| CVE | CVSS | EPSS | Posts | Repos | Nuclei | Updated | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-7160 | 8.8 | 0.00% | 2 | 0 | 2026-04-27T22:16:18.690000 | A vulnerability was determined in Tenda HG3 2.0. This vulnerability affects the | |
| CVE-2026-7155 | 9.8 | 0.00% | 2 | 0 | 2026-04-27T21:31:12 | A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b202005 | |
| CVE-2026-7154 | 9.8 | 0.00% | 2 | 0 | 2026-04-27T21:31:12 | A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. This aff | |
| CVE-2026-7151 | 8.8 | 0.00% | 2 | 0 | 2026-04-27T21:31:12 | A vulnerability was determined in Tenda HG3 2.0. Impacted is the function formUp | |
| CVE-2026-7153 | 9.8 | 0.00% | 2 | 0 | 2026-04-27T21:31:12 | A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. The | |
| CVE-2026-7152 | 9.8 | 0.00% | 2 | 0 | 2026-04-27T21:31:12 | A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The affe | |
| CVE-2026-6741 | 8.8 | 0.00% | 2 | 0 | 2026-04-27T21:31:11 | The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for W | |
| CVE-2026-30350 | 7.5 | 0.00% | 2 | 0 | 2026-04-27T21:31:02 | An issue in the /store/items/search endpoint of Agent Protocol server commit e9a | |
| CVE-2026-7156 | 9.8 | 0.00% | 4 | 0 | 2026-04-27T21:16:44 | A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. Affected i | |
| CVE-2026-42039 | 7.5 | 0.04% | 2 | 0 | 2026-04-27T19:50:46.320000 | Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15. | |
| CVE-2026-30351 | 7.5 | 0.00% | 2 | 0 | 2026-04-27T19:18:46.690000 | A path traversal vulnerability in the UI/static component of leonvanzyl autocode | |
| CVE-2026-41419 | 7.6 | 0.03% | 1 | 0 | 2026-04-27T19:10:45.587000 | 4ga Boards is a boards system for realtime project management. Prior to 3.3.5, a | |
| CVE-2026-40858 | 8.8 | 0.08% | 4 | 1 | 2026-04-27T18:57:20.293000 | The camel-infinispan component's ProtoStream-based remote aggregation repository | |
| CVE-2026-5940 | 7.8 | 0.01% | 2 | 0 | 2026-04-27T18:57:20.293000 | Calling a function that triggers a UI refresh after removing comments via a scri | |
| CVE-2026-32688 | 0 | 0.00% | 1 | 0 | 2026-04-27T18:57:20.293000 | Allocation of Resources Without Limits or Throttling vulnerability in elixir-plu | |
| CVE-2026-41409 | 9.8 | 0.05% | 2 | 0 | 2026-04-27T18:57:20.293000 | The fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject() was incom | |
| CVE-2026-6785 | 8.1 | 0.07% | 2 | 0 | 2026-04-27T18:57:20.293000 | Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird | |
| CVE-2026-7080 | 8.8 | 0.05% | 3 | 0 | 2026-04-27T18:57:20.293000 | A security vulnerability has been detected in Tenda F456 1.0.0.5. This impacts t | |
| CVE-2026-7097 | 8.8 | 0.05% | 2 | 0 | 2026-04-27T18:57:20.293000 | A weakness has been identified in Tenda F456 1.0.0.5. This issue affects the fun | |
| CVE-2026-7096 | 8.8 | 0.29% | 2 | 0 | 2026-04-27T18:57:20.293000 | A security flaw has been discovered in Tenda HG3 2.0 300003070. This vulnerabili | |
| CVE-2026-3868 | 0 | 0.09% | 2 | 0 | 2026-04-27T18:57:20.293000 | An improper handling of the length parameter inconsistency vulnerability has bee | |
| CVE-2026-7056 | 8.8 | 0.09% | 1 | 0 | 2026-04-27T18:57:20.293000 | A vulnerability was detected in Tenda F456 1.0.0.5. Impacted is the function fro | |
| CVE-2026-7057 | 8.8 | 0.05% | 1 | 0 | 2026-04-27T18:57:20.293000 | A flaw has been found in Tenda F456 1.0.0.5. The affected element is an unknown | |
| CVE-2026-7035 | 8.8 | 0.05% | 1 | 0 | 2026-04-27T18:57:20.293000 | A vulnerability was determined in Tenda FH1202 1.2.0.14. This affects the functi | |
| CVE-2026-7029 | 8.8 | 0.05% | 1 | 0 | 2026-04-27T18:57:20.293000 | A weakness has been identified in Tenda F456 1.0.0.5. The impacted element is th | |
| CVE-2026-7026 | 4.5 | 0.04% | 1 | 0 | 2026-04-27T18:57:20.293000 | A vulnerability was determined in D-Link DGS-3420 1.50.018. This issue affects s | |
| CVE-2026-6988 | 8.8 | 0.05% | 2 | 0 | 2026-04-27T18:57:20.293000 | A flaw has been found in Tenda HG10 HG7_HG9_HG10re_300001138_en_xpon. This issue | |
| CVE-2026-41328 | 9.1 | 0.08% | 2 | 0 | 2026-04-27T18:57:20.293000 | Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulner | |
| CVE-2026-41248 | 9.1 | 0.09% | 2 | 0 | 2026-04-27T18:57:20.293000 | Clerk JavaScript is the official JavaScript repository for Clerk authentication. | |
| CVE-2026-42171 | 7.8 | 0.01% | 1 | 0 | 2026-04-27T18:57:20.293000 | NSIS (Nullsoft Scriptable Install System) 3.06.1 before 3.12 sometimes uses the | |
| CVE-2026-41478 | 9.9 | 0.03% | 1 | 0 | 2026-04-27T18:57:20.293000 | Saltcorn is an extensible, open source, no-code database application builder. Pr | |
| CVE-2026-41477 | 7.8 | 0.01% | 1 | 0 | 2026-04-27T18:57:20.293000 | Deskflow is a keyboard and mouse sharing app. In 1.20.0, 1.26.0.134, and earlie | |
| CVE-2026-22337 | 9.8 | 0.04% | 2 | 0 | 2026-04-27T18:37:59.213000 | Incorrect Privilege Assignment vulnerability in Directorist Directorist Social L | |
| CVE-2026-42379 | 7.7 | 0.03% | 2 | 0 | 2026-04-27T18:37:59.213000 | Insertion of Sensitive Information Into Sent Data vulnerability in WPDeveloper T | |
| CVE-2026-7122 | 9.8 | 0.00% | 2 | 0 | 2026-04-27T18:36:42.937000 | A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This imp | |
| CVE-2026-7136 | 9.8 | 0.00% | 2 | 0 | 2026-04-27T18:35:53.583000 | A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. Affected | |
| CVE-2026-31673 | 7.8 | 0.02% | 2 | 0 | 2026-04-27T18:32:22.917000 | In the Linux kernel, the following vulnerability has been resolved: af_unix: re | |
| CVE-2026-31682 | 9.1 | 0.03% | 2 | 0 | 2026-04-27T18:32:22.917000 | In the Linux kernel, the following vulnerability has been resolved: bridge: br_ | |
| CVE-2026-31680 | 7.8 | 0.02% | 2 | 0 | 2026-04-27T18:32:22.917000 | In the Linux kernel, the following vulnerability has been resolved: net: ipv6: | |
| CVE-2026-31678 | 7.8 | 0.02% | 2 | 0 | 2026-04-27T18:32:22.917000 | In the Linux kernel, the following vulnerability has been resolved: openvswitch | |
| CVE-2026-31676 | 7.5 | 0.02% | 2 | 0 | 2026-04-27T18:32:22.917000 | In the Linux kernel, the following vulnerability has been resolved: rxrpc: only | |
| CVE-2026-31675 | 7.8 | 0.02% | 2 | 0 | 2026-04-27T18:32:22.917000 | In the Linux kernel, the following vulnerability has been resolved: net/sched: | |
| CVE-2026-31685 | 9.4 | 0.02% | 2 | 0 | 2026-04-27T18:32:22.917000 | In the Linux kernel, the following vulnerability has been resolved: netfilter: | |
| CVE-2026-31683 | 7.8 | 0.02% | 2 | 0 | 2026-04-27T18:32:22.917000 | In the Linux kernel, the following vulnerability has been resolved: batman-adv: | |
| CVE-2026-38934 | 8.8 | 0.00% | 4 | 1 | 2026-04-27T18:32:15 | Cross Site Request Forgery vulnerability in diskoverdata diskover-community v.2. | |
| CVE-2026-7140 | 9.8 | 0.00% | 4 | 0 | 2026-04-27T18:32:15 | A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. Impacted | |
| CVE-2026-7139 | 9.8 | 0.00% | 2 | 0 | 2026-04-27T18:32:15 | A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This issue affect | |
| CVE-2026-41463 | 8.8 | 0.00% | 2 | 0 | 2026-04-27T18:32:15 | ProjeQtor versions 7.0 through 12.4.3 contain a ZipSlip path traversal vulnerabi | |
| CVE-2026-7138 | 9.8 | 0.00% | 2 | 0 | 2026-04-27T18:32:15 | A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. This vulne | |
| CVE-2026-7137 | 9.8 | 0.00% | 2 | 0 | 2026-04-27T18:32:15 | A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b202005 | |
| CVE-2025-69689 | 8.8 | 0.00% | 2 | 0 | 2026-04-27T18:32:09 | The Fan Control application V251 contains an improper privilege handling vulnera | |
| CVE-2026-30352 | 9.8 | 0.00% | 2 | 0 | 2026-04-27T18:32:07 | A remote code execution (RCE) vulnerability in the /devserver/start endpoint of | |
| CVE-2026-41462 | 9.8 | 0.00% | 2 | 0 | 2026-04-27T18:32:07 | ProjeQtor versions 7.0 through 12.4.3 contain an unauthenticated SQL injection v | |
| CVE-2026-33454 | 9.4 | 0.02% | 2 | 0 | 2026-04-27T18:32:06 | The Camel-Mail component is vulnerable to Camel message header injection. The cu | |
| CVE-2026-40022 | 8.2 | 0.04% | 2 | 0 | 2026-04-27T18:32:06 | When authentication is enabled on the Apache Camel embedded HTTP server or embed | |
| CVE-2026-41635 | 9.8 | 0.05% | 2 | 0 | 2026-04-27T18:32:05 | Apache MINA's AbstractIoBuffer.resolveClass() contains two branches, one of them | |
| CVE-2026-40860 | 9.8 | 0.30% | 2 | 0 | 2026-04-27T18:32:05 | JmsBinding.extractBodyFromJms() in camel-jms, and the equivalent JmsBinding clas | |
| CVE-2026-40453 | 10.0 | 0.06% | 2 | 0 | 2026-04-27T18:32:05 | The fix for CVE-2025-27636 added setLowerCase(true) to HttpHeaderFilterStrategy | |
| CVE-2026-40048 | 7.8 | 0.07% | 2 | 0 | 2026-04-27T18:32:05 | The Camel-PQC FileBasedKeyLifecycleManager class deserializes the contents of `< | |
| CVE-2026-41066 | 7.5 | 0.03% | 1 | 0 | 2026-04-27T17:59:05.297000 | lxml is a library for processing XML and HTML in the Python language. Prior to 6 | |
| CVE-2026-28950 | 6.2 | 0.01% | 1 | 0 | 2026-04-27T17:07:44.363000 | A logging issue was addressed with improved data redaction. This issue is fixed | |
| CVE-2026-40897 | 8.8 | 0.05% | 1 | 0 | 2026-04-27T16:43:12 | ### Impact This security vulnerability allowed executing arbitrary JavaScript vi | |
| CVE-2026-41176 | None | 2.79% | 1 | 0 | template | 2026-04-27T16:23:08 | ### Summary The RC endpoint `options/set` is exposed without `AuthRequired: true |
| CVE-2026-41433 | 8.4 | 0.02% | 1 | 0 | 2026-04-27T16:19:42 | ### Summary A flaw in the Java agent injection path allows a local attacker con | |
| CVE-2026-41428 | 9.1 | 0.06% | 1 | 0 | 2026-04-27T16:19:35 | ### Summary The `authenticated` middleware uses unanchored regular expressions | |
| CVE-2026-33453 | 10.0 | 0.55% | 2 | 1 | 2026-04-27T15:31:59 | Improperly Controlled Modification of Dynamically-Determined Object Attributes v | |
| CVE-2026-7124 | 9.8 | 0.00% | 2 | 0 | 2026-04-27T15:31:01 | A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. Affected | |
| CVE-2026-7123 | 9.8 | 0.00% | 2 | 0 | 2026-04-27T15:31:00 | A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. Affected is t | |
| CVE-2026-7125 | 9.8 | 0.00% | 2 | 0 | 2026-04-27T15:31:00 | A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. Affected | |
| CVE-2026-40473 | 8.8 | 0.08% | 4 | 1 | 2026-04-27T15:30:52 | The camel-mina component's MinaConverter.toObjectInput(IoBuffer) type converter | |
| CVE-2026-41208 | 8.8 | 0.23% | 1 | 0 | 2026-04-27T15:14:22.080000 | Paperclip is a Node.js server and React UI that orchestrates a team of AI agents | |
| CVE-2026-25660 | 9.8 | 0.05% | 1 | 0 | 2026-04-27T14:48:20.843000 | CodeChecker is an analyzer tooling, defect database and viewer extension for the | |
| CVE-2026-5943 | 7.8 | 0.01% | 2 | 0 | 2026-04-27T12:30:49 | Document structural anomalies caused inconsistencies between page element relati | |
| CVE-2026-7121 | 9.8 | 0.00% | 2 | 0 | 2026-04-27T12:30:49 | A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This affects the | |
| CVE-2026-7119 | 8.8 | 0.00% | 2 | 0 | 2026-04-27T12:30:49 | A vulnerability was detected in Tenda HG3 2.0. The impacted element is an unknow | |
| CVE-2026-5941 | 7.8 | 0.02% | 2 | 0 | 2026-04-27T12:30:45 | Parsing logic flaws cause non-signature data to be misidentified as valid signat | |
| CVE-2026-22336 | 9.3 | 0.03% | 2 | 0 | 2026-04-27T12:30:44 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2026-7101 | 8.8 | 0.05% | 2 | 0 | 2026-04-27T09:34:46 | A vulnerability has been found in Tenda F456 1.0.0.5. This affects the function | |
| CVE-2026-7100 | 8.8 | 0.05% | 2 | 0 | 2026-04-27T09:34:40 | A flaw has been found in Tenda F456 1.0.0.5. The impacted element is the functio | |
| CVE-2026-7099 | 8.8 | 0.05% | 2 | 0 | 2026-04-27T09:34:40 | A vulnerability was detected in Tenda F456 1.0.0.5. The affected element is the | |
| CVE-2026-7098 | 8.8 | 0.05% | 2 | 0 | 2026-04-27T09:34:40 | A security vulnerability has been detected in Tenda F456 1.0.0.5. Impacted is th | |
| CVE-2026-7081 | 8.8 | 0.05% | 3 | 0 | 2026-04-27T06:31:33 | A vulnerability was detected in Tenda F456 1.0.0.5. Affected is the function fro | |
| CVE-2026-7082 | 8.8 | 0.05% | 2 | 0 | 2026-04-27T06:31:33 | A flaw has been found in Tenda F456 1.0.0.5. Affected by this vulnerability is t | |
| CVE-2026-7079 | 8.8 | 0.05% | 1 | 0 | 2026-04-27T03:30:34 | A weakness has been identified in Tenda F456 1.0.0.5. This affects the function | |
| CVE-2026-7078 | 8.8 | 0.05% | 1 | 0 | 2026-04-27T03:30:34 | A security flaw has been discovered in Tenda F456 1.0.0.5. The impacted element | |
| CVE-2026-7106 | 8.8 | 0.05% | 1 | 0 | 2026-04-27T03:30:34 | The Highland Software Custom Role Manager plugin for WordPress is vulnerable to | |
| CVE-2026-7069 | 8.0 | 0.03% | 1 | 0 | 2026-04-27T00:30:33 | A security flaw has been discovered in D-Link DIR-825 up to 3.00b32. This impact | |
| CVE-2026-7068 | 8.8 | 0.03% | 1 | 0 | 2026-04-27T00:30:33 | A vulnerability was identified in D-Link DIR-825 3.00b32. This affects the funct | |
| CVE-2026-7055 | 8.8 | 0.05% | 1 | 0 | 2026-04-27T00:30:33 | A security vulnerability has been detected in Tenda F456 1.0.0.5. This issue aff | |
| CVE-2026-7054 | 8.8 | 0.05% | 1 | 0 | 2026-04-27T00:30:33 | A weakness has been identified in Tenda F456 1.0.0.5. This vulnerability affects | |
| CVE-2026-7053 | 8.8 | 0.05% | 1 | 0 | 2026-04-27T00:30:33 | A security flaw has been discovered in Tenda F456 1.0.0.5. This affects the func | |
| CVE-2026-33277 | 8.8 | 0.23% | 2 | 0 | 2026-04-27T00:30:28 | An OS command Injection issue exists in LogonTracer prior to v2.0.0. An arbitrar | |
| CVE-2026-42363 | 9.3 | 0.03% | 2 | 0 | 2026-04-27T00:30:27 | An insufficient encryption vulnerability exists in the Device Authentication fun | |
| CVE-2026-6786 | 8.1 | 0.06% | 2 | 0 | 2026-04-26T21:30:30 | Memory safety bugs present in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox | |
| CVE-2026-7039 | 7.8 | 0.06% | 1 | 0 | 2026-04-26T15:30:27 | A security vulnerability has been detected in tufantunc ssh-mcp up to 1.5.0. The | |
| CVE-2026-7037 | 9.8 | 0.89% | 2 | 0 | 2026-04-26T12:31:47 | A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. Thi | |
| CVE-2026-7034 | 8.8 | 0.05% | 1 | 0 | 2026-04-26T12:31:47 | A vulnerability was found in Tenda FH1202 1.2.0.14(408). Affected by this issue | |
| CVE-2026-7033 | 8.8 | 0.05% | 1 | 0 | 2026-04-26T12:31:47 | A vulnerability has been found in Tenda F456 1.0.0.5. Affected by this vulnerabi | |
| CVE-2026-7032 | 8.8 | 0.05% | 1 | 0 | 2026-04-26T12:31:47 | A flaw has been found in Tenda F456 1.0.0.5. Affected is the function SafeEmailF | |
| CVE-2026-7031 | 8.8 | 0.05% | 2 | 0 | 2026-04-26T12:31:47 | A vulnerability was detected in Tenda F456 1.0.0.5. This impacts the function fr | |
| CVE-2026-7030 | 8.8 | 0.05% | 1 | 0 | 2026-04-26T12:31:36 | A security vulnerability has been detected in Tenda F456 1.0.0.5. This affects t | |
| CVE-2026-7028 | 4.7 | 0.01% | 1 | 1 | 2026-04-26T09:32:42 | A security flaw has been discovered in CodeAstro Online Job Portal 1.0. The affe | |
| CVE-2026-7019 | 8.8 | 0.05% | 2 | 0 | 2026-04-26T06:31:22 | A vulnerability was identified in Tenda F456 1.0.0.5. The impacted element is th | |
| CVE-2026-42255 | 7.2 | 0.03% | 1 | 0 | 2026-04-26T06:31:21 | Technitium DNS Server before 15.0 allows DNS traffic amplification via cyclic na | |
| CVE-2026-7015 | 2.4 | 0.03% | 1 | 0 | 2026-04-26T03:30:26 | A vulnerability has been found in MaxSite CMS up to 109.3. This issue affects so | |
| CVE-2026-6992 | 7.2 | 0.12% | 1 | 0 | 2026-04-25T18:33:03 | A vulnerability was identified in Linksys MR9600 2.0.6.206937. This affects the | |
| CVE-2026-6951 | 9.8 | 0.08% | 3 | 0 | 2026-04-25T06:30:30 | Versions of the package simple-git before 3.36.0 are vulnerable to Remote Code E | |
| CVE-2025-50229 | 9.8 | 0.03% | 1 | 0 | 2026-04-24T21:33:02 | Jizhicms v2.5.4 is vulnerable to SQL injection in the product editing module. | |
| CVE-2024-7399 | 8.8 | 82.26% | 3 | 1 | template | 2026-04-24T21:33:00 | Improper limitation of a pathname to a restricted directory vulnerability in Sam |
| CVE-2026-41472 | None | 0.67% | 1 | 0 | 2026-04-24T21:32:03 | CyberPanel versions prior to 2.4.4 contain a stored cross-site scripting vulnera | |
| CVE-2026-41044 | 8.8 | 0.10% | 1 | 0 | 2026-04-24T21:32:00 | Improper Input Validation, Improper Control of Generation of Code ('Code Injecti | |
| CVE-2026-40466 | 8.8 | 0.21% | 1 | 0 | 2026-04-24T21:32:00 | Improper Input Validation, Improper Control of Generation of Code ('Code Injecti | |
| CVE-2026-23902 | 8.1 | 0.04% | 1 | 0 | 2026-04-24T21:32:00 | Incorrect Authorization vulnerability in Apache DolphinScheduler allows authenti | |
| CVE-2026-40887 | 9.1 | 5.38% | 1 | 0 | template | 2026-04-24T21:10:19 | ## Summary An unauthenticated SQL injection vulnerability exists in the Vendure |
| CVE-2026-41273 | 8.2 | 0.06% | 1 | 0 | 2026-04-24T21:01:23 | ### Summary Flowise contains an authentication bypass vulnerability that allows | |
| CVE-2026-41275 | 7.5 | 0.04% | 1 | 0 | 2026-04-24T21:01:15 | **Summary:** The password reset functionality on [cloud.flowiseai.com](http://cl | |
| CVE-2026-41276 | 9.8 | 0.18% | 1 | 0 | 2026-04-24T21:01:10 | ZDI-CAN-28762: Flowise AccountService resetPassword Authentication Bypass Vulner | |
| CVE-2026-41277 | 8.8 | 0.12% | 1 | 0 | 2026-04-24T21:01:05 | ### Summary A Mass Assignment vulnerability in the DocumentStore creation endpoi | |
| CVE-2026-41279 | 7.5 | 0.04% | 1 | 0 | 2026-04-24T21:00:53 | ### Summary The text-to-speech generation endpoint (`POST /api/v1/text-to-speec | |
| CVE-2026-41265 | 9.8 | 0.13% | 1 | 0 | 2026-04-24T20:58:07 | ZDI-CAN-29412: FlowiseAI Flowise Airtable_Agent Code Injection Remote Code Execu | |
| CVE-2026-41266 | 7.5 | 0.04% | 1 | 0 | 2026-04-24T20:58:07 | ### Summary `/api/v1/public-chatbotConfig/:id `ep exposes sensitive data includ | |
| CVE-2026-41180 | 7.5 | 0.03% | 1 | 0 | 2026-04-24T20:52:12 | ### Summary The upload PATCH flow under `/files/:uploadId` validates the mounte | |
| CVE-2026-41137 | 8.8 | 0.28% | 1 | 0 | 2026-04-24T20:44:06 | ### Summary The CSVAgent allows providing a custom Pandas CSV read code. Due to | |
| CVE-2024-57728 | 7.2 | 50.59% | 3 | 0 | 2026-04-24T19:27:00.700000 | SimpleHelp remote support software v5.5.7 and before allows admin users to uploa | |
| CVE-2026-39920 | 9.8 | 0.20% | 2 | 0 | 2026-04-24T18:31:18 | BridgeHead FileStore versions prior to 24A (released in early 2024) expose the A | |
| CVE-2025-29635 | 8.8 | 58.94% | 4 | 0 | 2026-04-24T18:30:36 | A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an | |
| CVE-2024-57726 | 8.8 | 49.10% | 3 | 0 | 2026-04-24T18:30:36 | SimpleHelp remote support software v5.5.7 and before has a vulnerability that al | |
| CVE-2026-6912 | 8.8 | 0.15% | 2 | 0 | 2026-04-24T17:56:41.280000 | Improperly controlled modification of dynamically-determined object attributes i | |
| CVE-2026-41271 | 8.3 | 0.06% | 1 | 0 | 2026-04-24T16:37:54.877000 | Flowise is a drag & drop user interface to build a customized large language mod | |
| CVE-2026-41278 | 7.5 | 0.03% | 1 | 0 | 2026-04-24T16:31:51.023000 | Flowise is a drag & drop user interface to build a customized large language mod | |
