| CVE | CVSS | EPSS | Posts | Repos | Nuclei | Updated | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-53843 | 8.8 | 0.29% | 1 | 0 | 2026-06-17T21:03:35.460000 | OpenClaw before 2026.5.26 contains an authorization bypass vulnerability where a | |
| CVE-2026-53849 | 8.1 | 0.21% | 1 | 0 | 2026-06-17T21:03:01.847000 | OpenClaw before 2026.5.7 contains a privilege escalation vulnerability where the | |
| CVE-2026-53853 | 8.3 | 0.34% | 1 | 0 | 2026-06-17T21:01:52.893000 | OpenClaw before 2026.5.12 contains an argument pattern validation bypass in the | |
| CVE-2026-53866 | 8.1 | 0.27% | 1 | 0 | 2026-06-17T20:31:38.593000 | OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in shell in | |
| CVE-2026-3894 | 0 | 0.00% | 2 | 1 | 2026-06-17T20:20:10.920000 | Out-of-bounds Read vulnerability in RTI Connext Professional (Core Libraries) al | |
| CVE-2026-55200 | 8.1 | 0.00% | 2 | 0 | 2026-06-17T20:17:28.667000 | libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write | |
| CVE-2026-50656 | 7.8 | 0.39% | 6 | 0 | 2026-06-17T19:10:40.163000 | Microsoft is aware of an elevation of privilege in the Microsoft Malware Protect | |
| CVE-2026-48907 | 9.8 | 4.66% | 8 | 6 | template | 2026-06-17T18:36:17 | A vulnerability in the JCE editor extension for Joomla allows the creation of ne |
| CVE-2026-20190 | 7.5 | 0.00% | 2 | 0 | 2026-06-17T18:36:07 | A vulnerability in Cisco ISE and ISE-PIC could allow an unauthenticated, remote | |
| CVE-2026-20181 | 9.1 | 0.00% | 4 | 0 | 2026-06-17T18:36:07 | A vulnerability in Cisco ISE and ISE-PIC could allow an authenticated, remote at | |
| CVE-2026-54187 | 9.3 | 0.00% | 1 | 0 | 2026-06-17T18:35:59 | Unauthenticated SQL Injection in JetEngine <= 3.8.10.1 versions. | |
| CVE-2026-12442 | 8.8 | 0.39% | 1 | 0 | 2026-06-17T18:35:53 | Use after free in Passwords in Google Chrome on Android prior to 149.0.7827.155 | |
| CVE-2026-46850 | 9.9 | 0.45% | 1 | 0 | 2026-06-17T18:35:38 | Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell for V | |
| CVE-2026-5079 | 7.5 | 0.28% | 1 | 0 | 2026-06-17T18:12:28 | ### Impact Multer is vulnerable to a Denial of Service (DoS) via deeply nested | |
| CVE-2026-39560 | 8.1 | 0.00% | 1 | 0 | 2026-06-17T17:16:50.220000 | Unauthenticated PHP Object Injection in Hiroshi <= 1.5.1 versions. | |
| CVE-2026-22313 | 9.1 | 0.92% | 2 | 0 | 2026-06-17T17:16:43.687000 | The device has a webserver that exposes a REST API authenticated with a token on | |
| CVE-2026-47750 | 7.8 | 0.14% | 1 | 0 | 2026-06-17T15:16:58.713000 | stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable | |
| CVE-2019-25293 | 7.8 | 0.13% | 1 | 0 | 2026-06-17T15:16:33.170000 | BlueStacks App Player 2.4.44.62.57 contains an unquoted service path vulnerabili | |
| CVE-2026-12440 | 9.6 | 0.31% | 1 | 0 | 2026-06-17T14:49:58.487000 | Use after free in DigitalCredentials in Google Chrome on Windows prior to 149.0. | |
| CVE-2026-12441 | 8.8 | 0.29% | 1 | 0 | 2026-06-17T14:49:58.487000 | Use after free in File Input in Google Chrome on Linux prior to 149.0.7827.155 a | |
| CVE-2026-12443 | 8.8 | 0.44% | 1 | 0 | 2026-06-17T14:49:58.487000 | Use after free in Web Authentication in Google Chrome prior to 149.0.7827.155 al | |
| CVE-2026-47964 | 7.8 | 0.20% | 1 | 0 | 2026-06-17T13:20:42.017000 | DNG SDK versions 1.7.1 2536 and earlier are affected by a Heap-based Buffer Over | |
| CVE-2026-24228 | 7.8 | 0.16% | 4 | 0 | 2026-06-17T13:20:10.550000 | NVIDIA NeMo Framework for Linux contains a vulnerability where an attacker may c | |
| CVE-2026-24155 | 7.8 | 0.19% | 4 | 0 | 2026-06-17T13:20:10.417000 | NVIDIA NeMo Framework for all platforms contains a code injection vulnerability. | |
| CVE-2026-22312 | 8.6 | 0.23% | 2 | 0 | 2026-06-17T13:20:06.023000 | The device has a webserver that exposes a REST API authenticated with a constant | |
| CVE-2026-8176 | 7.5 | 0.35% | 1 | 0 | 2026-06-17T11:03:34.817000 | The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for W | |
| CVE-2026-5416 | 8.8 | 0.77% | 2 | 0 | 2026-06-17T10:58:59.553000 | Due to the improper neutralization of special elements used in a name parameter | |
| CVE-2026-52715 | 9.3 | 0.25% | 1 | 0 | 2026-06-17T10:57:51.463000 | Unauthenticated SQL Injection in GEO my WordPress <= 4.5.5 versions. | |
| CVE-2026-49110 | 7.5 | 0.24% | 1 | 0 | 2026-06-17T10:55:31.073000 | Unauthenticated Broken Authentication in Upsell Order Bump Offer for WooCommerce | |
| CVE-2026-49109 | 9.8 | 0.38% | 1 | 0 | 2026-06-17T10:55:30.973000 | Unauthenticated PHP Object Injection in Integration for Salesforce and Contact F | |
| CVE-2026-49106 | 9.8 | 0.38% | 1 | 0 | 2026-06-17T10:55:30.877000 | Unauthenticated PHP Object Injection in Integration for Contact Form 7 and Const | |
| CVE-2026-49105 | 9.8 | 0.38% | 1 | 1 | 2026-06-17T10:55:30.777000 | Unauthenticated PHP Object Injection in WP Zendesk for Contact Form 7, WPForms, | |
| CVE-2026-49104 | 9.8 | 0.38% | 1 | 1 | 2026-06-17T10:55:30.680000 | Unauthenticated PHP Object Injection in Integration for Keap/infusionsoft and Co | |
| CVE-2026-49085 | 9.8 | 0.38% | 1 | 1 | 2026-06-17T10:55:30.020000 | Unauthenticated PHP Object Injection in WP Insightly for Contact Form 7, WPForms | |
| CVE-2026-49068 | 7.5 | 0.40% | 1 | 0 | 2026-06-17T10:55:29.337000 | Subscriber Sensitive Data Exposure in Coupon Affiliates <= 7.8.1 versions. | |
| CVE-2026-49066 | 7.5 | 0.30% | 1 | 0 | 2026-06-17T10:55:29.137000 | Unauthenticated Sensitive Data Exposure in Conekta Payment Gateway <= 6.0.0 vers | |
| CVE-2026-49065 | 8.2 | 0.24% | 1 | 0 | 2026-06-17T10:55:29.037000 | Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce <= 1. | |
| CVE-2026-49064 | 7.5 | 0.24% | 1 | 0 | 2026-06-17T10:55:28.940000 | Insertion of Sensitive Information Into Sent Data vulnerability in Stiofan GetPa | |
| CVE-2026-49062 | 8.8 | 0.30% | 1 | 0 | 2026-06-17T10:55:28.747000 | Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Eng | |
| CVE-2026-49061 | 7.5 | 0.37% | 1 | 0 | 2026-06-17T10:55:28.650000 | Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce < | |
| CVE-2026-48853 | 0 | 0.57% | 1 | 0 | 2026-06-17T10:55:18.207000 | Deserialization of Untrusted Data and Allocation of Resources Without Limits or | |
| CVE-2026-48095 | 8.8 | 0.70% | 1 | 1 | 2026-06-17T10:54:50.997000 | 7-Zip is a file archiver with a high compression ratio. Versions 26.00 and prior | |
| CVE-2026-47777 | 7.5 | 0.17% | 1 | 0 | 2026-06-17T10:54:40.050000 | Mastodon is a free, open-source social network server based on ActivityPub. In v | |
| CVE-2026-47749 | 7.8 | 0.16% | 1 | 0 | 2026-06-17T10:54:39.427000 | stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable | |
| CVE-2026-39581 | 8.5 | 0.27% | 1 | 0 | 2026-06-17T10:42:19.677000 | Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic <= 1.1.4 | |
| CVE-2026-25089 | 9.8 | 2.66% | 1 | 2 | 2026-06-17T10:24:06.250000 | A improper neutralization of special elements used in an os command ('os command | |
| CVE-2026-12205 | 9.1 | 0.29% | 1 | 0 | 2026-06-17T10:14:40.940000 | Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, lea | |
| CVE-2026-12161 | 8.8 | 0.29% | 1 | 0 | 2026-06-17T10:14:38.280000 | Improper input validation in the SSH Elevate Shell feature in Devolutions Remot | |
| CVE-2026-12087 | 9.1 | 0.39% | 1 | 0 | 2026-06-17T10:14:37.383000 | Socket versions before 2.041 for Perl have an out-of-bounds heap read. In Socke | |
| CVE-2026-11832 | 9.1 | 0.33% | 1 | 0 | 2026-06-17T10:14:29.377000 | Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predicta | |
| CVE-2026-0843 | 6.3 | 0.20% | 1 | 0 | 2026-06-17T10:11:29.160000 | A vulnerability has been found in jiujiujia/victor123/wxw850227 jjjfood and jjjs | |
| CVE-2025-8088 | 8.8 | 81.35% | 1 | 32 | 2026-06-17T10:06:17.243000 | A path traversal vulnerability affecting the Windows version of WinRAR allows th | |
| CVE-2025-71261 | 8.6 | 0.21% | 1 | 0 | 2026-06-17T10:03:58.203000 | An attacker with network-level access between the SUSE Virtualization and Ranch | |
| CVE-2019-16534 | 6.1 | 0.80% | 1 | 0 | 2026-06-17T02:22:23.067000 | On DrayTek Vigor2925 devices with firmware 3.8.4.3, XSS exists via a crafted WAN | |
| CVE-2019-16533 | 6.1 | 0.80% | 1 | 0 | 2026-06-17T02:22:22.927000 | On DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect Access Control exi | |
| CVE-2017-9542 | 9.8 | 5.07% | 1 | 0 | 2026-06-17T01:28:19.940000 | D-Link DIR-615 Wireless N 300 Router allows authentication bypass via a modified | |
| CVE-2026-12317 | 7.5 | 0.31% | 1 | 0 | 2026-06-16T21:33:05 | Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox | |
| CVE-2026-12316 | 9.1 | 0.27% | 1 | 0 | 2026-06-16T21:33:05 | Mitigation bypass in the DOM: Security component. This vulnerability was fixed i | |
| CVE-2026-12314 | 7.5 | 0.27% | 1 | 0 | 2026-06-16T21:33:05 | Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox | |
| CVE-2026-12305 | 7.5 | 0.40% | 1 | 0 | 2026-06-16T21:33:04 | Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox | |
| CVE-2026-53864 | 8.1 | 0.25% | 1 | 0 | 2026-06-16T21:32:08 | OpenClaw before 2026.5.26 contains an insufficient sanitization vulnerability in | |
| CVE-2026-53855 | 8.1 | 0.27% | 1 | 0 | 2026-06-16T21:31:59 | OpenClaw before 2026.4.2 contains an inline-eval bypass vulnerability allowing a | |
| CVE-2026-53857 | 8.1 | 0.21% | 1 | 0 | 2026-06-16T21:31:59 | OpenClaw before 2026.5.3 contains a policy enforcement vulnerability where Zalo | |
| CVE-2026-12003 | None | 0.14% | 4 | 0 | 2026-06-16T21:31:56 | To allow builds of Python to be run from an in-tree layout (rather than an insta | |
| CVE-2026-12312 | 7.5 | 0.27% | 1 | 0 | 2026-06-16T21:31:56 | Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox | |
| CVE-2026-12310 | 7.5 | 0.27% | 1 | 0 | 2026-06-16T21:31:56 | Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox | |
| CVE-2026-12315 | 9.1 | 0.28% | 1 | 0 | 2026-06-16T21:31:56 | Mitigation bypass in the DOM: Security component. This vulnerability was fixed i | |
| CVE-2026-10649 | 8.6 | 0.46% | 1 | 0 | 2026-06-16T21:31:56 | A flaw was found in Pacemaker. An unauthenticated remote attacker can exploit an | |
| CVE-2026-12304 | 9.1 | 0.19% | 1 | 0 | 2026-06-16T21:31:55 | Same-origin policy bypass in the Networking: Cookies component. This vulnerabili | |
| CVE-2026-12289 | 8.8 | 0.32% | 1 | 0 | 2026-06-16T18:33:39 | Privilege escalation in the Graphics: WebRender component. This vulnerability wa | |
| CVE-2026-44932 | 8.8 | 0.49% | 1 | 0 | 2026-06-16T18:32:44 | Passing of unsanitized strings from DHCP replies into the wicked dhcp client bef | |
| CVE-2026-12328 | 8.1 | 0.30% | 1 | 0 | 2026-06-16T18:32:38 | Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbir | |
| CVE-2026-20253 | 9.8 | 1.73% | 2 | 3 | template | 2026-06-16T15:34:50 | In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform |
| CVE-2026-12398 | 7.5 | 0.89% | 1 | 0 | 2026-06-16T15:34:03 | A command injection vulnerability was found in galaxy_ng. The do_git_checkout() | |
| CVE-2026-11317 | None | 0.30% | 1 | 0 | 2026-06-16T15:34:02 | A denial of service security issue exists in the affected product. The security | |
| CVE-2026-40750 | 9.9 | 0.27% | 1 | 0 | 2026-06-16T12:32:12 | Unrestricted Upload of File with Dangerous Type vulnerability in themagnifico52 | |
| CVE-2026-8442 | 8.1 | 0.52% | 1 | 0 | 2026-06-16T12:32:12 | The WP Review Slider Pro plugin for WordPress is vulnerable to Arbitrary File De | |
| CVE-2025-68045 | 7.5 | 0.23% | 1 | 0 | 2026-06-16T12:32:07 | Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.12 versions. | |
| CVE-2026-52712 | 7.6 | 0.24% | 1 | 0 | 2026-06-16T12:32:07 | Subscriber SQL Injection in Attendance Manager <= 0.6.2 versions. | |
| CVE-2026-52711 | 7.5 | 0.23% | 1 | 0 | 2026-06-16T12:32:07 | Unauthenticated Broken Access Control in WooCommerce POS <= 1.8.14 versions. | |
| CVE-2026-49774 | 9.9 | 0.41% | 1 | 0 | 2026-06-16T12:32:07 | Improper Control of Generation of Code ('Code Injection') vulnerability in Filip | |
| CVE-2026-49772 | 9.3 | 0.24% | 1 | 0 | 2026-06-16T12:32:07 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2026-39574 | 9.3 | 0.23% | 1 | 0 | 2026-06-16T12:32:07 | Unauthenticated SQL Injection in InPost Gallery <= 2.1.4.6 versions. | |
| CVE-2026-39490 | 7.5 | 0.30% | 1 | 0 | 2026-06-16T12:32:07 | Unauthenticated Broken Access Control in JupiterX Core <= 4.14.1 versions. | |
| CVE-2026-8444 | 8.8 | 0.25% | 1 | 0 | 2026-06-16T09:32:42 | The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via | |
| CVE-2026-8443 | 8.8 | 0.25% | 1 | 0 | 2026-06-16T06:30:31 | The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via | |
| CVE-2026-6933 | 8.8 | 0.59% | 1 | 0 | 2026-06-16T06:30:31 | The Premmerce Dev Tools plugin for WordPress is vulnerable to Remote Code Execut | |
| CVE-2026-7273 | 8.8 | 0.28% | 1 | 0 | 2026-06-16T03:30:37 | A stack-based buffer overflow vulnerability in the CGI program of Zyxel GS1900-4 | |
| CVE-2026-20262 | 6.5 | 1.15% | 11 | 2 | 2026-06-15T21:31:39 | A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN | |
| CVE-2026-49112 | 7.5 | 0.33% | 1 | 0 | 2026-06-15T21:31:02 | Unauthenticated Path Traversal in Shared Files <= 1.7.64 versions. | |
