## Updated at UTC 2026-07-12T07:22:05.839205

Access data as JSON

CVE CVSS EPSS Posts Repos Nuclei Updated Description
CVE-2026-15481 8.8 0.00% 2 0 2026-07-12T06:16:42.863000 A security flaw has been discovered in Trendnet TEW-635BRM up to 1.00.03. This v
CVE-2026-58281 8.3 0.00% 4 0 2026-07-11T21:16:23.903000 Deserialization of untrusted data in Microsoft Edge (Chromium-based) allows an u
CVE-2026-56303 7.5 0.00% 2 0 2026-07-11T15:30:29 Capgo before 12.128.2 contains an information disclosure vulnerability in the fi
CVE-2026-61426 8.6 0.00% 2 0 2026-07-11T15:30:23 PraisonAI before 1.7.3 contains an insecure default configuration that binds to
CVE-2026-61447 10.0 0.00% 4 0 2026-07-11T14:16:23.377000 PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAg
CVE-2026-61445 9.9 0.00% 4 0 2026-07-11T14:16:23.240000 PraisonAI before 4.6.78 contains arbitrary file write and command execution vuln
CVE-2026-61439 7.5 0.00% 2 0 2026-07-11T14:16:22.870000 PraisonAI versions before 4.6.78 contain a prompt injection defense misconfigura
CVE-2026-61429 8.5 0.00% 2 0 2026-07-11T14:16:22.740000 PraisonAI versions before 1.6.78 contain a server-side request forgery vulnerabi
CVE-2026-60090 9.8 0.00% 4 0 2026-07-11T14:16:22.353000 PraisonAI before 4.6.78 fails to validate the caller-controlled dimension argume
CVE-2026-57828 None 0.00% 2 0 2026-07-11T12:30:29 The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary
CVE-2026-57827 None 0.00% 2 0 2026-07-11T12:30:28 The Joomla extension RSFiles is vulnerable to an unauthenticated arbitrary file
CVE-2026-1359 8.8 0.00% 4 0 2026-07-11T09:34:25 The Genolve – AI image AI video generation plugin for WordPress is vulnerable to
CVE-2026-9282 7.5 0.40% 4 0 2026-07-11T09:34:25 The W3 Total Cache plugin for WordPress is vulnerable to Directory Traversal in
CVE-2025-6784 8.8 0.31% 2 0 2026-07-11T09:34:18 The Code Engine plugin for WordPress is vulnerable to Remote Code Execution in a
CVE-2026-4661 7.5 0.29% 2 0 2026-07-11T07:16:46.513000 The WP CTA – Sticky CTA Builder, Generate Leads, Promote Sales plugin for WordPr
CVE-2026-15155 8.8 0.37% 2 0 2026-07-11T07:16:46.170000 The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugi
CVE-2026-14262 8.8 0.31% 2 0 2026-07-11T06:31:24 The Simple JWT Login – Allows you to use JWT on REST endpoints. plugin for WordP
CVE-2026-2354 8.8 0.33% 2 0 2026-07-11T06:31:24 The Swiss Toolkit For WP plugin for WordPress is vulnerable to arbitrary file up
CVE-2026-13114 7.2 0.23% 2 0 2026-07-11T06:31:24 The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is
CVE-2026-7655 8.1 0.25% 4 0 2026-07-11T06:16:10.657000 The SureCart plugin for WordPress is vulnerable to privilege escalation via acco
CVE-2026-13378 7.2 0.22% 1 0 2026-07-11T06:16:08.930000 The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable t
CVE-2026-15335 7.5 0.39% 3 0 2026-07-11T05:16:32.923000 The Booking Package plugin for WordPress is vulnerable to generic SQL Injection
CVE-2026-15338 7.5 0.32% 2 0 2026-07-11T04:17:22.537000 The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Lo
CVE-2026-13353 8.8 0.38% 2 0 2026-07-11T04:17:16.937000 The WP Ultimate CSV Importer – WordPress Import & Export for CSV, XML & Excel pl
CVE-2026-13756 8.8 0.31% 3 0 2026-07-11T02:32:48 The WP Grid Builder plugin for WordPress is vulnerable to Privilege Escalation i
CVE-2026-42952 7.5 0.38% 2 0 2026-07-11T00:31:56 Previously, there was no throttling on repeated authentication attempts to the
CVE-2026-55175 7.5 0.61% 2 0 2026-07-10T23:16:48.487000 Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to
CVE-2026-44383 7.5 0.56% 2 0 2026-07-10T23:16:48.343000 Multiple connections to the backend using the same charging station ID are allo
CVE-2026-20744 9.8 0.52% 4 0 2026-07-10T23:16:47.683000 The charging station websocket endpoint accepts connections without proper auth
CVE-2026-14480 9.9 0.62% 2 0 2026-07-10T23:16:47.110000 OpenPLC Runtime v3 contains an authenticated arbitrary file write vulnerability
CVE-2026-55884 0 0.40% 2 0 2026-07-10T22:16:44.423000 Tilt defines dev environments as code for microservice apps on Kubernetes. From
CVE-2026-44795 8.8 1.00% 2 0 2026-07-10T22:16:41.717000 Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to
CVE-2026-57807 9.8 0.43% 3 0 2026-07-10T21:32:40 Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOr
CVE-2026-61459 9.8 0.42% 1 0 2026-07-10T21:32:32 MCP Server Kubernetes before 3.9.0 contains an argument injection vulnerability
CVE-2026-5801 9.8 0.40% 1 0 2026-07-10T21:32:32 Improper neutralization of special elements used in an SQL command ('SQL injecti
CVE-2025-30007 8.8 2.08% 2 0 2026-07-10T21:32:29 HestiaCP before 1.9.5 contains an authenticated OS command injection vulnerabili
CVE-2026-61444 9.1 0.39% 2 0 2026-07-10T21:17:00.530000 PraisonAI versions before 4.6.78 contain a code injection vulnerability in deplo
CVE-2026-58122 9.1 0.29% 2 0 2026-07-10T21:17:00.080000 Hermes WebUI before 0.51.307 contains an authentication bypass vulnerability tha
CVE-2026-57220 7.5 0.43% 2 0 2026-07-10T21:16:59.180000 RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, the RabbitMQ strea
CVE-2026-55827 7.5 0.45% 1 0 2026-07-10T21:16:57.267000 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.27.1
CVE-2026-55659 7.7 0.27% 1 0 2026-07-10T21:16:56.577000 Grist is spreadsheet software using Python as its formula language. Prior to 1.7
CVE-2026-55233 7.5 0.34% 3 0 2026-07-10T21:16:55.760000 OpenResty is a high performance web platform. From 1.29.2.1 to before 1.29.2.5,
CVE-2026-55213 7.5 0.34% 1 0 2026-07-10T21:16:55.497000 h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to com
CVE-2026-12761 9.8 0.46% 2 0 2026-07-10T21:16:53.160000 The miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) pl
CVE-2026-6212 8.8 0.25% 2 0 2026-07-10T20:16:49.257000 Authorization bypass through User-Controlled key vulnerability in Teracity Softw
CVE-2026-61461 8.8 0.36% 2 0 2026-07-10T20:16:49.137000 Dify before 1.16.0-rc1 contains a SQL injection vulnerability in the MyScale vec
CVE-2026-61460 8.8 0.28% 1 0 2026-07-10T20:16:49.030000 Krayin CRM through 2.2.3 contains an insecure direct object reference vulnerabil
CVE-2026-57850 8.3 0.33% 1 1 2026-07-10T20:16:48.663000 RustDesk before 1.4.9 does not enforce a session's authorized connection scope o
CVE-2026-55604 8.6 0.22% 1 0 2026-07-10T19:20:32.893000 DeepSeek MCP Server is an MCP server for DeepSeek V4. Starting in version 1.4.2
CVE-2026-59151 9.6 0.30% 2 0 2026-07-10T19:20:15.180000 Prowler is a cloud security platform. Prior to 5.30.3, Prowler's SAML authentica
CVE-2026-33655 7.7 0.44% 1 0 2026-07-10T19:17:58.040000 New API is a large language mode (LLM) gateway and artificial intelligence (AI)
CVE-2026-59723 8.8 0.14% 1 0 2026-07-10T19:17:58.040000 Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant.
CVE-2026-54063 7.5 0.57% 2 0 2026-07-10T19:17:24.330000 Excelize is a Go language library for reading and writing Microsoft Excel spread
CVE-2026-51119 9.1 0.38% 2 1 2026-07-10T19:17:23.787000 An issue in Invixium IXM WEB v.2.3.85.25 allows an attacker to escalate privileg
CVE-2026-39244 7.5 0.43% 2 0 2026-07-10T19:17:23.250000 adm-zip before 0.5.18 is vulnerable to denial of service via a crafted ZIP file
CVE-2025-70796 7.5 0.56% 2 0 2026-07-10T19:17:19.613000 An unauthenticated path traversal vulnerability exists in the web management int
CVE-2026-53657 8.2 0.20% 2 0 2026-07-10T19:10:59.333000 Lima launches Linux virtual machines, typically on macOS, for running containerd
CVE-2026-59792 9.6 0.42% 2 0 2026-07-10T18:51:28.750000 In JetBrains IntelliJ IDEA before 2026.1.4, 2026.2 code execution via path trav
CVE-2026-59793 8.8 0.34% 2 0 2026-07-10T18:49:40.900000 In JetBrains TeamCity before 2026.1.2 arbitrary file access was possible via the
CVE-2026-60105 8.6 0.31% 1 0 2026-07-10T18:46:32.250000 Monsta FTP before 2.14.5 contains a server-side request forgery vulnerability in
CVE-2026-12685 7.5 0.22% 1 0 2026-07-10T18:33:19 The EscortWP escortwp WordPress theme through 3.6.2 was distributed with a vendo
CVE-2025-45422 8.1 0.45% 1 1 2026-07-10T18:33:14 Incorrect access control in Proximus b-box v8c.725A allows authenticated attacke
CVE-2026-56291 9.8 0.84% 5 0 2026-07-10T18:33:13 The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary
CVE-2026-2397 9.8 0.27% 2 0 2026-07-10T18:32:31 Improper neutralization of special elements used in an SQL command ('SQL injecti
CVE-2026-48939 9.8 1.50% 3 2 2026-07-10T18:32:03 A vulnerability in the iCagenda extension for Joomla allows the upload of arbitr
CVE-2026-2398 8.8 0.25% 2 1 2026-07-10T18:16:20.733000 Authorization bypass through User-Controlled key vulnerability in Adam Retail Au
CVE-2026-59796 8.1 0.25% 2 0 2026-07-10T18:01:31.563000 In JetBrains TeamCity before 2026.1.2 pipeline modification was possible due to
CVE-2026-59795 8.1 0.27% 2 0 2026-07-10T18:01:31.563000 In JetBrains TeamCity before 2026.1.2 stored XSS via unauthenticated agent regis
CVE-2026-33382 7.5 0.38% 1 0 2026-07-10T18:01:31.563000 Several Grafana API endpoints, some of them unauthenticated, do not limit the si
CVE-2026-15143 9.3 0.26% 3 0 2026-07-10T17:49:57.737000 A flaw was found in the file_type content detector of guardrails-detectors. This
CVE-2026-15378 9.3 0.42% 2 0 2026-07-10T17:49:57.737000 A flaw was found in the `guardrails-detectors` component. This vulnerability all
CVE-2026-57026 7.5 0.46% 1 0 2026-07-10T17:49:57.737000 An Improper Validation of Syntactic Correctness of Input vulnerability in the SI
CVE-2026-61437 7.8 0.13% 2 0 2026-07-10T17:41:47.303000 PraisonAI (pip package praisonaiagents) before 1.6.78 contains an unsafe dynamic
CVE-2026-61434 8.8 0.58% 2 0 2026-07-10T17:41:47.303000 PraisonAI versions before 4.6.78 contain an allowlist bypass vulnerability in sh
CVE-2026-56688 9.1 1.29% 1 0 2026-07-10T17:17:01.213000 Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutral
CVE-2026-57589 7.4 0.12% 8 0 2026-07-10T16:39:52.480000 sys/kern/sysv_sem.c in OpenBSD through 7.9 has a use-after-free allowing local p
CVE-2026-12597 8.1 0.42% 1 0 2026-07-10T16:16:25.080000 The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass v
CVE-2026-54003 0 0.55% 1 0 2026-07-10T15:49:19.093000 Kirby is an open-source content management system. Prior to 4.9.4 and from 5.4.4
CVE-2026-54771 8.1 0.39% 1 0 2026-07-10T15:49:19.093000 Langroid is a framework for building large-language-model-powered applications.
CVE-2026-54769 10.0 0.91% 1 0 2026-07-10T15:49:19.093000 Langroid is a framework for building large-language-model-powered applications.
CVE-2026-0288 7.5 0.56% 2 0 2026-07-10T15:45:17.463000 Multiple buffer overflow vulnerabilities in the User-ID Terminal Server Agent (T
CVE-2026-14894 9.8 0.52% 2 1 2026-07-10T15:43:30.330000 The Super Forms – Drag & Drop Form Builder plugin for WordPress is vulnerable to
CVE-2026-41880 None 1.33% 1 0 2026-07-10T12:31:56 R-SOFT DMS is vulnerable to OS Command Injection in the Optical Character Recogn
CVE-2026-54423 8.2 0.52% 1 0 2026-07-10T09:31:36 In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nod
CVE-2026-15300 9.1 0.35% 1 0 2026-07-10T06:31:33 The GEO my WP plugin for WordPress was vulnerable to SQL Injection via the 'dist
CVE-2026-15070 8.8 0.26% 1 0 2026-07-10T06:31:28 The Salon Booking System – Free Version plugin for WordPress is vulnerable to Cr
CVE-2026-54782 10.0 0.25% 1 0 2026-07-10T05:16:37.520000 CoreWCF is a port of the service side of Windows Communication Foundation (WCF)
CVE-2026-46215 7.8 0.13% 1 2 2026-07-10T05:16:37.103000 In the Linux kernel, the following vulnerability has been resolved: drm: Set ol
CVE-2026-15112 8.8 0.26% 1 0 2026-07-10T05:16:28.503000 Use after free in Ozone in Google Chrome prior to 150.0.7871.115 allowed a remot
CVE-2026-12598 8.1 0.35% 1 0 2026-07-10T00:31:34 The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass i
CVE-2026-58123 9.8 0.93% 2 0 2026-07-10T00:31:34 Hermes WebUI before 0.51.788 contains an unauthenticated remote code execution v
CVE-2026-12595 8.1 0.35% 1 0 2026-07-10T00:31:34 The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass v
CVE-2026-57023 7.5 0.46% 1 0 2026-07-10T00:31:33 An Improper Validation of Specified Quantity in Input vulnerability in the TCP p
CVE-2026-58143 8.8 0.18% 1 0 2026-07-10T00:31:33 Cotonti Siena 0.9.26 and earlier contains a cross-site request forgery vulnerabi
CVE-2026-44825 8.1 0.53% 1 2 2026-07-09T20:59:06 Hardcoded credentials in the Basic Authentication setup tool (bin/solr auth enab
CVE-2026-47646 9.3 0.27% 1 0 2026-07-09T19:17:05.330000 Improper neutralization of input during web page generation ('cross-site scripti
CVE-2026-58525 8.2 0.36% 1 0 2026-07-09T17:16:53.867000 Improper access control in Microsoft Edge (Chromium-based) allows an unauthorize
CVE-2026-60002 7.7 0.26% 1 0 2026-07-09T16:36:21.363000 ssh in OpenSSH before 10.4 can have a use-after-free when a server changes its h
CVE-2026-14245 9.8 0.59% 1 0 2026-07-09T16:20:12.533000 The miniOrange OTP Login, Verification and SMS Notifications plugin for WordPres
CVE-2026-13698 7.5 0.55% 1 0 2026-07-09T13:05:30.767000 A memory leak in OpenVPN version 2.5.0 through 2.5.11, 2.6.0 through 2.6.20 and
CVE-2026-15128 6.1 0.14% 1 0 2026-07-09T12:31:30 Inappropriate implementation in Forms in Google Chrome prior to 150.0.7871.115 a
CVE-2026-15130 4.3 0.17% 1 0 2026-07-09T12:31:30 Insufficient policy enforcement in Navigation in Google Chrome prior to 150.0.78
CVE-2026-15129 8.8 0.22% 1 0 2026-07-09T12:31:30 Use after free in Views in Google Chrome prior to 150.0.7871.115 allowed a remot
CVE-2026-9253 7.2 0.20% 1 0 2026-07-09T12:30:35 The WP Cost Estimation & Payment Forms Builder (E&P Forms) plugin for WordPress
CVE-2026-46242 7.8 0.12% 2 3 2026-07-09T03:33:50 In the Linux kernel, the following vulnerability has been resolved: eventpoll:
CVE-2026-43499 7.8 0.12% 6 7 2026-07-09T00:32:11 In the Linux kernel, the following vulnerability has been resolved: rtmutex: Us
CVE-2026-6896 8.7 0.28% 2 0 2026-07-08T21:30:42 GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 be
CVE-2026-11405 9.8 0.67% 5 1 2026-07-08T15:32:52 The web server binary /bin/httpd contains a hidden backdoor authentication mecha
CVE-2026-11903 8.0 0.23% 1 0 2026-07-08T15:32:13 Improper neutralization of input during web page generation ('cross-site scripti
CVE-2026-59706 9.3 0.26% 1 0 2026-07-08T15:28:15.630000 mem0 contains unauthenticated config API endpoints that expose LLM API keys in p
CVE-2026-56290 9.8 2.91% 4 3 2026-07-08T13:37:08.977000 The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitra
CVE-2026-55255 8.4 0.47% 4 1 2026-07-07T22:14:37 ## Summary Insecure Direct Object Reference (IDOR) vulnerability in `/api/v1/re
CVE-2026-48282 10.0 28.58% 6 2 template 2026-07-07T21:32:33 ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limi
CVE-2026-24014 9.8 0.51% 2 0 2026-07-07T17:49:04.433000 Apache IoTDB DataNode’s internal RPC interface for creating Trigger instances us
CVE-2026-55500 9.9 0.69% 1 0 2026-07-06T21:37:49 ## Summary The `/api/settings/database` endpoint allows full database export (c
CVE-2026-53359 None 0.18% 1 5 2026-07-06T21:30:34 In the Linux kernel, the following vulnerability has been resolved: KVM: x86: F
CVE-2026-13753 7.5 0.27% 1 0 2026-07-06T20:16:29.737000 A missing authorization vulnerability exists in the embedded webserver of HP Des
CVE-2026-13768 10.0 0.56% 1 2 2026-07-06T19:42:32.890000 Gardyn devices expose a privileged iothubowner key. Access to this key will allo
CVE-2026-14544 9.8 0.51% 1 0 2026-07-03T09:31:35 A flaw was found in HPLIP (HP Linux Imaging and Printing Software). This vulnera
CVE-2026-31694 7.8 0.13% 1 1 2026-07-02T15:16:59.813000 In the Linux kernel, the following vulnerability has been resolved: fuse: rejec
CVE-2026-23537 9.1 0.57% 1 0 2026-07-02T12:32:04 A vulnerability has been identified in the Feast Feature Server’s `/save-documen
CVE-2026-8451 7.5 0.50% 1 5 2026-07-01T18:31:24 Insufficient input validation in NetScaler ADC and NetScaler Gateway leading to
CVE-2026-41719 6.4 0.20% 1 0 2026-06-30T22:16:54.697000 A SpEL Injection vulnerability exists in the Spring Data KeyValue if unsanitized
CVE-2026-41852 3.7 0.16% 1 0 2026-06-27T21:16:30.530000 A vulnerability in Spring Expression Language (SpEL) evaluation logic allows for
CVE-2026-41851 5.3 0.36% 1 0 2026-06-27T21:16:30.420000 Applications which accept user-supplied Spring Expression Language (SpEL) expres
CVE-2026-41850 7.5 0.36% 1 0 2026-06-27T21:16:30.313000 Applications that evaluate user-supplied Spring Expression Language (SpEL) expre
CVE-2026-54329 8.5 0.39% 2 0 2026-06-23T23:12:05 ### Impact A cross-tenant data injection vulnerability was identified in the Sni
CVE-2026-41729 8.1 0.39% 1 1 2026-06-22T12:10:33.533000 Spring Data REST is vulnerable to SpEL expression injection through map-typed pr
CVE-2026-54527 None 0.28% 1 0 2026-06-19T19:36:06 Overview Amazon Web Services (AWS) Security has identified a stored cross-site
CVE-2026-55229 7.5 0.36% 2 0 2026-06-18T13:04:55 **Summary** Server-Side Request Forgery (SSRF) vulnerability affecting the `/f
CVE-2026-55405 7.6 0.35% 2 0 2026-06-17T18:39:57 ### Summary The MariaDB and pgvector embedding stores build metadata-filter SQL
CVE-2026-33697 7.5 0.06% 1 0 2026-06-17T10:37:56.487000 Cocos AI is a confidential computing system for AI. The current implementation o
CVE-2025-41253 7.5 0.43% 1 0 2026-06-17T09:22:40.703000 The following versions of Spring Cloud Gateway Server Webflux may be vulnerable
CVE-2024-38808 4.3 0.54% 1 0 2026-06-17T07:41:05.140000 In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it i
CVE-2023-20861 6.5 0.97% 1 0 2026-06-17T05:31:02.403000 In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.
CVE-2016-4977 8.8 79.18% 1 2 template 2026-06-17T00:48:32.683000 When processing authorization requests using the whitelabel views in Spring Secu
CVE-2026-50656 7.8 3.39% 3 2 2026-06-16T21:31:57 Microsoft is aware of an elevation of privilege in the Microsoft Malware Protect
CVE-2026-48611 9.8 2.86% 1 3 template 2026-06-12T06:33:21 Improper authentication checks in the OAuth implementation allow account hijacki
CVE-2026-41717 8.1 0.33% 1 0 2026-06-10T00:31:59 Spring Data MongoDB contains a SpEL (Spring Expression Language) expression inje
CVE-2026-47291 9.8 21.51% 5 2 2026-06-09T18:30:58 Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attack
CVE-2026-41849 7.5 0.26% 1 0 2026-06-09T06:32:06 An integer overflow vulnerability exists in the evaluation logic of the Spring E
CVE-2026-1207 None 9.44% 2 1 template 2026-06-05T16:24:43 An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4
CVE-2026-38431 9.8 0.39% 1 0 2026-05-06T18:31:37 ERPNext v15.103.1 and before is vulnerable to Server-Side Template Injection (SS
CVE-2025-49113 9.9 94.74% 1 23 template 2026-02-20T21:48:11 Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execu
CVE-2025-3248 None 99.99% 1 27 template 2025-11-05T20:12:46 Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v
CVE-2022-22963 9.8 99.94% 1 38 template 2025-10-22T19:18:03 In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, w
CVE-2024-42009 9.3 83.39% 1 7 template 2025-10-22T00:34:11 A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x throug
CVE-2018-1260 9.8 8.35% 1 1 2024-05-14T17:55:42 Spring Security OAuth versions prior to 2.3.3, prior to 2.2.2, prior to 2.1.2, a
CVE-2024-30326 7.8 0.91% 1 0 2024-04-03T18:30:55 Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability.
CVE-2018-1273 9.8 95.65% 1 8 template 2024-03-20T14:20:44 Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older
CVE-2022-22947 10.0 98.25% 1 69 template 2023-07-24T19:30:19 In Spring Cloud Gateway versions prior to 3.1.1+ and 3.0.7+ , applications are v
CVE-2022-22950 6.5 35.83% 1 0 2023-03-28T22:26:11 In Spring Framework versions 5.3.0 - 5.3.16, 5.2.0.RELEASE - 5.2.19.RELEASE, and
CVE-2017-8046 9.8 74.36% 1 10 template 2023-02-02T05:01:22 Malicious PATCH requests submitted to servers using Spring Data REST versions pr
CVE-2022-22980 9.0 16.90% 1 8 2023-01-27T05:05:05 A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Qu
CVE-2026-55687 0 0.39% 2 0 N/A
CVE-2026-55641 0 0.25% 2 0 N/A
CVE-2026-55638 0 0.37% 2 0 N/A
CVE-2026-56675 0 0.32% 2 0 N/A
CVE-2026-56668 0 0.23% 2 0 N/A
CVE-2026-55516 0 0.22% 2 0 N/A
CVE-2026-55377 0 0.26% 2 0 N/A
CVE-2026-52747 0 0.46% 2 0 N/A
CVE-2026-49213 0 0.32% 2 0 N/A
CVE-2026-55879 0 0.27% 2 0 N/A
CVE-2026-54149 0 0.38% 2 0 N/A
CVE-2026-58499 0 0.36% 1 0 N/A
CVE-2026-55789 0 0.30% 1 0 N/A
CVE-2026-12932 0 0.00% 1 0 N/A
CVE-2026-13117 0 0.00% 1 0 N/A
CVE-2026-12996 0 0.00% 1 0 N/A
CVE-2026-20896 0 0.78% 2 3 N/A
CVE-2026-59834 0 0.38% 1 0 N/A
CVE-2026-59832 0 0.32% 1 0 N/A
CVE-2026-54433 0 0.00% 1 0 N/A
CVE-2026-57155 0 0.00% 1 0 N/A

CVE-2026-15481
(8.8 HIGH)

EPSS: 0.00%

updated 2026-07-12T06:16:42.863000

2 posts

A security flaw has been discovered in Trendnet TEW-635BRM up to 1.00.03. This vulnerability affects the function ipoa_test of the file /sbin/rc of the component IPoA WAN Connection Setup. Performing a manipulation of the argument ipoa_ipaddr results in command injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The

offseq at 2026-07-12T06:00:25.136Z ##

CVE-2026-15481 (HIGH, CVSS 8.7) affects Trendnet TEW-635BRM <=1.00.03: Remote command injection via IPoA WAN setup. Exploit is public. Devices are EOL — replace hardware ASAP. radar.offseq.com/threat/cve-20