| CVE-2026-33524 | 7.5 | 0.04% | 1 | 0 | 2026-04-24T16:25:17 | ## Summary ### Unbounded Memory Allocation (all platforms) A crafted payload a | |
| CVE-2026-41492 | 9.8 | 0.06% | 2 | 0 | 2026-04-24T16:15:29 | ### Summary Dgraph `v25.3.2` still exposes the process command line through the | |
| CVE-2026-41327 | 9.1 | 0.03% | 3 | 0 | 2026-04-24T15:41:25 | ## 1. Executive Summary A vulnerability has been found in Dgraph that gives an | |
| CVE-2026-21728 | 7.5 | 0.01% | 1 | 0 | 2026-04-24T15:33:39 | Tempo queries with large limits can cause large memory allocations which can imp | |
| CVE-2026-6919 | 9.7 | 0.11% | 2 | 0 | 2026-04-24T15:33:34 | Use after free in DevTools in Google Chrome prior to 147.0.7727.117 allowed a re | |
| CVE-2026-21515 | 10.0 | 0.08% | 2 | 0 | 2026-04-24T15:32:39 | Exposure of sensitive information to an unauthorized actor in Azure IOT Central | |
| CVE-2026-5367 | 8.6 | 0.03% | 1 | 0 | 2026-04-24T15:32:39 | A flaw was found in OVN (Open Virtual Network). A remote attacker, by sending cr | |
| CVE-2026-41264 | 9.8 | 0.22% | 1 | 0 | 2026-04-24T15:15:17.923000 | Flowise is a drag & drop user interface to build a customized large language mod | |
| CVE-2026-33694 | 0 | 0.01% | 1 | 0 | 2026-04-24T14:50:56.203000 | This vulnerability allows an attacker to create a junction, enabling the deletio | |
| CVE-2026-27841 | 8.1 | 0.01% | 1 | 0 | 2026-04-24T14:39:56.310000 | A vulnerability in SenseLive X3050's web management interface allows state-chang | |
| CVE-2026-27843 | 9.1 | 0.07% | 1 | 0 | 2026-04-24T14:39:56.310000 | A vulnerability exists in SenseLive X3050's web management interface that allows | |
| CVE-2026-1950 | 9.8 | 0.04% | 1 | 0 | 2026-04-24T14:39:28.770000 | Delta Electronics AS320T has No checking of the length of the buffer with the f | |
| CVE-2026-1952 | 9.8 | 0.04% | 1 | 0 | 2026-04-24T09:30:36 | Delta Electronics AS320T has denial of service via the undocumented subfunction | |
| CVE-2026-35064 | 7.5 | 0.05% | 1 | 0 | 2026-04-24T00:32:04 | A vulnerability in SenseLive X3050’s management ecosystem allows unauthenticated | |
| CVE-2026-39462 | 8.1 | 0.04% | 1 | 0 | 2026-04-24T00:32:04 | A vulnerability exists in SenseLive X3050’s web management interface in which pa | |
| CVE-2026-35503 | 9.8 | 0.06% | 1 | 0 | 2026-04-24T00:32:04 | A vulnerability in SenseLive X3050’s web management interface allows authenticat | |
| CVE-2026-40630 | 9.8 | 0.09% | 1 | 0 | 2026-04-24T00:32:04 | A vulnerability in SenseLive X3050’s web management interface allows unauthor | |
| CVE-2026-25775 | 9.8 | 0.07% | 1 | 0 | 2026-04-24T00:32:03 | A vulnerability in SenseLive X3050’s remote management service allows firmware r | |
| CVE-2026-40623 | 8.1 | 0.03% | 1 | 0 | 2026-04-24T00:32:03 | A vulnerability in SenseLive X3050's web management interface allows critical sy | |
| CVE-2026-40620 | 9.8 | 0.07% | 1 | 0 | 2026-04-24T00:32:03 | A vulnerability in SenseLive X3050’s embedded management service allows full adm | |
| CVE-2026-33819 | 10.0 | 0.27% | 1 | 0 | 2026-04-24T00:31:58 | Deserialization of untrusted data in Microsoft Bing allows an unauthorized attac | |
| CVE-2026-24303 | 9.6 | 0.04% | 1 | 0 | 2026-04-24T00:31:58 | Improper access control in Microsoft Partner Center allows an authorized attacke | |
| CVE-2026-26150 | 8.6 | 0.06% | 1 | 0 | 2026-04-24T00:31:58 | Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized a | |
| CVE-2026-32613 | 9.9 | 0.08% | 1 | 1 | 2026-04-23T18:30:37.510000 | Spinnaker is an open source, multi-cloud continuous delivery platform. Echo like | |
| CVE-2026-41179 | None | 5.98% | 1 | 0 | template | 2026-04-23T10:52:57 | ### Summary The RC endpoint `operations/fsinfo` is exposed without `AuthRequired |
| CVE-2026-22007 | 2.9 | 0.02% | 1 | 0 | 2026-04-22T15:31:39 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Ente | |
| CVE-2026-6770 | 6.5 | 0.06% | 3 | 0 | 2026-04-22T15:07:23.650000 | Other issue in the Storage: IndexedDB component. This vulnerability was fixed in | |
| CVE-2026-6799 | 6.3 | 1.41% | 1 | 0 | 2026-04-22T00:31:48 | A security flaw has been discovered in Comfast CF-N1-S 2.6.0.1. Affected by this | |
| CVE-2026-38834 | 7.3 | 5.28% | 1 | 0 | 2026-04-21T21:32:31 | Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerabili | |
| CVE-2026-3298 | None | 0.07% | 1 | 0 | 2026-04-21T21:31:23 | The method "sock_recvfrom_into()" of "asyncio.ProacterEventLoop" (Windows only) | |
| CVE-2026-40050 | 9.8 | 0.32% | 2 | 0 | 2026-04-21T18:32:04 | CrowdStrike has released security updates to address a critical unauthenticated | |
| CVE-2026-21571 | None | 1.17% | 1 | 0 | 2026-04-21T18:32:04 | This Critical severity OS Command Injection vulnerability was introduced in vers | |
| CVE-2019-25714 | None | 0.78% | 1 | 0 | 2026-04-21T18:32:04 | Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in t | |
| CVE-2026-5752 | 9.4 | 0.02% | 1 | 0 | 2026-04-21T15:33:24 | Sandbox Escape Vulnerability in Terrarium allows arbitrary code execution with r | |
| CVE-2026-33626 | 7.5 | 0.04% | 4 | 0 | 2026-04-21T15:04:13 | ## Summary A Server-Side Request Forgery (SSRF) vulnerability exists in LMDeplo | |
| CVE-2025-48700 | 6.1 | 18.76% | 1 | 0 | 2026-04-21T13:00:03.373000 | An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0 and 10.0 an | |
| CVE-2026-5965 | 9.8 | 8.66% | 1 | 0 | 2026-04-21T06:30:32 | NewSoftOA developed by NewSoft has an OS Command Injection vulnerability, allowi | |
| CVE-2026-20133 | 6.5 | 1.20% | 1 | 0 | 2026-04-20T21:32:43 | A vulnerability in Cisco Catalyst SD-WAN Manager could allow an unauthenticated, | |
| CVE-2026-34197 | 8.8 | 65.07% | 1 | 9 | template | 2026-04-16T19:59:38.107000 | Improper Input Validation, Improper Control of Generation of Code ('Code Injecti |
| CVE-2026-32202 | 4.3 | 0.09% | 2 | 0 | 2026-04-14T18:30:51 | Protection mechanism failure in Windows Shell allows an unauthorized attacker to | |
| CVE-2026-34478 | None | 0.15% | 1 | 0 | 2026-04-14T00:13:31 | Apache Log4j Core's [`Rfc5424Layout`](https://logging.apache.org/log4j/2.x/manua | |
| CVE-2026-34479 | None | 0.16% | 1 | 0 | 2026-04-14T00:11:01 | The `Log4j1XmlLayout` from the Apache Log4j 1-to-Log4j 2 bridge fails to escape | |
| CVE-2026-34480 | None | 0.15% | 1 | 0 | 2026-04-13T23:57:23 | Apache Log4j Core's [`XmlLayout`](https://logging.apache.org/log4j/2.x/manual/la | |
| CVE-2026-21643 | 9.8 | 43.14% | 1 | 2 | template | 2026-04-13T18:31:39 | An improper neutralization of special elements used in an sql command ('sql inje |
| CVE-2026-34477 | 0 | 0.14% | 1 | 0 | 2026-04-13T15:02:06.187000 | The fix for CVE-2025-68161 https://logging.apache.org/security.html#CVE-2025-68 | |
| CVE-2026-35414 | 4.2 | 0.02% | 1 | 0 | 2026-04-02T18:31:50 | OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon | |
| CVE-2026-4747 | 8.8 | 0.09% | 2 | 2 | 2026-04-01T15:30:57 | Each RPCSEC_GSS data packet is validated by a routine which checks a signature i | |
| CVE-2026-27966 | 9.8 | 0.14% | 1 | 1 | 2026-02-27T15:47:29 | # 1. Summary The CSV Agent node in Langflow hardcodes `allow_dangerous_code=Tr | |
| CVE-2026-2526 | 6.3 | 0.38% | 2 | 0 | 2026-02-18T21:31:21 | A vulnerability was found in Wavlink WL-WN579A3 up to 20210219. This impacts the | |
| CVE-2026-25253 | 8.8 | 0.09% | 1 | 11 | 2026-02-02T23:41:06 | ## Summary The Control UI trusts `gatewayUrl` from the query string without val | |
| CVE-2025-20362 | 6.5 | 43.64% | 1 | 0 | template | 2025-11-06T14:51:19.950000 | Update: On November 5, 2025, Cisco became aware of a new attack variant against |
| CVE-2025-20333 | 10.0 | 24.78% | 1 | 0 | 2025-10-22T00:33:24 | A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security | |
| CVE-2025-59532 | None | 0.05% | 1 | 1 | 2025-09-22T22:00:37 | Due to a bug in the sandbox configuration logic, Codex CLI could treat a model-g | |
| CVE-2025-27636 | None | 35.52% | 3 | 3 | 2025-03-25T18:38:11 | Bypass/Injection vulnerability in Apache Camel components under particular condi | |
| CVE-2024-52046 | 9.8 | 80.14% | 3 | 0 | 2025-02-11T19:03:55 | The `ObjectSerializationDecoder` in Apache MINA uses Java’s native deserializati | |
| CVE-2023-20185 | 7.4 | 0.17% | 1 | 0 | 2024-02-03T05:06:20 | A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco | |
| CVE-2022-25912 | 8.1 | 43.31% | 1 | 0 | 2023-08-17T05:02:31 | The package simple-git before 3.15.0 is vulnerable to Remote Code Execution (RCE | |
| CVE-2026-25262 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-7040 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-41651 | 0 | 0.22% | 7 | 5 | N/A | ||
| CVE-2026-24467 | 0 | 0.90% | 1 | 0 | N/A | ||
| CVE-2026-6911 | 0 | 0.05% | 3 | 0 | N/A | ||
| CVE-2026-31952 | 0 | 0.06% | 1 | 0 | N/A | ||
| CVE-2026-41429 | 0 | 0.02% | 1 | 0 | N/A | ||
| CVE-2026-33662 | 0 | 0.07% | 2 | 0 | N/A | ||
| CVE-2026-33666 | 0 | 0.04% | 2 | 0 | N/A | ||
| CVE-2026-41421 | 0 | 0.03% | 2 | 0 | N/A |
updated 2026-04-27T22:16:18.690000
2 posts
🟠 CVE-2026-7160 - High (8.8)
A vulnerability was determined in Tenda HG3 2.0. This vulnerability affects the function formTracert of the file /boaform/formTracert. Executing a manipulation of the argument datasize can lead to command injection. The attack may be performed fro...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7160/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-7160 - High (8.8)
A vulnerability was determined in Tenda HG3 2.0. This vulnerability affects the function formTracert of the file /boaform/formTracert. Executing a manipulation of the argument datasize can lead to command injection. The attack may be performed fro...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7160/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T21:31:12
2 posts
🔴 CVE-2026-7155 - Critical (9.8)
A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. This impacts the function setLoginPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument admpass leads to os c...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7155/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-7155 - Critical (9.8)
A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. This impacts the function setLoginPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument admpass leads to os c...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7155/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T21:31:12
2 posts
🔴 CVE-2026-7154 - Critical (9.8)
A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setAdvancedInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument tty_server can lead to os...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7154/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-7154 - Critical (9.8)
A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setAdvancedInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument tty_server can lead to os...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7154/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T21:31:12
2 posts
🟠 CVE-2026-7151 - High (8.8)
A vulnerability was determined in Tenda HG3 2.0. Impacted is the function formUploadConfig of the file /boaform/formIPv6Routing. This manipulation of the argument destNet causes stack-based buffer overflow. It is possible to initiate the attack re...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7151/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-7151 - High (8.8)
A vulnerability was determined in Tenda HG3 2.0. Impacted is the function formUploadConfig of the file /boaform/formIPv6Routing. This manipulation of the argument destNet causes stack-based buffer overflow. It is possible to initiate the attack re...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7151/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T21:31:12
2 posts
🔴 CVE-2026-7153 - Critical (9.8)
A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setMiniuiHomeInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument sys_in...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7153/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-7153 - Critical (9.8)
A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setMiniuiHomeInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument sys_in...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7153/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T21:31:12
2 posts
🔴 CVE-2026-7152 - Critical (9.8)
A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument telnet_enabled leads to os c...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7152/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-7152 - Critical (9.8)
A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument telnet_enabled leads to os c...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7152/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T21:31:11
2 posts
🟠 CVE-2026-6741 - High (8.8)
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 5.4.1. This is due to a missing authorization check in the execute() method of the con...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6741/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-6741 - High (8.8)
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 5.4.1. This is due to a missing authorization check in the execute() method of the con...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6741/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T21:31:02
2 posts
🟠 CVE-2026-30350 - High (7.5)
An issue in the /store/items/search endpoint of Agent Protocol server commit e9a89f allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30350/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-30350 - High (7.5)
An issue in the /store/items/search endpoint of Agent Protocol server commit e9a89f allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30350/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T21:16:44
4 posts
🚨 CRITICAL: Totolink A8000RU (7.1cu.643_b20200521) is vulnerable to OS command injection (CVE-2026-7156, CVSS 9.3). Exploit is public — remote attackers can fully compromise devices. Disable remote mgmt & restrict access now. https://radar.offseq.com/threat/cve-2026-7156-os-command-injection-in-totolink-a80-8abcd97a #OffSeq #CVE20267156 #IoTSecurity
##🔴 CVE-2026-7156 - Critical (9.8)
A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function CsteSystem of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument HTTP results in os command injection. The att...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7156/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CRITICAL: Totolink A8000RU (7.1cu.643_b20200521) is vulnerable to OS command injection (CVE-2026-7156, CVSS 9.3). Exploit is public — remote attackers can fully compromise devices. Disable remote mgmt & restrict access now. https://radar.offseq.com/threat/cve-2026-7156-os-command-injection-in-totolink-a80-8abcd97a #OffSeq #CVE20267156 #IoTSecurity
##🔴 CVE-2026-7156 - Critical (9.8)
A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function CsteSystem of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument HTTP results in os command injection. The att...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7156/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T19:50:46.320000
2 posts
🟠 CVE-2026-42039 - High (7.5)
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, toFormData recursively walks nested objects with no depth limit, so a deeply nested value passed as request data crashes the Node.js process with a Range...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42039/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-42039 - High (7.5)
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, toFormData recursively walks nested objects with no depth limit, so a deeply nested value passed as request data crashes the Node.js process with a Range...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42039/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T19:18:46.690000
2 posts
🟠 CVE-2026-30351 - High (7.5)
A path traversal vulnerability in the UI/static component of leonvanzyl autocoder commit 79d02a allows attackers to read arbitrary files via sending crafted URL path containing traversal sequences.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30351/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-30351 - High (7.5)
A path traversal vulnerability in the UI/static component of leonvanzyl autocoder commit 79d02a allows attackers to read arbitrary files via sending crafted URL path containing traversal sequences.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30351/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T19:10:45.587000
1 posts
🟠 CVE-2026-41419 - High (7.6)
4ga Boards is a boards system for realtime project management. Prior to 3.3.5, a path traversal vulnerability allows an authenticated user with board import privileges to make the server ingest arbitrary host files as board attachments during BOAR...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41419/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T18:57:20.293000
4 posts
1 repos
🟠 CVE-2026-40858 - High (8.8)
The camel-infinispan component's ProtoStream-based remote aggregation repository deserializes data read from a remote Infinispan cache using java.io.ObjectInputStream without applying any ObjectInputFilter. An attacker who can write to the Infinis...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40858/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CRITICAL: CVE-2026-40858 in Apache Camel's camel-infinispan lets attackers with cache write access trigger arbitrary code execution. Patch to 4.20.0/4.14.7/4.18.2 ASAP! More info: https://radar.offseq.com/threat/cve-2026-40858-cwe-502-deserialization-of-untruste-52424157 #OffSeq #ApacheCamel #Infosec #CVE2026_40858
##🟠 CVE-2026-40858 - High (8.8)
The camel-infinispan component's ProtoStream-based remote aggregation repository deserializes data read from a remote Infinispan cache using java.io.ObjectInputStream without applying any ObjectInputFilter. An attacker who can write to the Infinis...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40858/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CRITICAL: CVE-2026-40858 in Apache Camel's camel-infinispan lets attackers with cache write access trigger arbitrary code execution. Patch to 4.20.0/4.14.7/4.18.2 ASAP! More info: https://radar.offseq.com/threat/cve-2026-40858-cwe-502-deserialization-of-untruste-52424157 #OffSeq #ApacheCamel #Infosec #CVE2026_40858
##updated 2026-04-27T18:57:20.293000
2 posts
🟠 CVE-2026-5940 - High (7.8)
Calling a function that triggers a UI refresh after removing comments via a script may access an invalidated object, leading to program crashes.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5940/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-5940 - High (7.8)
Calling a function that triggers a UI refresh after removing comments via a script may access an invalidated object, leading to program crashes.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5940/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T18:57:20.293000
1 posts
If you're using plug_cowboy, update to the newly-released v2.8.1 to patch a denial-of-service vulnerability related to atom exhaustion.