| CVE-2026-49781 | 9.8 | 0.38% | 2 | 0 | 2026-06-15T21:31:02 | Unauthenticated PHP Object Injection in OttoKit <= 1.1.27 versions. | |
| CVE-2026-52693 | 9.3 | 0.30% | 2 | 0 | 2026-06-15T21:31:02 | Unauthenticated SQL Injection in eCommerce Product Catalog <= 3.5.5 versions. | |
| CVE-2026-49769 | 9.8 | 0.38% | 1 | 0 | 2026-06-15T21:31:02 | Unauthenticated PHP Object Injection in wpForo Forum <= 3.1.0 versions. | |
| CVE-2026-49768 | 9.8 | 0.55% | 1 | 0 | 2026-06-15T21:31:02 | Unauthenticated PHP Object Injection in Happyforms <= 1.26.13 versions. | |
| CVE-2026-49766 | 9.9 | 0.51% | 1 | 0 | 2026-06-15T21:31:02 | Subscriber Arbitrary File Deletion in WP User Manager <= 2.9.16 versions. | |
| CVE-2026-49765 | 9.8 | 0.38% | 1 | 0 | 2026-06-15T21:31:02 | Unauthenticated PHP Object Injection in Integration for Mailchimp and Contact Fo | |
| CVE-2026-49764 | 9.8 | 0.40% | 1 | 0 | 2026-06-15T21:31:02 | Unauthenticated Broken Authentication in RegistrationMagic <= 6.0.8.6 versions. | |
| CVE-2026-52703 | 9.6 | 0.35% | 2 | 0 | 2026-06-15T21:31:02 | Unauthenticated Path Traversal in FastDup <= 2.7.2 versions. | |
| CVE-2026-49763 | 9.8 | 0.38% | 1 | 0 | 2026-06-15T21:31:02 | Unauthenticated PHP Object Injection in Integration for Contact Form 7 HubSpot < | |
| CVE-2026-49780 | 8.8 | 0.28% | 1 | 0 | 2026-06-15T21:31:02 | Customer Privilege Escalation in Dokan <= 5.0.2 versions. | |
| CVE-2026-49776 | 9.3 | 0.29% | 1 | 0 | 2026-06-15T21:31:02 | Unauthenticated SQL Injection in GPTranslate – Multilingual AI Translation for W | |
| CVE-2026-49770 | 9.8 | 0.38% | 1 | 0 | 2026-06-15T21:31:02 | Unauthenticated PHP Object Injection in WP Travel Engine <= 6.7.12 versions. | |
| CVE-2026-52692 | 7.5 | 0.24% | 1 | 0 | 2026-06-15T21:31:02 | Unauthenticated Sensitive Data Exposure in Affiliates Manager <= 2.9.50 versions | |
| CVE-2026-52700 | 8.5 | 0.35% | 1 | 0 | 2026-06-15T21:31:02 | Subscriber SQL Injection in WCMultiShipping <= 3.0.2 versions. | |
| CVE-2026-52699 | 7.5 | 0.24% | 1 | 0 | 2026-06-15T21:31:02 | Unauthenticated Insecure Direct Object References (IDOR) in VikRentCar <= 1.4.5 | |
| CVE-2026-52697 | 8.5 | 0.35% | 1 | 0 | 2026-06-15T21:31:02 | Subscriber SQL Injection in Taskbuilder <= 5.0.7 versions. | |
| CVE-2026-52695 | 7.5 | 0.25% | 1 | 0 | 2026-06-15T21:31:02 | Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout <= 1.8.2 versions | |
| CVE-2026-9691 | 9.8 | 0.38% | 1 | 1 | 2026-06-15T21:31:02 | Unauthenticated PHP Object Injection in Integration for ActiveCampaign and Conta | |
| CVE-2026-52694 | 7.5 | 0.24% | 1 | 0 | 2026-06-15T21:31:02 | Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce <= 2 | |
| CVE-2026-49067 | 9.3 | 0.30% | 1 | 0 | 2026-06-15T21:30:59 | Unauthenticated SQL Injection in Advanced 301 and 302 Redirect <= 1.6.9 versions | |
| CVE-2026-49083 | 7.5 | 0.31% | 1 | 2 | 2026-06-15T21:30:59 | Contributor Privilege Escalation in LatePoint <= 5.5.1 versions. | |
| CVE-2026-54420 | 8.5 | 0.65% | 6 | 3 | 2026-06-15T21:30:32 | LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn bef | |
| CVE-2026-11526 | 9.8 | 2.46% | 1 | 0 | 2026-06-15T18:32:21 | GD versions before 2.86 for Perl allow OS command injection and file overwrite v | |
| CVE-2026-9863 | 7.5 | 0.57% | 1 | 0 | 2026-06-15T18:31:25 | Fortra BoKS Manager contains an OS command injection vulnerability in the client | |
| CVE-2026-9862 | 9.8 | 0.84% | 2 | 0 | 2026-06-15T18:31:25 | Fortra's Core Privileged Access Manager (BoKS) contains an OS command injection | |
| CVE-2026-49111 | 8.8 | 0.24% | 1 | 0 | 2026-06-15T15:31:40 | Incorrect Privilege Assignment vulnerability in ThemeGrill Masteriyo - LMS allow | |
| CVE-2026-52704 | 10.0 | 0.31% | 2 | 0 | 2026-06-15T15:31:39 | Improper Control of Generation of Code ('Code Injection') vulnerability in Edgar | |
| CVE-2026-5242 | 8.8 | 0.30% | 1 | 0 | 2026-06-15T15:31:39 | Improper neutralization of formula elements in a CSV file vulnerability in MIA T | |
| CVE-2026-34022 | None | 0.12% | 1 | 0 | 2026-06-15T15:31:32 | The Wertheim SafeController Family 65000, Controller 65000 - AssemblyVersion 6.1 | |
| CVE-2026-5482 | None | 0.45% | 1 | 0 | 2026-06-15T12:32:56 | Responsive FileManager's allows an unauthenticated attacker to upload files of a | |
| CVE-2026-12057 | 8.6 | 0.13% | 1 | 0 | 2026-06-15T12:32:51 | When the application executes the JavaScript script embedded in the PDF within t | |
| CVE-2026-44188 | 5.3 | 0.44% | 1 | 0 | 2026-06-15T12:32:51 | A flaw was found in Ansible Lightspeed. This vulnerability, related to insuffici | |
| CVE-2026-11860 | None | 0.36% | 1 | 0 | 2026-06-15T12:32:51 | Quick.CMS deserializes user-controlled data received over plaintext HTTP without | |
| CVE-2026-12221 | 8.0 | 0.37% | 1 | 0 | 2026-06-15T06:31:46 | A vulnerability was found in Yealink SIP-T46U 108.86.0.118. This impacts the fun | |
| CVE-2026-44488 | 7.5 | 0.49% | 1 | 0 | 2026-06-12T19:24:52 | ## Summary Axios versions `1.7.0` through `1.15.x` did not enforce configured r | |
| CVE-2026-44487 | None | 0.43% | 1 | 0 | 2026-06-12T19:24:48 | ## Summary Axios’s Node.js HTTP adapter may forward a `Proxy-Authorization` hea | |
| CVE-2026-48558 | 10.0 | 0.63% | 2 | 0 | 2026-06-12T18:32:06 | SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an aut | |
| CVE-2026-35273 | 9.8 | 0.72% | 2 | 3 | 2026-06-12T18:31:50 | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleS | |
| CVE-2026-53435 | 8.8 | 0.37% | 1 | 1 | 2026-06-10T18:31:45 | In Jenkins 2.567 and earlier, LTS 2.555.2 and earlier, it is possible for attack | |
| CVE-2026-11645 | 8.8 | 0.71% | 1 | 3 | 2026-06-09T18:30:35 | Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allo | |
| CVE-2026-42271 | 8.8 | 53.70% | 2 | 2 | template | 2026-06-09T13:07:08 | ### Impact Two endpoints used to preview an MCP server before saving it — `POST |
| CVE-2026-0257 | 9.1 | 18.58% | 2 | 10 | template | 2026-06-09T12:32:02 | Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of |
| CVE-2026-48017 | 8.8 | 0.58% | 1 | 1 | 2026-06-05T16:39:39 | ### Summary The `POST /runners/load-reader` endpoint in DbGate accepts a `funct | |
| CVE-2026-47684 | 7.7 | 0.38% | 1 | 0 | 2026-06-05T16:35:00 | Summary: The private IP blocklist regex used in the URL download feature does no | |
| CVE-2026-42824 | 6.5 | 0.50% | 3 | 0 | 2026-06-05T00:32:02 | Improper neutralization of special elements used in a command ('command injectio | |
| CVE-2026-8206 | 9.8 | 0.62% | 1 | 3 | 2026-06-02T06:30:33 | The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordP | |
| CVE-2026-42089 | 8.6 | 0.19% | 1 | 0 | 2026-05-26T23:10:40 | ### Impact `yeoman-environment` versions `>= 2.9.0` and `< 6.0.1` install missi | |
| CVE-2026-39808 | 9.8 | 66.17% | 1 | 5 | template | 2026-04-22T15:32:37 | A improper neutralization of special elements used in an os command ('os command |
| CVE-2026-39813 | 9.8 | 18.01% | 1 | 2 | 2026-04-14T18:30:41 | A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 thro | |
| CVE-2026-4272 | 8.1 | 0.45% | 1 | 0 | 2026-04-06T00:30:31 | Missing Authentication for Critical Function vulnerability in Honeywell Handheld | |
| CVE-2026-4020 | 7.5 | 2.98% | 4 | 0 | template | 2026-03-31T03:31:35 | The Gravity SMTP plugin for WordPress is vulnerable to Sensitive Information Exp |
| CVE-2026-2751 | 8.3 | 0.27% | 1 | 1 | 2026-02-27T15:34:20 | Blind SQL Injection via unsanitized array keys in Service Dependencies deletion. | |
| CVE-2026-21265 | 6.4 | 0.97% | 1 | 0 | 2026-01-13T18:31:19 | Windows Secure Boot stores Microsoft certificates in the UEFI KEK and DB. These | |
| CVE-2026-20953 | 8.4 | 0.60% | 1 | 0 | 2026-01-13T18:31:18 | Use after free in Microsoft Office allows an unauthorized attacker to execute co | |
| CVE-2026-20952 | 8.4 | 0.50% | 1 | 0 | 2026-01-13T18:31:18 | Use after free in Microsoft Office allows an unauthorized attacker to execute co | |
| CVE-2024-39683 | 5.7 | 0.61% | 1 | 0 | 2024-08-08T05:06:35 | ### Impact ZITADEL provides users the ability to list all user sessions of the | |
| CVE-2021-45464 | 8.8 | 0.38% | 1 | 0 | 2024-04-04T03:30:13 | kvmtool through 39181fc allows an out-of-bounds write, related to virtio/balloon | |
| CVE-2019-16193 | 5.4 | 0.62% | 1 | 0 | 2024-04-04T01:55:17 | In ArcGIS Enterprise 10.6.1, a crafted IFRAME element can be used to trigger a C | |
| CVE-2026-46701 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-12530 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-48814 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-8024 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-24252 | 0 | 0.00% | 3 | 0 | N/A | ||
| CVE-2026-4855 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-47103 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-48745 | 0 | 0.41% | 1 | 0 | N/A | ||
| CVE-2026-48797 | 0 | 0.44% | 1 | 0 | N/A | ||
| CVE-2026-47747 | 0 | 0.14% | 1 | 0 | N/A | ||
| CVE-2026-53776 | 0 | 0.36% | 1 | 0 | N/A | ||
| CVE-2026-48780 | 0 | 0.22% | 1 | 0 | N/A | ||
| CVE-2025-68615 | 0 | 42.69% | 1 | 0 | N/A | ||
| CVE-2026-48713 | 0 | 0.38% | 2 | 0 | N/A | ||
| CVE-2026-48714 | 0 | 0.38% | 2 | 0 | N/A | ||
| CVE-2026-48723 | 0 | 0.53% | 1 | 0 | N/A | ||
| CVE-2026-49757 | 0 | 0.44% | 1 | 0 | N/A |
updated 2026-06-17T21:03:35.460000
1 posts
🟠 CVE-2026-53843 - High (8.8)
OpenClaw before 2026.5.26 contains an authorization bypass vulnerability where a surviving pairing-scoped device session can re-establish node token authority after revocation. Attackers with a paired device can regain WebSocket node-level access ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-53843/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-17T21:03:01.847000
1 posts
🟠 CVE-2026-53849 - High (8.1)
OpenClaw before 2026.5.7 contains a privilege escalation vulnerability where the allowFrom feature improperly validates Discord account identity using mutable display names instead of immutable user IDs. Attackers with Discord accounts can change ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-53849/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-17T21:01:52.893000
1 posts
🟠 CVE-2026-53853 - High (8.3)
OpenClaw before 2026.5.12 contains an argument pattern validation bypass in the exec allowlist that allows attackers to execute disallowed arguments for allowlisted executables on Linux and macOS systems. Attackers can bypass configured argPattern...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-53853/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-17T20:31:38.593000
1 posts
🟠 CVE-2026-53866 - High (8.1)
OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in shell inline-command parsing that allows authenticated operators to execute unapproved commands. A command request using shell inline-command forms could route through a parse...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-53866/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-17T20:20:10.920000
2 posts
1 repos
CVE-2026-3894 (CRITICAL, CVSS 9.2): Out-of-bounds read in RTI Connext Professional (versions 7.4.0, 7.0.0, 6.1.0, 6.0.0, 5.3.0, 5.0.0). Remote exploitation possible, no patch yet. Monitor vendor updates! https://radar.offseq.com/threat/cve-2026-3894-cwe-125-out-of-bounds-read-in-rti-co-970a787b05fc31ca #OffSeq #CVE20263894 #ICS #vuln
##CVE-2026-3894 (CRITICAL, CVSS 9.2): Out-of-bounds read in RTI Connext Professional (versions 7.4.0, 7.0.0, 6.1.0, 6.0.0, 5.3.0, 5.0.0). Remote exploitation possible, no patch yet. Monitor vendor updates! https://radar.offseq.com/threat/cve-2026-3894-cwe-125-out-of-bounds-read-in-rti-co-970a787b05fc31ca #OffSeq #CVE20263894 #ICS #vuln
##updated 2026-06-17T20:17:28.667000
2 posts
Oh my.
https://nvd.nist.gov/vuln/detail/CVE-2026-55200
sev:HIGH 8.1 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
##libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce upper bounds on packet_length field. Remote attackers can send crafted SSH packets with excessively large packet_length values to corrupt heap memory and achieve remote code execution.
Oh my.
https://nvd.nist.gov/vuln/detail/CVE-2026-55200
sev:HIGH 8.1 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
##libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce upper bounds on packet_length field. Remote attackers can send crafted SSH packets with excessively large packet_length values to corrupt heap memory and achieve remote code execution.
updated 2026-06-17T19:10:40.163000
6 posts
Zero-Day 'RoguePlanet' in Microsoft Defender Grants System-Level Control
Microsoft Defender에서 발견된 'RoguePlanet' 제로데이 취약점은 TOCTOU 경쟁 조건을 악용해 일반 사용자 권한으로 SYSTEM 권한을 획득할 수 있는 심각한 로컬 권한 상승(LPE) 문제입니다. 이 취약점은 2026년 6월 패치 이후에도 작동하며, 공격자는 악성 파일을 Defender가 검사하는 순간 심볼릭 링크로 교체해 보호된 시스템 파일에 임의 쓰기 및 코드 실행이 가능합니다. Microsoft는 CVE-2026-50656으로 공식...
##New zero-day Local Privilege Escalation (EoP) flaw in Microsoft Defender: CVE-2026-50656 (RoguePlanet)! 🚨
Low-privilege users can abuse a TOCTOU race condition to hijack system paths and spawn an NT AUTHORITY\SYSTEM shell. Deep dive analysis here:👇
https://denizhalil.com/2026/06/18/cve-2026-50656-microsoft-defender-eop-vulnerability-analysis/
##New.
