## Updated at UTC 2026-03-28T17:24:50.513000

Access data as JSON

CVE CVSS EPSS Posts Repos Nuclei Updated Description
CVE-2026-4987 7.5 0.07% 2 0 2026-03-28T02:16:14.793000 The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin fo
CVE-2026-27309 7.8 0.03% 2 0 2026-03-28T00:31:19 Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free
CVE-2026-1679 7.3 0.03% 2 0 2026-03-28T00:16:04.740000 The eswifi socket offload driver copies user-provided payloads into a fixed buff
CVE-2026-4976 8.8 0.08% 2 0 2026-03-27T23:17:18.700000 A vulnerability was found in Totolink LR350 9.3.5u.6369_B20220309. This vulnerab
CVE-2026-4961 8.8 0.05% 2 0 2026-03-27T23:17:16.953000 A vulnerability was identified in Tenda AC6 15.03.05.16. Affected by this vulner
CVE-2026-4960 8.8 0.05% 2 0 2026-03-27T23:17:16.770000 A vulnerability was determined in Tenda AC6 15.03.05.16. Affected is the functio
CVE-2026-4248 8.0 0.03% 4 0 2026-03-27T23:17:14.753000 The Ultimate Member plugin for WordPress is vulnerable to Sensitive Information
CVE-2026-33991 8.8 0.05% 4 0 2026-03-27T23:17:13.913000 WeGIA is a web manager for charitable institutions. Prior to version 3.6.7, the
CVE-2026-33941 8.2 0.02% 2 0 2026-03-27T22:16:21.203000 Handlebars provides the power necessary to let users build semantic templates. I
CVE-2026-33940 8.1 0.04% 2 0 2026-03-27T22:16:21.030000 Handlebars provides the power necessary to let users build semantic templates. I
CVE-2026-33634 None 26.61% 3 1 2026-03-27T22:07:00 ## Summary On March 19, 2026, a threat actor used compromised credentials to pu
CVE-2026-33938 8.1 0.07% 2 0 2026-03-27T21:52:26 ## Summary The `@partial-block` special variable is stored in the template data
CVE-2026-33894 7.5 0.03% 4 0 2026-03-27T21:50:56 ## Summary RSASSA PKCS#1 v1.5 signature verification accepts forged signatures f
CVE-2026-33891 7.5 0.04% 2 0 2026-03-27T21:50:32 ## Summary A Denial of Service (DoS) vulnerability exists in the node-forge lib
CVE-2026-33870 7.5 0.03% 4 0 2026-03-27T21:49:46 ## Summary Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer
CVE-2026-33728 None 0.57% 1 0 2026-03-27T21:37:25 In versions of dd-trace-java prior to 1.60.3, the RMI instrumentation registered
CVE-2026-33701 None 0.50% 1 0 2026-03-27T21:37:05 In versions prior to 2.26.1, the RMI instrumentation registered a custom endpoin
CVE-2026-33671 7.5 0.04% 1 0 2026-03-27T21:36:14 ### Impact `picomatch` is vulnerable to Regular Expression Denial of Service (Re
CVE-2026-33687 8.8 0.04% 1 0 2026-03-27T21:35:59 ### Summary The `code16/sharp` Laravel admin panel package contains a vulnerabi
CVE-2026-33673 7.7 0.04% 2 0 2026-03-27T21:35:45 ### Impact Multiple stored Cross-Site Scripting (stored XSS) vulnerabilities in
CVE-2026-29871 7.5 0.04% 2 0 2026-03-27T21:32:39 A path traversal vulnerability exists in the awesome-llm-apps project in commit
CVE-2026-30304 9.7 0.06% 2 0 2026-03-27T21:32:39 In its design for automatic terminal command execution, AI Code offers two optio
CVE-2026-4975 8.8 0.05% 2 0 2026-03-27T21:31:44 A vulnerability has been found in Tenda AC15 15.03.05.19. This affects the funct
CVE-2026-4974 8.8 0.05% 2 0 2026-03-27T21:31:44 A flaw has been found in Tenda AC7 15.03.06.44. Affected by this issue is the fu
CVE-2026-25075 7.5 0.13% 1 1 2026-03-27T21:31:33 strongSwan versions 4.5.0 prior to 6.0.5 contain an integer underflow vulnerabil
CVE-2026-33669 9.8 0.04% 2 0 2026-03-27T21:20:42 ### Details Document IDs were retrieved via the /api/file/readDir interface, an
CVE-2026-33937 9.8 0.25% 5 1 2026-03-27T21:17:27.417000 Handlebars provides the power necessary to let users build semantic templates. I
CVE-2026-33895 7.5 0.03% 4 0 2026-03-27T21:17:26.157000 Forge (also called `node-forge`) is a native implementation of Transport Layer S
CVE-2026-33875 9.3 0.05% 6 0 2026-03-27T21:17:24.377000 Gematik Authenticator securely authenticates users for login to digital health a
CVE-2026-33873 0 0.08% 2 0 2026-03-27T21:17:23.953000 Langflow is a tool for building and deploying AI-powered agents and workflows. P
CVE-2026-30689 7.5 0.03% 2 0 2026-03-27T21:17:22.700000 A blog.admin v.8.0 and before system's getinfobytoken API interface contains an
CVE-2026-30637 7.5 0.08% 2 0 2026-03-27T21:17:22.420000 Server-Side Request Forgery (SSRF) vulnerability exists in the AnnounContent of
CVE-2026-30302 10.0 0.41% 2 0 2026-03-27T21:17:21.523000 The command auto-approval module in CodeRider-Kilo contains an OS Command Inject
CVE-2026-33494 10.0 0.04% 2 0 2026-03-27T20:59:22 ## Description Ory Oathkeeper is vulnerable to an authorization bypass via HTTP
CVE-2026-33468 8.1 0.05% 1 0 2026-03-27T20:57:34 ## Summary Kysely's `DefaultQueryCompiler.sanitizeStringLiteral()` only escapes
CVE-2026-33413 None 0.05% 2 0 2026-03-27T20:48:47 ### Impact _What kind of vulnerability is it? Who is impacted?_ Multiple vulner
CVE-2025-53521 9.8 19.16% 9 0 2026-03-27T20:43:45.780000 When a BIG-IP APM access policy is configured on a virtual server, specific mali
CVE-2026-34205 9.6 0.02% 4 0 2026-03-27T20:16:35.360000 Home Assistant is open source home automation software that puts local control a
CVE-2026-33661 8.6 0.13% 1 0 2026-03-27T20:16:32.600000 Pay is an open-source payment SDK extension package for various Chinese payment
CVE-2026-32241 7.5 0.13% 4 0 2026-03-27T20:16:30.570000 Flannel is a network fabric for containers, designed for Kubernetes. The Flannel
CVE-2026-31945 7.7 0.03% 2 0 2026-03-27T20:16:30.060000 LibreChat is a ChatGPT clone with additional features. Versions 0.8.2-rc2 throug
CVE-2026-31943 8.5 0.03% 2 0 2026-03-27T20:16:29.897000 LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.3, `
CVE-2026-30303 9.8 0.35% 3 0 2026-03-27T20:16:28.163000 The command auto-approval module in Axon Code contains an OS Command Injection v
CVE-2026-4867 7.5 0.04% 1 0 2026-03-27T20:04:54 ### Impact A bad regular expression is generated any time you have three or mor
CVE-2026-34374 9.1 0.03% 4 0 2026-03-27T19:16:42.930000 WWBN AVideo is an open source video platform. In versions up to and including 26
CVE-2026-33989 8.1 0.04% 4 0 2026-03-27T19:13:18 ### Summary The `@mobilenext/mobile-mcp` server contains a Path Traversal vulner
CVE-2026-33980 8.3 0.05% 2 0 2026-03-27T19:08:13 ### Summary adx-mcp-server (<= latest, commit 48b2933) contains KQL (Kusto Quer
CVE-2026-26830 9.8 0.25% 1 2 2026-03-27T18:38:05 pdf-image (npm package) through version 2.0.0 allows OS command injection via th
CVE-2026-28367 8.7 0.04% 2 0 2026-03-27T18:31:34 A flaw was found in Undertow. A remote attacker can exploit this vulnerability b
CVE-2026-28369 8.7 0.13% 2 0 2026-03-27T18:31:34 A flaw was found in Undertow. When Undertow receives an HTTP request where the f
CVE-2025-15381 8.1 0.01% 2 0 2026-03-27T18:31:27 In the latest version of mlflow/mlflow, when the `basic-auth` app is enabled, tr
CVE-2026-33939 7.5 0.04% 2 0 2026-03-27T18:21:16 ## Summary When a Handlebars template contains decorator syntax referencing an
CVE-2026-33979 8.2 0.01% 4 0 2026-03-27T17:56:47 ## Description A vulnerability has been identified in express-xss-sanitizer (<=
CVE-2026-33897 10.0 0.05% 2 0 2026-03-27T17:17:04 ### Summary Instance template files can be used to cause arbitrary read or write
CVE-2026-28368 8.7 0.10% 2 0 2026-03-27T17:16:27.993000 A flaw was found in Undertow. This vulnerability allows a remote attacker to con
CVE-2026-27876 9.1 0.08% 4 0 2026-03-27T17:16:27.600000 A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to
CVE-2026-1961 8.0 0.12% 1 0 2026-03-27T17:16:27.193000 A flaw was found in Foreman. A remote attacker could exploit a command injection
CVE-2026-4984 8.2 0.03% 4 0 2026-03-27T15:30:32 The Twilio integration webhook handler accepts any POST request without validati
CVE-2026-5026 None 0.07% 2 0 2026-03-27T15:30:32 The '/api/v1/files/images/{flow_id}/{file_name}' endpoint serves SVG files with
CVE-2026-5027 8.8 0.05% 4 0 2026-03-27T15:17:04.743000 The 'POST /api/v2/files' endpoint does not sanitize the 'filename' parameter fro
CVE-2026-33757 9.6 0.06% 2 0 2026-03-27T15:16:57.690000 OpenBao is an open source identity-based secrets management system. Prior to ver
CVE-2026-28377 7.5 0.01% 1 0 2026-03-27T15:16:51.693000 A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintex
CVE-2026-27880 7.5 0.01% 4 0 2026-03-27T15:16:51.323000 The OpenFeature feature toggle evaluation endpoint reads unbounded values into m
CVE-2026-27858 7.5 0.05% 3 0 2026-03-27T09:16:20.073000 Attacker can send a specifically crafted message before authentication that caus
CVE-2026-24031 7.7 0.05% 2 0 2026-03-27T09:16:19.447000 Dovecot SQL based authentication can be bypassed when auth_username_chars is cle
CVE-2026-22738 9.8 0.07% 1 0 2026-03-27T06:16:37.663000 In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a
CVE-2026-34352 8.4 0.01% 1 0 2026-03-27T00:31:32 In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observ
CVE-2026-4902 8.8 0.05% 1 0 2026-03-27T00:31:32 A vulnerability was detected in Tenda AC5 15.03.06.47. This affects the function
CVE-2025-12805 8.1 0.03% 1 0 2026-03-27T00:31:32 A flaw was found in Red Hat OpenShift AI (RHOAI) llama-stack-operator. This vuln
CVE-2026-3650 7.5 0.05% 2 0 2026-03-27T00:31:32 A memory leak exists in the Grassroots DICOM library (GDCM). The bug occurs when
CVE-2026-33945 9.9 0.06% 1 0 2026-03-27T00:16:23.633000 Incus is a system container and virtual machine manager. Incus instances have an
CVE-2026-4903 8.8 0.05% 1 0 2026-03-26T23:16:21.307000 A flaw has been found in Tenda AC5 15.03.06.47. This vulnerability affects the f
CVE-2026-33943 8.8 0.07% 2 0 2026-03-26T22:22:21 ### Summary A code injection vulnerability in `ECMAScriptModuleCompiler` allows
CVE-2026-33686 8.8 0.06% 1 0 2026-03-26T22:16:31.050000 Sharp is a content management framework built for Laravel as a package. Versions
CVE-2026-33670 9.8 0.06% 2 0 2026-03-26T22:16:30.050000 SiYuan is a personal knowledge management system. Prior to version 3.6.2, the /a
CVE-2025-55262 8.3 0.03% 1 0 2026-03-26T21:32:35 HCL Aftermarket DPC is affected by SQL Injection which allows attacker to exploi
CVE-2025-41359 7.8 0.02% 1 0 2026-03-26T21:31:26 Vulnerability related to an unquoted service path in Small HTTP Server 3.06.36,
CVE-2025-41368 8.1 0.02% 1 0 2026-03-26T21:07:45.300000 Problem in the Small HTTP Server v3.06.36 service. An authenticated path travers
CVE-2026-33942 9.8 0.33% 1 0 2026-03-26T20:42:31.563000 Saloon is a PHP library that gives users tools to build API integrations and SDK
CVE-2025-32991 9.0 0.21% 1 0 2026-03-26T20:36:42.620000 In N2WS Backup & Recovery before 4.4.0, a two-step attack against the RESTful AP
CVE-2026-33530 7.7 0.03% 1 0 2026-03-26T20:16:15.237000 InvenTree is an Open Source Inventory Management System. Prior to version 1.2.6,
CVE-2026-4926 7.5 0.04% 1 0 2026-03-26T19:17:08.387000 Impact: A bad regular expression is generated any time you have multiple sequen
CVE-2026-33149 8.1 0.03% 1 0 2026-03-26T19:17:02.967000 Tandoor Recipes is an application for managing recipes, planning meals, and buil
CVE-2026-32522 8.6 0.05% 1 0 2026-03-26T19:17:01.930000 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') v
CVE-2026-33496 8.1 0.14% 1 0 2026-03-26T18:16:30.730000 ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision A
CVE-2026-33487 7.5 0.02% 1 0 2026-03-26T18:16:30.070000 goxmlsig provides XML Digital Signatures implemented in Go. Prior to version 1.6
CVE-2026-33348 8.7 0.07% 1 0 2026-03-26T18:02:20.603000 OpenEMR is a free and open source electronic health records and medical practice
CVE-2026-3108 8.0 0.04% 1 0 2026-03-26T17:16:41.797000 Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, 11.
CVE-2026-33442 8.1 0.05% 1 0 2026-03-26T17:16:40.850000 Kysely is a type-safe TypeScript SQL query builder. In versions 0.28.12 and 0.28
CVE-2026-33009 8.2 0.04% 1 0 2026-03-26T17:16:37.813000 EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a dat
CVE-2025-15101 8.8 0.02% 1 0 2026-03-26T16:43:20.300000 A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Web
CVE-2026-33696 10.0 0.24% 2 0 2026-03-26T16:41:02 ## Impact An authenticated user with permission to create or modify workflows co
CVE-2026-33918 7.6 0.03% 2 0 2026-03-26T16:27:29.090000 OpenEMR is a free and open source electronic health records and medical practice
CVE-2026-33917 8.8 0.00% 2 1 2026-03-26T16:26:36.493000 OpenEMR is a free and open source electronic health records and medical practice
CVE-2026-33913 7.7 0.05% 1 0 2026-03-26T16:25:24.290000 OpenEMR is a free and open source electronic health records and medical practice
CVE-2026-34056 7.7 0.02% 1 0 2026-03-26T16:15:22.680000 OpenEMR is a free and open source electronic health records and medical practice
CVE-2026-24068 8.8 0.04% 1 0 2026-03-26T15:31:40 The VSL privileged helper does utilize NSXPC for IPC. The implementation of the
CVE-2026-32530 8.8 0.04% 1 0 2026-03-26T15:31:39 Incorrect Privilege Assignment vulnerability in WPFunnels Creator LMS creatorlms
CVE-2026-4747 8.8 0.15% 1 0 2026-03-26T15:31:39 Each RPCSEC_GSS data packet is validated by a routine which checks a signature i
CVE-2026-4247 7.5 0.02% 1 0 2026-03-26T15:31:39 When a challenge ACK is to be sent tcp_respond() constructs and sends the challe
CVE-2026-4652 7.5 0.05% 1 0 2026-03-26T15:31:38 On a system exposing an NVMe/TCP target, a remote client can trigger a kernel pa
CVE-2025-55261 8.1 0.04% 1 0 2026-03-26T15:30:48 HCL Aftermarket DPC is affected by Missing Functional Level Access Control which
CVE-2026-27664 7.5 0.04% 1 0 2026-03-26T15:30:48 A vulnerability has been identified in CPCI85 Central Processing/Communication (
CVE-2026-33287 7.5 0.04% 1 0 2026-03-26T15:16:38.133000 LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScri
CVE-2026-26008 7.5 0.04% 1 0 2026-03-26T15:16:32.510000 EVerest is an EV charging software stack. Versions prior to 2026.02.0 have an ou
CVE-2026-23995 8.4 0.01% 2 0 2026-03-26T15:16:32.137000 EVerest is an EV charging software stack. Prior to version 2026.02.0, stack-base
CVE-2026-22593 8.4 0.01% 1 0 2026-03-26T15:16:31.800000 EVerest is an EV charging software stack. Prior to version 2026.02.0, an off-by-
CVE-2026-20084 8.6 0.11% 1 0 2026-03-26T15:13:33.940000 A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allo
CVE-2026-33285 7.5 0.04% 1 0 2026-03-26T15:13:15.790000 LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScri
CVE-2026-20125 7.7 0.14% 1 0 2026-03-26T15:13:15.790000 A vulnerability in the HTTP Server feature of Cisco IOS Software and Cisco IOS X
CVE-2026-32523 9.9 0.04% 1 0 2026-03-26T14:16:11.417000 Unrestricted Upload of File with Dangerous Type vulnerability in denishua WPJAM
CVE-2026-2511 7.5 0.07% 1 0 2026-03-26T14:16:10.017000 The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is
CVE-2026-33017 9.8 5.65% 4 5 2026-03-26T13:26:16.393000 Langflow is a tool for building and deploying AI-powered agents and workflows. I
CVE-2026-4809 9.8 0.39% 2 0 2026-03-26T12:30:35 plank/laravel-mediable through version 6.4.0 can allow upload of a dangerous fil
CVE-2026-4862 8.8 0.04% 1 0 2026-03-26T10:16:26.850000 A security vulnerability has been detected in UTT HiPER 1250GW up to 3.2.7-21090
CVE-2026-28760 7.8 0.01% 2 0 2026-03-26T09:30:33 The installer of RATOC RAID Monitoring Manager for Windows searches the current
CVE-2026-32680 7.8 0.01% 2 0 2026-03-26T09:30:33 The installer of RATOC RAID Monitoring Manager for Windows allows to customize t
CVE-2026-4861 8.8 0.04% 1 0 2026-03-26T09:16:06.720000 A weakness has been identified in Wavlink WL-NU516U1 260227. This vulnerability
CVE-2026-4840 8.8 0.15% 2 0 2026-03-26T05:16:40.840000 A security flaw has been discovered in Netcore Power 15AX up to 3.0.0.6938. Affe
CVE-2026-2931 8.8 0.04% 1 0 2026-03-26T05:16:39.030000 The Amelia Booking plugin for WordPress is vulnerable to Insecure Direct Object
CVE-2026-4484 9.8 0.04% 1 0 2026-03-26T03:30:34 The Masteriyo LMS plugin for WordPress is vulnerable to Privilege Escalation in
CVE-2026-4758 8.8 0.25% 1 0 2026-03-26T00:16:41.570000 The WP Job Portal plugin for WordPress is vulnerable to arbitrary file deletion
CVE-2026-32536 10.0 0.04% 1 0 2026-03-25T21:31:40 Unrestricted Upload of File with Dangerous Type vulnerability in halfdata Green
CVE-2026-32538 7.5 0.03% 1 0 2026-03-25T21:31:39 Insertion of Sensitive Information Into Sent Data vulnerability in Noor Alam SMT
CVE-2026-32573 9.1 0.04% 1 0 2026-03-25T21:30:36 Improper Control of Generation of Code ('Code Injection') vulnerability in Nelio
CVE-2026-32513 8.8 0.05% 1 0 2026-03-25T21:30:35 Deserialization of Untrusted Data vulnerability in Miguel Useche JS Archive List
CVE-2026-32537 7.5 0.11% 1 0 2026-03-25T21:16:46.153000 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
CVE-2026-32531 8.1 0.11% 1 0 2026-03-25T21:16:44.300000 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
CVE-2026-33660 10.0 0.11% 2 0 2026-03-25T21:07:45 ## Impact An authenticated user with permission to create or modify workflows co
CVE-2026-33056 6.5 0.01% 1 0 2026-03-25T18:36:34 ## Summary When unpacking a tar archive, the `tar` crate's `unpack_dir` functio
CVE-2026-20012 8.6 0.10% 1 0 2026-03-25T18:31:51 A vulnerability in the Internet Key Exchange version 2 (IKEv2) feature of Cisco
CVE-2026-20086 8.6 0.10% 1 0 2026-03-25T18:31:47 A vulnerability in the processing of Control and Provisioning of Wireless Access
CVE-2025-33244 9.0 0.03% 1 0 2026-03-25T15:41:58.280000 NVIDIA APEX for Linux contains a vulnerability where an unauthorized attacker co
CVE-2026-3104 7.5 0.03% 1 0 2026-03-25T15:31:37 A specially crafted domain can be used to cause a memory leak in a BIND resolver
CVE-2026-1519 7.5 0.04% 1 0 2026-03-25T15:31:36 If a BIND resolver is performing DNSSEC validation and encounters a maliciously
CVE-2026-33167 0 0.01% 1 0 2026-03-24T15:53:48.067000 Action Pack is a Rubygem for building web applications on the Rails framework. I
CVE-2026-3587 10.0 0.09% 1 1 2026-03-24T08:16:01.910000 An unauthenticated remote attacker can exploit a hidden function in the CLI prom
CVE-2026-4681 None 0.38% 1 0 2026-03-24T00:30:28 A critical remote code execution (RCE) vulnerability has been reported in PTC Wi
CVE-2026-3055 None 0.02% 2 1 2026-03-23T21:30:58 Insufficient input validation in NetScaler ADC and NetScaler Gateway when config
CVE-2025-15605 None 0.01% 1 0 2026-03-23T18:30:39 A hardcoded cryptographic key within the configuration mechanism on TP-Link Arch
CVE-2025-15517 None 0.04% 1 0 2026-03-23T18:30:39 A missing authentication check in the HTTP server on TP-Link Archer NX200, NX210
CVE-2026-3584 9.8 0.29% 1 1 2026-03-23T14:32:02.800000 The Kali Forms plugin for WordPress is vulnerable to Remote Code Execution in al
CVE-2026-32628 8.8 0.03% 1 0 2026-03-16T20:33:27.493000 AnythingLLM is an application that turns pieces of content into context that any
CVE-2026-26123 5.5 0.05% 1 0 2026-03-13T20:45:13.817000 Cwe is not in rca categories in Microsoft Authenticator allows an unauthorized a
CVE-2026-20079 10.0 0.06% 1 2 2026-03-04T18:32:03 A vulnerability in the web interface of Cisco Secure Firewall Management Center
CVE-2026-21962 10.0 0.02% 1 8 2026-02-03T00:30:18 Vulnerability in the Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in pr
CVE-2025-12548 9.0 44.19% 2 0 2026-01-14T16:26:00.933000 A flaw was found in Eclipse Che che-machine-exec. This vulnerability allows unau
CVE-2025-55182 10.0 71.17% 1 100 template 2025-12-09T16:53:25 ### Impact There is an unauthenticated remote code execution vulnerability in R
CVE-2023-46604 10.0 94.44% 1 34 template 2025-11-04T16:41:16.217000 The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. T
CVE-2024-54492 5.9 0.27% 2 0 2025-11-03T23:17:25.830000 This issue was addressed by using HTTPS when sending information over the networ
CVE-2023-2868 9.4 90.02% 2 4 2025-10-22T00:33:51 A remote command injection vulnerability exists in the Barracuda Email Security
CVE-2023-32434 7.8 61.25% 2 2 2025-10-22T00:33:51 An integer overflow was addressed with improved input validation. This issue is
CVE-2023-38606 5.5 0.12% 1 0 2025-10-22T00:33:51 This issue was addressed with improved state management. This issue is fixed in
CVE-2020-14882 9.8 94.45% 1 41 template 2025-10-22T00:31:59 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware
CVE-2017-10271 7.5 94.44% 1 31 template 2025-10-22T00:16:01.457000 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar
CVE-2025-9959 7.6 0.04% 1 0 2025-09-04T15:35:29.497000 Incomplete validation of dunder attributes allows an attacker to escape from the
CVE-2025-5063 8.8 0.46% 1 0 2025-07-02T14:15:26.493000 Use after free in Compositing in Google Chrome prior to 137.0.7151.55 allowed a
CVE-2025-6101 5.5 0.05% 1 0 2025-06-16T12:32:18.840000 A vulnerability classified as critical has been found in letta-ai letta up to 0.
CVE-2023-38646 9.8 94.25% 1 41 template 2024-11-21T08:13:58.837000 Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 all
CVE-2020-8561 4.1 0.18% 1 0 2024-11-21T05:39:02.050000 A security issue was discovered in Kubernetes where actors that control the resp
CVE-2026-33953 0 0.03% 2 0 N/A
CVE-2026-33976 0 0.14% 6 0 N/A
CVE-2026-33955 0 0.06% 2 0 N/A
CVE-2026-34226 0 0.03% 2 0 N/A
CVE-2026-33755 0 0.03% 2 0 N/A
CVE-2026-34375 0 0.03% 4 0 N/A
CVE-2026-33874 0 0.07% 2 0 N/A
CVE-2026-1678 0 0.05% 2 0 N/A
CVE-2026-32748 0 0.98% 1 0 N/A
CVE-2026-33396 0 0.76% 1 0 N/A
CVE-2026-22790 0 0.05% 1 0 N/A
CVE-2026-33416 0 0.05% 2 0 N/A
CVE-2026-33636 0 0.03% 2 0 N/A
CVE-2026-33152 0 0.06% 2 0 N/A
CVE-2026-33491 0 0.01% 1 0 N/A
CVE-2026-33506 0 0.07% 1 0 N/A
CVE-2026-33631 0 0.01% 1 0 N/A
CVE-2026-15519 0 0.00% 2 0 N/A
CVE-2026-15518 0 0.00% 2 0 N/A
CVE-2026-33526 0 1.98% 1 0 N/A
CVE-2026-33932 0 0.03% 1 0 N/A
CVE-2026-34055 0 0.02% 1 0 N/A
CVE-2026-23514 0 0.03% 1 0 N/A
CVE-2026-29187 0 0.00% 2 1 N/A
CVE-2026-24750 0 0.03% 1 0 N/A