##

offseq@infosec.exchange at 2026-07-12T06:00:25.000Z ##

CVE-2026-15481 (HIGH, CVSS 8.7) affects Trendnet TEW-635BRM <=1.00.03: Remote command injection via IPoA WAN setup. Exploit is public. Devices are EOL — replace hardware ASAP. radar.offseq.com/threat/cve-20 #OffSeq #Vulnerability #Infosec #IoTSecurity

##

CVE-2026-58281
(8.3 HIGH)

EPSS: 0.00%

updated 2026-07-11T21:16:23.903000

4 posts

Deserialization of untrusted data in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

offseq at 2026-07-12T04:30:24.109Z ##

HIGH severity CVE-2026-58281 in Microsoft Edge (Chromium-based) v1.0.0.0 lets attackers execute code remotely via deserialization of untrusted data. Patch from Microsoft is available. Full details: radar.offseq.com/threat/cve-20

##

thehackerwire@mastodon.social at 2026-07-11T21:59:48.000Z ##

🟠 CVE-2026-58281 - High (8.3)

Deserialization of untrusted data in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-07-12T04:30:24.000Z ##

HIGH severity CVE-2026-58281 in Microsoft Edge (Chromium-based) v1.0.0.0 lets attackers execute code remotely via deserialization of untrusted data. Patch from Microsoft is available. Full details: radar.offseq.com/threat/cve-20 #OffSeq #Vuln #MicrosoftEdge #InfoSec

##

thehackerwire@mastodon.social at 2026-07-11T21:59:48.000Z ##

🟠 CVE-2026-58281 - High (8.3)

Deserialization of untrusted data in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-56303
(7.5 HIGH)

EPSS: 0.00%

updated 2026-07-11T15:30:29

2 posts

Capgo before 12.128.2 contains an information disclosure vulnerability in the find_apikey_by_value PostgreSQL function marked SECURITY DEFINER and executable by the anon role. Unauthenticated attackers can call this function via the /rest/v1/rpc/find_apikey_by_value endpoint to retrieve sensitive API key metadata including user_id, mode, org scoping, and expiration details when supplied a valid ke

thehackerwire@mastodon.social at 2026-07-11T16:00:04.000Z ##

🟠 CVE-2026-56303 - High (7.5)

Capgo before 12.128.2 contains an information disclosure vulnerability in the find_apikey_by_value PostgreSQL function marked SECURITY DEFINER and executable by the anon role. Unauthenticated attackers can call this function via the /rest/v1/rpc/f...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T16:00:04.000Z ##

🟠 CVE-2026-56303 - High (7.5)

Capgo before 12.128.2 contains an information disclosure vulnerability in the find_apikey_by_value PostgreSQL function marked SECURITY DEFINER and executable by the anon role. Unauthenticated attackers can call this function via the /rest/v1/rpc/f...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-61426
(8.6 HIGH)

EPSS: 0.00%

updated 2026-07-11T15:30:23

2 posts

PraisonAI before 1.7.3 contains an insecure default configuration that binds to all interfaces with no API key requirement and wildcard CORS. Unauthenticated attackers can call GET /api/agents to read agent instructions and system prompts, or POST /api/chat to invoke agents without authentication.

thehackerwire@mastodon.social at 2026-07-11T15:01:13.000Z ##

🟠 CVE-2026-61426 - High (8.6)

PraisonAI before 1.7.3 contains an insecure default configuration that binds to all interfaces with no API key requirement and wildcard CORS. Unauthenticated attackers can call GET /api/agents to read agent instructions and system prompts, or POST...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T15:01:13.000Z ##

🟠 CVE-2026-61426 - High (8.6)

PraisonAI before 1.7.3 contains an insecure default configuration that binds to all interfaces with no API key requirement and wildcard CORS. Unauthenticated attackers can call GET /api/agents to read agent instructions and system prompts, or POST...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-61447
(10.0 CRITICAL)

EPSS: 0.00%

updated 2026-07-11T14:16:23.377000

4 posts

PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent._execute_python() that executes LLM-generated Python code without AST validation, import restrictions, or sandbox enforcement. Attackers can influence LLM output through prompt injection to exfiltrate all environment secrets and execute arbitrary code on the host system.

offseq at 2026-07-12T00:00:37.103Z ##

CVE-2026-61447: CRITICAL RCE in MervinPraison PraisonAI (<1.6.78). Unauthenticated attackers can exploit prompt injection to run arbitrary Python, risking system compromise & secret leaks. No patch yet — restrict exposure & monitor use. radar.offseq.com/threat/cve-20

##

thehackerwire@mastodon.social at 2026-07-11T15:00:27.000Z ##

🔴 CVE-2026-61447 - Critical (10)

PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent._execute_python() that executes LLM-generated Python code without AST validation, import restrictions, or sandbox enforcement. Attackers can influence LLM output t...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-07-12T00:00:37.000Z ##

CVE-2026-61447: CRITICAL RCE in MervinPraison PraisonAI (<1.6.78). Unauthenticated attackers can exploit prompt injection to run arbitrary Python, risking system compromise & secret leaks. No patch yet — restrict exposure & monitor use. radar.offseq.com/threat/cve-20 #OffSeq #CVE202661447 #infosec #RCE

##

thehackerwire@mastodon.social at 2026-07-11T15:00:27.000Z ##

🔴 CVE-2026-61447 - Critical (10)

PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent._execute_python() that executes LLM-generated Python code without AST validation, import restrictions, or sandbox enforcement. Attackers can influence LLM output t...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-61445
(9.9 CRITICAL)

EPSS: 0.00%

updated 2026-07-11T14:16:23.240000

4 posts

PraisonAI before 4.6.78 contains arbitrary file write and command execution vulnerabilities in the AICoder component due to missing path validation and command sanitization in LLM tool calls. Attackers can inject malicious prompts through the chat interface to write files to arbitrary filesystem locations and execute arbitrary shell commands with root privileges.

offseq at 2026-07-12T01:30:24.880Z ##

CVE-2026-61445 (CRITICAL, CVSS 9.4): PraisonAI <4.6.78 suffers path traversal & command injection via AICoder chat. Attackers gain root, write files anywhere. Restrict access & monitor — no patch yet. radar.offseq.com/threat/cve-20

##

thehackerwire@mastodon.social at 2026-07-11T15:00:17.000Z ##

🔴 CVE-2026-61445 - Critical (9.9)

PraisonAI before 4.6.78 contains arbitrary file write and command execution vulnerabilities in the AICoder component due to missing path validation and command sanitization in LLM tool calls. Attackers can inject malicious prompts through the chat...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-07-12T01:30:24.000Z ##

CVE-2026-61445 (CRITICAL, CVSS 9.4): PraisonAI <4.6.78 suffers path traversal & command injection via AICoder chat. Attackers gain root, write files anywhere. Restrict access & monitor — no patch yet. radar.offseq.com/threat/cve-20 #OffSeq #CVE202661445 #AIsecurity #infosec

##

thehackerwire@mastodon.social at 2026-07-11T15:00:17.000Z ##

🔴 CVE-2026-61445 - Critical (9.9)

PraisonAI before 4.6.78 contains arbitrary file write and command execution vulnerabilities in the AICoder component due to missing path validation and command sanitization in LLM tool calls. Attackers can inject malicious prompts through the chat...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-61439
(7.5 HIGH)

EPSS: 0.00%

updated 2026-07-11T14:16:22.870000

2 posts

PraisonAI versions before 4.6.78 contain a prompt injection defense misconfiguration where the block threshold defaults to CRITICAL severity, allowing HIGH-level threats to pass through unblocked. Attackers can submit single-vector prompt injection attacks such as instruction overrides or financial manipulation that trigger HIGH severity detection but are logged without blocking, enabling system p

thehackerwire@mastodon.social at 2026-07-11T15:01:33.000Z ##

🟠 CVE-2026-61439 - High (7.5)

PraisonAI versions before 4.6.78 contain a prompt injection defense misconfiguration where the block threshold defaults to CRITICAL severity, allowing HIGH-level threats to pass through unblocked. Attackers can submit single-vector prompt injectio...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T15:01:33.000Z ##

🟠 CVE-2026-61439 - High (7.5)

PraisonAI versions before 4.6.78 contain a prompt injection defense misconfiguration where the block threshold defaults to CRITICAL severity, allowing HIGH-level threats to pass through unblocked. Attackers can submit single-vector prompt injectio...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-61429
(8.5 HIGH)

EPSS: 0.00%

updated 2026-07-11T14:16:22.740000

2 posts

PraisonAI versions before 1.6.78 contain a server-side request forgery vulnerability in the Crawl4AI/Chromium backend that allows attackers to bypass SSRF validation by exploiting DNS rebinding and HTTP redirects. Attackers can craft URLs that resolve to internal services after the initial validation check, enabling the headless browser to follow redirects and read internal responses including sen

thehackerwire@mastodon.social at 2026-07-11T15:01:23.000Z ##

🟠 CVE-2026-61429 - High (8.5)

PraisonAI versions before 1.6.78 contain a server-side request forgery vulnerability in the Crawl4AI/Chromium backend that allows attackers to bypass SSRF validation by exploiting DNS rebinding and HTTP redirects. Attackers can craft URLs that res...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T15:01:23.000Z ##

🟠 CVE-2026-61429 - High (8.5)

PraisonAI versions before 1.6.78 contain a server-side request forgery vulnerability in the Crawl4AI/Chromium backend that allows attackers to bypass SSRF validation by exploiting DNS rebinding and HTTP redirects. Attackers can craft URLs that res...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-60090
(9.8 CRITICAL)

EPSS: 0.00%

updated 2026-07-11T14:16:22.353000

4 posts

PraisonAI before 4.6.78 fails to validate the caller-controlled dimension argument in the PGVector and Cassandra knowledge-store create_collection() backends. Although schema, keyspace, and collection-name identifiers are validated, the dimension value (declared as int but not enforced at runtime) is interpolated directly into the vector column of the generated CREATE TABLE DDL. A caller able to i

offseq at 2026-07-12T03:00:25.083Z ##

CVE-2026-60090: PraisonAI <4.6.78 suffers CRITICAL SQL injection (CVSS 9.3). Unauthenticated attackers can drop tables or run arbitrary SQL/CQL via create_collection(). Restrict access & upgrade ASAP. radar.offseq.com/threat/cve-20

##

thehackerwire@mastodon.social at 2026-07-11T15:00:37.000Z ##

🔴 CVE-2026-60090 - Critical (9.8)

PraisonAI before 4.6.78 fails to validate the caller-controlled dimension argument in the PGVector and Cassandra knowledge-store create_collection() backends. Although schema, keyspace, and collection-name identifiers are validated, the dimension ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-07-12T03:00:25.000Z ##

CVE-2026-60090: PraisonAI <4.6.78 suffers CRITICAL SQL injection (CVSS 9.3). Unauthenticated attackers can drop tables or run arbitrary SQL/CQL via create_collection(). Restrict access & upgrade ASAP. radar.offseq.com/threat/cve-20 #OffSeq #infosec #SQLInjection #vuln

##

thehackerwire@mastodon.social at 2026-07-11T15:00:37.000Z ##

🔴 CVE-2026-60090 - Critical (9.8)

PraisonAI before 4.6.78 fails to validate the caller-controlled dimension argument in the PGVector and Cassandra knowledge-store create_collection() backends. Although schema, keyspace, and collection-name identifiers are validated, the dimension ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-57828(CVSS UNKNOWN)

EPSS: 0.00%

updated 2026-07-11T12:30:29

2 posts

The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file upload that allows registered users uploading executable files and leads to full RCE.

offseq at 2026-07-11T12:00:27.397Z ##

Phoca Download for Joomla (v1.0 – 6.1.2) suffers a CRITICAL vuln (CVE-2026-57828): Authenticated users can upload/execute malicious files (RCE risk). No official patch — limit upload access & monitor for updates. radar.offseq.com/threat/cve-20

##

offseq@infosec.exchange at 2026-07-11T12:00:27.000Z ##

Phoca Download for Joomla (v1.0 – 6.1.2) suffers a CRITICAL vuln (CVE-2026-57828): Authenticated users can upload/execute malicious files (RCE risk). No official patch — limit upload access & monitor for updates. radar.offseq.com/threat/cve-20 #OffSeq #Joomla #Infosec #CVE202657828

##

CVE-2026-57827(CVSS UNKNOWN)

EPSS: 0.00%

updated 2026-07-11T12:30:28

2 posts

The Joomla extension RSFiles is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.

offseq at 2026-07-11T10:30:24.579Z ##

CVE-2026-57827 (CRITICAL): RSFiles for Joomla v1.0 – 1.17.11 lets unauthenticated attackers upload & execute arbitrary files (RCE, CWE-434). No patch — restrict/disable the extension & monitor for updates. radar.offseq.com/threat/cve-20

##

offseq@infosec.exchange at 2026-07-11T10:30:24.000Z ##

CVE-2026-57827 (CRITICAL): RSFiles for Joomla v1.0 – 1.17.11 lets unauthenticated attackers upload & execute arbitrary files (RCE, CWE-434). No patch — restrict/disable the extension & monitor for updates. radar.offseq.com/threat/cve-20 #OffSeq #Joomla #RCE #Vuln

##

CVE-2026-1359
(8.8 HIGH)

EPSS: 0.00%

updated 2026-07-11T09:34:25

4 posts

The Genolve – AI image AI video generation plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the genolve_setOpt() function in all versions up to, and including, 5.0.5. This makes it possible for authenticated attackers, with Contributor-level access and above, to update arbitrary WordPress options, including enabling user registration and

thehackerwire@mastodon.social at 2026-07-11T09:59:48.000Z ##

🟠 CVE-2026-1359 - High (8.8)

The Genolve – AI image AI video generation plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the genolve_setOpt() function in all versions up to, and including, 5.0.5. This makes it poss...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq at 2026-07-11T09:00:27.889Z ##

CVE-2026-1359: Genolve AI Business Graphics & Images plugin ≤5.0.5 (HIGH, CVSS 8.8) allows Contributor+ users to escalate privileges by altering WP options via flawed auth checks. Restrict permissions & monitor for patches. radar.offseq.com/threat/cve-20

##

thehackerwire@mastodon.social at 2026-07-11T09:59:48.000Z ##

🟠 CVE-2026-1359 - High (8.8)

The Genolve – AI image AI video generation plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the genolve_setOpt() function in all versions up to, and including, 5.0.5. This makes it poss...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-07-11T09:00:27.000Z ##

CVE-2026-1359: Genolve AI Business Graphics & Images plugin ≤5.0.5 (HIGH, CVSS 8.8) allows Contributor+ users to escalate privileges by altering WP options via flawed auth checks. Restrict permissions & monitor for patches. radar.offseq.com/threat/cve-20 #OffSeq #WordPress #Vuln #Infosec

##

CVE-2026-9282
(7.5 HIGH)

EPSS: 0.40%

updated 2026-07-11T09:34:25

4 posts

The W3 Total Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.4 via the setupSources function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. Exploitation requires enabling manual minify mode and supplying a manual-format minify filename so

thehackerwire@mastodon.social at 2026-07-11T07:59:50.000Z ##

🟠 CVE-2026-9282 - High (7.5)

The W3 Total Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.4 via the setupSources function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq at 2026-07-11T07:30:25.149Z ##

CVE-2026-9282: HIGH severity Path Traversal in boldgrid W3 Total Cache ≤2.9.4. Unauthenticated file read possible if manual minify is enabled and misconfigured. Review configs & monitor for abuse. radar.offseq.com/threat/cve-20

##

thehackerwire@mastodon.social at 2026-07-11T07:59:50.000Z ##

🟠 CVE-2026-9282 - High (7.5)

The W3 Total Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.4 via the setupSources function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-07-11T07:30:25.000Z ##

CVE-2026-9282: HIGH severity Path Traversal in boldgrid W3 Total Cache ≤2.9.4. Unauthenticated file read possible if manual minify is enabled and misconfigured. Review configs & monitor for abuse. radar.offseq.com/threat/cve-20 #OffSeq #WordPress #Vuln #Cybersecurity

##

CVE-2025-6784
(8.8 HIGH)

EPSS: 0.31%

updated 2026-07-11T09:34:18

2 posts

The Code Engine plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 0.3.5 via the 'code-engine' shortcode. This is due to the plugin not restricting access to the code injecting functionality of the plugin. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server.

thehackerwire@mastodon.social at 2026-07-11T10:00:13.000Z ##

🟠 CVE-2025-6784 - High (8.8)

The Code Engine plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 0.3.5 via the 'code-engine' shortcode. This is due to the plugin not restricting access to the code injecting functionality of the pl...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T10:00:13.000Z ##

🟠 CVE-2025-6784 - High (8.8)

The Code Engine plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 0.3.5 via the 'code-engine' shortcode. This is due to the plugin not restricting access to the code injecting functionality of the pl...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4661
(7.5 HIGH)

EPSS: 0.29%

updated 2026-07-11T07:16:46.513000

2 posts

The WP CTA – Sticky CTA Builder, Generate Leads, Promote Sales plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'fildname' parameter in all versions up to, and including, 2.2.2. This is due to insufficient escaping of user-supplied column names in the ajaxCheck() method and lack of preparation in the $wpdb->update() call. The vulnerability is compounded by the complete

thehackerwire@mastodon.social at 2026-07-11T08:00:13.000Z ##

🟠 CVE-2026-4661 - High (7.5)

The WP CTA – Sticky CTA Builder, Generate Leads, Promote Sales plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'fildname' parameter in all versions up to, and including, 2.2.2. This is due to insufficient escaping of...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T08:00:13.000Z ##

🟠 CVE-2026-4661 - High (7.5)

The WP CTA – Sticky CTA Builder, Generate Leads, Promote Sales plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'fildname' parameter in all versions up to, and including, 2.2.2. This is due to insufficient escaping of...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-15155
(8.8 HIGH)

EPSS: 0.37%

updated 2026-07-11T07:16:46.170000

2 posts

The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Authenticated Account Takeover via Email Header Injection in all versions up to, and including, 6.6.10 This is due to insufficient server-side validation of a Login/Register widget setting used to construct outgoing email headers — the allowed-values restriction is enforced only in the

thehackerwire@mastodon.social at 2026-07-11T08:00:00.000Z ##

🟠 CVE-2026-15155 - High (8.8)

The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Authenticated Account Takeover via Email Header Injection in all versions up to, and including, 6.6.10 This is due to insufficient s...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T08:00:00.000Z ##

🟠 CVE-2026-15155 - High (8.8)

The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Authenticated Account Takeover via Email Header Injection in all versions up to, and including, 6.6.10 This is due to insufficient s...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-14262
(8.8 HIGH)

EPSS: 0.31%

updated 2026-07-11T06:31:24

2 posts

The Simple JWT Login – Allows you to use JWT on REST endpoints. plugin for WordPress is vulnerable to Authentication Bypass to Privilege Escalation in all versions up to, and including, 3.6.6 via the `payload` parameter. The vulnerability exists because `AuthenticateService::generatePayload()` only overwrites JWT payload keys whose names appear in the admin-configured `jwt_payload` list — leaving

thehackerwire@mastodon.social at 2026-07-11T11:00:08.000Z ##

🟠 CVE-2026-14262 - High (8.8)

The Simple JWT Login – Allows you to use JWT on REST endpoints. plugin for WordPress is vulnerable to Authentication Bypass to Privilege Escalation in all versions up to, and including, 3.6.6 via the `payload` parameter. The vulnerability exists...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T11:00:08.000Z ##

🟠 CVE-2026-14262 - High (8.8)

The Simple JWT Login – Allows you to use JWT on REST endpoints. plugin for WordPress is vulnerable to Authentication Bypass to Privilege Escalation in all versions up to, and including, 3.6.6 via the `payload` parameter. The vulnerability exists...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-2354
(8.8 HIGH)

EPSS: 0.33%

updated 2026-07-11T06:31:24

2 posts

The Swiss Toolkit For WP plugin for WordPress is vulnerable to arbitrary file upload due to a flawed file type validation bypass in the `upload_extension_files()` function in all versions up to, and including, 1.4.6. The `upload_extension_files()` function hooks into WordPress's `wp_check_filetype_and_ext` filter and uses `strpos()` to check if a filename contains a configured extension string, ra

thehackerwire@mastodon.social at 2026-07-11T10:00:34.000Z ##

🟠 CVE-2026-2354 - High (8.8)

The Swiss Toolkit For WP plugin for WordPress is vulnerable to arbitrary file upload due to a flawed file type validation bypass in the `upload_extension_files()` function in all versions up to, and including, 1.4.6. The `upload_extension_files()`...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T10:00:34.000Z ##

🟠 CVE-2026-2354 - High (8.8)

The Swiss Toolkit For WP plugin for WordPress is vulnerable to arbitrary file upload due to a flawed file type validation bypass in the `upload_extension_files()` function in all versions up to, and including, 1.4.6. The `upload_extension_files()`...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-13114
(7.2 HIGH)

EPSS: 0.23%

updated 2026-07-11T06:31:24

2 posts

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Comment Content and User Biographical Info in all versions up to, and including, 1.4.112 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a u

offseq at 2026-07-11T04:30:23.262Z ##

Motors – Car Dealership & Classified Listings Plugin (≤1.4.112) hit by HIGH severity stored XSS (CVE-2026-13114). Unauthenticated attackers can inject JS via comments/biographical fields. Patch pending; restrict inputs. radar.offseq.com/threat/cve-20 🛡️

##

offseq@infosec.exchange at 2026-07-11T04:30:23.000Z ##

Motors – Car Dealership & Classified Listings Plugin (≤1.4.112) hit by HIGH severity stored XSS (CVE-2026-13114). Unauthenticated attackers can inject JS via comments/biographical fields. Patch pending; restrict inputs. radar.offseq.com/threat/cve-20 #OffSeq #WordPress #XSS 🛡️

##

CVE-2026-7655
(8.1 HIGH)

EPSS: 0.25%

updated 2026-07-11T06:16:10.657000

4 posts

The SureCart plugin for WordPress is vulnerable to privilege escalation via account takeover in versions up to, and including, 4.2.3. This is due to the plugin not properly validating a user's identity prior to updating their details like email during customer profile synchronization from webhook events. This makes it possible for unauthenticated attackers to change linked user's email addresses,

thehackerwire@mastodon.social at 2026-07-11T10:00:24.000Z ##

🟠 CVE-2026-7655 - High (8.1)

The SureCart plugin for WordPress is vulnerable to privilege escalation via account takeover in versions up to, and including, 4.2.3. This is due to the plugin not properly validating a user's identity prior to updating their details like email du...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq at 2026-07-11T06:00:30.182Z ##

CVE-2026-7655 | HIGH severity in SureCart WordPress plugin (≤4.2.3): Unauthenticated attackers can hijack accounts, including admins, by exploiting weak email validation in webhook sync. Restrict webhook access, monitor activity. radar.offseq.com/threat/cve-20

##

thehackerwire@mastodon.social at 2026-07-11T10:00:24.000Z ##

🟠 CVE-2026-7655 - High (8.1)

The SureCart plugin for WordPress is vulnerable to privilege escalation via account takeover in versions up to, and including, 4.2.3. This is due to the plugin not properly validating a user's identity prior to updating their details like email du...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-07-11T06:00:30.000Z ##

CVE-2026-7655 | HIGH severity in SureCart WordPress plugin (≤4.2.3): Unauthenticated attackers can hijack accounts, including admins, by exploiting weak email validation in webhook sync. Restrict webhook access, monitor activity. radar.offseq.com/threat/cve-20 #OffSeq #WordPress #Infosec #Vuln

##

CVE-2026-13378
(7.2 HIGH)

EPSS: 0.22%

updated 2026-07-11T06:16:08.930000

1 posts

The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Contact Form 7 Form Field in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

hugovalters@mastodon.social at 2026-07-11T17:05:14.000Z ##

CVE-2026-13378 - Stored XSS in Form Vibes WordPress plugin. Unauthenticated attackers can inject scripts via Contact Form 7 fields. CVSS 7.2. No patch available. Disable or replace immediately. #CVE #WordPress #infosec

valtersit.com/cve/CVE-2026-133

##

CVE-2026-15335
(7.5 HIGH)

EPSS: 0.39%

updated 2026-07-11T05:16:32.923000

3 posts

The Booking Package plugin for WordPress is vulnerable to generic SQL Injection via 'email' Form Parameter (form<N>) in all versions up to, and including, 1.7.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries

hugovalters@mastodon.social at 2026-07-12T05:04:04.000Z ##

CVE-2026-15335 - SQLi in Booking Package for WordPress. Unauthenticated attackers can extract sensitive DB info. CVSS 7.5. No patch available. Disable or replace immediately. #CVE #WordPress #infosec

valtersit.com/cve/CVE-2026-153

##

thehackerwire@mastodon.social at 2026-07-11T11:00:18.000Z ##

🟠 CVE-2026-15335 - High (7.5)

The Booking Package plugin for WordPress is vulnerable to generic SQL Injection via 'email' Form Parameter (form) in all versions up to, and including, 1.7.20 due to insufficient escaping on the user supplied parameter and lack of sufficient prepa...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T11:00:18.000Z ##

🟠 CVE-2026-15335 - High (7.5)

The Booking Package plugin for WordPress is vulnerable to generic SQL Injection via 'email' Form Parameter (form) in all versions up to, and including, 1.7.20 due to insufficient escaping on the user supplied parameter and lack of sufficient prepa...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-15338
(7.5 HIGH)

EPSS: 0.32%

updated 2026-07-11T04:17:22.537000

2 posts

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.1 via the get_type_template function. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be us

thehackerwire@mastodon.social at 2026-07-11T05:00:14.000Z ##

🟠 CVE-2026-15338 - High (7.5)