Tenable research advisories:
CRITICAL: CVE-2026-8024: iba ibaPDA / ibaDatCoordinator .NET Deserialization Remote Code Execution https://www.tenable.com/security/research/tra-2026-49 @tenable
Cisco:
CRITICAL: CVE-2026-20181 and CVE-2026-20190: Cisco Identity Services Engine Remote Code Execution and Information Disclosure Vulnerabilities
Three others of medium-severity: https://sec.cloudapps.cisco.com/security/center/publicationListing.x @TalosSecurity
Broadcom:
Several critical and high-severity vulnerabilities. A login is needed for details https://support.broadcom.com/web/ecx/security-advisory
Dell:
Several advisories, one of them critical:
CRITICAL: Security Update for Dell Data Protection Central Multiple Third-Party Component Vulnerabilities https://www.dell.com/support/kbdoc/en-us/000478330/dsa-2026-284-security-update-for-dell-data-protection-central-multiple-third-party-component-vulnerabilities
More: https://www.dell.com/support/security/en-us
Google:
Chrome Beta for iOS Update https://chromereleases.googleblog.com/
Yesterday:
Microsoft:
CVE-2026-50656: Microsoft Defender Elevation of Privilege Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50656
Nvidia:
Security Bulletin addressing CVE-2026-24155, CVE-2026-24252, and CVE-2026-24228:
NVIDIA NeMo - June 2026 https://nvidia.custhelp.com/app/answers/detail/a_id/5839 #Nvidia #Dell #Cisco #infosec #vulnerability #threatresearch #Broadcom #Google #Chrome #Microsoft #Windows
##New.
Tenable research advisories:
CRITICAL: CVE-2026-8024: iba ibaPDA / ibaDatCoordinator .NET Deserialization Remote Code Execution https://www.tenable.com/security/research/tra-2026-49 @tenable
Cisco:
CRITICAL: CVE-2026-20181 and CVE-2026-20190: Cisco Identity Services Engine Remote Code Execution and Information Disclosure Vulnerabilities
Three others of medium-severity: https://sec.cloudapps.cisco.com/security/center/publicationListing.x @TalosSecurity
Broadcom:
Several critical and high-severity vulnerabilities. A login is needed for details https://support.broadcom.com/web/ecx/security-advisory
Dell:
Several advisories, one of them critical:
CRITICAL: Security Update for Dell Data Protection Central Multiple Third-Party Component Vulnerabilities https://www.dell.com/support/kbdoc/en-us/000478330/dsa-2026-284-security-update-for-dell-data-protection-central-multiple-third-party-component-vulnerabilities
More: https://www.dell.com/support/security/en-us
Google:
Chrome Beta for iOS Update https://chromereleases.googleblog.com/
Yesterday:
Microsoft:
CVE-2026-50656: Microsoft Defender Elevation of Privilege Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50656
Nvidia:
Security Bulletin addressing CVE-2026-24155, CVE-2026-24252, and CVE-2026-24228:
NVIDIA NeMo - June 2026 https://nvidia.custhelp.com/app/answers/detail/a_id/5839 #Nvidia #Dell #Cisco #infosec #vulnerability #threatresearch #Broadcom #Google #Chrome #Microsoft #Windows
##🟠 CVE-2026-50656 - High (7.8)
Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender publicly referred to as "RoguePlanet ". We are working to provide a high quality security update that addresses this vulnera...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-50656/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Nightmare Eclipses RoguePlanet now has a CVE 🎉: https://nvd.nist.gov/vuln/detail/cve-2026-50656
Not any new detail in there & no fix yet (has only been a week, give them some time...).
Much less relevant but annoying me personally: It taking them a week to ... sorry, shit this out. Broken description in the CVE form & even in the MSRC page it's pretty obvious no one even proofread the non-description. Also empty Acknoledgement section despite link to the Github (not the first time btw)... at least they didn't have it taken down this time? 🙃
##updated 2026-06-17T18:36:17
8 posts
6 repos
https://github.com/ywh-jfellus/CVE-2026-48907
https://github.com/0xBlackash/CVE-2026-48907
https://github.com/87achrafg-stack/CVE-2026-48907
https://github.com/webshellseo8/CVE-2026-48907-Unauthenticated-RCE-in-JCE
Alert: CVE-2026-48907. A severe access control flaw in Widget Factory Joomla Content Editor allows unauthenticated PHP script execution. Lock down your CMS. Read our tactical engineering runbook for full IOCs and endpoint hardening steps. https://thecybermind.co/unjv
##URGENT: CVE-2026-48907 is seeing active exploitation in Joomla! JCE extensions. This critical RCE flaw allows unauthenticated attackers to take full control. Read our executive remediation brief to harden your environment now.
https://thecybermind.co/ic6z
#CyberSecurity #Joomla #Infosec #KEV
Alert: CVE-2026-48907. A severe access control flaw in Widget Factory Joomla Content Editor allows unauthenticated PHP script execution. Lock down your CMS. Read our tactical engineering runbook for full IOCs and endpoint hardening steps. https://thecybermind.co/unjv
##URGENT: CVE-2026-48907 is seeing active exploitation in Joomla! JCE extensions. This critical RCE flaw allows unauthenticated attackers to take full control. Read our executive remediation brief to harden your environment now.
https://thecybermind.co/ic6z
#CyberSecurity #Joomla #Infosec #KEV
⚠️ Vous administrez un site Joomla ?
Petit point sécurité : la faille CVE-2026-48907 touche l’extension **JCE / Joomla Content Editor **et elle est déjà exploitée automatiquement sur Internet.
👇 🩹
https://www.joomlacontenteditor.net/news/jce-security-update-and-a-free-patch-for-older-sites
En clair : un site vulnérable peut être compromis même sans compte public ni inscription ouverte.
À faire dès que possible:
• mettre JCE à jour en 2.9.99.6 ou plus récent
• vérifier les profils/comptes suspects
• changer les mots de passe admin, base de données et hébergement
• lancer un scan serveur
(La mise à jour ferme la porte, mais ne nettoie pas forcément ce qui aurait déjà été déposé.)
##🚨 New critical improper access control vulnerability tagged CVE-2026-48907, affecting Widget Factory Joomla Content Editor is seeing active exploitation in the wild as reported by CISA.
Vulnerability detection script available below:
https://github.com/rxerium/rxerium-templates/blob/main/2026/CVE-2026-48907.yaml
Patches and mitigations are available:
https://www.sentinelone.com/vulnerability-database/cve-2026-48907/
🚨 [CISA-2026:0616] CISA Adds One Known Exploited Vulnerability to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0616)
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2026-48907 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-48907)
- Name: Widget Factory Joomla Content Editor Improper Access Control Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Widget Factory
- Product: Joomla Content Editor
- Notes: https://www.joomlacontenteditor.net/news/jce-security-update-and-a-free-patch-for-older-sites ; https://www.joomlacontenteditor.net/support/changelog/editor ; BOD 26-04: https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk ; Forensics Triage Requirements: https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk ; https://nvd.nist.gov/vuln/detail/CVE-2026-48907
#ZEN #SecDB #InfoSec #CVE #CISA_KEV #cisa_20260616 #cisa20260616 #cve_2026_48907 #cve202648907
##CVE ID: CVE-2026-48907
Vendor: Widget Factory
Product: Joomla Content Editor
Date Added: 2026-06-16
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-48907
updated 2026-06-17T18:36:07
2 posts
New.
Tenable research advisories:
CRITICAL: CVE-2026-8024: iba ibaPDA / ibaDatCoordinator .NET Deserialization Remote Code Execution https://www.tenable.com/security/research/tra-2026-49 @tenable
Cisco:
CRITICAL: CVE-2026-20181 and CVE-2026-20190: Cisco Identity Services Engine Remote Code Execution and Information Disclosure Vulnerabilities
Three others of medium-severity: https://sec.cloudapps.cisco.com/security/center/publicationListing.x @TalosSecurity
Broadcom:
Several critical and high-severity vulnerabilities. A login is needed for details https://support.broadcom.com/web/ecx/security-advisory
Dell:
Several advisories, one of them critical:
CRITICAL: Security Update for Dell Data Protection Central Multiple Third-Party Component Vulnerabilities https://www.dell.com/support/kbdoc/en-us/000478330/dsa-2026-284-security-update-for-dell-data-protection-central-multiple-third-party-component-vulnerabilities
More: https://www.dell.com/support/security/en-us
Google:
Chrome Beta for iOS Update https://chromereleases.googleblog.com/
Yesterday:
Microsoft:
CVE-2026-50656: Microsoft Defender Elevation of Privilege Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50656
Nvidia:
Security Bulletin addressing CVE-2026-24155, CVE-2026-24252, and CVE-2026-24228:
NVIDIA NeMo - June 2026 https://nvidia.custhelp.com/app/answers/detail/a_id/5839 #Nvidia #Dell #Cisco #infosec #vulnerability #threatresearch #Broadcom #Google #Chrome #Microsoft #Windows
##New.
Tenable research advisories:
CRITICAL: CVE-2026-8024: iba ibaPDA / ibaDatCoordinator .NET Deserialization Remote Code Execution https://www.tenable.com/security/research/tra-2026-49 @tenable
Cisco:
CRITICAL: CVE-2026-20181 and CVE-2026-20190: Cisco Identity Services Engine Remote Code Execution and Information Disclosure Vulnerabilities
Three others of medium-severity: https://sec.cloudapps.cisco.com/security/center/publicationListing.x @TalosSecurity
Broadcom:
Several critical and high-severity vulnerabilities. A login is needed for details https://support.broadcom.com/web/ecx/security-advisory
Dell:
Several advisories, one of them critical:
CRITICAL: Security Update for Dell Data Protection Central Multiple Third-Party Component Vulnerabilities https://www.dell.com/support/kbdoc/en-us/000478330/dsa-2026-284-security-update-for-dell-data-protection-central-multiple-third-party-component-vulnerabilities
More: https://www.dell.com/support/security/en-us
Google:
Chrome Beta for iOS Update https://chromereleases.googleblog.com/
Yesterday:
Microsoft:
CVE-2026-50656: Microsoft Defender Elevation of Privilege Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50656
Nvidia:
Security Bulletin addressing CVE-2026-24155, CVE-2026-24252, and CVE-2026-24228:
NVIDIA NeMo - June 2026 https://nvidia.custhelp.com/app/answers/detail/a_id/5839 #Nvidia #Dell #Cisco #infosec #vulnerability #threatresearch #Broadcom #Google #Chrome #Microsoft #Windows
##updated 2026-06-17T18:36:07
4 posts
New.
Tenable research advisories:
CRITICAL: CVE-2026-8024: iba ibaPDA / ibaDatCoordinator .NET Deserialization Remote Code Execution https://www.tenable.com/security/research/tra-2026-49 @tenable
Cisco:
CRITICAL: CVE-2026-20181 and CVE-2026-20190: Cisco Identity Services Engine Remote Code Execution and Information Disclosure Vulnerabilities
Three others of medium-severity: https://sec.cloudapps.cisco.com/security/center/publicationListing.x @TalosSecurity
Broadcom:
Several critical and high-severity vulnerabilities. A login is needed for details https://support.broadcom.com/web/ecx/security-advisory
Dell:
Several advisories, one of them critical:
CRITICAL: Security Update for Dell Data Protection Central Multiple Third-Party Component Vulnerabilities https://www.dell.com/support/kbdoc/en-us/000478330/dsa-2026-284-security-update-for-dell-data-protection-central-multiple-third-party-component-vulnerabilities
More: https://www.dell.com/support/security/en-us
Google:
Chrome Beta for iOS Update https://chromereleases.googleblog.com/
Yesterday:
Microsoft:
CVE-2026-50656: Microsoft Defender Elevation of Privilege Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50656
Nvidia:
Security Bulletin addressing CVE-2026-24155, CVE-2026-24252, and CVE-2026-24228:
NVIDIA NeMo - June 2026 https://nvidia.custhelp.com/app/answers/detail/a_id/5839 #Nvidia #Dell #Cisco #infosec #vulnerability #threatresearch #Broadcom #Google #Chrome #Microsoft #Windows
##🚨 CRITICAL: CVE-2026-20181 in Cisco ISE (v3.1 – 3.5) allows authenticated attackers to run OS commands & escalate to root, risking DoS. Restrict admin access & monitor for patches. https://radar.offseq.com/threat/cve-2026-20181-improper-limitation-of-a-pathname-t-3c6d1c8d7d1de462 #OffSeq #Cisco #Vuln #BlueTeam
##New.
Tenable research advisories:
CRITICAL: CVE-2026-8024: iba ibaPDA / ibaDatCoordinator .NET Deserialization Remote Code Execution https://www.tenable.com/security/research/tra-2026-49 @tenable
Cisco:
CRITICAL: CVE-2026-20181 and CVE-2026-20190: Cisco Identity Services Engine Remote Code Execution and Information Disclosure Vulnerabilities
Three others of medium-severity: https://sec.cloudapps.cisco.com/security/center/publicationListing.x @TalosSecurity
Broadcom:
Several critical and high-severity vulnerabilities. A login is needed for details https://support.broadcom.com/web/ecx/security-advisory
Dell:
Several advisories, one of them critical:
CRITICAL: Security Update for Dell Data Protection Central Multiple Third-Party Component Vulnerabilities https://www.dell.com/support/kbdoc/en-us/000478330/dsa-2026-284-security-update-for-dell-data-protection-central-multiple-third-party-component-vulnerabilities
More: https://www.dell.com/support/security/en-us
Google:
Chrome Beta for iOS Update https://chromereleases.googleblog.com/
Yesterday:
Microsoft:
CVE-2026-50656: Microsoft Defender Elevation of Privilege Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50656
Nvidia:
Security Bulletin addressing CVE-2026-24155, CVE-2026-24252, and CVE-2026-24228:
NVIDIA NeMo - June 2026 https://nvidia.custhelp.com/app/answers/detail/a_id/5839 #Nvidia #Dell #Cisco #infosec #vulnerability #threatresearch #Broadcom #Google #Chrome #Microsoft #Windows
##🚨 CRITICAL: CVE-2026-20181 in Cisco ISE (v3.1 – 3.5) allows authenticated attackers to run OS commands & escalate to root, risking DoS. Restrict admin access & monitor for patches. https://radar.offseq.com/threat/cve-2026-20181-improper-limitation-of-a-pathname-t-3c6d1c8d7d1de462 #OffSeq #Cisco #Vuln #BlueTeam
##updated 2026-06-17T18:35:59
1 posts
CVE-2026-54187 - Critical SQLi in JetEngine <= 3.8.10.1. Unauthenticated exploit. CVSS 9.3. Update immediately. #CVE #WordPress #infosec
##updated 2026-06-17T18:35:53
1 posts
🔴 CRITICAL: CVE-2026-12442 — Chrome on Android <149.0.7827.155 has a use-after-free vuln in Passwords. Remote attackers can execute code via crafted HTML. Update Chrome now! https://radar.offseq.com/threat/cve-2026-12442-use-after-free-in-google-chrome-a5d127b6 #OffSeq #Chrome #Android #Vuln #InfoSec
##updated 2026-06-17T18:35:38
1 posts
Oracle's June 2026 CRITICAL update fixes 245 vulns (incl. CVE-2026-46850) in MySQL Shell, Router, NDB Cluster, Server (8.0.11-8.0.46, 8.4.0-8.4.9, 9.0.0-9.7.0, 2026.2.0+9.6.1). Patch promptly — no exploits yet. https://radar.offseq.com/threat/kwetsbaarheden-verholpen-in-oracle-mysql-producten-948cec13 #OffSeq #MySQL #Oracle #CVE202646850
##updated 2026-06-17T18:12:28
1 posts
🟠 CVE-2026-5079 - High (7.5)
Impact: multer versions 1.0.0 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service via deeply nested field names in multipart form data. The append-field dependency parses bracket notation in field names with no limit on nesting d...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5079/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-17T17:16:50.220000
1 posts
CVE-2026-39560 - Critical PHP Object Injection in Hiroshi <= 1.5.1. Unauthenticated exploit. CVSS 8.1. No patch available. Disable immediately. #CVE #infosec #PHP
##updated 2026-06-17T17:16:43.687000
2 posts
Command injection and hardcoded creds in Radiflow iSAP Smart Collector. Nice.