CVE-2026-4987
(7.5 HIGH)

EPSS: 0.07%

updated 2026-03-28T02:16:14.793000

2 posts

The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and including, 2.5.2. This is due to the create_payment_intent() function performing a payment validation solely based on the value of a user-controlled parameter. This makes it possible for unauthenticated attackers to bypass configured form pay

offseq at 2026-03-28T06:00:32.861Z ##

CVE-2026-4987 (HIGH): SureForms for WordPress lets unauthenticated attackers bypass payment validation via form_id=0. All versions vulnerable — financial loss risk. Patch when available or apply server-side validation. radar.offseq.com/threat/cve-20

##
offseq@infosec.exchange at 2026-03-28T06:00:32.000Z ##

CVE-2026-4987 (HIGH): SureForms for WordPress lets unauthenticated attackers bypass payment validation via form_id=0. All versions vulnerable — financial loss risk. Patch when available or apply server-side validation. radar.offseq.com/threat/cve-20 #OffSeq #WordPress #Vuln

##

CVE-2026-27309
(7.8 HIGH)

EPSS: 0.03%

updated 2026-03-28T00:31:19

2 posts

Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

thehackerwire@mastodon.social at 2026-03-27T22:28:20.000Z ##

🟠 CVE-2026-27309 - High (7.8)

Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T22:28:20.000Z ##

🟠 CVE-2026-27309 - High (7.8)

Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-1679
(7.3 HIGH)

EPSS: 0.03%

updated 2026-03-28T00:16:04.740000

2 posts

The eswifi socket offload driver copies user-provided payloads into a fixed buffer without checking available space; oversized sends overflow `eswifi->buf`, corrupting kernel memory (CWE-120). Exploit requires local code that can call the socket send API; no remote attacker can reach it directly.

offseq at 2026-03-28T07:30:26.741Z ##

CVE-2026-1679: HIGH severity buffer overflow in Zephyr RTOS (all versions). Local attackers can trigger kernel memory corruption via eswifi socket offload driver. Patch ASAP, enforce access controls. Details: radar.offseq.com/threat/cve-20

##
offseq@infosec.exchange at 2026-03-28T07:30:26.000Z ##

CVE-2026-1679: HIGH severity buffer overflow in Zephyr RTOS (all versions). Local attackers can trigger kernel memory corruption via eswifi socket offload driver. Patch ASAP, enforce access controls. Details: radar.offseq.com/threat/cve-20 #OffSeq #ZephyrRTOS #IoTSecurity #CVE