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.1 via the get_type_template function. This makes it possible for authenticated attackers, with contributor...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T05:00:14.000Z ##

🟠 CVE-2026-15338 - High (7.5)

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.1 via the get_type_template function. This makes it possible for authenticated attackers, with contributor...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-13353
(8.8 HIGH)

EPSS: 0.38%

updated 2026-07-11T04:17:16.937000

2 posts

The WP Ultimate CSV Importer – WordPress Import & Export for CSV, XML & Excel plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 8.0.1 via the 'MappedFields' parameter. This is due to missing capability checks on the AJAX handlers for install_addon, saveMappedFields, and StartImport, combined with the plugin nonce being exposed to any authenticated us

thehackerwire@mastodon.social at 2026-07-11T05:00:26.000Z ##

🟠 CVE-2026-13353 - High (8.8)

The WP Ultimate CSV Importer – WordPress Import & Export for CSV, XML & Excel plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 8.0.1 via the 'MappedFields' parameter. This is due to missing capabi...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T05:00:26.000Z ##

🟠 CVE-2026-13353 - High (8.8)

The WP Ultimate CSV Importer – WordPress Import & Export for CSV, XML & Excel plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 8.0.1 via the 'MappedFields' parameter. This is due to missing capabi...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-13756
(8.8 HIGH)

EPSS: 0.31%

updated 2026-07-11T02:32:48

3 posts

The WP Grid Builder plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.3.3. This is due to missing authorization and meta key validation in the `update()` handler for the `/wp-json/wpgb/v2/metadata` REST endpoint. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to Administrator b

hugovalters@mastodon.social at 2026-07-11T14:08:55.000Z ##

CVE-2026-13756 - Privilege Escalation in WP Grid Builder plugin. Subscriber+ can become Admin via REST API flaw. CVSS 8.8. No patch available. Disable or restrict access immediately. #CVE #WordPress #infosec

valtersit.com/cve/CVE-2026-137

##

thehackerwire@mastodon.social at 2026-07-11T05:00:39.000Z ##

🟠 CVE-2026-13756 - High (8.8)

The WP Grid Builder plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.3.3. This is due to missing authorization and meta key validation in the `update()` handler for the `/wp-json/wpgb/v2/metadata` ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T05:00:39.000Z ##

🟠 CVE-2026-13756 - High (8.8)

The WP Grid Builder plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.3.3. This is due to missing authorization and meta key validation in the `update()` handler for the `/wp-json/wpgb/v2/metadata` ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-42952
(7.5 HIGH)

EPSS: 0.38%

updated 2026-07-11T00:31:56

2 posts

Previously, there was no throttling on repeated authentication attempts to the charging station backend, which could allow an attacker to execute a denial-of-service attack.

thehackerwire@mastodon.social at 2026-07-11T00:00:22.000Z ##

🟠 CVE-2026-42952 - High (7.5)

Previously, there was no throttling on repeated authentication attempts
to the charging station backend, which could allow an attacker to
execute a denial-of-service attack.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T00:00:22.000Z ##

🟠 CVE-2026-42952 - High (7.5)

Previously, there was no throttling on repeated authentication attempts
to the charging station backend, which could allow an attacker to
execute a denial-of-service attack.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-55175
(7.5 HIGH)

EPSS: 0.61%

updated 2026-07-10T23:16:48.487000

2 posts

Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to versions 2026.1.1, 2026.0.3, 2025.4.4, and 2025.3.4 on their respective release lines, Kustomize bake operations allow unsafe YAML tag processing in rosco manifests. This can lead to remote code execution on rosco pods when performing Kustomize bakes. This issue is fixed in versions 2026.1.1, 2026.0.3, 2025.4.4, and 20

thehackerwire@mastodon.social at 2026-07-11T00:00:44.000Z ##

🟠 CVE-2026-55175 - High (7.5)

Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to versions 2026.1.1, 2026.0.3, 2025.4.4, and 2025.3.4 on their respective release lines, Kustomize bake operations allow unsafe YAML tag processing in rosco manifests. T...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T00:00:44.000Z ##

🟠 CVE-2026-55175 - High (7.5)

Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to versions 2026.1.1, 2026.0.3, 2025.4.4, and 2025.3.4 on their respective release lines, Kustomize bake operations allow unsafe YAML tag processing in rosco manifests. T...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-44383
(7.5 HIGH)

EPSS: 0.56%

updated 2026-07-10T23:16:48.343000

2 posts

Multiple connections to the backend using the same charging station ID are allowed, which could allow an attacker to deploy multiple instances of malicious OCPP clients to overwhelm the backend.

thehackerwire@mastodon.social at 2026-07-11T00:00:33.000Z ##

🟠 CVE-2026-44383 - High (7.5)

Multiple connections to the backend using the same charging station ID
are allowed, which could allow an attacker to deploy multiple instances
of malicious OCPP clients to overwhelm the backend.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T00:00:33.000Z ##

🟠 CVE-2026-44383 - High (7.5)

Multiple connections to the backend using the same charging station ID
are allowed, which could allow an attacker to deploy multiple instances
of malicious OCPP clients to overwhelm the backend.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-20744
(9.8 CRITICAL)

EPSS: 0.52%

updated 2026-07-10T23:16:47.683000

4 posts

The charging station websocket endpoint accepts connections without proper authentication, which could lead to privilege escalation.

thehackerwire@mastodon.social at 2026-07-11T11:59:47.000Z ##

🔴 CVE-2026-20744 - Critical (9.8)

The charging station websocket endpoint accepts connections without
proper authentication, which could lead to privilege escalation.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq at 2026-07-11T00:00:36.449Z ##

CVE-2026-20744 (CRITICAL, CVSS 9.8): Hydro-Québec Le Circuit Electrique backend websocket lacks auth, allowing privilege escalation. No patch available. Restrict access & monitor connections. radar.offseq.com/threat/cve-20

##

thehackerwire@mastodon.social at 2026-07-11T11:59:47.000Z ##

🔴 CVE-2026-20744 - Critical (9.8)

The charging station websocket endpoint accepts connections without
proper authentication, which could lead to privilege escalation.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-07-11T00:00:36.000Z ##

CVE-2026-20744 (CRITICAL, CVSS 9.8): Hydro-Québec Le Circuit Electrique backend websocket lacks auth, allowing privilege escalation. No patch available. Restrict access & monitor connections. radar.offseq.com/threat/cve-20 #OffSeq #CVE202620744 #ICS #Vulnerability

##

CVE-2026-14480
(9.9 CRITICAL)

EPSS: 0.62%

updated 2026-07-10T23:16:47.110000

2 posts

OpenPLC Runtime v3 contains an authenticated arbitrary file write vulnerability in the legacy web UI program‑upload workflow. The application stores an attacker‑supplied filename (prog_file) directly into the Programs.File database field and later uses this value as the destination path for an uploaded file without validating or restricting the path. Because Python os.path.join() honors attac

thehackerwire@mastodon.social at 2026-07-11T11:00:27.000Z ##

🔴 CVE-2026-14480 - Critical (9.9)

OpenPLC Runtime v3 contains an authenticated arbitrary file write
vulnerability in the legacy web UI program‑upload workflow. The
application stores an attacker‑supplied filename (prog_file) directly
into the Programs.File database field an...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T11:00:27.000Z ##

🔴 CVE-2026-14480 - Critical (9.9)

OpenPLC Runtime v3 contains an authenticated arbitrary file write
vulnerability in the legacy web UI program‑upload workflow. The
application stores an attacker‑supplied filename (prog_file) directly
into the Programs.File database field an...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-55884
(0 None)

EPSS: 0.40%

updated 2026-07-10T22:16:44.423000

2 posts

Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.20.8 through 0.37.3, the Tilt HUD HTTP server registers handlers on a gorilla/mux router with no authenticating middleware. When the HUD is bound to a non-loopback address, an unauthenticated network caller can trigger developer-defined resources, tamper with Tiltfile arguments, read full engine state including the s

offseq at 2026-07-11T01:30:25.006Z ##

CVE-2026-55884: tilt-dev tilt (0.20.8 – 0.37.3) has a CRITICAL auth bypass. Exposes dev resources & session tokens if HUD is bound to non-loopback. Upgrade to 0.37.4 ASAP. radar.offseq.com/threat/cve-20

##

offseq@infosec.exchange at 2026-07-11T01:30:25.000Z ##

CVE-2026-55884: tilt-dev tilt (0.20.8 – 0.37.3) has a CRITICAL auth bypass. Exposes dev resources & session tokens if HUD is bound to non-loopback. Upgrade to 0.37.4 ASAP. radar.offseq.com/threat/cve-20 #OffSeq #Vulnerability #Kubernetes #Infosec

##

CVE-2026-44795
(8.8 HIGH)

EPSS: 1.00%

updated 2026-07-10T22:16:41.717000

2 posts

Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to 2026.1.0, 2026.0.3, 2025.4.4, and 2025.3.3, unsafe YAML processing bypasses safe deserialization when using CloudFormation deployments or CloudFoundry baking. The use of a non-safe constructor allows arbitrary loading of Java classes, leading to remote code execution. This issue is fixed in versions 2026.1.0, 2026.0.3,

thehackerwire@mastodon.social at 2026-07-11T13:00:14.000Z ##

🟠 CVE-2026-44795 - High (8.8)

Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to 2026.1.0, 2026.0.3, 2025.4.4, and 2025.3.3, unsafe YAML processing bypasses safe deserialization when using CloudFormation deployments or CloudFoundry baking. The use ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T13:00:14.000Z ##

🟠 CVE-2026-44795 - High (8.8)

Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to 2026.1.0, 2026.0.3, 2025.4.4, and 2025.3.3, unsafe YAML processing bypasses safe deserialization when using CloudFormation deployments or CloudFoundry baking. The use ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-57807
(9.8 CRITICAL)

EPSS: 0.43%

updated 2026-07-10T21:32:40

3 posts

Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Security Software Pvt Ltd. OAuth Single Sign On - SSO (OAuth Client) allows Password Recovery Exploitation. This issue affects OAuth Single Sign On - SSO (OAuth Client): from n/a through 38.5.8.

offseq at 2026-07-11T03:00:26.099Z ##

CVE-2026-57807 | CRITICAL auth bypass in miniOrange OAuth SSO (<=38.5.8). Exploit via password recovery threatens full compromise. No patch yet — monitor for vendor updates. radar.offseq.com/threat/cve-20

##

offseq@infosec.exchange at 2026-07-11T03:00:26.000Z ##

CVE-2026-57807 | CRITICAL auth bypass in miniOrange OAuth SSO (<=38.5.8). Exploit via password recovery threatens full compromise. No patch yet — monitor for vendor updates. radar.offseq.com/threat/cve-20 #OffSeq #CVE202657807 #OAuth #Security

##

thehackerwire@mastodon.social at 2026-07-10T22:00:25.000Z ##

🔴 CVE-2026-57807 - Critical (9.8)

Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Security Software Pvt Ltd. OAuth Single Sign On - SSO (OAuth Client) allows Password Recovery Exploitation.

This issue affects OAuth Single Sign On - SSO (OAuth ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-61459
(9.8 CRITICAL)

EPSS: 0.42%

updated 2026-07-10T21:32:32

1 posts

MCP Server Kubernetes before 3.9.0 contains an argument injection vulnerability in structured tools (kubectl_get, kubectl_describe, kubectl_delete) that allows attackers to bypass the assertNoDangerousFlags security check by supplying resourceType and name parameters with leading dashes. Attackers can inject the --server flag to redirect kubectl commands to an attacker-controlled API server, causi

thehackerwire@mastodon.social at 2026-07-10T20:00:19.000Z ##

🔴 CVE-2026-61459 - Critical (9.8)

MCP Server Kubernetes before 3.9.0 contains an argument injection vulnerability in structured tools (kubectl_get, kubectl_describe, kubectl_delete) that allows attackers to bypass the assertNoDangerousFlags security check by supplying resourceType...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5801
(9.8 CRITICAL)

EPSS: 0.40%

updated 2026-07-10T21:32:32

1 posts

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Semtek Informatics Software Consulting Trade Ltd. Co. SEM-PMP allows Command Line Execution through SQL Injection. This issue affects SEM-PMP: through 23042026.

thehackerwire@mastodon.social at 2026-07-10T20:00:08.000Z ##

🔴 CVE-2026-5801 - Critical (9.8)

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Semtek Informatics Software Consulting Trade Ltd. Co. SEM-PMP allows Command Line Execution through SQL Injection.

This issue affects SEM-PMP: t...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-30007
(8.8 HIGH)

EPSS: 2.08%

updated 2026-07-10T21:32:29

2 posts

HestiaCP before 1.9.5 contains an authenticated OS command injection vulnerability that allows low-privilege authenticated users to execute arbitrary commands as root by injecting a single-quote character into unvalidated DNS record types. Attackers can exploit insufficient input validation in is_dns_record_format_valid() combined with unsafe eval-based parsing in update_domain_zone() to premature

thehackerwire@mastodon.social at 2026-07-11T18:00:09.000Z ##

🟠 CVE-2025-30007 - High (8.8)

HestiaCP before 1.9.5 contains an authenticated OS command injection vulnerability that allows low-privilege authenticated users to execute arbitrary commands as root by injecting a single-quote character into unvalidated DNS record types. Attacke...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T18:00:09.000Z ##

🟠 CVE-2025-30007 - High (8.8)

HestiaCP before 1.9.5 contains an authenticated OS command injection vulnerability that allows low-privilege authenticated users to execute arbitrary commands as root by injecting a single-quote character into unvalidated DNS record types. Attacke...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-61444
(9.1 CRITICAL)

EPSS: 0.39%

updated 2026-07-10T21:17:00.530000

2 posts

PraisonAI versions before 4.6.78 contain a code injection vulnerability in deploy/api.py where the agents_file parameter is directly interpolated into an f-string without sanitization. Attackers can inject arbitrary Python code that executes when the generated server code runs via subprocess.Popen().

thehackerwire@mastodon.social at 2026-07-12T03:00:04.000Z ##

🔴 CVE-2026-61444 - Critical (9.1)

PraisonAI versions before 4.6.78 contain a code injection vulnerability in deploy/api.py where the agents_file parameter is directly interpolated into an f-string without sanitization. Attackers can inject arbitrary Python code that executes when ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-12T03:00:04.000Z ##

🔴 CVE-2026-61444 - Critical (9.1)

PraisonAI versions before 4.6.78 contain a code injection vulnerability in deploy/api.py where the agents_file parameter is directly interpolated into an f-string without sanitization. Attackers can inject arbitrary Python code that executes when ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-58122
(9.1 CRITICAL)

EPSS: 0.29%

updated 2026-07-10T21:17:00.080000

2 posts

Hermes WebUI before 0.51.307 contains an authentication bypass vulnerability that allows unauthenticated remote attackers to circumvent local-origin IP restrictions on onboarding endpoints by supplying a spoofed X-Forwarded-For header with a loopback address. Attackers can exploit this bypass to perform server-side request forgery against internal services including cloud metadata endpoints, overw

offseq@infosec.exchange at 2026-07-10T00:00:36.000Z ##

CVE-2026-58122 (CRITICAL): Hermes WebUI <0.51.307 lets remote attackers bypass local IP restrictions via spoofed X-Forwarded-For — enabling SSRF, config overwrite, and OAuth token theft. Restrict header spoofing & monitor access. radar.offseq.com/threat/cve-20 #OffSeq #CVE202658122 #infosec #SSRF

##

thehackerwire@mastodon.social at 2026-07-09T23:01:20.000Z ##

🔴 CVE-2026-58122 - Critical (9.1)

Hermes WebUI before 0.51.307 contains an authentication bypass vulnerability that allows unauthenticated remote attackers to circumvent local-origin IP restrictions on onboarding endpoints by supplying a spoofed X-Forwarded-For header with a loopb...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-57220
(7.5 HIGH)

EPSS: 0.43%

updated 2026-07-10T21:16:59.180000

2 posts

RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, the RabbitMQ stream listener does not enforce the configured stream frame-size limit while assembling frames during authentication and before Tune negotiation, allowing an unauthenticated remote client to declare oversized frame lengths and consume broker memory in rabbit_stream_core. This issue is fixed in version 4.2.6.

hugovalters@mastodon.social at 2026-07-11T09:00:34.000Z ##

CVE-2026-57220 - DoS in RabbitMQ. Unauthenticated remote client can consume broker memory via oversized stream frames. CVSS 7.5. Update to 4.2.6 now. #CVE #RabbitMQ #infosec

valtersit.com/cve/CVE-2026-572

##

thehackerwire@mastodon.social at 2026-07-10T22:00:14.000Z ##

🟠 CVE-2026-57220 - High (7.5)

RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, the RabbitMQ stream listener does not enforce the configured stream frame-size limit while assembling frames during authentication and before Tune negotiation, allowing an unauthenticat...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-55827
(7.5 HIGH)

EPSS: 0.45%

updated 2026-07-10T21:16:57.267000

1 posts

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.27.1, FreeRDP clients launched with the non-default /cache:codec:rfx option pass desktop stride and height to RemoteFX decoding for Cache Bitmap V3 data while allocating bitmap->data only for the smaller DstWidth and DstHeight in gdi_Bitmap_Decompress, allowing a malicious RDP server to trigger a heap out-of-bounds write w

thehackerwire@mastodon.social at 2026-07-10T21:00:01.000Z ##

🟠 CVE-2026-55827 - High (7.5)

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.27.1, FreeRDP clients launched with the non-default /cache:codec:rfx option pass desktop stride and height to RemoteFX decoding for Cache Bitmap V3 data while allocating b...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-55659
(7.7 HIGH)

EPSS: 0.27%

updated 2026-07-10T21:16:56.577000

1 posts

Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, several server-rendered Grist pages embedded user-controlled values into the page and into inline scripts without fully escaping them, allowing cross-site scripting. On the main application page, a document's name or description, set by a document editor, is rendered into the page that other users load when openin

thehackerwire@mastodon.social at 2026-07-10T22:01:13.000Z ##

🟠 CVE-2026-55659 - High (7.7)

Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, several server-rendered Grist pages embedded user-controlled values into the page and into inline scripts without fully escaping them, allowing cross-site scripti...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-55233
(7.5 HIGH)

EPSS: 0.34%

updated 2026-07-10T21:16:55.760000

3 posts

OpenResty is a high performance web platform. From 1.29.2.1 to before 1.29.2.5, an out-of-bounds write vulnerability exists in the upstream PROXY protocol v2 implementation. When OpenResty is configured to send PROXY protocol version 2 headers to upstream servers, constructing the header in the stream proxy protocol v2 patch can write beyond the bounds of the allocated buffer, causing the worker p

thehackerwire@mastodon.social at 2026-07-11T13:00:37.000Z ##

🟠 CVE-2026-55233 - High (7.5)

OpenResty is a high performance web platform. From 1.29.2.1 to before 1.29.2.5, an out-of-bounds write vulnerability exists in the upstream PROXY protocol v2 implementation. When OpenResty is configured to send PROXY protocol version 2 headers to ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

hugovalters@mastodon.social at 2026-07-11T12:04:47.000Z ##

CVE-2026-55233 - DoS via OOB write in OpenResty PROXY protocol v2. CVSS 7.5. Workers crash when sending PROXY headers. Update to 1.29.2.5 immediately. #CVE #OpenResty #infosec

valtersit.com/cve/CVE-2026-552

##

thehackerwire@mastodon.social at 2026-07-11T13:00:37.000Z ##

🟠 CVE-2026-55233 - High (7.5)

OpenResty is a high performance web platform. From 1.29.2.1 to before 1.29.2.5, an out-of-bounds write vulnerability exists in the upstream PROXY protocol v2 implementation. When OpenResty is configured to send PROXY protocol version 2 headers to ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-55213
(7.5 HIGH)

EPSS: 0.34%

updated 2026-07-10T21:16:55.497000

1 posts

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit edd7a120bfc4af11ac0cbebce2a43cc1f93f9af1, when h2o processes a QPACK instruction sent from the peer over HTTP/3, lib/http3/qpack.c might allocate an on-stack buffer as large as approximately 800 KB by calling alloca, which exceeds the default pthread stack size used by musl libc and causes the h2o server to crash w

thehackerwire@mastodon.social at 2026-07-10T22:01:23.000Z ##

🟠 CVE-2026-55213 - High (7.5)

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit edd7a120bfc4af11ac0cbebce2a43cc1f93f9af1, when h2o processes a QPACK instruction sent from the peer over HTTP/3, lib/http3/qpack.c might allocate an on-stack buffe...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-12761
(9.8 CRITICAL)

EPSS: 0.46%

updated 2026-07-10T21:16:53.160000

2 posts

The miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass leading to account takeover in versions up to and including 7.7.0. This is due to the Profile Completion flow accepting an arbitrary email address via the 'email_field' POST parameter without verifying that the email belongs to the identity returned by the OAuth

thehackerwire@mastodon.social at 2026-07-11T14:00:05.000Z ##

🔴 CVE-2026-12761 - Critical (9.8)

The miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass leading to account takeover in versions up to and including 7.7.0. This is due to the Profile Completion flow...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T14:00:05.000Z ##

🔴 CVE-2026-12761 - Critical (9.8)

The miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass leading to account takeover in versions up to and including 7.7.0. This is due to the Profile Completion flow...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6212
(8.8 HIGH)

EPSS: 0.25%

updated 2026-07-10T20:16:49.257000

2 posts

Authorization bypass through User-Controlled key vulnerability in Teracity Software Technologies Inc. TeraMIS allows Privilege Abuse. This issue affects TeraMIS: from V03.26.01.14 through 30.04.2026.

thehackerwire@mastodon.social at 2026-07-11T16:00:34.000Z ##

🟠 CVE-2026-6212 - High (8.8)

Authorization bypass through User-Controlled key vulnerability in Teracity Software Technologies Inc. TeraMIS allows Privilege Abuse.

This issue affects TeraMIS: from V03.26.01.14 through 30.04.2026.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T16:00:34.000Z ##

🟠 CVE-2026-6212 - High (8.8)

Authorization bypass through User-Controlled key vulnerability in Teracity Software Technologies Inc. TeraMIS allows Privilege Abuse.

