 'filename' parameter from the multipart form data, allowing an attacker to write files to arbitrary locations on the filesystem using path traversal sequences ('../').
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5027/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Tenable Research Advisories have listed several vulnerabilities, three of them high-severity.
High: CVE-2026-5027: Langflow - Path Traversal Arbitrary File Write via upload_user_file https://www.tenable.com/security/research/tra-2026-26
High: CVE-2026-5026: Langflow - Stored XSS via Malicious SVG Upload https://www.tenable.com/security/research/tra-2026-25
High: CVE-2026-4984: Botpress - Credential Disclosure via Twilio Webhook Handler https://www.tenable.com/security/research/tra-2026-22
More here: https://www.tenable.com/security/research @tenable #infosec #vulnerability
##updated 2026-03-27T15:27:20
2 posts
🟠 CVE-2026-27893 - High (8.8)
vLLM is an inference and serving engine for large language models (LLMs). Starting in version 0.10.1 and prior to version 0.18.0, two model implementation files hardcode `trust_remote_code=True` when loading sub-components, bypassing the user's ex...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27893/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27893 - High (8.8)
vLLM is an inference and serving engine for large language models (LLMs). Starting in version 0.10.1 and prior to version 0.18.0, two model implementation files hardcode `trust_remote_code=True` when loading sub-components, bypassing the user's ex...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27893/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-27T13:26:11.020000
3 posts
1 repos
📈 CVE Published in last 7 days (2026-03-23 - 2026-03-30)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1724
Severity:
- Critical: 160
- High: 649
- Medium: 676
- Low: 49
- None: 190
Status:
- : 20
- Analyzed: 407
- Awaiting Analysis: 410
- Modified: 55
- Received: 778
- Rejected: 23
- Undergoing Analysis: 31
Top CNAs:
- GitHub, Inc.: 426
- Patchstack: 248
- VulDB: 159
- VulnCheck: 124
- kernel.org: 122
- Apple Inc.: 87
- MITRE: 74
- Mozilla Corporation: 47
- Wordfence: 46
- Government Technology Agency of Singapore Cyber Security Group (GovTech CSG): 33
Top Affected Products:
- UNKNOWN: 1239
- Apple Macos: 76
- Mozilla Firefox: 45
- Apple Ipados: 41
- Apple Iphone Os: 41
- Wwbn Avideo: 34
- Apple Visionos: 28
- Apple Watchos: 21
- Open-emr Openemr: 20
- Hcltech Aftermarket Cloud: 17
Top EPSS Score:
- CVE-2026-33634 - 26.61 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33634)
- CVE-2026-33526 - 1.98 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33526)
- CVE-2026-33478 - 1.53 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33478)
- CVE-2026-32854 - 1.04 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32854)
- CVE-2026-32748 - 0.98 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32748)
- CVE-2026-33515 - 0.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33515)
- CVE-2026-33396 - 0.76 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33396)
- CVE-2026-4611 - 0.72 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4611)
- CVE-2026-26829 - 0.69 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26829)
- CVE-2019-25630 - 0.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2019-25630)
📈 CVE Published in last 7 days (2026-03-23 - 2026-03-30)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1724
Severity:
- Critical: 160
- High: 649
- Medium: 676
- Low: 49
- None: 190
Status:
- : 20
- Analyzed: 407
- Awaiting Analysis: 410
- Modified: 55
- Received: 778
- Rejected: 23
- Undergoing Analysis: 31
Top CNAs:
- GitHub, Inc.: 426
- Patchstack: 248
- VulDB: 159
- VulnCheck: 124
- kernel.org: 122
- Apple Inc.: 87
- MITRE: 74
- Mozilla Corporation: 47
- Wordfence: 46
- Government Technology Agency of Singapore Cyber Security Group (GovTech CSG): 33
Top Affected Products:
- UNKNOWN: 1239
- Apple Macos: 76
- Mozilla Firefox: 45
- Apple Ipados: 41
- Apple Iphone Os: 41
- Wwbn Avideo: 34
- Apple Visionos: 28
- Apple Watchos: 21
- Open-emr Openemr: 20
- Hcltech Aftermarket Cloud: 17
Top EPSS Score:
- CVE-2026-33634 - 26.61 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33634)
- CVE-2026-33526 - 1.98 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33526)
- CVE-2026-33478 - 1.53 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33478)
- CVE-2026-32854 - 1.04 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32854)
- CVE-2026-32748 - 0.98 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32748)
- CVE-2026-33515 - 0.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33515)
- CVE-2026-33396 - 0.76 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33396)
- CVE-2026-4611 - 0.72 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4611)
- CVE-2026-26829 - 0.69 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26829)
- CVE-2019-25630 - 0.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2019-25630)
CISA adds CVE-2026-33634 (Trivy) to KEV - active exploitation confirmed.
If it’s in KEV, it’s already a threat.
💬 Is KEV your top patch priority?
🔔 Follow TechNadu
updated 2026-03-27T09:31:19
1 posts
🟠 CVE-2026-24031 - High (7.7)
Dovecot SQL based authentication can be bypassed when auth_username_chars is cleared by admin. This vulnerability allows bypassing authentication for any user and user enumeration. Do not clear auth_username_chars. If this is not possible, install...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24031/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-27T09:31:18
2 posts
🟠 CVE-2025-59032 - High (7.5)
ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedly, making it unavailable for other users. Control access to ManageSieve port, or disable the service if it...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-59032/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-59032 - High (7.5)
ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedly, making it unavailable for other users. Control access to ManageSieve port, or disable the service if it...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-59032/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-27T00:31:32
2 posts
🟠 CVE-2026-4905 - High (8.8)
A vulnerability was found in Tenda AC5 15.03.06.47. Impacted is the function formWifiWpsOOB of the file /goform/WifiWpsOOB of the component POST Request Handler. Performing a manipulation of the argument index results in stack-based buffer overflo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4905/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4905 - High (8.8)
A vulnerability was found in Tenda AC5 15.03.06.47. Impacted is the function formWifiWpsOOB of the file /goform/WifiWpsOOB of the component POST Request Handler. Performing a manipulation of the argument index results in stack-based buffer overflo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4905/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-27T00:31:32
2 posts
🟠 CVE-2026-4904 - High (8.8)
A vulnerability has been found in Tenda AC5 15.03.06.47. This issue affects the function formSetCfm of the file /goform/setcfm of the component POST Request Handler. Such manipulation of the argument funcpara1 leads to stack-based buffer overflow....
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4904/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4904 - High (8.8)
A vulnerability has been found in Tenda AC5 15.03.06.47. This issue affects the function formSetCfm of the file /goform/setcfm of the component POST Request Handler. Such manipulation of the argument funcpara1 leads to stack-based buffer overflow....
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4904/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-26T21:32:31
1 posts
🟠 CVE-2026-32522 - High (8.6)
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish WooCommerce Support Ticket System woocommerce-support-ticket-system allows Path Traversal.This issue affects WooCommerce Support Ticket System...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32522/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-26T20:40:52.840000
2 posts
📈 CVE Published in last 7 days (2026-03-23 - 2026-03-30)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1724
Severity:
- Critical: 160
- High: 649
- Medium: 676
- Low: 49
- None: 190
Status:
- : 20
- Analyzed: 407
- Awaiting Analysis: 410
- Modified: 55
- Received: 778
- Rejected: 23
- Undergoing Analysis: 31
Top CNAs:
- GitHub, Inc.: 426
- Patchstack: 248
- VulDB: 159
- VulnCheck: 124
- kernel.org: 122
- Apple Inc.: 87
- MITRE: 74
- Mozilla Corporation: 47
- Wordfence: 46
- Government Technology Agency of Singapore Cyber Security Group (GovTech CSG): 33
Top Affected Products:
- UNKNOWN: 1239
- Apple Macos: 76
- Mozilla Firefox: 45
- Apple Ipados: 41
- Apple Iphone Os: 41
- Wwbn Avideo: 34
- Apple Visionos: 28
- Apple Watchos: 21
- Open-emr Openemr: 20
- Hcltech Aftermarket Cloud: 17
Top EPSS Score:
- CVE-2026-33634 - 26.61 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33634)
- CVE-2026-33526 - 1.98 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33526)
- CVE-2026-33478 - 1.53 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33478)
- CVE-2026-32854 - 1.04 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32854)
- CVE-2026-32748 - 0.98 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32748)
- CVE-2026-33515 - 0.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33515)
- CVE-2026-33396 - 0.76 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33396)
- CVE-2026-4611 - 0.72 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4611)
- CVE-2026-26829 - 0.69 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26829)
- CVE-2019-25630 - 0.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2019-25630)
📈 CVE Published in last 7 days (2026-03-23 - 2026-03-30)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1724
Severity:
- Critical: 160
- High: 649
- Medium: 676
- Low: 49
- None: 190
Status:
- : 20
- Analyzed: 407
- Awaiting Analysis: 410
- Modified: 55
- Received: 778
- Rejected: 23
- Undergoing Analysis: 31
Top CNAs:
- GitHub, Inc.: 426
- Patchstack: 248
- VulDB: 159
- VulnCheck: 124
- kernel.org: 122
- Apple Inc.: 87
- MITRE: 74
- Mozilla Corporation: 47
- Wordfence: 46
- Government Technology Agency of Singapore Cyber Security Group (GovTech CSG): 33
Top Affected Products:
- UNKNOWN: 1239
- Apple Macos: 76
- Mozilla Firefox: 45
- Apple Ipados: 41
- Apple Iphone Os: 41
- Wwbn Avideo: 34
- Apple Visionos: 28
- Apple Watchos: 21
- Open-emr Openemr: 20
- Hcltech Aftermarket Cloud: 17
Top EPSS Score:
- CVE-2026-33634 - 26.61 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33634)
- CVE-2026-33526 - 1.98 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33526)
- CVE-2026-33478 - 1.53 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33478)
- CVE-2026-32854 - 1.04 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32854)
- CVE-2026-32748 - 0.98 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32748)
- CVE-2026-33515 - 0.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33515)
- CVE-2026-33396 - 0.76 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33396)
- CVE-2026-4611 - 0.72 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4611)
- CVE-2026-26829 - 0.69 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26829)
- CVE-2019-25630 - 0.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2019-25630)
updated 2026-03-26T16:43:20.300000
1 posts
🟠 CVE-2025-15101 - High (8.8)
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Web management interface of certain ASUS router models. This vulnerability potentially allows actions to be performed with the existing privileges of an authenticated use...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-15101/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-26T16:41:02
1 posts
n8n Patches Critical Remote Code Execution and Credential Theft Vulnerabilities
n8n patched multiple vulnerabilities, including two critical RCE flaws (CVE-2026-33660 and CVE-2026-33696) and a credential theft issue that allow authenticated users to take over host systems or steal plaintext secrets.
**If you use n8n, update immediately to version 1.123.27, 2.13.3, or 2.14.1. These patches fix critical flaws that let anyone with workflow permissions take over your server and steal all stored credentials. If you can't update right away, restrict workflow creation permissions to only fully trusted users and disable the Merge and XML nodes via the NODES_EXCLUDE environment variable until you can patch.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/n8n-patches-critical-remote-code-execution-and-credential-theft-vulnerabilities-7-b-1-2-9/gD2P6Ple2L
updated 2026-03-26T15:31:40
1 posts
🟠 CVE-2026-24068 - High (8.8)
The VSL privileged helper does utilize NSXPC for IPC. The implementation of the "shouldAcceptNewConnection" function, which is used by the NSXPC framework to validate if a client should be allowed to connect to the XPC listener, does not validate ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24068/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-26T15:31:39
1 posts
🔴 CVE-2026-32523 - Critical (9.9)
Unrestricted Upload of File with Dangerous Type vulnerability in denishua WPJAM Basic wpjam-basic allows Using Malicious Files.This issue affects WPJAM Basic: from n/a through <= 6.9.2.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32523/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-26T15:31:39
1 posts
🟠 CVE-2026-4747 - High (8.8)
Each RPCSEC_GSS data packet is validated by a routine which checks a signature in the packet. This routine copies a portion of the packet into a stack buffer, but fails to ensure that the buffer is sufficiently large, and a malicious client can t...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4747/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-26T15:31:38
1 posts
🟠 CVE-2026-4652 - High (7.5)
On a system exposing an NVMe/TCP target, a remote client can trigger a kernel panic by sending a CONNECT command for an I/O queue with a bogus or stale CNTLID.