##

CVE-2026-4976
(8.8 HIGH)

EPSS: 0.08%

updated 2026-03-27T23:17:18.700000

2 posts

A vulnerability was found in Totolink LR350 9.3.5u.6369_B20220309. This vulnerability affects the function setWiFiGuestCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid results in buffer overflow. The attack can be launched remotely. The exploit has been made public and could be used.

thehackerwire@mastodon.social at 2026-03-27T21:37:46.000Z ##

🟠 CVE-2026-4976 - High (8.8)

A vulnerability was found in Totolink LR350 9.3.5u.6369_B20220309. This vulnerability affects the function setWiFiGuestCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid results in buffer overflow. The attack can be launch...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T21:37:46.000Z ##

🟠 CVE-2026-4976 - High (8.8)

A vulnerability was found in Totolink LR350 9.3.5u.6369_B20220309. This vulnerability affects the function setWiFiGuestCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid results in buffer overflow. The attack can be launch...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4961
(8.8 HIGH)

EPSS: 0.05%

updated 2026-03-27T23:17:16.953000

2 posts

A vulnerability was identified in Tenda AC6 15.03.05.16. Affected by this vulnerability is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.

thehackerwire@mastodon.social at 2026-03-27T22:00:29.000Z ##

🟠 CVE-2026-4961 - High (8.8)

A vulnerability was identified in Tenda AC6 15.03.05.16. Affected by this vulnerability is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. The manipulation of the argument PPPOEPassword leads to st...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T22:00:29.000Z ##

🟠 CVE-2026-4961 - High (8.8)

A vulnerability was identified in Tenda AC6 15.03.05.16. Affected by this vulnerability is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. The manipulation of the argument PPPOEPassword leads to st...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4960
(8.8 HIGH)

EPSS: 0.05%

updated 2026-03-27T23:17:16.770000

2 posts

A vulnerability was determined in Tenda AC6 15.03.05.16. Affected is the function fromWizardHandle of the file /goform/WizardHandle of the component POST Request Handler. Executing a manipulation of the argument WANT/WANS can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.

thehackerwire@mastodon.social at 2026-03-27T22:00:39.000Z ##

🟠 CVE-2026-4960 - High (8.8)

A vulnerability was determined in Tenda AC6 15.03.05.16. Affected is the function fromWizardHandle of the file /goform/WizardHandle of the component POST Request Handler. Executing a manipulation of the argument WANT/WANS can lead to stack-based b...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T22:00:39.000Z ##

🟠 CVE-2026-4960 - High (8.8)

A vulnerability was determined in Tenda AC6 15.03.05.16. Affected is the function fromWizardHandle of the file /goform/WizardHandle of the component POST Request Handler. Executing a manipulation of the argument WANT/WANS can lead to stack-based b...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4248
(8.0 HIGH)

EPSS: 0.03%

updated 2026-03-27T23:17:14.753000

4 posts

The Ultimate Member plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11.2. This is due to the '{usermeta:password_reset_link}' template tag being processed within post content via the '[um_loggedin]' shortcode, which generates a valid password reset token for the currently logged-in user viewing the page. This makes it possible for authen

offseq at 2026-03-28T09:00:28.256Z ##

🔥 HIGH severity: CVE-2026-4248 in Ultimate Member plugin (≤2.11.2) lets Contributor users trigger admin password resets via malicious post preview — risking full site takeover. Restrict access & monitor now! radar.offseq.com/threat/cve-20

##
thehackerwire@mastodon.social at 2026-03-27T23:18:48.000Z ##

🟠 CVE-2026-4248 - High (8)

The Ultimate Member plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11.2. This is due to the '{usermeta:password_reset_link}' template tag being processed within post content via the '[u...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
offseq@infosec.exchange at 2026-03-28T09:00:28.000Z ##

🔥 HIGH severity: CVE-2026-4248 in Ultimate Member plugin (≤2.11.2) lets Contributor users trigger admin password resets via malicious post preview — risking full site takeover. Restrict access & monitor now! radar.offseq.com/threat/cve-20 #OffSeq #WordPress #CVE20264248 #Vuln

##
thehackerwire@mastodon.social at 2026-03-27T23:18:48.000Z ##

🟠 CVE-2026-4248 - High (8)

The Ultimate Member plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11.2. This is due to the '{usermeta:password_reset_link}' template tag being processed within post content via the '[u...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33991
(8.8 HIGH)

EPSS: 0.05%

updated 2026-03-27T23:17:13.913000

4 posts

WeGIA is a web manager for charitable institutions. Prior to version 3.6.7, the file `html/socio/sistema/deletar_tag.php` uses `extract($_REQUEST)` on line 14 and directly concatenates the `$id_tag` variable into SQL queries on lines 16-17 without prepared statements or sanitization. Version 3.6.7 patches the vulnerability.

offseq at 2026-03-28T10:30:28.483Z ##

⚠️ CVE-2026-33991: HIGH severity SQL Injection in WeGIA < 3.6.7. Vulnerable PHP code in deletar_tag.php lets attackers inject SQL remotely — risking data theft & disruption for charities. Patch to 3.6.7 or mitigate ASAP. radar.offseq.com/threat/cve-20

##
thehackerwire@mastodon.social at 2026-03-27T23:18:57.000Z ##

🟠 CVE-2026-33991 - High (8.8)

WeGIA is a web manager for charitable institutions. Prior to version 3.6.7, the file `html/socio/sistema/deletar_tag.php` uses `extract($_REQUEST)` on line 14 and directly concatenates the `$id_tag` variable into SQL queries on lines 16-17 without...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
offseq@infosec.exchange at 2026-03-28T10:30:28.000Z ##

⚠️ CVE-2026-33991: HIGH severity SQL Injection in WeGIA < 3.6.7. Vulnerable PHP code in deletar_tag.php lets attackers inject SQL remotely — risking data theft & disruption for charities. Patch to 3.6.7 or mitigate ASAP. radar.offseq.com/threat/cve-20 #OffSeq #SQLInjection #Infosec

##
thehackerwire@mastodon.social at 2026-03-27T23:18:57.000Z ##

🟠 CVE-2026-33991 - High (8.8)

WeGIA is a web manager for charitable institutions. Prior to version 3.6.7, the file `html/socio/sistema/deletar_tag.php` uses `extract($_REQUEST)` on line 14 and directly concatenates the `$id_tag` variable into SQL queries on lines 16-17 without...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33941
(8.2 HIGH)

EPSS: 0.02%

updated 2026-03-27T22:16:21.203000

2 posts

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the Handlebars CLI precompiler (`bin/handlebars` / `lib/precompiler.js`) concatenates user-controlled strings — template file names and several CLI options — directly into the JavaScript it emits, without any escaping or sanitization. An attacker who can influence template filenames or C

thehackerwire@mastodon.social at 2026-03-27T22:19:01.000Z ##

🟠 CVE-2026-33941 - High (8.2)

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the Handlebars CLI precompiler (`bin/handlebars` / `lib/precompiler.js`) concatenates user-controlled strings — template file names a...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T22:19:01.000Z ##

🟠 CVE-2026-33941 - High (8.2)

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the Handlebars CLI precompiler (`bin/handlebars` / `lib/precompiler.js`) concatenates user-controlled strings — template file names a...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33940
(8.1 HIGH)

EPSS: 0.04%

updated 2026-03-27T22:16:21.030000

2 posts

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, a crafted object placed in the template context can bypass all conditional guards in `resolvePartial()` and cause `invokePartial()` to return `undefined`. The Handlebars runtime then treats the unresolved partial as a source that needs to be compiled, passing the crafted object to `env.c

thehackerwire@mastodon.social at 2026-03-27T22:18:52.000Z ##

🟠 CVE-2026-33940 - High (8.1)

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, a crafted object placed in the template context can bypass all conditional guards in `resolvePartial()` and cause `invokePartial()` to ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T22:18:52.000Z ##

🟠 CVE-2026-33940 - High (8.1)

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, a crafted object placed in the template context can bypass all conditional guards in `resolvePartial()` and cause `invokePartial()` to ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33634(CVSS UNKNOWN)

EPSS: 26.61%

updated 2026-03-27T22:07:00

3 posts

## Summary On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in `aquasecurity/trivy-action` to credential-stealing malware, and replace all 7 tags in `aquasecurity/setup-trivy` with malicious commits. On March 22, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.5 and v0

1 repos

https://github.com/ugurrates/teampcp-supply-chain-attack

technadu@infosec.exchange at 2026-03-27T08:14:16.000Z ##

CISA adds CVE-2026-33634 (Trivy) to KEV - active exploitation confirmed.

If it’s in KEV, it’s already a threat.

Source: cisa.gov/news-events/alerts/20

💬 Is KEV your top patch priority?
🔔 Follow TechNadu

#InfoSec #KEV #CyberSecurity

##
secdb@infosec.exchange at 2026-03-26T22:21:34.000Z ##

🚨 [CISA-2026:0326] CISA Adds One Known Exploited Vulnerability to Catalog (secdb.nttzen.cloud/security-ad)

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2026-33634 (secdb.nttzen.cloud/cve/detail/)
- Name: Aquasecurity Trivy Embedded Malicious Code Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Aquasecurity
- Product: Trivy
- Notes: This vulnerability involves a supply‑chain compromise in a product that may be used across multiple products and environments. Additional vendor‑provided guidance must be followed to ensure full remediation. For more information, please see: github.com/advisories/GHSA-69f ; nvd.nist.gov/vuln/detail/CVE-2

#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260326 #cisa20260326 #cve_2026_33634 #cve202633634

##
cisakevtracker@mastodon.social at 2026-03-26T17:00:50.000Z ##

CVE ID: CVE-2026-33634
Vendor: Aquasecurity
Product: Trivy
Date Added: 2026-03-26
Notes: This vulnerability involves a supply‑chain compromise in a product that may be used across multiple products and environments. Additional vendor‑provided guidance must be followed to ensure full remediation. For more information, please see: github.com/advisories/GHSA-69f ; nvd.nist.gov/vuln/detail/CVE-2
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2026-33938
(8.1 HIGH)

EPSS: 0.07%

updated 2026-03-27T21:52:26

2 posts

## Summary The `@partial-block` special variable is stored in the template data context and is reachable and mutable from within a template via helpers that accept arbitrary objects. When a helper overwrites `@partial-block` with a crafted Handlebars AST, a subsequent invocation of `{{> @partial-block}}` compiles and executes that AST, enabling arbitrary JavaScript execution on the server. ## De

thehackerwire@mastodon.social at 2026-03-27T21:38:04.000Z ##

🟠 CVE-2026-33938 - High (8.1)

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the `@partial-block` special variable is stored in the template data context and is reachable and mutable from within a template via he...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T21:38:04.000Z ##

🟠 CVE-2026-33938 - High (8.1)

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the `@partial-block` special variable is stored in the template data context and is reachable and mutable from within a template via he...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33894
(7.5 HIGH)

EPSS: 0.03%

updated 2026-03-27T21:50:56

4 posts

## Summary RSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low public exponent keys (e=3). Attackers can forge signatures by stuffing “garbage” bytes within the ASN structure in order to construct a signature that passes verification, enabling [Bleichenbacher style forgery](https://mailarchive.ietf.org/arch/msg/openpgp/5rnE9ZRN1AokBVj3VqblGlP63QE/). This issue is similar to

thehackerwire@mastodon.social at 2026-03-27T21:43:49.000Z ##

🟠 CVE-2026-33894 - High (7.5)

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, RSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low public exponent keys (e=3). Attackers can fo...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T21:39:25.000Z ##

🟠 CVE-2026-33894 - High (7.5)

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, RSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low public exponent keys (e=3). Attackers can fo...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T21:43:49.000Z ##

🟠 CVE-2026-33894 - High (7.5)

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, RSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low public exponent keys (e=3). Attackers can fo...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T21:39:25.000Z ##

🟠 CVE-2026-33894 - High (7.5)

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, RSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low public exponent keys (e=3). Attackers can fo...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33891
(7.5 HIGH)

EPSS: 0.04%

updated 2026-03-27T21:50:32

2 posts

## Summary A Denial of Service (DoS) vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse() function (inherited from the bundled jsbn library). When modInverse() is called with a zero value as input, the internal Extended Euclidean Algorithm enters an unreachable exit condition, causing the process to hang indefinitely and consume 100% CPU. Affected

thehackerwire@mastodon.social at 2026-03-27T21:39:19.000Z ##

🟠 CVE-2026-33891 - High (7.5)

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service (DoS) vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modIn...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T21:39:19.000Z ##

🟠 CVE-2026-33891 - High (7.5)

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service (DoS) vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modIn...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33870
(7.5 HIGH)

EPSS: 0.03%

updated 2026-03-27T21:49:46

4 posts

## Summary Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. ## Background This vulnerability is a new variant discovered during research into the "Funky Chunks" HTTP request smuggling techniques: - <https://w4ke.info/2025/06/18/funky-chunks.html> - <https://w4ke.info/2025/10/29/funky-chunks-2.html> The original

thehackerwire@mastodon.social at 2026-03-27T21:02:29.000Z ##

🟠 CVE-2026-33870 - High (7.5)

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling a...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T21:00:46.000Z ##

🟠 CVE-2026-33870 - High (7.5)

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling a...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T21:02:29.000Z ##

🟠 CVE-2026-33870 - High (7.5)

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling a...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T21:00:46.000Z ##

🟠 CVE-2026-33870 - High (7.5)

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling a...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33728(CVSS UNKNOWN)

EPSS: 0.57%

updated 2026-03-27T21:37:25

1 posts

In versions of dd-trace-java prior to 1.60.3, the RMI instrumentation registered a custom endpoint that deserialized incoming data without applying serialization filters. On JDK version 16 and earlier, an attacker with network access to a JMX or RMI port on an instrumented JVM could exploit this to potentially achieve remote code execution. All three of the following conditions must be true to exp

offseq@infosec.exchange at 2026-03-27T01:30:30.000Z ##

⚠️ CRITICAL: CVE-2026-33728 in DataDog dd-trace-java (0.40.0 - <1.60.3) allows unauth RCE via unsafe deserialization if JMX/RMI port is exposed on JDK ≤16. Upgrade to 1.60.3+ & restrict access! radar.offseq.com/threat/cve-20 #OffSeq #Java #Infosec #CVE202633728