This issue affects TeraMIS: from V03.26.01.14 through 30.04.2026.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-61461
(8.8 HIGH)

EPSS: 0.36%

updated 2026-07-10T20:16:49.137000

2 posts

Dify before 1.16.0-rc1 contains a SQL injection vulnerability in the MyScale vector store backend that allows attackers to execute arbitrary SQL by supplying unsanitized search parameters to the search_by_full_text method without escaping or parameterization. Attackers can inject malicious SQL through the search parameters to read, modify, or delete data in the underlying ClickHouse database.

thehackerwire@mastodon.social at 2026-07-11T16:00:16.000Z ##

🟠 CVE-2026-61461 - High (8.8)

Dify before 1.16.0-rc1 contains a SQL injection vulnerability in the MyScale vector store backend that allows attackers to execute arbitrary SQL by supplying unsanitized search parameters to the search_by_full_text method without escaping or param...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T16:00:16.000Z ##

🟠 CVE-2026-61461 - High (8.8)

Dify before 1.16.0-rc1 contains a SQL injection vulnerability in the MyScale vector store backend that allows attackers to execute arbitrary SQL by supplying unsanitized search parameters to the search_by_full_text method without escaping or param...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-61460
(8.8 HIGH)

EPSS: 0.28%

updated 2026-07-10T20:16:49.030000

1 posts

Krayin CRM through 2.2.3 contains an insecure direct object reference vulnerability in LeadController, PersonController, OrganizationController, QuoteController, and ActivityController that allows authenticated users to edit, update, or delete records owned by other users. Attackers can modify CRM records and reassign ownership by exploiting missing record-level ownership validation in edit, updat

thehackerwire@mastodon.social at 2026-07-10T20:00:29.000Z ##

🟠 CVE-2026-61460 - High (8.8)

Krayin CRM through 2.2.3 contains an insecure direct object reference vulnerability in LeadController, PersonController, OrganizationController, QuoteController, and ActivityController that allows authenticated users to edit, update, or delete rec...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-57850
(8.3 HIGH)

EPSS: 0.33%

updated 2026-07-10T20:16:48.663000

1 posts

RustDesk before 1.4.9 does not enforce a session's authorized connection scope on the server side, so a peer granted a limited session type (FileTransfer, PortForward, ViewCamera, or Terminal) can send control messages and login options reserved for a full Remote session. An authenticated remote peer can exploit this missing scope check to act outside its granted scope, injecting out-of-scope cont

1 repos

https://github.com/sn0x-sharma/CVE-2026-57850

thehackerwire@mastodon.social at 2026-07-10T21:00:11.000Z ##

🟠 CVE-2026-57850 - High (8.3)

RustDesk before 1.4.9 does not enforce a session's authorized connection scope on the server side, so a peer granted a limited session type (FileTransfer, PortForward, ViewCamera, or Terminal) can send control messages and login options reserved f...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-55604
(8.6 HIGH)

EPSS: 0.22%

updated 2026-07-10T19:20:32.893000

1 posts

DeepSeek MCP Server is an MCP server for DeepSeek V4. Starting in version 1.4.2 and prior to version 1.7.0, the process-global `SessionStore` accepts caller-supplied `session_id` values without binding them to any authenticated principal or transport session. An attacker can enumerate active session IDs via `deepseek_sessions`, then reuse a victim-controlled `session_id` in `deepseek_chat` to retr

thehackerwire@mastodon.social at 2026-07-10T05:01:33.000Z ##

🟠 CVE-2026-55604 - High (8.6)

DeepSeek MCP Server is an MCP server for DeepSeek V4. Starting in version 1.4.2 and prior to version 1.7.0, the process-global `SessionStore` accepts caller-supplied `session_id` values without binding them to any authenticated principal or transp...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-59151
(9.6 CRITICAL)

EPSS: 0.30%

updated 2026-07-10T19:20:15.180000

2 posts

Prowler is a cloud security platform. Prior to 5.30.3, Prowler's SAML authentication flow trusted the email domain asserted in a SAMLResponse when deciding which tenant should receive the final token, and the ACS finish logic in api/src/backend/api/v1/views.py recalculated the tenant from user.email instead of binding token issuance to the validated SAML configuration. An authenticated attacker wi

thehackerwire@mastodon.social at 2026-07-11T17:00:08.000Z ##

🔴 CVE-2026-59151 - Critical (9.6)

Prowler is a cloud security platform. Prior to 5.30.3, Prowler's SAML authentication flow trusted the email domain asserted in a SAMLResponse when deciding which tenant should receive the final token, and the ACS finish logic in api/src/backend/ap...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T17:00:08.000Z ##

🔴 CVE-2026-59151 - Critical (9.6)

Prowler is a cloud security platform. Prior to 5.30.3, Prowler's SAML authentication flow trusted the email domain asserted in a SAMLResponse when deciding which tenant should receive the final token, and the ACS finish logic in api/src/backend/ap...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33655
(7.7 HIGH)

EPSS: 0.44%

updated 2026-07-10T19:17:58.040000

1 posts

New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to 0.12.0-alpha.1, the default SSRF protection configuration did not apply IP filtering to hostnames; with ApplyIPFilterForDomain disabled by default, URL validation checked domain allow/block rules but did not resolve a hostname and validate the resolved IP address, allowing authenticate

thehackerwire@mastodon.social at 2026-07-10T03:01:15.000Z ##

🟠 CVE-2026-33655 - High (7.7)

New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to 0.12.0-alpha.1, the default SSRF protection configuration did not apply IP filtering to hostnames; with ApplyIPFilterForDomain disabl...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-59723
(8.8 HIGH)

EPSS: 0.14%

updated 2026-07-10T19:17:58.040000

1 posts

Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. Prior to 3.0.30, the Cline Hub dashboard server launched by the cline dashboard command accepts WebSocket connections on the /browser endpoint without validating the Origin header, and when ROOM_SECRET is unset for local 127.0.0.1 binds, isAuthorizedBrowserRequest() allows attacker-controlled websites to send desktopCo

thehackerwire@mastodon.social at 2026-07-09T04:00:38.000Z ##

🟠 CVE-2026-59723 - High (8.8)

Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. Prior to 3.0.30, the Cline Hub dashboard server launched by the cline dashboard command accepts WebSocket connections on the /browser endpoint without validating the O...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-54063
(7.5 HIGH)

EPSS: 0.57%

updated 2026-07-10T19:17:24.330000

2 posts

Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the checkSheet() function in github.com/xuri/excelize/v2 uses an attacker-controlled <row r="N"> XML attribute value directly as the length argument to make([]xlsxRow, row) without validating it against the Excel row limit (TotalRows = 1,048,576). A specially crafted XLSX file can trigger two d

thehackerwire@mastodon.social at 2026-07-11T20:00:06.000Z ##

🟠 CVE-2026-54063 - High (7.5)

Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the checkSheet() function in github.com/xuri/excelize/v2 uses an attacker-controlled XML attribute value directly as the length argument to m...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T20:00:06.000Z ##

🟠 CVE-2026-54063 - High (7.5)

Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the checkSheet() function in github.com/xuri/excelize/v2 uses an attacker-controlled XML attribute value directly as the length argument to m...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-51119
(9.1 CRITICAL)

EPSS: 0.38%

updated 2026-07-10T19:17:23.787000

2 posts

An issue in Invixium IXM WEB v.2.3.85.25 allows an attacker to escalate privileges via the /SystemUsers/CreateAppUser components

1 repos

https://github.com/A17-ba/CVE-2026-51119

thehackerwire@mastodon.social at 2026-07-11T20:59:52.000Z ##

🔴 CVE-2026-51119 - Critical (9.1)

An issue in Invixium IXM WEB v.2.3.85.25 allows an attacker to escalate privileges via the /SystemUsers/CreateAppUser components

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T20:59:52.000Z ##

🔴 CVE-2026-51119 - Critical (9.1)

An issue in Invixium IXM WEB v.2.3.85.25 allows an attacker to escalate privileges via the /SystemUsers/CreateAppUser components

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-39244
(7.5 HIGH)

EPSS: 0.43%

updated 2026-07-10T19:17:23.250000

2 posts

adm-zip before 0.5.18 is vulnerable to denial of service via a crafted ZIP file with a manipulated uncompressed size header field. In zipEntry.js line 103, Buffer.alloc(_centralHeader.size) allocates memory based on the declared uncompressed size from the ZIP central directory header without validating it against the actual compressed data size or imposing any upper bound. The size value is read d

thehackerwire@mastodon.social at 2026-07-11T20:00:17.000Z ##

🟠 CVE-2026-39244 - High (7.5)

adm-zip before 0.5.18 is vulnerable to denial of service via a crafted ZIP file with a manipulated uncompressed size header field. In zipEntry.js line 103, Buffer.alloc(_centralHeader.size) allocates memory based on the declared uncompressed size ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T20:00:17.000Z ##

🟠 CVE-2026-39244 - High (7.5)

adm-zip before 0.5.18 is vulnerable to denial of service via a crafted ZIP file with a manipulated uncompressed size header field. In zipEntry.js line 103, Buffer.alloc(_centralHeader.size) allocates memory based on the declared uncompressed size ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-70796
(7.5 HIGH)

EPSS: 0.56%

updated 2026-07-10T19:17:19.613000

2 posts

An unauthenticated path traversal vulnerability exists in the web management interface of WTI (Wireless Technology, Inc.) version 3.5.0.r 2024/05/24 00:00:00. An unauthenticated attacker can craft malicious HTTP requests containing traversal sequences to access files outside of the intended web root directory. This may allow disclosure of sensitive system files and configuration data

thehackerwire@mastodon.social at 2026-07-12T00:59:50.000Z ##

🟠 CVE-2025-70796 - High (7.5)

An unauthenticated path traversal vulnerability exists in the web management interface of WTI (Wireless Technology, Inc.) version 3.5.0.r 2024/05/24 00:00:00. An unauthenticated attacker can craft malicious HTTP requests containing traversal seque...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-12T00:59:50.000Z ##

🟠 CVE-2025-70796 - High (7.5)

An unauthenticated path traversal vulnerability exists in the web management interface of WTI (Wireless Technology, Inc.) version 3.5.0.r 2024/05/24 00:00:00. An unauthenticated attacker can craft malicious HTTP requests containing traversal seque...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-53657
(8.2 HIGH)

EPSS: 0.20%

updated 2026-07-10T19:10:59.333000

2 posts

Lima launches Linux virtual machines, typically on macOS, for running containerd. Prior to 2.1.3, on an instance of Lima running with the qemu driver, an arbitrary user in the VM could access /run/lima-guestagent.sock when the guest agent is enabled, which could result in running arbitrary commands with root privileges in the VM because the guest agent socket provides tunneling for arbitrary addre

thehackerwire@mastodon.social at 2026-07-11T21:00:01.000Z ##

🟠 CVE-2026-53657 - High (8.2)

Lima launches Linux virtual machines, typically on macOS, for running containerd. Prior to 2.1.3, on an instance of Lima running with the qemu driver, an arbitrary user in the VM could access /run/lima-guestagent.sock when the guest agent is enabl...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T21:00:01.000Z ##

🟠 CVE-2026-53657 - High (8.2)

Lima launches Linux virtual machines, typically on macOS, for running containerd. Prior to 2.1.3, on an instance of Lima running with the qemu driver, an arbitrary user in the VM could access /run/lima-guestagent.sock when the guest agent is enabl...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-59792
(9.6 CRITICAL)

EPSS: 0.42%

updated 2026-07-10T18:51:28.750000

2 posts

In JetBrains IntelliJ IDEA before 2026.1.4, 2026.2 code execution via path traversal in project workspace ID handling was possible

thehackerwire@mastodon.social at 2026-07-12T03:00:16.000Z ##

🔴 CVE-2026-59792 - Critical (9.6)

In JetBrains IntelliJ IDEA before 2026.1.4,
2026.2 code execution via path traversal in project workspace ID handling was possible

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-12T03:00:16.000Z ##

🔴 CVE-2026-59792 - Critical (9.6)

In JetBrains IntelliJ IDEA before 2026.1.4,
2026.2 code execution via path traversal in project workspace ID handling was possible

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-59793
(8.8 HIGH)

EPSS: 0.34%

updated 2026-07-10T18:49:40.900000

2 posts

In JetBrains TeamCity before 2026.1.2 arbitrary file access was possible via the Perforce VCS integration

thehackerwire@mastodon.social at 2026-07-12T05:59:57.000Z ##

🟠 CVE-2026-59793 - High (8.8)

In JetBrains TeamCity before 2026.1.2 arbitrary file access was possible via the Perforce VCS integration

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-12T05:59:57.000Z ##

🟠 CVE-2026-59793 - High (8.8)

In JetBrains TeamCity before 2026.1.2 arbitrary file access was possible via the Perforce VCS integration

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-60105
(8.6 HIGH)

EPSS: 0.31%

updated 2026-07-10T18:46:32.250000

1 posts

Monsta FTP before 2.14.5 contains a server-side request forgery vulnerability in the fetchRemoteFile action caused by an incomplete IP blocklist check in the isBlockedIP() function, which fails to detect embedded IPv4 addresses within IPv4-mapped IPv6 addresses. An unauthenticated attacker can obtain a CSRF token from the public getSystemVars endpoint and submit a fetchRemoteFile request with a so

thehackerwire@mastodon.social at 2026-07-08T22:00:53.000Z ##

🟠 CVE-2026-60105 - High (8.6)

Monsta FTP before 2.14.5 contains a server-side request forgery vulnerability in the fetchRemoteFile action caused by an incomplete IP blocklist check in the isBlockedIP() function, which fails to detect embedded IPv4 addresses within IPv4-mapped ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-12685
(7.5 HIGH)

EPSS: 0.22%

updated 2026-07-10T18:33:19

1 posts

The EscortWP escortwp WordPress theme through 3.6.2 was distributed with a vendor-authored, obfuscated backdoor that lets an unauthenticated attacker who supplies a hard-coded, per-build key permanently delete all of the site's content, and that covertly transmits the site URL, administrator email address, and license key to a third-party server.

offseq@infosec.exchange at 2026-07-10T07:30:26.000Z ##

CVE-2026-12685 | EscortWP ≤3.6.2: CRITICAL backdoor (CWE-912) enables unauthenticated data wipe & exfiltrates site/admin info via hard-coded key. No patch available — replace theme & monitor vendor. radar.offseq.com/threat/cve-20 #OffSeq #WordPress #Infosec #CVE2026_12685

##

CVE-2025-45422
(8.1 HIGH)

EPSS: 0.45%

updated 2026-07-10T18:33:14

1 posts

Incorrect access control in Proximus b-box v8c.725A allows authenticated attackers to bypass normal restrictions and make arbitrary changes to port forwarding rules.

1 repos

https://github.com/Cedrico03/CVE-2025-45422---Bbox

obivan@infosec.exchange at 2026-07-10T13:32:39.000Z ##

CVE-2025-45422: Proximus b-box UPnP Persistence & Access Control Bypass github.com/Cedrico03/CVE-2025-

##

CVE-2026-56291
(9.8 CRITICAL)

EPSS: 0.84%

updated 2026-07-10T18:33:13

5 posts

The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.

Matchbook3469@mastodon.social at 2026-07-10T23:37:01.000Z ##

🔴 New security advisory:

CVE-2026-56291 affects Balbooa Forms.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
yazoul.net/advisory/cve/cve-20

#InfoSec #VulnerabilityManagement #CyberSec

##

secdb@infosec.exchange at 2026-07-10T19:00:12.000Z ##

🚨 [CISA-2026:0710] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (secdb.nttzen.cloud/security-ad)

CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2026-48939 (secdb.nttzen.cloud/cve/detail/)
- Name: iCagenda Unrestricted Upload of File with Dangerous Type Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset&#39;s internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: iCagenda
- Product: iCagenda
- Notes: icagenda.com/#download ; BOD 26-04: cisa.gov/news-events/directive ; Forensics Triage Requirements: cisa.gov/news-events/directive ; nvd.nist.gov/vuln/detail/CVE-2

⚠️ CVE-2026-56291 (secdb.nttzen.cloud/cve/detail/)
- Name: Balbooa Forms Unrestricted Upload of File with Dangerous Type Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset&#39;s internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Balbooa
- Product: Forms
- Notes: balbooa.com/joomla-forms ; BOD 26-04: cisa.gov/news-events/directive ; Forensics Triage Requirements: cisa.gov/news-events/directive ; nvd.nist.gov/vuln/detail/CVE-2

#ZEN #SecDB #InfoSec #CVE #CISA_KEV #cisa_20260710 #cisa20260710 #cve_2026_48939 #cve_2026_56291 #cve202648939 #cve202656291

##

cisakevtracker@mastodon.social at 2026-07-10T18:00:48.000Z ##

CVE ID: CVE-2026-56291
Vendor: Balbooa
Product: Forms
Date Added: 2026-07-10
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

AAKL@infosec.exchange at 2026-07-10T17:21:04.000Z ##

CISA has added two vulnerabilities to the KEV catalogue.

- CVE-2026-48939: iCagenda Unrestricted Upload of File with Dangerous Type Vulnerability cve.org/CVERecord?id=CVE-2026-

- CVE-2026-56291: Balbooa Forms Unrestricted Upload of File with Dangerous Type Vulnerability cve.org/CVERecord?id=CVE-2026- #CISA #infosec #vulnerability

##

offseq@infosec.exchange at 2026-07-09T12:00:29.000Z ##

CVE-2026-56291 | CRITICAL: Balbooa Forms for Joomla (v1.0 – 2.4.0) allows unauthenticated RCE via arbitrary file upload (CWE-434). No patch yet. Disable or restrict access until fixed. radar.offseq.com/threat/cve-20 #OffSeq #Joomla #RCE #Vuln

##

CVE-2026-2397
(9.8 CRITICAL)

EPSS: 0.27%

updated 2026-07-10T18:32:31

2 posts

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Adam Retail Automation Ltd. MobilMen 20T allows SQL Injection. This issue affects MobilMen 20T: from v3 through 10072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

thehackerwire@mastodon.social at 2026-07-11T18:00:31.000Z ##

🔴 CVE-2026-2397 - Critical (9.8)

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Adam Retail Automation Ltd. MobilMen 20T allows SQL Injection.

This issue affects MobilMen 20T: from v3 through 10072026. NOTE: The vendor was ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T18:00:31.000Z ##

🔴 CVE-2026-2397 - Critical (9.8)

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Adam Retail Automation Ltd. MobilMen 20T allows SQL Injection.

This issue affects MobilMen 20T: from v3 through 10072026. NOTE: The vendor was ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-48939
(9.8 CRITICAL)

EPSS: 1.50%

updated 2026-07-10T18:32:03

3 posts

A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment feature, ultimately resulting in PHP code upload and execution.

2 repos

https://github.com/Polosss/By-Poloss..-..CVE-2026-48939

https://github.com/shinthink/CVE-2026-48939

secdb@infosec.exchange at 2026-07-10T19:00:12.000Z ##

🚨 [CISA-2026:0710] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (secdb.nttzen.cloud/security-ad)

CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2026-48939 (secdb.nttzen.cloud/cve/detail/)
- Name: iCagenda Unrestricted Upload of File with Dangerous Type Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset&#39;s internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: iCagenda
- Product: iCagenda
- Notes: icagenda.com/#download ; BOD 26-04: cisa.gov/news-events/directive ; Forensics Triage Requirements: cisa.gov/news-events/directive ; nvd.nist.gov/vuln/detail/CVE-2

⚠️ CVE-2026-56291 (secdb.nttzen.cloud/cve/detail/)
- Name: Balbooa Forms Unrestricted Upload of File with Dangerous Type Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset&#39;s internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Balbooa
- Product: Forms
- Notes: balbooa.com/joomla-forms ; BOD 26-04: cisa.gov/news-events/directive ; Forensics Triage Requirements: cisa.gov/news-events/directive ; nvd.nist.gov/vuln/detail/CVE-2

#ZEN #SecDB #InfoSec #CVE #CISA_KEV #cisa_20260710 #cisa20260710 #cve_2026_48939 #cve_2026_56291 #cve202648939 #cve202656291

##

cisakevtracker@mastodon.social at 2026-07-10T18:01:04.000Z ##

CVE ID: CVE-2026-48939
Vendor: iCagenda
Product: iCagenda
Date Added: 2026-07-10
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

AAKL@infosec.exchange at 2026-07-10T17:21:04.000Z ##

CISA has added two vulnerabilities to the KEV catalogue.

- CVE-2026-48939: iCagenda Unrestricted Upload of File with Dangerous Type Vulnerability cve.org/CVERecord?id=CVE-2026-

- CVE-2026-56291: Balbooa Forms Unrestricted Upload of File with Dangerous Type Vulnerability cve.org/CVERecord?id=CVE-2026- #CISA #infosec #vulnerability

##

CVE-2026-2398
(8.8 HIGH)

EPSS: 0.25%

updated 2026-07-10T18:16:20.733000

2 posts

Authorization bypass through User-Controlled key vulnerability in Adam Retail Automation Ltd. MobilMen 20T allows Privilege Escalation. This issue affects MobilMen 20T: from v3 through 10072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

1 repos

https://github.com/oscar-mine/CVE-2026-23980-Exploit

thehackerwire@mastodon.social at 2026-07-11T21:00:12.000Z ##

🟠 CVE-2026-2398 - High (8.8)

Authorization bypass through User-Controlled key vulnerability in Adam Retail Automation Ltd. MobilMen 20T allows Privilege Escalation.

This issue affects MobilMen 20T: from v3 through 10072026. NOTE: The vendor was contacted early about this di...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T21:00:12.000Z ##

🟠 CVE-2026-2398 - High (8.8)

Authorization bypass through User-Controlled key vulnerability in Adam Retail Automation Ltd. MobilMen 20T allows Privilege Escalation.

This issue affects MobilMen 20T: from v3 through 10072026. NOTE: The vendor was contacted early about this di...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-59796
(8.1 HIGH)

EPSS: 0.25%

updated 2026-07-10T18:01:31.563000

2 posts

In JetBrains TeamCity before 2026.1.2 pipeline modification was possible due to improper permission checks

thehackerwire@mastodon.social at 2026-07-12T06:00:25.000Z ##

🟠 CVE-2026-59796 - High (8.1)

In JetBrains TeamCity before 2026.1.2 pipeline modification was possible due to improper permission checks

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-12T06:00:25.000Z ##

🟠 CVE-2026-59796 - High (8.1)

In JetBrains TeamCity before 2026.1.2 pipeline modification was possible due to improper permission checks

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-59795
(8.1 HIGH)

EPSS: 0.27%

updated 2026-07-10T18:01:31.563000

2 posts

In JetBrains TeamCity before 2026.1.2 stored XSS via unauthenticated agent registration was possible

thehackerwire@mastodon.social at 2026-07-12T06:00:11.000Z ##

🟠 CVE-2026-59795 - High (8.1)

In JetBrains TeamCity before 2026.1.2 stored XSS via unauthenticated agent registration was possible

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-12T06:00:11.000Z ##

🟠 CVE-2026-59795 - High (8.1)

In JetBrains TeamCity before 2026.1.2 stored XSS via unauthenticated agent registration was possible

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33382
(7.5 HIGH)

EPSS: 0.38%

updated 2026-07-10T18:01:31.563000

1 posts

Several Grafana API endpoints, some of them unauthenticated, do not limit the size of the request body before processing it. An attacker can send very large payloads that force excessive memory allocation, potentially exhausting memory and causing a denial of service.

thehackerwire@mastodon.social at 2026-07-10T17:00:31.000Z ##

🟠 CVE-2026-33382 - High (7.5)

Several Grafana API endpoints, some of them unauthenticated, do not limit the size of the request body before processing it. An attacker can send very large payloads that force excessive memory allocation, potentially exhausting memory and causing...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-15143
(9.3 CRITICAL)

EPSS: 0.26%

updated 2026-07-10T17:49:57.737000

3 posts

A flaw was found in the file_type content detector of guardrails-detectors. This vulnerability allows a remote attacker to supply an arbitrary XML Schema Definition (XSD) string, which is processed without proper restrictions. This can lead to server-side requests to arbitrary URLs or local file reads, potentially resulting in sensitive information disclosure, such as cloud provider credentials or

thehackerwire@mastodon.social at 2026-07-12T01:00:00.000Z ##

🔴 CVE-2026-15143 - Critical (9.3)

A flaw was found in the file_type content detector of guardrails-detectors. This vulnerability allows a remote attacker to supply an arbitrary XML Schema Definition (XSD) string, which is processed without proper restrictions. This can lead to ser...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-12T01:00:00.000Z ##

🔴 CVE-2026-15143 - Critical (9.3)

A flaw was found in the file_type content detector of guardrails-detectors. This vulnerability allows a remote attacker to supply an arbitrary XML Schema Definition (XSD) string, which is processed without proper restrictions. This can lead to ser...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

nyanbinary@infosec.exchange at 2026-07-10T18:45:37.000Z ##

access.redhat.com/security/cve

A flaw was found in the file_type content detector of guardrails-detectors. This vulnerability allows a remote attacker to supply an arbitrary XML Schema Definition (XSD) string, which is processed without proper restrictions.

:neobot_giggle:

##

CVE-2026-15378
(9.3 CRITICAL)

EPSS: 0.42%

updated 2026-07-10T17:49:57.737000

2 posts

A flaw was found in the `guardrails-detectors` component. This vulnerability allows a remote attacker to perform a blind Server-Side Request Forgery (SSRF) by submitting a specially crafted XML Schema Definition (XSD) string. This can lead to unauthorized access to sensitive information, including credentials from cloud metadata services, Kubernetes API, internal MinIO, and other internal network

nyanbinary@infosec.exchange at 2026-07-10T18:53:22.000Z ##

(there is more, actually, lol access.redhat.com/security/cve )

##

offseq@infosec.exchange at 2026-07-10T10:30:25.000Z ##

Red Hat OpenShift AI hit by CRITICAL SSRF (CVE-2026-15378): guardrails-detectors flaw allows remote attackers to access cloud metadata, K8s API, and secrets via crafted XSD. Monitor for exploitation & restrict egress. radar.offseq.com/threat/cve-20 #OffSeq #CVE202615378 #RedHat #Infosec

##

CVE-2026-57026
(7.5 HIGH)

EPSS: 0.46%

updated 2026-07-10T17:49:57.737000

1 posts

An Improper Validation of Syntactic Correctness of Input vulnerability in the SIP plugin of Juniper Networks Junos OS on MX Series with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).If the SIP ALG is enabled on an affected device, the processing of a malformed SIP invite packet will cause a flow processing daemon (flowd) crash and restart.

thehackerwire@mastodon.social at 2026-07-10T05:01:21.000Z ##

🟠 CVE-2026-57026 - High (7.5)

An Improper Validation of Syntactic Correctness of Input vulnerability in the SIP plugin of Juniper Networks Junos OS on MX Series with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).If the...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-61437
(7.8 HIGH)

EPSS: 0.13%

updated 2026-07-10T17:41:47.303000

2 posts

PraisonAI (pip package praisonaiagents) before 1.6.78 contains an unsafe dynamic module loading vulnerability in AgentFlow._resolve_pydantic_class (src/praisonai-agents/praisonaiagents/workflows/workflows.py). When a workflow step uses a string output_pydantic reference, the framework locates and imports a sibling tools.py from the workflow file's directory via importlib exec_module without sandbo

thehackerwire@mastodon.social at 2026-07-12T02:59:55.000Z ##

🟠 CVE-2026-61437 - High (7.8)

PraisonAI (pip package praisonaiagents) before 1.6.78 contains an unsafe dynamic module loading vulnerability in AgentFlow._resolve_pydantic_class (src/praisonai-agents/praisonaiagents/workflows/workflows.py). When a workflow step uses a string ou...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-12T02:59:55.000Z ##

🟠 CVE-2026-61437 - High (7.8)

PraisonAI (pip package praisonaiagents) before 1.6.78 contains an unsafe dynamic module loading vulnerability in AgentFlow._resolve_pydantic_class (src/praisonai-agents/praisonaiagents/workflows/workflows.py). When a workflow step uses a string ou...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-61434
(8.8 HIGH)

EPSS: 0.58%

updated 2026-07-10T17:41:47.303000

2 posts

PraisonAI versions before 4.6.78 contain an allowlist bypass vulnerability in shell command execution that allows attackers to execute restricted commands via find's built-in -exec, -execdir, and -delete actions. Attackers can craft find commands with these built-in actions to read blocked files, delete files, or execute non-allowlisted binaries without triggering shell metacharacter filters.

thehackerwire@mastodon.social at 2026-07-12T01:00:11.000Z ##

🟠 CVE-2026-61434 - High (8.8)

PraisonAI versions before 4.6.78 contain an allowlist bypass vulnerability in shell command execution that allows attackers to execute restricted commands via find's built-in -exec, -execdir, and -delete actions. Attackers can craft find commands ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-12T01:00:11.000Z ##

🟠 CVE-2026-61434 - High (8.8)

PraisonAI versions before 4.6.78 contain an allowlist bypass vulnerability in shell command execution that allows attackers to execute restricted commands via find's built-in -exec, -execdir, and -delete actions. Attackers can craft find commands ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-56688
(9.1 CRITICAL)

EPSS: 1.29%

updated 2026-07-10T17:17:01.213000

1 posts

Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability during OS Repository processing to achieve arbitrary command execution as root, potentially leading to full appliance compromise and latera

offseq@infosec.exchange at 2026-07-10T13:30:28.000Z ##

Dell PowerFlex Manager <5.1.0.1 faces CRITICAL OS command injection (CVE-2026-56688, CVSS 9.1). High-priv attackers can execute root commands — full compromise risk. No patch yet. Limit admin remote access & monitor activity. radar.offseq.com/threat/cve-20 #OffSeq #Dell #Vuln #Infosec