An attacker with network access to the NVMe/TCP target can trigger an unauthenticated ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4652/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-26T15:16:41.263000
1 posts
🟠 CVE-2026-4247 - High (7.5)
When a challenge ACK is to be sent tcp_respond() constructs and sends the challenge ACK and consumes the mbuf that is passed in. When no challenge ACK should be sent the function returns and leaks the mbuf.
If an attacker is either on path with ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4247/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-26T15:13:15.790000
2 posts
📈 CVE Published in last 7 days (2026-03-23 - 2026-03-30)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1724
Severity:
- Critical: 160
- High: 649
- Medium: 676
- Low: 49
- None: 190
Status:
- : 20
- Analyzed: 407
- Awaiting Analysis: 410
- Modified: 55
- Received: 778
- Rejected: 23
- Undergoing Analysis: 31
Top CNAs:
- GitHub, Inc.: 426
- Patchstack: 248
- VulDB: 159
- VulnCheck: 124
- kernel.org: 122
- Apple Inc.: 87
- MITRE: 74
- Mozilla Corporation: 47
- Wordfence: 46
- Government Technology Agency of Singapore Cyber Security Group (GovTech CSG): 33
Top Affected Products:
- UNKNOWN: 1239
- Apple Macos: 76
- Mozilla Firefox: 45
- Apple Ipados: 41
- Apple Iphone Os: 41
- Wwbn Avideo: 34
- Apple Visionos: 28
- Apple Watchos: 21
- Open-emr Openemr: 20
- Hcltech Aftermarket Cloud: 17
Top EPSS Score:
- CVE-2026-33634 - 26.61 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33634)
- CVE-2026-33526 - 1.98 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33526)
- CVE-2026-33478 - 1.53 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33478)
- CVE-2026-32854 - 1.04 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32854)
- CVE-2026-32748 - 0.98 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32748)
- CVE-2026-33515 - 0.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33515)
- CVE-2026-33396 - 0.76 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33396)
- CVE-2026-4611 - 0.72 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4611)
- CVE-2026-26829 - 0.69 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26829)
- CVE-2019-25630 - 0.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2019-25630)
📈 CVE Published in last 7 days (2026-03-23 - 2026-03-30)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1724
Severity:
- Critical: 160
- High: 649
- Medium: 676
- Low: 49
- None: 190
Status:
- : 20
- Analyzed: 407
- Awaiting Analysis: 410
- Modified: 55
- Received: 778
- Rejected: 23
- Undergoing Analysis: 31
Top CNAs:
- GitHub, Inc.: 426
- Patchstack: 248
- VulDB: 159
- VulnCheck: 124
- kernel.org: 122
- Apple Inc.: 87
- MITRE: 74
- Mozilla Corporation: 47
- Wordfence: 46
- Government Technology Agency of Singapore Cyber Security Group (GovTech CSG): 33
Top Affected Products:
- UNKNOWN: 1239
- Apple Macos: 76
- Mozilla Firefox: 45
- Apple Ipados: 41
- Apple Iphone Os: 41
- Wwbn Avideo: 34
- Apple Visionos: 28
- Apple Watchos: 21
- Open-emr Openemr: 20
- Hcltech Aftermarket Cloud: 17
Top EPSS Score:
- CVE-2026-33634 - 26.61 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33634)
- CVE-2026-33526 - 1.98 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33526)
- CVE-2026-33478 - 1.53 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33478)
- CVE-2026-32854 - 1.04 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32854)
- CVE-2026-32748 - 0.98 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32748)
- CVE-2026-33515 - 0.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33515)
- CVE-2026-33396 - 0.76 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33396)
- CVE-2026-4611 - 0.72 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4611)
- CVE-2026-26829 - 0.69 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26829)
- CVE-2019-25630 - 0.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2019-25630)
updated 2026-03-26T15:13:15.790000
2 posts
📈 CVE Published in last 7 days (2026-03-23 - 2026-03-30)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1724
Severity:
- Critical: 160
- High: 649
- Medium: 676
- Low: 49
- None: 190
Status:
- : 20
- Analyzed: 407
- Awaiting Analysis: 410
- Modified: 55
- Received: 778
- Rejected: 23
- Undergoing Analysis: 31
Top CNAs:
- GitHub, Inc.: 426
- Patchstack: 248
- VulDB: 159
- VulnCheck: 124
- kernel.org: 122
- Apple Inc.: 87
- MITRE: 74
- Mozilla Corporation: 47
- Wordfence: 46
- Government Technology Agency of Singapore Cyber Security Group (GovTech CSG): 33
Top Affected Products:
- UNKNOWN: 1239
- Apple Macos: 76
- Mozilla Firefox: 45
- Apple Ipados: 41
- Apple Iphone Os: 41
- Wwbn Avideo: 34
- Apple Visionos: 28
- Apple Watchos: 21
- Open-emr Openemr: 20
- Hcltech Aftermarket Cloud: 17
Top EPSS Score:
- CVE-2026-33634 - 26.61 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33634)
- CVE-2026-33526 - 1.98 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33526)
- CVE-2026-33478 - 1.53 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33478)
- CVE-2026-32854 - 1.04 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32854)
- CVE-2026-32748 - 0.98 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32748)
- CVE-2026-33515 - 0.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33515)
- CVE-2026-33396 - 0.76 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33396)
- CVE-2026-4611 - 0.72 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4611)
- CVE-2026-26829 - 0.69 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26829)
- CVE-2019-25630 - 0.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2019-25630)
📈 CVE Published in last 7 days (2026-03-23 - 2026-03-30)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1724
Severity:
- Critical: 160
- High: 649
- Medium: 676
- Low: 49
- None: 190
Status:
- : 20
- Analyzed: 407
- Awaiting Analysis: 410
- Modified: 55
- Received: 778
- Rejected: 23
- Undergoing Analysis: 31
Top CNAs:
- GitHub, Inc.: 426
- Patchstack: 248
- VulDB: 159
- VulnCheck: 124
- kernel.org: 122
- Apple Inc.: 87
- MITRE: 74
- Mozilla Corporation: 47
- Wordfence: 46
- Government Technology Agency of Singapore Cyber Security Group (GovTech CSG): 33
Top Affected Products:
- UNKNOWN: 1239
- Apple Macos: 76
- Mozilla Firefox: 45
- Apple Ipados: 41
- Apple Iphone Os: 41
- Wwbn Avideo: 34
- Apple Visionos: 28
- Apple Watchos: 21
- Open-emr Openemr: 20
- Hcltech Aftermarket Cloud: 17
Top EPSS Score:
- CVE-2026-33634 - 26.61 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33634)
- CVE-2026-33526 - 1.98 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33526)
- CVE-2026-33478 - 1.53 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33478)
- CVE-2026-32854 - 1.04 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32854)
- CVE-2026-32748 - 0.98 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32748)
- CVE-2026-33515 - 0.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33515)
- CVE-2026-33396 - 0.76 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33396)
- CVE-2026-4611 - 0.72 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4611)
- CVE-2026-26829 - 0.69 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26829)
- CVE-2019-25630 - 0.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2019-25630)
updated 2026-03-26T13:26:16.393000
1 posts
5 repos
https://github.com/SimoesCTT/Sovereign-Echo-33017
https://github.com/z4yd3/PoC-CVE-2026-33017
https://github.com/omer-efe-curkus/CVE-2026-33017-Langflow-RCE-PoC
CISA just added two critical vulnerabilities to its Known Exploited Vulnerabilities catalog and both deserve your immediate attention.
First up is CVE-2026-33017, a code injection flaw in Langflow, the open-source AI workflow builder that has exploded in popularity.
Read more: https://steelefortress.com/7448up
##updated 2026-03-26T09:30:34
1 posts
🟠 CVE-2026-4861 - High (8.8)
A weakness has been identified in Wavlink WL-NU516U1 260227. This vulnerability affects the function ftext of the file /cgi-bin/nas.cgi. This manipulation of the argument Content-Length causes stack-based buffer overflow. The attack can be initiat...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4861/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-26T00:30:54
2 posts
📈 CVE Published in last 7 days (2026-03-23 - 2026-03-30)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1724
Severity:
- Critical: 160
- High: 649
- Medium: 676
- Low: 49
- None: 190
Status:
- : 20
- Analyzed: 407
- Awaiting Analysis: 410
- Modified: 55
- Received: 778
- Rejected: 23
- Undergoing Analysis: 31
Top CNAs:
- GitHub, Inc.: 426
- Patchstack: 248
- VulDB: 159
- VulnCheck: 124
- kernel.org: 122
- Apple Inc.: 87
- MITRE: 74
- Mozilla Corporation: 47
- Wordfence: 46
- Government Technology Agency of Singapore Cyber Security Group (GovTech CSG): 33
Top Affected Products:
- UNKNOWN: 1239
- Apple Macos: 76
- Mozilla Firefox: 45
- Apple Ipados: 41
- Apple Iphone Os: 41
- Wwbn Avideo: 34
- Apple Visionos: 28
- Apple Watchos: 21
- Open-emr Openemr: 20
- Hcltech Aftermarket Cloud: 17
Top EPSS Score:
- CVE-2026-33634 - 26.61 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33634)
- CVE-2026-33526 - 1.98 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33526)
- CVE-2026-33478 - 1.53 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33478)
- CVE-2026-32854 - 1.04 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32854)
- CVE-2026-32748 - 0.98 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32748)
- CVE-2026-33515 - 0.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33515)
- CVE-2026-33396 - 0.76 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33396)
- CVE-2026-4611 - 0.72 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4611)
- CVE-2026-26829 - 0.69 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26829)
- CVE-2019-25630 - 0.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2019-25630)
📈 CVE Published in last 7 days (2026-03-23 - 2026-03-30)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1724
Severity:
- Critical: 160
- High: 649
- Medium: 676
- Low: 49
- None: 190
Status:
- : 20
- Analyzed: 407
- Awaiting Analysis: 410
- Modified: 55
- Received: 778
- Rejected: 23
- Undergoing Analysis: 31
Top CNAs:
- GitHub, Inc.: 426
- Patchstack: 248
- VulDB: 159
- VulnCheck: 124
- kernel.org: 122
- Apple Inc.: 87
- MITRE: 74
- Mozilla Corporation: 47
- Wordfence: 46
- Government Technology Agency of Singapore Cyber Security Group (GovTech CSG): 33
Top Affected Products:
- UNKNOWN: 1239
- Apple Macos: 76
- Mozilla Firefox: 45
- Apple Ipados: 41
- Apple Iphone Os: 41
- Wwbn Avideo: 34
- Apple Visionos: 28
- Apple Watchos: 21
- Open-emr Openemr: 20
- Hcltech Aftermarket Cloud: 17
Top EPSS Score:
- CVE-2026-33634 - 26.61 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33634)
- CVE-2026-33526 - 1.98 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33526)
- CVE-2026-33478 - 1.53 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33478)
- CVE-2026-32854 - 1.04 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32854)
- CVE-2026-32748 - 0.98 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32748)
- CVE-2026-33515 - 0.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33515)
- CVE-2026-33396 - 0.76 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33396)
- CVE-2026-4611 - 0.72 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4611)
- CVE-2026-26829 - 0.69 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26829)
- CVE-2019-25630 - 0.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2019-25630)
updated 2026-03-25T21:07:45
1 posts
n8n Patches Critical Remote Code Execution and Credential Theft Vulnerabilities
n8n patched multiple vulnerabilities, including two critical RCE flaws (CVE-2026-33660 and CVE-2026-33696) and a credential theft issue that allow authenticated users to take over host systems or steal plaintext secrets.