##updated 2026-04-27T18:57:20.293000
2 posts
🔴 CVE-2026-41409 - Critical (9.8)
The fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject() was incomplete. The classname allowlist of classes allowed to be deserialized was applied too late after a static initializer in a class to be read might already have been exec...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41409/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-41409 - Critical (9.8)
The fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject() was incomplete. The classname allowlist of classes allowed to be deserialized was applied too late after a static initializer in a class to be read might already have been exec...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41409/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T18:57:20.293000
2 posts
🟠 New security advisory:
CVE-2026-6785 affects multiple systems.
• Impact: Significant security breach potential
• Risk: Unauthorized access or data exposure
• Mitigation: Apply patches within 24-48 hours
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-6785-firefox-memory-corruption-can-run-code
🟠 CVE-2026-6785 - High (8.1)
Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have be...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6785/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T18:57:20.293000
3 posts
⚠️ HIGH severity: Tenda F456 (v1.0.0.5) buffer overflow in httpd's fromPPTPUserSetting (CVE-2026-7080) enables remote code execution or DoS. No patch yet — restrict device exposure & monitor for updates. Details: https://radar.offseq.com/threat/cve-2026-7080-buffer-overflow-in-tenda-f456-6bb8799d #OffSeq #infosec #CVE20267080
##⚠️ HIGH severity: Tenda F456 (v1.0.0.5) buffer overflow in httpd's fromPPTPUserSetting (CVE-2026-7080) enables remote code execution or DoS. No patch yet — restrict device exposure & monitor for updates. Details: https://radar.offseq.com/threat/cve-2026-7080-buffer-overflow-in-tenda-f456-6bb8799d #OffSeq #infosec #CVE20267080
##🟠 CVE-2026-7080 - High (8.8)
A security vulnerability has been detected in Tenda F456 1.0.0.5. This impacts the function fromPPTPUserSetting of the file /goform/PPTPUserSetting of the component httpd. Such manipulation of the argument delno leads to buffer overflow. The attac...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7080/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T18:57:20.293000
2 posts
🟠 CVE-2026-7097 - High (8.8)
A weakness has been identified in Tenda F456 1.0.0.5. This issue affects the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter of the component httpd. This manipulation of the argument page causes buffer overflow. The atta...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7097/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-7097 - High (8.8)
A weakness has been identified in Tenda F456 1.0.0.5. This issue affects the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter of the component httpd. This manipulation of the argument page causes buffer overflow. The atta...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7097/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T18:57:20.293000
2 posts
🟠 CVE-2026-7096 - High (8.8)
A security flaw has been discovered in Tenda HG3 2.0 300003070. This vulnerability affects the function formgponConf of the file /boaform/admin/formgponConf. The manipulation of the argument fmgpon_loid results in os command injection. It is possi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7096/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-7096 - High (8.8)
A security flaw has been discovered in Tenda HG3 2.0 300003070. This vulnerability affects the function formgponConf of the file /boaform/admin/formgponConf. The manipulation of the argument fmgpon_loid results in os command injection. It is possi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7096/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T18:57:20.293000
2 posts
⚠️ HIGH severity: CVE-2026-3868 affects Moxa EDR-8010 v1.0 routers. Remote attackers can trigger a DoS via HTTPS mgmt interface buffer overflow. No patch yet — restrict access & monitor for outages. https://radar.offseq.com/threat/cve-2026-3868-cwe-130-improper-handling-of-length--680be2d5 #OffSeq #Moxa #Infosec #ICS
##⚠️ HIGH severity: CVE-2026-3868 affects Moxa EDR-8010 v1.0 routers. Remote attackers can trigger a DoS via HTTPS mgmt interface buffer overflow. No patch yet — restrict access & monitor for outages. https://radar.offseq.com/threat/cve-2026-3868-cwe-130-improper-handling-of-length--680be2d5 #OffSeq #Moxa #Infosec #ICS
##updated 2026-04-27T18:57:20.293000
1 posts
🟠 CVE-2026-7056 - High (8.8)
A vulnerability was detected in Tenda F456 1.0.0.5. Impacted is the function fromSafeUrlFilter of the file /goform/SafeUrlFilter of the component httpd. The manipulation of the argument page results in buffer overflow. The attack may be performed ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7056/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T18:57:20.293000
1 posts
🟠 CVE-2026-7057 - High (8.8)
A flaw has been found in Tenda F456 1.0.0.5. The affected element is an unknown function of the file /goform/setcfm of the component httpd. This manipulation of the argument funcname/funcpara1 causes buffer overflow. It is possible to initiate the...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7057/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T18:57:20.293000
1 posts
🟠 CVE-2026-7035 - High (8.8)
A vulnerability was determined in Tenda FH1202 1.2.0.14. This affects the function fromWrlclientSet of the file /goform/WrlclientSet of the component httpd. Executing a manipulation of the argument Go can lead to stack-based buffer overflow. The a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7035/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T18:57:20.293000
1 posts
🟠 CVE-2026-7029 - High (8.8)
A weakness has been identified in Tenda F456 1.0.0.5. The impacted element is the function fromaddressNat of the file /goform/addressNat. Executing a manipulation of the argument menufacturer/Go can lead to buffer overflow. The attack may be perfo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7029/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T18:57:20.293000
1 posts
MEDIUM severity alert: CVE-2026-7026 in D-Link DGS-3420 v1.50.018 allows remote XSS via System Info Settings Page. Exploit is public. Assess your devices and monitor for abuse. https://radar.offseq.com/threat/cve-2026-7026-cross-site-scripting-in-d-link-dgs-3-10e9ee49 #OffSeq #DLink #Vuln #XSS
##updated 2026-04-27T18:57:20.293000
2 posts
⚠️ HIGH severity: Tenda HG10 (HG7_HG9_HG10re_300001138_en_xpon) buffer overflow via Boa Service (formRoute). Remote RCE/DoS risk. Exploit public, patch pending. Restrict access & monitor Tenda updates. CVE-2026-6988 https://radar.offseq.com/threat/cve-2026-6988-buffer-overflow-in-tenda-hg10-324a24f1 #OffSeq #IoT #Vuln
##🟠 CVE-2026-6988 - High (8.8)
A flaw has been found in Tenda HG10 HG7_HG9_HG10re_300001138_en_xpon. This issue affects the function formRoute of the file /boaform/formRouting of the component Boa Service. This manipulation of the argument nextHop causes buffer overflow. It is ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6988/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T18:57:20.293000
2 posts
🚨 CVE-2026-41328: CRITICAL DQL injection in dgraph-io Dgraph (<25.3.3) allows unauthenticated full DB read! Exploit via crafted POSTs to port 8080. Patch to 25.3.3+ or enable ACL to mitigate. Details: https://radar.offseq.com/threat/cve-2026-41328-cwe-943-improper-neutralization-of--c8d19cb1 #OffSeq #CVE202641328 #GraphQL #infosec
##🔴 CVE-2026-41328 - Critical (9.1)
Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default configur...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41328/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T18:57:20.293000
2 posts
🚨 CRITICAL: CVE-2026-41248 affects clerk astro, nextjs, nuxt — lets attackers bypass middleware in affected JS libs. Update to fixed versions ASAP to prevent unauthorized access. Patches available now. https://radar.offseq.com/threat/cve-2026-41248-cwe-436-interpretation-conflict-in--1e1431c1 #OffSeq #Vulnerability #ClerkJS
##🔴 CVE-2026-41248 - Critical (9.1)
Clerk JavaScript is the official JavaScript repository for Clerk authentication. createRouteMatcher in @clerk/nextjs, @clerk/nuxt, and @clerk/astro can be bypassed by certain crafted requests, allowing them to skip middleware gating and reach down...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41248/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T18:57:20.293000
1 posts
🟠 CVE-2026-42171 - High (7.8)
NSIS (Nullsoft Scriptable Install System) 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTEM, allowing local attackers to gain privileges (if they can cause my_GetTempFileName to return 0, as shown in the referenc...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42171/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T18:57:20.293000
1 posts
🔴 CVE-2026-41478 - Critical (9.9)
Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.6, 1.5.6, and 1.6.0-beta.5, a SQL injection vulnerability in Saltcorn’s mobile-sync routes allows any authenticated low-privilege user with read access to...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41478/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T18:57:20.293000
1 posts
🟠 CVE-2026-41477 - High (7.8)
Deskflow is a keyboard and mouse sharing app. In 1.20.0, 1.26.0.134, and earlier, Deskflow daemon runs as SYSTEM and exposes an IPC named pipe with WorldAccessOption enabled. The daemon processes privileged commands without authentication, allowi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41477/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T18:37:59.213000
2 posts
🔴 CVE-2026-22337 - Critical (9.8)
Incorrect Privilege Assignment vulnerability in Directorist Directorist Social Login allows Privilege Escalation.This issue affects Directorist Social Login: from n/a before 2.1.4.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22337/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-22337 - Critical (9.8)
Incorrect Privilege Assignment vulnerability in Directorist Directorist Social Login allows Privilege Escalation.This issue affects Directorist Social Login: from n/a before 2.1.4.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22337/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T18:37:59.213000
2 posts
🟠 CVE-2026-42379 - High (7.7)
Insertion of Sensitive Information Into Sent Data vulnerability in WPDeveloper Templately allows Retrieve Embedded Sensitive Data.This issue affects Templately: from n/a through 3.6.1.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42379/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-42379 - High (7.7)
Insertion of Sensitive Information Into Sent Data vulnerability in WPDeveloper Templately allows Retrieve Embedded Sensitive Data.This issue affects Templately: from n/a through 3.6.1.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42379/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T18:36:42.937000
2 posts
🔴 CVE-2026-7122 - Critical (9.8)
A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This impacts the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument enable leads to os command injection. It ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7122/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-7122 - Critical (9.8)
A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This impacts the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument enable leads to os command injection. It ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7122/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T18:35:53.583000
2 posts
🔴 CVE-2026-7136 - Critical (9.8)
A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. Affected by this issue is the function setDmzCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument wanIdx can lead to os ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7136/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-7136 - Critical (9.8)
A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. Affected by this issue is the function setDmzCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument wanIdx can lead to os ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7136/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T18:32:22.917000
2 posts
🟠 CVE-2026-31673 - High (7.8)
In the Linux kernel, the following vulnerability has been resolved:
af_unix: read UNIX_DIAG_VFS data under unix_state_lock
Exact UNIX diag lookups hold a reference to the socket, but not to
u->path. Meanwhile, unix_release_sock() clears u->path ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31673/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-31673 - High (7.8)
In the Linux kernel, the following vulnerability has been resolved:
af_unix: read UNIX_DIAG_VFS data under unix_state_lock
Exact UNIX diag lookups hold a reference to the socket, but not to
u->path. Meanwhile, unix_release_sock() clears u->path ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31673/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T18:32:22.917000
2 posts
🔴 CVE-2026-31682 - Critical (9.1)
In the Linux kernel, the following vulnerability has been resolved:
bridge: br_nd_send: linearize skb before parsing ND options
br_nd_send() parses neighbour discovery options from ns->opt[] and
assumes that these options are in the linear part ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31682/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-31682 - Critical (9.1)
In the Linux kernel, the following vulnerability has been resolved:
bridge: br_nd_send: linearize skb before parsing ND options
br_nd_send() parses neighbour discovery options from ns->opt[] and
assumes that these options are in the linear part ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31682/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T18:32:22.917000
2 posts
🟠 CVE-2026-31680 - High (7.8)
In the Linux kernel, the following vulnerability has been resolved:
net: ipv6: flowlabel: defer exclusive option free until RCU teardown
`ip6fl_seq_show()` walks the global flowlabel hash under the seq-file
RCU read-side lock and prints `fl->opt...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31680/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-31680 - High (7.8)
In the Linux kernel, the following vulnerability has been resolved:
net: ipv6: flowlabel: defer exclusive option free until RCU teardown
`ip6fl_seq_show()` walks the global flowlabel hash under the seq-file
RCU read-side lock and prints `fl->opt...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31680/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T18:32:22.917000
2 posts
🟠 CVE-2026-31678 - High (7.8)
In the Linux kernel, the following vulnerability has been resolved:
openvswitch: defer tunnel netdev_put to RCU release
ovs_netdev_tunnel_destroy() may run after NETDEV_UNREGISTER already
detached the device. Dropping the netdev reference in des...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31678/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-31678 - High (7.8)
In the Linux kernel, the following vulnerability has been resolved:
openvswitch: defer tunnel netdev_put to RCU release
ovs_netdev_tunnel_destroy() may run after NETDEV_UNREGISTER already
detached the device. Dropping the netdev reference in des...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31678/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T18:32:22.917000
2 posts
🟠 CVE-2026-31676 - High (7.5)
In the Linux kernel, the following vulnerability has been resolved:
rxrpc: only handle RESPONSE during service challenge
Only process RESPONSE packets while the service connection is still in
RXRPC_CONN_SERVICE_CHALLENGING. Check that state unde...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31676/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-31676 - High (7.5)
In the Linux kernel, the following vulnerability has been resolved:
rxrpc: only handle RESPONSE during service challenge
Only process RESPONSE packets while the service connection is still in
RXRPC_CONN_SERVICE_CHALLENGING. Check that state unde...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31676/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T18:32:22.917000
2 posts
🟠 CVE-2026-31675 - High (7.8)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: sch_netem: fix out-of-bounds access in packet corruption
In netem_enqueue(), the packet corruption logic uses
get_random_u32_below(skb_headlen(skb)) to select an inde...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31675/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-31675 - High (7.8)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: sch_netem: fix out-of-bounds access in packet corruption
In netem_enqueue(), the packet corruption logic uses
get_random_u32_below(skb_headlen(skb)) to select an inde...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31675/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T18:32:22.917000
2 posts
🔴 CVE-2026-31685 - Critical (9.4)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: ip6t_eui64: reject invalid MAC header for all packets
`eui64_mt6()` derives a modified EUI-64 from the Ethernet source address
and compares it with the low 64 bits of...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31685/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-31685 - Critical (9.4)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: ip6t_eui64: reject invalid MAC header for all packets
`eui64_mt6()` derives a modified EUI-64 from the Ethernet source address
and compares it with the low 64 bits of...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31685/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T18:32:22.917000
2 posts
🟠 CVE-2026-31683 - High (7.8)
In the Linux kernel, the following vulnerability has been resolved:
batman-adv: avoid OGM aggregation when skb tailroom is insufficient
When OGM aggregation state is toggled at runtime, an existing forwarded
packet may have been allocated with o...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31683/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-31683 - High (7.8)
In the Linux kernel, the following vulnerability has been resolved:
batman-adv: avoid OGM aggregation when skb tailroom is insufficient
When OGM aggregation state is toggled at runtime, an existing forwarded
packet may have been allocated with o...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31683/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T18:32:15
4 posts
1 repos
🟠 CVE-2026-38934 - High (8.8)
Cross Site Request Forgery vulnerability in diskoverdata diskover-community v.2.3.5. and before allows a remote attacker to escalate privileges and obtain sensitive information via the public/settings_process.php
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-38934/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-38934 - High (8.8)
Cross Site Request Forgery vulnerability in diskoverdata diskover-community v.2.3.5. and before allows a remote attacker to escalate privileges and obtain sensitive information via the public/settings_process.php
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-38934/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-38934 - High (8.8)
Cross Site Request Forgery vulnerability in diskoverdata diskover-community v.2.3.5. and before allows a remote attacker to escalate privileges and obtain sensitive information via the public/settings_process.php
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-38934/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-38934 - High (8.8)
Cross Site Request Forgery vulnerability in diskoverdata diskover-community v.2.3.5. and before allows a remote attacker to escalate privileges and obtain sensitive information via the public/settings_process.php
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-38934/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T18:32:15
4 posts
🔴 CVE-2026-7140 - Critical (9.8)
A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function CsteSystem of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument HTTP leads to os command injection. The at...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7140/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-7140 - Critical (9.8)
A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function CsteSystem of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument HTTP leads to os command injection. The at...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7140/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-7140 - Critical (9.8)
A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function CsteSystem of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument HTTP leads to os command injection. The at...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7140/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-7140 - Critical (9.8)
A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function CsteSystem of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument HTTP leads to os command injection. The at...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7140/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T18:32:15
2 posts
🔴 CVE-2026-7139 - Critical (9.8)
A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument mode causes os command injection. The a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7139/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-7139 - Critical (9.8)
A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument mode causes os command injection. The a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7139/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T18:32:15
2 posts
🟠 CVE-2026-41463 - High (8.8)
ProjeQtor versions 7.0 through 12.4.3 contain a ZipSlip path traversal vulnerability in the plugin upload functionality that allows authenticated attackers with upload permissions to write files outside the intended extraction directory by craftin...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41463/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-41463 - High (8.8)
ProjeQtor versions 7.0 through 12.4.3 contain a ZipSlip path traversal vulnerability in the plugin upload functionality that allows authenticated attackers with upload permissions to write files outside the intended extraction directory by craftin...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41463/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T18:32:15
2 posts
🔴 CVE-2026-7138 - Critical (9.8)
A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setNtpCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument tz results in os command inject...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7138/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-7138 - Critical (9.8)
A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setNtpCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument tz results in os command inject...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7138/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T18:32:15
2 posts
🔴 CVE-2026-7137 - Critical (9.8)
A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setStorageCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument sambaEnabled leads to os co...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7137/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-7137 - Critical (9.8)
A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setStorageCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument sambaEnabled leads to os co...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7137/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T18:32:09
2 posts
🟠 CVE-2025-69689 - High (8.8)
The Fan Control application V251 contains an improper privilege handling vulnerability in its Open File Dialog. The dialog processes user-supplied paths with elevated permissions, which can be exploited by a local attacker to perform actions with ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69689/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-69689 - High (8.8)
The Fan Control application V251 contains an improper privilege handling vulnerability in its Open File Dialog. The dialog processes user-supplied paths with elevated permissions, which can be exploited by a local attacker to perform actions with ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69689/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T18:32:07
2 posts
🔴 CVE-2026-30352 - Critical (9.8)
A remote code execution (RCE) vulnerability in the /devserver/start endpoint of leonvanzyl autocoder commit 79d02a allows attackers to execute arbitrary code via providing a crafted command parameter.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30352/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-30352 - Critical (9.8)
A remote code execution (RCE) vulnerability in the /devserver/start endpoint of leonvanzyl autocoder commit 79d02a allows attackers to execute arbitrary code via providing a crafted command parameter.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30352/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T18:32:07
2 posts
🔴 CVE-2026-41462 - Critical (9.8)
ProjeQtor versions 7.0 through 12.4.3 contain an unauthenticated SQL injection vulnerability in the login functionality where the login variable is directly concatenated into a SQL query without parameterization or sanitization. Attackers can inje...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41462/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-41462 - Critical (9.8)
ProjeQtor versions 7.0 through 12.4.3 contain an unauthenticated SQL injection vulnerability in the login functionality where the login variable is directly concatenated into a SQL query without parameterization or sanitization. Attackers can inje...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41462/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T18:32:06
2 posts
🔴 CVE-2026-33454 - Critical (9.4)
The Camel-Mail component is vulnerable to Camel message header injection. The custom header filter strategy used by the component (MailHeaderFilterStrategy) only filters the 'out' direction via setOutFilterStartsWith, while it does not configure t...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33454/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-33454 - Critical (9.4)
The Camel-Mail component is vulnerable to Camel message header injection. The custom header filter strategy used by the component (MailHeaderFilterStrategy) only filters the 'out' direction via setOutFilterStartsWith, while it does not configure t...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33454/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T18:32:06
2 posts
🟠 CVE-2026-40022 - High (8.2)
When authentication is enabled on the Apache Camel embedded HTTP server or embedded management server (camel-platform-http-main) and a non-root context path such as /api or /admin is configured via camel.server.path or camel.management.path, the B...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40022/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-40022 - High (8.2)
When authentication is enabled on the Apache Camel embedded HTTP server or embedded management server (camel-platform-http-main) and a non-root context path such as /api or /admin is configured via camel.server.path or camel.management.path, the B...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40022/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T18:32:05
2 posts
🔴 CVE-2026-41635 - Critical (9.8)
Apache MINA's AbstractIoBuffer.resolveClass() contains two branches, one of them (for static classes or primitive types) does not check the class at all, bypassing the classname allowlist and allowing arbitrary code to be executed.