##

CVE-2026-57589
(7.4 HIGH)

EPSS: 0.12%

updated 2026-07-10T16:39:52.480000

8 posts

sys/kern/sysv_sem.c in OpenBSD through 7.9 has a use-after-free allowing local privilege escalation to root. This is a context switch use-after-free after tsleep in sys_semget().

benoit@benoit.jp.net at 2026-07-09T10:48:05.000Z ##

OpenBSD has a use-after-free allowing local privilege escalation to root

nvd.nist.gov/vuln/detail/cve-2

##

hn100@social.lansky.name at 2026-07-08T16:05:10.000Z ##

OpenBSD has a use-after-free allowing local privilege escalation to root

Link: nvd.nist.gov/vuln/detail/cve-2
Discussion: news.ycombinator.com/item?id=4

##

newsycombinator@framapiaf.org at 2026-07-08T16:00:47.000Z ##

OpenBSD has a use-after-free allowing local privilege escalation to root
Link: nvd.nist.gov/vuln/detail/cve-2
Comments: news.ycombinator.com/item?id=4

##

hn50@social.lansky.name at 2026-07-08T15:25:07.000Z ##

OpenBSD has a use-after-free allowing local privilege escalation to root

Link: nvd.nist.gov/vuln/detail/cve-2
Discussion: news.ycombinator.com/item?id=4

##

hnbot@chrispelli.fun at 2026-07-08T14:48:47.000Z ##

OpenBSD has a use-after-free allowing local privilege escalation to root - nvd.nist.gov/vuln/detail/cve-2

#hackernews

##

ngate@mastodon.social at 2026-07-08T14:47:21.000Z ##

Oh, joy! 😒 A riveting tale of OpenBSD's latest "oopsie-daisy" moment, where users can magically escalate privileges—because who doesn't love a good #security blunder? Meanwhile, the article itself is a masterpiece of accessibility: blocked by Cloudflare like a bouncer at a club for nerds. 🕵️‍♂️🔒
nvd.nist.gov/vuln/detail/cve-2 #OpenBSD #Blunder #Accessibility #Issues #HackerNews #PrivilegeEscalation #HackerNews #ngated

##

h4ckernews@mastodon.social at 2026-07-08T14:47:16.000Z ##

OpenBSD has a use-after-free allowing local privilege escalation to root

nvd.nist.gov/vuln/detail/cve-2

Comments: news.ycombinator.com/item?id=4

#HackerNews #OpenBSD #UseAfterFree #PrivilegeEscalation #Cybersecurity #Vulnerability #CVE-2026-57589

##

CuratedHackerNews@mastodon.social at 2026-07-08T14:36:03.000Z ##

OpenBSD has a use-after-free allowing local privilege escalation to root

nvd.nist.gov/vuln/detail/cve-2

#gov #openbsd

##

CVE-2026-12597
(8.1 HIGH)

EPSS: 0.42%

updated 2026-07-10T16:16:25.080000

1 posts

The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via the GitHub OAuth callback in versions up to, and including, 6.2.3. The vulnerability exists in the loginpress_on_github_login() function, which blindly trusts the first element (profile[0]['email']) of the array returned by GitHub's /user/emails endpoint as an account-binding identifier without verifying that the em

thehackerwire@mastodon.social at 2026-07-10T01:59:48.000Z ##

🟠 CVE-2026-12597 - High (8.1)

The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via the GitHub OAuth callback in versions up to, and including, 6.2.3. The vulnerability exists in the loginpress_on_github_login() function, which blindly trusts the f...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-54003
(0 None)

EPSS: 0.55%

updated 2026-07-10T15:49:19.093000

1 posts

Kirby is an open-source content management system. Prior to 4.9.4 and from 5.4.4, Kirby sites with no configured user accounts that run on publicly accessible servers behind a reverse proxy setting the Forwarded, X-Client-IP, or X-Real-IP request header could allow remote attackers to install the Panel and create the first admin user because local-IP checks trusted those headers incorrectly. This

offseq@infosec.exchange at 2026-07-10T03:00:25.000Z ##

CVE-2026-54003 (CRITICAL, CVSS 9.1): getkirby Kirby CMS sites w/o users & behind certain reverse proxies risk remote admin creation via trusted IP headers. Upgrade to 4.9.4/5.4.4+ ASAP. More: radar.offseq.com/threat/cve-20 #OffSeq #Vulnerability #KirbyCMS #InfoSec

##

CVE-2026-54771
(8.1 HIGH)

EPSS: 0.39%

updated 2026-07-10T15:49:19.093000

1 posts

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.3, a Langroid application exposing a chat interface to untrusted users may allow direct tool invocation via raw JSON payloads, even when tools are registered with `use=False, handle=True`. Version 0.65.3 fixes the issue.

thehackerwire@mastodon.social at 2026-07-10T01:00:20.000Z ##

🟠 CVE-2026-54771 - High (8.1)

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.3, a Langroid application exposing a chat interface to untrusted users may allow direct tool invocation via raw JSON payloads, even when tools ar...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-54769
(10.0 CRITICAL)

EPSS: 0.91%

updated 2026-07-10T15:49:19.093000

1 posts

Langroid is a framework for building large-language-model-powered applications. Versions prior to 0.65.2 are vulnerable to a critical Sandbox Escape leading to Remote Code Execution (RCE) in its `TableChatAgent` and `VectorStore` capabilities. When these agents evaluate LLM-generated tool messages with `full_eval=True`, they attempt to sandbox the execution by explicitly setting `locals` to an emp

thehackerwire@mastodon.social at 2026-07-10T01:00:09.000Z ##

🔴 CVE-2026-54769 - Critical (10)

Langroid is a framework for building large-language-model-powered applications. Versions prior to 0.65.2 are vulnerable to a critical Sandbox Escape leading to Remote Code Execution (RCE) in its `TableChatAgent` and `VectorStore` capabilities. Whe...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-0288
(7.5 HIGH)

EPSS: 0.56%

updated 2026-07-10T15:45:17.463000

2 posts

Multiple buffer overflow vulnerabilities in the User-ID Terminal Server Agent (TSA) component of Palo Alto Networks PAN-OS software allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition or potentially execute arbitrary code by sending specially crafted network traffic. The security risk posed by this issue is minimized when the User-ID Terminal Server

DailyCyberSecurity@infosec.exchange at 2026-07-09T02:00:28.000Z ##

A PAN-OS buffer overflow, CVE-2026-0288, enables arbitrary code execution on Palo Alto firewalls. Patch now.

#PANOS #PaloAltoNetworks #BufferOverflow #ArbitraryCodeExecution #CVE #FirewallSecurity #PatchNow #InfoSec

securityonline.info/pan-os-cve

##

AAKL@infosec.exchange at 2026-07-08T16:15:21.000Z ##

Broadcom has a long list of advisories today, addressing at least two critical vulnerabilities support.broadcom.com/web/ecx/s

Palo Alto:

CRITICAL: CVE-2026-0288 PAN-OS: Buffer Overflow Vulnerabilities in User-ID Terminal Server Agent security.paloaltonetworks.com/

Dell: Security Update for Dell Networking Products for Multiple Vulnerabilities dell.com/support/kbdoc/en-us/0 #Broascom #infosec #vulnerability #Dell #Intel

##

CVE-2026-14894
(9.8 CRITICAL)

EPSS: 0.52%

updated 2026-07-10T15:43:30.330000

2 posts

The Super Forms – Drag & Drop Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 6.3.313 via the submit_form function. This is due to missing file type validation and the absence of any capability check on the submit_form nopriv AJAX handler, whose only barrier is a session nonce freely obtainable by unauthenticated visitors via a separat

1 repos

https://github.com/1beelze/CVE-2026-14894

thehackerwire@mastodon.social at 2026-07-10T04:59:59.000Z ##

🔴 CVE-2026-14894 - Critical (9.8)

The Super Forms – Drag & Drop Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 6.3.313 via the submit_form function. This is due to missing file type validation and the absence of any...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-07-10T04:30:25.000Z ##

CVE-2026-14894 (CRITICAL, CVSS 9.8): Arbitrary file upload in Super Forms – Drag & Drop Form Builder <=6.3.313 enables unauthenticated RCE. Restrict plugin use & monitor for uploads. Await vendor patch. radar.offseq.com/threat/cve-20 #OffSeq #WordPress #Infosec #Vulnerability

##

CVE-2026-41880(CVSS UNKNOWN)

EPSS: 1.33%

updated 2026-07-10T12:31:56

1 posts

R-SOFT DMS is vulnerable to OS Command Injection in the Optical Character Recognition (OCR) module. Multiple command execution functions accept user-controllable file paths without proper sanitization before passing them to the system shell via SSH. In current infrastructure the URL encoding neutralizes the injection during the standard web upload flow. An authenticated attacker who is able to tri

offseq@infosec.exchange at 2026-07-10T12:00:34.000Z ##

CVE-2026-41880 | CRITICAL OS Command Injection in R-SOFT SERWIS DMS OCR module. Authenticated users can execute root commands via crafted uploads. Patched in v3.19-2862/3.17-2580. Upgrade now: radar.offseq.com/threat/cve-20 #OffSeq #infosec #vulnerability #CVE202641880

##

CVE-2026-54423
(8.2 HIGH)

EPSS: 0.52%

updated 2026-07-10T09:31:36

1 posts

In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the send_raw step to send arbitrary IPMI commands to a node, bypassing Ironic's access control.

thehackerwire@mastodon.social at 2026-07-10T04:59:50.000Z ##

🟠 CVE-2026-54423 - High (8.2)

In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the send_raw step to send arbitrary IPMI commands to a node, bypassing Ironic's access control.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-15300
(9.1 CRITICAL)

EPSS: 0.35%

updated 2026-07-10T06:31:33

1 posts

The GEO my WP plugin for WordPress was vulnerable to SQL Injection via the 'distance', 'lat', and 'lng' parameters in versions up to, and including, 4.5.4. The values were read from $_SERVER['QUERY_STRING'] via parse_str() (bypassing wp_magic_quotes, which does not cover $_SERVER), then passed through bare esc_sql() before being interpolated into unquoted numeric positions in the proximity-search

offseq@infosec.exchange at 2026-07-10T06:00:25.000Z ##

SQL Injection vuln (CRITICAL, CVE-2026-15300) in GEO my WP <=4.5.4 lets attackers exploit 'distance', 'lat', 'lng' via query string. Upgrade to 4.5.5 for numeric validation & input casting. radar.offseq.com/threat/cve-20 #OffSeq #WordPress #Security #CVE202615300

##

CVE-2026-15070
(8.8 HIGH)

EPSS: 0.26%

updated 2026-07-10T06:31:28

1 posts

The Salon Booking System – Free Version plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 10.30.32. This is due to missing or incorrect nonce validation on the setCustomText function. This makes it possible for unauthenticated attackers to inject arbitrary PHP code into the web-accessible translate-constants.php file within the plugin directory,

thehackerwire@mastodon.social at 2026-07-10T05:00:11.000Z ##

🟠 CVE-2026-15070 - High (8.8)

The Salon Booking System – Free Version plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 10.30.32. This is due to missing or incorrect nonce validation on the setCustomText function. This mak...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-54782
(10.0 CRITICAL)

EPSS: 0.25%

updated 2026-07-10T05:16:37.520000

1 posts

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML 1.1 and SAML 2.0 token validation does not correctly resolve the issuer signing key or require signed tokens when IdentityConfiguration is used with federated bindings, allowing an unauthenticated remote attacker to impersonate any principal the trusted STS could iss

thehackerwire@mastodon.social at 2026-07-09T04:00:29.000Z ##

🔴 CVE-2026-54782 - Critical (10)

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML 1.1 and SAML 2.0 token validation does not correctly resolve the issuer signing key or require signed tokens when ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-46215
(7.8 HIGH)

EPSS: 0.13%

updated 2026-07-10T05:16:37.103000

1 posts

In the Linux kernel, the following vulnerability has been resolved: drm: Set old handle to NULL before prime swap in change_handle There was a potential race condition in change_handle. The ioctl briefly had a single object with two idr entries; a concurrent gem_close could delete the object and remove one of the handles while leaving the other one dangling, which could subsequently be dereferen

2 repos

https://github.com/bluedragonsecurity/CVE-2026-46215-EXPLOIT

https://github.com/0xCyberstan/CVE-2026-46215-POC

CVE-2026-15112
(8.8 HIGH)

EPSS: 0.26%

updated 2026-07-10T05:16:28.503000

1 posts

Use after free in Ozone in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

offseq@infosec.exchange at 2026-07-09T01:30:28.000Z ##

CVE-2026-15112: CRITICAL use-after-free in Chrome Ozone (<150.0.7871.115). Remote attackers could trigger heap corruption via crafted HTML. No exploits seen yet. Check vendor guidance: radar.offseq.com/threat/cve-20 #OffSeq #Chrome #Vuln #AppSec

##

CVE-2026-12598
(8.1 HIGH)

EPSS: 0.35%

updated 2026-07-10T00:31:34

1 posts

The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in versions up to and including 6.2.3 via the Spotify Social Login addon. This is due to the loginpress_on_spotify_login() function trusting the unverified 'email' field returned by Spotify's /v1/me endpoint and using it directly with get_user_by('email', $profile['email']) to identify and log in an existing WordPress a

thehackerwire@mastodon.social at 2026-07-10T01:59:58.000Z ##

🟠 CVE-2026-12598 - High (8.1)

The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in versions up to and including 6.2.3 via the Spotify Social Login addon. This is due to the loginpress_on_spotify_login() function trusting the unverified 'email' fiel...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-58123
(9.8 CRITICAL)

EPSS: 0.93%

updated 2026-07-10T00:31:34

2 posts

Hermes WebUI before 0.51.788 contains an unauthenticated remote code execution vulnerability that allows remote attackers to execute arbitrary shell commands by accessing the embedded terminal API endpoints without credentials. Attackers can create a session, attach a PTY shell, and write arbitrary commands through the terminal input endpoint to achieve full command execution as the server process

offseq@infosec.exchange at 2026-07-10T01:30:25.000Z ##

CVE-2026-58123 | CRITICAL RCE in nesquena hermes-webui <0.51.788: Unauthenticated attackers can execute arbitrary shell commands via terminal API in 4 HTTP requests. Restrict endpoint access until patch confirmed. radar.offseq.com/threat/cve-20 #OffSeq #RCE #infosec #CVE

##

thehackerwire@mastodon.social at 2026-07-09T23:01:33.000Z ##

🔴 CVE-2026-58123 - Critical (9.8)

Hermes WebUI before 0.51.788 contains an unauthenticated remote code execution vulnerability that allows remote attackers to execute arbitrary shell commands by accessing the embedded terminal API endpoints without credentials. Attackers can creat...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-12595
(8.1 HIGH)

EPSS: 0.35%

updated 2026-07-10T00:31:34

1 posts

The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via Unverified OAuth Email in all versions up to and including 6.2.3. The vulnerability exists in the loginpress_on_discord_login() Discord OAuth callback handler, which accepts the email field returned by Discord's /users/@me endpoint without ever checking that the profile's verified flag is true, then directly maps th

thehackerwire@mastodon.social at 2026-07-10T01:00:31.000Z ##

🟠 CVE-2026-12595 - High (8.1)

The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via Unverified OAuth Email in all versions up to and including 6.2.3. The vulnerability exists in the loginpress_on_discord_login() Discord OAuth callback handler, whic...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-57023
(7.5 HIGH)

EPSS: 0.46%

updated 2026-07-10T00:31:33

1 posts

An Improper Validation of Specified Quantity in Input vulnerability in the TCP proxy plugin of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an unauthenticated, network-based attacker to cause a complete Denial of Service (DoS). When TCP proxy is engaged in a flow session, to support ALGs, Advanced Anti-Malware, ICAP or UTM, a TCP packet with specifically malformed TCP h

thehackerwire@mastodon.social at 2026-07-10T05:01:09.000Z ##

🟠 CVE-2026-57023 - High (7.5)

An Improper Validation of Specified Quantity in Input vulnerability in the TCP proxy plugin of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an unauthenticated, network-based attacker to cause a complete Denial of Service...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-58143
(8.8 HIGH)

EPSS: 0.18%

updated 2026-07-10T00:31:33

1 posts

Cotonti Siena 0.9.26 and earlier contains a cross-site request forgery vulnerability that allows unauthenticated attackers to modify administrator configuration by tricking a logged-in administrator into submitting a forged POST request to the admin.php config update handler, which never invokes the application's CSRF validation function. Attackers can disable the PFS module's file extension white

thehackerwire@mastodon.social at 2026-07-09T23:01:43.000Z ##

🟠 CVE-2026-58143 - High (8.8)

Cotonti Siena 0.9.26 and earlier contains a cross-site request forgery vulnerability that allows unauthenticated attackers to modify administrator configuration by tricking a logged-in administrator into submitting a forged POST request to the adm...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-44825
(8.1 HIGH)

EPSS: 0.53%

updated 2026-07-09T20:59:06

1 posts

Hardcoded credentials in the Basic Authentication setup tool (bin/solr auth enable) in Apache Solr versions 9.4.0 through 9.10.1 and 10.0.0 allows a remote attacker to gain full administrative access to the cluster via publicly known default credentials installed silently alongside the user-specified account. As an immediate workaround without upgrading, delete the template users (superadmin, ad

2 repos

https://github.com/gagaltotal/CVE-2026-44825-Apache-Solr-Scanner

https://github.com/shinthink/solrradar

DarkWebInformer@infosec.exchange at 2026-07-09T19:09:07.000Z ##

💥 CVE-2026-44825: A scanner for Apache Solr instances that may be affected by CVE-2026-44825, related to Velocity Template Remote Code Execution (RCE) conditions.

GitHub: github.com/gagaltotal/CVE-2026

##

CVE-2026-47646
(9.3 CRITICAL)

EPSS: 0.27%

updated 2026-07-09T19:17:05.330000

1 posts

Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Customer Voice allows an unauthorized attacker to perform spoofing over a network.

thehackerwire@mastodon.social at 2026-07-09T04:00:19.000Z ##

🔴 CVE-2026-47646 - Critical (9.3)

Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Customer Voice allows an unauthorized attacker to perform spoofing over a network.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-58525
(8.2 HIGH)

EPSS: 0.36%

updated 2026-07-09T17:16:53.867000

1 posts

Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.

thehackerwire@mastodon.social at 2026-07-08T22:00:43.000Z ##

🟠 CVE-2026-58525 - High (8.2)

Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-60002
(7.7 HIGH)

EPSS: 0.26%

updated 2026-07-09T16:36:21.363000

1 posts

ssh in OpenSSH before 10.4 can have a use-after-free when a server changes its host key during a key re-exchange. (This outcome occurs only on the client side.)

DailyCyberSecurity@infosec.exchange at 2026-07-08T15:17:01.000Z ##

OpenSSH 10.4 ships eight security fixes, including a client use-after-free (CVE-2026-60002) plus SFTP and SCP path bugs. Update now.

#OpenSSH #SSH #UseAfterFree #CVE #InfoSec #CyberSecurity

securityonline.info/openssh-10

##

CVE-2026-14245
(9.8 CRITICAL)

EPSS: 0.59%

updated 2026-07-09T16:20:12.533000

1 posts

The miniOrange OTP Login, Verification and SMS Notifications plugin for WordPress is vulnerable to Authentication Bypass leading to Administrator Account Takeover in all versions up to, and including, 5.5.1. This is due to the `um_reset_password_process_hook()` function performing no server-side verification that the OTP validation step was completed, and relying solely on a public `form_nonce` no

offseq@infosec.exchange at 2026-07-09T09:00:26.000Z ##

CVE-2026-14245: CRITICAL vuln in miniOrange OTP Login ≤5.5.1. Auth bypass allows admin takeover if Ultimate Member Password Reset Form is enabled. Disable that integration or enforce phone-only reset until patched. radar.offseq.com/threat/cve-20 #OffSeq #WordPress #Infosec #Vuln

##

CVE-2026-13698
(7.5 HIGH)

EPSS: 0.55%

updated 2026-07-09T13:05:30.767000

1 posts

A memory leak in OpenVPN version 2.5.0 through 2.5.11, 2.6.0 through 2.6.20 and 2.7_alpha1 through 2.7.4 allows remote attackers with a valid tls-crypt-v2 client key to potentially cause a denial of service

cryptostorm@infosec.exchange at 2026-07-10T13:32:09.000Z ##

v4.01 of our Windows client is at cryptostorm.is/windows#widget

See attached for client-side fixes.

Servers were updated to OpenVPN 2.7.5 on the 2nd, and v4.01 bundles 2.7.5, so we're good on CVE-2026-12996, CVE-2026-13117, CVE-2026-12932, and CVE-2026-13698.

##

CVE-2026-15128
(6.1 MEDIUM)

EPSS: 0.14%

updated 2026-07-09T12:31:30

1 posts

Inappropriate implementation in Forms in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: High)

offseq@infosec.exchange at 2026-07-09T06:00:29.000Z ##

CVE-2026-15128 (HIGH): Google Chrome <150.0.7871.115 vulnerable to remote UXSS via crafted HTML. Patch available — update now to block script injection. Details: radar.offseq.com/threat/cve-20 #OffSeq #Chrome #Vuln #PatchTuesday #InfoSec

##

CVE-2026-15130
(4.3 MEDIUM)

EPSS: 0.17%

updated 2026-07-09T12:31:30

1 posts

Insufficient policy enforcement in Navigation in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: High)

offseq@infosec.exchange at 2026-07-09T04:30:26.000Z ##

CVE-2026-15130 (HIGH): Chrome <150.0.7871.115 has an insufficient policy enforcement bug, letting remote attackers bypass site isolation with crafted HTML. No exploits reported. Check radar.offseq.com/threat/cve-20 for updates. #OffSeq #Chrome #BrowserSecurity #Vulnerability

##

CVE-2026-15129
(8.8 HIGH)

EPSS: 0.22%

updated 2026-07-09T12:31:30

1 posts

Use after free in Views in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

offseq@infosec.exchange at 2026-07-09T00:00:37.000Z ##

Google Chrome <150.0.7871.115 impacted by CRITICAL CVE-2026-15129 (use-after-free in Views). Remote code execution possible via malicious HTML. Patch status not confirmed — monitor advisory: radar.offseq.com/threat/cve-20 #OffSeq #Chrome #Infosec #CVE202615129

##

CVE-2026-9253
(7.2 HIGH)

EPSS: 0.20%

updated 2026-07-09T12:30:35

1 posts

The WP Cost Estimation & Payment Forms Builder (E&P Forms) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'customerInfos' parameter in all versions up to, and including, 10.5.97 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesse

offseq@infosec.exchange at 2026-07-09T13:30:50.000Z ##

CVE-2026-9253: WP Cost Estimation & Payment Forms Builder ≤10.5.97 has a HIGH severity stored XSS via 'customerInfos'. Unauthenticated attackers can inject scripts. Patch status unconfirmed — restrict plugin use for now. radar.offseq.com/threat/cve-20 #OffSeq #WordPress #Vuln #XSS

##

CVE-2026-46242
(7.8 HIGH)

EPSS: 0.12%

updated 2026-07-09T03:33:50

2 posts

In the Linux kernel, the following vulnerability has been resolved: eventpoll: fix ep_remove struct eventpoll / struct file UAF ep_remove() (via ep_remove_file()) cleared file->f_ep under file->f_lock but then kept using @file inside the critical section (is_file_epoll(), hlist_del_rcu() through the head, spin_unlock). A concurrent __fput() taking the eventpoll_release() fastpath in that window

3 repos

https://github.com/0xBlackash/CVE-2026-46242

https://github.com/SaithFranklinB/ScannerBadEpoll

https://github.com/Baba01hacker666/CVE-2026-46242

jschauma@mstdn.social at 2026-07-08T20:49:14.000Z ##

Here's your weekly batch of Linux local privilege escalation vulnerabilities:

CVE-2026-43499 "GhostLock"
nebusec.ai/research/ionstack-p

CVE-2026-46242 "Bad Epoll"
github.com/J-jaeyoung/bad-epoll

Enjoy! ✌️

##

netsecio@mastodon.social at 2026-07-08T14:52:58.000Z ##

📰 New 'Bad Epoll' Linux Kernel Zero-Day (CVE-2026-46242) Grants Full Root Access

🚨 CRITICAL ZERO-DAY: 'Bad Epoll' (CVE-2026-46242) in Linux Kernel allows any local user to gain full root access. The use-after-free bug affects servers, desktops & Android. PoC exists. Patch immediately! 🐧💥 #Linux #CyberSecurity #ZeroDay #Infosec

🌐 cyber[.]netsecops[.]io

🔗 cyber.netsecops.io/articles/ba

##

CVE-2026-43499
(7.8 HIGH)

EPSS: 0.12%

updated 2026-07-09T00:32:11

6 posts

In the Linux kernel, the following vulnerability has been resolved: rtmutex: Use waiter::task instead of current in remove_waiter() remove_waiter() is used by the slowlock paths, but it is also used for proxy-lock rollback in rt_mutex_start_proxy_lock() when invoked from futex_requeue(). In the latter case waiter::task is not current, but remove_waiter() operates on current for the dequeue oper

7 repos

https://github.com/inforcqb/CVE-2026-43499-pja110

https://github.com/pubglite55/oppo-ghostlock

https://github.com/0xBlackash/CVE-2026-43499

https://github.com/caspy123/CVE-2026-43499

https://github.com/tc3650/CVE-2026-43499-armv7

https://github.com/HORKimhab/CVE-2026-43499

https://github.com/MobiusM/CVE-2026-43499

cyberveille@mastobot.ping.moi at 2026-07-11T16:00:21.000Z ##

📢 GhostLock (CVE-2026-43499) : stack-UAF dans le noyau Linux depuis 15 ans, exploit stable à 97%
📝 ## 🔍 Contexte

Publié le 7 juillet 2026 par Nebula Security (nebusec.ai), cet article de recherche détaille **GhostLock (CVE-2026-43499)...
📖 cyberveille : cyberveille.ch/posts/2026-07-1
🌐 source : nebusec.ai/research/ionstack-p
#CVE_2026_43499 #GhostLock #Cyberveille

##

autobrain@arram.senta-la.cloud at 2026-07-10T14:23:23.000Z ##

Postei no BR-Linux to avisando, e é sobre bug novo/velho.