**If you use n8n, update immediately to version 1.123.27, 2.13.3, or 2.14.1. These patches fix critical flaws that let anyone with workflow permissions take over your server and steal all stored credentials. If you can't update right away, restrict workflow creation permissions to only fully trusted users and disable the Merge and XML nodes via the NODES_EXCLUDE environment variable until you can patch.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/n8n-patches-critical-remote-code-execution-and-credential-theft-vulnerabilities-7-b-1-2-9/gD2P6Ple2L
updated 2026-03-25T18:49:55
2 posts
📈 CVE Published in last 7 days (2026-03-23 - 2026-03-30)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1724
Severity:
- Critical: 160
- High: 649
- Medium: 676
- Low: 49
- None: 190
Status:
- : 20
- Analyzed: 407
- Awaiting Analysis: 410
- Modified: 55
- Received: 778
- Rejected: 23
- Undergoing Analysis: 31
Top CNAs:
- GitHub, Inc.: 426
- Patchstack: 248
- VulDB: 159
- VulnCheck: 124
- kernel.org: 122
- Apple Inc.: 87
- MITRE: 74
- Mozilla Corporation: 47
- Wordfence: 46
- Government Technology Agency of Singapore Cyber Security Group (GovTech CSG): 33
Top Affected Products:
- UNKNOWN: 1239
- Apple Macos: 76
- Mozilla Firefox: 45
- Apple Ipados: 41
- Apple Iphone Os: 41
- Wwbn Avideo: 34
- Apple Visionos: 28
- Apple Watchos: 21
- Open-emr Openemr: 20
- Hcltech Aftermarket Cloud: 17
Top EPSS Score:
- CVE-2026-33634 - 26.61 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33634)
- CVE-2026-33526 - 1.98 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33526)
- CVE-2026-33478 - 1.53 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33478)
- CVE-2026-32854 - 1.04 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32854)
- CVE-2026-32748 - 0.98 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32748)
- CVE-2026-33515 - 0.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33515)
- CVE-2026-33396 - 0.76 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33396)
- CVE-2026-4611 - 0.72 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4611)
- CVE-2026-26829 - 0.69 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26829)
- CVE-2019-25630 - 0.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2019-25630)
📈 CVE Published in last 7 days (2026-03-23 - 2026-03-30)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1724
Severity:
- Critical: 160
- High: 649
- Medium: 676
- Low: 49
- None: 190
Status:
- : 20
- Analyzed: 407
- Awaiting Analysis: 410
- Modified: 55
- Received: 778
- Rejected: 23
- Undergoing Analysis: 31
Top CNAs:
- GitHub, Inc.: 426
- Patchstack: 248
- VulDB: 159
- VulnCheck: 124
- kernel.org: 122
- Apple Inc.: 87
- MITRE: 74
- Mozilla Corporation: 47
- Wordfence: 46
- Government Technology Agency of Singapore Cyber Security Group (GovTech CSG): 33
Top Affected Products:
- UNKNOWN: 1239
- Apple Macos: 76
- Mozilla Firefox: 45
- Apple Ipados: 41
- Apple Iphone Os: 41
- Wwbn Avideo: 34
- Apple Visionos: 28
- Apple Watchos: 21
- Open-emr Openemr: 20
- Hcltech Aftermarket Cloud: 17
Top EPSS Score:
- CVE-2026-33634 - 26.61 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33634)
- CVE-2026-33526 - 1.98 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33526)
- CVE-2026-33478 - 1.53 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33478)
- CVE-2026-32854 - 1.04 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32854)
- CVE-2026-32748 - 0.98 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32748)
- CVE-2026-33515 - 0.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33515)
- CVE-2026-33396 - 0.76 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33396)
- CVE-2026-4611 - 0.72 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4611)
- CVE-2026-26829 - 0.69 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26829)
- CVE-2019-25630 - 0.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2019-25630)
updated 2026-03-24T21:31:35
1 posts
NVIDIA Patches Multiple Flaws Including Critical RCE Vulnerability in Apex AI Optimization Library
NVIDIA's March 2026 security bulletins address multiple vulnerabilities across its AI and infrastructure products including CVE-2025-33244, a critical deserialization flaw in NVIDIA Apex that could allow remote code execution, privilege escalation, and full compromise of AI training pipelines.
**If you're running NVIDIA AI tools like Apex, Triton, NeMo, or Megatron, check the March 2026 security bulletins and apply all available patches immediately — several of these flaws are high-severity and could let attackers take over your AI pipelines. Subscribe to NVIDIA's security advisories so you don't miss future updates, and prioritize patching any internet-facing or shared infrastructure components first.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/nvidia-patches-multiple-flaws-including-critical-rce-vulnerability-in-apex-ai-optimization-library-j-a-i-f-t/gD2P6Ple2L
updated 2026-03-24T15:54:09.400000
29 posts
2 repos
📢 CVE-2026-3055 : Citrix NetScaler – Seconde vulnérabilité de fuite mémoire exploitée in-the-wild
📝 ## 🔍 Contexte
Publié le 30 mars 2026 p...
📖 cyberveille : https://cyberveille.ch/posts/2026-03-30-cve-2026-3055-citrix-netscaler-seconde-vulnerabilite-de-fuite-memoire-exploitee-in-the-wild/
🌐 source : https://labs.watchtowr.com/please-we-beg-just-one-weekend-free-of-appliances-citrix-netscaler-cve-2026-3055-memory-overread-part-2/
#CVE_2026_3055 #Citrix_NetScaler #Cyberveille
📢 CVE-2026-3055 : Vulnérabilité critique sur Citrix NetScaler déjà ciblée par des acteurs malveillants
📝 ## 🔍 Contexte
Publié le 30 mars 2026 par The Cyber Express, cet article couvre la divulgatio...
📖 cyberveille : https://cyberveille.ch/posts/2026-03-30-cve-2026-3055-vulnerabilite-critique-sur-citrix-netscaler-deja-ciblee-par-des-acteurs-malveillants/
🌐 source : https://thecyberexpress.com/cve-2026-3055-citrix-netscaler-saml-idp/
#CVE_2026_3055 #CVE_2026_4368 #Cyberveille
Please, We Beg, Just One Weekend Free Of Appliances (Citrix NetScaler CVE-2026-3055 Memory Overread Part 2)
##It just never stops those Citrix vulnerabilities...
https://thecyberexpress.com/cve-2026-3055-citrix-netscaler-saml-idp/
#citrix #cybersecurity #cve
la vulnérabilité est à considérer comme activement exploitée selon watchTowr.
ils ont publié une analyse technique détaillée de la faille, utile pour mieux comprendre le mécanisme d’exploitation
👇
https://labs.watchtowr.com/please-we-beg-just-one-weekend-free-of-appliances-citrix-netscaler-cve-2026-3055-memory-overread-part-2/
Pour les équipes concernées, on n’est plus dans l’anticipation mais dans la réaction rapide.
##⚠️ CVE-2026-3055 / Citrix NetScaler : la reconnaissance est en cours.
Des activités de reconnaissance ciblent déjà les appliances exposées, avec notamment des requêtes vers /cgi/GetAuthMethods pour identifier les configs exploitables, en particulier les environnements SAML IdP.
GBHackers relaie ces observations
👇
https://gbhackers.com/hackers-probe-citrix-netscaler-systems-cve-2026-3055-exploitation/
Côté exposition, ONYPHE recense plus de 18000 IP uniques sur une version vulnérable, (dont environ +800 en Suisse).
👇
https://www.linkedin.com/posts/onyphe_vulnerability-asm-attacksurfacemanagement-activity-7442250727046987776-ofYV
Le pattern rappelle clairement les précédents CitrixBleed : si du NetScaler est encore exposé, la fenêtre avant exploitation de masse pourrait être très courte.
##Hackers Circle Citrix NetScaler Flaw Within Hours of Disclosure
A newly disclosed critical vulnerability, CVE-2026-3055, affecting Citrix NetScaler appliances is already drawing attention from threat actors,...
🔗️ [Thecyberexpress] https://link.is.it/gNvuZX
##Urgent Alert: NetScaler bug CVE-2026-3055 probed by attackers could leak sensitive data https://securityaffairs.com/190131/hacking/urgent-alert-netscaler-bug-cve-2026-3055-probed-by-attackers-could-leak-sensitive-data.html
##Please, We Beg, Just One Weekend Free Of Appliances (Citrix NetScaler CVE-2026-3055 Memory Overread Part 2) https://labs.watchtowr.com/please-we-beg-just-one-weekend-free-of-appliances-citrix-netscaler-cve-2026-3055-memory-overread-part-2/
##Please, We Beg, Just One Weekend Free Of Appliances (Citrix NetScaler CVE-2026-3055 Memory Overread Part 2) - watchTowr Labs https://labs.watchtowr.com/please-we-beg-just-one-weekend-free-of-appliances-citrix-netscaler-cve-2026-3055-memory-overread-part-2/
##March 24, 2026
A former NSA analyst published a detailed investigation exposing a coordinated multi-nation disinformation network on X involving Russia, China, Iran, and Turkey. The network used a central account called "Global Insight Journal" that followed a three-phase amplification strategy — Turkish seeding, Iranian boosting, and Russian boosting — to spread narratives favorable to those states during the U.S.-Iran conflict. Posting volume dropped between March 3–5, coinciding with the destruction of Iran's state propaganda headquarters (IRIB), suggesting operational dependency on Iranian state infrastructure.
The Foundation for Defense of Democracies published an analysis arguing the 2026 Annual Threat Assessment omits key Russian threats, particularly Moscow's routine probing of NORAD airspace near Alaska, GPS interference in the Arctic, and simulated strikes against NATO targets. NORAD responded nine times to Russian aircraft near Alaska in 2025 and twice already in 2026.
PolitiFact published a detailed overview of Iran's influence operations during the current conflict, documenting the use of AI-generated imagery through state-affiliated channels and inauthentic social media accounts to spread favorable messaging — conducted even as Iran's internet connectivity has been reduced to 1–4% since strikes began on February 28.
Citrix released security updates addressing two vulnerabilities in NetScaler ADC and NetScaler Gateway, including a critical flaw (CVE-2026-3055, CVSS 9.3) involving insufficient input validation that could allow unauthenticated remote attackers to leak sensitive information from appliance memory.
Threat actors are suspected of actively exploiting a maximum-severity flaw in Quest KACE Systems Management Appliance (CVE-2025-32975, CVSS 10.0). Malicious activity was first observed the week of March 9 in customer environments. The authentication bypass vulnerability allows attackers to impersonate legitimate users and take over administrative accounts.
Iran-linked cyber operations continue in the wake of the February 28 U.S.-Israel strikes. The Iran-linked group Handala previously claimed the cyberattack on Stryker, the medical device company, which was the first destructive cyberattack to hit a U.S.-based company during the war. Palo Alto Networks' Unit 42 continues to track the broader escalation of Iranian cyber risk, noting multiple state-aligned personas coordinating under an "Electronic Operations Room" formed on February 28, with some estimates of 60 individual hacktivist groups now active.
Ukraine's Security Service (SBU) announced it had identified Hungarian military intelligence officer Zoltan Andre as the handler of a spy network in the Zakarpattia region. Andre allegedly exploited Hungarian diplomatic institutions to recruit agents from among locals applying for Hungarian citizenship. The network collected intelligence on Ukrainian defense force deployments, including attempts to identify air defense positions in western Ukraine. Two members of the cell were detained. This is the first time Ukraine has publicly exposed an intelligence network run by a NATO ally.
The U.S. Department of Justice unsealed an indictment charging three individuals — Yih-Shyan "Wally" Liaw (U.S. citizen), Ruei-Tsang "Steven" Chang, and Ting-Wei "Willy" Sun (both Taiwanese citizens) — with conspiring to illegally divert high-performance AI server technology to China. The defendants allegedly used false documents, staged dummy servers to mislead inspectors, and convoluted transshipment schemes to evade U.S. export controls. Liaw and Sun were arrested; Chang remains a fugitive.