The fix che...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41635/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-41635 - Critical (9.8)
Apache MINA's AbstractIoBuffer.resolveClass() contains two branches, one of them (for static classes or primitive types) does not check the class at all, bypassing the classname allowlist and allowing arbitrary code to be executed.
The fix che...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41635/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T18:32:05
2 posts
🔴 CVE-2026-40860 - Critical (9.8)
JmsBinding.extractBodyFromJms() in camel-jms, and the equivalent JmsBinding class in camel-sjms, deserialized the payload of incoming JMS ObjectMessage values via javax.jms.ObjectMessage.getObject() without applying any ObjectInputFilter, class al...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40860/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-40860 - Critical (9.8)
JmsBinding.extractBodyFromJms() in camel-jms, and the equivalent JmsBinding class in camel-sjms, deserialized the payload of incoming JMS ObjectMessage values via javax.jms.ObjectMessage.getObject() without applying any ObjectInputFilter, class al...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40860/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T18:32:05
2 posts
🔴 CVE-2026-40453 - Critical (9.9)
The fix for CVE-2025-27636 added setLowerCase(true) to HttpHeaderFilterStrategy so that case-variant header names such as 'CAmelExecCommandExecutable' are filtered out alongside 'CamelExecCommandExecutable'. The same setLowerCase(true) call was no...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40453/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-40453 - Critical (9.9)
The fix for CVE-2025-27636 added setLowerCase(true) to HttpHeaderFilterStrategy so that case-variant header names such as 'CAmelExecCommandExecutable' are filtered out alongside 'CamelExecCommandExecutable'. The same setLowerCase(true) call was no...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40453/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T18:32:05
2 posts
🟠 CVE-2026-40048 - High (7.8)
The Camel-PQC FileBasedKeyLifecycleManager class deserializes the contents of `.key` files in the configured key directory using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. The cast to `java.secu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40048/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-40048 - High (7.8)
The Camel-PQC FileBasedKeyLifecycleManager class deserializes the contents of `.key` files in the configured key directory using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. The cast to `java.secu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40048/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T17:59:05.297000
1 posts
🟠 CVE-2026-41066 - High (7.5)
lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration (with resolve_entities=True) allows untrusted XML input to read local files. Setting the resolve_ent...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41066/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T17:07:44.363000
1 posts
Apple Notfall-Update gegen Datenschutz-Loch
Apple hat gerade iOS/iPadOS 26.4.2 und iOS/iPadOS 18.7.8 veröffentlicht. Der einzige Zweck dieser Updates außer der Reihe besteht darin, die Sicherheitslücke CVE-2026-28950 zu schließen. Apple verschweigt (hier und hier), dass das FBI diese Lücke bereits ausgenutzt hat, um Informationen aus dem iPhone eines Verdächtigen auszulesen, die eigentlich geschützt sein sollten. Das geht so:
https://www.pc-fluesterer.info/wordpress/2026/04/27/apple-notfall-update-gegen-datenschutz-loch/
#Allgemein #Empfehlung #Hintergrund #Mobilfunk #Warnung #0day #apple #chat #datenschutz #ios #messenger #privacy #privatsphäre #sicherheit #spionage #UnplugApple #UnplugTrump #wissen
##updated 2026-04-27T16:43:12
1 posts
🟠 CVE-2026-40897 - High (8.8)
Math.js is an extensive math library for JavaScript and Node.js. From 13.1.1 to before 15.2.0, a vulnerability allowed executing arbitrary JavaScript via the expression parser of mathjs. You can be affected when you have an application where users...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40897/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T16:23:08
1 posts
📈 CVE Published in last 7 days (2026-04-20 - 2026-04-27)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1459
Severity:
- Critical: 124
- High: 358
- Medium: 586
- Low: 70
- None: 321
Status:
- : 40
- Analyzed: 313
- Awaiting Analysis: 570
- Deferred: 238
- Modified: 9
- Received: 124
- Rejected: 23
- Undergoing Analysis: 142
Top CNAs:
- GitHub, Inc.: 326
- kernel.org: 257
- VulnCheck: 119
- VulDB: 114
- Oracle: 102
- MITRE: 69
- Wordfence: 67
- Canonical Ltd.: 46
- Mozilla Corporation: 42
- N/A: 40
Top Affected Products:
- UNKNOWN: 1040
- Openclaw: 42
- Mozilla Firefox: 39
- Mozilla Thunderbird: 38
- Oracle Mysql Server: 25
- Wwbn Avideo: 18
- Flowiseai Flowise: 18
- Uutils Coreutils: 14
- Silextechnology Sd-330ac Firmware: 11
- Gitlab: 11
Top EPSS Score:
- CVE-2026-5965 - 6.34 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5965)
- CVE-2026-41179 - 5.98 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-41179)
- CVE-2026-40887 - 4.56 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-40887)
- CVE-2026-38834 - 3.22 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-38834)
- CVE-2026-41176 - 2.79 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-41176)
- CVE-2026-21571 - 1.10 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21571)
- CVE-2026-6799 - 1.06 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6799)
- CVE-2026-24467 - 0.76 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24467)
- CVE-2026-41472 - 0.67 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-41472)
- CVE-2019-25714 - 0.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2019-25714)
updated 2026-04-27T16:19:42
1 posts
🟠 CVE-2026-41433 - High (8.4)
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From 0.4.0 to before 0.8.0, a flaw in the Java agent injection path allows a local attacker controlling a Java workload to overwrite arbitrary ho...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41433/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T16:19:35
1 posts
🔴 CVE-2026-41428 - Critical (9.1)
Budibase is an open-source low-code platform. Prior to 3.35.4, the authenticated middleware uses unanchored regular expressions to match public (no-auth) endpoint patterns against ctx.request.url. Since ctx.request.url in Koa includes the query st...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41428/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T15:31:59
2 posts
1 repos
🔴 CVE-2026-33453 - Critical (10)
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Apache Camel Camel-Coap component.
Apache Camel's camel-coap component is vulnerable to Camel message header injection, leading to remote code executi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33453/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-33453 - Critical (10)
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Apache Camel Camel-Coap component.
Apache Camel's camel-coap component is vulnerable to Camel message header injection, leading to remote code executi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33453/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T15:31:01
2 posts
🔴 CVE-2026-7124 - Critical (9.8)
A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. Affected by this vulnerability is the function setIpv6LanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument addrPrefix...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7124/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-7124 - Critical (9.8)
A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. Affected by this vulnerability is the function setIpv6LanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument addrPrefix...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7124/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T15:31:00
2 posts
🔴 CVE-2026-7123 - Critical (9.8)
A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument setIptvCfg results in os command inject...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7123/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-7123 - Critical (9.8)
A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument setIptvCfg results in os command inject...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7123/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T15:31:00
2 posts
🔴 CVE-2026-7125 - Critical (9.8)
A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. Affected by this issue is the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument merge leads to os command...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7125/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-7125 - Critical (9.8)
A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. Affected by this issue is the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument merge leads to os command...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7125/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T15:30:52
4 posts
1 repos
🟠 CVE-2026-40473 - High (8.8)
The camel-mina component's MinaConverter.toObjectInput(IoBuffer) type converter wraps an IoBuffer in a java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. When a Camel route uses camel-mina as a TCP or U...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40473/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-40473 - High (8.8)
The camel-mina component's MinaConverter.toObjectInput(IoBuffer) type converter wraps an IoBuffer in a java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. When a Camel route uses camel-mina as a TCP or U...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40473/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-40473 - High (8.8)
The camel-mina component's MinaConverter.toObjectInput(IoBuffer) type converter wraps an IoBuffer in a java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. When a Camel route uses camel-mina as a TCP or U...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40473/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-40473 - High (8.8)
The camel-mina component's MinaConverter.toObjectInput(IoBuffer) type converter wraps an IoBuffer in a java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. When a Camel route uses camel-mina as a TCP or U...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40473/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T15:14:22.080000
1 posts
🟠 CVE-2026-41208 - High (8.8)
Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Versions of @paperclipai/server prior to 2026.416.0 contain a privilege escalation vulnerability that allows an attacker with an Agent API key to e...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41208/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T14:48:20.843000
1 posts
Ericsson CodeChecker (≤6.27.3) is vulnerable to CRITICAL auth bypass (CVE-2026-25660). Attackers can assign permissions via crafted URLs. Restrict access & monitor for changes. Patch not yet available. https://radar.offseq.com/threat/cve-2026-25660-cwe-290-authentication-bypass-by-sp-881e021f #OffSeq #vulnerability #CodeChecker #infosec
##updated 2026-04-27T12:30:49
2 posts
🟠 CVE-2026-5943 - High (7.8)
Document structural anomalies caused inconsistencies between page element relationships and internal index states. When scripts triggered document modifications, object reference validity was not properly maintained, leading to a crash when access...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5943/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-5943 - High (7.8)
Document structural anomalies caused inconsistencies between page element relationships and internal index states. When scripts triggered document modifications, object reference validity was not properly maintained, leading to a crash when access...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5943/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T12:30:49
2 posts
🔴 CVE-2026-7121 - Critical (9.8)
A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument wizard causes os command injection. It is possib...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7121/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-7121 - Critical (9.8)
A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument wizard causes os command injection. It is possib...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7121/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T12:30:49
2 posts
🟠 CVE-2026-7119 - High (8.8)
A vulnerability was detected in Tenda HG3 2.0. The impacted element is an unknown function of the file /boaform/formCountrystr. The manipulation of the argument countrystr results in os command injection. The attack may be performed from remote. T...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7119/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-7119 - High (8.8)
A vulnerability was detected in Tenda HG3 2.0. The impacted element is an unknown function of the file /boaform/formCountrystr. The manipulation of the argument countrystr results in os command injection. The attack may be performed from remote. T...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7119/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T12:30:45
2 posts
🟠 CVE-2026-5941 - High (7.8)
Parsing logic flaws cause non-signature data to be misidentified as valid signatures when processing malformed form field hierarchies, leading to invalid memory writes and program crashes during internal data structure construction.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5941/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-5941 - High (7.8)
Parsing logic flaws cause non-signature data to be misidentified as valid signatures when processing malformed form field hierarchies, leading to invalid memory writes and program crashes during internal data structure construction.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5941/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T12:30:44
2 posts
🔴 CVE-2026-22336 - Critical (9.3)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Directorist Booking allows SQL Injection.This issue affects Directorist Booking: from n/a before 3.0.2.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22336/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-22336 - Critical (9.3)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Directorist Booking allows SQL Injection.This issue affects Directorist Booking: from n/a before 3.0.2.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22336/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T09:34:46
2 posts
🟠 CVE-2026-7101 - High (8.8)
A vulnerability has been found in Tenda F456 1.0.0.5. This affects the function fromWrlclientSet of the file /goform/WrlclientSet of the component httpd. The manipulation leads to buffer overflow. Remote exploitation of the attack is possible. The...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7101/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-7101 - High (8.8)
A vulnerability has been found in Tenda F456 1.0.0.5. This affects the function fromWrlclientSet of the file /goform/WrlclientSet of the component httpd. The manipulation leads to buffer overflow. Remote exploitation of the attack is possible. The...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7101/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T09:34:40
2 posts
🟠 CVE-2026-7100 - High (8.8)
A flaw has been found in Tenda F456 1.0.0.5. The impacted element is the function fromNatlimitof of the file /goform/Natlimit of the component httpd. Executing a manipulation can lead to buffer overflow. The attack may be launched remotely. The ex...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7100/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-7100 - High (8.8)
A flaw has been found in Tenda F456 1.0.0.5. The impacted element is the function fromNatlimitof of the file /goform/Natlimit of the component httpd. Executing a manipulation can lead to buffer overflow. The attack may be launched remotely. The ex...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7100/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T09:34:40
2 posts
🟠 CVE-2026-7099 - High (8.8)
A vulnerability was detected in Tenda F456 1.0.0.5. The affected element is the function formQuickIndex of the file /goform/QuickIndex of the component httpd. Performing a manipulation of the argument mit_linktype results in buffer overflow. The a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7099/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-7099 - High (8.8)
A vulnerability was detected in Tenda F456 1.0.0.5. The affected element is the function formQuickIndex of the file /goform/QuickIndex of the component httpd. Performing a manipulation of the argument mit_linktype results in buffer overflow. The a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7099/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T09:34:40
2 posts
🟠 CVE-2026-7098 - High (8.8)
A security vulnerability has been detected in Tenda F456 1.0.0.5. Impacted is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. Such manipulation of the argument page leads to buffer overflow. The attack ca...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7098/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-7098 - High (8.8)
A security vulnerability has been detected in Tenda F456 1.0.0.5. Impacted is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. Such manipulation of the argument page leads to buffer overflow. The attack ca...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7098/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T06:31:33
3 posts
🛡️ CVE-2026-7081: HIGH-severity buffer overflow in Tenda F456 v1.0.0.5 (fromGstDhcpSetSer, httpd). Remote exploit possible, no patch yet. Limit remote access & watch for Tenda updates. Details: https://radar.offseq.com/threat/cve-2026-7081-buffer-overflow-in-tenda-f456-d90f75b6 #OffSeq #Vulnerability #Infosec #IoT
##🛡️ CVE-2026-7081: HIGH-severity buffer overflow in Tenda F456 v1.0.0.5 (fromGstDhcpSetSer, httpd). Remote exploit possible, no patch yet. Limit remote access & watch for Tenda updates. Details: https://radar.offseq.com/threat/cve-2026-7081-buffer-overflow-in-tenda-f456-d90f75b6 #OffSeq #Vulnerability #Infosec #IoT
##🟠 CVE-2026-7081 - High (8.8)
A vulnerability was detected in Tenda F456 1.0.0.5. Affected is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. Performing a manipulation of the argument dips results in buffer overflow. Remote exploitation...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7081/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T06:31:33
2 posts
⚠️ CVE-2026-7082: HIGH severity buffer overflow in Tenda F456 v1.0.0.5 (formWrlExtraSet in httpd). Attack is remote and exploit is public. Audit exposure & restrict remote mgmt ASAP. https://radar.offseq.com/threat/cve-2026-7082-buffer-overflow-in-tenda-f456-cc536e34 #OffSeq #Vulnerability #Tenda #CVE20267082
##🟠 CVE-2026-7082 - High (8.8)
A flaw has been found in Tenda F456 1.0.0.5. Affected by this vulnerability is the function formWrlExtraSet of the file /goform/WrlExtraSet of the component httpd. Executing a manipulation of the argument Go can lead to buffer overflow. The attack...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7082/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T03:30:34
1 posts
🟠 CVE-2026-7079 - High (8.8)
A weakness has been identified in Tenda F456 1.0.0.5. This affects the function fromAdvSetWan of the file /goform/AdvSetWan of the component httpd. This manipulation of the argument wanmode causes buffer overflow. The attack may be initiated remot...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7079/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T03:30:34
1 posts
🟠 CVE-2026-7078 - High (8.8)
A security flaw has been discovered in Tenda F456 1.0.0.5. The impacted element is the function fromSetIpBind of the file /goform/SetIpBind of the component httpd. The manipulation of the argument page results in buffer overflow. The attack can be...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7078/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T03:30:34
1 posts
🟠 CVE-2026-7106 - High (8.8)
The Highland Software Custom Role Manager plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 1.0.0. This is due to insufficient authorization checks in the hscrm_save_user_roles() function, which is hooked t...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7106/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T00:30:33
1 posts
🟠 CVE-2026-7069 - High (8)
A security flaw has been discovered in D-Link DIR-825 up to 3.00b32. This impacts the function AddPortMapping of the file upnpsoap.c of the component miniupnpd. Performing a manipulation of the argument NewPortMappingDescription results in buffer ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7069/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T00:30:33
1 posts
🟠 CVE-2026-7068 - High (8.8)
A vulnerability was identified in D-Link DIR-825 3.00b32. This affects the function NMBD_process of the file sserver.c of the component nmbd. Such manipulation leads to buffer overflow. The attack can only be initiated within the local network. Th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7068/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T00:30:33
1 posts
🟠 CVE-2026-7055 - High (8.8)
A security vulnerability has been detected in Tenda F456 1.0.0.5. This issue affects the function fromVirtualSer of the file /goform/VirtualSer of the component httpd. The manipulation of the argument menufacturer/Go leads to buffer overflow. The ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7055/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T00:30:33
1 posts
🟠 CVE-2026-7054 - High (8.8)
A weakness has been identified in Tenda F456 1.0.0.5. This vulnerability affects the function fromPptpUserAdd of the file /goform/PPTPDClient of the component httpd. Executing a manipulation of the argument opttype/usernamewith can lead to buffer ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7054/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T00:30:33
1 posts
🟠 CVE-2026-7053 - High (8.8)
A security flaw has been discovered in Tenda F456 1.0.0.5. This affects the function frmL7ProtForm of the file /goform/L7Prot of the component httpd. Performing a manipulation of the argument page results in buffer overflow. Remote exploitation of...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7053/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T00:30:28
2 posts
⚠️ HIGH severity: OS command injection in JPCERT/CC LogonTracer before v2.0.0 (CVE-2026-33277). Logged-in users can run arbitrary OS commands. Restrict access & monitor logs until patch available. https://radar.offseq.com/threat/cve-2026-33277-improper-neutralization-of-special--31d12542 #OffSeq #Vuln #LogonTracer #Infosec
##🟠 CVE-2026-33277 - High (8.8)
An OS command Injection issue exists in LogonTracer prior to v2.0.0. An arbitrary OS command may be executed by a logged-in user.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33277/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T00:30:27
2 posts
🚨CRITICAL: CVE-2026-42363 in GeoVision GV-IP Device Utility 9.0.5 exposes admin creds via UDP broadcast with weak encryption. Attackers on LAN can take full control. Limit access, avoid untrusted networks, and watch for patches. https://radar.offseq.com/threat/cve-2026-42363-cwe-656-reliance-on-security-throug-65391bf4 #OffSeq #infosec #IoTSecurity
##🔴 CVE-2026-42363 - Critical (9.3)
An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigge...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42363/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-26T21:30:30
2 posts
⚠️ New security advisory:
CVE-2026-6786 affects multiple systems.