##🔴 CVE-2026-22313 - Critical (9.1)
The device has a webserver that exposes a REST API authenticated with a token on the management network. By exploiting an OS command injection vulnerability an authenticated attacker can send
arbitrary commands to the device that are executed with...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22313/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-17T15:16:58.713000
1 posts
🟠 CVE-2026-47750 - High (7.8)
stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. In versions prior to master-584-0a7ae07, the pickle .ckpt parser in src/model.cpp contained a heap bu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-47750/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-17T15:16:33.170000
1 posts
All* CVE reference URLs are either http, https, or ftp. Y'all need to up your weird protocol games!
*: There is one CVE with a typo in the reference url, https:/ (CVE-2019-25293)
##updated 2026-06-17T14:49:58.487000
1 posts
🚨 CRITICAL: CVE-2026-12440 in Chrome DigitalCredentials (Windows <149.0.7827.155) allows remote sandbox escape. Patch to 149.0.7827.155 ASAP! Exploitation risk is high. https://radar.offseq.com/threat/cve-2026-12440-use-after-free-in-google-chrome-c0fe93a4 #OffSeq #Chrome #InfoSec #Vulnerability
##updated 2026-06-17T14:49:58.487000
1 posts
🔒 CRITICAL: CVE-2026-12441 in Chrome <149.0.7827.155 on Linux — use-after-free in File Input. Remote attacker can trigger heap corruption via crafted HTML. Update Chrome ASAP! https://radar.offseq.com/threat/cve-2026-12441-use-after-free-in-google-chrome-643def61 #OffSeq #Chrome #Linux #Vuln
##updated 2026-06-17T14:49:58.487000
1 posts
🚩 CRITICAL: Chrome Web Authentication use-after-free (CVE-2026-12443) enables remote code execution in versions <149.0.7827.155. Patch immediately to stay secure. Vendor fix available. https://radar.offseq.com/threat/cve-2026-12443-use-after-free-in-google-chrome-564c6d01 #OffSeq #Chrome #InfoSec #Vuln
##updated 2026-06-17T13:20:42.017000
1 posts
🟠 CVE-2026-47964 - High (7.8)
DNG SDK versions 1.7.1 2536 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vic...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-47964/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-17T13:20:10.550000
4 posts
New.
Tenable research advisories:
CRITICAL: CVE-2026-8024: iba ibaPDA / ibaDatCoordinator .NET Deserialization Remote Code Execution https://www.tenable.com/security/research/tra-2026-49 @tenable
Cisco:
CRITICAL: CVE-2026-20181 and CVE-2026-20190: Cisco Identity Services Engine Remote Code Execution and Information Disclosure Vulnerabilities
Three others of medium-severity: https://sec.cloudapps.cisco.com/security/center/publicationListing.x @TalosSecurity
Broadcom:
Several critical and high-severity vulnerabilities. A login is needed for details https://support.broadcom.com/web/ecx/security-advisory
Dell:
Several advisories, one of them critical:
CRITICAL: Security Update for Dell Data Protection Central Multiple Third-Party Component Vulnerabilities https://www.dell.com/support/kbdoc/en-us/000478330/dsa-2026-284-security-update-for-dell-data-protection-central-multiple-third-party-component-vulnerabilities
More: https://www.dell.com/support/security/en-us
Google:
Chrome Beta for iOS Update https://chromereleases.googleblog.com/
Yesterday:
Microsoft:
CVE-2026-50656: Microsoft Defender Elevation of Privilege Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50656
Nvidia:
Security Bulletin addressing CVE-2026-24155, CVE-2026-24252, and CVE-2026-24228:
NVIDIA NeMo - June 2026 https://nvidia.custhelp.com/app/answers/detail/a_id/5839 #Nvidia #Dell #Cisco #infosec #vulnerability #threatresearch #Broadcom #Google #Chrome #Microsoft #Windows
##New.
Tenable research advisories:
CRITICAL: CVE-2026-8024: iba ibaPDA / ibaDatCoordinator .NET Deserialization Remote Code Execution https://www.tenable.com/security/research/tra-2026-49 @tenable
Cisco:
CRITICAL: CVE-2026-20181 and CVE-2026-20190: Cisco Identity Services Engine Remote Code Execution and Information Disclosure Vulnerabilities
Three others of medium-severity: https://sec.cloudapps.cisco.com/security/center/publicationListing.x @TalosSecurity
Broadcom:
Several critical and high-severity vulnerabilities. A login is needed for details https://support.broadcom.com/web/ecx/security-advisory
Dell:
Several advisories, one of them critical:
CRITICAL: Security Update for Dell Data Protection Central Multiple Third-Party Component Vulnerabilities https://www.dell.com/support/kbdoc/en-us/000478330/dsa-2026-284-security-update-for-dell-data-protection-central-multiple-third-party-component-vulnerabilities
More: https://www.dell.com/support/security/en-us
Google:
Chrome Beta for iOS Update https://chromereleases.googleblog.com/
Yesterday:
Microsoft:
CVE-2026-50656: Microsoft Defender Elevation of Privilege Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50656
Nvidia:
Security Bulletin addressing CVE-2026-24155, CVE-2026-24252, and CVE-2026-24228:
NVIDIA NeMo - June 2026 https://nvidia.custhelp.com/app/answers/detail/a_id/5839 #Nvidia #Dell #Cisco #infosec #vulnerability #threatresearch #Broadcom #Google #Chrome #Microsoft #Windows
##🟠 CVE-2026-24228 - High (7.8)
NVIDIA NeMo Framework for Linux contains a vulnerability where an attacker may cause deserialization of untrusted data. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, data tampering, and informatio...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24228/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Nvidia has a new advisory relating to CVE-2026-24155, CVE-2026-24252, and CVE-2026-24228, all high-severity:
Security Bulletin: NVIDIA NeMo - June 2026 https://nvidia.custhelp.com/app/answers/detail/a_id/5839 #Nvidia
Broadcom:
Seven advisories addressing one critical vulnerability and several high-severity flaws: You'll need a login for details.
CRITICAL: MICS 14.3, 14.4, and 14.5 Vulnerabilities
More: https://support.broadcom.com/web/ecx/security-advisory #Broadcom
Yesterday:
Google:
Chrome Dev for Desktop Update https://chromereleases.googleblog.com/ #Google #Chrome
Dell:
Update for a critical vulnerability yesterday that encompasses multiple CVEs:
Security Update for Dell PowerProtect DP Series Appliance (IDPA) Multiple Third-Party Component Vulnerabilities https://www.dell.com/support/kbdoc/en-us/000368282/dsa-2025-300-security-update-for-dell-powerprotect-dp-series-appliance-idpa-multiple-third-party-component-vulnerabilities #Dell #infosec #vulnerability
##updated 2026-06-17T13:20:10.417000
4 posts
New.
Tenable research advisories:
CRITICAL: CVE-2026-8024: iba ibaPDA / ibaDatCoordinator .NET Deserialization Remote Code Execution https://www.tenable.com/security/research/tra-2026-49 @tenable
Cisco:
CRITICAL: CVE-2026-20181 and CVE-2026-20190: Cisco Identity Services Engine Remote Code Execution and Information Disclosure Vulnerabilities
Three others of medium-severity: https://sec.cloudapps.cisco.com/security/center/publicationListing.x @TalosSecurity
Broadcom:
Several critical and high-severity vulnerabilities. A login is needed for details https://support.broadcom.com/web/ecx/security-advisory
Dell:
Several advisories, one of them critical:
CRITICAL: Security Update for Dell Data Protection Central Multiple Third-Party Component Vulnerabilities https://www.dell.com/support/kbdoc/en-us/000478330/dsa-2026-284-security-update-for-dell-data-protection-central-multiple-third-party-component-vulnerabilities
More: https://www.dell.com/support/security/en-us
Google:
Chrome Beta for iOS Update https://chromereleases.googleblog.com/
Yesterday:
Microsoft:
CVE-2026-50656: Microsoft Defender Elevation of Privilege Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50656
Nvidia:
Security Bulletin addressing CVE-2026-24155, CVE-2026-24252, and CVE-2026-24228:
NVIDIA NeMo - June 2026 https://nvidia.custhelp.com/app/answers/detail/a_id/5839 #Nvidia #Dell #Cisco #infosec #vulnerability #threatresearch #Broadcom #Google #Chrome #Microsoft #Windows
##New.
Tenable research advisories:
CRITICAL: CVE-2026-8024: iba ibaPDA / ibaDatCoordinator .NET Deserialization Remote Code Execution https://www.tenable.com/security/research/tra-2026-49 @tenable
Cisco:
CRITICAL: CVE-2026-20181 and CVE-2026-20190: Cisco Identity Services Engine Remote Code Execution and Information Disclosure Vulnerabilities
Three others of medium-severity: https://sec.cloudapps.cisco.com/security/center/publicationListing.x @TalosSecurity
Broadcom:
Several critical and high-severity vulnerabilities. A login is needed for details https://support.broadcom.com/web/ecx/security-advisory
Dell:
Several advisories, one of them critical:
CRITICAL: Security Update for Dell Data Protection Central Multiple Third-Party Component Vulnerabilities https://www.dell.com/support/kbdoc/en-us/000478330/dsa-2026-284-security-update-for-dell-data-protection-central-multiple-third-party-component-vulnerabilities
More: https://www.dell.com/support/security/en-us
Google:
Chrome Beta for iOS Update https://chromereleases.googleblog.com/
Yesterday:
Microsoft:
CVE-2026-50656: Microsoft Defender Elevation of Privilege Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50656
Nvidia:
Security Bulletin addressing CVE-2026-24155, CVE-2026-24252, and CVE-2026-24228:
NVIDIA NeMo - June 2026 https://nvidia.custhelp.com/app/answers/detail/a_id/5839 #Nvidia #Dell #Cisco #infosec #vulnerability #threatresearch #Broadcom #Google #Chrome #Microsoft #Windows
##🟠 CVE-2026-24155 - High (7.8)
NVIDIA NeMo Framework for all platforms contains a code injection vulnerability. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24155/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Nvidia has a new advisory relating to CVE-2026-24155, CVE-2026-24252, and CVE-2026-24228, all high-severity:
Security Bulletin: NVIDIA NeMo - June 2026 https://nvidia.custhelp.com/app/answers/detail/a_id/5839 #Nvidia
Broadcom:
Seven advisories addressing one critical vulnerability and several high-severity flaws: You'll need a login for details.
CRITICAL: MICS 14.3, 14.4, and 14.5 Vulnerabilities
More: https://support.broadcom.com/web/ecx/security-advisory #Broadcom
Yesterday:
Google:
Chrome Dev for Desktop Update https://chromereleases.googleblog.com/ #Google #Chrome
Dell:
Update for a critical vulnerability yesterday that encompasses multiple CVEs:
Security Update for Dell PowerProtect DP Series Appliance (IDPA) Multiple Third-Party Component Vulnerabilities https://www.dell.com/support/kbdoc/en-us/000368282/dsa-2025-300-security-update-for-dell-powerprotect-dp-series-appliance-idpa-multiple-third-party-component-vulnerabilities #Dell #infosec #vulnerability
##updated 2026-06-17T13:20:06.023000
2 posts
Command injection and hardcoded creds in Radiflow iSAP Smart Collector. Nice.
##🟠 CVE-2026-22312 - High (8.6)
The device has a webserver that exposes a REST API authenticated with a constant token. The unauthenticated API can be used by an attacker to get access to system settings, modify the configuration
and execute some commands (e.g. system reboot).
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22312/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-17T11:03:34.817000
1 posts
🟠 CVE-2026-8176 - High (7.5)
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation to Administrator in versions up to, and including, 5.5.1. The plugin chains three independent flaws that together allo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-8176/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-17T10:58:59.553000
2 posts
🟠 CVE-2026-5416 - High (8.8)
Due to the improper neutralization of special elements used in a name parameter a low privileged remote attacker can exploit a command injection vulnerability in the Managed Ethernet Switch, resulting in full system compromise.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5416/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
###OT #Advisory VDE-2026-038
TURCK: Multiple Vulnerabilities in Managed Ethernet Switches
Multiple vulnerabilities have been identified in the TBEN-Lx-SE-M2 firmware prior to version 2.1.2.0 in Managed Ethernet Switches.
#CVE CVE-2025-68615, CVE-2026-5416
https://certvde.com/en/advisories/vde-2026-038/
#CSAF https://turck.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-038.json
##updated 2026-06-17T10:57:51.463000
1 posts
🔴 CVE-2026-52715 - Critical (9.3)
Unauthenticated SQL Injection in GEO my WordPress <= 4.5.5 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-52715/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-17T10:55:31.073000
1 posts
🟠 CVE-2026-49110 - High (7.5)
Unauthenticated Broken Authentication in Upsell Order Bump Offer for WooCommerce <= 3.1.4 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-49110/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-17T10:55:30.973000
1 posts
🔴 CVE-2026-49109 - Critical (9.8)
Unauthenticated PHP Object Injection in Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.4.3 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-49109/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-17T10:55:30.877000
1 posts
🔴 CVE-2026-49106 - Critical (9.8)
Unauthenticated PHP Object Injection in Integration for Contact Form 7 and Constant Contact <= 1.1.6 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-49106/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-17T10:55:30.777000
1 posts
1 repos
🔴 CVE-2026-49105 - Critical (9.8)
Unauthenticated PHP Object Injection in WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.4 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-49105/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-17T10:55:30.680000
1 posts
1 repos
🔴 CVE-2026-49104 - Critical (9.8)
Unauthenticated PHP Object Injection in Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.2.1 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-49104/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-17T10:55:30.020000
1 posts
1 repos
🔴 CVE-2026-49085 - Critical (9.8)
Unauthenticated PHP Object Injection in WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.4 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-49085/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-17T10:55:29.337000
1 posts
🟠 CVE-2026-49068 - High (7.5)
Subscriber Sensitive Data Exposure in Coupon Affiliates <= 7.8.1 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-49068/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-17T10:55:29.137000
1 posts
🟠 CVE-2026-49066 - High (7.5)
Unauthenticated Sensitive Data Exposure in Conekta Payment Gateway <= 6.0.0 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-49066/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-17T10:55:29.037000
1 posts
🟠 CVE-2026-49065 - High (8.2)
Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce <= 1.9.5 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-49065/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-17T10:55:28.940000
1 posts
🟠 CVE-2026-49064 - High (7.5)
Insertion of Sensitive Information Into Sent Data vulnerability in Stiofan GetPaid allows Retrieve Embedded Sensitive Data.
This issue affects GetPaid: from n/a through 2.8.49.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-49064/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-17T10:55:28.747000
1 posts
🟠 CVE-2026-49062 - High (8.8)
Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Engine Faust.Js allows Password Recovery Exploitation.
This issue affects Faust.Js: from n/a through 1.8.7.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-49062/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-17T10:55:28.650000
1 posts
🟠 CVE-2026-49061 - High (7.5)
Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce <= 3.2.1 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-49061/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-17T10:55:18.207000
1 posts
🚨 CRITICAL: elixir-grpc grpc (0.4.0-<1.0.0) vulnerable to unauthenticated RCE & DoS via unsafe :erlang.binary_to_term/1 use. Patch status pending — restrict 'application/grpc+erlpack' inputs now! CVE-2026-48853 https://radar.offseq.com/threat/cve-2026-48853-cwe-502-deserialization-of-untruste-dc5cfe73 #OffSeq #elixir #CVE202648853 #infosec
##updated 2026-06-17T10:54:50.997000
1 posts
1 repos
Just two recent examples of vulnerablities from 7-Zip and RAR.
Also keep in mind that distros are not always great at updating and if you installed one of these yourself, it is also on you (plus neither autoupdate on Windows or macOS).
##updated 2026-06-17T10:54:40.050000
1 posts
🟠 CVE-2026-47777 - High (7.5)
Mastodon is a free, open-source social network server based on ActivityPub. In versions there is a missing condition in the check if remote accounts consented to be featured in a remote Collection could lead to attackers bypassing the check and fa...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-47777/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-17T10:54:39.427000
1 posts
🟠 CVE-2026-47749 - High (7.8)
stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. Versions prior to master-584-0a7ae07 are vulnerable to heap buffer overflow in SHORT_BINUNICODE parsin...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-47749/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-17T10:42:19.677000
1 posts
🟠 CVE-2026-39581 - High (8.5)
Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic <= 1.1.4 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-39581/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-17T10:24:06.250000
1 posts
2 repos
⚠️ CRITICAL: Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week
Fortinet FortiSandbox is under active exploitation for three critical unauthenticated RCE vulnerabilities (CVE-2026-39813, CVE-2026-39808, CVE-2026-25089). All three bypass authentication and allow arbitrary command execution via HTTP requests. Organizations running FortiSandbox are at immediate ri…
##updated 2026-06-17T10:14:40.940000
1 posts
🔴 CVE-2026-12205 - Critical (9.1)
Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery.