In Vienna, the trial of former Austrian intelligence officer Egisto Ott continues — Austria's biggest espionage case in years. Ott is accused of passing information to Russian intelligence and fugitive Wirecard executive Jan Marsalek, including allegedly obtaining a laptop containing secret EU electronic security hardware that was handed to Russian intelligence in 2022.
##March 28, 2026
European Commission confirms breach of cloud infrastructure. The European Commission disclosed on March 27 that attackers compromised its AWS account hosting the Europa.eu web platform, potentially exfiltrating over 350 GB of data including databases. The Commission stated its internal systems were not affected and that it detected and contained the intrusion on March 24. An investigation is underway to determine the full scope of the breach and affected Union entities are being notified.
FDD analysis warns Iranian cyber operations exploit weakened U.S. defenses. A March 27 report from the Foundation for Defense of Democracies highlights that CISA is operating at roughly 60 percent furlough even as Iranian threat actors escalate attacks on U.S. critical infrastructure. The analysis cites two healthcare-sector incidents in two weeks: a late-February ransomware attack on an unnamed U.S. healthcare provider and the March 11 Handala wiper attack on medical device firm Stryker, which disrupted emergency medical services and hospitals in Maryland.
CISA adds critical F5 BIG-IP vulnerability to exploited catalog. CISA flagged a critical flaw in F5 BIG-IP Access Policy Manager (CVE-2025-53521, CVSS 9.3) as actively exploited, reclassifying it from denial-of-service to remote code execution after new intelligence obtained in March 2026. Separately, a critical Citrix NetScaler vulnerability (CVE-2026-3055, CVSS 9.3) is seeing active reconnaissance activity in the wild.
Handala reconstitutes after FBI domain seizure. On March 20, the DOJ and FBI seized four domains tied to Iran-linked Handala Hack Team, which had been used for psychological operations, extortion messaging, and doxxing. Within approximately one day, Handala restored its online presence and resumed publishing. The group remains one of several Iranian state-aligned collectives operating under the Electronic Operations Room established on February 28, 2026.
DNI Gabbard's 2026 Annual Threat Assessment omits foreign election interference. The ODNI released its 2026 Annual Threat Assessment on March 18. Notably, the report omits a section on foreign election interference that had been a consistent feature in prior years. The assessment identifies China, Russia, Iran, and North Korea as persistent cyber and intelligence threats to U.S. government and private-sector networks, and flags AI and quantum computing as critical emerging technology challenges.
Kremlin-aligned Matryoshka network targeted 2026 Winter Olympics. A Russian-linked influence network seeded at least 28 fabricated reports during the 2026 Winter Olympics, impersonating outlets such as CBC and Reuters. AI-enhanced clips falsely portrayed Ukrainian athletes as criminals and cheaters, continuing Moscow's pattern of weaponizing sporting events for narrative advantage.
Iran deploys AI-generated imagery in wartime messaging. Iranian state-affiliated channels have circulated AI-generated imagery to amplify wartime narratives, including a fabricated image of a bloody children's backpack posted by the Iranian embassy in Austria, falsely linked to a strike on a girls' school in Minab.
UK espionage trial underway at Old Bailey. Chung Biu "Bill" Yuen and Chi Leung "Peter" Wai are currently on trial in London under the National Security Act 2023, charged with assisting a foreign intelligence service and foreign interference. The trial commenced in early March and is expected to conclude in April.
Three men arrested in UK on suspicion of spying for China. London Metropolitan Police counter-terrorism officers arrested three men on March 4 under the National Security Act 2023. Among those detained was David Taylor, 39, husband of Labour MP Joani Reid and director at Asia House, a London-based think tank. The arrests followed an MI5 espionage alert issued to UK parliamentarians in November warning that Chinese intelligence services were actively recruiting individuals with access to government.
U.S. charges individuals in AI technology diversion and North Korean sanctions evasion. In March 2026, the DOJ charged three individuals with conspiring to unlawfully divert U.S. artificial intelligence technology to China, and separately sentenced three others for facilitating computer access in a North Korean sanctions evasion scheme. The 2026 threat assessment noted that North Korea stole approximately $2 billion via a cryptocurrency heist in 2025 to fund weapons programs.
##Critical Citrix NetScaler Vulnerability CVE-2026-3055 Triggers Urgent Security Concerns Across Enterprise Networks
Introduction: A Silent Threat Emerging in Enterprise Infrastructure A newly disclosed critical vulnerability in Citrix NetScaler ADC and Gateway has rapidly captured the attention of cybersecurity professionals worldwide. Identified as CVE-2026-3055 and assigned a severe CVSS score of 9.3, this flaw exposes a dangerous weakness capable of leaking sensitive…
##Anyone got a CVE-2026-3055-vulnerable box I can throw my attempted detection script against? I mean, it's trivial, but still would like to have more certainty about our boxes NOT being impacted than "I think I understood the watchtowr blog & didn't fuck up" when we get asked if we need to emergency patch tomorrow :neobot_giggle:
##The Sequels Are Never As Good, But We're Still In Pain (Citrix NetScaler CVE-2026-3055 Memory Overread)
##The Sequels Are Never As Good, But We're Still In Pain (Citrix NetScaler CVE-2026-3055 Memory Overread) https://labs.watchtowr.com/the-sequels-are-never-as-good-but-were-still-in-pain-citrix-netscaler-cve-2026-3055-memory-overread/
##The Sequels Are Never As Good, But We're Still In Pain (Citrix NetScaler CVE-2026-3055 Memory Overread) - watchTowr Labs https://labs.watchtowr.com/the-sequels-are-never-as-good-but-were-still-in-pain-citrix-netscaler-cve-2026-3055-memory-overread/
##Please, We Beg, Just One Weekend Free Of Appliances (Citrix NetScaler CVE-2026-3055 Memory Overread Part 2)
##It just never stops those Citrix vulnerabilities...
https://thecyberexpress.com/cve-2026-3055-citrix-netscaler-saml-idp/
#citrix #cybersecurity #cve
la vulnérabilité est à considérer comme activement exploitée selon watchTowr.
ils ont publié une analyse technique détaillée de la faille, utile pour mieux comprendre le mécanisme d’exploitation
👇
https://labs.watchtowr.com/please-we-beg-just-one-weekend-free-of-appliances-citrix-netscaler-cve-2026-3055-memory-overread-part-2/
Pour les équipes concernées, on n’est plus dans l’anticipation mais dans la réaction rapide.
##⚠️ CVE-2026-3055 / Citrix NetScaler : la reconnaissance est en cours.
Des activités de reconnaissance ciblent déjà les appliances exposées, avec notamment des requêtes vers /cgi/GetAuthMethods pour identifier les configs exploitables, en particulier les environnements SAML IdP.
GBHackers relaie ces observations
👇
https://gbhackers.com/hackers-probe-citrix-netscaler-systems-cve-2026-3055-exploitation/
Côté exposition, ONYPHE recense plus de 18000 IP uniques sur une version vulnérable, (dont environ +800 en Suisse).
👇
https://www.linkedin.com/posts/onyphe_vulnerability-asm-attacksurfacemanagement-activity-7442250727046987776-ofYV
Le pattern rappelle clairement les précédents CitrixBleed : si du NetScaler est encore exposé, la fenêtre avant exploitation de masse pourrait être très courte.
##Hackers Circle Citrix NetScaler Flaw Within Hours of Disclosure
A newly disclosed critical vulnerability, CVE-2026-3055, affecting Citrix NetScaler appliances is already drawing attention from threat actors,...
🔗️ [Thecyberexpress] https://link.is.it/gNvuZX
##Urgent Alert: NetScaler bug CVE-2026-3055 probed by attackers could leak sensitive data https://securityaffairs.com/190131/hacking/urgent-alert-netscaler-bug-cve-2026-3055-probed-by-attackers-could-leak-sensitive-data.html
##Please, We Beg, Just One Weekend Free Of Appliances (Citrix NetScaler CVE-2026-3055 Memory Overread Part 2) - watchTowr Labs https://labs.watchtowr.com/please-we-beg-just-one-weekend-free-of-appliances-citrix-netscaler-cve-2026-3055-memory-overread-part-2/
##March 24, 2026
A former NSA analyst published a detailed investigation exposing a coordinated multi-nation disinformation network on X involving Russia, China, Iran, and Turkey. The network used a central account called "Global Insight Journal" that followed a three-phase amplification strategy — Turkish seeding, Iranian boosting, and Russian boosting — to spread narratives favorable to those states during the U.S.-Iran conflict. Posting volume dropped between March 3–5, coinciding with the destruction of Iran's state propaganda headquarters (IRIB), suggesting operational dependency on Iranian state infrastructure.
The Foundation for Defense of Democracies published an analysis arguing the 2026 Annual Threat Assessment omits key Russian threats, particularly Moscow's routine probing of NORAD airspace near Alaska, GPS interference in the Arctic, and simulated strikes against NATO targets. NORAD responded nine times to Russian aircraft near Alaska in 2025 and twice already in 2026.
PolitiFact published a detailed overview of Iran's influence operations during the current conflict, documenting the use of AI-generated imagery through state-affiliated channels and inauthentic social media accounts to spread favorable messaging — conducted even as Iran's internet connectivity has been reduced to 1–4% since strikes began on February 28.
Citrix released security updates addressing two vulnerabilities in NetScaler ADC and NetScaler Gateway, including a critical flaw (CVE-2026-3055, CVSS 9.3) involving insufficient input validation that could allow unauthenticated remote attackers to leak sensitive information from appliance memory.
Threat actors are suspected of actively exploiting a maximum-severity flaw in Quest KACE Systems Management Appliance (CVE-2025-32975, CVSS 10.0). Malicious activity was first observed the week of March 9 in customer environments. The authentication bypass vulnerability allows attackers to impersonate legitimate users and take over administrative accounts.
Iran-linked cyber operations continue in the wake of the February 28 U.S.-Israel strikes. The Iran-linked group Handala previously claimed the cyberattack on Stryker, the medical device company, which was the first destructive cyberattack to hit a U.S.-based company during the war. Palo Alto Networks' Unit 42 continues to track the broader escalation of Iranian cyber risk, noting multiple state-aligned personas coordinating under an "Electronic Operations Room" formed on February 28, with some estimates of 60 individual hacktivist groups now active.
Ukraine's Security Service (SBU) announced it had identified Hungarian military intelligence officer Zoltan Andre as the handler of a spy network in the Zakarpattia region. Andre allegedly exploited Hungarian diplomatic institutions to recruit agents from among locals applying for Hungarian citizenship. The network collected intelligence on Ukrainian defense force deployments, including attempts to identify air defense positions in western Ukraine. Two members of the cell were detained. This is the first time Ukraine has publicly exposed an intelligence network run by a NATO ally.
The U.S. Department of Justice unsealed an indictment charging three individuals — Yih-Shyan "Wally" Liaw (U.S. citizen), Ruei-Tsang "Steven" Chang, and Ting-Wei "Willy" Sun (both Taiwanese citizens) — with conspiring to illegally divert high-performance AI server technology to China. The defendants allegedly used false documents, staged dummy servers to mislead inspectors, and convoluted transshipment schemes to evade U.S. export controls. Liaw and Sun were arrested; Chang remains a fugitive.
In Vienna, the trial of former Austrian intelligence officer Egisto Ott continues — Austria's biggest espionage case in years. Ott is accused of passing information to Russian intelligence and fugitive Wirecard executive Jan Marsalek, including allegedly obtaining a laptop containing secret EU electronic security hardware that was handed to Russian intelligence in 2022.
##March 28, 2026
European Commission confirms breach of cloud infrastructure. The European Commission disclosed on March 27 that attackers compromised its AWS account hosting the Europa.eu web platform, potentially exfiltrating over 350 GB of data including databases. The Commission stated its internal systems were not affected and that it detected and contained the intrusion on March 24. An investigation is underway to determine the full scope of the breach and affected Union entities are being notified.