##

CVE-2026-33701(CVSS UNKNOWN)

EPSS: 0.50%

updated 2026-03-27T21:37:05

1 posts

In versions prior to 2.26.1, the RMI instrumentation registered a custom endpoint that deserialized incoming data without applying serialization filters. An attacker with network access to a JMX or RMI port on an instrumented JVM could exploit this to potentially achieve remote code execution. All three of the following conditions must be true to exploit this vulnerability: 1. OpenTelemetry Java i

offseq@infosec.exchange at 2026-03-27T03:00:29.000Z ##

🚨 CRITICAL: CVE-2026-33701 affects opentelemetry-java-instrumentation <2.26.1. Unauthenticated RCE possible on Java ≤16 via unsafe RMI deserialization. Upgrade to 2.26.1+ or disable RMI now! Details: radar.offseq.com/threat/cve-20 #OffSeq #Java #RCE #Vuln

##

CVE-2026-33671
(7.5 HIGH)

EPSS: 0.04%

updated 2026-03-27T21:36:14

1 posts

### Impact `picomatch` is vulnerable to Regular Expression Denial of Service (ReDoS) when processing crafted extglob patterns. Certain patterns using extglob quantifiers such as `+()` and `*()`, especially when combined with overlapping alternatives or nested extglobs, are compiled into regular expressions that can exhibit catastrophic backtracking on non-matching input. Examples of problematic p

thehackerwire@mastodon.social at 2026-03-26T22:19:23.000Z ##

🟠 CVE-2026-33671 - High (7.5)

Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) when processing crafted extglob patterns. Certain patterns using extglob quantifiers such as `...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33687
(8.8 HIGH)

EPSS: 0.04%

updated 2026-03-27T21:35:59

1 posts

### Summary The `code16/sharp` Laravel admin panel package contains a vulnerability in its file upload endpoint that allows authenticated users to bypass all file type restrictions. ### Details The upload endpoint within the `ApiFormUploadController` accepts a client-controlled `validation_rule` parameter. This parameter is directly passed into the Laravel validator without sufficient server-sid

thehackerwire@mastodon.social at 2026-03-26T22:18:17.000Z ##

🟠 CVE-2026-33687 - High (8.8)

Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 contain a vulnerability in the file upload endpoint that allows authenticated users to bypass all file type restrictions. The upload endpoint within t...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33673
(7.7 HIGH)

EPSS: 0.04%

updated 2026-03-27T21:35:45

2 posts

### Impact Multiple stored Cross-Site Scripting (stored XSS) vulnerabilities in the BO: an attacker who can inject data into the database, via limited back-office access or a previously existing vulnerability, can exploit unprotected variables in back-office templates. ### Patches Patched on 8.2.5 and 9.1.0 ### Workarounds None ### References None

thehackerwire@mastodon.social at 2026-03-26T22:20:57.000Z ##

🟠 CVE-2026-33673 - High (7.6)

PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 are vulnerable to stored Cross-Site Scripting (stored XSS) vulnerabilities in the BO. An attacker who can inject data into the database, via limited back-of...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-26T22:19:33.000Z ##

🟠 CVE-2026-33673 - High (7.6)

PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 are vulnerable to stored Cross-Site Scripting (stored XSS) vulnerabilities in the BO. An attacker who can inject data into the database, via limited back-of...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-29871
(7.5 HIGH)

EPSS: 0.04%

updated 2026-03-27T21:32:39

2 posts

A path traversal vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80a9877fab52acacf7ab8251 (2026-01-19) in the Beifong AI News and Podcast Agent backend in FastAPI backend, stream-audio endpoint, in file routers/podcast_router.py, in function stream_audio. The stream-audio endpoint accepts a user-controlled path parameter that is concatenated into a filesystem path wi

thehackerwire@mastodon.social at 2026-03-27T23:05:15.000Z ##

🟠 CVE-2026-29871 - High (7.5)

A path traversal vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80a9877fab52acacf7ab8251 (2026-01-19) in the Beifong AI News and Podcast Agent backend in FastAPI backend, stream-audio endpoint, in file routers/podca...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T23:05:15.000Z ##

🟠 CVE-2026-29871 - High (7.5)

A path traversal vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80a9877fab52acacf7ab8251 (2026-01-19) in the Beifong AI News and Podcast Agent backend in FastAPI backend, stream-audio endpoint, in file routers/podca...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-30304
(9.7 CRITICAL)

EPSS: 0.06%

updated 2026-03-27T21:32:39

2 posts

In its design for automatic terminal command execution, AI Code offers two options: Execute safe commands and execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges a command to be potentially destructive, it still requires user approval. However, this design is highly susceptible to p

thehackerwire@mastodon.social at 2026-03-27T23:00:30.000Z ##

🔴 CVE-2026-30304 - Critical (9.6)

In its design for automatic terminal command execution, AI Code offers two options: Execute safe commands and execute all commands. The description for the former states that commands determined by the model to be safe will be automatically execut...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T23:00:30.000Z ##

🔴 CVE-2026-30304 - Critical (9.6)

In its design for automatic terminal command execution, AI Code offers two options: Execute safe commands and execute all commands. The description for the former states that commands determined by the model to be safe will be automatically execut...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4975
(8.8 HIGH)

EPSS: 0.05%

updated 2026-03-27T21:31:44

2 posts

A vulnerability has been found in Tenda AC15 15.03.05.19. This affects the function formSetCfm of the file /goform/setcfm of the component POST Request Handler. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

thehackerwire@mastodon.social at 2026-03-27T21:00:09.000Z ##

🟠 CVE-2026-4975 - High (8.8)

A vulnerability has been found in Tenda AC15 15.03.05.19. This affects the function formSetCfm of the file /goform/setcfm of the component POST Request Handler. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The a...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T21:00:09.000Z ##

🟠 CVE-2026-4975 - High (8.8)

A vulnerability has been found in Tenda AC15 15.03.05.19. This affects the function formSetCfm of the file /goform/setcfm of the component POST Request Handler. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The a...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4974
(8.8 HIGH)

EPSS: 0.05%

updated 2026-03-27T21:31:44

2 posts

A flaw has been found in Tenda AC7 15.03.06.44. Affected by this issue is the function fromSetSysTime of the file /goform/SetSysTimeCfg of the component POST Request Handler. Executing a manipulation of the argument Time can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used.

thehackerwire@mastodon.social at 2026-03-27T20:59:59.000Z ##

🟠 CVE-2026-4974 - High (8.8)

A flaw has been found in Tenda AC7 15.03.06.44. Affected by this issue is the function fromSetSysTime of the file /goform/SetSysTimeCfg of the component POST Request Handler. Executing a manipulation of the argument Time can lead to stack-based bu...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T20:59:59.000Z ##

🟠 CVE-2026-4974 - High (8.8)

A flaw has been found in Tenda AC7 15.03.06.44. Affected by this issue is the function fromSetSysTime of the file /goform/SetSysTimeCfg of the component POST Request Handler. Executing a manipulation of the argument Time can lead to stack-based bu...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-25075
(7.5 HIGH)

EPSS: 0.13%

updated 2026-03-27T21:31:33

1 posts

strongSwan versions 4.5.0 prior to 6.0.5 contain an integer underflow vulnerability in the EAP-TTLS AVP parser that allows unauthenticated remote attackers to cause a denial of service by sending crafted AVP data with invalid length fields during IKEv2 authentication. Attackers can exploit the failure to validate AVP length fields before subtraction to trigger excessive memory allocation or NULL p

1 repos

https://github.com/BishopFox/CVE-2026-25075-check

hackerworkspace@infosec.exchange at 2026-03-26T21:48:45.000Z ##

strongSwan CVE-2026-25075: Integer Underflow in VPN Authentication

bishopfox.com/blog/strongswan-

Short summary: hackerworkspace.com/article/st

#cybersecurity #vulnerability #exploit

##

CVE-2026-33669
(9.8 CRITICAL)

EPSS: 0.04%

updated 2026-03-27T21:20:42

2 posts

### Details Document IDs were retrieved via the /api/file/readDir interface, and then the /api/block/getChildBlocks interface was used to view the content of all documents. ### PoC ```python #!/usr/bin/env python3 """SiYuan /api/block/getChildBlocks 文档内容读取""" import requests import json import sys def get_child_blocks(target_url, doc_id): """ 调用 SiYuan 的 /api/block/getChildBlocks API 获

offseq@infosec.exchange at 2026-03-27T07:30:27.000Z ##

🚨 CVE-2026-33669: SiYuan (<3.6.2) has a CRITICAL out-of-bounds read flaw (CVSS 9.8). No auth/user interaction needed — remote attackers can leak sensitive memory. Upgrade to 3.6.2 ASAP! radar.offseq.com/threat/cve-20 #OffSeq #Vulnerability #SiYuan #Cybersecurity

##
thehackerwire@mastodon.social at 2026-03-26T22:19:53.000Z ##

🔴 CVE-2026-33669 - Critical (9.8)

SiYuan is a personal knowledge management system. Prior to version 3.6.2, document IDs were retrieved via the /api/file/readDir interface, and then the /api/block/getChildBlocks interface was used to view the content of all documents. Version 3.6....

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33937
(9.8 CRITICAL)

EPSS: 0.25%

updated 2026-03-27T21:17:27.417000

5 posts

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, `Handlebars.compile()` accepts a pre-parsed AST object in addition to a template string. The `value` field of a `NumberLiteral` AST node is emitted directly into the generated JavaScript without quoting or sanitization. An attacker who can supply a crafted AST to `compile()` can therefor

1 repos

https://github.com/dinhvaren/cve-2026-33937

Matchbook3469@mastodon.social at 2026-03-28T15:23:18.000Z ##

🚨 New security advisory:

CVE-2026-33937 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
yazoul.net/advisory/cve/cve-20

#Cybersecurity #SecurityPatching #HackerNews

##
offseq at 2026-03-27T23:30:27.895Z ##

⚠️ CRITICAL: handlebars.js v4.0.0 – 4.7.8 vulnerable (CVE-2026-33937). Type confusion in compile() lets attackers inject JS & gain RCE via crafted AST. Upgrade to 4.7.9+, validate inputs, use runtime-only build if possible. radar.offseq.com/threat/cve-20

##
thehackerwire@mastodon.social at 2026-03-27T21:37:55.000Z ##

🔴 CVE-2026-33937 - Critical (9.8)

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, `Handlebars.compile()` accepts a pre-parsed AST object in addition to a template string. The `value` field of a `NumberLiteral` AST nod...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
offseq@infosec.exchange at 2026-03-27T23:30:27.000Z ##

⚠️ CRITICAL: handlebars.js v4.0.0 – 4.7.8 vulnerable (CVE-2026-33937). Type confusion in compile() lets attackers inject JS & gain RCE via crafted AST. Upgrade to 4.7.9+, validate inputs, use runtime-only build if possible. radar.offseq.com/threat/cve-20 #OffSeq #CVE202633937 #infosec

##
thehackerwire@mastodon.social at 2026-03-27T21:37:55.000Z ##

🔴 CVE-2026-33937 - Critical (9.8)

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, `Handlebars.compile()` accepts a pre-parsed AST object in addition to a template string. The `value` field of a `NumberLiteral` AST nod...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33895
(7.5 HIGH)

EPSS: 0.03%

updated 2026-03-27T21:17:26.157000

4 posts

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, Ed25519 signature verification accepts forged non-canonical signatures where the scalar S is not reduced modulo the group order (`S >= L`). A valid signature and its `S + L` variant both verify in forge, while Node.js `crypto.verify` (OpenSSL-backed) rejects the `S + L` va

thehackerwire@mastodon.social at 2026-03-27T21:43:40.000Z ##

🟠 CVE-2026-33895 - High (7.5)

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, Ed25519 signature verification accepts forged non-canonical signatures where the scalar S is not reduced modulo the grou...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T21:39:16.000Z ##

🟠 CVE-2026-33895 - High (7.5)

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, Ed25519 signature verification accepts forged non-canonical signatures where the scalar S is not reduced modulo the grou...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T21:43:40.000Z ##

🟠 CVE-2026-33895 - High (7.5)

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, Ed25519 signature verification accepts forged non-canonical signatures where the scalar S is not reduced modulo the grou...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T21:39:16.000Z ##

🟠 CVE-2026-33895 - High (7.5)

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, Ed25519 signature verification accepts forged non-canonical signatures where the scalar S is not reduced modulo the grou...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33875
(9.3 CRITICAL)

EPSS: 0.05%

updated 2026-03-27T21:17:24.377000

6 posts

Gematik Authenticator securely authenticates users for login to digital health applications. Versions prior to 4.16.0 are vulnerable to authentication flow hijacking, potentially allowing attackers to authenticate with the identities of victim users who click on a malicious deep link. Update Gematik Authenticator to version 4.16.0 or greater to receive a patch. There are no known workarounds.

offseq at 2026-03-28T00:00:39.667Z ##

🚨 CVE-2026-33875 (CRITICAL, CVSS 9.3): gematik app-Authenticator <4.16.0 is vulnerable to authentication hijack via malicious deep links. No workarounds — update to 4.16.0+ urgently! radar.offseq.com/threat/cve-20

##
thehackerwire@mastodon.social at 2026-03-27T21:43:58.000Z ##

🔴 CVE-2026-33875 - Critical (9.3)

Gematik Authenticator securely authenticates users for login to digital health applications. Versions prior to 4.16.0 are vulnerable to authentication flow hijacking, potentially allowing attackers to authenticate with the identities of victim use...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T21:39:33.000Z ##

🔴 CVE-2026-33875 - Critical (9.3)

Gematik Authenticator securely authenticates users for login to digital health applications. Versions prior to 4.16.0 are vulnerable to authentication flow hijacking, potentially allowing attackers to authenticate with the identities of victim use...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
offseq@infosec.exchange at 2026-03-28T00:00:39.000Z ##

🚨 CVE-2026-33875 (CRITICAL, CVSS 9.3): gematik app-Authenticator <4.16.0 is vulnerable to authentication hijack via malicious deep links. No workarounds — update to 4.16.0+ urgently! radar.offseq.com/threat/cve-20 #OffSeq #CVE202633875 #HealthIT #VulnAlert

##
thehackerwire@mastodon.social at 2026-03-27T21:43:58.000Z ##

🔴 CVE-2026-33875 - Critical (9.3)

Gematik Authenticator securely authenticates users for login to digital health applications. Versions prior to 4.16.0 are vulnerable to authentication flow hijacking, potentially allowing attackers to authenticate with the identities of victim use...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T21:39:33.000Z ##