VULNERABILIDADE GHOSTLOCK PERMITE QUE USUÁRIOS LOCAIS VIREM ROOT

A vulnerabilidade CVE-2026-43499, batizada de GhostLock, é um bug de sincronização divulgado esta semana, que ficou oculto por 15 anos no kernel Linux, e expõe a acesso root por usuários locais.

br-linux.org/2026/01/vulnerabi

##

schwerdtfegr.wordpress.com@schwerdtfegr.wordpress.com at 2026-07-10T12:46:19.000Z ##

Aber linux ist doch sicherer als windohs

Eine seit 2011 bestehende Schwachstelle im Linux-Kernel sorgt gerade für Aufsehen: CVE-2026-43499, von Sicherheitsforschern »GhostLock« getauft, steckt im rtmutex/futex-Subsystem und lässt sich mit hoher Zuverlässigkeit zur Rechteausweitung missbrauchen […] Der Bug betrifft praktisch jede Linux-Distribution der letzten 15 Jahre, ein funktionierender Root-Exploit mit rund 97 % Erfolgsquote kursiert bereits, und ein Proof-of-Concept ist öffentlich auf GitHub einsehbar. Zusätzlich lässt sich damit auch aus Containern ausbrechen – für Docker- und Kubernetes-Hosts also doppelt relevant

Huj, fuffzehn jahre alt. Der kleine verkacker im kernel ist ja fast volljährig geworden, bis ihn mal jemand bemerkt hat… und etwas im kontäjhner laufenzulassen, ist auch kein schutz.

Spielt eure sicherheitsaktualisierungen ein!

#Epic #Fail #Link #Linux #Linuxnews #Security ##

StevenSaus@faithcollapsing.com at 2026-07-10T01:31:05.000Z ##

15-Year-Old Linux Kernel GhostLock Flaw Lets Local Users Gain Root

CVE-2026-43499, dubbed GhostLock by Nebula Security, exposes a long-standing Linux kernel futex bug that can lead to local root access.

#kernel #linux-&-open-source-news #software #vulnerability
linuxiac.com/15-year-old-linux

##

guru@thecybersecguru.com at 2026-07-09T04:50:52.000Z ##

GhostLock (CVE-2026-43499): a fifteen-year-old rtmutex bug just handed root to anyone with a shell

GhostLock (CVE-2026-43499) is a 15-year rtmutex use-after-free giving root to any local Linux user. Full technical breakdown of the exploit chain

thecybersecguru.com/news/ghost

##

jschauma@mstdn.social at 2026-07-08T20:49:14.000Z ##

Here's your weekly batch of Linux local privilege escalation vulnerabilities:

CVE-2026-43499 "GhostLock"
nebusec.ai/research/ionstack-p

CVE-2026-46242 "Bad Epoll"
github.com/J-jaeyoung/bad-epoll

Enjoy! ✌️

##

CVE-2026-6896
(8.7 HIGH)

EPSS: 0.28%

updated 2026-07-08T21:30:42

2 posts

GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to execute arbitrary scripts in another user's browser session due to improper sanitization of user-supplied input.

DailyCyberSecurity@infosec.exchange at 2026-07-09T02:15:41.000Z ##

The GitLab patch release fixes 8 flaws, including a high-severity cross-site scripting bug (CVE-2026-6896). Update to 19.1.2 now.

#GitLab #GitLabSecurity #XSS #CrossSiteScripting #CVE #DevSecOps #PatchNow #InfoSec

securityonline.info/gitlab-pat

##

thehackerwire@mastodon.social at 2026-07-08T22:00:32.000Z ##

🟠 CVE-2026-6896 - High (8.7)

GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to exec...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-11405
(9.8 CRITICAL)

EPSS: 0.67%

updated 2026-07-08T15:32:52

5 posts

The web server binary /bin/httpd contains a hidden backdoor authentication mechanism in the login() function at 004c88b8. - The function contains a normal authentication path using MD5/hash-based password verification (prod_encode64/PasswordToMd5/check_rand_key). - After normal authentication fails, it calls GetValue("sys.rzadmin.password") to read a backdoor password from the device configuratio

1 repos

https://github.com/HORKimhab/CVE-2026-11405

cyberveille@mastobot.ping.moi at 2026-07-11T17:00:21.000Z ##

📢 Backdoor d'authentification cachée dans plusieurs firmwares Tenda (CVE-2026-11405)
📝 ## 🔍 Contexte

Le CERT/CC (Carnegie Mellon University) a publié le 6 juillet 2026 la note de vulnérabilité **VU#213560** concernant la découverte d'une **backdoor d'authent...
📖 cyberveille : cyberveille.ch/posts/2026-07-1
🌐 source : kb.cert.org/vuls/id/213560
#CVE_2026_11405 #IOC #Cyberveille

##

cyberveille@mastobot.ping.moi at 2026-07-11T17:00:21.000Z ##

📢 Backdoor d'authentification cachée dans plusieurs firmwares Tenda (CVE-2026-11405)
📝 ## 🔍 Contexte

Le CERT/CC (Carnegie Mellon University) a publié le 6 juillet 2026 la note de vulnérabilité **VU#213560** concernant la découverte d'une **backdoor d'authent...
📖 cyberveille : cyberveille.ch/posts/2026-07-1
🌐 source : kb.cert.org/vuls/id/213560
#CVE_2026_11405 #IOC #Cyberveille

##

beyondmachines1@infosec.exchange at 2026-07-10T12:01:43.000Z ##

Tenda Routers Contain Undocumented Authentication Backdoor

Tenda routers contain a hardcoded authentication backdoor (CVE-2026-11405) that allows attackers to gain full administrative control by bypassing standard login credentials. The vulnerability is not patched, and the vendor has not yet responded to the disclosure.

**If you use Tenda routers check your firmware version. If it's one of FH1201, W15E, AC10, AC5, AC6, immediately disable remote web management interface or at least isolate it from the internet. Only manage the device from your trusted local network. Since this backdoor is built into the firmware and Tenda has not released a fix, if there is no patch plan to replace these routers soon. As an extra step, change LAN IP address from the default to make them harder for attackers to find.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

beyondmachines1@infosec.exchange at 2026-07-10T10:01:43.000Z ##

CERT/CC Warns of Unpatched Admin Backdoor in Tenda Router Firmware

CERT/CC warned that several Tenda firmware versions contain an undocumented authentication backdoor that can give attackers administrative access to affected devices. The flaw, tracked as CVE-2026-11405, remains unpatched and could allow attackers to modify device settings, disable security features, or take full control of the device.

**Check your network for affected Tenda devices and reduce exposure immediately. No patch is available, so disable remote web management, block untrusted access to the router’s web interface, and change the default LAN IP address to reduce discovery by automated scanners.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

tomshardware@mastodon.online at 2026-07-08T15:49:05.000Z ##

Hidden backdoor in Tenda routers goes unpatched as company ignores warnings from cybersecurity researchers — Chinese company's firmware allows admin access without a password

CERT/CC has disclosed a critical authentication backdoor affecting multiple Tenda router firmware versions. Tracked as CVE-2026-11405, the flaw grants full administrator access without valid credentials, and no vendor patch is currently available after CERT failed to reach Tenda.
#hardware
tomshardware.com/tech-industry

##

CVE-2026-11903
(8.0 HIGH)

EPSS: 0.23%

updated 2026-07-08T15:32:13

1 posts

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Progress MOVEit Transfer (Ad Hoc module). This issue affects MOVEit Transfer: from 2026.0.0 before 2026.0.1, from 2025.1.0 before 2025.1.4, from 2025.0.0 before 2025.0.8.

CVE-2026-59706
(9.3 CRITICAL)

EPSS: 0.26%

updated 2026-07-08T15:28:15.630000

1 posts

mem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and allow server-side request forgery via attacker-controlled ollama_base_url parameter. Unauthenticated attackers can retrieve stored secrets like OpenAI API keys via GET /api/v1/config/ or trigger SSRF attacks by setting ollama_base_url to internal addresses like cloud IMDS via PUT /api/v1/config/mem0/llm en

cR0w@infosec.exchange at 2026-07-09T13:31:54.000Z ##

I keep hearing how AI and LLMs are the future but they sure keep feeling like shitty applications from 20 years ago.

nvd.nist.gov/vuln/detail/CVE-2

mem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and allow server-side request forgery via attacker-controlled ollama_base_url parameter. Unauthenticated attackers can retrieve stored secrets like OpenAI API keys via GET /api/v1/config/ or trigger SSRF attacks by setting ollama_base_url to internal addresses like cloud IMDS via PUT /api/v1/config/mem0/llm endpoint.

##

CVE-2026-56290
(9.8 CRITICAL)

EPSS: 2.91%

updated 2026-07-08T13:37:08.977000

4 posts

The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.

3 repos

https://github.com/shinthink/pbck-exploit

https://github.com/Jenderal92/CVE-2026-56290

https://github.com/sagsooz/PageBuilderCK-CVE-2026-56290-Exploit

thecybermind at 2026-07-11T12:14:27.847Z ##

Critical Alert: Joomlack Page Builder CVE-2026-56290 allows unauthenticated attackers to upload PHP web shells and achieve full RCE. Protect your Joomla site now with our forensic deep-dive, detection queries, and hardening protocols. Don’t wait—patch today. thecybermind.co/6r3l

##

thecybermind@infosec.exchange at 2026-07-11T12:14:27.000Z ##

Critical Alert: Joomlack Page Builder CVE-2026-56290 allows unauthenticated attackers to upload PHP web shells and achieve full RCE. Protect your Joomla site now with our forensic deep-dive, detection queries, and hardening protocols. Don’t wait—patch today. thecybermind.co/6r3l

#CyberSecurity #Joomlack #InfoSec

##

thecybermind@infosec.exchange at 2026-07-10T20:33:50.000Z ##

Critical Alert: Joomlack Page Builder CVE-2026-56290 allows for unauthorized access control bypasses. Secure your perimeter now with our latest forensic deep-dive, featuring detection queries and hardening protocols. Don’t wait for the breach—patch today

thecybermind.co/w06o

##

thecybermind@infosec.exchange at 2026-07-10T17:29:31.000Z ##

Critical alert for Adobe ColdFusion users: CVE-2026-56290 allows for potential RCE. Our latest forensic deep-dive breaks down the technical impact and provides the hardening steps you need to secure your production environment. Don't wait for the breach—patch today.

thecybermind.co/2026/07/10/cve

##

CVE-2026-55255
(8.4 HIGH)

EPSS: 0.47%

updated 2026-07-07T22:14:37

4 posts

## Summary Insecure Direct Object Reference (IDOR) vulnerability in `/api/v1/responses` endpoint allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in the request. ## Details The vulnerability exists in the `get_flow_by_id_or_endpoint_name` helper function in [`src/backend/base/langflow/helpers/flow.py` (lines 399-414)](https://gith

1 repos

https://github.com/rootdirective-sec/CVE-2026-55255-Lab

thecybermind at 2026-07-11T07:37:42.169Z ##

Executive Alert: Langflow CVE-2026-55255 allows unauthorized flow execution, compromising tenant isolation. Our latest CSUITE Brief details the strategic remediation and hardening protocols required to secure your enterprise environment. Protect your perimeter today. thecybermind.co/4dix

##

thecybermind@infosec.exchange at 2026-07-11T07:37:42.000Z ##

Executive Alert: Langflow CVE-2026-55255 allows unauthorized flow execution, compromising tenant isolation. Our latest CSUITE Brief details the strategic remediation and hardening protocols required to secure your enterprise environment. Protect your perimeter today. thecybermind.co/4dix

#CyberSecurity #Langflow

##

thecybermind@infosec.exchange at 2026-07-10T22:55:39.000Z ##

Alert: Langflow CVE-2026-55255 allows authenticated attackers to execute arbitrary flows by manipulating flow IDs. Secure your tenant isolation now with our latest forensic deep-dive, featuring detection queries and hardening protocols. thecybermind.co/4912

#CyberSecurity #Langflow

##

youranonnewsirc@nerdculture.de at 2026-07-09T04:26:24.000Z ##

Here's a summary of the latest geopolitical, technology, and cybersecurity news from the last 24 hours:

Geopolitical tensions escalate as the US conducted strikes on Iran, defying an earlier ceasefire agreement. In technology, Apple lost its appeal against the EU's Digital Markets Act, maintaining its "gatekeeper" designation. Cybersecurity concerns rise with CISA warning of active exploitation of the Langflow vulnerability (CVE-2026-55255) for credential harvesting, and Accenture confirming a data breach involving alleged source code theft. Additionally, a new "ghost phishing" technique, using encrypted HTML, has been observed bypassing traditional email security.

#AnonNews_irc #Cybersecurity #News

##

CVE-2026-48282
(10.0 CRITICAL)

EPSS: 28.58%

updated 2026-07-07T21:32:33

6 posts

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.

Nuclei template

2 repos

https://github.com/imbas007/CVE-2026-48282

https://github.com/g0thamRabb1t/CVE-2026-48282-coldfusion-rds-detection

netsecio@mastodon.social at 2026-07-11T17:45:56.000Z ##

📰 Patch Now: Critical Adobe ColdFusion RCE Flaw (CVE-2026-48282) Under Active Exploitation

🚨 CRITICAL FLAW: Adobe ColdFusion vulnerability (CVE-2026-48282) with a 9.8 CVSS score is being actively exploited. Unauthenticated RCE allows full server takeover. Patch immediately! #Adobe #ColdFusion #CyberSecurity #RCE

🌐 cyber[.]netsecops[.]io

🔗 cyber.netsecops.io/articles/cr

##

thecybermind at 2026-07-11T13:56:20.461Z ##

Executive Alert: Adobe ColdFusion CVE-2026-48282 allows path traversal attacks, creating significant security gaps. Our latest CSUITE Brief details the governance and hardening required to protect your enterprise. thecybermind.co/t3pk

##

thecybermind@infosec.exchange at 2026-07-11T13:56:20.000Z ##

Executive Alert: Adobe ColdFusion CVE-2026-48282 allows path traversal attacks, creating significant security gaps. Our latest CSUITE Brief details the governance and hardening required to protect your enterprise. thecybermind.co/t3pk

#CyberSecurity #ColdFusion #InfoSec #BoardGovernance

##

thecybermind@infosec.exchange at 2026-07-10T17:29:31.000Z ##

Critical alert for Adobe ColdFusion users: CVE-2026-56290 allows for potential RCE. Our latest forensic deep-dive breaks down the technical impact and provides the hardening steps you need to secure your production environment. Don't wait for the breach—patch today.

thecybermind.co/2026/07/10/cve

##

hackmag@infosec.exchange at 2026-07-09T20:30:03.000Z ##

⚪️ Critical Adobe ColdFusion bug already exploited in attacks

🗨️ Attackers began exploiting a fresh vulnerability in Adobe ColdFusion (CVE-2026-48282) about two hours after information about it was published. The developers fixed the issue last week and strongly recommended that administrators install the updates as soon as possible. The CVE-2026-48282…

🔗 hackmag.com/news/adobe-coldfus

#news

##

thecybermind@infosec.exchange at 2026-07-09T09:49:38.000Z ##

⚠️ Actively Exploited: CVE-2026-48282 (CVSS 10.0) in Adobe ColdFusion. CISA KEV deadline is July 10. We just dropped the paywall on our TS-MAN runbook. Get the exact Splunk, Sentinel, and CrowdStrike queries to hunt this unauthenticated RCE right now. 👇
thecybermind.co/1m24

##

CVE-2026-24014
(9.8 CRITICAL)

EPSS: 0.51%

updated 2026-07-07T17:49:04.433000

2 posts

Apache IoTDB DataNode’s internal RPC interface for creating Trigger instances uses the uploaded Trigger JAR name to build a file path without sufficient validation. If the internal DataNode RPC port is exposed to an untrusted network, an attacker may use path traversal sequences in the JAR name to write files outside the intended Trigger installation directory. This could allow arbitrary file writ

DailyCyberSecurity at 2026-07-11T01:37:57.431Z ##

Three Apache IoTDB vulnerabilities include a critical path traversal (CVE-2026-24014) and an authentication bypass. Upgrade to 2.0.8 now.

securityonline.info/apache-iot

##

DailyCyberSecurity@infosec.exchange at 2026-07-11T01:37:57.000Z ##

Three Apache IoTDB vulnerabilities include a critical path traversal (CVE-2026-24014) and an authentication bypass. Upgrade to 2.0.8 now.

#ApacheIoTDB #PathTraversal #AuthBypass #CVE #IoTSecurity #InfoSec

securityonline.info/apache-iot

##

CVE-2026-55500
(9.9 CRITICAL)

EPSS: 0.69%

updated 2026-07-06T21:37:49

1 posts

## Summary The `/api/settings/database` endpoint allows full database export (containing all credentials, API keys, OAuth tokens, and settings) and full database import (complete overwrite) without any authentication requirement beyond the `ALWAYS_PROTECTED` middleware check, which only validates JWT or CLI token. Combined with other vulnerabilities (e.g., default password, tunnel exposure), this

thehackerwire@mastodon.social at 2026-07-10T17:00:11.000Z ##

🔴 CVE-2026-55500 - Critical (9.9)

9Router is an AI router & token saver. Prior to 0.4.80, the /api/settings/database endpoint allows full database export (containing all credentials, API keys, OAuth tokens, and settings) and full database import (complete overwrite) without any au...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-53359(CVSS UNKNOWN)

EPSS: 0.18%

updated 2026-07-06T21:30:34

1 posts

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix shadow paging use-after-free due to unexpected role Commit 0cb2af2ea66ad ("KVM: x86: Fix shadow paging use-after-free due to unexpected GFN") fixed a shadow paging mismatch between stored and computed GFNs; the bug could be triggered by changing a PDE mapping from outside the guest, and then deleting a memslot. Th

5 repos

https://github.com/chuzhongyun/CVE-2026-53359-Kernel-Fix

https://github.com/xj2268-TA/KVM-Januscape

https://github.com/Aoripus-LTD/Januscape-Hotfix

https://github.com/0xBlackash/CVE-2026-53359

https://github.com/HORKimhab/CVE-2026-53359

cedric@fosstodon.org at 2026-07-10T17:53:33.000Z ##

🆕 Vulnerability-Lookup now imports Microsoft CSAF VEX documents from MSRC — joining the Red Hat VEX feed as a vendor VEX enrichment source.

Per-CVE VEX statements (product status, severity) are attached directly to CVE records, visible on the vulnerability page and via the API with the full CSAF documents.

Example with both Red Hat and Microsoft VEX:
vulnerability.circl.lu/vuln/CV

#VEX #CSAF #VulnerabilityManagement #CVE #OpenSource

##

CVE-2026-13753
(7.5 HIGH)

EPSS: 0.27%

updated 2026-07-06T20:16:29.737000

1 posts

A missing authorization vulnerability exists in the embedded webserver of HP Deskjet 2800 Series Printers running firmware version <=TBP1CN2612AR. An unauthenticated attacker with network access can send GET requests to multiple exposed administrative API endpoints and retrieve sensitive configuration data such as plaintext Wi‑Fi Direct credentials, unique device identity information, and other ad

DailyCyberSecurity@infosec.exchange at 2026-07-10T08:55:33.000Z ##

CVE-2026-13753 exposes a missing authorization vulnerability in HP Deskjet 2800 printers. Unauthenticated attackers can extract sensitive Wi-Fi credentials.

#CVE202613753 #HPDeskjet #CyberSecurity #Vulnerability #PrinterSecurity

securityonline.info/cve-2026-1

##

CVE-2026-13768
(10.0 CRITICAL)

EPSS: 0.56%

updated 2026-07-06T19:42:32.890000

1 posts

Gardyn devices expose a privileged iothubowner key. Access to this key will allow a malicious user to invoke an IoTHub Registry Manager function which returns connection information for all Gardyn Home Kit and Studio devices. Access to this key also allows a malicious user to execute arbitrary commands on a specific connected device and may allow the malicious user to pivot to other devices on the

2 repos

https://github.com/MichaelAdamGroberman/CVE-2026-13768

https://github.com/J4ck3LSyN-Gen2/CVE-2026-13768

CVE-2026-14544
(9.8 CRITICAL)

EPSS: 0.51%

updated 2026-07-03T09:31:35

1 posts

A flaw was found in HPLIP (HP Linux Imaging and Printing Software). This vulnerability, an incomplete fix for CVE-2026-8631, may allow a remote attacker to escalate privileges or achieve arbitrary code execution. This can occur through an integer overflow in the hpcups processing path when handling specially crafted print data.

DailyCyberSecurity@infosec.exchange at 2026-07-09T06:06:47.000Z ##

A critical HPLIP vulnerability, CVE-2026-14544 (CVSS 9.8), lets a remote attacker gain arbitrary code execution via crafted print data. Patch now.

#HPLIP #LinuxSecurity #RCE #CVE #hpcups #CyberSecurity #Vulnerability #InfoSec

securityonline.info/hplip-vuln

##

CVE-2026-31694
(7.8 HIGH)

EPSS: 0.13%

updated 2026-07-02T15:16:59.813000

1 posts

In the Linux kernel, the following vulnerability has been resolved: fuse: reject oversized dirents in page cache fuse_add_dirent_to_cache() computes a serialized dirent size from the server-controlled namelen field and copies the dirent into a single page-cache page. The existing logic only checks whether the dirent fits in the remaining space of the current page and advances to a fresh page if

1 repos

https://github.com/0xCyberstan/CVE-2026-31694-POC

DailyCyberSecurity@infosec.exchange at 2026-07-10T08:02:48.000Z ##

Public PoC and full details are out for CVE-2026-31694, a Linux kernel FUSE page cache overflow that gives local privilege escalation to root. Patch now.

#LinuxKernel #FUSE #CVE202631694 #PrivilegeEscalation #InfoSec

securityonline.info/linux-kern

##

CVE-2026-23537
(9.1 CRITICAL)

EPSS: 0.57%

updated 2026-07-02T12:32:04

1 posts

A vulnerability has been identified in the Feast Feature Server’s `/save-document` endpoint that allows an unauthenticated remote attacker to write arbitrary JSON files to the server's filesystem. Although the system attempts to restrict file locations, these protections can be bypassed, enabling an attacker to overwrite vital application configurations or startup scripts. Because this flaw requir

DailyCyberSecurity@infosec.exchange at 2026-07-09T13:34:38.000Z ##

A critical Feast Feature Server flaw (CVE-2026-23537) lets unauthenticated attackers perform arbitrary file write and risk remote code execution. Act now.