FDD analysis warns Iranian cyber operations exploit weakened U.S. defenses. A March 27 report from the Foundation for Defense of Democracies highlights that CISA is operating at roughly 60 percent furlough even as Iranian threat actors escalate attacks on U.S. critical infrastructure. The analysis cites two healthcare-sector incidents in two weeks: a late-February ransomware attack on an unnamed U.S. healthcare provider and the March 11 Handala wiper attack on medical device firm Stryker, which disrupted emergency medical services and hospitals in Maryland.
CISA adds critical F5 BIG-IP vulnerability to exploited catalog. CISA flagged a critical flaw in F5 BIG-IP Access Policy Manager (CVE-2025-53521, CVSS 9.3) as actively exploited, reclassifying it from denial-of-service to remote code execution after new intelligence obtained in March 2026. Separately, a critical Citrix NetScaler vulnerability (CVE-2026-3055, CVSS 9.3) is seeing active reconnaissance activity in the wild.
Handala reconstitutes after FBI domain seizure. On March 20, the DOJ and FBI seized four domains tied to Iran-linked Handala Hack Team, which had been used for psychological operations, extortion messaging, and doxxing. Within approximately one day, Handala restored its online presence and resumed publishing. The group remains one of several Iranian state-aligned collectives operating under the Electronic Operations Room established on February 28, 2026.
DNI Gabbard's 2026 Annual Threat Assessment omits foreign election interference. The ODNI released its 2026 Annual Threat Assessment on March 18. Notably, the report omits a section on foreign election interference that had been a consistent feature in prior years. The assessment identifies China, Russia, Iran, and North Korea as persistent cyber and intelligence threats to U.S. government and private-sector networks, and flags AI and quantum computing as critical emerging technology challenges.
Kremlin-aligned Matryoshka network targeted 2026 Winter Olympics. A Russian-linked influence network seeded at least 28 fabricated reports during the 2026 Winter Olympics, impersonating outlets such as CBC and Reuters. AI-enhanced clips falsely portrayed Ukrainian athletes as criminals and cheaters, continuing Moscow's pattern of weaponizing sporting events for narrative advantage.
Iran deploys AI-generated imagery in wartime messaging. Iranian state-affiliated channels have circulated AI-generated imagery to amplify wartime narratives, including a fabricated image of a bloody children's backpack posted by the Iranian embassy in Austria, falsely linked to a strike on a girls' school in Minab.
UK espionage trial underway at Old Bailey. Chung Biu "Bill" Yuen and Chi Leung "Peter" Wai are currently on trial in London under the National Security Act 2023, charged with assisting a foreign intelligence service and foreign interference. The trial commenced in early March and is expected to conclude in April.
Three men arrested in UK on suspicion of spying for China. London Metropolitan Police counter-terrorism officers arrested three men on March 4 under the National Security Act 2023. Among those detained was David Taylor, 39, husband of Labour MP Joani Reid and director at Asia House, a London-based think tank. The arrests followed an MI5 espionage alert issued to UK parliamentarians in November warning that Chinese intelligence services were actively recruiting individuals with access to government.
U.S. charges individuals in AI technology diversion and North Korean sanctions evasion. In March 2026, the DOJ charged three individuals with conspiring to unlawfully divert U.S. artificial intelligence technology to China, and separately sentenced three others for facilitating computer access in a North Korean sanctions evasion scheme. The 2026 threat assessment noted that North Korea stole approximately $2 billion via a cryptocurrency heist in 2025 to fund weapons programs.
##Anyone got a CVE-2026-3055-vulnerable box I can throw my attempted detection script against? I mean, it's trivial, but still would like to have more certainty about our boxes NOT being impacted than "I think I understood the watchtowr blog & didn't fuck up" when we get asked if we need to emergency patch tomorrow :neobot_giggle:
##The Sequels Are Never As Good, But We're Still In Pain (Citrix NetScaler CVE-2026-3055 Memory Overread)
##The Sequels Are Never As Good, But We're Still In Pain (Citrix NetScaler CVE-2026-3055 Memory Overread) - watchTowr Labs https://labs.watchtowr.com/the-sequels-are-never-as-good-but-were-still-in-pain-citrix-netscaler-cve-2026-3055-memory-overread/
##updated 2026-03-24T15:53:48.067000
1 posts
Rails released security patches for versions 7.2, 8.0, and 8.1 this week, addressing 10 vulnerabilities. The list includes XSS vulnerabilities in Action Pack debug exceptions and Action View tag helpers, DoS vulnerabilities in Active Storage (range requests) and Active Support (number formatting), plus path traversal and glob injection issues in Active Storage DiskService
The most interesting one for me is CVE-2026-33167 - XSS via debug exceptions in development mode. Interesting attack vector!
##updated 2026-03-24T15:53:48.067000
1 posts
🚨 CRITICAL: CISA flags CVE-2026-4681 in PTC Windchill PLM. German police issued physical warnings — high urgency! No active exploits, but risk to manufacturing & engineering data is severe. Audit & secure now. https://radar.offseq.com/threat/cisa-flags-critical-ptc-vulnerability-that-had-ger-e5854258 #OffSeq #Vulnerability #PLM #InfoSec
##updated 2026-03-24T00:30:29
2 posts
📈 CVE Published in last 7 days (2026-03-23 - 2026-03-30)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1724
Severity:
- Critical: 160
- High: 649
- Medium: 676
- Low: 49
- None: 190
Status:
- : 20
- Analyzed: 407
- Awaiting Analysis: 410
- Modified: 55
- Received: 778
- Rejected: 23
- Undergoing Analysis: 31
Top CNAs:
- GitHub, Inc.: 426
- Patchstack: 248
- VulDB: 159
- VulnCheck: 124
- kernel.org: 122
- Apple Inc.: 87
- MITRE: 74
- Mozilla Corporation: 47
- Wordfence: 46
- Government Technology Agency of Singapore Cyber Security Group (GovTech CSG): 33
Top Affected Products:
- UNKNOWN: 1239
- Apple Macos: 76
- Mozilla Firefox: 45
- Apple Ipados: 41
- Apple Iphone Os: 41
- Wwbn Avideo: 34
- Apple Visionos: 28
- Apple Watchos: 21
- Open-emr Openemr: 20
- Hcltech Aftermarket Cloud: 17
Top EPSS Score:
- CVE-2026-33634 - 26.61 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33634)
- CVE-2026-33526 - 1.98 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33526)
- CVE-2026-33478 - 1.53 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33478)
- CVE-2026-32854 - 1.04 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32854)
- CVE-2026-32748 - 0.98 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32748)
- CVE-2026-33515 - 0.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33515)
- CVE-2026-33396 - 0.76 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33396)
- CVE-2026-4611 - 0.72 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4611)
- CVE-2026-26829 - 0.69 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26829)
- CVE-2019-25630 - 0.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2019-25630)
📈 CVE Published in last 7 days (2026-03-23 - 2026-03-30)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1724
Severity:
- Critical: 160
- High: 649
- Medium: 676
- Low: 49
- None: 190
Status:
- : 20
- Analyzed: 407
- Awaiting Analysis: 410
- Modified: 55
- Received: 778
- Rejected: 23
- Undergoing Analysis: 31
Top CNAs:
- GitHub, Inc.: 426
- Patchstack: 248
- VulDB: 159
- VulnCheck: 124
- kernel.org: 122
- Apple Inc.: 87
- MITRE: 74
- Mozilla Corporation: 47
- Wordfence: 46
- Government Technology Agency of Singapore Cyber Security Group (GovTech CSG): 33
Top Affected Products:
- UNKNOWN: 1239
- Apple Macos: 76
- Mozilla Firefox: 45
- Apple Ipados: 41
- Apple Iphone Os: 41
- Wwbn Avideo: 34
- Apple Visionos: 28
- Apple Watchos: 21
- Open-emr Openemr: 20
- Hcltech Aftermarket Cloud: 17
Top EPSS Score:
- CVE-2026-33634 - 26.61 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33634)
- CVE-2026-33526 - 1.98 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33526)
- CVE-2026-33478 - 1.53 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33478)
- CVE-2026-32854 - 1.04 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32854)
- CVE-2026-32748 - 0.98 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32748)
- CVE-2026-33515 - 0.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33515)
- CVE-2026-33396 - 0.76 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33396)
- CVE-2026-4611 - 0.72 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4611)
- CVE-2026-26829 - 0.69 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26829)
- CVE-2019-25630 - 0.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2019-25630)
updated 2026-03-23T18:30:39
2 posts
📈 CVE Published in last 7 days (2026-03-23 - 2026-03-30)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1724
Severity:
- Critical: 160
- High: 649
- Medium: 676
- Low: 49
- None: 190
Status:
- : 20
- Analyzed: 407
- Awaiting Analysis: 410
- Modified: 55
- Received: 778
- Rejected: 23
- Undergoing Analysis: 31
Top CNAs:
- GitHub, Inc.: 426
- Patchstack: 248
- VulDB: 159
- VulnCheck: 124
- kernel.org: 122
- Apple Inc.: 87
- MITRE: 74
- Mozilla Corporation: 47
- Wordfence: 46
- Government Technology Agency of Singapore Cyber Security Group (GovTech CSG): 33
Top Affected Products:
- UNKNOWN: 1239
- Apple Macos: 76
- Mozilla Firefox: 45
- Apple Ipados: 41
- Apple Iphone Os: 41
- Wwbn Avideo: 34
- Apple Visionos: 28
- Apple Watchos: 21
- Open-emr Openemr: 20
- Hcltech Aftermarket Cloud: 17
Top EPSS Score:
- CVE-2026-33634 - 26.61 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33634)
- CVE-2026-33526 - 1.98 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33526)
- CVE-2026-33478 - 1.53 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33478)
- CVE-2026-32854 - 1.04 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32854)
- CVE-2026-32748 - 0.98 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32748)
- CVE-2026-33515 - 0.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33515)
- CVE-2026-33396 - 0.76 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33396)
- CVE-2026-4611 - 0.72 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4611)
- CVE-2026-26829 - 0.69 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26829)
- CVE-2019-25630 - 0.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2019-25630)
📈 CVE Published in last 7 days (2026-03-23 - 2026-03-30)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1724
Severity:
- Critical: 160
- High: 649
- Medium: 676
- Low: 49
- None: 190
Status:
- : 20
- Analyzed: 407
- Awaiting Analysis: 410
- Modified: 55
- Received: 778
- Rejected: 23
- Undergoing Analysis: 31
Top CNAs:
- GitHub, Inc.: 426
- Patchstack: 248
- VulDB: 159
- VulnCheck: 124
- kernel.org: 122
- Apple Inc.: 87
- MITRE: 74
- Mozilla Corporation: 47
- Wordfence: 46
- Government Technology Agency of Singapore Cyber Security Group (GovTech CSG): 33
Top Affected Products:
- UNKNOWN: 1239
- Apple Macos: 76
- Mozilla Firefox: 45
- Apple Ipados: 41
- Apple Iphone Os: 41
- Wwbn Avideo: 34
- Apple Visionos: 28
- Apple Watchos: 21
- Open-emr Openemr: 20
- Hcltech Aftermarket Cloud: 17
Top EPSS Score:
- CVE-2026-33634 - 26.61 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33634)
- CVE-2026-33526 - 1.98 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33526)
- CVE-2026-33478 - 1.53 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33478)
- CVE-2026-32854 - 1.04 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32854)
- CVE-2026-32748 - 0.98 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32748)
- CVE-2026-33515 - 0.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33515)
- CVE-2026-33396 - 0.76 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33396)
- CVE-2026-4611 - 0.72 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4611)
- CVE-2026-26829 - 0.69 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26829)
- CVE-2019-25630 - 0.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2019-25630)
updated 2026-03-23T15:16:35.680000
2 posts
CVE-2026-4438 reminds me of that time I discovered BIND's "check-names no" and found out that "freenode/staff/foo.example.com" was a valid rDNS entry according to the ircd
##CVE-2026-4438 reminds me of that time I discovered BIND's "check-names no" and found out that "freenode/staff/foo.example.com" was a valid rDNS entry according to the ircd
##updated 2026-03-23T14:32:02.800000
3 posts
1 repos
Critical RCE Vulnerability in Kali Forms Plugin Under Active Exploitation
Kali Forms for WordPress contains a critical unauthenticated remote code execution vulnerability (CVE-2026-3584) that is being exploited in the wild. Attackers can take full control of affected servers by sending malicious requests to the plugin's form processing function.