🔴 CVE-2026-33875 - Critical (9.3)

Gematik Authenticator securely authenticates users for login to digital health applications. Versions prior to 4.16.0 are vulnerable to authentication flow hijacking, potentially allowing attackers to authenticate with the identities of victim use...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33873
(0 None)

EPSS: 0.08%

updated 2026-03-27T21:17:23.953000

2 posts

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.9.0, the Agentic Assistant feature in Langflow executes LLM-generated Python code during its validation phase. Although this phase appears intended to validate generated component code, the implementation reaches dynamic execution sinks and instantiates the generated class server-side. In deployments

offseq at 2026-03-28T01:30:27.951Z ##

⚠️ CRITICAL vuln in langflow-ai langflow < 1.9.0 (CVE-2026-33873): Agentic Assistant allows remote code injection via LLM-generated Python. Patch to 1.9.0+ or restrict feature access immediately. Details: radar.offseq.com/threat/cve-20

##
offseq@infosec.exchange at 2026-03-28T01:30:27.000Z ##

⚠️ CRITICAL vuln in langflow-ai langflow < 1.9.0 (CVE-2026-33873): Agentic Assistant allows remote code injection via LLM-generated Python. Patch to 1.9.0+ or restrict feature access immediately. Details: radar.offseq.com/threat/cve-20 #OffSeq #CVE202633873 #AIsecurity

##

CVE-2026-30689
(7.5 HIGH)

EPSS: 0.03%

updated 2026-03-27T21:17:22.700000

2 posts

A blog.admin v.8.0 and before system's getinfobytoken API interface contains an improper access control which leads to sensitive data exposure. Unauthorized parties can obtain sensitive administrator account information via a valid token, threatening system security.

thehackerwire@mastodon.social at 2026-03-27T23:00:50.000Z ##

🟠 CVE-2026-30689 - High (7.5)

A blog.admin v.8.0 and before system's getinfobytoken API interface contains an improper access control which leads to sensitive data exposure. Unauthorized parties can obtain sensitive administrator account information via a valid token, threaten...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T23:00:50.000Z ##

🟠 CVE-2026-30689 - High (7.5)

A blog.admin v.8.0 and before system's getinfobytoken API interface contains an improper access control which leads to sensitive data exposure. Unauthorized parties can obtain sensitive administrator account information via a valid token, threaten...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-30637
(7.5 HIGH)

EPSS: 0.08%

updated 2026-03-27T21:17:22.420000

2 posts

Server-Side Request Forgery (SSRF) vulnerability exists in the AnnounContent of the /admin/read.php in OTCMS V7.66 and before. The vulnerability allows remote attackers to craft HTTP requests, without authentication, containing a URL pointing to internal services or any remote server

thehackerwire@mastodon.social at 2026-03-27T23:00:41.000Z ##

🟠 CVE-2026-30637 - High (7.5)

Server-Side Request Forgery (SSRF) vulnerability exists in the AnnounContent of the /admin/read.php in OTCMS V7.66 and before. The vulnerability allows remote attackers to craft HTTP requests, without authentication, containing a URL pointing to i...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T23:00:41.000Z ##

🟠 CVE-2026-30637 - High (7.5)

Server-Side Request Forgery (SSRF) vulnerability exists in the AnnounContent of the /admin/read.php in OTCMS V7.66 and before. The vulnerability allows remote attackers to craft HTTP requests, without authentication, containing a URL pointing to i...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-30302
(10.0 CRITICAL)

EPSS: 0.41%

updated 2026-03-27T21:17:21.523000

2 posts

The command auto-approval module in CodeRider-Kilo contains an OS Command Injection vulnerability, rendering its whitelist security mechanism ineffective. The vulnerability stems from the incorrect use of an incompatible command parser (the Unix-based shell-quote library) to analyze commands on the Windows platform, coupled with a failure to correctly handle Windows CMD-specific escape sequences (

thehackerwire@mastodon.social at 2026-03-27T22:01:45.000Z ##

🔴 CVE-2026-30302 - Critical (10)

The command auto-approval module in CodeRider-Kilo contains an OS Command Injection vulnerability, rendering its whitelist security mechanism ineffective. The vulnerability stems from the incorrect use of an incompatible command parser (the Unix-b...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T22:01:45.000Z ##

🔴 CVE-2026-30302 - Critical (10)

The command auto-approval module in CodeRider-Kilo contains an OS Command Injection vulnerability, rendering its whitelist security mechanism ineffective. The vulnerability stems from the incorrect use of an incompatible command parser (the Unix-b...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33494
(10.0 CRITICAL)

EPSS: 0.04%

updated 2026-03-27T20:59:22

2 posts

## Description Ory Oathkeeper is vulnerable to an authorization bypass via HTTP path traversal. An attacker can craft a URL containing path traversal sequences (e.g. `/public/../admin/secrets`) that resolves to a protected path after normalization, but is matched against a permissive rule because the raw, un-normalized path is used during rule evaluation. ## Preconditions Ory Oathkeeper rules a

thehackerwire@mastodon.social at 2026-03-26T21:20:37.000Z ##

🔴 CVE-2026-33494 - Critical (10)

ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Versions prior to 26.2.0 are vulnerable to an authorization bypass via HTTP path traversal. An attacker...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
offseq@infosec.exchange at 2026-03-26T18:01:13.000Z ##

CRITICAL: ory oathkeeper (<26.2.0) vulnerable to path traversal (CVE-2026-33494). Attackers can bypass authorization via crafted URLs. Upgrade to 26.2.0+ immediately. radar.offseq.com/threat/cve-20 #OffSeq #CVE202633494 #infosec #vulnerability

##

CVE-2026-33468
(8.1 HIGH)

EPSS: 0.05%

updated 2026-03-27T20:57:34

1 posts

## Summary Kysely's `DefaultQueryCompiler.sanitizeStringLiteral()` only escapes single quotes by doubling them (`'` → `''`) but does not escape backslashes. When used with the MySQL dialect (where `NO_BACKSLASH_ESCAPES` is OFF by default), an attacker can use a backslash to escape the trailing quote of a string literal, breaking out of the string context and injecting arbitrary SQL. This affects

thehackerwire@mastodon.social at 2026-03-26T22:00:36.000Z ##

🟠 CVE-2026-33468 - High (8.1)

Kysely is a type-safe TypeScript SQL query builder. Prior to version 0.28.14, Kysely's `DefaultQueryCompiler.sanitizeStringLiteral()` only escapes single quotes by doubling them (`'` → `''`) but does not escape backslashes. When used with the My...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33413(CVSS UNKNOWN)

EPSS: 0.05%

updated 2026-03-27T20:48:47

2 posts

### Impact _What kind of vulnerability is it? Who is impacted?_ Multiple vulnerabilities allow unauthorized users to bypass authentication or authorization checks and call certain etcd functions in clusters that expose the gRPC API to untrusted or partially trusted clients. In unpatched etcd clusters with etcd auth enabled, unauthorized users are able to: - call MemberList and learn cluster t

Matchbook3469@mastodon.social at 2026-03-27T17:42:52.000Z ##

🔶 New security advisory:

CVE-2026-33413 affects Etcd Etcd.

• Impact: Significant security breach potential
• Risk: Unauthorized access or data exposure
• Mitigation: Apply patches within 24-48 hours

Full breakdown:
yazoul.net/advisory/cve/cve-20

#Cybersecurity #SecurityPatching #HackerNews

##
thehackerwire@mastodon.social at 2026-03-26T22:22:36.000Z ##

🟠 CVE-2026-33413 - High (8.8)

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, unauthorized users may bypass authentication or authorization checks and call certain etcd functions in clusters that expose t...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-53521
(9.8 CRITICAL)

EPSS: 19.16%

updated 2026-03-27T20:43:45.780000

9 posts

When a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code Execution (RCE).   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

beyondmachines1 at 2026-03-28T12:01:46.852Z ##

F5 Warns of Critical BIG-IP APM Zero-Day Exploited by Nation-State Actors

F5 re-categorized a BIG-IP APM vulnerability (CVE-2025-53521) from a DoS to a critical 9.8 RCE after discovering active exploitation by a nation-state actor using memory-only webshells and lateral movement tools. The flaw allows unauthenticated attackers to execute code and gain full control over network access infrastructure.

**If you have F5 BIG-IP APM devices, if possible make sure they are isolated from the internet and accessible from trusted networks only. Then immediately update to the fixed firmware versions (17.5.1.3, 17.1.3, 16.1.6.1, or 15.1.10.8). If you suspect a device has already been compromised, rebuild it from scratch - don't restore from backups, as they may contain persistent malware. Also, audit for disabled SELinux and unauthorized webshells.**

beyondmachines.net/event_detai

##
undercodenews@mastodon.social at 2026-03-28T11:40:09.000Z ##

Critical F5 Vulnerability Sparks Alarm as Active Exploitation Forces Urgent Global Patching

Introduction: A New Cybersecurity Emergency Unfolds A newly disclosed cybersecurity threat has quickly escalated into a global concern after authorities confirmed active exploitation in the wild. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added a high-severity vulnerability—CVE-2025-53521—affecting F5 BIG-IP Access Policy Manager (APM)…

undercodenews.com/critical-f5-

##
secdb at 2026-03-28T02:00:13.684Z ##

🚨 [CISA-2026:0327] CISA Adds One Known Exploited Vulnerability to Catalog (secdb.nttzen.cloud/security-ad)

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2025-53521 (secdb.nttzen.cloud/cve/detail/)
- Name: F5 BIG-IP Unspecified Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: F5
- Product: BIG-IP
- Notes: Please adhere to F5’s guidelines to assess exposure and mitigate risks. Check for signs of potential compromise on all internet accessible F5 products affected by this vulnerability. For more information please see: my.f5.com/manage/s/article/K00 ; my.f5.com/manage/s/article/K00 ; my.f5.com/manage/s/article/K11 ; nvd.nist.gov/vuln/detail/CVE-2

##
GossiTheDog@cyberplace.social at 2026-03-27T21:36:49.000Z ##

For F5 BIG-IP APM customers, CVE-2025-53521 is being exploited in the wild by a nation state threat actor

It allows unauth RCE and applies to the data plane (not the management interface) - the one available over the internet.

my.f5.com/manage/s/article/K00

Attackers have been deploying webshells, so boxes are still vuln post patching if already exploited prior.

##
cisakevtracker@mastodon.social at 2026-03-27T21:00:46.000Z ##

CVE ID: CVE-2025-53521
Vendor: F5
Product: BIG-IP
Date Added: 2026-03-27
Notes: Please adhere to F5’s guidelines to assess exposure and mitigate risks. Check for signs of potential compromise on all internet accessible F5 products affected by this vulnerability. For more information please see: my.f5.com/manage/s/article/K00 ; my.f5.com/manage/s/article/K00 ; my.f5.com/manage/s/article/K11 ; nvd.nist.gov/vuln/detail/CVE-2
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##
beyondmachines1@infosec.exchange at 2026-03-28T12:01:46.000Z ##

F5 Warns of Critical BIG-IP APM Zero-Day Exploited by Nation-State Actors

F5 re-categorized a BIG-IP APM vulnerability (CVE-2025-53521) from a DoS to a critical 9.8 RCE after discovering active exploitation by a nation-state actor using memory-only webshells and lateral movement tools. The flaw allows unauthenticated attackers to execute code and gain full control over network access infrastructure.

**If you have F5 BIG-IP APM devices, if possible make sure they are isolated from the internet and accessible from trusted networks only. Then immediately update to the fixed firmware versions (17.5.1.3, 17.1.3, 16.1.6.1, or 15.1.10.8). If you suspect a device has already been compromised, rebuild it from scratch - don't restore from backups, as they may contain persistent malware. Also, audit for disabled SELinux and unauthorized webshells.**
#cybersecurity #infosec #attack #activeexploit
beyondmachines.net/event_detai

##
secdb@infosec.exchange at 2026-03-28T02:00:13.000Z ##

🚨 [CISA-2026:0327] CISA Adds One Known Exploited Vulnerability to Catalog (secdb.nttzen.cloud/security-ad)

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2025-53521 (secdb.nttzen.cloud/cve/detail/)
- Name: F5 BIG-IP Unspecified Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: F5
- Product: BIG-IP
- Notes: Please adhere to F5’s guidelines to assess exposure and mitigate risks. Check for signs of potential compromise on all internet accessible F5 products affected by this vulnerability. For more information please see: my.f5.com/manage/s/article/K00 ; my.f5.com/manage/s/article/K00 ; my.f5.com/manage/s/article/K11 ; nvd.nist.gov/vuln/detail/CVE-2

#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260327 #cisa20260327 #cve_2025_53521 #cve202553521

##
GossiTheDog@cyberplace.social at 2026-03-27T21:36:49.000Z ##

For F5 BIG-IP APM customers, CVE-2025-53521 is being exploited in the wild by a nation state threat actor

It allows unauth RCE and applies to the data plane (not the management interface) - the one available over the internet.

my.f5.com/manage/s/article/K00

Attackers have been deploying webshells, so boxes are still vuln post patching if already exploited prior.