• Impact: Significant security breach potential
• Risk: Unauthorized access or data exposure
• Mitigation: Apply patches within 24-48 hours
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-6786-firefox-memory-corruption-could-run-code
🟠 CVE-2026-6786 - High (8.1)
Memory safety bugs present in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6786/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-26T15:30:27
1 posts
🟠 CVE-2026-7039 - High (7.8)
A security vulnerability has been detected in tufantunc ssh-mcp up to 1.5.0. The affected element is the function shell.write of the file src/index.ts. Such manipulation of the argument Description leads to command injection. The attack must be ca...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7039/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-26T12:31:47
2 posts
CVE-2026-7037: Totolink A8000RU (7.1cu.643_b20200521) — CRITICAL OS command injection flaw. Remote, unauthenticated exploit enables full device compromise. Restrict access & monitor systems. No patch yet. https://radar.offseq.com/threat/cve-2026-7037-os-command-injection-in-totolink-a80-052cff94 #OffSeq #CVE #infosec #IoT
##🔴 CVE-2026-7037 - Critical (9.8)
A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument pptpPassThru results in os c...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7037/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-26T12:31:47
1 posts
🟠 CVE-2026-7034 - High (8.8)
A vulnerability was found in Tenda FH1202 1.2.0.14(408). Affected by this issue is the function WrlExtraSet of the file /goform/WrlExtraSet of the component httpd. Performing a manipulation of the argument Go results in stack-based buffer overflow...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7034/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-26T12:31:47
1 posts
🟠 CVE-2026-7033 - High (8.8)
A vulnerability has been found in Tenda F456 1.0.0.5. Affected by this vulnerability is the function fromSafeClientFilter of the file /goform/SafeClientFilter. Such manipulation of the argument menufacturer/Go leads to buffer overflow. The attack ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7033/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-26T12:31:47
1 posts
🟠 CVE-2026-7032 - High (8.8)
A flaw has been found in Tenda F456 1.0.0.5. Affected is the function SafeEmailFilter of the file /goform/SafeEmailFilter. This manipulation of the argument page causes buffer overflow. The attack can be initiated remotely. The exploit has been pu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7032/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-26T12:31:47
2 posts
🔒 CVE-2026-7031: HIGH-severity buffer overflow in Tenda F456 (v1.0.0.5). Remote, no user interaction needed. Exploit public, no patch yet. Limit device exposure & monitor for updates. More: https://radar.offseq.com/threat/cve-2026-7031-buffer-overflow-in-tenda-f456-f28ef6c0 #OffSeq #Vulnerability #IoTSecurity #NetSec
##🟠 CVE-2026-7031 - High (8.8)
A vulnerability was detected in Tenda F456 1.0.0.5. This impacts the function fromSafeMacFilter of the file /goform/SafeMacFilter. The manipulation of the argument page results in buffer overflow. It is possible to launch the attack remotely. The ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7031/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-26T12:31:36
1 posts
🟠 CVE-2026-7030 - High (8.8)
A security vulnerability has been detected in Tenda F456 1.0.0.5. This affects the function fromRouteStatic of the file /goform/RouteStatic. The manipulation of the argument page leads to buffer overflow. It is possible to initiate the attack remo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7030/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-26T09:32:42
1 posts
1 repos
MEDIUM severity: CVE-2026-7028 impacts CodeAstro Online Job Portal 1.0. SQL injection possible via /admin/jobs-admins/delete-jobs.php (ID param). Exploit is public — monitor for attacks and restrict access! https://radar.offseq.com/threat/cve-2026-7028-sql-injection-in-codeastro-online-jo-7d79de51 #OffSeq #SQLi #Vulnerability #InfoSec
##updated 2026-04-26T06:31:22
2 posts
🛑 HIGH severity: Buffer overflow in Tenda F456 (v1.0.0.5) via /goform/P2pListFilter ('menufacturer/Go'). Public exploit available, no patch. Limit exposure & monitor systems. CVE-2026-7019. https://radar.offseq.com/threat/cve-2026-7019-buffer-overflow-in-tenda-f456-8fc2e156 #OffSeq #Tenda #Vuln #BufferOverflow
##🟠 CVE-2026-7019 - High (8.8)
A vulnerability was identified in Tenda F456 1.0.0.5. The impacted element is the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument menufacturer/Go leads to buffer overflow. The attack is possible to be...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7019/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-26T06:31:21
1 posts
⚠️ CVE-2026-42255 (HIGH): Technitium DNS Server <15.0 is vulnerable to DNS amplification via cyclic delegation (CWE-684). No patch yet — monitor DNS traffic & apply filtering. https://radar.offseq.com/threat/cve-2026-42255-cwe-684-incorrect-provision-of-spec-30347b11 #OffSeq #DNS #Infosec #Vuln
##updated 2026-04-26T03:30:26
1 posts
⚠️ CVE-2026-7015: MEDIUM XSS in MaxSite CMS (109.0 – 109.3) via Guestbook Plugin. Exploit public — remote attackers can target f_text/f_slug/f_limit/f_email. Patch in 109.4 (8a3946bd...). Upgrade now. Details: https://radar.offseq.com/threat/cve-2026-7015-cross-site-scripting-in-maxsite-cms-49304643 #OffSeq #XSS #MaxSiteCMS #Vuln
##updated 2026-04-25T18:33:03
1 posts
🚨 HIGH severity (CVSS 8.6) OS command injection in Linksys MR9600 (2.0.6.206937) — CVE-2026-6992. Remote attackers can gain control via the 'pin' argument. Exploit is public, no fix yet. Restrict remote access & monitor closely. https://radar.offseq.com/threat/cve-2026-6992-os-command-injection-in-linksys-mr96-18ae6106 #OffSeq #Vulnerability #Linksys
##updated 2026-04-25T06:30:30
3 posts
simple-git (the Node.js git wrapper sitting inside half of npm build pipelines) disclosed CVE-2026-6951 on April 25. Severity 9.8. It lets an attacker run any command on the build server. The new patch finishes a 2022 patch that blocked the "-c" flag and forgot "--config" was the same option. Snyk pulled telemetry: 73% of 9M weekly installs were on the broken patch at disclosure.
##🔴 CVE-2026-6951 - Critical (9.8)
Versions of the package simple-git before 3.36.0 are vulnerable to Remote Code Execution (RCE) due to an incomplete fix for [CVE-2022-25912](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3112221) that blocks the -c option but not the equivalent ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6951/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚩 CRITICAL: CVE-2026-6951 in simple-git <3.36.0 enables remote code execution via untrusted input to the options argument. Upgrade or block untrusted input! Impact: full system compromise. More: https://radar.offseq.com/threat/cve-2026-6951-remote-code-execution-rce-in-simple--178a7d4e #OffSeq #RCE #simplegit #Security
##updated 2026-04-24T21:33:02
1 posts
🔴 CVE-2025-50229 - Critical (9.8)
Jizhicms v2.5.4 is vulnerable to SQL injection in the product editing module.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-50229/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-24T21:33:00
3 posts
1 repos
🚨 [CISA-2026:0424] CISA Adds 4 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0424)
CISA has added 4 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2024-57726 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-57726)
- Name: SimpleHelp Missing Authorization Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SimpleHelp
- Product: SimpleHelp
- Notes: https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier ; https://nvd.nist.gov/vuln/detail/CVE-2024-57726
⚠️ CVE-2024-57728 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-57728)
- Name: SimpleHelp Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SimpleHelp
- Product: SimpleHelp
- Notes: https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier ; https://nvd.nist.gov/vuln/detail/CVE-2024-57728
⚠️ CVE-2024-7399 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-7399)
- Name: Samsung MagicINFO 9 Server Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Samsung
- Product: MagicINFO 9 Server
- Notes: https://security.samsungtv.com/securityUpdates ; https://nvd.nist.gov/vuln/detail/CVE-2024-7399
⚠️ CVE-2025-29635 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-29635)
- Name: D-Link DIR-823X Command Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: D-Link
- Product: DIR-823X
- Notes: https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10469 ; https://nvd.nist.gov/vuln/detail/CVE-2025-29635
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260424 #cisa20260424 #cve_2024_57726 #cve_2024_57728 #cve_2024_7399 #cve_2025_29635 #cve202457726 #cve202457728 #cve20247399 #cve202529635
##CVE ID: CVE-2024-7399
Vendor: Samsung
Product: MagicINFO 9 Server
Date Added: 2026-04-24
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2024-7399
Broadcom has a new advisory for a critical vulnerability:
Common Components and Services for z/OS 15.0 Vulnerability in CCS Apache Tomcat https://support.broadcom.com/web/ecx/security-advisory #Broadcom #Apache
CISA has updated the KEV catalogue:
- CVE-2024-57726: SimpleHelp Missing Authorization Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-57726
- CVE-2024-57728: SimpleHelp Path Traversal Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-57728
- CVE-2024-7399: Samsung MagicINFO 9 Server Path Traversal Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-7399
- CVE-2025-29635: D-Link DIR-823X Command Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-29635 #CISA #Samsung #DLink
Cisco has two advisories for high-severity vulnerabilities:
- CVE-2023-20185: Cisco ACI Multi-Site CloudSec Encryption Information Disclosure Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-cloudsec-enc-Vs5Wn2sX
- Informational, updated today: Continued Evolution of Persistence Mechanism Against Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-persist-CISAED25-03 @TalosSecurity #Cisco #infosec #vulnerability
##updated 2026-04-24T21:32:03
1 posts
📈 CVE Published in last 7 days (2026-04-20 - 2026-04-27)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1459
Severity:
- Critical: 124
- High: 358
- Medium: 586
- Low: 70
- None: 321
Status:
- : 40
- Analyzed: 313
- Awaiting Analysis: 570
- Deferred: 238
- Modified: 9
- Received: 124
- Rejected: 23
- Undergoing Analysis: 142
Top CNAs:
- GitHub, Inc.: 326
- kernel.org: 257
- VulnCheck: 119
- VulDB: 114
- Oracle: 102
- MITRE: 69
- Wordfence: 67
- Canonical Ltd.: 46
- Mozilla Corporation: 42
- N/A: 40
Top Affected Products:
- UNKNOWN: 1040
- Openclaw: 42
- Mozilla Firefox: 39
- Mozilla Thunderbird: 38
- Oracle Mysql Server: 25
- Wwbn Avideo: 18
- Flowiseai Flowise: 18
- Uutils Coreutils: 14
- Silextechnology Sd-330ac Firmware: 11
- Gitlab: 11
Top EPSS Score:
- CVE-2026-5965 - 6.34 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5965)
- CVE-2026-41179 - 5.98 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-41179)
- CVE-2026-40887 - 4.56 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-40887)
- CVE-2026-38834 - 3.22 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-38834)
- CVE-2026-41176 - 2.79 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-41176)
- CVE-2026-21571 - 1.10 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21571)
- CVE-2026-6799 - 1.06 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6799)
- CVE-2026-24467 - 0.76 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24467)
- CVE-2026-41472 - 0.67 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-41472)
- CVE-2019-25714 - 0.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2019-25714)
updated 2026-04-24T21:32:00
1 posts
🟠 CVE-2026-41044 - High (8.8)
Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All.
An authenticated attacker can use the admin web console page to construct a malici...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41044/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-24T21:32:00
1 posts
🟠 CVE-2026-40466 - High (8.8)
Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ.
An authenticated attacker may bypass the fix in CVE-2026-34197 by adding a conne...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40466/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-24T21:32:00
1 posts
🟠 CVE-2026-23902 - High (8.1)
Incorrect Authorization vulnerability in Apache DolphinScheduler allows authenticated users with system login permissions to use tenants that are not defined on the platform during workflow execution.
This issue affects Apache DolphinScheduler ve...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23902/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-24T21:10:19
1 posts
📈 CVE Published in last 7 days (2026-04-20 - 2026-04-27)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1459
Severity:
- Critical: 124
- High: 358
- Medium: 586
- Low: 70
- None: 321
Status:
- : 40
- Analyzed: 313
- Awaiting Analysis: 570
- Deferred: 238
- Modified: 9
- Received: 124
- Rejected: 23
- Undergoing Analysis: 142
Top CNAs:
- GitHub, Inc.: 326
- kernel.org: 257
- VulnCheck: 119
- VulDB: 114
- Oracle: 102
- MITRE: 69
- Wordfence: 67
- Canonical Ltd.: 46
- Mozilla Corporation: 42
- N/A: 40
Top Affected Products:
- UNKNOWN: 1040
- Openclaw: 42
- Mozilla Firefox: 39
- Mozilla Thunderbird: 38
- Oracle Mysql Server: 25
- Wwbn Avideo: 18
- Flowiseai Flowise: 18
- Uutils Coreutils: 14
- Silextechnology Sd-330ac Firmware: 11
- Gitlab: 11
Top EPSS Score:
- CVE-2026-5965 - 6.34 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5965)
- CVE-2026-41179 - 5.98 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-41179)
- CVE-2026-40887 - 4.56 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-40887)
- CVE-2026-38834 - 3.22 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-38834)
- CVE-2026-41176 - 2.79 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-41176)
- CVE-2026-21571 - 1.10 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21571)
- CVE-2026-6799 - 1.06 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6799)
- CVE-2026-24467 - 0.76 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24467)
- CVE-2026-41472 - 0.67 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-41472)
- CVE-2019-25714 - 0.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2019-25714)
updated 2026-04-24T21:01:23
1 posts
🟠 CVE-2026-41273 - High (8.2)
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise contains an authentication bypass vulnerability that allows an unauthenticated attacker to obtain OAuth 2.0 access tokens associated w...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41273/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-24T21:01:15
1 posts
🟠 CVE-2026-41275 - High (7.5)
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the password reset functionality on cloud.flowiseai.com sends a reset password link over the unsecured HTTP protocol instead of HTTPS. This be...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41275/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-24T21:01:10
1 posts
🔴 CVE-2026-41276 - Critical (9.8)
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, this vulnerability allows remote attackers to bypass authentication on affected installations of FlowiseAI Flowise. Authentication is not requ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41276/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-24T21:01:05
1 posts
🟠 CVE-2026-41277 - High (8.8)
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Mass Assignment vulnerability in the DocumentStore creation endpoint allows authenticated users to control the primary key (id) and internal...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41277/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-24T21:00:53
1 posts
🟠 CVE-2026-41279 - High (7.5)
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the text-to-speech generation endpoint (POST /api/v1/text-to-speech/generate) is whitelisted (no auth) and accepts a credentialId directly in ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41279/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-24T20:58:07
1 posts
🔴 CVE-2026-41265 - Critical (9.8)
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the specific flaw exists within the run method of the Airtable_Agents class. The issue results from the lack of proper sandboxing when evaluat...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41265/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-24T20:58:07
1 posts
🟠 CVE-2026-41266 - High (7.5)
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, /api/v1/public-chatbotConfig/:id ep exposes sensitive data including API keys, HTTP authorization headers and internal configuration without a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41266/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-24T20:52:12
1 posts
🟠 CVE-2026-41180 - High (7.5)
PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.4.3, the upload PATCH flow under `/files/:uploadId` validates the mounted request path using the still-encoded `req.path`, but the downstream tus handler later wr...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41180/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-24T20:44:06
1 posts
🟠 CVE-2026-41137 - High (8.8)
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, The CSVAgent allows providing a custom Pandas CSV read code. Due to lack of sanitization, an attacker can provide a command injection payload ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41137/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-24T19:27:00.700000
3 posts
🚨 [CISA-2026:0424] CISA Adds 4 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0424)
CISA has added 4 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2024-57726 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-57726)
- Name: SimpleHelp Missing Authorization Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SimpleHelp
- Product: SimpleHelp
- Notes: https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier ; https://nvd.nist.gov/vuln/detail/CVE-2024-57726
⚠️ CVE-2024-57728 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-57728)
- Name: SimpleHelp Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SimpleHelp
- Product: SimpleHelp
- Notes: https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier ; https://nvd.nist.gov/vuln/detail/CVE-2024-57728
⚠️ CVE-2024-7399 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-7399)
- Name: Samsung MagicINFO 9 Server Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Samsung
- Product: MagicINFO 9 Server
- Notes: https://security.samsungtv.com/securityUpdates ; https://nvd.nist.gov/vuln/detail/CVE-2024-7399
⚠️ CVE-2025-29635 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-29635)
- Name: D-Link DIR-823X Command Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: D-Link
- Product: DIR-823X
- Notes: https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10469 ; https://nvd.nist.gov/vuln/detail/CVE-2025-29635
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260424 #cisa20260424 #cve_2024_57726 #cve_2024_57728 #cve_2024_7399 #cve_2025_29635 #cve202457726 #cve202457728 #cve20247399 #cve202529635
##CVE ID: CVE-2024-57728
Vendor: SimpleHelp
Product: SimpleHelp
Date Added: 2026-04-24
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2024-57728
Broadcom has a new advisory for a critical vulnerability:
Common Components and Services for z/OS 15.0 Vulnerability in CCS Apache Tomcat https://support.broadcom.com/web/ecx/security-advisory #Broadcom #Apache
CISA has updated the KEV catalogue:
- CVE-2024-57726: SimpleHelp Missing Authorization Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-57726
- CVE-2024-57728: SimpleHelp Path Traversal Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-57728
- CVE-2024-7399: Samsung MagicINFO 9 Server Path Traversal Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-7399
- CVE-2025-29635: D-Link DIR-823X Command Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-29635 #CISA #Samsung #DLink
Cisco has two advisories for high-severity vulnerabilities:
- CVE-2023-20185: Cisco ACI Multi-Site CloudSec Encryption Information Disclosure Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-cloudsec-enc-Vs5Wn2sX
- Informational, updated today: Continued Evolution of Persistence Mechanism Against Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-persist-CISAED25-03 @TalosSecurity #Cisco #infosec #vulnerability
##updated 2026-04-24T18:31:18
2 posts
🔥 CVE-2026-39920: BridgeHead FileStore <24A has a CRITICAL flaw — Apache Axis2 admin exposed with default creds, allowing unauthenticated remote OS command execution. Restrict access, change creds & monitor! Patch status pending. https://radar.offseq.com/threat/cve-2026-39920-cwe-1188-initialization-of-a-resour-596011eb #OffSeq #Vuln #Cybersecurity
##🔴 CVE-2026-39920 - Critical (9.8)
BridgeHead FileStore versions prior to 24A (released in early 2024) expose the Apache Axis2 administration module on network-accessible endpoints with default credentials that allows unauthenticated remote attackers to execute arbitrary OS command...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-39920/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-24T18:30:36
4 posts
Mirai Botnet Exploits Critical RCE Flaw in End-of-Life D-Link Routers
A Mirai-based botnet campaign is actively exploiting CVE-2025-29635, a command injection flaw in end-of-life D-Link DIR-823X routers, to execute remote code via crafted POST requests and enlist devices for DDoS attacks.
**If you are using D-Link DIR-823X routerm you are under attack. Make sure its management interface is isolated from the internet and accessible only from trusted networks. Since this device is end-of-life with no patch coming for CVE-2025-29635, replace it with a currently supported model.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/mirai-botnet-exploits-critical-rce-flaw-in-end-of-life-d-link-routers-9-9-w-1-p/gD2P6Ple2L
🚨 [CISA-2026:0424] CISA Adds 4 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0424)
CISA has added 4 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2024-57726 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-57726)
- Name: SimpleHelp Missing Authorization Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SimpleHelp
- Product: SimpleHelp
- Notes: https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier ; https://nvd.nist.gov/vuln/detail/CVE-2024-57726
⚠️ CVE-2024-57728 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-57728)
- Name: SimpleHelp Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SimpleHelp
- Product: SimpleHelp
- Notes: https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier ; https://nvd.nist.gov/vuln/detail/CVE-2024-57728
⚠️ CVE-2024-7399 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-7399)
- Name: Samsung MagicINFO 9 Server Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Samsung
- Product: MagicINFO 9 Server
- Notes: https://security.samsungtv.com/securityUpdates ; https://nvd.nist.gov/vuln/detail/CVE-2024-7399
⚠️ CVE-2025-29635 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-29635)
- Name: D-Link DIR-823X Command Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: D-Link
- Product: DIR-823X
- Notes: https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10469 ; https://nvd.nist.gov/vuln/detail/CVE-2025-29635
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260424 #cisa20260424 #cve_2024_57726 #cve_2024_57728 #cve_2024_7399 #cve_2025_29635 #cve202457726 #cve202457728 #cve20247399 #cve202529635
##CVE ID: CVE-2025-29635
Vendor: D-Link
Product: DIR-823X
Date Added: 2026-04-24
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-29635
Broadcom has a new advisory for a critical vulnerability:
Common Components and Services for z/OS 15.0 Vulnerability in CCS Apache Tomcat https://support.broadcom.com/web/ecx/security-advisory #Broadcom #Apache
CISA has updated the KEV catalogue:
- CVE-2024-57726: SimpleHelp Missing Authorization Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-57726
- CVE-2024-57728: SimpleHelp Path Traversal Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-57728
- CVE-2024-7399: Samsung MagicINFO 9 Server Path Traversal Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-7399
- CVE-2025-29635: D-Link DIR-823X Command Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-29635 #CISA #Samsung #DLink
Cisco has two advisories for high-severity vulnerabilities:
- CVE-2023-20185: Cisco ACI Multi-Site CloudSec Encryption Information Disclosure Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-cloudsec-enc-Vs5Wn2sX
- Informational, updated today: Continued Evolution of Persistence Mechanism Against Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-persist-CISAED25-03 @TalosSecurity #Cisco #infosec #vulnerability
##updated 2026-04-24T18:30:36
3 posts
🚨 [CISA-2026:0424] CISA Adds 4 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0424)
CISA has added 4 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2024-57726 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-57726)
- Name: SimpleHelp Missing Authorization Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SimpleHelp
- Product: SimpleHelp
- Notes: https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier ; https://nvd.nist.gov/vuln/detail/CVE-2024-57726
⚠️ CVE-2024-57728 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-57728)
- Name: SimpleHelp Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SimpleHelp
- Product: SimpleHelp
- Notes: https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier ; https://nvd.nist.gov/vuln/detail/CVE-2024-57728
⚠️ CVE-2024-7399 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-7399)
- Name: Samsung MagicINFO 9 Server Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Samsung
- Product: MagicINFO 9 Server
- Notes: https://security.samsungtv.com/securityUpdates ; https://nvd.nist.gov/vuln/detail/CVE-2024-7399
⚠️ CVE-2025-29635 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-29635)
- Name: D-Link DIR-823X Command Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: D-Link
- Product: DIR-823X
- Notes: https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10469 ; https://nvd.nist.gov/vuln/detail/CVE-2025-29635
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260424 #cisa20260424 #cve_2024_57726 #cve_2024_57728 #cve_2024_7399 #cve_2025_29635 #cve202457726 #cve202457728 #cve20247399 #cve202529635
##CVE ID: CVE-2024-57726
Vendor: SimpleHelp
Product: SimpleHelp
Date Added: 2026-04-24
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2024-57726
Broadcom has a new advisory for a critical vulnerability:
Common Components and Services for z/OS 15.0 Vulnerability in CCS Apache Tomcat https://support.broadcom.com/web/ecx/security-advisory #Broadcom #Apache
CISA has updated the KEV catalogue:
- CVE-2024-57726: SimpleHelp Missing Authorization Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-57726
- CVE-2024-57728: SimpleHelp Path Traversal Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-57728
- CVE-2024-7399: Samsung MagicINFO 9 Server Path Traversal Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-7399
- CVE-2025-29635: D-Link DIR-823X Command Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-29635 #CISA #Samsung #DLink
Cisco has two advisories for high-severity vulnerabilities:
- CVE-2023-20185: Cisco ACI Multi-Site CloudSec Encryption Information Disclosure Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-cloudsec-enc-Vs5Wn2sX
- Informational, updated today: Continued Evolution of Persistence Mechanism Against Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-persist-CISAED25-03 @TalosSecurity #Cisco #infosec #vulnerability
##updated 2026-04-24T17:56:41.280000
2 posts
🟠 CVE-2026-6912 - High (8.8)
Improperly controlled modification of dynamically-determined object attributes in the Cognito User Pool configuration in AWS Ops Wheel before PR #165 allows remote authenticated users to escalate to deployment admin privileges and manage Cognito u...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6912/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Issue with AWS Ops Wheel (CVE-2026-6911 and CVE-2026-6912
Bulletin ID: 2026-018-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/04/24 09:15 AM PDT
Description:
AWS Ops Wheel is an open-source tool that helps teams make random selections using a virtua...