**If you are using Kali Forms, this is urgent. Immediately update to version 2.4.10 to block active exploitation. If you cannot patch right away, disable the plugin.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-rce-vulnerability-in-kali-forms-plugin-under-active-exploitation-f-q-i-r-2/gD2P6Ple2L
Also @beyondmachines1
Hackers Actively Exploiting 9.8 Critical RCE Flaw in Kali Forms WordPress Plugin
https://securityonline.info/kali-forms-vulnerability-wordpress-rce-cve-2026-3584/
##Critical RCE Vulnerability in Kali Forms Plugin Under Active Exploitation
Kali Forms for WordPress contains a critical unauthenticated remote code execution vulnerability (CVE-2026-3584) that is being exploited in the wild. Attackers can take full control of affected servers by sending malicious requests to the plugin's form processing function.
**If you are using Kali Forms, this is urgent. Immediately update to version 2.4.10 to block active exploitation. If you cannot patch right away, disable the plugin.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-rce-vulnerability-in-kali-forms-plugin-under-active-exploitation-f-q-i-r-2/gD2P6Ple2L
updated 2026-03-23T09:30:29
1 posts
1 repos
Critical Hidden Functionality Vulnerability in WAGO Industrial Managed Switches
WAGO reports a critical CVSS 10.0 vulnerability (CVE-2026-3587) in its industrial managed switches that allows unauthenticated remote attackers to escape the CLI and gain full device control. The flaw affects numerous models used in critical infrastructure.
**Make sure all WAGO managed switches (Lean and Industrial series) are isolated from the internet and accessible from trusted networks only. Then update the firmware to the latest "S1" patched versions if you can't patch immediately, disable SSH and Telnet so the command line is only reachable through a physical connection on the device itself.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-hidden-functionality-vulnerability-in-wago-industrial-managed-switches-z-2-4-s-8/gD2P6Ple2L
updated 2026-03-19T18:32:22
1 posts
updated 2026-03-19T18:26:38
2 posts
#OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
###OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
##updated 2026-03-13T17:02:14.297000
2 posts
#OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
###OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
##updated 2026-03-13T16:59:45.720000
2 posts
#OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
###OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
##updated 2026-03-12T15:19:11.260000
2 posts
#OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
###OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
##updated 2026-03-12T14:46:19.103000
2 posts
#OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
###OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
##updated 2026-03-12T14:16:53
2 posts
#OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
###OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
##updated 2026-03-12T14:12:57
2 posts
#OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
###OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
##updated 2026-03-12T14:12:05
2 posts
#OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
###OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
##updated 2026-03-12T14:11:49
2 posts
#OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
###OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
##updated 2026-03-12T14:11:34
2 posts
#OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
###OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
##updated 2026-03-12T14:09:34
2 posts
#OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
###OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
##updated 2026-03-12T14:09:13
2 posts
#OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
###OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
##updated 2026-03-12T14:08:48
2 posts
#OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
###OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
##updated 2026-03-11T17:48:46.670000
2 posts
#OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
###OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
##updated 2026-03-11T17:45:20.950000
2 posts
#OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
###OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
##updated 2026-03-10T21:05:04
2 posts
#OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
###OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
##updated 2026-03-10T21:02:43
2 posts
#OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
###OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
##updated 2026-03-09T13:36:08.413000
3 posts
1 repos
Cómo un fallo en una librería de #Python puede comprometer sistemas de #IA (CVE-2026-0848)
##Cómo un fallo en una librería de #Python puede comprometer sistemas de #IA (CVE-2026-0848)
##updated 2026-02-27T22:17:07
2 posts
#OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
###OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
##updated 2026-02-27T16:03:31.390000
2 posts
#OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
###OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
##updated 2026-02-27T14:37:34.207000
2 posts
#OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
###OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
##updated 2026-02-27T14:34:13.443000
2 posts
#OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
###OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
##updated 2026-02-24T18:44:12.467000
2 posts
#OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
###OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
##updated 2026-02-24T18:43:16.560000
2 posts
#OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
###OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
##updated 2026-02-24T18:41:35.010000
2 posts
#OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
###OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
##updated 2026-02-24T17:29:35.520000
2 posts
#OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
###OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
##updated 2026-02-24T15:46:51
2 posts
#OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
###OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
##updated 2026-02-24T15:46:05
2 posts
#OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
###OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
##updated 2026-02-24T15:45:15
2 posts
#OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
###OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
##updated 2026-02-24T15:44:50
2 posts
#OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
###OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
##updated 2026-02-24T15:44:21
2 posts
#OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
###OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
##updated 2026-02-24T15:43:55
2 posts
#OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
###OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
##updated 2026-02-24T15:43:30
2 posts
#OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
###OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
##updated 2026-02-24T15:43:05
2 posts
#OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
###OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
##updated 2026-02-24T15:42:39
2 posts
#OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
###OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
##updated 2026-02-24T15:40:08
2 posts
#OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
###OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
##updated 2026-02-24T15:39:16
2 posts
#OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
###OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
##updated 2026-02-24T15:37:56
2 posts
#OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
###OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
##updated 2026-02-24T15:36:10
2 posts
#OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
###OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
##updated 2026-02-24T15:34:27
2 posts
#OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
###OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
##updated 2026-02-24T15:34:00
2 posts
#OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
###OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
##updated 2026-02-24T15:32:39
2 posts
#OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
###OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
##updated 2026-02-24T15:31:59
2 posts
#OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
###OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
##updated 2026-02-24T15:30:17
2 posts
#OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
###OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
##updated 2026-02-24T15:29:48
2 posts
#OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
###OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
##updated 2026-02-24T15:27:31
2 posts
#OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
###OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
##updated 2026-02-03T00:16:10.653000
1 posts
8 repos
https://github.com/boroeurnprach/Ashwesker-CVE-2026-21962
https://github.com/gregk4sec/CVE-2026-21962-o
https://github.com/ThumpBo/CVE-2026-21962
https://github.com/gglessner/cve_2026_21962_scanner
https://github.com/samael0x4/CVE-2026-21962
https://github.com/naozibuhao/CVE-2026-21962_Java_GUI_Exploit_Tool
Oracle WebLogic Servers Face Immediate Exploitation of Critical RCE Vulnerabilities
Oracle WebLogic Server is under active attack following the rapid weaponization of CVE-2026-21962, a critical RCE flaw exploited the same day its exploit code was released. Attackers are using automated tools and VPS infrastructure to target both new and legacy vulnerabilities.
**If you're running Oracle WebLogic Server, patch immediately. CVE-2026-21962 is being exploited in the wild on the same day exploit code dropped, and attackers are also chaining older flaws like CVE-2020-14882 and CVE-2017-10271 that still work on unpatched systems. Restrict WebLogic admin console access to internal networks or VPN only, disable protocols you don't need (IIOP, T3), and prioritize getting those patches applied today. These attacks are fully automated, require no login, and give attackers complete control of your server.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/oracle-weblogic-servers-face-immediate-exploitation-of-critical-rce-vulnerabilities-0-0-m-z-c/gD2P6Ple2L
updated 2026-01-14T16:26:00.933000
1 posts
The latest #Metasploit Wrapup is here! 🎉 This week brings enhanced SMB NTLM relaying for better client compatibility (including smbclient), plus new modules for RCE in Eclipse Che (CVE-2025-12548), Barracuda ESG command injection (CVE-2023-2868), and an ESC/POS printer injector.
Check it out at https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-03-27-2026/
##updated 2026-01-07T16:15:49.840000
1 posts
📢 CVE-2025-14325 : Type confusion dans le JIT Baseline de Firefox via SpiderMonkey
📝 ## 🔍 Contexte
Publié le 28 mars 2026 sur le blog de recherche QriouSec, cet article présente une analyse technique approfondie de la vulnérabilité **CVE-2025-...
📖 cyberveille : https://cyberveille.ch/posts/2026-03-29-cve-2025-14325-type-confusion-dans-le-jit-baseline-de-firefox-via-spidermonkey/
🌐 source : https://qriousec.github.io/post/cve-2025-14325/
#CVE_2025_14325 #Firefox #Cyberveille
updated 2025-11-04T00:32:14
1 posts
Good to know but every vulnerability we discovered and reported to Apple also affected the Lockdown Mode. This includes CVE-2024-54492 that impacted the Passwords app. An option to "Allow Contacting Websites" was added starting iOS 26
#privacy #security #iOS #Apple #infosec
--------
Apple Says No iPhone in Lockdown Mode Has Ever Been Hacked
https://www.macrumors.com/2026/03/27/no-iphone-in-lockdown-mode-has-ever-been-hacked/
##updated 2025-11-03T21:35:11
2 posts
March 24, 2026
A former NSA analyst published a detailed investigation exposing a coordinated multi-nation disinformation network on X involving Russia, China, Iran, and Turkey. The network used a central account called "Global Insight Journal" that followed a three-phase amplification strategy — Turkish seeding, Iranian boosting, and Russian boosting — to spread narratives favorable to those states during the U.S.-Iran conflict. Posting volume dropped between March 3–5, coinciding with the destruction of Iran's state propaganda headquarters (IRIB), suggesting operational dependency on Iranian state infrastructure.
The Foundation for Defense of Democracies published an analysis arguing the 2026 Annual Threat Assessment omits key Russian threats, particularly Moscow's routine probing of NORAD airspace near Alaska, GPS interference in the Arctic, and simulated strikes against NATO targets. NORAD responded nine times to Russian aircraft near Alaska in 2025 and twice already in 2026.
PolitiFact published a detailed overview of Iran's influence operations during the current conflict, documenting the use of AI-generated imagery through state-affiliated channels and inauthentic social media accounts to spread favorable messaging — conducted even as Iran's internet connectivity has been reduced to 1–4% since strikes began on February 28.
Citrix released security updates addressing two vulnerabilities in NetScaler ADC and NetScaler Gateway, including a critical flaw (CVE-2026-3055, CVSS 9.3) involving insufficient input validation that could allow unauthenticated remote attackers to leak sensitive information from appliance memory.
Threat actors are suspected of actively exploiting a maximum-severity flaw in Quest KACE Systems Management Appliance (CVE-2025-32975, CVSS 10.0). Malicious activity was first observed the week of March 9 in customer environments. The authentication bypass vulnerability allows attackers to impersonate legitimate users and take over administrative accounts.
Iran-linked cyber operations continue in the wake of the February 28 U.S.-Israel strikes. The Iran-linked group Handala previously claimed the cyberattack on Stryker, the medical device company, which was the first destructive cyberattack to hit a U.S.-based company during the war. Palo Alto Networks' Unit 42 continues to track the broader escalation of Iranian cyber risk, noting multiple state-aligned personas coordinating under an "Electronic Operations Room" formed on February 28, with some estimates of 60 individual hacktivist groups now active.
Ukraine's Security Service (SBU) announced it had identified Hungarian military intelligence officer Zoltan Andre as the handler of a spy network in the Zakarpattia region. Andre allegedly exploited Hungarian diplomatic institutions to recruit agents from among locals applying for Hungarian citizenship. The network collected intelligence on Ukrainian defense force deployments, including attempts to identify air defense positions in western Ukraine. Two members of the cell were detained. This is the first time Ukraine has publicly exposed an intelligence network run by a NATO ally.
The U.S. Department of Justice unsealed an indictment charging three individuals — Yih-Shyan "Wally" Liaw (U.S. citizen), Ruei-Tsang "Steven" Chang, and Ting-Wei "Willy" Sun (both Taiwanese citizens) — with conspiring to illegally divert high-performance AI server technology to China. The defendants allegedly used false documents, staged dummy servers to mislead inspectors, and convoluted transshipment schemes to evade U.S. export controls. Liaw and Sun were arrested; Chang remains a fugitive.