Crypt::DSA::sign caches the per-signature nonce material in the Key object without ever clearing it.
The first sign() on a Key object p...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-12205/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-17T10:14:38.280000
1 posts
🟠 CVE-2026-12161 - High (8.8)
Improper input validation in the SSH Elevate Shell feature in
Devolutions Remote Desktop Manager 2026.2.7 allows an authenticated user
with permission to create or modify a shared SSH entry to execute
arbitrary commands on a remote SSH host usi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-12161/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-17T10:14:37.383000
1 posts
🔴 CVE-2026-12087 - Critical (9.1)
Socket versions before 2.041 for Perl have an out-of-bounds heap read.
In Socket.xs, pack_ip_mreq_source() checks the length of its source argument before the argument is read, so the check tests the byte length carried over from the preceding mu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-12087/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-17T10:14:29.377000
1 posts
🔴 CVE-2026-11832 - Critical (9.1)
Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce.
The default nonce was generated using an MD5 hash of the epoch time, which is predictable.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-11832/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-17T10:11:29.160000
1 posts
https://www.cve.org/CVERecord?id=CVE-2026-0843 - do I dare click that reference... :neocat_scream_scared:
##updated 2026-06-17T10:06:17.243000
1 posts
32 repos
https://github.com/ilhamrzr/RAR-Anomaly-Inspector
https://github.com/jordan922/CVE-2025-8088
https://github.com/undefined-name12/CVE-2025-8088-Winrar
https://github.com/walidpyh/CVE-2025-8088
https://github.com/hbesljx/CVE-2025-8088-EXP
https://github.com/techcorp/CVE-2025-8088-Exploit
https://github.com/xi0onamdev/WinRAR-CVE-2025-8088-Exploitation-Toolkit
https://github.com/0xAbolfazl/CVE-2025-8088-WinRAR-PathTraversal-PoC
https://github.com/papcaii2004/CVE-2025-8088-WinRAR-builder
https://github.com/nhattanhh/CVE-2025-8088
https://github.com/pentestfunctions/CVE-2025-8088-Multi-Document
https://github.com/kitsuneshade/WinRAR-Exploit-Tool---Rust-Edition
https://github.com/shaheeryasirofficial/CVE-2025-8088
https://github.com/pentestfunctions/best-CVE-2025-8088
https://github.com/lennertdefauw/CVE-2025-8088
https://github.com/Markusino488/cve-2025-8088
https://github.com/IsmaelCosma/CVE-2025-8088
https://github.com/knight0x07/WinRAR-CVE-2025-8088-PoC-RAR
https://github.com/Shinkirou789/Cve-2025-8088-WinRar-vulnerability
https://github.com/hexsecteam/CVE-2025-8088-Winrar-Tool
https://github.com/onlytoxi/CVE-2025-8088-Winrar-Tool
https://github.com/sxyrxyy/CVE-2025-8088-WinRAR-Proof-of-Concept-PoC-Exploit-
https://github.com/travisbgreen/cve-2025-8088
https://github.com/nuky-alt/CVE-2025-8088
https://github.com/DeepBlue-dot/CVE-2025-8088-WinRAR-Startup-PoC
https://github.com/pexlexity/WinRAR-CVE-2025-8088-Path-Traversal-PoC
https://github.com/AdityaBhatt3010/CVE-2025-8088-WinRAR-Zero-Day-Path-Traversal
https://github.com/starfallreverie/winrar-exploit
https://github.com/Syrins/CVE-2025-8088-Winrar-Tool-Gui
https://github.com/pescada-dev/-CVE-2025-8088
https://github.com/aldisakti2/CVE-2025-8088-BUILDER-Winrar-Tool
Just two recent examples of vulnerablities from 7-Zip and RAR.
Also keep in mind that distros are not always great at updating and if you installed one of these yourself, it is also on you (plus neither autoupdate on Windows or macOS).
##updated 2026-06-17T10:03:58.203000
1 posts
🟠 CVE-2025-71261 - High (8.6)
An attacker with network-level access between the SUSE Virtualization
and Rancher Manager in SUSE Harvester before 1.8.0 could interfere with the TLS handshake and abuse it
to bypass TLS as a security control.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71261/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-17T02:22:23.067000
1 posts
Here, have some CVE references pointing to facebook posts...
https://www.cve.org/CVERecord?id=CVE-2019-16534
https://nvd.nist.gov/vuln/detail/CVE-2019-16533
https://nvd.nist.gov/vuln/detail/CVE-2019-16193
... would you be surprised they are all dead?
This one links a Facebook video which is also dead. At least it also links a Twitter post by the same person...
https://www.cve.org/CVERecord?id=CVE-2017-9542
...which just links to the dead Facebook post.
updated 2026-06-17T02:22:22.927000
1 posts
Here, have some CVE references pointing to facebook posts...
https://www.cve.org/CVERecord?id=CVE-2019-16534
https://nvd.nist.gov/vuln/detail/CVE-2019-16533
https://nvd.nist.gov/vuln/detail/CVE-2019-16193
... would you be surprised they are all dead?
This one links a Facebook video which is also dead. At least it also links a Twitter post by the same person...
https://www.cve.org/CVERecord?id=CVE-2017-9542
...which just links to the dead Facebook post.
updated 2026-06-17T01:28:19.940000
1 posts
Here, have some CVE references pointing to facebook posts...
https://www.cve.org/CVERecord?id=CVE-2019-16534
https://nvd.nist.gov/vuln/detail/CVE-2019-16533
https://nvd.nist.gov/vuln/detail/CVE-2019-16193
... would you be surprised they are all dead?
This one links a Facebook video which is also dead. At least it also links a Twitter post by the same person...
https://www.cve.org/CVERecord?id=CVE-2017-9542
...which just links to the dead Facebook post.
updated 2026-06-16T21:33:05
1 posts
🟠 CVE-2026-12317 - High (7.5)
Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-12317/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-16T21:33:05
1 posts
🔴 CVE-2026-12316 - Critical (9.1)
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-12316/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-16T21:33:05
1 posts
🟠 CVE-2026-12314 - High (7.5)
Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-12314/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-16T21:33:04
1 posts
🟠 CVE-2026-12305 - High (7.5)
Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-12305/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-16T21:32:08
1 posts
🟠 CVE-2026-53864 - High (8.1)
OpenClaw before 2026.5.26 contains an insufficient sanitization vulnerability in the host environment sanitizer that allows Node.js control variables to bypass validation. Attackers with access to workspace .env files, tool environment overrides, ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-53864/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-16T21:31:59
1 posts
🟠 CVE-2026-53855 - High (8.1)
OpenClaw before 2026.4.2 contains an inline-eval bypass vulnerability allowing authenticated operators to weaken strict allowlist checks via shell positional parameters. Attackers can combine allowlisted tools with shell positional arguments to pl...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-53855/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-16T21:31:59
1 posts
🟠 CVE-2026-53857 - High (8.1)
OpenClaw before 2026.5.3 contains a policy enforcement vulnerability where Zalo contacts with mutable display metadata could match allowFrom policy entries through display name changes. Attackers with mutable display names could receive agent resp...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-53857/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-16T21:31:56
4 posts
Who is affected by CVE-2026-12003? Anyone running CPython on Windows across 3.11.15, 3.12.13, 3.13.14, 3.14.6, 3.15.0b2 and earlier. Jake Yamaki of Bishop Fox showed that a low-privilege user can create a path CPython checks for in-tree builds and inject malicious library folders to escalate privileges. It is rated CVSSv4 5.3. With this many affected versions, how do you even inventory every CPython on a Windows fleet?
#Python #Security
Jake Yamaki of Bishop Fox disclosed CVE-2026-12003 in CPython. The interpreter's VPATH variable, combined with a Modules/setup.local landmark used to locate in-tree builds, lets a low-privilege Windows user create that path outside the install directory and inject malicious library folders, escalating privileges. Rated CVSSv4 5.3, it affects 3.11.15, 3.12.13, 3.13.14, 3.14.6, 3.15.0b2 and earlier. Should build-detection logic ever survive into a release binary?
#Python #Security
Who is affected by CVE-2026-12003? Anyone running CPython on Windows across 3.11.15, 3.12.13, 3.13.14, 3.14.6, 3.15.0b2 and earlier. Jake Yamaki of Bishop Fox showed that a low-privilege user can create a path CPython checks for in-tree builds and inject malicious library folders to escalate privileges. It is rated CVSSv4 5.3. With this many affected versions, how do you even inventory every CPython on a Windows fleet?
#Python #Security
Jake Yamaki of Bishop Fox disclosed CVE-2026-12003 in CPython. The interpreter's VPATH variable, combined with a Modules/setup.local landmark used to locate in-tree builds, lets a low-privilege Windows user create that path outside the install directory and inject malicious library folders, escalating privileges. Rated CVSSv4 5.3, it affects 3.11.15, 3.12.13, 3.13.14, 3.14.6, 3.15.0b2 and earlier. Should build-detection logic ever survive into a release binary?
#Python #Security
updated 2026-06-16T21:31:56
1 posts
🟠 CVE-2026-12312 - High (7.5)
Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-12312/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-16T21:31:56
1 posts
🟠 CVE-2026-12310 - High (7.5)
Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-12310/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-16T21:31:56
1 posts
🔴 CVE-2026-12315 - Critical (9.1)
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-12315/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-16T21:31:56
1 posts
🟠 CVE-2026-10649 - High (8.6)
A flaw was found in Pacemaker. An unauthenticated remote attacker can exploit an integer overflow vulnerability in the remote message decompression process. By sending a specially crafted compressed remote message before authentication, an attacke...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-10649/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-16T21:31:55
1 posts
🔴 CVE-2026-12304 - Critical (9.1)
Same-origin policy bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-12304/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-16T18:33:39
1 posts
🟠 CVE-2026-12289 - High (8.8)
Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-12289/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-16T18:32:44
1 posts
🟠 CVE-2026-44932 - High (8.8)
Passing of unsanitized strings from DHCP replies into the wicked dhcp client before wicked 0.6.79 could be used by attackers operating a malicious DHCP server to execute code on the local machine.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44932/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-16T18:32:38
1 posts
🟠 CVE-2026-12328 - High (8.1)
Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-12328/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-16T15:34:50
2 posts
3 repos
https://github.com/watchtowrlabs/watchTowr-vs-Splunk-CVE-2026-20253
Why Use App-Level Auth When Every Database Has Auth? (Splunk Enterprise CVE-2026-20253 Pre-Auth RCE) https://labs.watchtowr.com/why-use-app-level-auth-when-every-database-has-auth-splunk-enterprise-cve-2026-20253-pre-auth-rce/
##The vulnerability, tracked as CVE-2026-20253, is rated 9.8 on the CVSS scoring system. https://thehackernews.com/2026/06/critical-splunk-enterprise-flaw-lets.html
##updated 2026-06-16T15:34:03
1 posts
🟠 CVE-2026-12398 - High (7.5)
A command injection vulnerability was found in galaxy_ng. The do_git_checkout() function in the legacy role import API (v1) interpolates unsanitized git ref names (branch/tag names) into shell commands executed via subprocess.run() with shell=True...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-12398/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-16T15:34:02
1 posts
📰 CISA Warns of Disruptive DoS Flaw in Rockwell Automation Industrial Controllers
🏭 CISA WARNING 🏭 A denial-of-service flaw (CVE-2026-11317) affects widely-used Rockwell Automation industrial controllers. Exploitation can cause a major fault, halting operations. Isolate your ICS networks now! #ICS #OTsecurity #CISA #Vulnerability
🌐 cyber[.]netsecops[.]io
##updated 2026-06-16T12:32:12
1 posts
🔴 CVE-2026-40750 - Critical (9.9)
Unrestricted Upload of File with Dangerous Type vulnerability in themagnifico52 Kids Online Store allows Upload a Web Shell to a Web Server.
This issue affects Kids Online Store: from n/a through 0.8.9.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40750/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-16T12:32:12
1 posts
🟠 CVE-2026-8442 - High (8.1)
The WP Review Slider Pro plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 12.6.8. This is due to missing authorization checks on the wpfb_hide_review and wprp_save_review_admin AJAX handlers combined wi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-8442/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-16T12:32:07
1 posts
🟠 CVE-2025-68045 - High (7.5)
Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.12 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-68045/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-16T12:32:07
1 posts
🟠 CVE-2026-52712 - High (7.6)
Subscriber SQL Injection in Attendance Manager <= 0.6.2 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-52712/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-16T12:32:07
1 posts
🟠 CVE-2026-52711 - High (7.5)
Unauthenticated Broken Access Control in WooCommerce POS <= 1.8.14 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-52711/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-16T12:32:07
1 posts
🔴 CVE-2026-49774 - Critical (9.9)
Improper Control of Generation of Code ('Code Injection') vulnerability in Filipe Nasc RD Station allows Remote Code Inclusion.
This issue affects RD Station: from n/a through 5.6.0.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-49774/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-16T12:32:07
1 posts
🔴 CVE-2026-49772 - Critical (9.3)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Liquid Web / StellarWP The Events Calendar allows Blind SQL Injection.
This issue affects The Events Calendar: from 6.15.12 through 6.16.2.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-49772/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-16T12:32:07
1 posts
🔴 CVE-2026-39574 - Critical (9.3)
Unauthenticated SQL Injection in InPost Gallery <= 2.1.4.6 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-39574/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-16T12:32:07
1 posts
🟠 CVE-2026-39490 - High (7.5)
Unauthenticated Broken Access Control in JupiterX Core <= 4.14.1 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-39490/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-16T09:32:42
1 posts
🟠 CVE-2026-8444 - High (8.8)
The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'curselrevs[]' parameter of the wpfb_find_reviews AJAX action in versions up to, and including, 12.6.8. This is due to the handler reading $_POST['curselrevs'] ra...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-8444/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-16T06:30:31
1 posts
🟠 CVE-2026-8443 - High (8.8)
The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'stypes' and 'slocations' parameters of the wppro_get_overall_chart_data AJAX action in versions up to, and including, 12.6.8. This is due to the use of stripslas...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-8443/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-16T06:30:31
1 posts
🟠 CVE-2026-6933 - High (8.8)
The Premmerce Dev Tools plugin for WordPress is vulnerable to Remote Code Execution via missing authorization in versions up to and including 2.0. This is due to the 'generatePluginHandler' function lacking any authorization check before processin...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6933/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-16T03:30:37
1 posts
🟠 CVE-2026-7273 - High (8.8)
A stack-based buffer overflow vulnerability in the CGI program of Zyxel GS1900-48HPv2 firmware versions through 2.90(ABTQ.1)C0 could allow a LAN-based, unauthenticated attacker to exploit the flaw and potentially execute OS commands via a crafted...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7273/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-15T21:31:39
11 posts
2 repos
https://github.com/HORKimhab/CVE-2026-20262
https://github.com/fevar54/CVE-2026-20262-Cisco-Catalyst-SD-WAN-Manager-Arbitrary-File-Write-
📰 Actively Exploited Cisco SD-WAN Flaw Added to CISA KEV Catalog
⚠️ Cisco Catalyst SD-WAN Manager flaw CVE-2026-20262 is actively exploited! The bug allows root privilege escalation. CISA has added it to the KEV catalog, mandating a patch by June 29. Update now! #Cisco #CVE #CyberSecurity #KEV
🌐 cyber[.]netsecops[.]io
##Cisco recently became aware of the exploitation of CVE-2026-20262, a Catalyst SD-WAN Manager zero-day that allows arbitrary file write. https://www.securityweek.com/cisco-patches-another-sd-wan-zero-day-exploited-in-attacks/
##CRITICAL: Cisco Catalyst SD-WAN Manager CVE-2026-20262 is under active exploitation. Path traversal flaw allows unauthorized file access. Review our TSUITE forensic intelligence brief to secure your SD-WAN perimeter and prevent persistence https://thecybermind.co/jt3x
##CSUITE CRITICAL: Cisco Catalyst SD-WAN Manager CVE-2026-20262 is under active exploitation. Path traversal flaw allows unauthorized file access. Review our full forensic intelligence brief to secure your SD-WAN perimeter and prevent persistence. Act now. https://thecybermind.co/8bs2
##Cisco Patches Actively Exploited Zero-Day in Catalyst SD-WAN Manager
Cisco patched an actively exploited zero-day vulnerability (CVE-2026-20262) in its Catalyst SD-WAN Manager that allows authenticated attackers to gain root access through arbitrary file writes.