##
cisakevtracker@mastodon.social at 2026-03-27T21:00:46.000Z ##

CVE ID: CVE-2025-53521
Vendor: F5
Product: BIG-IP
Date Added: 2026-03-27
Notes: Please adhere to F5’s guidelines to assess exposure and mitigate risks. Check for signs of potential compromise on all internet accessible F5 products affected by this vulnerability. For more information please see: my.f5.com/manage/s/article/K00 ; my.f5.com/manage/s/article/K00 ; my.f5.com/manage/s/article/K11 ; nvd.nist.gov/vuln/detail/CVE-2
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2026-34205
(9.6 CRITICAL)

EPSS: 0.02%

updated 2026-03-27T20:16:35.360000

4 posts

Home Assistant is open source home automation software that puts local control and privacy first. Home Assistant apps (formerly add-ons) configured with host network mode expose unauthenticated endpoints bound to the internal Docker bridge interface to the local network. On Linux, this configuration does not restrict access to the app as intended, allowing any device on the same network to reach t

offseq at 2026-03-28T03:00:26.822Z ##

🚨 CVE-2026-34205 (CRITICAL): Home Assistant OS ≤17.1 apps in host network mode expose unauthenticated endpoints to local networks. Upgrade to Supervisor 2026.03.02, segment networks, and review configs now! radar.offseq.com/threat/cve-20

##
thehackerwire@mastodon.social at 2026-03-27T21:00:20.000Z ##

🔴 CVE-2026-34205 - Critical (9.6)

Home Assistant is open source home automation software that puts local control and privacy first. Home Assistant apps (formerly add-ons) configured with host network mode expose unauthenticated endpoints bound to the internal Docker bridge interfa...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
offseq@infosec.exchange at 2026-03-28T03:00:26.000Z ##

🚨 CVE-2026-34205 (CRITICAL): Home Assistant OS ≤17.1 apps in host network mode expose unauthenticated endpoints to local networks. Upgrade to Supervisor 2026.03.02, segment networks, and review configs now! radar.offseq.com/threat/cve-20 #OffSeq #HomeAssistant #IoTSecurity

##
thehackerwire@mastodon.social at 2026-03-27T21:00:20.000Z ##

🔴 CVE-2026-34205 - Critical (9.6)

Home Assistant is open source home automation software that puts local control and privacy first. Home Assistant apps (formerly add-ons) configured with host network mode expose unauthenticated endpoints bound to the internal Docker bridge interfa...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33661
(8.6 HIGH)

EPSS: 0.13%

updated 2026-03-27T20:16:32.600000

1 posts

Pay is an open-source payment SDK extension package for various Chinese payment services. Prior to version 3.7.20, the `verify_wechat_sign()` function in `src/Functions.php` unconditionally skips all signature verification when the PSR-7 request reports `localhost` as the host. An attacker can exploit this by sending a crafted HTTP request to the WeChat Pay callback endpoint with a `Host: localhos

thehackerwire@mastodon.social at 2026-03-26T22:19:43.000Z ##

🟠 CVE-2026-33661 - High (8.6)

Pay is an open-source payment SDK extension package for various Chinese payment services. Prior to version 3.7.20, the `verify_wechat_sign()` function in `src/Functions.php` unconditionally skips all signature verification when the PSR-7 request r...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32241
(7.5 HIGH)

EPSS: 0.13%

updated 2026-03-27T20:16:30.570000

4 posts

Flannel is a network fabric for containers, designed for Kubernetes. The Flannel project includes an experimental Extension backend that allows users to easily prototype new backend types. In versions of Flannel prior to 0.28.2, this Extension backend is vulnerable to a command injection that allows an attacker who can set Kubernetes Node annotations to achieve root-level arbitrary command execut

thehackerwire@mastodon.social at 2026-03-27T21:39:38.000Z ##

🟠 CVE-2026-32241 - High (7.5)

Flannel is a network fabric for containers, designed for Kubernetes. The Flannel project includes an experimental Extension backend that allows users to easily prototype new backend types. In versions of Flannel prior to 0.28.2, this Extension bac...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T21:00:55.000Z ##

🟠 CVE-2026-32241 - High (7.5)

Flannel is a network fabric for containers, designed for Kubernetes. The Flannel project includes an experimental Extension backend that allows users to easily prototype new backend types. In versions of Flannel prior to 0.28.2, this Extension bac...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T21:39:38.000Z ##

🟠 CVE-2026-32241 - High (7.5)

Flannel is a network fabric for containers, designed for Kubernetes. The Flannel project includes an experimental Extension backend that allows users to easily prototype new backend types. In versions of Flannel prior to 0.28.2, this Extension bac...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T21:00:55.000Z ##

🟠 CVE-2026-32241 - High (7.5)

Flannel is a network fabric for containers, designed for Kubernetes. The Flannel project includes an experimental Extension backend that allows users to easily prototype new backend types. In versions of Flannel prior to 0.28.2, this Extension bac...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-31945
(7.7 HIGH)

EPSS: 0.03%

updated 2026-03-27T20:16:30.060000

2 posts

LibreChat is a ChatGPT clone with additional features. Versions 0.8.2-rc2 through 0.8.2 are vulnerable to a server-side request forgery (SSRF) attack when using agent actions or MCP. Although a previous SSRF vulnerability (https://github.com/danny-avila/LibreChat/security/advisories/GHSA-rgjq-4q58-m3q8) was reported and patched, the fix only introduced hostname validation. It does not verify wheth

thehackerwire@mastodon.social at 2026-03-27T21:00:54.000Z ##

🟠 CVE-2026-31945 - High (7.7)

LibreChat is a ChatGPT clone with additional features. Versions 0.8.2-rc2 through 0.8.2 are vulnerable to a server-side request forgery (SSRF) attack when using agent actions or MCP. Although a previous SSRF vulnerability (github.com/danny...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T21:00:54.000Z ##

🟠 CVE-2026-31945 - High (7.7)

LibreChat is a ChatGPT clone with additional features. Versions 0.8.2-rc2 through 0.8.2 are vulnerable to a server-side request forgery (SSRF) attack when using agent actions or MCP. Although a previous SSRF vulnerability (github.com/danny...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-31943
(8.5 HIGH)

EPSS: 0.03%

updated 2026-03-27T20:16:29.897000

2 posts

LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.3, `isPrivateIP()` in `packages/api/src/auth/domain.ts` fails to detect IPv4-mapped IPv6 addresses in their hex-normalized form, allowing any authenticated user to bypass SSRF protection and make the server issue HTTP requests to internal network resources — including cloud metadata services (e.g., AWS `169.254.169.254`),

thehackerwire@mastodon.social at 2026-03-27T21:01:03.000Z ##

🟠 CVE-2026-31943 - High (8.5)

LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.3, `isPrivateIP()` in `packages/api/src/auth/domain.ts` fails to detect IPv4-mapped IPv6 addresses in their hex-normalized form, allowing any authenticated user to bypass ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T21:01:03.000Z ##

🟠 CVE-2026-31943 - High (8.5)

LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.3, `isPrivateIP()` in `packages/api/src/auth/domain.ts` fails to detect IPv4-mapped IPv6 addresses in their hex-normalized form, allowing any authenticated user to bypass ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-30303
(9.8 CRITICAL)

EPSS: 0.35%

updated 2026-03-27T20:16:28.163000

3 posts

The command auto-approval module in Axon Code contains an OS Command Injection vulnerability, rendering its whitelist security mechanism ineffective. The vulnerability stems from the incorrect use of an incompatible command parser (the Unix-based shell-quote library) to analyze commands on the Windows platform, coupled with a failure to correctly handle Windows CMD-specific escape sequences (^). A

Matchbook3469@mastodon.social at 2026-03-28T11:21:25.000Z ##

🚨 New security advisory:

CVE-2026-30303 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
yazoul.net/advisory/cve/cve-20

#Cybersecurity #SecurityPatching #HackerNews

##
thehackerwire@mastodon.social at 2026-03-27T23:05:25.000Z ##

🔴 CVE-2026-30303 - Critical (9.8)

The command auto-approval module in Axon Code contains an OS Command Injection vulnerability, rendering its whitelist security mechanism ineffective. The vulnerability stems from the incorrect use of an incompatible command parser (the Unix-based ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T23:05:25.000Z ##

🔴 CVE-2026-30303 - Critical (9.8)

The command auto-approval module in Axon Code contains an OS Command Injection vulnerability, rendering its whitelist security mechanism ineffective. The vulnerability stems from the incorrect use of an incompatible command parser (the Unix-based ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4867
(7.5 HIGH)

EPSS: 0.04%

updated 2026-03-27T20:04:54

1 posts

### Impact A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period (`.`). For example, `/:a-:b-:c` or `/:a-:b-:c-:d`. The backtrack protection added in `path-to-regexp@0.1.12` only prevents ambiguity for two parameters. With three or more, the generated lookahead does not block single separator character

thehackerwire@mastodon.social at 2026-03-26T22:00:26.000Z ##

🟠 CVE-2026-4867 - High (7.5)

Impact:

A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period (.). For example, /:a-:b-:c or /:a-:b-:c-:d. The backtrack protection added in path-to-r...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-34374
(9.1 CRITICAL)

EPSS: 0.03%

updated 2026-03-27T19:16:42.930000

4 posts

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `Live_schedule::keyExists()` method constructs a SQL query by interpolating a stream key directly into the query string without parameterization. This method is called as a fallback from `LiveTransmition::keyExists()` when the initial parameterized lookup returns no results. Although the calling function correc

offseq at 2026-03-28T04:30:27.079Z ##

🚨 CRITICAL: CVE-2026-34374 in WWBN AVideo ≤26.0 allows unauthenticated SQL injection via stream key lookup during RTMP authentication. No patch out yet. Restrict access, use WAFs, & monitor logs. Details: radar.offseq.com/threat/cve-20

##
thehackerwire@mastodon.social at 2026-03-27T21:01:13.000Z ##

🔴 CVE-2026-34374 - Critical (9.1)

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `Live_schedule::keyExists()` method constructs a SQL query by interpolating a stream key directly into the query string without parameterization. This method i...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
offseq@infosec.exchange at 2026-03-28T04:30:27.000Z ##

🚨 CRITICAL: CVE-2026-34374 in WWBN AVideo ≤26.0 allows unauthenticated SQL injection via stream key lookup during RTMP authentication. No patch out yet. Restrict access, use WAFs, & monitor logs. Details: radar.offseq.com/threat/cve-20 #OffSeq #SQLInjection #WWBN #VideoSecurity

##
thehackerwire@mastodon.social at 2026-03-27T21:01:13.000Z ##

🔴 CVE-2026-34374 - Critical (9.1)

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `Live_schedule::keyExists()` method constructs a SQL query by interpolating a stream key directly into the query string without parameterization. This method i...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33989
(8.1 HIGH)

EPSS: 0.04%

updated 2026-03-27T19:13:18

4 posts

### Summary The `@mobilenext/mobile-mcp` server contains a Path Traversal vulnerability in the `mobile_save_screenshot` and `mobile_start_screen_recording` tools. The `saveTo` and `output` parameters were passed directly to filesystem operations without validation, allowing an attacker to write files outside the intended workspace. ### Details **File:** `src/server.ts` (lines 584-592) ```typescr

thehackerwire@mastodon.social at 2026-03-27T22:24:35.000Z ##

🟠 CVE-2026-33989 - High (8.1)

Mobile Next is an MCP server for mobile development and automation. Prior to version 0.0.49, the `@mobilenext/mobile-mcp` server contains a Path Traversal vulnerability in the `mobile_save_screenshot` and `mobile_start_screen_recording` tools. The...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T22:18:49.000Z ##

🟠 CVE-2026-33989 - High (8.1)

Mobile Next is an MCP server for mobile development and automation. Prior to version 0.0.49, the `@mobilenext/mobile-mcp` server contains a Path Traversal vulnerability in the `mobile_save_screenshot` and `mobile_start_screen_recording` tools. The...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T22:24:35.000Z ##

🟠 CVE-2026-33989 - High (8.1)

Mobile Next is an MCP server for mobile development and automation. Prior to version 0.0.49, the `@mobilenext/mobile-mcp` server contains a Path Traversal vulnerability in the `mobile_save_screenshot` and `mobile_start_screen_recording` tools. The...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T22:18:49.000Z ##

🟠 CVE-2026-33989 - High (8.1)

Mobile Next is an MCP server for mobile development and automation. Prior to version 0.0.49, the `@mobilenext/mobile-mcp` server contains a Path Traversal vulnerability in the `mobile_save_screenshot` and `mobile_start_screen_recording` tools. The...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33980
(8.3 HIGH)

EPSS: 0.05%

updated 2026-03-27T19:08:13

2 posts

### Summary adx-mcp-server (<= latest, commit 48b2933) contains KQL (Kusto Query Language) injection vulnerabilities in three MCP tool handlers: `get_table_schema`, `sample_table_data`, and `get_table_details`. The `table_name` parameter is interpolated directly into KQL queries via f-strings without any validation or sanitization, allowing an attacker (or a prompt-injected AI agent) to execute a

thehackerwire@mastodon.social at 2026-03-27T22:18:43.000Z ##

🟠 CVE-2026-33980 - High (8.3)

Azure Data Explorer MCP Server is a Model Context Protocol (MCP) server that enables AI assistants to execute KQL queries and explore Azure Data Explorer (ADX/Kusto) databases through standardized interfaces. Versions up to and including 0.1.1 con...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T22:18:43.000Z ##

🟠 CVE-2026-33980 - High (8.3)

Azure Data Explorer MCP Server is a Model Context Protocol (MCP) server that enables AI assistants to execute KQL queries and explore Azure Data Explorer (ADX/Kusto) databases through standardized interfaces. Versions up to and including 0.1.1 con...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-26830
(9.8 CRITICAL)

EPSS: 0.25%

updated 2026-03-27T18:38:05

1 posts

pdf-image (npm package) through version 2.0.0 allows OS command injection via the pdfFilePath parameter. The constructGetInfoCommand and constructConvertCommandForPage functions use util.format() to interpolate user-controlled file paths into shell command strings that are executed via child_process.exec().