In Vienna, the trial of former Austrian intelligence officer Egisto Ott continues — Austria's biggest espionage case in years. Ott is accused of passing information to Russian intelligence and fugitive Wirecard executive Jan Marsalek, including allegedly obtaining a laptop containing secret EU electronic security hardware that was handed to Russian intelligence in 2022.
##March 24, 2026
A former NSA analyst published a detailed investigation exposing a coordinated multi-nation disinformation network on X involving Russia, China, Iran, and Turkey. The network used a central account called "Global Insight Journal" that followed a three-phase amplification strategy — Turkish seeding, Iranian boosting, and Russian boosting — to spread narratives favorable to those states during the U.S.-Iran conflict. Posting volume dropped between March 3–5, coinciding with the destruction of Iran's state propaganda headquarters (IRIB), suggesting operational dependency on Iranian state infrastructure.
The Foundation for Defense of Democracies published an analysis arguing the 2026 Annual Threat Assessment omits key Russian threats, particularly Moscow's routine probing of NORAD airspace near Alaska, GPS interference in the Arctic, and simulated strikes against NATO targets. NORAD responded nine times to Russian aircraft near Alaska in 2025 and twice already in 2026.
PolitiFact published a detailed overview of Iran's influence operations during the current conflict, documenting the use of AI-generated imagery through state-affiliated channels and inauthentic social media accounts to spread favorable messaging — conducted even as Iran's internet connectivity has been reduced to 1–4% since strikes began on February 28.
Citrix released security updates addressing two vulnerabilities in NetScaler ADC and NetScaler Gateway, including a critical flaw (CVE-2026-3055, CVSS 9.3) involving insufficient input validation that could allow unauthenticated remote attackers to leak sensitive information from appliance memory.
Threat actors are suspected of actively exploiting a maximum-severity flaw in Quest KACE Systems Management Appliance (CVE-2025-32975, CVSS 10.0). Malicious activity was first observed the week of March 9 in customer environments. The authentication bypass vulnerability allows attackers to impersonate legitimate users and take over administrative accounts.
Iran-linked cyber operations continue in the wake of the February 28 U.S.-Israel strikes. The Iran-linked group Handala previously claimed the cyberattack on Stryker, the medical device company, which was the first destructive cyberattack to hit a U.S.-based company during the war. Palo Alto Networks' Unit 42 continues to track the broader escalation of Iranian cyber risk, noting multiple state-aligned personas coordinating under an "Electronic Operations Room" formed on February 28, with some estimates of 60 individual hacktivist groups now active.
Ukraine's Security Service (SBU) announced it had identified Hungarian military intelligence officer Zoltan Andre as the handler of a spy network in the Zakarpattia region. Andre allegedly exploited Hungarian diplomatic institutions to recruit agents from among locals applying for Hungarian citizenship. The network collected intelligence on Ukrainian defense force deployments, including attempts to identify air defense positions in western Ukraine. Two members of the cell were detained. This is the first time Ukraine has publicly exposed an intelligence network run by a NATO ally.
The U.S. Department of Justice unsealed an indictment charging three individuals — Yih-Shyan "Wally" Liaw (U.S. citizen), Ruei-Tsang "Steven" Chang, and Ting-Wei "Willy" Sun (both Taiwanese citizens) — with conspiring to illegally divert high-performance AI server technology to China. The defendants allegedly used false documents, staged dummy servers to mislead inspectors, and convoluted transshipment schemes to evade U.S. export controls. Liaw and Sun were arrested; Chang remains a fugitive.
In Vienna, the trial of former Austrian intelligence officer Egisto Ott continues — Austria's biggest espionage case in years. Ott is accused of passing information to Russian intelligence and fugitive Wirecard executive Jan Marsalek, including allegedly obtaining a laptop containing secret EU electronic security hardware that was handed to Russian intelligence in 2022.
##updated 2025-10-27T17:09:11.960000
1 posts
41 repos
https://github.com/milo2012/CVE-2020-14882
https://github.com/GGyao/CVE-2020-14882_POC
https://github.com/b1g-b33f/CVE-2020-14882
https://github.com/qianniaoge/CVE-2020-14882_Exploit_Gui
https://github.com/zesnd/CVE-2020-14882-POC
https://github.com/KKC73/weblogic-cve-2020-14882
https://github.com/GGyao/CVE-2020-14882_ALL
https://github.com/XTeam-Wing/CVE-2020-14882
https://github.com/exploitblizzard/CVE-2020-14882-WebLogic
https://github.com/NS-Sp4ce/CVE-2020-14882
https://github.com/QmF0c3UK/CVE-2020-14882
https://github.com/pwn3z/CVE-2020-14882-WebLogic
https://github.com/s1kr10s/CVE-2020-14882
https://github.com/zhzyker/exphub
https://github.com/xMr110/CVE-2020-14882
https://github.com/jas502n/CVE-2020-14882
https://github.com/LucasPDiniz/CVE-2020-14882
https://github.com/pprietosanchez/CVE-2020-14750
https://github.com/AleksaZatezalo/CVE-2020-14882
https://github.com/0xn0ne/weblogicScanner
https://github.com/nik0nz7/CVE-2020-14882
https://github.com/mmioimm/cve-2020-14882
https://github.com/xfiftyone/CVE-2020-14882
https://github.com/0thm4n3/cve-2020-14882
https://github.com/kk98kk0/CVE-2020-14882
https://github.com/ovProphet/CVE-2020-14882-checker
https://github.com/murataydemir/CVE-2020-14882
https://github.com/Danny-LLi/CVE-2020-14882
https://github.com/zhzyker/vulmap
https://github.com/BabyTeam1024/CVE-2020-14882
https://github.com/adm1in/CodeTest
https://github.com/alexfrancow/CVE-2020-14882
https://github.com/ludy-dev/Weblogic_Unauthorized-bypass-RCE
https://github.com/corelight/CVE-2020-14882-weblogicRCE
https://github.com/Root-Shells/CVE-2020-14882
https://github.com/Ormicron/CVE-2020-14882-GUI-Test
https://github.com/N0Coriander/CVE-2020-14882-14883
https://github.com/tpdlshdmlrkfmcla/WebLogic_CVE_2020_14882
https://github.com/wsfengfan/cve-2020-14882
Oracle WebLogic Servers Face Immediate Exploitation of Critical RCE Vulnerabilities
Oracle WebLogic Server is under active attack following the rapid weaponization of CVE-2026-21962, a critical RCE flaw exploited the same day its exploit code was released. Attackers are using automated tools and VPS infrastructure to target both new and legacy vulnerabilities.
**If you're running Oracle WebLogic Server, patch immediately. CVE-2026-21962 is being exploited in the wild on the same day exploit code dropped, and attackers are also chaining older flaws like CVE-2020-14882 and CVE-2017-10271 that still work on unpatched systems. Restrict WebLogic admin console access to internal networks or VPN only, disable protocols you don't need (IIOP, T3), and prioritize getting those patches applied today. These attacks are fully automated, require no login, and give attackers complete control of your server.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/oracle-weblogic-servers-face-immediate-exploitation-of-critical-rce-vulnerabilities-0-0-m-z-c/gD2P6Ple2L
updated 2025-10-22T00:34:22
1 posts
7 repos
https://github.com/irjfifndn-prog/Blackash-CVE-2025-33073
https://github.com/matejsmycka/CVE-2025-33073-checker
https://github.com/cve-2025-33073/cve-2025-33073
https://github.com/obscura-cert/CVE-2025-33073
https://github.com/mverschu/CVE-2025-33073
📢 CVE-2025-33073 : élévation de privilèges SYSTEM via délégation Kerberos non contrainte
📝 ## 🔍 Contexte
Article publié le 27 mars 2026 par Praetorian (blog technique).
📖 cyberveille : https://cyberveille.ch/posts/2026-03-28-cve-2025-33073-elevation-de-privileges-system-via-delegation-kerberos-non-contrainte/
🌐 source : https://www.praetorian.com/blog/cve-2025-33073-ntlm-reflection-one-hop/
#Active_Directory #CVE_2025_33073 #Cyberveille
updated 2025-10-22T00:33:51
1 posts
4 repos
https://github.com/getdrive/PoC
https://github.com/krmxd/CVE-2023-2868
The latest #Metasploit Wrapup is here! 🎉 This week brings enhanced SMB NTLM relaying for better client compatibility (including smbclient), plus new modules for RCE in Eclipse Che (CVE-2025-12548), Barracuda ESG command injection (CVE-2023-2868), and an ESC/POS printer injector.
Check it out at https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-03-27-2026/
##updated 2025-10-22T00:31:29
1 posts
31 repos
https://github.com/1337g/CVE-2017-10271
https://github.com/bigsizeme/weblogic-XMLDecoder
https://github.com/kbsec/Weblogic_Wsat_RCE
https://github.com/Al1ex/CVE-2017-10271
https://github.com/peterpeter228/Oracle-WebLogic-CVE-2017-10271
https://github.com/s3xy/CVE-2017-10271
https://github.com/kkirsche/CVE-2017-10271
https://github.com/7kbstorm/WebLogic_CNVD_C2019_48814
https://github.com/pssss/CVE-2017-10271
https://github.com/KKsdall/7kbstormq
https://github.com/Yuusuke4/WebLogic_CNVD_C_2019_48814
https://github.com/SkyBlueEternal/CNVD-C-2019-48814-CNNVD-201904-961
https://github.com/rambleZzz/weblogic_CVE_2017_10271
https://github.com/pizza-power/weblogic-CVE-2019-2729-POC
https://github.com/XHSecurity/Oracle-WebLogic-CVE-2017-10271
https://github.com/ianxtianxt/-CVE-2017-10271-
https://github.com/c0mmand3rOpSec/CVE-2017-10271
https://github.com/Luffin/CVE-2017-10271
https://github.com/shack2/javaserializetools
https://github.com/0xn0ne/weblogicScanner
https://github.com/r4b3rt/CVE-2017-10271
https://github.com/lonehand/Oracle-WebLogic-CVE-2017-10271-master
https://github.com/Cymmetria/weblogic_honeypot
https://github.com/SuperHacker-liuan/cve-2017-10271-poc
https://github.com/cjjduck/weblogic_wls_wsat_rce
https://github.com/JackyTsuuuy/weblogic_wls_rce_poc-exp
https://github.com/testwc/CVE-2017-10271
https://github.com/ZH3FENG/PoCs-Weblogic_2017_10271
https://github.com/seoyoung-kang/CVE-2017-10271
Oracle WebLogic Servers Face Immediate Exploitation of Critical RCE Vulnerabilities
Oracle WebLogic Server is under active attack following the rapid weaponization of CVE-2026-21962, a critical RCE flaw exploited the same day its exploit code was released. Attackers are using automated tools and VPS infrastructure to target both new and legacy vulnerabilities.
**If you're running Oracle WebLogic Server, patch immediately. CVE-2026-21962 is being exploited in the wild on the same day exploit code dropped, and attackers are also chaining older flaws like CVE-2020-14882 and CVE-2017-10271 that still work on unpatched systems. Restrict WebLogic admin console access to internal networks or VPN only, disable protocols you don't need (IIOP, T3), and prioritize getting those patches applied today. These attacks are fully automated, require no login, and give attackers complete control of your server.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/oracle-weblogic-servers-face-immediate-exploitation-of-critical-rce-vulnerabilities-0-0-m-z-c/gD2P6Ple2L
updated 2025-10-21T21:04:55
2 posts
7 repos
https://github.com/jlinebau/CVE-2025-55315-Scanner-Monitor
https://github.com/nickcopi/CVE-2025-55315-detection-playground
https://github.com/sirredbeard/CVE-2025-55315-repro
https://github.com/RootAid/CVE-2025-55315
https://github.com/MartinFabianIonut/CVE-2025-55315
#OT #Advisory VDE-2026-010
WAGO: Multiple Vulnerabilities in WAGO Solution Builder and WAGO Device Sphere
Multiple vulnerabilities have been identified in WAGO Solution Builder and WAGO Device Sphere that affect components responsible for authentication and system communication.