**Make sure your Cisco Catalyst SD-WAN Manager is isolated from the internet and reachable only from trusted networks. This is an actively exploited flaw so don't ignore it. Update ASAP to one of the fixed versions (20.9.9.2, 20.12.7.2, 20.15.4.5, 20.15.5.3, 20.18.3.1, or 26.1.1.2) and check your logs for suspicious uploads like `.war` or `index.jsp` files.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/cisco-patches-actively-exploited-zero-day-in-catalyst-sd-wan-manager-o-3-y-2-f/gD2P6Ple2L
📺 https://peer.adalta.social/w/bStPSWakC38ot6mLXeR2AS
🔗 [🇩🇪🇺🇸🇫🇷](https://adalta.info/articles/116759030500907559_fr)
🔗 [ℹ️](https://www.pc-fluesterer.info/wordpress/2026/06/16/neue-woche-neues-zero-day-sicherheitsloch-bei-cisco/")
La vulnérabilité CVE-2026-20262 confirme la cadence infernale des correctifs chez le géant américain, exposant des milliers de réseaux d'entreprise à une prise de contrôle distante.
##🚨 CRITICAL: Cisco Catalyst SD-WAN Manager zero-day (CVE-2026-20262) exploited in the wild. Attackers w/ write access can escalate to root via crafted HTTP requests. Patch now & review access controls! https://radar.offseq.com/threat/cisco-patches-another-sd-wan-zero-day-exploited-in-e2c68ff5 #OffSeq #Cisco #ZeroDay #Vuln
##🚨 [CISA-2026:0615] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0615)
CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2026-20262 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20262)
- Name: Cisco Catalyst SD-WAN Manager Directory or Path Traversal Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manager
- Notes: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-arbfw-c2rZvQ ; BOD 26-04: https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk ; Forensics Triage Requirements: https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk ; https://nvd.nist.gov/vuln/detail/CVE-2026-20262
⚠️ CVE-2026-54420 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-54420)
- Name: LiteSpeed cPanel Plugin UNIX Symbolic Link (Symlink) Following Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: LiteSpeed
- Product: cPanel Plugin
- Notes: https://blog.litespeedtech.com/2026/06/01/security-update-for-litespeed-cpanel-plugin-2/ ; BOD 26-04: https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk ; Forensics Triage Requirements: https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk ; https://nvd.nist.gov/vuln/detail/CVE-2026-54420
#ZEN #SecDB #InfoSec #CVE #CISA_KEV #cisa_20260615 #cisa20260615 #cve_2026_20262 #cve_2026_54420 #cve202620262 #cve202654420
##CVE ID: CVE-2026-20262
Vendor: Cisco
Product: Catalyst SD-WAN Manager
Date Added: 2026-06-15
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-20262
Cisco fixes SD-WAN vManage flaw exploited in zero-day attacks
Cisco has released security updates to address a vulnerability in the Catalyst SD-WAN Manager, tracked as CVE-2026-20262, that was exploited in...
🔗️ [Bleepingcomputer] https://link.is.it/fhfuuC
##Broadcom has a new advisory for a critical vulnerability:
Endevor Bridge for Git 2.4.4 to 2.15.19 Vulnerabilities https://support.broadcom.com/web/ecx/security-advisory
Cisco:
Medium-severity: CVE-2026-20262: Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-arbfw-c2rZvQ
Cisco has also tagged Microsoft for a zero-day report, expected on June 16 https://talosintelligence.com/vulnerability_info @TalosSecurity
#Cisco #Broadcom #infosec #vulnerability
updated 2026-06-15T21:31:02
1 posts
🟠 CVE-2026-49112 - High (7.5)
Unauthenticated Path Traversal in Shared Files <= 1.7.64 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-49112/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-15T21:31:02
2 posts
🚨 CVE-2026-49781 (CRITICAL): Brainstorm Force OttoKit <=1.1.27 is vulnerable to unauthenticated PHP object injection (CWE-502). Full system compromise possible. No patch — restrict access & monitor for threats. https://radar.offseq.com/threat/cve-2026-49781-cwe-502-deserialization-of-untruste-18974828 #OffSeq #Vulnerability #AppSec #PHP
##🔴 CVE-2026-49781 - Critical (9.8)
Unauthenticated PHP Object Injection in OttoKit <= 1.1.27 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-49781/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-15T21:31:02
2 posts
🔴 CRITICAL: CVE-2026-52693 in impleCode eCommerce Product Catalog <=3.5.5 enables unauthenticated SQL Injection. Sensitive data at risk — patch status unconfirmed. Apply input validation & watch for vendor updates. https://radar.offseq.com/threat/cve-2026-52693-cwe-89-improper-neutralization-of-s-53fcc5a2 #OffSeq #SQLInjection #Infosec #Vuln
##🔴 CVE-2026-52693 - Critical (9.3)
Unauthenticated SQL Injection in eCommerce Product Catalog <= 3.5.5 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-52693/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-15T21:31:02
1 posts
🔴 CVE-2026-49769 - Critical (9.8)
Unauthenticated PHP Object Injection in wpForo Forum <= 3.1.0 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-49769/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-15T21:31:02
1 posts
🔴 CVE-2026-49768 - Critical (9.8)
Unauthenticated PHP Object Injection in Happyforms <= 1.26.13 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-49768/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-15T21:31:02
1 posts
🔴 CVE-2026-49766 - Critical (9.9)
Subscriber Arbitrary File Deletion in WP User Manager <= 2.9.16 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-49766/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-15T21:31:02
1 posts
🔴 CVE-2026-49765 - Critical (9.8)
Unauthenticated PHP Object Injection in Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.8 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-49765/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-15T21:31:02
1 posts
🔴 CVE-2026-49764 - Critical (9.8)
Unauthenticated Broken Authentication in RegistrationMagic <= 6.0.8.6 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-49764/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-15T21:31:02
2 posts
⚠️ CRITICAL: CVE-2026-52703 in Ninja Team FastDup (<=2.7.2) enables unauthenticated path traversal. Attackers could access restricted files. Monitor for vendor updates and restrict access! https://radar.offseq.com/threat/cve-2026-52703-cwe-35-path-traversal-in-ninja-team-07f46330 #OffSeq #vulnerability #infosec
##🔴 CVE-2026-52703 - Critical (9.6)
Unauthenticated Path Traversal in FastDup <= 2.7.2 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-52703/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-15T21:31:02
1 posts
🔴 CVE-2026-49763 - Critical (9.8)
Unauthenticated PHP Object Injection in Integration for Contact Form 7 HubSpot <= 1.3.7 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-49763/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-15T21:31:02
1 posts
🟠 CVE-2026-49780 - High (8.8)
Customer Privilege Escalation in Dokan <= 5.0.2 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-49780/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-15T21:31:02
1 posts
🔴 CVE-2026-49776 - Critical (9.3)
Unauthenticated SQL Injection in GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites <= 2.32.6 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-49776/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-15T21:31:02
1 posts
🔴 CVE-2026-49770 - Critical (9.8)
Unauthenticated PHP Object Injection in WP Travel Engine <= 6.7.12 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-49770/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-15T21:31:02
1 posts
🟠 CVE-2026-52692 - High (7.5)
Unauthenticated Sensitive Data Exposure in Affiliates Manager <= 2.9.50 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-52692/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-15T21:31:02
1 posts
🟠 CVE-2026-52700 - High (8.5)
Subscriber SQL Injection in WCMultiShipping <= 3.0.2 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-52700/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-15T21:31:02
1 posts
🟠 CVE-2026-52699 - High (7.5)
Unauthenticated Insecure Direct Object References (IDOR) in VikRentCar <= 1.4.5 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-52699/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-15T21:31:02
1 posts
🟠 CVE-2026-52697 - High (8.5)
Subscriber SQL Injection in Taskbuilder <= 5.0.7 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-52697/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-15T21:31:02
1 posts
🟠 CVE-2026-52695 - High (7.5)
Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout <= 1.8.2 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-52695/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-15T21:31:02
1 posts
1 repos
🔴 CVE-2026-9691 - Critical (9.8)
Unauthenticated PHP Object Injection in Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.1 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-9691/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-15T21:31:02
1 posts
🟠 CVE-2026-52694 - High (7.5)
Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce <= 2.0 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-52694/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-15T21:30:59
1 posts
🔴 CVE-2026-49067 - Critical (9.3)
Unauthenticated SQL Injection in Advanced 301 and 302 Redirect <= 1.6.9 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-49067/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-15T21:30:59
1 posts
2 repos
🟠 CVE-2026-49083 - High (7.5)
Contributor Privilege Escalation in LatePoint <= 5.5.1 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-49083/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-15T21:30:32
6 posts
3 repos
https://github.com/HORKimhab/CVE-2026-54420
https://github.com/Resellnom/litespeed-cpanel-cve-2026-54420-fix
https://github.com/mahfuzreham/litespeed-cpanel-cve-2026-54420-fix
🔵 THREAT INTELLIGENCE
CISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege Escalation
Vulnerability | CRITICAL
CVEs: CVE-2026-54420
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given U.S. government agencies three days to secure their servers against an...
Full analysis:
https://www.yazoul.net/news/article/cisa-flags-litespeed-cpanel-plugin-flaw-exploited-for-root-privilege-escalation
"CISA warns of another cPanel plugin flaw exploited in attacks"
"[...] government agencies three days to secure their servers against an actively exploited vulnerability (CVE-2026-54420) in the LiteSpeed cPanel user-end plugin. Cybersecurity and Infrastructure Security Agency (CISA) has given U.S. The U.S."
##Stop symlink privilege escalation in its tracks. The Cyber Mind Co. has deployed the T-Suite Defense Playbook for CVE-2026-54420, featuring kernel overrides and FIM rules to protect LiteSpeed cPanel environments. Lock down your shared hosting infrastructure now: https://thecybermind.co/q7ni
##Active exploitation verified by CISA: CVE-2026-54420 exposes LiteSpeed cPanel environments to critical symlink privilege escalation. Threat actors are actively breaching shared hosting isolation. Read the full high-authority C-Suite briefing from The Cyber Mind Co. to harden your perimeter right now. https://thecybermind.co/ez9o
##🚨 [CISA-2026:0615] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0615)
CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2026-20262 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20262)
- Name: Cisco Catalyst SD-WAN Manager Directory or Path Traversal Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manager
- Notes: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-arbfw-c2rZvQ ; BOD 26-04: https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk ; Forensics Triage Requirements: https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk ; https://nvd.nist.gov/vuln/detail/CVE-2026-20262
⚠️ CVE-2026-54420 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-54420)
- Name: LiteSpeed cPanel Plugin UNIX Symbolic Link (Symlink) Following Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: LiteSpeed
- Product: cPanel Plugin
- Notes: https://blog.litespeedtech.com/2026/06/01/security-update-for-litespeed-cpanel-plugin-2/ ; BOD 26-04: https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk ; Forensics Triage Requirements: https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk ; https://nvd.nist.gov/vuln/detail/CVE-2026-54420
#ZEN #SecDB #InfoSec #CVE #CISA_KEV #cisa_20260615 #cisa20260615 #cve_2026_20262 #cve_2026_54420 #cve202620262 #cve202654420
##CVE ID: CVE-2026-54420
Vendor: LiteSpeed
Product: cPanel Plugin
Date Added: 2026-06-15
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-54420
updated 2026-06-15T18:32:21
1 posts
Perl's GD module released 2.86 to fix CVE-2026-11526, a command-injection flaw where GD::Image constructors passed untrusted filenames to Perl's 2-argument open(), so a name beginning or ending with a pipe, or starting with a redirect, ran as a shell command or truncated a file. The fix opens filenames with a 3-argument read open. In-memory Data constructors were never affected. Is 2-arg open() still lurking in your dependencies?
#Perl #security
updated 2026-06-15T18:31:25
1 posts
🟠 CVE-2026-9863 - High (7.5)
Fortra BoKS Manager contains an OS command injection vulnerability in the client upgrade and patch tooling for legacy tar-based client installations. A malicious or compromised legacy tar-installed client selected for upgrade or patching may be ab...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-9863/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-15T18:31:25
2 posts
🔴 CVE-2026-9862 - Critical (9.8)
Fortra's
Core Privileged Access Manager (BoKS) contains an OS command injection vulnerability in the boks_autoregisterd service. A remote attacker with network access to the service may be able to cause commands to be executed with the privileg...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-9862/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CRITICAL: CVE-2026-9862 in Fortra Core Privileged Access Manager (BoKS) allows unauthenticated remote OS command injection via boks_autoregisterd (CVSS 9.8). Restrict network access & monitor activity. No patch yet. https://radar.offseq.com/threat/cve-2026-9862-cwe-78-improper-neutralization-of-sp-0a9c664a #OffSeq #CVE20269862 #Infosec
##updated 2026-06-15T15:31:40
1 posts
🟠 CVE-2026-49111 - High (8.8)
Incorrect Privilege Assignment vulnerability in ThemeGrill Masteriyo - LMS allows Privilege Escalation.
This issue affects Masteriyo - LMS: from n/a through 2.2.0.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-49111/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-15T15:31:39
2 posts
🔴 CVE-2026-52704 - Critical (10)
Improper Control of Generation of Code ('Code Injection') vulnerability in Edgar Rojas WooCommerce PDF Invoice Builder allows Remote Code Inclusion.
This issue affects WooCommerce PDF Invoice Builder: from n/a through 2.0.8.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-52704/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CRITICAL: CVE-2026-52704 in WooCommerce PDF Invoice Builder ≤2.0.8 enables remote code execution via code injection (CWE-94). No patch yet — disable/remove plugin to prevent full system compromise. More info: https://radar.offseq.com/threat/cve-2026-52704-cwe-94-improper-control-of-generati-76aad4c5 #OffSeq #WordPress #Vuln
##updated 2026-06-15T15:31:39
1 posts
🟠 CVE-2026-5242 - High (8.8)
Improper neutralization of formula elements in a CSV file vulnerability in MIA Technology Inc. Pizzy Library allows Code Injection.
This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5242/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-15T15:31:32
1 posts
Trawling recent CVEs to make my brain stfu, stumbled across these:
https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-wertheim-safecontroller-hardware-for-vault-rooms-safe-deposit-locker-system-microcontroller/ / https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-wertheim-safecontroller-software-for-vault-rooms-safe-deposit-locker-system/ / https://db.gcve.eu/search?vendor=Wertheim+GmbH&sort_sources%5B%5D=cvelistv5
I dont know much about safes & stuff so I won't comment on impact but a few things stood out to me:
updated 2026-06-15T12:32:56
1 posts
🚨 CVE-2026-5482 (CRITICAL): Tecrail Responsive FileManager ≤9.14.0 lets unauth'd attackers upload dangerous files via dialog.php, leading to RCE. Project is unmaintained — no patch. Restrict access & monitor now. https://radar.offseq.com/threat/cve-2026-5482-cwe-434-unrestricted-upload-of-file--d1d3c74e #OffSeq #RCE #Vulnerability
##updated 2026-06-15T12:32:51
1 posts
🟠 CVE-2026-12057 - High (8.6)
When the application executes the JavaScript script embedded in the PDF within the sandbox, it fails to intercept some dangerous interfaces, which allows remote scripts to be loaded, resulting in arbitrary code execution.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-12057/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-15T12:32:51
1 posts
🚩 Red Hat Ansible Automation Platform 2.7 container update resolves HIGH severity issues (CVE-2026-44188 & more). Flaws include resource mgmt errors & info exposure. No known exploitation, but update ASAP after prior errata. https://radar.offseq.com/threat/red-hat-security-advisory-red-hat-ansible-automati-6de4942c #OffSeq #RedHat #Ansible #Vuln
##updated 2026-06-15T12:32:51
1 posts
⚠️ CVE-2026-11860 (HIGH): OpenSolution Quick.CMS vulnerable to deserialization of untrusted data over HTTP. Remote code execution possible if admin accesses panel. Upgrade to v6.8+ to enforce HTTPS and mitigate risk. https://radar.offseq.com/threat/cve-2026-11860-cwe-502-deserialization-of-untruste-3d43127c #OffSeq #infosec #vuln #php
##updated 2026-06-15T06:31:46
1 posts
🔎 CVE-2026-12221: HIGH severity stack-based buffer overflow in Yealink SIP-T46U (108.86.0.118). Exploitable via local network — potential code execution or DoS. No fix yet; restrict device access & monitor updates. https://radar.offseq.com/threat/cve-2026-12221-stack-based-buffer-overflow-in-yeal-97330930 #OffSeq #VoIP #Infosec
##updated 2026-06-12T19:24:52
1 posts
🟠 CVE-2026-44488 - High (7.5)
Axios is a promise based HTTP client for the browser and Node.js. Axios versions 1.7.0 through 1.15.x did not enforce configured request and response size limits when requests were sent with the fetch adapter. Applications that selected adapter: '...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44488/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-12T19:24:48
1 posts
🟠 CVE-2026-44487 - High (7.5)
Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’s Node.js HTTP adapter may forward a Proxy-Authorization header to a redirected origin during specific proxy-to-direct redirect flows. This affec...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44487/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-12T18:32:06
2 posts
📢 CVE-2026-48558 : Contournement d'authentification critique dans SimpleHelp via OIDC
📝 ## 🔍 Contexte
Le 12 juin 2026, Horizon3.ai publie une divulgation technique concernant **CVE-2026-4855...