2 repos

https://github.com/zebbernCVE/CVE-2026-26830

https://github.com/zebbernCVE/npm-cve-2026-26830-26833

thehackerwire@mastodon.social at 2026-03-25T23:00:41.000Z ##

🔴 CVE-2026-26830 - Critical (9.8)

pdf-image (npm package) through version 2.0.0 allows OS command injection via the pdfFilePath parameter. The constructGetInfoCommand and constructConvertCommandForPage functions use util.format() to interpolate user-controlled file paths into shel...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-28367
(8.7 HIGH)

EPSS: 0.04%

updated 2026-03-27T18:31:34

2 posts

A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending `\r\r\r` as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and Google Cloud Classic Application Load Balancer, potentially leading to unauthorized access or manipulation of web requests.

thehackerwire@mastodon.social at 2026-03-27T22:01:11.000Z ##

🟠 CVE-2026-28367 - High (8.7)

A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending `\r\r\r` as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T22:01:11.000Z ##

🟠 CVE-2026-28367 - High (8.7)

A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending `\r\r\r` as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-28369
(8.7 HIGH)

EPSS: 0.13%

updated 2026-03-27T18:31:34

2 posts

A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spaces, it incorrectly processes the request by stripping these leading spaces. This behavior, which violates HTTP standards, can be exploited by a remote attacker to perform request smuggling. Request smuggling allows an attacker to bypass security mechanisms, access restricted

thehackerwire@mastodon.social at 2026-03-27T22:01:02.000Z ##

🟠 CVE-2026-28369 - High (8.7)

A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spaces, it incorrectly processes the request by stripping these leading spaces. This behavior, which violates HTTP standards, ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T22:01:02.000Z ##

🟠 CVE-2026-28369 - High (8.7)

A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spaces, it incorrectly processes the request by stripping these leading spaces. This behavior, which violates HTTP standards, ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-15381
(8.1 HIGH)

EPSS: 0.01%

updated 2026-03-27T18:31:27

2 posts

In the latest version of mlflow/mlflow, when the `basic-auth` app is enabled, tracing and assessment endpoints are not protected by permission validators. This allows any authenticated user, including those with `NO_PERMISSIONS` on the experiment, to read trace information and create assessments for traces they should not have access to. This vulnerability impacts confidentiality by exposing trace

thehackerwire@mastodon.social at 2026-03-27T22:01:36.000Z ##

🟠 CVE-2025-15381 - High (8.1)

In the latest version of mlflow/mlflow, when the `basic-auth` app is enabled, tracing and assessment endpoints are not protected by permission validators. This allows any authenticated user, including those with `NO_PERMISSIONS` on the experiment,...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T22:01:36.000Z ##

🟠 CVE-2025-15381 - High (8.1)

In the latest version of mlflow/mlflow, when the `basic-auth` app is enabled, tracing and assessment endpoints are not protected by permission validators. This allows any authenticated user, including those with `NO_PERMISSIONS` on the experiment,...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33939
(7.5 HIGH)

EPSS: 0.04%

updated 2026-03-27T18:21:16

2 posts

## Summary When a Handlebars template contains decorator syntax referencing an unregistered decorator (e.g. `{{*n}}`), the compiled template calls `lookupProperty(decorators, "n")`, which returns `undefined`. The runtime then immediately invokes the result as a function, causing an unhandled `TypeError: ... is not a function` that crashes the Node.js process. Any application that compiles user-su

thehackerwire@mastodon.social at 2026-03-27T22:33:53.000Z ##

🟠 CVE-2026-33939 - High (7.5)

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, when a Handlebars template contains decorator syntax referencing an unregistered decorator (e.g. `{{*n}}`), the compiled template calls...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T22:33:53.000Z ##

🟠 CVE-2026-33939 - High (7.5)

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, when a Handlebars template contains decorator syntax referencing an unregistered decorator (e.g. `{{*n}}`), the compiled template calls...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33979
(8.2 HIGH)

EPSS: 0.01%

updated 2026-03-27T17:56:47

4 posts

## Description A vulnerability has been identified in express-xss-sanitizer (<= 2.0.1) where restrictive sanitization configurations are silently ignored. When a developer explicitly sets: allowedTags: [] allowedAttributes: {} the library incorrectly treats these values as "not provided" due to length/emptiness checks, and falls back to sanitize-html's default configuration. As a result, i

thehackerwire@mastodon.social at 2026-03-27T22:24:27.000Z ##

🟠 CVE-2026-33979 - High (8.2)

Express XSS Sanitizer is Express 4.x and 5.x middleware which sanitizes user input data (in req.body, req.query, req.headers and req.params) to prevent Cross Site Scripting (XSS) attack. A vulnerability has been identified in versions prior to 2.0...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T22:18:40.000Z ##

🟠 CVE-2026-33979 - High (8.2)

Express XSS Sanitizer is Express 4.x and 5.x middleware which sanitizes user input data (in req.body, req.query, req.headers and req.params) to prevent Cross Site Scripting (XSS) attack. A vulnerability has been identified in versions prior to 2.0...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T22:24:27.000Z ##

🟠 CVE-2026-33979 - High (8.2)

Express XSS Sanitizer is Express 4.x and 5.x middleware which sanitizes user input data (in req.body, req.query, req.headers and req.params) to prevent Cross Site Scripting (XSS) attack. A vulnerability has been identified in versions prior to 2.0...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T22:18:40.000Z ##

🟠 CVE-2026-33979 - High (8.2)

Express XSS Sanitizer is Express 4.x and 5.x middleware which sanitizes user input data (in req.body, req.query, req.headers and req.params) to prevent Cross Site Scripting (XSS) attack. A vulnerability has been identified in versions prior to 2.0...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33897
(10.0 CRITICAL)

EPSS: 0.05%

updated 2026-03-27T17:17:04

2 posts

### Summary Instance template files can be used to cause arbitrary read or writes as root on the host server. ### Details Incus allows for pongo2 templates within instances which can be used at various times in the instance lifecycle to template files inside of the instance. This particular implementation of pongo2 within Incus allowed for file read/write but with the expectation that the pongo2

offseq@infosec.exchange at 2026-03-27T04:30:29.000Z ##

🚨 CVE-2026-33897 (CRITICAL, CVSS 10): Incus <6.23.0 flaw in pongo2 template isolation lets attackers with local access escape containers & gain root on host. Upgrade ASAP! radar.offseq.com/threat/cve-20 #OffSeq #LinuxSecurity #CVE202633897 #Containers

##
thehackerwire@mastodon.social at 2026-03-26T23:17:57.000Z ##

🔴 CVE-2026-33897 - Critical (9.9)

Incus is a system container and virtual machine manager. Prior to version 6.23.0, instance template files can be used to cause arbitrary read or writes as root on the host server. Incus allows for pongo2 templates within instances which can be use...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-28368
(8.7 HIGH)

EPSS: 0.10%

updated 2026-03-27T17:16:27.993000

2 posts

A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where header names are parsed differently by Undertow compared to upstream proxies. This discrepancy in header interpretation can be exploited to launch request smuggling attacks, potentially bypassing security controls and accessing unauthorized resources.

thehackerwire@mastodon.social at 2026-03-27T22:01:20.000Z ##

🟠 CVE-2026-28368 - High (8.7)

A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where header names are parsed differently by Undertow compared to upstream proxies. This discrepancy in header interpretation can be ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T22:01:20.000Z ##

🟠 CVE-2026-28368 - High (8.7)

A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where header names are parsed differently by Undertow compared to upstream proxies. This discrepancy in header interpretation can be ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-27876
(9.1 CRITICAL)

EPSS: 0.08%

updated 2026-03-27T17:16:27.600000

4 posts

A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact (RCE). This is enabled by a feature in Grafana (OSS), so all users are always recommended to update to avoid future attack vectors going this path. Only instances with the sqlExpressions feature toggle enabled are vulnerable.

luca@social.luca.run at 2026-03-28T11:06:17.000Z ##

- Syncthing got a 2.0 release and switched from LevelDB to SQLite github.com/syncthing/syncthing
- macOS did that weird (a) Upgrade support.apple.com/de-de/126604 and is now at 2.6.4 with 8 (eight!) new emojis support.apple.com/en-us/122868
- Grafana security fix 12.4.1 -> 12.4.2 grafana.com/blog/grafana-secur
- TandoorRecipes got shared shopping lists and pantry inventory with 2.6.0 and an security update to 2.6.1 github.com/TandoorRecipes/reci
- Grist, qbittorrent and smokeping got updates for their containers. I haven't figured out what changed. hub.docker.com/r/gristlabs/gri github.com/linuxserver/docker- github.com/linuxserver/docker-
- Redis 8.6.2 with some bugfixes github.com/redis/redis/releases
- Home Assistant 2026.3.3 -> 2026.3.4. Nothing interesting. github.com/home-assistant/core
- oh-my-zsh with tiny changes github.com/ohmyzsh/ohmyzsh/com
- Next section is done by homebrew. I don't even know what half of the stuff is used for. Don't judge for having fish and zsh.
ffmpeg 8.0.1_4 -> 8.1
pandoc 3.9 -> 3.9.0.2
nghttp2 1.68.0_1 -> 1.68.1
simdjson 4.4.0 -> 4.4.2
freetype 2.14.2 -> 2.14.3
cryptography 46.0.5 -> 46.0.6
ipython 9.11.0 -> 9.12.0
libavif 1.4.0 -> 1.4.1
harfbuzz 13.1.1 -> 13.2.1
glib 2.86.4 -> 2.88.0
aom 3.13.1 -> 3.13.2
svt-av1 4.0.1 -> 4.1.0
libnghttp2 1.68.0 -> 1.68.1
openexr 3.4.6 -> 3.4.8
ca-certificates 2025-12-02 -> 2026-03-19
esphome 2026.2.4 -> 2026.3.1
jupyterlab 4.5.6 -> 4.5.6_1
ada-url 3.4.3 -> 3.4.4
node 25.8.1_1 -> 25.8.2
fish 4.5.0 -> 4.6.0
icu4c@78 78.2 -> 78.3
jpeg-turbo 3.1.3 -> 3.1.4
- tailscale 1.96.2 now with easy file transfers "taildrop" tailscale.com/changelog
- Xcode 26.4 developer.apple.com/documentat

I haven't touched my desktop yet and probably won't.

Edit 1
I missed the Nextcloud update because I use that weird Nextcloud All-In-One container. nextcloud.com/changelog/

Edit 2
How did I miss the Mastodon upgrade from 4.5.7 to 4.5.8. I may be gone for a moment. github.com/mastodon/mastodon/r

Edit 3
Why do I run a server in the garage?
evcc 0.209.6 -> 0.303.2 github.com/evcc-io/evcc/releas

##
thehackerwire@mastodon.social at 2026-03-27T23:15:48.000Z ##

🔴 CVE-2026-27876 - Critical (9.1)

A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact (RCE). This is enabled by a feature in Grafana (OSS), so all users are always recommended to update to avoid future attack ve...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
luca@social.luca.run at 2026-03-28T11:06:17.000Z ##

- Syncthing got a 2.0 release and switched from LevelDB to SQLite github.com/syncthing/syncthing
- macOS did that weird (a) Upgrade support.apple.com/de-de/126604 and is now at 2.6.4 with 8 (eight!) new emojis support.apple.com/en-us/122868
- Grafana security fix 12.4.1 -> 12.4.2 grafana.com/blog/grafana-secur
- TandoorRecipes got shared shopping lists and pantry inventory with 2.6.0 and an security update to 2.6.1 github.com/TandoorRecipes/reci
- Grist, qbittorrent and smokeping got updates for their containers. I haven't figured out what changed. hub.docker.com/r/gristlabs/gri github.com/linuxserver/docker- github.com/linuxserver/docker-
- Redis 8.6.2 with some bugfixes github.com/redis/redis/releases
- Home Assistant 2026.3.3 -> 2026.3.4. Nothing interesting. github.com/home-assistant/core
- oh-my-zsh with tiny changes github.com/ohmyzsh/ohmyzsh/com
- Next section is done by homebrew. I don't even know what half of the stuff is used for. Don't judge for having fish and zsh.
ffmpeg 8.0.1_4 -> 8.1
pandoc 3.9 -> 3.9.0.2
nghttp2 1.68.0_1 -> 1.68.1
simdjson 4.4.0 -> 4.4.2
freetype 2.14.2 -> 2.14.3
cryptography 46.0.5 -> 46.0.6
ipython 9.11.0 -> 9.12.0
libavif 1.4.0 -> 1.4.1
harfbuzz 13.1.1 -> 13.2.1
glib 2.86.4 -> 2.88.0
aom 3.13.1 -> 3.13.2
svt-av1 4.0.1 -> 4.1.0
libnghttp2 1.68.0 -> 1.68.1
openexr 3.4.6 -> 3.4.8
ca-certificates 2025-12-02 -> 2026-03-19
esphome 2026.2.4 -> 2026.3.1
jupyterlab 4.5.6 -> 4.5.6_1
ada-url 3.4.3 -> 3.4.4
node 25.8.1_1 -> 25.8.2
fish 4.5.0 -> 4.6.0
icu4c@78 78.2 -> 78.3
jpeg-turbo 3.1.3 -> 3.1.4
- tailscale 1.96.2 now with easy file transfers "taildrop" tailscale.com/changelog
- Xcode 26.4 developer.apple.com/documentat

I haven't touched my desktop yet and probably won't.

Edit 1
I missed the Nextcloud update because I use that weird Nextcloud All-In-One container. nextcloud.com/changelog/

Edit 2
How did I miss the Mastodon upgrade from 4.5.7 to 4.5.8. I may be gone for a moment. github.com/mastodon/mastodon/r

Edit 3
Why do I run a server in the garage?
evcc 0.209.6 -> 0.303.2 github.com/evcc-io/evcc/releas

##
thehackerwire@mastodon.social at 2026-03-27T23:15:48.000Z ##

🔴 CVE-2026-27876 - Critical (9.1)

A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact (RCE). This is enabled by a feature in Grafana (OSS), so all users are always recommended to update to avoid future attack ve...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-1961
(8.0 HIGH)

EPSS: 0.12%

updated 2026-03-27T17:16:27.193000

1 posts

A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman's WebSocket proxy implementation. This vulnerability arises from the system's use of unsanitized hostname values from compute resource providers when constructing shell commands. By operating a malicious compute resource server, an attacker could achieve remote code execution on the Foreman se

thehackerwire@mastodon.social at 2026-03-26T23:16:01.000Z ##

🟠 CVE-2026-1961 - High (8)

A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman's WebSocket proxy implementation. This vulnerability arises from the system's use of unsanitized hostname values from compute resource provid...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4984
(8.2 HIGH)

EPSS: 0.03%

updated 2026-03-27T15:30:32

4 posts

The Twilio integration webhook handler accepts any POST request without validating Twilio's 'X-Twilio-Signature'. When processing media messages, it fetches user-controlled URLs ('MediaUrlN' parameters) using HTTP requests that include the integration's Twilio credentials in the 'Authorization' header. An attacker can forge a webhook payload pointing to their own server and receive the victim's

thehackerwire@mastodon.social at 2026-03-27T22:14:50.000Z ##

🟠 CVE-2026-4984 - High (8.2)

The Twilio integration webhook handler accepts any POST request without validating Twilio's 'X-Twilio-Signature'.

When processing media messages, it fetches user-controlled URLs ('MediaUrlN' parameters) using HTTP requests that include the integr...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
AAKL at 2026-03-27T18:19:59.863Z ##

Tenable Research Advisories have listed several vulnerabilities, three of them high-severity.

High: CVE-2026-5027: Langflow - Path Traversal Arbitrary File Write via upload_user_file tenable.com/security/research/

High: CVE-2026-5026: Langflow - Stored XSS via Malicious SVG Upload tenable.com/security/research/

High: CVE-2026-4984: Botpress - Credential Disclosure via Twilio Webhook Handler tenable.com/security/research/

More here: tenable.com/security/research @tenable

##
thehackerwire@mastodon.social at 2026-03-27T22:14:50.000Z ##

🟠 CVE-2026-4984 - High (8.2)

The Twilio integration webhook handler accepts any POST request without validating Twilio's 'X-Twilio-Signature'.

When processing media messages, it fetches user-controlled URLs ('MediaUrlN' parameters) using HTTP requests that include the integr...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
AAKL@infosec.exchange at 2026-03-27T18:19:59.000Z ##

Tenable Research Advisories have listed several vulnerabilities, three of them high-severity.