https://aws.amazon.com/security/security-bulletins/rss/2026-018-aws/
##updated 2026-04-24T16:37:54.877000
1 posts
🟠 CVE-2026-41271 - High (8.3)
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery (SSRF) vulnerability exists in FlowiseAI's POST/GET API Chain components that allows unauthenticated attackers t...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41271/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-24T16:31:51.023000
1 posts
🟠 CVE-2026-41278 - High (7.5)
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GET /api/v1/public-chatflows/:id endpoint returns the full chatflow object without sanitization for public chatflows. Docker validation re...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41278/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-24T16:25:17
1 posts
🟠 CVE-2026-33524 - High (7.5)
Zserio is a framework for serializing structured data with a compact and efficient way with low overhead. Prior to 2.18.1, a crafted payload as small as 4-5 bytes can force memory allocations of up to 16 GB, crashing any process with an OOM error ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33524/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-24T16:15:29
2 posts
⚠️ CRITICAL: dgraph-io Dgraph (< 25.3.3) leaks admin tokens via unauthenticated /debug/vars endpoint. Attackers can gain admin access! Patch to 25.3.3+ ASAP. CVE-2026-41492 | More: https://radar.offseq.com/threat/cve-2026-41492-cwe-200-exposure-of-sensitive-infor-932f1edf #OffSeq #CVE202641492 #Dgraph #Vulnerability
##🔴 CVE-2026-41492 - Critical (9.8)
Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, Dgraphl exposes the process command line through the unauthenticated /debug/vars endpoint on Alpha. Because the admin token is commonly supplied via the --security "token=..."...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41492/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-24T15:41:25
3 posts
🚨 CRITICAL vuln: CVE-2026-41327 in dgraph-io dgraph (<25.3.3). Unauthenticated attacker can exfiltrate all DB data with a crafted POST via upsert mutation. Upgrade to 25.3.3+ or enable ACL ASAP! https://radar.offseq.com/threat/cve-2026-41327-cwe-943-improper-neutralization-of--8885efbe #OffSeq #Vuln #GraphQL #DataLeak
##🔴 CVE-2026-41327 - Critical (9.1)
Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default configur...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41327/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-41327 - Critical (9.1)
Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default configur...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41327/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-24T15:33:39
1 posts
🟠 CVE-2026-21728 - High (7.5)
Tempo queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy.
Mitigation can be done by setting max_result_limit in the search config, e.g. to 262144 (2^...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21728/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-24T15:33:34
2 posts
@andrewnez hm, is that search correct? The 343 on linked NVD page seems to include e.g. CVE-2026-6919 which isnt really related?
It's not an in any way relevant difference (4 false associations) but now I am really curious why those are associated....
##🔴 CVE-2026-6919 - Critical (9.6)
Use after free in DevTools in Google Chrome prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6919/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-24T15:32:39
2 posts
🔵 THREAT INTELLIGENCE
Weekly Threat Roundup: 2026-04-20 to 2026-04-26
Roundup | CRITICAL
CVEs: CVE-2026-21515, CVE-2026-32613, CVE-2026-33819
Cybersecurity roundup for 2026-04-20 to 2026-04-26. 10 CVE advisories, 2 breach reports, 5 threat news stories.
Full analysis:
https://www.yazoul.net/news/article/2026-w17-weekly-threat-roundup
🔴 CVE-2026-21515 - Critical (9.9)
Exposure of sensitive information to an unauthorized actor in Azure IOT Central allows an authorized attacker to elevate privileges over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21515/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-24T15:32:39
1 posts
🟠 CVE-2026-5367 - High (8.6)
A flaw was found in OVN (Open Virtual Network). A remote attacker, by sending crafted DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SOLICIT packets with an inflated Client ID length, could cause the ovn-controller to read beyond the bounds...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5367/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-24T15:15:17.923000
1 posts
🔴 CVE-2026-41264 - Critical (9.8)
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the specific flaw exists within the run method of the CSV_Agents class. The issue results from the lack of proper sandboxing when evaluating a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41264/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-24T14:50:56.203000
1 posts
Tenable Fixes High-Severity Nessus Agent Flaw That Could Grant SYSTEM-Level Access on Windows
Introduction Tenable has released an urgent security update after discovering a serious vulnerability in its widely used Nessus Agent software for Windows. The flaw, identified as CVE-2026-33694, could allow attackers with limited local access to escalate privileges and potentially execute malicious code with SYSTEM-level permissions, the highest privilege level in Windows…
##updated 2026-04-24T14:39:56.310000
1 posts
🟠 CVE-2026-27841 - High (8.1)
A vulnerability in SenseLive X3050's web management interface allows state-changing operations to be triggered without proper Cross-Site Request Forgery (CSRF) protections. Because the application does not enforce server-side validation of reque...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27841/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-24T14:39:56.310000
1 posts
🔴 CVE-2026-27843 - Critical (9.1)
A vulnerability exists in SenseLive X3050's web management interface that allows critical configuration parameters to be modified without sufficient authentication or server-side validation. By applying unsupported or disruptive values to recover...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27843/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-24T14:39:28.770000
1 posts
🔴 CVE-2026-1950 - Critical (9.8)
Delta Electronics AS320T has
No checking of the length of the buffer with the file name vulnerability.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1950/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-24T09:30:36
1 posts
🔴 CVE-2026-1952 - Critical (9.8)
Delta Electronics AS320T has denial of service via the undocumented subfunction vulnerability.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1952/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-24T00:32:04
1 posts
🟠 CVE-2026-35064 - High (7.5)
A vulnerability in SenseLive X3050’s management ecosystem allows unauthenticated discovery of deployed units through the vendor’s management protocol, enabling identification of device presence, identifiers, and management interfaces without...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35064/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-24T00:32:04
1 posts
🟠 CVE-2026-39462 - High (8.1)
A vulnerability exists in SenseLive X3050’s web management interface in which password updates are not reliably applied due to improper handling of credential changes on the backend. After the device undergoes a factory restore using the SenseL...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-39462/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-24T00:32:04
1 posts
🔴 CVE-2026-35503 - Critical (9.8)
A vulnerability in SenseLive X3050’s web management interface allows authentication logic to be performed entirely on the client side, relying on hardcoded values within browser-executed scripts rather than server-side verification. An attacker...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35503/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-24T00:32:04
1 posts
🔴 CVE-2026-40630 - Critical (9.8)
A vulnerability in
SenseLive
X3050’s web management interface allows unauthorized access to certain configuration endpoints due to improper access control enforcement. An attacker with network access to the device may be able to bypass the i...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40630/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-24T00:32:03
1 posts
🔴 CVE-2026-25775 - Critical (9.8)
A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-related requests from any reachable host and d...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25775/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-24T00:32:03
1 posts
🟠 CVE-2026-40623 - High (8.1)
A vulnerability in SenseLive X3050's web management interface allows critical system and network configuration parameters to be modified without sufficient validation and safety controls. Due to inadequate enforcement of constraints on sensitive...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40623/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-24T00:32:03
1 posts
🔴 CVE-2026-40620 - Critical (9.8)
A vulnerability in SenseLive X3050’s embedded management service allows full administrative control to be established without any form of authentication or authorization on the SenseLive config application. The service accepts management conne...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40620/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-24T00:31:58
1 posts
🔵 THREAT INTELLIGENCE
Weekly Threat Roundup: 2026-04-20 to 2026-04-26
Roundup | CRITICAL
CVEs: CVE-2026-21515, CVE-2026-32613, CVE-2026-33819
Cybersecurity roundup for 2026-04-20 to 2026-04-26. 10 CVE advisories, 2 breach reports, 5 threat news stories.
Full analysis:
https://www.yazoul.net/news/article/2026-w17-weekly-threat-roundup
updated 2026-04-24T00:31:58
1 posts
🔴 CVE-2026-24303 - Critical (9.6)
Improper access control in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24303/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-24T00:31:58
1 posts
🟠 CVE-2026-26150 - High (8.6)
Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26150/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-23T18:30:37.510000
1 posts
1 repos
🔵 THREAT INTELLIGENCE
Weekly Threat Roundup: 2026-04-20 to 2026-04-26
Roundup | CRITICAL
CVEs: CVE-2026-21515, CVE-2026-32613, CVE-2026-33819
Cybersecurity roundup for 2026-04-20 to 2026-04-26. 10 CVE advisories, 2 breach reports, 5 threat news stories.
Full analysis:
https://www.yazoul.net/news/article/2026-w17-weekly-threat-roundup
updated 2026-04-23T10:52:57
1 posts
📈 CVE Published in last 7 days (2026-04-20 - 2026-04-27)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1459
Severity:
- Critical: 124
- High: 358
- Medium: 586
- Low: 70
- None: 321
Status:
- : 40
- Analyzed: 313
- Awaiting Analysis: 570
- Deferred: 238
- Modified: 9
- Received: 124
- Rejected: 23
- Undergoing Analysis: 142
Top CNAs:
- GitHub, Inc.: 326
- kernel.org: 257
- VulnCheck: 119
- VulDB: 114
- Oracle: 102
- MITRE: 69
- Wordfence: 67
- Canonical Ltd.: 46
- Mozilla Corporation: 42
- N/A: 40
Top Affected Products:
- UNKNOWN: 1040
- Openclaw: 42
- Mozilla Firefox: 39
- Mozilla Thunderbird: 38
- Oracle Mysql Server: 25
- Wwbn Avideo: 18
- Flowiseai Flowise: 18
- Uutils Coreutils: 14
- Silextechnology Sd-330ac Firmware: 11
- Gitlab: 11
Top EPSS Score:
- CVE-2026-5965 - 6.34 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5965)
- CVE-2026-41179 - 5.98 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-41179)
- CVE-2026-40887 - 4.56 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-40887)
- CVE-2026-38834 - 3.22 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-38834)
- CVE-2026-41176 - 2.79 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-41176)
- CVE-2026-21571 - 1.10 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21571)
- CVE-2026-6799 - 1.06 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6799)
- CVE-2026-24467 - 0.76 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24467)
- CVE-2026-41472 - 0.67 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-41472)
- CVE-2019-25714 - 0.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2019-25714)
updated 2026-04-22T15:31:39
1 posts
updated 2026-04-22T15:07:23.650000
3 posts
Firefox CVE-2026-6770 Vulnerability Exposes Private Browsing and Tor Users to Cross-Site Fingerprinting Risks + Video
Introduction A newly disclosed security vulnerability affecting Mozilla Firefox and Thunderbird has raised serious concerns across the privacy and cybersecurity community. Tracked as CVE-2026-6770, the flaw undermines fundamental expectations of anonymity in private browsing environments, including Tor Browser sessions. What makes this issue…
##updated 2026-04-22T00:31:48
1 posts
📈 CVE Published in last 7 days (2026-04-20 - 2026-04-27)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1459
Severity:
- Critical: 124
- High: 358
- Medium: 586
- Low: 70
- None: 321
Status:
- : 40
- Analyzed: 313
- Awaiting Analysis: 570
- Deferred: 238
- Modified: 9
- Received: 124
- Rejected: 23
- Undergoing Analysis: 142
Top CNAs:
- GitHub, Inc.: 326
- kernel.org: 257
- VulnCheck: 119
- VulDB: 114
- Oracle: 102
- MITRE: 69
- Wordfence: 67
- Canonical Ltd.: 46
- Mozilla Corporation: 42
- N/A: 40
Top Affected Products:
- UNKNOWN: 1040
- Openclaw: 42
- Mozilla Firefox: 39
- Mozilla Thunderbird: 38
- Oracle Mysql Server: 25
- Wwbn Avideo: 18
- Flowiseai Flowise: 18
- Uutils Coreutils: 14
- Silextechnology Sd-330ac Firmware: 11
- Gitlab: 11
Top EPSS Score:
- CVE-2026-5965 - 6.34 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5965)
- CVE-2026-41179 - 5.98 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-41179)
- CVE-2026-40887 - 4.56 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-40887)
- CVE-2026-38834 - 3.22 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-38834)
- CVE-2026-41176 - 2.79 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-41176)
- CVE-2026-21571 - 1.10 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21571)
- CVE-2026-6799 - 1.06 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6799)
- CVE-2026-24467 - 0.76 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24467)
- CVE-2026-41472 - 0.67 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-41472)
- CVE-2019-25714 - 0.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2019-25714)
updated 2026-04-21T21:32:31
1 posts
📈 CVE Published in last 7 days (2026-04-20 - 2026-04-27)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1459
Severity:
- Critical: 124
- High: 358
- Medium: 586
- Low: 70
- None: 321
Status:
- : 40
- Analyzed: 313
- Awaiting Analysis: 570
- Deferred: 238
- Modified: 9
- Received: 124
- Rejected: 23
- Undergoing Analysis: 142
Top CNAs:
- GitHub, Inc.: 326
- kernel.org: 257
- VulnCheck: 119
- VulDB: 114
- Oracle: 102
- MITRE: 69
- Wordfence: 67
- Canonical Ltd.: 46
- Mozilla Corporation: 42
- N/A: 40
Top Affected Products:
- UNKNOWN: 1040
- Openclaw: 42
- Mozilla Firefox: 39
- Mozilla Thunderbird: 38
- Oracle Mysql Server: 25
- Wwbn Avideo: 18
- Flowiseai Flowise: 18
- Uutils Coreutils: 14
- Silextechnology Sd-330ac Firmware: 11
- Gitlab: 11
Top EPSS Score:
- CVE-2026-5965 - 6.34 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5965)
- CVE-2026-41179 - 5.98 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-41179)
- CVE-2026-40887 - 4.56 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-40887)
- CVE-2026-38834 - 3.22 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-38834)
- CVE-2026-41176 - 2.79 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-41176)
- CVE-2026-21571 - 1.10 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21571)
- CVE-2026-6799 - 1.06 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6799)
- CVE-2026-24467 - 0.76 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24467)
- CVE-2026-41472 - 0.67 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-41472)
- CVE-2019-25714 - 0.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2019-25714)
updated 2026-04-21T21:31:23
1 posts
Python asyncio Vulnerability Exposes Windows Systems to Remote Code Execution
A high-severity out-of-bounds write vulnerability (CVE-2026-3298) in Python's asyncio module on Windows allows remote attackers to cause memory corruption or execute arbitrary code. The flaw affects Python versions 3.11 through 3.14 and requires immediate patching or code-level mitigations.
**If you're running Python applications on Windows (versions 3.11 through 3.14) that use asyncio for network communication, upgrade to the latest patched Python version as soon as it's available. Until then, avoid using the sock_recvfrom_into() method with untrusted network traffic, and watch for unexpected crashes on your Windows Python servers.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-python-asyncio-vulnerability-exposes-windows-systems-to-remote-code-execution-e-o-n-y-1/gD2P6Ple2L
updated 2026-04-21T18:32:04
2 posts
📰 Critical Unauthenticated Path Traversal Flaw Found in CrowdStrike LogScale
🚨 CRITICAL FLAW: CrowdStrike patches an unauthenticated path traversal vulnerability (CVE-2026-40050) in self-hosted LogScale. The bug could allow remote attackers to read any file on the server. Patch immediately! #CyberSecurity #Vulnerability
##CrowdStrike Patches Critical Path Traversal Vulnerability in LogScale
CrowdStrike patched a critical unauthenticated path traversal vulnerability (CVE-2026-40050) in LogScale that allows remote attackers to read arbitrary files from self-hosted server filesystems.
**If you use self-hosted LogScale, plan a quick update to a patched version ASAP. Always keep your cluster API endpoints behind a firewall or VPN to limit exposure to attackers.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/crowdstrike-patches-critical-path-traversal-vulnerability-in-logscale-b-w-e-5-i/gD2P6Ple2L
updated 2026-04-21T18:32:04
1 posts
📈 CVE Published in last 7 days (2026-04-20 - 2026-04-27)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1459
Severity:
- Critical: 124
- High: 358
- Medium: 586
- Low: 70
- None: 321
Status:
- : 40
- Analyzed: 313
- Awaiting Analysis: 570
- Deferred: 238
- Modified: 9
- Received: 124
- Rejected: 23
- Undergoing Analysis: 142
Top CNAs:
- GitHub, Inc.: 326
- kernel.org: 257
- VulnCheck: 119
- VulDB: 114
- Oracle: 102
- MITRE: 69
- Wordfence: 67
- Canonical Ltd.: 46
- Mozilla Corporation: 42
- N/A: 40
Top Affected Products:
- UNKNOWN: 1040
- Openclaw: 42
- Mozilla Firefox: 39
- Mozilla Thunderbird: 38
- Oracle Mysql Server: 25
- Wwbn Avideo: 18
- Flowiseai Flowise: 18
- Uutils Coreutils: 14
- Silextechnology Sd-330ac Firmware: 11
- Gitlab: 11
Top EPSS Score:
- CVE-2026-5965 - 6.34 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5965)
- CVE-2026-41179 - 5.98 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-41179)
- CVE-2026-40887 - 4.56 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-40887)
- CVE-2026-38834 - 3.22 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-38834)
- CVE-2026-41176 - 2.79 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-41176)
- CVE-2026-21571 - 1.10 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21571)
- CVE-2026-6799 - 1.06 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6799)
- CVE-2026-24467 - 0.76 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24467)
- CVE-2026-41472 - 0.67 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-41472)
- CVE-2019-25714 - 0.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2019-25714)
updated 2026-04-21T18:32:04
1 posts
📈 CVE Published in last 7 days (2026-04-20 - 2026-04-27)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1459
Severity:
- Critical: 124
- High: 358
- Medium: 586
- Low: 70
- None: 321
Status:
- : 40
- Analyzed: 313
- Awaiting Analysis: 570
- Deferred: 238
- Modified: 9
- Received: 124
- Rejected: 23
- Undergoing Analysis: 142
Top CNAs:
- GitHub, Inc.: 326
- kernel.org: 257
- VulnCheck: 119
- VulDB: 114
- Oracle: 102
- MITRE: 69
- Wordfence: 67
- Canonical Ltd.: 46
- Mozilla Corporation: 42
- N/A: 40
Top Affected Products:
- UNKNOWN: 1040
- Openclaw: 42
- Mozilla Firefox: 39
- Mozilla Thunderbird: 38
- Oracle Mysql Server: 25
- Wwbn Avideo: 18
- Flowiseai Flowise: 18
- Uutils Coreutils: 14
- Silextechnology Sd-330ac Firmware: 11
- Gitlab: 11
Top EPSS Score:
- CVE-2026-5965 - 6.34 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5965)
- CVE-2026-41179 - 5.98 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-41179)
- CVE-2026-40887 - 4.56 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-40887)
- CVE-2026-38834 - 3.22 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-38834)
- CVE-2026-41176 - 2.79 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-41176)
- CVE-2026-21571 - 1.10 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21571)
- CVE-2026-6799 - 1.06 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6799)
- CVE-2026-24467 - 0.76 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24467)
- CVE-2026-41472 - 0.67 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-41472)
- CVE-2019-25714 - 0.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2019-25714)
updated 2026-04-21T15:33:24
1 posts
Cohere Terrarium (CVE-2026-5752) and OpenAI Codex CLI (CVE-2025-59532): a cross-CVE analysis of AI code sandbox escapes https://blog.barrack.ai/pyodide-sandbox-escape-cohere-terrarium-openai-codex/
##updated 2026-04-21T15:04:13
4 posts
Thirteen hours from disclosure to exploitation. CVE-2026-33626 in LMDeploy is an SSRF that hits cloud metadata and internal services. If you run LMDeploy, patch it.
##LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure
https://thehackernews.com/2026/04/lmdeploy-cve-2026-33626-flaw-exploited.html
Read on HackerWorkspace: https://hackerworkspace.com/article/lmdeploy-cve-2026-33626-flaw-exploited-within-13-hours-of-disclosure
##LMDeploy AI Inference Engine Exploited Hours After SSRF Disclosure
LMDeploy's vision-language module contains a high-severity SSRF vulnerability (CVE-2026-33626) that attackers exploited within 13 hours to scan internal networks and target cloud metadata. The flaw allows unauthenticated users to bypass network restrictions by providing malicious image URLs to the inference server.
**If you're running LMDeploy, immediately update to version 0.12.3 or later to patch the SSRF vulnerability (CVE-2026-33626). Also, enforce IMDSv2 with required session tokens on your cloud instances and restrict outbound network traffic from inference servers to block credential theft and internal scanning.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/lmdeploy-ai-inference-engine-exploited-hours-after-ssrf-disclosure-i-a-y-c-t/gD2P6Ple2L
Exploit su LMDeploy CVE-2026-33626: attacco SSRF immediato dopo disclosure https://deafnews.it/article/exploit-su-lmdeploy-cve-2026-33626-attacco-ssrf-immediato-dopo-disclosure
##updated 2026-04-21T13:00:03.373000
1 posts
Zimbra XSS Flaw Actively Exploited
CISA has added CVE-2025-48700, an actively exploited XSS vulnerability in Zimbra Collaboration Suite's Classic UI, to its Known Exploited Vulnerabilities Catalog. Over 10,500 are unpatched instances still exposed online despite patches being available since June 2025.
**If you run Zimbra Collaboration Suite, immediately upgrade to a patched version (ZCS 8.8.15 Patch 47, 9.0.0 Patch 43, 10.0.12, or 10.1.4 or later) since this flaw is being actively exploited. Then audit your mail servers for signs of compromise. Check for suspicious mail forwarding rules, recent TGZ exports, and unexpected MFA or application password changes.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/zimbra-xss-flaw-actively-exploited-e-y-g-h-x/gD2P6Ple2L
updated 2026-04-21T06:30:32
1 posts
📈 CVE Published in last 7 days (2026-04-20 - 2026-04-27)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1459
Severity:
- Critical: 124
- High: 358
- Medium: 586
- Low: 70
- None: 321
Status:
- : 40
- Analyzed: 313
- Awaiting Analysis: 570
- Deferred: 238
- Modified: 9
- Received: 124
- Rejected: 23
- Undergoing Analysis: 142
Top CNAs:
- GitHub, Inc.: 326
- kernel.org: 257
- VulnCheck: 119
- VulDB: 114
- Oracle: 102
- MITRE: 69
- Wordfence: 67
- Canonical Ltd.: 46
- Mozilla Corporation: 42
- N/A: 40
Top Affected Products:
- UNKNOWN: 1040
- Openclaw: 42
- Mozilla Firefox: 39
- Mozilla Thunderbird: 38
- Oracle Mysql Server: 25
- Wwbn Avideo: 18
- Flowiseai Flowise: 18
- Uutils Coreutils: 14
- Silextechnology Sd-330ac Firmware: 11
- Gitlab: 11
Top EPSS Score:
- CVE-2026-5965 - 6.34 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5965)
- CVE-2026-41179 - 5.98 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-41179)
- CVE-2026-40887 - 4.56 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-40887)
- CVE-2026-38834 - 3.22 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-38834)
- CVE-2026-41176 - 2.79 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-41176)
- CVE-2026-21571 - 1.10 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21571)
- CVE-2026-6799 - 1.06 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6799)
- CVE-2026-24467 - 0.76 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24467)
- CVE-2026-41472 - 0.67 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-41472)
- CVE-2019-25714 - 0.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2019-25714)
updated 2026-04-20T21:32:43
1 posts
updated 2026-04-16T19:59:38.107000
1 posts
9 repos
https://github.com/AtoposX-J/CVE-2026-34197-Apache-ActiveMQ-RCE
https://github.com/keraattin/CVE-2026-34197
https://github.com/DEVSECURITYSPRO/CVE-2026-34197
https://github.com/KONDORDEVSECURITYCORP/CVE-2026-34197
https://github.com/dinosn/CVE-2026-34197
https://github.com/hg0434hongzh0/CVE-2026-34197
https://github.com/xshysjhq/CVE-2026-34197-payload-Apache-ActiveMQ-
🟠 CVE-2026-40466 - High (8.8)
Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ.
An authenticated attacker may bypass the fix in CVE-2026-34197 by adding a conne...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40466/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-14T18:30:51
2 posts
A Shortcut to Coercion: Incomplete Patch of APT28's Zero-Day Leads to CVE-2026-32202
#CVE_2026_32202 #APT28 #CVE_2026_21510
https://www.akamai.com/blog/security-research/2026/apr/incomplete-patch-apt28s-zero-day-cve-2026-32202
A Shortcut to Coercion: Incomplete Patch of APT28's Zero-Day Leads to CVE-2026-32202
#CVE_2026_32202 #APT28 #CVE_2026_21510
https://www.akamai.com/blog/security-research/2026/apr/incomplete-patch-apt28s-zero-day-cve-2026-32202
updated 2026-04-14T00:13:31
1 posts
released sbt 1.12.10, featuring
- update to log4j 2.25.4, fixing CVE-2026-34477, CVE-2026-34478, CVE-2026-34479, and CVE-2026-34480
- eviction error in `Test` configuration, backported from sbt 2.x
https://eed3si9n.com/sbt-1.12.10 #Scala
updated 2026-04-14T00:11:01
1 posts
released sbt 1.12.10, featuring
- update to log4j 2.25.4, fixing CVE-2026-34477, CVE-2026-34478, CVE-2026-34479, and CVE-2026-34480
- eviction error in `Test` configuration, backported from sbt 2.x
https://eed3si9n.com/sbt-1.12.10 #Scala
updated 2026-04-13T23:57:23
1 posts
released sbt 1.12.10, featuring
- update to log4j 2.25.4, fixing CVE-2026-34477, CVE-2026-34478, CVE-2026-34479, and CVE-2026-34480
- eviction error in `Test` configuration, backported from sbt 2.x
https://eed3si9n.com/sbt-1.12.10 #Scala
updated 2026-04-13T18:31:39
1 posts
2 repos
📢 CVE-2026-21643 : Injection SQL critique dans FortiClient EMS activement exploitée
📝 ## 🔍 Contexte
Rapport publié le 27 avril 2026 par CrowdSec sur la plateforme VulnTracking, basé sur...
📖 cyberveille : https://cyberveille.ch/posts/2026-04-27-cve-2026-21643-injection-sql-critique-dans-forticlient-ems-activement-exploitee/
🌐 source : https://www.crowdsec.net/vulntracking-report/cve-2026-21643-forticlient-ems-sql-injection-exploitation
#CISA_KEV #CVE_2026_21643 #Cyberveille
updated 2026-04-13T15:02:06.187000
1 posts
released sbt 1.12.10, featuring
- update to log4j 2.25.4, fixing CVE-2026-34477, CVE-2026-34478, CVE-2026-34479, and CVE-2026-34480
- eviction error in `Test` configuration, backported from sbt 2.x
https://eed3si9n.com/sbt-1.12.10 #Scala
updated 2026-04-02T18:31:50
1 posts
📰 Decade-Old OpenSSH Flaw (CVE-2026-35414) Allows Full Root Access, Exploits Hard to Detect
🚨 CRITICAL: A 15-year-old flaw in OpenSSH (CVE-2026-35414) allows attackers to gain full root access. The bug is trivial to exploit and hard to detect in logs. Update to OpenSSH 10.3p1 immediately! 🛡️ #OpenSSH #CVE #Linux #CyberSecurity
##updated 2026-04-01T15:30:57
2 posts
2 repos
@bagder maybe edit your post to show his full name:
Devansh Batham.
In a post to Substack, Devansh (surname unknown, @chocolatemilkcultleader) is horribly mistaken about Claude, Carlini, and FreeBSD CVE-2026-4747.
Thanks.
Cc @sszuecs
##@bagder maybe edit your post to show his full name:
Devansh Batham.
In a post to Substack, Devansh (surname unknown, @chocolatemilkcultleader) is horribly mistaken about Claude, Carlini, and FreeBSD CVE-2026-4747.
Thanks.
Cc @sszuecs
##updated 2026-02-27T15:47:29
1 posts
1 repos
https://github.com/Anon-Cyber-Team/CVE-2026-27966--RCE-in-Langflow
The latest Metasploit Weekly Wrapup is here! Highlights include a new RCE exploit for Langflow (CVE-2026-27966), improved check method visibility with detailed reasoning, and updates for legacy SMB targets. Plus 3 other new modules!
Read more: https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-04-25-2026/
##updated 2026-02-18T21:31:21
2 posts
⚪️ Kaspersky Lab experts discover vulnerability in Snapdragon chipsets
🗨️ Experts from Kaspersky ICS CERT have discovered a vulnerability in Qualcomm Snapdragon chipsets. The issue was found in the BootROM boot firmware, which is embedded at the hardware level. Chipsets from these series are widely used in smartphones, tablets, automotive…
##⚪️ Kaspersky Lab experts discover vulnerability in Snapdragon chipsets
🗨️ Experts from Kaspersky ICS CERT have discovered a vulnerability in Qualcomm Snapdragon chipsets. The issue was found in the BootROM boot firmware, which is embedded at the hardware level. Chipsets from these series are widely used in smartphones, tablets, automotive…
##updated 2026-02-02T23:41:06
1 posts
11 repos
https://github.com/KajzingerAkos/CVE-2026-25253
https://github.com/adibirzu/openclaw-security-monitor
https://github.com/FrigateCaptain/openclaw_vulnerabilities_and_solutions
https://github.com/msaleme/start-here
https://github.com/Ckokoski/moatbot-security
https://github.com/Cyber-Warrior-Network/trust-gate-mcp
https://github.com/al4n4n/CVE-2026-25253-research
https://github.com/Joseph19820124/openclaw-vuln-report
https://github.com/ZhaoymOvO/openclaw-1click-rce-env
This post contains affiliate links. We may earn a commission if you click on them and make a purchase. It’s at no extra cost to you and helps us run this site. Thanks for your support!
Regarding AI, it seems like everyone’s been talking about OpenClaw lately. The project exploded on GitHub before most people had even heard the name — passing 100,000 stars inside two months, spawning Reddit threads, Discord servers, and a wave of setup guides from developers who couldn’t stop talking about it. By the time the wider tech press noticed, a serious community had already formed around it. That kind of organic momentum is rare, and it usually means something real is happening.
What makes OpenClaw compelling isn’t a single feature. It’s the premise: a proactive, always-on AI assistant that runs entirely on your own hardware, connects to the messaging apps you already use, and never hands your data to someone else’s server. No subscriptions. No cloud lock-in. You own the whole stack. For a growing number of developers and technically curious people, that combination proved irresistible.
But here’s the catch: the official documentation lists “4GB RAM” as the minimum requirement. That figure is technically accurate and practically misleading. The real OpenClaw hardware requirements depend entirely on how you deploy it — and if you pick the wrong machine, your agent will stall, swap, and crash at the worst possible moment. This guide cuts through the vague specs and gives you the honest picture.
OpenClaw is a free, open-source AI agent framework that turns large language models into autonomous personal assistants running 24/7 on your own hardware. Austrian developer Peter Steinberger originally launched it in November 2025 under the name Clawdbot. After a brief naming detour through “Moltbot,” it became OpenClaw in January 2026. By February, Steinberger had joined OpenAI — and committed to keeping the project open-source under MIT license through a newly established non-profit foundation.
The latest stable release as of April 2026 is v2026.4.12. The project is actively maintained with regular releases, and a large community is building skills, integrations, and deployment guides daily.
[🖼 Adobe Creative Cloud All Apps]OpenClaw isn’t a chatbot. It doesn’t wait for you to open an app and type a question. Instead, it operates proactively through a heartbeat daemon and scheduled tasks. Think of it as a persistent operator living on your machine, not a reactive text box in a browser tab.
You interact with it through the messaging platforms you already use. The supported channel list includes WhatsApp, Telegram, Slack, Discord, Signal, iMessage, Google Chat, Microsoft Teams, Matrix, IRC, LINE, and over a dozen more. You text your agent from your phone. It executes tasks on your hardware. Results come back through the same channel.
Its core capabilities include browser automation via Playwright, file management, scheduled tasks, API integrations, voice interaction on macOS and iOS, and a live Canvas workspace for visual agent output. A community-driven skill marketplace called ClawHub offers over 700 additional extensions. The skill system is modular — each skill is a Markdown file stored in your local workspace directory.
You choose the AI brain. OpenClaw works with Anthropic Claude, OpenAI GPT-4o, Google Gemini, DeepSeek, and local models through Ollama or llama.cpp. It auto-switches to backup models if your primary choice becomes unavailable — which matters a great deal in production automation scenarios.
The OpenClaw gateway process itself is a Node.js application. It proxies messages, manages sessions, and orchestrates tool calls. That core process is lightweight — it spends most of its time waiting for API responses rather than grinding through computation. But “can run” and “runs well” are fundamentally different states, and the gap between them grows wider as you add features.
What I call the Deployment Multiplier Effect is the single concept most guides skip over. Your resource usage doesn’t scale linearly with agents or tasks. It scales exponentially once you enable browser automation, local model inference, or multi-agent routing. A machine that handles one text-based agent comfortably will collapse under two browser-automated agents running concurrently.
These are the absolute floor values. OpenClaw will start and handle basic tasks at these specs, but you’ll hit limits quickly under sustained load.
The 4GB RAM floor exists because the OpenClaw gateway process alone consumes 400–800MB at idle. Add Node.js runtime overhead, your operating system, and Docker if you use it — and a 2GB machine is already in trouble before you run a single task. Users who try 1GB VPS instances report out-of-memory kills during Docker builds and chronic swapping during normal operation.
The Node.js version requirement deserves emphasis. OpenClaw absolutely requires Node.js 22 or higher. Running it on Node 18 or 20 produces cryptic errors about import statements and missing modules. Install Node 22 via Homebrew on macOS, NVM on Linux, or the official installer on Windows before anything else.
For one agent doing text-based tasks through Telegram, Slack, or WhatsApp — with no browser automation and no local LLMs — these specs ensure consistent, comfortable performance:
NVMe drives reduce model load times by approximately 40% compared to SATA SSDs. That difference is noticeable in daily use, especially when OpenClaw loads skills, writes logs, and manages session persistence simultaneously.
The right hardware depends on what you’re actually running. Let me walk through five distinct deployment tiers using a framework I call the Agent Footprint Stack — a way of thinking about resource allocation as a layered budget rather than a flat spec sheet.
This is the bread-and-butter OpenClaw setup. One agent, text-based tasks, no browser, no local models. The gateway runs, routes your messages, calls Claude or GPT-4o, and returns results.
The Pi 5 excels at orchestrating cloud API calls. You’re not running local inference here, so compute requirements stay low. The tradeoff is latency on complex multi-tool sequences — expect occasional slowdowns during tasks that combine web search, file operations, and API calls in rapid succession.
Browser automation is one of OpenClaw’s strongest features. It is also the single biggest hardware multiplier in the entire stack. Each Playwright browser instance consumes 200–400MB of RAM and generates significant CPU load during page rendering.
A 4GB machine running the gateway (400–800MB) plus one browser instance (200–400MB) plus OS and Docker overhead is already at 70–80% memory utilization before any tasks begin. Two concurrent browser instances on 4GB cause swapping, which kills response times and can crash the container mid-task.
Running two or more OpenClaw agents on the same server means each agent runs its own gateway process with separate configuration, memory, and session state. Budget 2–3GB of RAM per agent for comfortable headroom.
Two agents on a 4GB VPS will run, but both degrade under concurrent load. Three agents on 4GB don’t work. The gateway processes compete for memory, and the first one to get killed takes down its entire workflow mid-execution. For cloud hosting, DigitalOcean’s 8GB droplet at $24/month or a Hetzner CX43 at approximately $14/month handles two agents reliably.
This is where OpenClaw hardware requirements make a genuine leap. Running a local LLM through Ollama eliminates API costs and keeps all inference on-device — but it demands a completely different class of hardware.
An 8-billion-parameter model like Llama 3 8B, quantized to 4-bit precision, requires approximately 6GB of RAM just to load the model weights. Your operating system needs 4GB on top of that. Add OpenClaw’s context window management, and 16GB of RAM is the absolute floor for local inference. In practice, 32GB is the realistic baseline for responsive agent execution.
Standard CPUs can run LLM inference, but forcing matrix multiplication through general-purpose cores spikes power consumption above 65 watts and generates significant heat. Neural Processing Units handle the same workload at a fraction of the energy draw — which matters enormously for 24/7 always-on deployments.
For teams running OpenClaw as business-critical infrastructure — customer message routing, automated reporting, time-sensitive CRM updates — the hardware calculus shifts entirely toward reliability and uptime over raw cost efficiency.
Consumer laptops are built for burst performance. Running an AI agent at 100% computational load for 72 hours straight on a laptop will cause thermal throttling — CPU cores dropping from 4.5GHz to 2.1GHz as heat builds. Dedicated hardware with active cooling isn’t about peak performance. It’s about consistency.
OpenClaw supports three primary operating environments. macOS and Linux run the gateway natively. Windows requires WSL2 (Ubuntu is recommended inside WSL2). For server deployments, Linux is the most predictable and well-documented option.
On the architecture side, OpenClaw auto-detects your CPU architecture. Both x86_64 and ARM64 are fully supported. Apple Silicon (M1 through M4) receives native support via the macOS menu bar app or CLI. AWS Graviton 2, 3, and 4 instances are fully supported and often deliver better price-to-performance ratios than x86 equivalents for cloud deployments. The Raspberry Pi 5 on ARM64 works well for the lightweight Tier 1 scenario described above.
Here’s a framework I find genuinely useful when planning OpenClaw deployments — the RAM Budget Formula. Add up these components to calculate your actual memory requirement before you buy hardware:
Sum those numbers for your specific configuration, add 20%, and that’s your real RAM floor — not the 4GB figure in the README. This formula also explains why storage matters beyond just holding files. OpenClaw generates more disk writes than you might expect. Log accumulation, session files, memory persistence data, and Node.js module cache collectively consume significant space over time. The 20GB storage recommendation is double the minimum precisely to accommodate this growth.
The installation process is straightforward if you follow the correct sequence. These are the verified steps for a local deployment on Linux or macOS.
Before anything else, confirm you’re running Node.js 22 or higher. Run node --version in your terminal. If the output shows v18 or v20, install v22 via NVM on Linux (nvm install 22) or Homebrew on macOS (brew install node@22). An incorrect Node version is the most common cause of installation failures.
OpenClaw’s official repository lives at github.com/openclaw/openclaw. Clone it with git clone https://github.com/openclaw/openclaw.git, then navigate into the directory with cd openclaw.
The project prefers pnpm for package management. Run pnpm install to pull all dependencies. Installation typically takes 2–3 minutes, depending on your connection speed.
Run pnpm openclaw setup for first-time configuration. This writes the local config and workspace structure. Alternatively, run openclaw onboard in your terminal — the onboarding wizard guides you step-by-step through gateway setup, channel configuration, and skill installation. It’s the recommended path for new users.
Always run openclaw doctor after installation. This command surfaces misconfigured settings, missing dependencies, and risky DM policy configurations before they cause silent failures. Fixing issues at this stage saves hours of debugging later.
Start the gateway with pnpm gateway:watch for development (auto-reloads on changes) or configure it as a daemon using PM2 for always-on production deployment. PM2 ensures the gateway automatically restarts after crashes or system reboots.