📖 cyberveille : https://cyberveille.ch/posts/2026-06-17-cve-2026-48558-contournement-d-authentification-critique-dans-simplehelp-via-oidc/
🌐 source : https://horizon3.ai/attack-research/disclosures/cve-2026-48558-simplehelp-authentication-bypass-iocs/
#CVE_2026_48558 #IOC #Cyberveille
📢 CVE-2026-48558 : Contournement d'authentification critique dans SimpleHelp via OIDC
📝 ## 🔍 Contexte
Le 12 juin 2026, Horizon3.ai publie une divulgation technique concernant **CVE-2026-4855...
📖 cyberveille : https://cyberveille.ch/posts/2026-06-17-cve-2026-48558-contournement-d-authentification-critique-dans-simplehelp-via-oidc/
🌐 source : https://horizon3.ai/attack-research/disclosures/cve-2026-48558-simplehelp-authentication-bypass-iocs/
#CVE_2026_48558 #IOC #Cyberveille
updated 2026-06-12T18:31:50
2 posts
3 repos
https://github.com/0xBlackash/CVE-2026-35273
Europarat gehackt – dank Oracle.
Die Besetzungsliste: ShinyHunters, Oracle, der Europarat. Die Handlung: Vor mehr als zwanzig Jahren hat Oracle* nach einer wahren Übernahmeschlacht die Firma PeopleSoft geschluckt. Deren Software wird vor allem in den USA eingesetzt, aber eben auch im Europarat. Die Software enthielt eine Zero-Day Sicherheitslücke CVE-2026-35273, die von ShinyHunters ausgenutzt wurde. Die Hackergruppe will darüber mehr als 100 Institutionen gehackt haben, darunter den Europarat. Dabei seien fast 300 GByte an Daten in die Hände der Erpresser gefallen, darunter Personalakten, Gehaltsabrechnungen, Einkäufe; Lebensläufe, Gehälter,
https://www.pc-fluesterer.info/wordpress/2026/06/16/europarat-gehackt-dank-oracle/
#0day #closedsource #cybercrime #datenleck #datenschutz #exploits #sicherheit #UnplugOracle #UnplugTrump #zeroday
##⚪️ Zero‑day vulnerability in Oracle PeopleSoft used to hack hundreds of organizations
🗨️ The ShinyHunters group has exploited a critical zero‑day vulnerability in Oracle PeopleSoft (CVE-2026-35273) to attack organizations around the world. According to experts from Google and Mandiant, since late May the hackers have been actively abusing this flaw, ultimately compromising more…
##updated 2026-06-10T18:31:45
1 posts
1 repos
🚨 CVE-2026-53435, a high severity (CVSS 8.8) deserialization vulnerability in Jenkins is now seeing active exploitation as per Defused
Scan your infrastructure: https://github.com/rxerium/rxerium-templates/blob/main/2026/CVE-2026-53435.yaml
Patches are available per the vendor advisory: https://jenkins.io/security/advisory/2026-06-10/
##updated 2026-06-09T18:30:35
1 posts
3 repos
https://github.com/adamshaikhma/CVE-2026-11645
https://github.com/fevar54/CVE-2026-11645-Out-of-bounds-Read-Write
For anyone here who is using Google Chrome, update your Chrome to 149.0.7827.102/103 (Windows/Mac) and 149.0.7827.102 (Linux).
Google patches actively exploited vulnerability and 73 others. The actively exploited in the wild is tracked as CVE-2026-11645, the one which “Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.”
The vulnerability allows malicious website to execute arbitrary code in the Chrome sandbox. Just because your browser is in a sandbox, it only limits the severity of an attack, cyber attack usually need to chain multiple vulnerabilities to achieve serious compromise.
##updated 2026-06-09T13:07:08
2 posts
2 repos
LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE https://thehackernews.com/2026/06/litellm-flaw-cve-2026-42271-exploited.html
##LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE https://thehackernews.com/2026/06/litellm-flaw-cve-2026-42271-exploited.html
##updated 2026-06-09T12:32:02
2 posts
10 repos
https://github.com/0xBlackash/CVE-2026-0257
https://github.com/bolubey/CVE-2026-0257
https://github.com/Mr-Robot-LP/CVE-2026-0257
https://github.com/grayxploit/CVE-2026-0257
https://github.com/tushargurav28/CVE-2026-0257
https://github.com/akashsingh0454/CVE-2026-0257-PoC
https://github.com/Ez4rd1x1/CVE-2026-0257
https://github.com/jenniferreire26/CVE-2026-0257
The vulnerability in question is CVE-2026-0257 (CVSS score: 7.8), an authentication bypass flaw affecting the portal and gateway components of PAN-OS software that could be exploited by bad actors to set up VPN connections. https://thehackernews.com/2026/06/palo-alto-warns-of-active-exploitation.html
##Palo Alto Warns of Exploitation of VPN Bypass Exploits (CVE-2026-0257) in PAN-OS Flaw https://securityaffairs.com/193638/security/palo-alto-warns-of-exploitation-of-vpn-bypass-exploits-cve-2026-0257-in-pan-os-flaw.html
##updated 2026-06-05T16:39:39
1 posts
1 repos
🟠 CVE-2026-48017 - High (8.8)
DbGate is cross-platform database manager. In versions 7.1.8 and prior, the POST /runners/load-reader endpoint in DbGate accepts a functionName parameter that is directly interpolated into a JavaScript code template without any sanitization or val...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-48017/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-05T16:35:00
1 posts
🟠 CVE-2026-47684 - High (7.7)
Sync-in Server is a secure, open-source platform for file storage, sharing, collaboration, and syncing. Prior to version 2.3.0, the private IP blocklist regex used in the URL download feature does not match IPv4-mapped IPv6 addresses (e.g. ::ffff:...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-47684/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-05T00:32:02
3 posts
SearchLeak:Microsoft 365 Copilotのワンクリック脆弱性により機微なデータの窃取が可能に(CVE-2026-42824) | Codebook|Security News https://www.yayafa.com/2823631/ #AgenticAi #AI #ArtificialGeneralIntelligence #ArtificialIntelligence #Copilot #Microsoft #MicrosoftAI #MicrosoftCopilot #エージェント型AI #人工知能 #汎用人工知能
##Microsoft Patches Critical SearchLeak Vulnerability in Copilot Enterprise
Microsoft patched a critical vulnerability in Copilot Enterprise (CVE-2026-42824) that allowed attackers to steal sensitive organizational data via a single-click link. The flaw chained prompt injection with web vulnerabilities to silently steal emails, files, and MFA codes through Bing.
**You don't need to do anything to patch this flaw. Make a note of it for vendor evaluation. As an extra precaution, educate your users to avoid clicking links with long, complex query parameters, and have your security team watch for unusual Copilot Search URLs containing encoded HTML tags.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/microsoft-patches-critical-searchleak-vulnerability-in-copilot-enterprise-t-p-3-7-1/gD2P6Ple2L
The most interesting thing about the new SearchLeak attack on Microsoft 365 Copilot isn't any single bug. It's that none of the three pieces was dangerous on its own. Varonis combined a prompt injection via a URL parameter, an HTML rendering race condition, and a server-side request forgery in Bing's image search. Each of these is a common bug that security teams usually consider minor. But when you put them together with a Copilot that can access your mailbox, OneDrive, and SharePoint, they create a critical flaw. Microsoft has since patched this issue (CVE-2026-42824).
This is how the attack worked:
* The victim clicks a link. That's the whole interaction. They type nothing.
* The link instructs Copilot to search the mailbox, find sensitive information such as access codes, and place it into an image URL.
* Bing retrieves that image, which sends the stolen data to the attacker's server. Bing serves as the delivery service, allowing the attack to bypass the content security policy intended to stop it.
From the user's perspective, Copilot just pauses for a moment. There is no visible sign that any data has been taken.
In the past, we've spent years rating bugs by their severity on their own. An SSRF here, an HTML injection there—each seemed minor. But when an AI assistant can follow instructions from untrusted input and access your real data, those minor bugs become much more serious. Old types of vulnerabilities become important again in this new context.
If your company uses Copilot or any AI assistant that can access company data, it is important to ask your team how they are rating bugs that affect it. The way we judge what is low risk has changed.
#AI #Cybersecurity #InfoSec #security #privacy #cloud #AttackChain
##updated 2026-06-02T06:30:33
1 posts
3 repos
https://github.com/izxci/CVE-2026-8206
Błąd w popularnej wtyczce do WordPressa pozwala na przejęcie konta administratora (CVE-2026-8206 – Kirki)
WordPress to niewątpliwie najpopularniejszy na świecie system do zarządzania treścią (CMS) typu open source. Pozwala na łatwe tworzenie i zarządzanie stronami internetowymi bez konieczności znajomości programowania. O ile krytyczne błędy w samym silniku zdarzają się niezwykle rzadko, o tyle platforma wspiera wiele zewnętrznych pluginów, co zwiększa płaszczyznę ataku. TLDR: Tym...
##updated 2026-05-26T23:10:40
1 posts
🟠 CVE-2026-42089 - High (8.6)
Yeoman Environment provides an API to discover, create, and run generators, and to configure where and how a generator is resolved. Versions 2.9.0 through 6.0.0 install missing local generator packages from caller-supplied package names without us...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42089/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-22T15:32:37
1 posts
5 repos
https://github.com/HORKimhab/CVE-2026-39808
https://github.com/Lechansky/CVE-2026-39808
https://github.com/0xBlackash/CVE-2026-39808
https://github.com/samu-delucas/CVE-2026-39808
https://github.com/ynsmroztas/FortiSandbox-RCE-Exploit-CVE-2026-39808
⚠️ CRITICAL: Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week
Fortinet FortiSandbox is under active exploitation for three critical unauthenticated RCE vulnerabilities (CVE-2026-39813, CVE-2026-39808, CVE-2026-25089). All three bypass authentication and allow arbitrary command execution via HTTP requests. Organizations running FortiSandbox are at immediate ri…
##updated 2026-04-14T18:30:41
1 posts
2 repos
⚠️ CRITICAL: Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week
Fortinet FortiSandbox is under active exploitation for three critical unauthenticated RCE vulnerabilities (CVE-2026-39813, CVE-2026-39808, CVE-2026-25089). All three bypass authentication and allow arbitrary command execution via HTTP requests. Organizations running FortiSandbox are at immediate ri…
##updated 2026-04-06T00:30:31
1 posts
Q: Am I counting these?
('https://https:', {'https://https://docs.tenable.com/release-notes/Content/security-center/2026.htm', 'https://https://www.asustor.com/security/security_advisory_detail?id=55', 'https://https://www.tenable.com/security/tns-2026-07', 'https://https://talosintelligence.com/vulnerability_reports/', 'https://https://mail.python.org/archives/list/security-announce@python.org/thread/JIFOBO7UX3LY4VJKJUOKYJV62CFR2IRH/', 'https://https://www.geovision.com.tw/cyber_security.php', 'https://https://nvd.nist.gov/vuln/detail/CVE-2026-4272', 'https://https://github.com/videolan/vlc-android/releases/tag/3.7.0', 'https://https://thewatch.centreon.com/latest-security-bulletins-64/cve-2026-2751-centreon-web-high-severity-5504'})
updated 2026-03-31T03:31:35
4 posts
Solid breakdown by @honeylabs of the opportunistic activity against CVE-2026-4020
~560 IPs rotating through ~3,300 UAs
Rly important to heed the info further down in the article re: "attacking the CVE" vs "added yet-another-cred path to existing scans".
https://honeylabs.net/blog/the-cloud-fleet-behind-cve-2026-4020
##Most of the CVE-2026-4020 attackers are the same client - https://honeylabs.net/blog/the-cloud-fleet-behind-cve-2026-4020
##🤔 Ah, the classic "same client" saga with CVE-2026-4020—because who needs originality in #hacking when you have a Google Cloud fleet playing dress-up with 3,299 user agents? 🌍📬 Apparently, exploiting Gravity #SMTP is a team sport, but only if your team is a single IP address with a personality disorder. What a performance! 🎭💻
https://honeylabs.net/blog/the-cloud-fleet-behind-cve-2026-4020 #CVE20264020 #GoogleCloud #SecurityFlaw #Cybersecurity #HackerNews #ngated
Most of the CVE-2026-4020 attackers are the same client
https://honeylabs.net/blog/the-cloud-fleet-behind-cve-2026-4020
#HackerNews #CVE20264020 #cybersecurity #cloudfleet #attackers #analysis
##updated 2026-02-27T15:34:20
1 posts
1 repos
Q: Am I counting these?
('https://https:', {'https://https://docs.tenable.com/release-notes/Content/security-center/2026.htm', 'https://https://www.asustor.com/security/security_advisory_detail?id=55', 'https://https://www.tenable.com/security/tns-2026-07', 'https://https://talosintelligence.com/vulnerability_reports/', 'https://https://mail.python.org/archives/list/security-announce@python.org/thread/JIFOBO7UX3LY4VJKJUOKYJV62CFR2IRH/', 'https://https://www.geovision.com.tw/cyber_security.php', 'https://https://nvd.nist.gov/vuln/detail/CVE-2026-4272', 'https://https://github.com/videolan/vlc-android/releases/tag/3.7.0', 'https://https://thewatch.centreon.com/latest-security-bulletins-64/cve-2026-2751-centreon-web-high-severity-5504'})
updated 2026-01-13T18:31:19
1 posts
Kabar mengenai security holes di Microsoft yang dipublikasi di awal tahun 2026, mulai dari Microsoft Office remote code execution bugs CVE-2026-20952, CVE-2026-20953 hingga vulnerability secure boot bypass CVE-2026-21265 yang bersifat critical karena sudah menyangkut ancaman bootkit dan rootkit, sedangkan certificate secure boot device lama akan kadaluarsa pada Juni 2026. Dan masih banyak lagi.
https://krebsonsecurity.com/2026/01/patch-tuesday-january-2026-edition/
##updated 2026-01-13T18:31:18
1 posts
Kabar mengenai security holes di Microsoft yang dipublikasi di awal tahun 2026, mulai dari Microsoft Office remote code execution bugs CVE-2026-20952, CVE-2026-20953 hingga vulnerability secure boot bypass CVE-2026-21265 yang bersifat critical karena sudah menyangkut ancaman bootkit dan rootkit, sedangkan certificate secure boot device lama akan kadaluarsa pada Juni 2026. Dan masih banyak lagi.
https://krebsonsecurity.com/2026/01/patch-tuesday-january-2026-edition/
##updated 2026-01-13T18:31:18
1 posts
Kabar mengenai security holes di Microsoft yang dipublikasi di awal tahun 2026, mulai dari Microsoft Office remote code execution bugs CVE-2026-20952, CVE-2026-20953 hingga vulnerability secure boot bypass CVE-2026-21265 yang bersifat critical karena sudah menyangkut ancaman bootkit dan rootkit, sedangkan certificate secure boot device lama akan kadaluarsa pada Juni 2026. Dan masih banyak lagi.
https://krebsonsecurity.com/2026/01/patch-tuesday-january-2026-edition/
##updated 2024-08-08T05:06:35
1 posts
Previously I posted that no one had included discord links in CVE references...