#Feast #FeatureStore #MachineLearning #ArbitraryFileWrite #RCE #CVE202623537 #CyberSecurity

securityonline.info/feast-feat

##

CVE-2026-8451
(7.5 HIGH)

EPSS: 0.50%

updated 2026-07-01T18:31:24

1 posts

Insufficient input validation in NetScaler ADC and NetScaler Gateway leading to memory overread if NetScaler ADC or NetScaler Gateway is configured as a SAML IDP

5 repos

https://github.com/watchtowrlabs/watchTowr-vs-Netscaler-CVE-2026-8451

https://github.com/0xBlackash/CVE-2026-8451

https://github.com/attarwahyup/Netscaler-CVE-2026-8451

https://github.com/derekpreston81/CVE_ADC_IOC_2026

https://github.com/amnsecurity/CVE-2026-8451-CitrixBleed

CVE-2026-41719
(6.4 MEDIUM)

EPSS: 0.20%

updated 2026-06-30T22:16:54.697000

1 posts

A SpEL Injection vulnerability exists in the Spring Data KeyValue if unsanitized user input is passed as Sort into a repository query method that delegates evaluation to the SpelPropertyComparator. Affected versions: Spring Data KeyValue / Spring Data Redis 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14; 3.3.0 through 3.3.16; 3.2.0 through 3.2.15; 3.1.0 through 3.1.14; 3.0.0 thro

nurkiewicz@fosstodon.org at 2026-07-10T14:39:10.000Z ##

A decade of #Spring SpEL CVEs: CVE-2026-41852, CVE-2026-41851, CVE-2026-41850, CVE-2026-41849, CVE-2026-41729, CVE-2026-41719, CVE-2026-41717, CVE-2025-41253, CVE-2024-38808, CVE-2023-20861, CVE-2022-22980, CVE-2022-22963, CVE-2022-22950, CVE-2022-22947, CVE-2018-1273, CVE-2018-1260, CVE-2017-8046, CVE-2016-4977. RCE, DoS, you name it

##

CVE-2026-41852
(3.7 LOW)

EPSS: 0.16%

updated 2026-06-27T21:16:30.530000

1 posts

A vulnerability in Spring Expression Language (SpEL) evaluation logic allows for arbitrary zero-argument method invocation, even within restricted or read-only contexts, which may allow an attacker to invoke unintended application logic. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.

nurkiewicz@fosstodon.org at 2026-07-10T14:39:10.000Z ##

A decade of #Spring SpEL CVEs: CVE-2026-41852, CVE-2026-41851, CVE-2026-41850, CVE-2026-41849, CVE-2026-41729, CVE-2026-41719, CVE-2026-41717, CVE-2025-41253, CVE-2024-38808, CVE-2023-20861, CVE-2022-22980, CVE-2022-22963, CVE-2022-22950, CVE-2022-22947, CVE-2018-1273, CVE-2018-1260, CVE-2017-8046, CVE-2016-4977. RCE, DoS, you name it

##

CVE-2026-41851
(5.3 MEDIUM)

EPSS: 0.36%

updated 2026-06-27T21:16:30.420000

1 posts

Applications which accept user-supplied Spring Expression Language (SpEL) expressions may be vulnerable to a Denial of Service (DoS) attack if the evaluation of a SpEL expression triggers unbounded cache growth. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.

nurkiewicz@fosstodon.org at 2026-07-10T14:39:10.000Z ##

A decade of #Spring SpEL CVEs: CVE-2026-41852, CVE-2026-41851, CVE-2026-41850, CVE-2026-41849, CVE-2026-41729, CVE-2026-41719, CVE-2026-41717, CVE-2025-41253, CVE-2024-38808, CVE-2023-20861, CVE-2022-22980, CVE-2022-22963, CVE-2022-22950, CVE-2022-22947, CVE-2018-1273, CVE-2018-1260, CVE-2017-8046, CVE-2016-4977. RCE, DoS, you name it

##

CVE-2026-41850
(7.5 HIGH)

EPSS: 0.36%

updated 2026-06-27T21:16:30.313000

1 posts

Applications that evaluate user-supplied Spring Expression Language (SpEL) expressions are vulnerable to an Algorithmic Denial of Service (DoS). By providing a specially crafted expression, an attacker can trigger excessive resource consumption during evaluation, leading to application degradation or unavailability. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.

nurkiewicz@fosstodon.org at 2026-07-10T14:39:10.000Z ##

A decade of #Spring SpEL CVEs: CVE-2026-41852, CVE-2026-41851, CVE-2026-41850, CVE-2026-41849, CVE-2026-41729, CVE-2026-41719, CVE-2026-41717, CVE-2025-41253, CVE-2024-38808, CVE-2023-20861, CVE-2022-22980, CVE-2022-22963, CVE-2022-22950, CVE-2022-22947, CVE-2018-1273, CVE-2018-1260, CVE-2017-8046, CVE-2016-4977. RCE, DoS, you name it

##

CVE-2026-54329
(8.5 HIGH)

EPSS: 0.39%

updated 2026-06-23T23:12:05

2 posts

### Impact A cross-tenant data injection vulnerability was identified in the Snipe-IT Accessories API when Full Multiple Companies Support (FMCS) is enabled. A low-privileged authenticated user belonging to one company can create an accessory record under another company by supplying a foreign company_id value in the API request body. The issue occurs because the API create path mass-assigns requ

thehackerwire@mastodon.social at 2026-07-11T17:00:31.000Z ##

🟠 CVE-2026-54329 - High (8.5)

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the Accessories API create path mass-assigns request parameters to the Accessory model while company_id is mass assignable, allowing a low-privileged authenticated user in one comp...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T17:00:31.000Z ##

🟠 CVE-2026-54329 - High (8.5)

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the Accessories API create path mass-assigns request parameters to the Accessory model while company_id is mass assignable, allowing a low-privileged authenticated user in one comp...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41729
(8.1 HIGH)

EPSS: 0.39%

updated 2026-06-22T12:10:33.533000

1 posts

Spring Data REST is vulnerable to SpEL expression injection through map-typed properties when processing JSON Patch (application/json-patch+json) requests. When a persistent entity exposes a Map-typed property, the JSON Pointer path segment used as the map key is embedded directly into a SpEL expression without sanitization or validation. Affected versions: Spring Data REST 3.7.0 through 3.7.19;

1 repos

https://github.com/daehyuh/CVE-2026-41729

nurkiewicz@fosstodon.org at 2026-07-10T14:39:10.000Z ##

A decade of #Spring SpEL CVEs: CVE-2026-41852, CVE-2026-41851, CVE-2026-41850, CVE-2026-41849, CVE-2026-41729, CVE-2026-41719, CVE-2026-41717, CVE-2025-41253, CVE-2024-38808, CVE-2023-20861, CVE-2022-22980, CVE-2022-22963, CVE-2022-22950, CVE-2022-22947, CVE-2018-1273, CVE-2018-1260, CVE-2017-8046, CVE-2016-4977. RCE, DoS, you name it

##

CVE-2026-54527(CVSS UNKNOWN)

EPSS: 0.28%

updated 2026-06-19T19:36:06

1 posts

Overview Amazon Web Services (AWS) Security has identified a stored cross-site scripting (XSS) issue in the jupyterlab-git JupyterLab extension that can lead to remote code execution (RCE). The issue exists in the PlainTextDiff.ts component, where the createHeader() method passes Git filenames directly to innerHTML without sanitization when rendering diffs for renamed files in commit history. Thi

offseq@infosec.exchange at 2026-07-09T03:00:28.000Z ##

CVE-2026-54527: CRITICAL XSS in jupyterlab-git (<0.54.0). Malicious Git filenames can execute JavaScript when viewed in the Git History tab — risking session hijack & data theft. Upgrade to 0.54.0+ ASAP. radar.offseq.com/threat/cve-20 #OffSeq #XSS #jupyterlab #security

##

CVE-2026-55229
(7.5 HIGH)

EPSS: 0.36%

updated 2026-06-18T13:04:55

2 posts

**Summary** Server-Side Request Forgery (SSRF) vulnerability affecting the `/forms/libreoffice/convert` endpoint in Gotenberg v8.33.0 running with the default configuration. By uploading a specially crafted DOCX document, an attacker can cause LibreOffice to automatically retrieve external resources during document conversion. As a result, outbound requests are made from the server hosting Gote

thehackerwire@mastodon.social at 2026-07-11T13:00:25.000Z ##

🟠 CVE-2026-55229 - High (7.5)

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.34.0, Gotenberg's /forms/libreoffice/convert endpoint allows a specially crafted document to cause LibreOffice to automatically retrieve external HTTP(S) resources and local fil...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T13:00:25.000Z ##

🟠 CVE-2026-55229 - High (7.5)

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.34.0, Gotenberg's /forms/libreoffice/convert endpoint allows a specially crafted document to cause LibreOffice to automatically retrieve external HTTP(S) resources and local fil...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-55405
(7.6 HIGH)

EPSS: 0.35%

updated 2026-06-17T18:39:57

2 posts

### Summary The MariaDB and pgvector embedding stores build metadata-filter SQL by string-concatenating filter **keys** (and, in MariaDB, string **values**) directly into the query without adequate escaping. A crafted metadata key in `EmbeddingSearchRequest.filter()` can break out of its SQL context and inject arbitrary SQL into the statements executed by the stores' search and `removeAll(Filter)`

thehackerwire@mastodon.social at 2026-07-11T13:59:54.000Z ##

🟠 CVE-2026-55405 - High (7.6)

LangChain4j is a Java library for building LLM-powered applications on the JVM. Prior to 1.2.1-beta8, 1.5.1-beta11, 1.11.8-beta19, and 1.16.3-beta26, the MariaDB and pgvector embedding stores build metadata-filter SQL by string-concatenating filt...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T13:59:54.000Z ##

🟠 CVE-2026-55405 - High (7.6)

LangChain4j is a Java library for building LLM-powered applications on the JVM. Prior to 1.2.1-beta8, 1.5.1-beta11, 1.11.8-beta19, and 1.16.3-beta26, the MariaDB and pgvector embedding stores build metadata-filter SQL by string-concatenating filt...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33697
(7.5 HIGH)

EPSS: 0.06%

updated 2026-06-17T10:37:56.487000

1 posts

Cocos AI is a confidential computing system for AI. The current implementation of attested TLS (aTLS) in CoCoS is vulnerable to a relay attack affecting all versions from v0.4.0 through v0.8.2. This vulnerability is present in both the AMD SEV-SNP and Intel TDX deployment targets supported by CoCoS. In the affected design, an attacker may be able to extract the ephemeral TLS private key used durin

CVE-2025-41253
(7.5 HIGH)

EPSS: 0.43%

updated 2026-06-17T09:22:40.703000

1 posts

The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An application should be considered vulnerable when all the following are true: * The application is using Spring Cloud Gateway Server Webflux (Spring Cloud Gateway Server WebMVC is not vulnerable). * An admin or untrusted third

nurkiewicz@fosstodon.org at 2026-07-10T14:39:10.000Z ##

A decade of #Spring SpEL CVEs: CVE-2026-41852, CVE-2026-41851, CVE-2026-41850, CVE-2026-41849, CVE-2026-41729, CVE-2026-41719, CVE-2026-41717, CVE-2025-41253, CVE-2024-38808, CVE-2023-20861, CVE-2022-22980, CVE-2022-22963, CVE-2022-22950, CVE-2022-22947, CVE-2018-1273, CVE-2018-1260, CVE-2017-8046, CVE-2016-4977. RCE, DoS, you name it

##

CVE-2024-38808
(4.3 MEDIUM)

EPSS: 0.54%

updated 2026-06-17T07:41:05.140000

1 posts

In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition. Specifically, an application is vulnerable when the following is true: * The application evaluates user-supplied SpEL expressions.

nurkiewicz@fosstodon.org at 2026-07-10T14:39:10.000Z ##

A decade of #Spring SpEL CVEs: CVE-2026-41852, CVE-2026-41851, CVE-2026-41850, CVE-2026-41849, CVE-2026-41729, CVE-2026-41719, CVE-2026-41717, CVE-2025-41253, CVE-2024-38808, CVE-2023-20861, CVE-2022-22980, CVE-2022-22963, CVE-2022-22950, CVE-2022-22947, CVE-2018-1273, CVE-2018-1260, CVE-2017-8046, CVE-2016-4977. RCE, DoS, you name it

##

CVE-2023-20861
(6.5 MEDIUM)

EPSS: 0.97%

updated 2026-06-17T05:31:02.403000

1 posts

In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.

nurkiewicz@fosstodon.org at 2026-07-10T14:39:10.000Z ##

A decade of #Spring SpEL CVEs: CVE-2026-41852, CVE-2026-41851, CVE-2026-41850, CVE-2026-41849, CVE-2026-41729, CVE-2026-41719, CVE-2026-41717, CVE-2025-41253, CVE-2024-38808, CVE-2023-20861, CVE-2022-22980, CVE-2022-22963, CVE-2022-22950, CVE-2022-22947, CVE-2018-1273, CVE-2018-1260, CVE-2017-8046, CVE-2016-4977. RCE, DoS, you name it

##

CVE-2016-4977
(8.8 HIGH)

EPSS: 79.18%

updated 2026-06-17T00:48:32.683000

1 posts

When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for response_type.

Nuclei template

2 repos

https://github.com/tpt11fb/SpringVulScan

https://github.com/N0b1e6/CVE-2016-4977-POC

nurkiewicz@fosstodon.org at 2026-07-10T14:39:10.000Z ##

A decade of #Spring SpEL CVEs: CVE-2026-41852, CVE-2026-41851, CVE-2026-41850, CVE-2026-41849, CVE-2026-41729, CVE-2026-41719, CVE-2026-41717, CVE-2025-41253, CVE-2024-38808, CVE-2023-20861, CVE-2022-22980, CVE-2022-22963, CVE-2022-22950, CVE-2022-22947, CVE-2018-1273, CVE-2018-1260, CVE-2017-8046, CVE-2016-4977. RCE, DoS, you name it

##

CVE-2026-50656
(7.8 HIGH)

EPSS: 3.39%

updated 2026-06-16T21:31:57

3 posts

Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender publicly referred to as &quot;RoguePlanet &quot;. We are working to provide a high quality security update that addresses this vulnerability. We will provide information in this CVE when the update is available.

2 repos

https://github.com/0xBlackash/CVE-2026-50656

https://github.com/g0thamRabb1t/CVE-2026-50656-rogueplanet-validation

jbhall56@infosec.exchange at 2026-07-09T12:24:14.000Z ##

The vulnerability, tracked as CVE-2026-50656 (CVSS score: 7.8), is a privilege escalation issue in the Microsoft Malware Protection Engine ("mpengine.dll"), which provides scanning, detection, and cleaning capabilities for its antivirus and antispyware software. thehackernews.com/2026/07/micr

##

DailyCyberSecurity@infosec.exchange at 2026-07-09T09:33:44.000Z ##

Microsoft patched the RoguePlanet Microsoft Defender zero-day, CVE-2026-50656, a race condition that grants SYSTEM privileges. A public PoC exists.

#MicrosoftDefender #RoguePlanet #ZeroDay #CVE #PrivilegeEscalation #Windows #InfoSec #PatchNow

securityonline.info/rogueplane

##

cyberveille@mastobot.ping.moi at 2026-07-09T09:30:12.000Z ##

📢 Microsoft corrige la zero-day RoguePlanet (CVE-2026-50656) dans Microsoft Defender
📝 ## 🗓️ Contexte

Source : BleepingComputer, publié le 9 juillet 2026.
📖 cyberveille : cyberveille.ch/posts/2026-07-0
🌐 source : bleepingcomputer.com/news/micr
#CVE_2026_50656 #IOC #Cyberveille

##

CVE-2026-48611
(9.8 CRITICAL)

EPSS: 2.86%

updated 2026-06-12T06:33:21

1 posts

Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or enabled leading to unauthorized access in default installations.

Nuclei template

3 repos

https://github.com/citruscitruscitruscitruscitrusci/CVE-2026-48611-poc

https://github.com/wanmywan/CVE-2026-48611-phpBB

https://github.com/Diznev/CVE-2026-48611-EXPLOIT

pentesttools@infosec.exchange at 2026-07-09T14:32:07.000Z ##

Here we go. Product updates - the June edition.

This month your coverage got a LOT wider.

80 new detections landed in the Network Scanner, including pre-auth RCE in Oracle PeopleSoft and an auth bypass in Palo Alto PAN-OS. If any are in your scope, you know where to look.

The rest of June:

🌐 Our research team found two authentication flaws in phpBB, one buried in the code for over a decade. There's a working PoC for each, and the Network Scanner now detects the most critical one - CVE-2026-48611 (9.4).

🤖 AI where it earns its place in the Website Scanner and URL Fuzzer: smarter logins, deeper crawling, fewer fake 200 pages.

🎯 the XSS Exploiter now gives you two delivery options: script tag or fetch plus eval.

🔌 API: a new info_text key on /scans tells you why a scan didn't start.

☁️ We're now on the Microsoft Azure Marketplace, so you can add us to your existing Azure billing.

Our colleague Stefan Perju walks you through all of it in the video.

Until next time: stay sharp. Stay human.

Everything that shipped can be found in the change-log: pentest-tools.com/change-log

The phpBB PoCs and full write-up: pentest-tools.com/research/php

#offensivesecurity #vulnerabilitymanagement #infosec #penetrationtesting

##

CVE-2026-41717
(8.1 HIGH)

EPSS: 0.33%

updated 2026-06-10T00:31:59

1 posts

Spring Data MongoDB contains a SpEL (Spring Expression Language) expression injection vulnerability. The issue occurs during parameter binding when a user-defined repository query method is annotated with @Query and utilizes a capture-all placeholder. Affected versions: Spring Data MongoDB 5.0.0 through 5.0.5; 4.5.0 through 4.5.11; 4.4.0 through 4.4.14; 4.3.0 through 4.3.16; 4.2.0 through 4.2.15;

nurkiewicz@fosstodon.org at 2026-07-10T14:39:10.000Z ##

A decade of #Spring SpEL CVEs: CVE-2026-41852, CVE-2026-41851, CVE-2026-41850, CVE-2026-41849, CVE-2026-41729, CVE-2026-41719, CVE-2026-41717, CVE-2025-41253, CVE-2024-38808, CVE-2023-20861, CVE-2022-22980, CVE-2022-22963, CVE-2022-22950, CVE-2022-22947, CVE-2018-1273, CVE-2018-1260, CVE-2017-8046, CVE-2016-4977. RCE, DoS, you name it

##

CVE-2026-47291
(9.8 CRITICAL)

EPSS: 21.51%

updated 2026-06-09T18:30:58

5 posts

Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.

2 repos

https://github.com/dhmosfunk/CVE-2026-49160-CVE-2026-47291-HTTP.sys

https://github.com/ManagerEmpty/CVE-2026-47291-httpsys

thezdi@infosec.exchange at 2026-07-10T14:05:00.000Z ##

Our research team is back looking at CVE-2026-47291 - a CVSS 9.8 RCE bug in #Windows HTTP.sys. They show root cause and look at why detection may be just as hard as exploitation. zerodayinitiative.com/blog/202

##

thezdi@infosec.exchange at 2026-07-10T00:44:21.000Z ##

Our research team is back looking at CVE-2026-47291 - a CVSS 9.8 RCE bug in #Windows HTTP.sys. They show root cause and look at why detection may be just as hard as exploitation. zerodayinitiative.com/blog/202

##

thezdi@infosec.exchange at 2026-07-10T00:44:08.000Z ##

Our research team is back looking at CVE-2026-47291 - a CVSS 9.8 RCE bug in #Windows HTTP.sys. They show root cause and look at why detection may be just as hard as exploitation. zerodayinitiative.com/blog/202

##

thezdi@infosec.exchange at 2026-07-10T00:44:02.000Z ##

Our research team is back looking at CVE-2026-47291 - a CVSS 9.8 RCE bug in #Windows HTTP.sys. They show root cause and look at why detection may be just as hard as exploitation. zerodayinitiative.com/blog/202

##

thezdi@infosec.exchange at 2026-07-10T00:43:54.000Z ##

Our research team is back looking at CVE-2026-47291 - a CVSS 9.8 RCE bug in #Windows HTTP.sys. They show root cause and look at why detection may be just as hard as exploitation. zerodayinitiative.com/blog/202

##

CVE-2026-41849
(7.5 HIGH)

EPSS: 0.26%

updated 2026-06-09T06:32:06

1 posts

An integer overflow vulnerability exists in the evaluation logic of the Spring Expression Language (SpEL). An attacker can exploit this by supplying a specially crafted SpEL expression that triggers excessive resource consumption, resulting in a Denial of Service (DoS). Affected versions: Spring Framework 5.3.0 through 5.3.48.

nurkiewicz@fosstodon.org at 2026-07-10T14:39:10.000Z ##

A decade of #Spring SpEL CVEs: CVE-2026-41852, CVE-2026-41851, CVE-2026-41850, CVE-2026-41849, CVE-2026-41729, CVE-2026-41719, CVE-2026-41717, CVE-2025-41253, CVE-2024-38808, CVE-2023-20861, CVE-2022-22980, CVE-2022-22963, CVE-2022-22950, CVE-2022-22947, CVE-2018-1273, CVE-2018-1260, CVE-2017-8046, CVE-2016-4977. RCE, DoS, you name it

##

CVE-2026-1207(CVSS UNKNOWN)

EPSS: 9.44%

updated 2026-06-05T16:24:43

2 posts

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. Raster lookups on ``RasterField`` (only implemented on PostGIS) allows remote attackers to inject SQL via the band index parameter. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Tarek Nakkouch for reporting this issu

Nuclei template

1 repos

https://github.com/sw0rd1ight/CVE-2026-1207

netsecio@mastodon.social at 2026-07-11T17:45:46.000Z ##

📰 Patch Now: High-Severity Django SQL Injection Flaw (CVE-2026-1207) Now Actively Exploited

⚠️ Active Exploitation Alert: A high-severity SQL injection flaw in Django's GeoDjango module (CVE-2026-1207) is now being attacked in the wild. Affects apps using a PostGIS backend. Patch immediately to protect your database! #Django #CyberSecurity ...

🌐 cyber[.]netsecops[.]io

🔗 cyber.netsecops.io/articles/dj

##

DailyCyberSecurity@infosec.exchange at 2026-07-10T02:57:10.000Z ##

CVE-2026-1207 is a Django SQL injection flaw (CVSS 8.3) in PostGIS raster lookups. Canada's CCCS says it is exploited in the wild. Patch now.

#Django #SQLInjection #CVE20261207 #PostGIS #InfoSec

securityonline.info/django-sql

##

CVE-2026-38431
(9.8 CRITICAL)

EPSS: 0.39%

updated 2026-05-06T18:31:37

1 posts

ERPNext v15.103.1 and before is vulnerable to Server-Side Template Injection (SSTI). An attacker with permission to create or edit email templates can inject template expressions that are executed on the server when the template is rendered.

beyondmachines1@infosec.exchange at 2026-07-10T13:01:43.000Z ##

ERPNext Patches Critical Server-Side Template Injection Vulnerability

ERPNext addressed a critical server-side template injection vulnerability (CVE-2026-38431) that allows authenticated attackers to execute arbitrary SQL queries and gain full access to the application database.

**If you run ERPNext, update immediately to a version later than 15.103.1. Until you've updated, remove email template editing rights from every account that doesn't absolutely need them. After patching keep those rights limited to a few highly trusted admins only.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

CVE-2025-49113
(9.9 CRITICAL)

EPSS: 94.74%

updated 2026-02-20T21:48:11

1 posts

Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.

Nuclei template

23 repos

https://github.com/hackmelocal/CVE-2025-49113-Simulation

https://github.com/Zuack55/Roundcube-1.6.10-Post-Auth-RCE-CVE-2025-49113-

https://github.com/BiiTts/Roundcube-CVE-2025-49113

https://github.com/punitdarji/roundcube-cve-2025-49113

https://github.com/SyFi/CVE-2025-49113

https://github.com/rasool13x/exploit-CVE-2025-49113

https://github.com/hakaioffsec/CVE-2025-49113-exploit

https://github.com/AC8999/CVE-2025-49113

https://github.com/Ademking/CVE-2025-49113-nuclei-template

https://github.com/SteamPunk424/CVE-2025-49113-Roundcube-RCE-PHP

https://github.com/Zwique/CVE-2025-49113

https://github.com/CyberQuestor-infosec/CVE-2025-49113-Roundcube_1.6.10

https://github.com/00xCanelo/CVE-2025-49113

https://github.com/fearsoff-org/CVE-2025-49113

https://github.com/Joelp03/CVE-2025-49113

https://github.com/Evillm/CVE-2025-49113-PoC

https://github.com/LeakForge/CVE-2025-49113

https://github.com/rippsec/CVE-2025-49113-Roundcube-RCE

https://github.com/rxerium/CVE-2025-49113

https://github.com/ankitpandey383/roundcube-cve-2025-49113-lab

https://github.com/mooder1/CVE-2025-49113

https://github.com/l4f2s4/CVE-2025-49113_exploit_cookies

https://github.com/5kr1pt/Roundcube_CVE-2025-49113

threatnoir@infosec.exchange at 2026-07-09T00:07:03.000Z ##

⚠️ CRITICAL: Suspected China-Aligned Hackers Exploit Roundcube Flaws Against Universities

China-aligned group UNK_MassTraction is actively exploiting critical Roundcube vulnerabilities (CVE-2024-42009, CVE-2025-49113) to target physics and engineering departments at U.S. and Canadian universities. Attackers are stealing credentials and deploying web shells for persistent access. If your…

threatnoir.com/focus

#infosec #cybersecurity

##

CVE-2025-3248(CVSS UNKNOWN)

EPSS: 99.99%

updated 2025-11-05T20:12:46

1 posts

Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.

Nuclei template

27 repos

https://github.com/Vip3rLi0n/CVE-2025-3248

https://github.com/Kiraly07/Demo_CVE-2025-3248

https://github.com/peiqiF4ck/WebFrameworkTools-5.5-enhance

https://github.com/bambooqj/cve-2025-3248

https://github.com/min8282/CVE-2025-3248

https://github.com/drackyjr/cve-2025-3248-exploit

https://github.com/b0ySie7e/CVE-2025-3248-POC

https://github.com/EQSTLab/CVE-2025-3248

https://github.com/dennisec/Mass-CVE-2025-3248

https://github.com/vigilante-1337/CVE-2025-3248

https://github.com/ynsmroztas/CVE-2025-3248-Langflow-RCE

https://github.com/xuemian168/CVE-2025-3248

https://github.com/dennisec/CVE-2025-3248

https://github.com/0-d3y/langflow-rce-exploit

https://github.com/12-test-12/CVE-2025-3248

https://github.com/PuddinCat/CVE-2025-3248-POC

https://github.com/imbas007/CVE-2025-3248

https://github.com/0xgh057r3c0n/CVE-2025-3248

https://github.com/wand3rlust/CVE-2025-3248

https://github.com/Praison001/CVE-2025-3248

https://github.com/zapstiko/CVE-2025-3248

https://github.com/verylazytech/CVE-2025-3248

https://github.com/ill-deed/Langflow-CVE-2025-3248-Multi-target

https://github.com/r0otk3r/CVE-2025-3248

https://github.com/nebari-playground/langflow-cve-2025-3248

https://github.com/get-xor/coreweave-demo-2026-05

https://github.com/tiemio/RCE-CVE-2025-3248

DailyCyberSecurity@infosec.exchange at 2026-07-10T06:13:38.000Z ##

Sysdig documented JADEPUFFER, the first agentic ransomware run end-to-end by an AI agent. It breached Langflow via CVE-2025-3248 and extorted a database.

#JADEPUFFER #AgenticRansomware #AI #Ransomware #Langflow #Sysdig #CyberSecurity #InfoSec

securityonline.info/jadepuffer

##

CVE-2022-22963
(9.8 CRITICAL)

EPSS: 99.94%

updated 2025-10-22T19:18:03

1 posts

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.