Connect a messaging channel through the dashboard or CLI. For Telegram, create a bot through @BotFather, copy the token, and pair it through the OpenClaw interface. Once connected, you can interact with your agent from any device where you use that platform.
The privacy argument is the strongest one. Your data, sessions, and credentials never leave your hardware. For anyone handling sensitive personal or professional information, that’s not a feature — it’s a requirement. Local-first deployment also eliminates recurring API gateway costs over time.
The multi-channel approach is genuinely elegant. Most AI tools force you into their interface. OpenClaw meets you where you already are — your existing messaging apps. That reduces friction to nearly zero for daily use.
The model-agnostic design future-proofs your setup. When a better model launches, you switch providers in your config file. You’re not locked into one company’s product roadmap.
The extensibility through ClawHub skills and the open-source nature mean the community continuously expands what OpenClaw can do. Over 700 skills are available, and building custom skills in Markdown is accessible even for non-developers.
OpenClaw is what I’d call a Sharp Knife Tool — powerful and precise, but unforgiving of mistakes. It requires comfortable familiarity with the command line, JSON configuration files, and basic server management concepts. If you’ve never used a terminal, this is not where you start.
Security demands active management. The critical CVE-2026-25253 Remote Code Execution vulnerability exposed unpatched deployments in early 2026. Always run openclaw update --force followed by openclaw security audit to verify your installation is patched and hardened. Skill permissions deserve scrutiny — a skill requesting shell execution access outside your workspace is a red flag worth taking seriously.
Hardware costs are real. A capable, always-on mini PC costs $400–700. That’s a one-time cost that pays back against subscription services over time, but the upfront investment is higher than cloud alternatives.
Foundation governance is still evolving. The non-profit foundation Steinberger announced has not yet published full governance documents as of April 2026. For teams evaluating long-term enterprise use, that’s a legitimate uncertainty to factor in.
Let me translate all of this into concrete purchase recommendations organized by budget and use case. These reflect actual performance data from the community and hardware specifications verified as of April 2026.
The Intel N100 Mini PC (approximately $150–250) works as an entry point for learning the OpenClaw CLI, testing workflows, and API integration testing. Four efficient cores at 3.4GHz, 16GB RAM, and a 512GB SSD handle single-agent, cloud-API-only setups at low power draw. Don’t use this for browser automation or local inference.
The Raspberry Pi 5 (8GB) at approximately $80 is viable for Tier 1 personal use with strict resource discipline. Great for experimenting with the framework before committing to dedicated hardware.
The Beelink MINI S13 (approximately $300–400, Intel i5-1235U, 12 threads, 16GB RAM, 500GB NVMe) handles single-agent deployments with cloud APIs reliably. A solid everyday choice if you don’t need local inference.
The GMKtec G3 Plus (approximately $300–400, 12 threads, 16GB RAM, 512GB NVMe) offers an upgrade path for light multi-agent testing. Good value for the price if you plan to grow into the platform gradually.
The GEEKOM A5 2025 (AMD Ryzen 5 7430U) is the community’s most recommended all-around choice. At 16GB RAM for approximately $480–580, it handles single-agent plus browser automation. Furthermore, at 32GB for approximately $545, it’s the go-to for 2–3 concurrent agents. And at 64GB for approximately $680, it offers maximum future-proofing for local model experimentation.
The Mac Mini M4 (16GB, approximately $599) deserves special consideration. Its unified memory architecture eliminates CPU-GPU memory transfer bottlenecks. Developers consistently report running 8 simultaneous OpenClaw agents with zero thermal throttling. If you’re already in the Apple ecosystem, this is the clear recommendation.
The ACEMAGIC F5A (AMD Ryzen AI 9 HX 370, 50 TOPS dedicated NPU, approximately $650) is purpose-built for always-on local model inference. The NPU handles LLM computation independently, keeping primary CPU cores available for other tasks. The OCuLink port enables connection to external desktop GPUs without Thunderbolt bandwidth limitations — useful if you plan to train models later.
For teams running 70B+ parameter models or deploying multiple concurrent inference instances, the ACEMAGIC M1A PRO+ (AMD Ryzen AI MAX+ 395, 128GB LPDDR5x, approximately $1,200+) provides workstation-grade memory bandwidth. Unified 128GB memory allows loading 70B parameter models entirely into RAM with zero swapping.
A few non-negotiable security practices should accompany every OpenClaw deployment. These are not optional considerations — they’re the difference between a useful tool and a liability.
Run the gateway under a dedicated OS user account with no access to your personal home directory. If using Docker, mount only specific folders the agent needs — read-only mounts for sensitive documents prevent deletion while still allowing the agent to learn from them. Whitelist only your own Telegram or messaging platform user ID in the config file. Use a dedicated API key with a hard daily spending limit of $5–$10.
Approach ClawHub skill installation with the same diligence you’d apply to installing npm packages in production. Review requested permissions before installing. A weather skill requesting shell execution access is a significant red flag. The OpenClaw Foundation runs automated security scans on ClawHub submissions, but community-published skills carry inherent third-party risk.
Something interesting is happening in the mini PC market right now. Hardware manufacturers are starting to design explicitly for AI agent hosting — not gaming, not general productivity, but always-on inference. The AMD Ryzen AI NPU line, NVIDIA’s NemoClaw reference stack for DGX Spark, and Apple Silicon’s unified memory architecture all point in the same direction: dedicated, efficient, local compute for autonomous agents.
The trend I’m watching closely is what the community calls “Mobile Nodes” and “Edge AI” — deploying OpenClaw not on a desktop mini PC but on compact ARM devices optimized for battery-backed, always-on operation. As LLM quantization techniques improve, 7B models will become genuinely viable on $200 hardware. That changes the access equation entirely.
My honest opinion: if you value data sovereignty and want to automate meaningful parts of your digital life, OpenClaw is the most capable self-hosted option available in April 2026. But it’s not for everyone. It rewards people who enjoy understanding how their tools work. If you want something that just works out of the box with zero configuration, this isn’t your tool. If you want control, transparency, and the ability to run a genuinely intelligent agent without sending your data to someone else’s server, OpenClaw is worth every hour of setup time.
OpenClaw requires a minimum of 2 CPU cores, 4GB RAM, and 10GB of SSD storage. You also need Node.js version 22 or higher. These specs support basic single-agent text operations only. They don’t leave sufficient headroom for browser automation, local LLMs, or sustained multi-task workflows.
Yes. The Raspberry Pi 5 with 8GB RAM handles Tier 1 deployments — single agent, cloud API calls only, no browser automation. ARM64 architecture is fully supported. Add a 2GB swap file for additional stability on lower-RAM Pi configurations.
Yes, but only through WSL2 (Windows Subsystem for Linux). Ubuntu is the recommended WSL2 distribution. Configure WSL2 memory allocation via the .wslconfig file in your user profile directory. Native Windows execution is not supported.
16GB is the absolute minimum for running an 8B parameter model quantized to 4-bit precision. 32GB is the realistic baseline for responsive performance. A 70B parameter model requires 64–128GB of RAM to run without swapping.
For most users, the GEEKOM A5 2025 with 32GB RAM (approximately $545) offers the best balance of capability, cost, and upgrade path. For Apple ecosystem users, the Mac Mini M4 with 16GB RAM (approximately $599) provides exceptional multi-agent performance. And for local inference workloads, the ACEMAGIC F5A with its dedicated NPU handles continuous AI computation most efficiently.
Yes. A DigitalOcean $24/month droplet (4GB RAM) or a Hetzner CX43 ($13–14/month) handles two agents reliably. For four or more agents, move to 16GB instances or split across multiple servers. Be aware that monthly VPS costs often exceed the one-time cost of a dedicated mini PC over 12–18 months.
Node.js 22 or higher is required. Earlier versions, including Node 18 LTS and Node 20, cause installation failures and runtime errors. Always install Node 22 before attempting to install OpenClaw.
Run OpenCLAW Doctor immediately after installation. This command surfaces misconfigured settings, missing dependencies, and security policy issues. Run it again after any major update to confirm the installation remains healthy.
SSD is essential — HDD storage creates I/O bottlenecks during model loading, log writing, and session persistence. NVMe SSDs reduce model load times by approximately 40% compared to SATA SSDs. Plan for at least 20–50GB of dedicated storage, more if you enable verbose logging or run multiple agents simultaneously.
Yes. OpenClaw is fully open-source under the MIT license. The framework itself is free. You’ll pay for the AI model API calls (typically $0.50–$2.00 per 100 tasks using Claude Sonnet) and any hardware or VPS hosting costs you choose to incur. Running local models through Ollama eliminates ongoing API costs entirely.
Check out other popular AI topics here at WE AND THE COLOR.
#ai #free #hardware #openSource #OpenClaw ##updated 2025-11-06T14:51:19.950000
1 posts
⚠️ CRITICAL: FIRESTARTER Backdoor
APT actors deployed FIRESTARTER, a persistent Linux backdoor on Cisco Firepower and Secure Firewall devices via CVE-2025-20333 and CVE-2025-20362. The malware survives firmware patches and works with LINE VIPER to maintain remote access. Any organization running these devices is at risk of undetect…
##updated 2025-10-22T00:33:24
1 posts
⚠️ CRITICAL: FIRESTARTER Backdoor
APT actors deployed FIRESTARTER, a persistent Linux backdoor on Cisco Firepower and Secure Firewall devices via CVE-2025-20333 and CVE-2025-20362. The malware survives firmware patches and works with LINE VIPER to maintain remote access. Any organization running these devices is at risk of undetect…
##updated 2025-09-22T22:00:37
1 posts
1 repos
Cohere Terrarium (CVE-2026-5752) and OpenAI Codex CLI (CVE-2025-59532): a cross-CVE analysis of AI code sandbox escapes https://blog.barrack.ai/pyodide-sandbox-escape-cohere-terrarium-openai-codex/
##updated 2025-03-25T18:38:11
3 posts
3 repos
https://github.com/akamai/CVE-2025-27636-Apache-Camel-PoC
https://github.com/enochgitgamefied/CVE-2025-27636-Practical-Lab
🔴 CVE-2026-40453 - Critical (9.9)
The fix for CVE-2025-27636 added setLowerCase(true) to HttpHeaderFilterStrategy so that case-variant header names such as 'CAmelExecCommandExecutable' are filtered out alongside 'CamelExecCommandExecutable'. The same setLowerCase(true) call was no...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40453/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 EUVD-2026-25791
📊 Score: n/a
📦 Product: Apache Camel CoAP, Apache Camel JMS, Apache Camel JMS (+6 more)
🏢 Vendor: Apache Software Foundation
📅 Updated: 2026-04-27
📝 The fix for CVE-2025-27636 added setLowerCase(true) to HttpHeaderFilterStrategy so that case-variant header names such as 'CAmelExecCommandExecutable' are filtered out alongside 'CamelExecCommandExe...
🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-25791
##🔴 CVE-2026-40453 - Critical (9.9)
The fix for CVE-2025-27636 added setLowerCase(true) to HttpHeaderFilterStrategy so that case-variant header names such as 'CAmelExecCommandExecutable' are filtered out alongside 'CamelExecCommandExecutable'. The same setLowerCase(true) call was no...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40453/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2025-02-11T19:03:55
3 posts
🚨 EUVD-2026-25809
📊 Score: 9.8/10 (CVSS v3.1)
📦 Product: Apache MINA, Apache MINA, Apache MINA
🏢 Vendor: Apache Software Foundation
📅 Updated: 2026-04-27
📝 The fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject() was incomplete. The classname allowlist of classes allowed to be deserialized was applied too late after a static initializer in a class t...
🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-25809
##🔴 CVE-2026-41409 - Critical (9.8)
The fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject() was incomplete. The classname allowlist of classes allowed to be deserialized was applied too late after a static initializer in a class to be read might already have been exec...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41409/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-41409 - Critical (9.8)
The fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject() was incomplete. The classname allowlist of classes allowed to be deserialized was applied too late after a static initializer in a class to be read might already have been exec...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41409/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2024-02-03T05:06:20
1 posts
Broadcom has a new advisory for a critical vulnerability:
Common Components and Services for z/OS 15.0 Vulnerability in CCS Apache Tomcat https://support.broadcom.com/web/ecx/security-advisory #Broadcom #Apache
CISA has updated the KEV catalogue:
- CVE-2024-57726: SimpleHelp Missing Authorization Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-57726
- CVE-2024-57728: SimpleHelp Path Traversal Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-57728
- CVE-2024-7399: Samsung MagicINFO 9 Server Path Traversal Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-7399
- CVE-2025-29635: D-Link DIR-823X Command Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-29635 #CISA #Samsung #DLink
Cisco has two advisories for high-severity vulnerabilities:
- CVE-2023-20185: Cisco ACI Multi-Site CloudSec Encryption Information Disclosure Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-cloudsec-enc-Vs5Wn2sX
- Informational, updated today: Continued Evolution of Persistence Mechanism Against Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-persist-CISAED25-03 @TalosSecurity #Cisco #infosec #vulnerability
##updated 2023-08-17T05:02:31
1 posts
🔴 CVE-2026-6951 - Critical (9.8)
Versions of the package simple-git before 3.36.0 are vulnerable to Remote Code Execution (RCE) due to an incomplete fix for [CVE-2022-25912](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3112221) that blocks the -c option but not the equivalent ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6951/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚪️ Kaspersky Lab experts discover vulnerability in Snapdragon chipsets
🗨️ Experts from Kaspersky ICS CERT have discovered a vulnerability in Qualcomm Snapdragon chipsets. The issue was found in the BootROM boot firmware, which is embedded at the hardware level. Chipsets from these series are widely used in smartphones, tablets, automotive…
##⚪️ Kaspersky Lab experts discover vulnerability in Snapdragon chipsets
🗨️ Experts from Kaspersky ICS CERT have discovered a vulnerability in Qualcomm Snapdragon chipsets. The issue was found in the BootROM boot firmware, which is embedded at the hardware level. Chipsets from these series are widely used in smartphones, tablets, automotive…
##🟠 CVE-2026-7040 - High (7.5)
Text::Minify::XS versions from v0.3.0 before v0.7.8 for Perl have a heap overflow when processing some malformed UTF-8 characters.
The minify functions mishandled some malformed UTF-8 characters, leading to heap corruption.
Note that the minify_...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7040/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-7040 - High (7.5)
Text::Minify::XS versions from v0.3.0 before v0.7.8 for Perl have a heap overflow when processing some malformed UTF-8 characters.
The minify functions mishandled some malformed UTF-8 characters, leading to heap corruption.
Note that the minify_...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7040/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##7 posts
5 repos
https://github.com/baph00met/CVE-2026-41651
https://github.com/Vozec/CVE-2026-41651
https://github.com/dinosn/pack2theroot-lab
Telekom's security team warns: “Pack2TheRoot” (CVE-2026-41651) in PackageKit lets low‑privilege users install/remove system packages and escalate to root — patch to PackageKit ≥1.3.5 and apply distro updates now: https://www.heise.de/en/news/Pack2TheRoot-Security-vulnerability-affects-several-Linux-distributions-11273070.html 🔒🐧 #CyberSecurity #Linux
##Telekom's security team warns: “Pack2TheRoot” (CVE-2026-41651) in PackageKit lets low‑privilege users install/remove system packages and escalate to root — patch to PackageKit ≥1.3.5 and apply distro updates now: https://www.heise.de/en/news/Pack2TheRoot-Security-vulnerability-affects-several-Linux-distributions-11273070.html 🔒🐧 #CyberSecurity #Linux
##Pack2TheRoot : une faille vieille de 12 ans offre les clés de votre Linux à n’importe qui https://goodtech.info/pack2theroot-faille-linux-packagekit-root-cve-2026-41651/ #Sécurité #Àlaune
##🚨 CVE-2026-41651 (Pack2TheRoot)
PackageKit vulnerable to TOCTOU Race on Transaction Flags leads to arbitrary package installation as root
PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between and including versions 1.0.2 and 1.3.4 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition on transaction flags that allows unprivileged users to install packages as root and thus leads to a local privilege escalation. This is patched in version 1.3.5.
ℹ️ Additional info on ZEN SecDB https://secdb.nttzen.cloud/cve/detail/CVE-2026-41651
#nttdata #zen #secdb #infosec
#pack2theroot #cve2026411651 #packagekit #toctou
Pack2TheRoot (CVE-2026-41651): Cross-Distro Local Privilege Escalation Vulnerability
https://github.security.telekom.com/2026/04/pack2theroot-linux-local-privilege-escalation.html
Read on HackerWorkspace: https://hackerworkspace.com/article/pack2theroot-cve-2026-41651-cross-distro-local-privilege-escalation-vulnerability
##📈 CVE Published in last 7 days (2026-04-20 - 2026-04-27)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1459
Severity:
- Critical: 124
- High: 358
- Medium: 586
- Low: 70
- None: 321
Status:
- : 40
- Analyzed: 313
- Awaiting Analysis: 570
- Deferred: 238
- Modified: 9
- Received: 124
- Rejected: 23
- Undergoing Analysis: 142
Top CNAs:
- GitHub, Inc.: 326
- kernel.org: 257
- VulnCheck: 119
- VulDB: 114
- Oracle: 102
- MITRE: 69
- Wordfence: 67
- Canonical Ltd.: 46
- Mozilla Corporation: 42
- N/A: 40
Top Affected Products:
- UNKNOWN: 1040
- Openclaw: 42
- Mozilla Firefox: 39
- Mozilla Thunderbird: 38
- Oracle Mysql Server: 25
- Wwbn Avideo: 18
- Flowiseai Flowise: 18
- Uutils Coreutils: 14
- Silextechnology Sd-330ac Firmware: 11
- Gitlab: 11
Top EPSS Score:
- CVE-2026-5965 - 6.34 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5965)
- CVE-2026-41179 - 5.98 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-41179)
- CVE-2026-40887 - 4.56 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-40887)
- CVE-2026-38834 - 3.22 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-38834)
- CVE-2026-41176 - 2.79 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-41176)
- CVE-2026-21571 - 1.10 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21571)
- CVE-2026-6799 - 1.06 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6799)
- CVE-2026-24467 - 0.76 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24467)
- CVE-2026-41472 - 0.67 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-41472)
- CVE-2019-25714 - 0.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2019-25714)
🚨 CRITICAL: CVE-2026-6911 in AWS Ops Wheel — missing JWT signature checks allow unauth access & admin control over all tenants. Patch by redeploying from the updated repo! Details: https://radar.offseq.com/threat/cve-2026-6911-cwe-347-improper-verification-of-cry-0f0da004 #OffSeq #AWS #Vuln #JWT
##🔴 CVE-2026-6911 - Critical (9.8)
Missing JWT signature verification in AWS Ops Wheel allows unauthenticated attackers to forge JWT tokens and gain unintended administrative access to the application, including the ability to read, modify, and delete all application data across te...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6911/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Issue with AWS Ops Wheel (CVE-2026-6911 and CVE-2026-6912
Bulletin ID: 2026-018-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/04/24 09:15 AM PDT
Description:
AWS Ops Wheel is an open-source tool that helps teams make random selections using a virtua...
https://aws.amazon.com/security/security-bulletins/rss/2026-018-aws/
##🟠 CVE-2026-31952 - High (7.6)
Xibo is an open source digital signage platform with a web content management system and Windows display player software. Versions 1.7 through 4.4.0 have an SQL injection vulnerability in the API routes inside the CMS responsible for Filtering Dat...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31952/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-41429 - High (8.8)
arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, there is a remotely reachable memory corruption issue in the NBNS packet handling path. When NetBIOS is enabled b...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41429/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33662 - High (7.5)
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. From 3.8.0 to 4.10, in the function emsa_pkcs1_v1_5_encode() in core/drivers/crypto/c...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33662/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33662 - High (7.5)
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. From 3.8.0 to 4.10, in the function emsa_pkcs1_v1_5_encode() in core/drivers/crypto/c...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33662/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33666 - High (7.5)
Zserio is a framework for serializing structured data with a compact and efficient way with low overhead. Prior to 2.18.1, in BitStreamReader.h readBytes() / readString(), the setBitPosition() bounds check receives the overflowed value and is comp...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33666/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33666 - High (7.5)
Zserio is a framework for serializing structured data with a compact and efficient way with low overhead. Prior to 2.18.1, in BitStreamReader.h readBytes() / readString(), the setBitPosition() bounds check receives the overflowed value and is comp...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33666/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-41421 - High (8.8)
SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, SiYuan desktop renders notification messages as raw HTML inside an Electron renderer. The notification route POST /api/notification/pushMsg accepts a user-controlled ms...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41421/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-41421 - High (8.8)
SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, SiYuan desktop renders notification messages as raw HTML inside an Electron renderer. The notification route POST /api/notification/pushMsg accepts a user-controlled ms...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41421/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##