... turns out I made a mistake in the query ...
https://www.cve.org/CVERecord?id=CVE-2021-45464 : Discord Attachment link (of course since dead) for a source code snippet.
https://www.cve.org/CVERecord?id=CVE-2024-39683 : Actually just a message link - which means, unless you already know what server that is & you are on it... you cant actually access it...?
updated 2024-04-04T03:30:13
1 posts
Previously I posted that no one had included discord links in CVE references...
... turns out I made a mistake in the query ...
https://www.cve.org/CVERecord?id=CVE-2021-45464 : Discord Attachment link (of course since dead) for a source code snippet.
https://www.cve.org/CVERecord?id=CVE-2024-39683 : Actually just a message link - which means, unless you already know what server that is & you are on it... you cant actually access it...?
updated 2024-04-04T01:55:17
1 posts
Here, have some CVE references pointing to facebook posts...
https://www.cve.org/CVERecord?id=CVE-2019-16534
https://nvd.nist.gov/vuln/detail/CVE-2019-16533
https://nvd.nist.gov/vuln/detail/CVE-2019-16193
... would you be surprised they are all dead?
This one links a Facebook video which is also dead. At least it also links a Twitter post by the same person...
https://www.cve.org/CVERecord?id=CVE-2017-9542
...which just links to the dead Facebook post.
🚨 EUVD-2026-37787
📊 Score: 9.1/10 (CVSS v3.1)
📦 Product: Network-AI
🏢 Vendor: Jovancoding
📅 Updated: 2026-06-17
📝 Network-AI is a TypeScript/Node.js multi-agent orchestrator. In versions 5.7.1 and earlier, the MCP SSE server allows unauthenticated cross-origin MCP tool invocation due to an empty default secret. This issue was partially addressed by CVE-2026-46701...
🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-37787
##🚨 CRITICAL: CVE-2026-12530 impacts AWS Bedrock AgentCore Python SDK (v1.1.3 – 1.6.1). Incomplete input sanitization in install_packages() lets attackers abuse pip flags. Update now! https://radar.offseq.com/threat/cve-2026-12530-improper-neutralization-of-argument-917f42dfcc3cfd56 #OffSeq #AWSSecurity #Python #CVE2026_12530
##🚨 CRITICAL: CVE-2026-12530 impacts AWS Bedrock AgentCore Python SDK (v1.1.3 – 1.6.1). Incomplete input sanitization in install_packages() lets attackers abuse pip flags. Update now! https://radar.offseq.com/threat/cve-2026-12530-improper-neutralization-of-argument-917f42dfcc3cfd56 #OffSeq #AWSSecurity #Python #CVE2026_12530
##🚨 CRITICAL: CVE-2026-48814 in Jovancoding Network-AI ≤5.7.1 lets unauthenticated users access all 22 MCP tools if default secret is unset. Patch to 5.7.2 now! Details: https://radar.offseq.com/threat/cve-2026-48814-cwe-306-missing-authentication-for--a37c283f4afc7554 #OffSeq #CVE202648814 #Nodejs #Infosec
##🚨 CRITICAL: CVE-2026-48814 in Jovancoding Network-AI ≤5.7.1 lets unauthenticated users access all 22 MCP tools if default secret is unset. Patch to 5.7.2 now! Details: https://radar.offseq.com/threat/cve-2026-48814-cwe-306-missing-authentication-for--a37c283f4afc7554 #OffSeq #CVE202648814 #Nodejs #Infosec
##New.
Tenable research advisories:
CRITICAL: CVE-2026-8024: iba ibaPDA / ibaDatCoordinator .NET Deserialization Remote Code Execution https://www.tenable.com/security/research/tra-2026-49 @tenable
Cisco:
CRITICAL: CVE-2026-20181 and CVE-2026-20190: Cisco Identity Services Engine Remote Code Execution and Information Disclosure Vulnerabilities
Three others of medium-severity: https://sec.cloudapps.cisco.com/security/center/publicationListing.x @TalosSecurity
Broadcom:
Several critical and high-severity vulnerabilities. A login is needed for details https://support.broadcom.com/web/ecx/security-advisory
Dell:
Several advisories, one of them critical:
CRITICAL: Security Update for Dell Data Protection Central Multiple Third-Party Component Vulnerabilities https://www.dell.com/support/kbdoc/en-us/000478330/dsa-2026-284-security-update-for-dell-data-protection-central-multiple-third-party-component-vulnerabilities
More: https://www.dell.com/support/security/en-us
Google:
Chrome Beta for iOS Update https://chromereleases.googleblog.com/
Yesterday:
Microsoft:
CVE-2026-50656: Microsoft Defender Elevation of Privilege Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50656
Nvidia:
Security Bulletin addressing CVE-2026-24155, CVE-2026-24252, and CVE-2026-24228:
NVIDIA NeMo - June 2026 https://nvidia.custhelp.com/app/answers/detail/a_id/5839 #Nvidia #Dell #Cisco #infosec #vulnerability #threatresearch #Broadcom #Google #Chrome #Microsoft #Windows
##New.
Tenable research advisories:
CRITICAL: CVE-2026-8024: iba ibaPDA / ibaDatCoordinator .NET Deserialization Remote Code Execution https://www.tenable.com/security/research/tra-2026-49 @tenable
Cisco:
CRITICAL: CVE-2026-20181 and CVE-2026-20190: Cisco Identity Services Engine Remote Code Execution and Information Disclosure Vulnerabilities
Three others of medium-severity: https://sec.cloudapps.cisco.com/security/center/publicationListing.x @TalosSecurity
Broadcom:
Several critical and high-severity vulnerabilities. A login is needed for details https://support.broadcom.com/web/ecx/security-advisory
Dell:
Several advisories, one of them critical:
CRITICAL: Security Update for Dell Data Protection Central Multiple Third-Party Component Vulnerabilities https://www.dell.com/support/kbdoc/en-us/000478330/dsa-2026-284-security-update-for-dell-data-protection-central-multiple-third-party-component-vulnerabilities
More: https://www.dell.com/support/security/en-us
Google:
Chrome Beta for iOS Update https://chromereleases.googleblog.com/
Yesterday:
Microsoft:
CVE-2026-50656: Microsoft Defender Elevation of Privilege Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50656
Nvidia:
Security Bulletin addressing CVE-2026-24155, CVE-2026-24252, and CVE-2026-24228:
NVIDIA NeMo - June 2026 https://nvidia.custhelp.com/app/answers/detail/a_id/5839 #Nvidia #Dell #Cisco #infosec #vulnerability #threatresearch #Broadcom #Google #Chrome #Microsoft #Windows
##New.
Tenable research advisories:
CRITICAL: CVE-2026-8024: iba ibaPDA / ibaDatCoordinator .NET Deserialization Remote Code Execution https://www.tenable.com/security/research/tra-2026-49 @tenable
Cisco:
CRITICAL: CVE-2026-20181 and CVE-2026-20190: Cisco Identity Services Engine Remote Code Execution and Information Disclosure Vulnerabilities
Three others of medium-severity: https://sec.cloudapps.cisco.com/security/center/publicationListing.x @TalosSecurity
Broadcom:
Several critical and high-severity vulnerabilities. A login is needed for details https://support.broadcom.com/web/ecx/security-advisory
Dell:
Several advisories, one of them critical:
CRITICAL: Security Update for Dell Data Protection Central Multiple Third-Party Component Vulnerabilities https://www.dell.com/support/kbdoc/en-us/000478330/dsa-2026-284-security-update-for-dell-data-protection-central-multiple-third-party-component-vulnerabilities
More: https://www.dell.com/support/security/en-us
Google:
Chrome Beta for iOS Update https://chromereleases.googleblog.com/
Yesterday:
Microsoft:
CVE-2026-50656: Microsoft Defender Elevation of Privilege Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50656
Nvidia:
Security Bulletin addressing CVE-2026-24155, CVE-2026-24252, and CVE-2026-24228:
NVIDIA NeMo - June 2026 https://nvidia.custhelp.com/app/answers/detail/a_id/5839 #Nvidia #Dell #Cisco #infosec #vulnerability #threatresearch #Broadcom #Google #Chrome #Microsoft #Windows
##New.
Tenable research advisories:
CRITICAL: CVE-2026-8024: iba ibaPDA / ibaDatCoordinator .NET Deserialization Remote Code Execution https://www.tenable.com/security/research/tra-2026-49 @tenable
Cisco:
CRITICAL: CVE-2026-20181 and CVE-2026-20190: Cisco Identity Services Engine Remote Code Execution and Information Disclosure Vulnerabilities
Three others of medium-severity: https://sec.cloudapps.cisco.com/security/center/publicationListing.x @TalosSecurity
Broadcom:
Several critical and high-severity vulnerabilities. A login is needed for details https://support.broadcom.com/web/ecx/security-advisory
Dell:
Several advisories, one of them critical:
CRITICAL: Security Update for Dell Data Protection Central Multiple Third-Party Component Vulnerabilities https://www.dell.com/support/kbdoc/en-us/000478330/dsa-2026-284-security-update-for-dell-data-protection-central-multiple-third-party-component-vulnerabilities
More: https://www.dell.com/support/security/en-us
Google:
Chrome Beta for iOS Update https://chromereleases.googleblog.com/
Yesterday:
Microsoft:
CVE-2026-50656: Microsoft Defender Elevation of Privilege Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50656
Nvidia:
Security Bulletin addressing CVE-2026-24155, CVE-2026-24252, and CVE-2026-24228:
NVIDIA NeMo - June 2026 https://nvidia.custhelp.com/app/answers/detail/a_id/5839 #Nvidia #Dell #Cisco #infosec #vulnerability #threatresearch #Broadcom #Google #Chrome #Microsoft #Windows
##Nvidia has a new advisory relating to CVE-2026-24155, CVE-2026-24252, and CVE-2026-24228, all high-severity:
Security Bulletin: NVIDIA NeMo - June 2026 https://nvidia.custhelp.com/app/answers/detail/a_id/5839 #Nvidia
Broadcom:
Seven advisories addressing one critical vulnerability and several high-severity flaws: You'll need a login for details.
CRITICAL: MICS 14.3, 14.4, and 14.5 Vulnerabilities
More: https://support.broadcom.com/web/ecx/security-advisory #Broadcom
Yesterday:
Google:
Chrome Dev for Desktop Update https://chromereleases.googleblog.com/ #Google #Chrome
Dell:
Update for a critical vulnerability yesterday that encompasses multiple CVEs:
Security Update for Dell PowerProtect DP Series Appliance (IDPA) Multiple Third-Party Component Vulnerabilities https://www.dell.com/support/kbdoc/en-us/000368282/dsa-2025-300-security-update-for-dell-powerprotect-dp-series-appliance-idpa-multiple-third-party-component-vulnerabilities #Dell #infosec #vulnerability
##📢 CVE-2026-48558 : Contournement d'authentification critique dans SimpleHelp via OIDC
📝 ## 🔍 Contexte
Le 12 juin 2026, Horizon3.ai publie une divulgation technique concernant **CVE-2026-4855...
📖 cyberveille : https://cyberveille.ch/posts/2026-06-17-cve-2026-48558-contournement-d-authentification-critique-dans-simplehelp-via-oidc/
🌐 source : https://horizon3.ai/attack-research/disclosures/cve-2026-48558-simplehelp-authentication-bypass-iocs/
#CVE_2026_48558 #IOC #Cyberveille
📢 CVE-2026-48558 : Contournement d'authentification critique dans SimpleHelp via OIDC
📝 ## 🔍 Contexte
Le 12 juin 2026, Horizon3.ai publie une divulgation technique concernant **CVE-2026-4855...
📖 cyberveille : https://cyberveille.ch/posts/2026-06-17-cve-2026-48558-contournement-d-authentification-critique-dans-simplehelp-via-oidc/
🌐 source : https://horizon3.ai/attack-research/disclosures/cve-2026-48558-simplehelp-authentication-bypass-iocs/
#CVE_2026_48558 #IOC #Cyberveille
⚡️ CRITICAL: CVE-2026-47103 in python-statemachine (3.0.0 – <3.2.0) lets attackers execute code remotely via unsanitized eval() in SCXML. Avoid untrusted SCXML until patch. Details: https://radar.offseq.com/threat/cve-2026-47103-improper-neutralization-of-directiv-73074fb6af41b907 #OffSeq #python #security #CVE202647103
##⚡️ CRITICAL: CVE-2026-47103 in python-statemachine (3.0.0 – <3.2.0) lets attackers execute code remotely via unsanitized eval() in SCXML. Avoid untrusted SCXML until patch. Details: https://radar.offseq.com/threat/cve-2026-47103-improper-neutralization-of-directiv-73074fb6af41b907 #OffSeq #python #security #CVE202647103
##🚨 CRITICAL: CVE-2026-48745 in traccar-client <=9.7.19 allows silent GPS data redirection via crafted deep links — no user prompt, persists after restart. Update to 9.7.20 now! https://radar.offseq.com/threat/cve-2026-48745-cwe-940-improper-verification-of-so-6b0c4b37 #OffSeq #Infosec #MobileSecurity #CVE202648745
##🚨 CRITICAL vuln in mcp-tool-shop-org backpropagate <1.2.0: Reflex UI lacks real auth, letting anyone trigger training, access datasets, & export models. Patch to 1.2.0 ASAP. CVE-2026-48797 https://radar.offseq.com/threat/cve-2026-48797-cwe-358-improperly-implemented-secu-63bfdfdd #OffSeq #Python #Infosec
##🟠 CVE-2026-47747 - High (7.8)
stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. In versions prior to master-584-0a7ae07, the pickle .ckpt parser in src/model.cpp contained a heap buf...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-47747/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-53776 - Critical (9.1)
Perry before 0.5.1166 contains a JWT validation vulnerability that allows remote attackers to bypass token expiration by exploiting the unconditional setting of validate_exp = false in the verify_decode helper within the stdlib JWT verification pa...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-53776/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-48780 - High (8.2)
Forem is open source software for building communities. Prior to commit a2ab6d4, a maliciously crafted email address could allow an attacker to bypass domain allowlist or denylist restrictions and gain access to invite-only forem deployments. The ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-48780/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
###OT #Advisory VDE-2026-038
TURCK: Multiple Vulnerabilities in Managed Ethernet Switches
Multiple vulnerabilities have been identified in the TBEN-Lx-SE-M2 firmware prior to version 2.1.2.0 in Managed Ethernet Switches.
#CVE CVE-2025-68615, CVE-2026-5416
https://certvde.com/en/advisories/vde-2026-038/
#CSAF https://turck.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-038.json
##🚨 CVE-2026-48713: Prototype pollution in i18next-fs-backend <2.6.6 (CVSS 9.1, CRITICAL). Exploitable via crafted missing-key strings, leading to crashes or security bypass. Upgrade to 2.6.6 or apply mitigations now! https://radar.offseq.com/threat/cve-2026-48713-cwe-1321-improperly-controlled-modi-6faa1b03 #OffSeq #infosec #NodeJS #vuln
##🔴 CVE-2026-48713 - Critical (9.1)
Versions prior to 2.6.6 are vulnerable to prototype pollution via crafted missing-key strings when used to persist missing translation keys (e.g. via i18next-http-middleware's missingKeyHandler exposed to untrusted input). Backend.writeFile() spli...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-48713/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CRITICAL: CVE-2026-48714 in i18next-http-middleware (<3.9.7) enables remote prototype pollution via missingKeyHandler. Impacts: app crashes, translation corruption, config poisoning. Upgrade to 3.9.7 or apply mitigations! https://radar.offseq.com/threat/cve-2026-48714-cwe-1321-improperly-controlled-modi-f43de94a #OffSeq #CVE202648714 #infosec
##🔴 CVE-2026-48714 - Critical (9.1)
i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. In versions prior to 3.9.7, the missingKeyHandler blocked the literal request-body keys __proto__, constructor, and prototype...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-48714/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-48723 - High (7.8)
The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36.4 are vulnerable to OS command injection via the cypress_config_file configuration parameter. In readCypressConfigUt...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-48723/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CRITICAL: CVE-2026-49757 in ash_authentication lets attackers bypass auth by spoofing email in OAuth2/OIDC, risking local account takeover. Patch status unconfirmed — check vendor advisory. Affected: v0.1.0, 5.0.0-rc.0. https://radar.offseq.com/threat/cve-2026-49757-cwe-290-authentication-bypass-by-sp-5df5a500 #OffSeq #CVE202649757 #OAuth2 #infosec
##