#CVE CVE-2025-55315, CVE-2026-2328
https://certvde.com/en/advisories/vde-2026-010/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-010.json
###OT #Advisory VDE-2026-010
WAGO: Multiple Vulnerabilities in WAGO Solution Builder and WAGO Device Sphere
Multiple vulnerabilities have been identified in WAGO Solution Builder and WAGO Device Sphere that affect components responsible for authentication and system communication.
#CVE CVE-2025-55315, CVE-2026-2328
https://certvde.com/en/advisories/vde-2026-010/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-010.json
##updated 2025-05-28T15:35:30
1 posts
updated 2024-11-21T05:39:02.050000
1 posts
Just released another entry in my blog series looking at the unpatchable vulnerabilities of Kubernetes.
Whilst the CVEs are quite old, understanding them is useful, both to understand if you need to apply mitigations and also for some of the low-level Kubernetes implementation details they involve.
https://securitylabs.datadoghq.com/articles/unpatchable-kubernetes-vulnerabilities-cve-2020-8561/
##Anyone knows anything more about this #Tunnelblick #vulnerability?
"CVE-2026-31893 describes a serious Tunnelblick vulnerability.
This vulnerability is present in all versions of all Tunnelblick versions 3.3beta26 through 9.0beta01.
Tunnelblick 8.0.1 and 9.0beta02 contain fixes for the vulnerability.
The CVE is expected to be published and this page updated on or before 2026-03-27."
##Anyone knows anything more about this #Tunnelblick #vulnerability?
"CVE-2026-31893 describes a serious Tunnelblick vulnerability.
This vulnerability is present in all versions of all Tunnelblick versions 3.3beta26 through 9.0beta01.
Tunnelblick 8.0.1 and 9.0beta02 contain fixes for the vulnerability.
The CVE is expected to be published and this page updated on or before 2026-03-27."
##📈 CVE Published in last 7 days (2026-03-23 - 2026-03-30)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1724
Severity:
- Critical: 160
- High: 649
- Medium: 676
- Low: 49
- None: 190
Status:
- : 20
- Analyzed: 407
- Awaiting Analysis: 410
- Modified: 55
- Received: 778
- Rejected: 23
- Undergoing Analysis: 31
Top CNAs:
- GitHub, Inc.: 426
- Patchstack: 248
- VulDB: 159
- VulnCheck: 124
- kernel.org: 122
- Apple Inc.: 87
- MITRE: 74
- Mozilla Corporation: 47
- Wordfence: 46
- Government Technology Agency of Singapore Cyber Security Group (GovTech CSG): 33
Top Affected Products:
- UNKNOWN: 1239
- Apple Macos: 76
- Mozilla Firefox: 45
- Apple Ipados: 41
- Apple Iphone Os: 41
- Wwbn Avideo: 34
- Apple Visionos: 28
- Apple Watchos: 21
- Open-emr Openemr: 20
- Hcltech Aftermarket Cloud: 17
Top EPSS Score:
- CVE-2026-33634 - 26.61 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33634)
- CVE-2026-33526 - 1.98 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33526)
- CVE-2026-33478 - 1.53 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33478)
- CVE-2026-32854 - 1.04 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32854)
- CVE-2026-32748 - 0.98 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32748)
- CVE-2026-33515 - 0.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33515)
- CVE-2026-33396 - 0.76 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33396)
- CVE-2026-4611 - 0.72 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4611)
- CVE-2026-26829 - 0.69 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26829)
- CVE-2019-25630 - 0.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2019-25630)
📈 CVE Published in last 7 days (2026-03-23 - 2026-03-30)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1724
Severity:
- Critical: 160
- High: 649
- Medium: 676
- Low: 49
- None: 190
Status:
- : 20
- Analyzed: 407
- Awaiting Analysis: 410
- Modified: 55
- Received: 778
- Rejected: 23
- Undergoing Analysis: 31
Top CNAs:
- GitHub, Inc.: 426
- Patchstack: 248
- VulDB: 159
- VulnCheck: 124
- kernel.org: 122
- Apple Inc.: 87
- MITRE: 74
- Mozilla Corporation: 47
- Wordfence: 46
- Government Technology Agency of Singapore Cyber Security Group (GovTech CSG): 33
Top Affected Products:
- UNKNOWN: 1239
- Apple Macos: 76
- Mozilla Firefox: 45
- Apple Ipados: 41
- Apple Iphone Os: 41
- Wwbn Avideo: 34
- Apple Visionos: 28
- Apple Watchos: 21
- Open-emr Openemr: 20
- Hcltech Aftermarket Cloud: 17
Top EPSS Score:
- CVE-2026-33634 - 26.61 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33634)
- CVE-2026-33526 - 1.98 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33526)
- CVE-2026-33478 - 1.53 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33478)
- CVE-2026-32854 - 1.04 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32854)
- CVE-2026-32748 - 0.98 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32748)
- CVE-2026-33515 - 0.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33515)
- CVE-2026-33396 - 0.76 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33396)
- CVE-2026-4611 - 0.72 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4611)
- CVE-2026-26829 - 0.69 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26829)
- CVE-2019-25630 - 0.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2019-25630)
📈 CVE Published in last 7 days (2026-03-23 - 2026-03-30)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1724
Severity:
- Critical: 160
- High: 649
- Medium: 676
- Low: 49
- None: 190
Status:
- : 20
- Analyzed: 407
- Awaiting Analysis: 410
- Modified: 55
- Received: 778
- Rejected: 23
- Undergoing Analysis: 31
Top CNAs:
- GitHub, Inc.: 426
- Patchstack: 248
- VulDB: 159
- VulnCheck: 124
- kernel.org: 122
- Apple Inc.: 87
- MITRE: 74
- Mozilla Corporation: 47
- Wordfence: 46
- Government Technology Agency of Singapore Cyber Security Group (GovTech CSG): 33
Top Affected Products:
- UNKNOWN: 1239
- Apple Macos: 76
- Mozilla Firefox: 45
- Apple Ipados: 41
- Apple Iphone Os: 41
- Wwbn Avideo: 34
- Apple Visionos: 28
- Apple Watchos: 21
- Open-emr Openemr: 20
- Hcltech Aftermarket Cloud: 17
Top EPSS Score:
- CVE-2026-33634 - 26.61 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33634)
- CVE-2026-33526 - 1.98 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33526)
- CVE-2026-33478 - 1.53 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33478)
- CVE-2026-32854 - 1.04 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32854)
- CVE-2026-32748 - 0.98 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32748)
- CVE-2026-33515 - 0.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33515)
- CVE-2026-33396 - 0.76 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33396)
- CVE-2026-4611 - 0.72 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4611)
- CVE-2026-26829 - 0.69 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26829)
- CVE-2019-25630 - 0.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2019-25630)
📈 CVE Published in last 7 days (2026-03-23 - 2026-03-30)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1724
Severity:
- Critical: 160
- High: 649
- Medium: 676
- Low: 49
- None: 190
Status:
- : 20
- Analyzed: 407
- Awaiting Analysis: 410
- Modified: 55
- Received: 778
- Rejected: 23
- Undergoing Analysis: 31
Top CNAs:
- GitHub, Inc.: 426
- Patchstack: 248
- VulDB: 159
- VulnCheck: 124
- kernel.org: 122
- Apple Inc.: 87
- MITRE: 74
- Mozilla Corporation: 47
- Wordfence: 46
- Government Technology Agency of Singapore Cyber Security Group (GovTech CSG): 33
Top Affected Products:
- UNKNOWN: 1239
- Apple Macos: 76
- Mozilla Firefox: 45
- Apple Ipados: 41
- Apple Iphone Os: 41
- Wwbn Avideo: 34
- Apple Visionos: 28
- Apple Watchos: 21
- Open-emr Openemr: 20
- Hcltech Aftermarket Cloud: 17
Top EPSS Score:
- CVE-2026-33634 - 26.61 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33634)
- CVE-2026-33526 - 1.98 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33526)
- CVE-2026-33478 - 1.53 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33478)
- CVE-2026-32854 - 1.04 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32854)
- CVE-2026-32748 - 0.98 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32748)
- CVE-2026-33515 - 0.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33515)
- CVE-2026-33396 - 0.76 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33396)
- CVE-2026-4611 - 0.72 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4611)
- CVE-2026-26829 - 0.69 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26829)
- CVE-2019-25630 - 0.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2019-25630)
🟠 CVE-2026-32748 - High (7.5)
Squid is a caching proxy for the Web. Prior to version 7.5, due to premature release of resource during expected lifetime and heap Use-After-Free bugs, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remot...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32748/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CVE-2026-33991: HIGH severity SQL Injection in WeGIA < 3.6.7. Vulnerable PHP code in deletar_tag.php lets attackers inject SQL remotely — risking data theft & disruption for charities. Patch to 3.6.7 or mitigate ASAP. https://radar.offseq.com/threat/cve-2026-33991-cwe-89-improper-neutralization-of-s-585124c0 #OffSeq #SQLInjection #Infosec
##🟠 CVE-2026-33991 - High (8.8)
WeGIA is a web manager for charitable institutions. Prior to version 3.6.7, the file `html/socio/sistema/deletar_tag.php` uses `extract($_REQUEST)` on line 14 and directly concatenates the `$id_tag` variable into SQL queries on lines 16-17 without...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33991/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##CVE-2026-1679: HIGH severity buffer overflow in Zephyr RTOS (all versions). Local attackers can trigger kernel memory corruption via eswifi socket offload driver. Patch ASAP, enforce access controls. Details: https://radar.offseq.com/threat/cve-2026-1679-buffer-copy-without-checking-size-of-5ca8f17f #OffSeq #ZephyrRTOS #IoTSecurity #CVE
##🚨 CVE-2026-34205 (CRITICAL): Home Assistant OS ≤17.1 apps in host network mode expose unauthenticated endpoints to local networks. Upgrade to Supervisor 2026.03.02, segment networks, and review configs now! https://radar.offseq.com/threat/cve-2026-34205-cwe-923-improper-restriction-of-com-dfad0bbb #OffSeq #HomeAssistant #IoTSecurity
##🔴 CVE-2026-34205 - Critical (9.6)
Home Assistant is open source home automation software that puts local control and privacy first. Home Assistant apps (formerly add-ons) configured with host network mode expose unauthenticated endpoints bound to the internal Docker bridge interfa...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34205/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33953 - High (8.5)
LinkAce is a self-hosted archive to collect website links. Versions prior to 2.5.3 block direct requests to private IP literals, but still performs server-side requests to internal-only resources when those resources are referenced through an inte...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33953/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34375 - High (8.2)
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the YPTWallet Stripe payment confirmation page directly echoes the `$_REQUEST['plugin']` parameter into a JavaScript block without any encoding or sanitization. Th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34375/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34375 - High (8.2)
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the YPTWallet Stripe payment confirmation page directly echoes the `$_REQUEST['plugin']` parameter into a JavaScript block without any encoding or sanitization. Th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34375/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33874 - High (7.8)
Gematik Authenticator securely authenticates users for login to digital health applications. Starting in version 4.12.0 and prior to version 4.16.0, the Mac OS version of the Authenticator is vulnerable to remote code execution, triggered when vic...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33874/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-31945 - High (7.7)
LibreChat is a ChatGPT clone with additional features. Versions 0.8.2-rc2 through 0.8.2 are vulnerable to a server-side request forgery (SSRF) attack when using agent actions or MCP. Although a previous SSRF vulnerability (https://github.com/danny...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31945/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Weekend Reads
* DNS parser overflow in Zephyr
https://www.0xkato.xyz/CVE-2026-1678-DNS-Parser-Overflow-in-Zephyr/
* Telegram bots measurement survey
https://arxiv.org/abs/2603.24302
* AS-path prepending for anycast optimization
https://arxiv.org/abs/2603.21082
* Building the largest data center
https://spectrum.ieee.org/5gw-data-center
* OpenBSD init system and boot process
https://overeducated-redneck.net/blurgh/openbsd-init-system.html