Nuclei template

38 repos

https://github.com/darryk10/CVE-2022-22963

https://github.com/AayushmanThapaMagar/CVE-2022-22963

https://github.com/randallbanner/Spring-Cloud-Function-Vulnerability-CVE-2022-22963-RCE

https://github.com/cyberager/CVE-2022-22963

https://github.com/stevemats/Spring0DayCoreExploit

https://github.com/me2nuk/CVE-2022-22963

https://github.com/Kirill89/CVE-2022-22963-PoC

https://github.com/nikn0laty/RCE-in-Spring-Cloud-CVE-2022-22963

https://github.com/SourM1lk/CVE-2022-22963-Exploit

https://github.com/xmqaq/CVE-2022-22963

https://github.com/75ACOL/CVE-2022-22963

https://github.com/charis3306/CVE-2022-22963

https://github.com/iliass-dahman/CVE-2022-22963-POC

https://github.com/gunzf0x/CVE-2022-22963

https://github.com/J0ey17/CVE-2022-22963_Reverse-Shell-Exploit

https://github.com/lemmyz4n3771/CVE-2022-22963-PoC

https://github.com/Qualys/spring4scanwin

https://github.com/G01d3nW01f/CVE-2022-22963

https://github.com/puckiestyle/CVE-2022-22963

https://github.com/kh4sh3i/Spring-CVE

https://github.com/hktalent/spring-spel-0day-poc

https://github.com/tpt11fb/SpringVulScan

https://github.com/AabyssZG/SpringBoot-Scan

https://github.com/jschauma/check-springshell

https://github.com/RanDengShiFu/CVE-2022-22963

https://github.com/twseptian/cve-2022-22963

https://github.com/Shayz614/CVE-2022-22963

https://github.com/k3rwin/spring-cloud-function-rce

https://github.com/WuliRuler/SBSCAN

https://github.com/west-wind/Spring4Shell-Detection

https://github.com/Mustafa1986/CVE-2022-22963

https://github.com/SealPaPaPa/SpringCloudFunction-Research

https://github.com/viemsr/Spring_Cloud_Function_memshell

https://github.com/jrbH4CK/CVE-2022-22963

https://github.com/dinosn/CVE-2022-22963

https://github.com/XuCcc/VulEnv

https://github.com/BearClaw96/CVE-2022-22963-Poc-Bearcules

https://github.com/mebibite/springhound

nurkiewicz@fosstodon.org at 2026-07-10T14:39:10.000Z ##

A decade of #Spring SpEL CVEs: CVE-2026-41852, CVE-2026-41851, CVE-2026-41850, CVE-2026-41849, CVE-2026-41729, CVE-2026-41719, CVE-2026-41717, CVE-2025-41253, CVE-2024-38808, CVE-2023-20861, CVE-2022-22980, CVE-2022-22963, CVE-2022-22950, CVE-2022-22947, CVE-2018-1273, CVE-2018-1260, CVE-2017-8046, CVE-2016-4977. RCE, DoS, you name it

##

CVE-2024-42009
(9.3 CRITICAL)

EPSS: 83.39%

updated 2025-10-22T00:34:11

1 posts

A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php.

Nuclei template

7 repos

https://github.com/DaniTheHack3r/CVE-2024-42009-PoC

https://github.com/Shubhankargupta691/CVE-2024-42009

https://github.com/Bhanunamikaze/CVE-2024-42009

https://github.com/0xbassiouny1337/CVE-2024-42009

https://github.com/Foxer131/CVE-2024-42008-9-exploit

https://github.com/segunakinsoyinu/CVE-2024-42009-roundcube-xss

https://github.com/ZaidArif47/CVE-2024-42009

threatnoir@infosec.exchange at 2026-07-09T00:07:03.000Z ##

⚠️ CRITICAL: Suspected China-Aligned Hackers Exploit Roundcube Flaws Against Universities

China-aligned group UNK_MassTraction is actively exploiting critical Roundcube vulnerabilities (CVE-2024-42009, CVE-2025-49113) to target physics and engineering departments at U.S. and Canadian universities. Attackers are stealing credentials and deploying web shells for persistent access. If your…

threatnoir.com/focus

#infosec #cybersecurity

##

CVE-2018-1260
(9.8 CRITICAL)

EPSS: 8.35%

updated 2024-05-14T17:55:42

1 posts

Spring Security OAuth versions prior to 2.3.3, prior to 2.2.2, prior to 2.1.2, and prior to 2.0.15 contain a remote code execution vulnerability. An attacker can craft an authorization request to the authorization endpoint that can lead to remote code execution when the resource owner is forwarded to the approval endpoint.

1 repos

https://github.com/shoucheng3/SpringSource__spring-security-oauth_CVE-2018-1260_2-3-2-RELEASE

nurkiewicz@fosstodon.org at 2026-07-10T14:39:10.000Z ##

A decade of #Spring SpEL CVEs: CVE-2026-41852, CVE-2026-41851, CVE-2026-41850, CVE-2026-41849, CVE-2026-41729, CVE-2026-41719, CVE-2026-41717, CVE-2025-41253, CVE-2024-38808, CVE-2023-20861, CVE-2022-22980, CVE-2022-22963, CVE-2022-22950, CVE-2022-22947, CVE-2018-1273, CVE-2018-1260, CVE-2017-8046, CVE-2016-4977. RCE, DoS, you name it

##

CVE-2024-30326
(7.8 HIGH)

EPSS: 0.91%

updated 2024-04-03T18:30:55

1 posts

Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue

DarkWebInformer@infosec.exchange at 2026-07-08T15:42:46.000Z ##

‼️ New Dark Web Informer Blog Post!

Title: Foxit PDF Reader RCE Flaw CVE-2024-30326 Highlights PDF Attack Surface

Link: darkwebinformer.com/foxit-pdf-

##

CVE-2018-1273
(9.8 CRITICAL)

EPSS: 95.65%

updated 2024-03-20T14:20:44

1 posts

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request paylo

Nuclei template

8 repos

https://github.com/WuliRuler/SBSCAN

https://github.com/AabyssZG/SpringBoot-Scan

https://github.com/webr0ck/poc-cve-2018-1273

https://github.com/hdgokani/CVE-2018-1273

https://github.com/cved-sources/cve-2018-1273

https://github.com/jas502n/cve-2018-1273

https://github.com/knqyf263/CVE-2018-1273

https://github.com/wearearima/poc-cve-2018-1273

nurkiewicz@fosstodon.org at 2026-07-10T14:39:10.000Z ##

A decade of #Spring SpEL CVEs: CVE-2026-41852, CVE-2026-41851, CVE-2026-41850, CVE-2026-41849, CVE-2026-41729, CVE-2026-41719, CVE-2026-41717, CVE-2025-41253, CVE-2024-38808, CVE-2023-20861, CVE-2022-22980, CVE-2022-22963, CVE-2022-22950, CVE-2022-22947, CVE-2018-1273, CVE-2018-1260, CVE-2017-8046, CVE-2016-4977. RCE, DoS, you name it

##

CVE-2022-22947
(10.0 CRITICAL)

EPSS: 98.25%

updated 2023-07-24T19:30:19

1 posts

In Spring Cloud Gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed, and unsecured. A remote attacker could make a maliciously crafted request resulting in arbitrary remote execution on the remote host.

Nuclei template

69 repos

https://github.com/YutuSec/SpEL

https://github.com/tangxiaofeng7/CVE-2022-22947-Spring-Cloud-Gateway

https://github.com/kkx600/Burp_VulPscan

https://github.com/shoucheng3/spring-cloud__spring-cloud-gateway_CVE-2022-22947_3-0-6

https://github.com/Vancomycin-g/CVE-2022-22947

https://github.com/Jun-5heng/CVE-2022-22947

https://github.com/viemsr/spring_cloud_gateway_memshell

https://github.com/LY613313/CVE-2022-22947

https://github.com/nu0l/cve-2022-22947

https://github.com/skysliently/CVE-2022-22947-pb-ai

https://github.com/MoCh3n/CVE-2022-22947-Spring-Cloud-Gateway-SpelRCE

https://github.com/whwlsfb/cve-2022-22947-godzilla-memshell

https://github.com/hunzi0/CVE-2022-22947-Rce_POC

https://github.com/entr0pie/demo-cve-2022-22947

https://github.com/superneilcn/SpringExploitGUI

https://github.com/Nathaniel1025/CVE-2022-22947

https://github.com/Enokiy/cve-2022-22947-spring-cloud-gateway

https://github.com/Vulnmachines/spring-cve-2022-22947

https://github.com/PaoPaoLong-lab/Spring-CVE-2022-22947-

https://github.com/0x7eTeam/CVE-2022-22947

https://github.com/Wrin9/CVE-2022-22947

https://github.com/k3rwin/spring-cloud-gateway-rce

https://github.com/Greetdawn/CVE-2022-22947

https://github.com/Le1a/CVE-2022-22947

https://github.com/dbgee/CVE-2022-22947

https://github.com/bysinks/CVE-2022-22947

https://github.com/SecNN/CVE-2022-22947_Rce_Exp

https://github.com/lucksec/Spring-Cloud-Gateway-CVE-2022-22947

https://github.com/22ke/CVE-2022-22947

https://github.com/darkb1rd/cve-2022-22947

https://github.com/nanaao/CVE-2022-22947-POC

https://github.com/ciri3/spring-cloud-gateway-cve-2022-22947-report

https://github.com/stayfoolish777/CVE-2022-22947-POC

https://github.com/qq87234770/CVE-2022-22947

https://github.com/talentsec/Spring-Cloud-Gateway-CVE-2022-22947

https://github.com/B0rn2d/Spring-Cloud-Gateway-Nacos

https://github.com/hh-hunter/cve-2022-22947-docker

https://github.com/tpt11fb/SpringVulScan

https://github.com/AabyssZG/SpringBoot-Scan

https://github.com/scopion/cve-2022-22947

https://github.com/aesm1p/CVE-2022-22947-POC-Reproduce

https://github.com/SanderSchepers1993/CyberSec2026

https://github.com/SiJiDo/CVE-2022-22947

https://github.com/Bin4xin/bin4xin.github.io

https://github.com/0730Nophone/CVE-2022-22947-

https://github.com/scopion/CVE-2022-22947-exp

https://github.com/Summer177/Spring-Cloud-Gateway-CVE-2022-22947

https://github.com/kmahyyg/CVE-2022-22947

https://github.com/WuliRuler/SBSCAN

https://github.com/24-2021/EXP-POC

https://github.com/4nNns/CVE-2022-22947

https://github.com/Zh0um1/CVE-2022-22947

https://github.com/crowsec-edtech/CVE-2022-22947

https://github.com/sentryCyberSec/sentryCyberSec.github.io

https://github.com/BerMalBerIst/CVE-2022-22947

https://github.com/twseptian/cve-2022-22947

https://github.com/Sumitpathania03/CVE-2022-22947

https://github.com/Tas9er/SpringCloudGatewayRCE

https://github.com/flying0er/CVE-2022-22947-goby

https://github.com/Wrong-pixel/CVE-2022-22947-exp

https://github.com/sagaryadav8742/springcloudRCE

https://github.com/fbion/CVE-2022-22947

https://github.com/XuCcc/VulEnv

https://github.com/mrknow001/CVE-2022-22947

https://github.com/anansec/CVE-2022-22947_EXP

https://github.com/cc3305/CVE-2022-22947

https://github.com/Arrnitage/CVE-2022-22947_exp

https://github.com/wjl110/Spring_CVE_2022_22947

https://github.com/dingxiao77/-cve-2022-22947-

nurkiewicz@fosstodon.org at 2026-07-10T14:39:10.000Z ##

A decade of #Spring SpEL CVEs: CVE-2026-41852, CVE-2026-41851, CVE-2026-41850, CVE-2026-41849, CVE-2026-41729, CVE-2026-41719, CVE-2026-41717, CVE-2025-41253, CVE-2024-38808, CVE-2023-20861, CVE-2022-22980, CVE-2022-22963, CVE-2022-22950, CVE-2022-22947, CVE-2018-1273, CVE-2018-1260, CVE-2017-8046, CVE-2016-4977. RCE, DoS, you name it

##

CVE-2022-22950
(6.5 MEDIUM)

EPSS: 35.83%

updated 2023-03-28T22:26:11

1 posts

In Spring Framework versions 5.3.0 - 5.3.16, 5.2.0.RELEASE - 5.2.19.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.

nurkiewicz@fosstodon.org at 2026-07-10T14:39:10.000Z ##

A decade of #Spring SpEL CVEs: CVE-2026-41852, CVE-2026-41851, CVE-2026-41850, CVE-2026-41849, CVE-2026-41729, CVE-2026-41719, CVE-2026-41717, CVE-2025-41253, CVE-2024-38808, CVE-2023-20861, CVE-2022-22980, CVE-2022-22963, CVE-2022-22950, CVE-2022-22947, CVE-2018-1273, CVE-2018-1260, CVE-2017-8046, CVE-2016-4977. RCE, DoS, you name it

##

nurkiewicz@fosstodon.org at 2026-07-10T14:39:10.000Z ##

A decade of #Spring SpEL CVEs: CVE-2026-41852, CVE-2026-41851, CVE-2026-41850, CVE-2026-41849, CVE-2026-41729, CVE-2026-41719, CVE-2026-41717, CVE-2025-41253, CVE-2024-38808, CVE-2023-20861, CVE-2022-22980, CVE-2022-22963, CVE-2022-22950, CVE-2022-22947, CVE-2018-1273, CVE-2018-1260, CVE-2017-8046, CVE-2016-4977. RCE, DoS, you name it

##

CVE-2022-22980
(9.0 None)

EPSS: 16.90%

updated 2023-01-27T05:05:05

1 posts

A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized.

8 repos

https://github.com/Vulnmachines/Spring_cve-2022-22980

https://github.com/jweny/cve-2022-22980

https://github.com/kuron3k0/Spring-Data-Mongodb-Example

https://github.com/W01fh4cker/Serein

https://github.com/Eliasdekiniweek/CVE-2022-22980

https://github.com/murataydemir/CVE-2022-22980

https://github.com/li8u99/Spring-Data-Mongodb-Demo

https://github.com/trganda/CVE-2022-22980

nurkiewicz@fosstodon.org at 2026-07-10T14:39:10.000Z ##

A decade of #Spring SpEL CVEs: CVE-2026-41852, CVE-2026-41851, CVE-2026-41850, CVE-2026-41849, CVE-2026-41729, CVE-2026-41719, CVE-2026-41717, CVE-2025-41253, CVE-2024-38808, CVE-2023-20861, CVE-2022-22980, CVE-2022-22963, CVE-2022-22950, CVE-2022-22947, CVE-2018-1273, CVE-2018-1260, CVE-2017-8046, CVE-2016-4977. RCE, DoS, you name it

##

CVE-2026-55687
(0 None)

EPSS: 0.39%

2 posts

N/A

thehackerwire@mastodon.social at 2026-07-11T19:59:55.000Z ##

🟠 CVE-2026-55687 - High (7.5)

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. Versions 6.0.1, 5.5.4, 5.4.4, 5.3.5, and possibly prior contain an out-of-bounds write in jpeg_parse_dqt_marker() in components/esp_driver_jpeg/jpeg_parse_marker.c because th...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T19:59:55.000Z ##

🟠 CVE-2026-55687 - High (7.5)

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. Versions 6.0.1, 5.5.4, 5.4.4, 5.3.5, and possibly prior contain an out-of-bounds write in jpeg_parse_dqt_marker() in components/esp_driver_jpeg/jpeg_parse_marker.c because th...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-55641
(0 None)

EPSS: 0.25%

2 posts

N/A

thehackerwire@mastodon.social at 2026-07-11T19:00:30.000Z ##

🟠 CVE-2026-55641 - High (8.2)

9Router is an AI router & token saver. Prior to 0.5.2, 9router determines whether a /v1 LLM proxy request is local by reading the client-controlled Host header, allowing a remote unauthenticated attacker to send Host: localhost and bypass API-key ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T19:00:30.000Z ##

🟠 CVE-2026-55641 - High (8.2)

9Router is an AI router & token saver. Prior to 0.5.2, 9router determines whether a /v1 LLM proxy request is local by reading the client-controlled Host header, allowing a remote unauthenticated attacker to send Host: localhost and bypass API-key ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-55638
(0 None)

EPSS: 0.37%

2 posts

N/A

thehackerwire@mastodon.social at 2026-07-11T19:00:19.000Z ##

🟠 CVE-2026-55638 - High (8.6)

9Router is an AI router & token saver. Prior to 0.5.2, 9router protects /v1, /v1beta, /api/v1, and /api/v1beta in src/dashboardGuard.js but omits /codex before next.config.mjs rewrites /codex/* to /api/v1/responses. A remote unauthenticated attack...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T19:00:19.000Z ##

🟠 CVE-2026-55638 - High (8.6)

9Router is an AI router & token saver. Prior to 0.5.2, 9router protects /v1, /v1beta, /api/v1, and /api/v1beta in src/dashboardGuard.js but omits /codex before next.config.mjs rewrites /codex/* to /api/v1/responses. A remote unauthenticated attack...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-56675
(0 None)

EPSS: 0.32%

2 posts

N/A

thehackerwire@mastodon.social at 2026-07-11T19:00:09.000Z ##

🟠 CVE-2026-56675 - High (8.3)

9Router is an AI router & token saver. Prior to 0.5.2, 9router treats loopback requests as trusted and allows /v1/* access without an API key, so a same-host reverse proxy that forwards public traffic to the backend through 127.0.0.1 causes src/da...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T19:00:09.000Z ##

🟠 CVE-2026-56675 - High (8.3)

9Router is an AI router & token saver. Prior to 0.5.2, 9router treats loopback requests as trusted and allows /v1/* access without an API key, so a same-host reverse proxy that forwards public traffic to the backend through 127.0.0.1 causes src/da...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-56668
(0 None)

EPSS: 0.23%

2 posts

N/A

thehackerwire@mastodon.social at 2026-07-11T18:00:20.000Z ##

🟠 CVE-2026-56668 - High (8.1)

ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL's OAuth2 Token Exchange endpoint for urn:ietf:params:oauth:grant-type:token-exchange does not verify that the subject token belongs to the requesting client or that r...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T18:00:20.000Z ##

🟠 CVE-2026-56668 - High (8.1)

ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL's OAuth2 Token Exchange endpoint for urn:ietf:params:oauth:grant-type:token-exchange does not verify that the subject token belongs to the requesting client or that r...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-55516
(0 None)

EPSS: 0.22%

2 posts

N/A

thehackerwire@mastodon.social at 2026-07-11T17:00:20.000Z ##

🟠 CVE-2026-55516 - High (7.7)

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, PATCH or PUT /api/v1/maintenances/{maintenance_id} checks access to the current maintenance record and asset but then fills attacker-controlled fields including asset_id without re...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T17:00:20.000Z ##

🟠 CVE-2026-55516 - High (7.7)

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, PATCH or PUT /api/v1/maintenances/{maintenance_id} checks access to the current maintenance record and asset but then fills attacker-controlled fields including asset_id without re...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-55377
(0 None)

EPSS: 0.26%

2 posts

N/A

thehackerwire@mastodon.social at 2026-07-11T14:00:15.000Z ##

🟠 CVE-2026-55377 - High (8.1)

Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's Account Center step-up check accepted any active verification record that belonged to the current user and had isVerified === true. A WebAuthn regi...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T14:00:15.000Z ##

🟠 CVE-2026-55377 - High (8.1)

Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's Account Center step-up check accepted any active verification record that belonged to the current user and had isVerified === true. A WebAuthn regi...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-52747
(0 None)

EPSS: 0.46%

2 posts

N/A

thehackerwire@mastodon.social at 2026-07-11T12:00:07.000Z ##

🟠 CVE-2026-52747 - High (8.6)

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Prior to 3.0.16, the multipart/form-data request body parser in libmodsecurity silently removes embedded line breaks from non-file form-...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T12:00:07.000Z ##

🟠 CVE-2026-52747 - High (8.6)

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Prior to 3.0.16, the multipart/form-data request body parser in libmodsecurity silently removes embedded line breaks from non-file form-...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-49213
(0 None)

EPSS: 0.32%

2 posts

N/A

thehackerwire@mastodon.social at 2026-07-11T11:59:58.000Z ##

🟠 CVE-2026-49213 - High (8.1)

TypeBot is a chatbot builder tool. Prior to 3.17.2, Typebot's shared SSRF validator in packages/lib/src/ssrf/validateHttpReqUrl.ts can be bypassed with the IPv6 unspecified address :: because validateIPAddress blocks local, metadata, and private r...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T11:59:58.000Z ##

🟠 CVE-2026-49213 - High (8.1)

TypeBot is a chatbot builder tool. Prior to 3.17.2, Typebot's shared SSRF validator in packages/lib/src/ssrf/validateHttpReqUrl.ts can be bypassed with the IPv6 unspecified address :: because validateIPAddress blocks local, metadata, and private r...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-55879
(0 None)

EPSS: 0.27%

2 posts

N/A

hugovalters@mastodon.social at 2026-07-11T05:13:00.000Z ##

CVE-2026-55879 - Critical XSS in OpenReplay. Unauthenticated attackers can inject scripts via tracking SDK, steal session JWTs. CVSS 9.3. No patch available - disable public project keys immediately. #CVE #infosec #OpenReplay

valtersit.com/cve/CVE-2026-558

##

thehackerwire@mastodon.social at 2026-07-10T22:01:03.000Z ##

🔴 CVE-2026-55879 - Critical (9.3)

OpenReplay is a self-hosted session replay suite. From 1.24.0 before 1.25.0, the OpenReplay tracking SDK accepts custom event names and captured page URLs from any visitor using a public project key, stores them in ClickHouse without output encodi...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-54149
(0 None)

EPSS: 0.38%

2 posts

N/A

hugovalters@mastodon.social at 2026-07-10T23:12:25.000Z ##

CVE-2026-54149 - Critical OS Command Injection in MaxKB. Authenticated users can execute arbitrary commands via malicious .tool import and MCP transport. CVSS 8.8. No patch available yet. Mitigate immediately. #CVE #MaxKB #infosec

valtersit.com/cve/CVE-2026-541

##

thehackerwire@mastodon.social at 2026-07-10T17:00:21.000Z ##

🟠 CVE-2026-54149 - High (8.8)

MaxKB is an open-source AI assistant for enterprise. Prior to 2.10.0-lts, MaxKB tool import functionality in apps/tools/serializers/tool.py and MCP referencing mode in apps/application/chat_pipeline/step/chat_step/impl/base_chat_step.py do not con...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-58499
(0 None)

EPSS: 0.36%

1 posts

N/A

thehackerwire@mastodon.social at 2026-07-10T22:00:04.000Z ##

🟠 CVE-2026-58499 - High (8.2)

EverOS is a memory runtime for agents. Prior to 1.0.1, EverOS is vulnerable to path traversal in the POST /api/v1/memory/add ingestion endpoint because the per-message sender_id field was not validated as a path-safe identifier, unlike app_id and ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-55789
(0 None)

EPSS: 0.30%

1 posts

N/A

thehackerwire@mastodon.social at 2026-07-10T21:00:24.000Z ##

🟠 CVE-2026-55789 - High (8.5)

Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's self-hosted SAML application IdP built the signed SAML response and assertion by string-substituting user-controlled profile attributes such as nam...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-12932
(0 None)

EPSS: 0.00%

1 posts

N/A

cryptostorm@infosec.exchange at 2026-07-10T13:32:09.000Z ##

v4.01 of our Windows client is at cryptostorm.is/windows#widget

See attached for client-side fixes.

Servers were updated to OpenVPN 2.7.5 on the 2nd, and v4.01 bundles 2.7.5, so we're good on CVE-2026-12996, CVE-2026-13117, CVE-2026-12932, and CVE-2026-13698.

##

CVE-2026-13117
(0 None)

EPSS: 0.00%

1 posts

N/A

cryptostorm@infosec.exchange at 2026-07-10T13:32:09.000Z ##

v4.01 of our Windows client is at cryptostorm.is/windows#widget

See attached for client-side fixes.

Servers were updated to OpenVPN 2.7.5 on the 2nd, and v4.01 bundles 2.7.5, so we're good on CVE-2026-12996, CVE-2026-13117, CVE-2026-12932, and CVE-2026-13698.

##

CVE-2026-12996
(0 None)

EPSS: 0.00%

1 posts

N/A

cryptostorm@infosec.exchange at 2026-07-10T13:32:09.000Z ##

v4.01 of our Windows client is at cryptostorm.is/windows#widget

See attached for client-side fixes.

Servers were updated to OpenVPN 2.7.5 on the 2nd, and v4.01 bundles 2.7.5, so we're good on CVE-2026-12996, CVE-2026-13117, CVE-2026-12932, and CVE-2026-13698.

##

linuxmint_hun@mastodon.social at 2026-07-10T11:49:28.000Z ##

Kibertámadók már 13 nappal a bejelentés után vizsgálják a Gitea Docker sebezhetőséget (CVE-2026-20896)

linuxmint.hu/hir/2026/07/kiber

##

threatnoir@infosec.exchange at 2026-07-09T01:05:46.000Z ##

⚠️ CRITICAL: Critical Gitea Flaw Under Active Exploitation, Researchers Warn

Critical vulnerability CVE-2026-20896 in Gitea's reverse-proxy authentication is under active exploitation. Attackers bypass authentication by spoofing a single HTTP header to gain unauthorized access to repositories and secrets. Gitea Docker images prior to version 1.26.3 are vulnerable due to def…

threatnoir.com/focus

#infosec #cybersecurity

##

CVE-2026-59834
(0 None)

EPSS: 0.38%

1 posts

N/A

thehackerwire@mastodon.social at 2026-07-10T03:01:04.000Z ##

🟠 CVE-2026-59834 - High (7.5)

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the block search endpoint POST /api/search/fullTextSearchBlock concatenates attacker-controlled paths values into SQL predicates used by non-SQL search modes, allowing ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-59832
(0 None)

EPSS: 0.32%

1 posts

N/A

thehackerwire@mastodon.social at 2026-07-10T03:00:55.000Z ##

🟠 CVE-2026-59832 - High (7.7)

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the /snippets/*filepath route handler serveSnippets in kernel/server/serve.go joins a single-decoded request path with the snippets directory without subpath containmen...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-54433
(0 None)

EPSS: 0.00%

1 posts

N/A

CVE-2026-57155
(0 None)

EPSS: 0.00%

1 posts

N/A

Visit counter For Websites