High: CVE-2026-5027: Langflow - Path Traversal Arbitrary File Write via upload_user_file tenable.com/security/research/

High: CVE-2026-5026: Langflow - Stored XSS via Malicious SVG Upload tenable.com/security/research/

High: CVE-2026-4984: Botpress - Credential Disclosure via Twilio Webhook Handler tenable.com/security/research/

More here: tenable.com/security/research @tenable #infosec #vulnerability

##

CVE-2026-5026(CVSS UNKNOWN)

EPSS: 0.07%

updated 2026-03-27T15:30:32

2 posts

The '/api/v1/files/images/{flow_id}/{file_name}' endpoint serves SVG files with the 'image/svg+xml' content type without sanitizing their content. Since SVG files can contain embedded JavaScript, an attacker can upload a malicious SVG that executes arbitrary JavaScript when viewed by other users, leading to stored cross-site scripting (XSS). This allows stealing authentication tokens stored in co

AAKL at 2026-03-27T18:19:59.863Z ##

Tenable Research Advisories have listed several vulnerabilities, three of them high-severity.

High: CVE-2026-5027: Langflow - Path Traversal Arbitrary File Write via upload_user_file tenable.com/security/research/

High: CVE-2026-5026: Langflow - Stored XSS via Malicious SVG Upload tenable.com/security/research/

High: CVE-2026-4984: Botpress - Credential Disclosure via Twilio Webhook Handler tenable.com/security/research/

More here: tenable.com/security/research @tenable

##
AAKL@infosec.exchange at 2026-03-27T18:19:59.000Z ##

Tenable Research Advisories have listed several vulnerabilities, three of them high-severity.

High: CVE-2026-5027: Langflow - Path Traversal Arbitrary File Write via upload_user_file tenable.com/security/research/

High: CVE-2026-5026: Langflow - Stored XSS via Malicious SVG Upload tenable.com/security/research/

High: CVE-2026-4984: Botpress - Credential Disclosure via Twilio Webhook Handler tenable.com/security/research/

More here: tenable.com/security/research @tenable #infosec #vulnerability

##

CVE-2026-5027
(8.8 HIGH)

EPSS: 0.05%

updated 2026-03-27T15:17:04.743000

4 posts

The 'POST /api/v2/files' endpoint does not sanitize the 'filename' parameter from the multipart form data, allowing an attacker to write files to arbitrary locations on the filesystem using path traversal sequences ('../').

thehackerwire@mastodon.social at 2026-03-27T22:01:54.000Z ##

🟠 CVE-2026-5027 - High (8.8)

The 'POST /api/v2/files' endpoint does not sanitize the 'filename' parameter from the multipart form data, allowing an attacker to write files to arbitrary locations on the filesystem using path traversal sequences ('../').

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
AAKL at 2026-03-27T18:19:59.863Z ##

Tenable Research Advisories have listed several vulnerabilities, three of them high-severity.

High: CVE-2026-5027: Langflow - Path Traversal Arbitrary File Write via upload_user_file tenable.com/security/research/

High: CVE-2026-5026: Langflow - Stored XSS via Malicious SVG Upload tenable.com/security/research/

High: CVE-2026-4984: Botpress - Credential Disclosure via Twilio Webhook Handler tenable.com/security/research/

More here: tenable.com/security/research @tenable

##
thehackerwire@mastodon.social at 2026-03-27T22:01:54.000Z ##

🟠 CVE-2026-5027 - High (8.8)

The 'POST /api/v2/files' endpoint does not sanitize the 'filename' parameter from the multipart form data, allowing an attacker to write files to arbitrary locations on the filesystem using path traversal sequences ('../').

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
AAKL@infosec.exchange at 2026-03-27T18:19:59.000Z ##

Tenable Research Advisories have listed several vulnerabilities, three of them high-severity.

High: CVE-2026-5027: Langflow - Path Traversal Arbitrary File Write via upload_user_file tenable.com/security/research/

High: CVE-2026-5026: Langflow - Stored XSS via Malicious SVG Upload tenable.com/security/research/

High: CVE-2026-4984: Botpress - Credential Disclosure via Twilio Webhook Handler tenable.com/security/research/

More here: tenable.com/security/research @tenable #infosec #vulnerability

##

CVE-2026-33757
(9.6 CRITICAL)

EPSS: 0.06%

updated 2026-03-27T15:16:57.690000

2 posts

OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao does not prompt for user confirmation when logging in via JWT/OIDC and a role with `callback_mode` set to `direct`. This allows an attacker to start an authentication request and perform "remote phishing" by having the victim visit the URL and automatically log-in to the session of the attacker. Des

thehackerwire@mastodon.social at 2026-03-27T22:15:08.000Z ##

🔴 CVE-2026-33757 - Critical (9.6)

OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao does not prompt for user confirmation when logging in via JWT/OIDC and a role with `callback_mode` set to `direct`. This allows an attacker to star...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T22:15:08.000Z ##

🔴 CVE-2026-33757 - Critical (9.6)

OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao does not prompt for user confirmation when logging in via JWT/OIDC and a role with `callback_mode` set to `direct`. This allows an attacker to star...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-28377
(7.5 HIGH)

EPSS: 0.01%

updated 2026-03-27T15:16:51.693000

1 posts

A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the /status/config endpoint, potentially allowing unauthorized users to obtain the key used to encrypt trace data stored in S3. Thanks to william_goodfellow for reporting this vulnerability.

thehackerwire@mastodon.social at 2026-03-26T22:20:02.000Z ##

🟠 CVE-2026-28377 - High (7.5)

A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the /status/config endpoint, potentially allowing unauthorized users to obtain the key used to encrypt trace data stored in S3.

Thanks to william_goodfellow...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-27880
(7.5 HIGH)

EPSS: 0.01%

updated 2026-03-27T15:16:51.323000

4 posts

The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes.

luca@social.luca.run at 2026-03-28T11:06:17.000Z ##

- Syncthing got a 2.0 release and switched from LevelDB to SQLite github.com/syncthing/syncthing
- macOS did that weird (a) Upgrade support.apple.com/de-de/126604 and is now at 2.6.4 with 8 (eight!) new emojis support.apple.com/en-us/122868
- Grafana security fix 12.4.1 -> 12.4.2 grafana.com/blog/grafana-secur
- TandoorRecipes got shared shopping lists and pantry inventory with 2.6.0 and an security update to 2.6.1 github.com/TandoorRecipes/reci
- Grist, qbittorrent and smokeping got updates for their containers. I haven't figured out what changed. hub.docker.com/r/gristlabs/gri github.com/linuxserver/docker- github.com/linuxserver/docker-
- Redis 8.6.2 with some bugfixes github.com/redis/redis/releases
- Home Assistant 2026.3.3 -> 2026.3.4. Nothing interesting. github.com/home-assistant/core
- oh-my-zsh with tiny changes github.com/ohmyzsh/ohmyzsh/com
- Next section is done by homebrew. I don't even know what half of the stuff is used for. Don't judge for having fish and zsh.
ffmpeg 8.0.1_4 -> 8.1
pandoc 3.9 -> 3.9.0.2
nghttp2 1.68.0_1 -> 1.68.1
simdjson 4.4.0 -> 4.4.2
freetype 2.14.2 -> 2.14.3
cryptography 46.0.5 -> 46.0.6
ipython 9.11.0 -> 9.12.0
libavif 1.4.0 -> 1.4.1
harfbuzz 13.1.1 -> 13.2.1
glib 2.86.4 -> 2.88.0
aom 3.13.1 -> 3.13.2
svt-av1 4.0.1 -> 4.1.0
libnghttp2 1.68.0 -> 1.68.1
openexr 3.4.6 -> 3.4.8
ca-certificates 2025-12-02 -> 2026-03-19
esphome 2026.2.4 -> 2026.3.1
jupyterlab 4.5.6 -> 4.5.6_1
ada-url 3.4.3 -> 3.4.4
node 25.8.1_1 -> 25.8.2
fish 4.5.0 -> 4.6.0
icu4c@78 78.2 -> 78.3
jpeg-turbo 3.1.3 -> 3.1.4
- tailscale 1.96.2 now with easy file transfers "taildrop" tailscale.com/changelog
- Xcode 26.4 developer.apple.com/documentat

I haven't touched my desktop yet and probably won't.

Edit 1
I missed the Nextcloud update because I use that weird Nextcloud All-In-One container. nextcloud.com/changelog/

Edit 2
How did I miss the Mastodon upgrade from 4.5.7 to 4.5.8. I may be gone for a moment. github.com/mastodon/mastodon/r

Edit 3
Why do I run a server in the garage?
evcc 0.209.6 -> 0.303.2 github.com/evcc-io/evcc/releas

##
thehackerwire@mastodon.social at 2026-03-27T23:05:34.000Z ##

🟠 CVE-2026-27880 - High (7.5)

The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
luca@social.luca.run at 2026-03-28T11:06:17.000Z ##

- Syncthing got a 2.0 release and switched from LevelDB to SQLite github.com/syncthing/syncthing
- macOS did that weird (a) Upgrade support.apple.com/de-de/126604 and is now at 2.6.4 with 8 (eight!) new emojis support.apple.com/en-us/122868
- Grafana security fix 12.4.1 -> 12.4.2 grafana.com/blog/grafana-secur
- TandoorRecipes got shared shopping lists and pantry inventory with 2.6.0 and an security update to 2.6.1 github.com/TandoorRecipes/reci
- Grist, qbittorrent and smokeping got updates for their containers. I haven't figured out what changed. hub.docker.com/r/gristlabs/gri github.com/linuxserver/docker- github.com/linuxserver/docker-
- Redis 8.6.2 with some bugfixes github.com/redis/redis/releases
- Home Assistant 2026.3.3 -> 2026.3.4. Nothing interesting. github.com/home-assistant/core
- oh-my-zsh with tiny changes github.com/ohmyzsh/ohmyzsh/com
- Next section is done by homebrew. I don't even know what half of the stuff is used for. Don't judge for having fish and zsh.
ffmpeg 8.0.1_4 -> 8.1
pandoc 3.9 -> 3.9.0.2
nghttp2 1.68.0_1 -> 1.68.1
simdjson 4.4.0 -> 4.4.2
freetype 2.14.2 -> 2.14.3
cryptography 46.0.5 -> 46.0.6
ipython 9.11.0 -> 9.12.0
libavif 1.4.0 -> 1.4.1
harfbuzz 13.1.1 -> 13.2.1
glib 2.86.4 -> 2.88.0
aom 3.13.1 -> 3.13.2
svt-av1 4.0.1 -> 4.1.0
libnghttp2 1.68.0 -> 1.68.1
openexr 3.4.6 -> 3.4.8
ca-certificates 2025-12-02 -> 2026-03-19
esphome 2026.2.4 -> 2026.3.1
jupyterlab 4.5.6 -> 4.5.6_1
ada-url 3.4.3 -> 3.4.4
node 25.8.1_1 -> 25.8.2
fish 4.5.0 -> 4.6.0
icu4c@78 78.2 -> 78.3
jpeg-turbo 3.1.3 -> 3.1.4
- tailscale 1.96.2 now with easy file transfers "taildrop" tailscale.com/changelog
- Xcode 26.4 developer.apple.com/documentat

I haven't touched my desktop yet and probably won't.

Edit 1
I missed the Nextcloud update because I use that weird Nextcloud All-In-One container. nextcloud.com/changelog/

Edit 2
How did I miss the Mastodon upgrade from 4.5.7 to 4.5.8. I may be gone for a moment. github.com/mastodon/mastodon/r

Edit 3
Why do I run a server in the garage?
evcc 0.209.6 -> 0.303.2 github.com/evcc-io/evcc/releas

##
thehackerwire@mastodon.social at 2026-03-27T23:05:34.000Z ##

🟠 CVE-2026-27880 - High (7.5)

The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-27858
(7.5 HIGH)

EPSS: 0.05%

updated 2026-03-27T09:16:20.073000

3 posts

Attacker can send a specifically crafted message before authentication that causes managesieve to allocate large amount of memory. Attacker can force managesieve-login to be unavailable by repeatedly crashing the process. Protect access to managesieve protocol, or install fixed version. No publicly available exploits are known.

thehackerwire@mastodon.social at 2026-03-27T23:15:58.000Z ##

🟠 CVE-2026-27858 - High (7.5)

Attacker can send a specifically crafted message before authentication that causes managesieve to allocate large amount of memory.
Attacker can force managesieve-login to be unavailable by repeatedly crashing the process. Protect access to manag...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T23:15:58.000Z ##

🟠 CVE-2026-27858 - High (7.5)

Attacker can send a specifically crafted message before authentication that causes managesieve to allocate large amount of memory.
Attacker can force managesieve-login to be unavailable by repeatedly crashing the process. Protect access to manag...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
offseq@infosec.exchange at 2026-03-27T09:00:44.000Z ##

⚠️ CVE-2026-27858 (HIGH, 7.5): OX Dovecot Pro’s managesieve is at risk of remote DoS via unauthenticated memory exhaustion. Restrict access, monitor logs, and patch ASAP. No public exploits yet, but stay alert. radar.offseq.com/threat/cve-20 #OffSeq #Dovecot #EmailSecurity

##

CVE-2026-24031
(7.7 HIGH)

EPSS: 0.05%

updated 2026-03-27T09:16:19.447000

2 posts

Dovecot SQL based authentication can be bypassed when auth_username_chars is cleared by admin. This vulnerability allows bypassing authentication for any user and user enumeration. Do not clear auth_username_chars. If this is not possible, install latest fixed version. No publicly available exploits are known.

thehackerwire@mastodon.social at 2026-03-27T23:16:09.000Z ##

🟠 CVE-2026-24031 - High (7.7)

Dovecot SQL based authentication can be bypassed when auth_username_chars is cleared by admin. This vulnerability allows bypassing authentication for any user and user enumeration. Do not clear auth_username_chars. If this is not possible, install...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T23:16:09.000Z ##

🟠 CVE-2026-24031 - High (7.7)

Dovecot SQL based authentication can be bypassed when auth_username_chars is cleared by admin. This vulnerability allows bypassing authentication for any user and user enumeration. Do not clear auth_username_chars. If this is not possible, install...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-22738
(9.8 CRITICAL)

EPSS: 0.07%

updated 2026-03-27T06:16:37.663000

1 posts

In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A malicious actor could exploit this to execute arbitrary code. Only applications that use SimpleVectorStore and pass user-supplied input as a filter expression key are affected. This issue affects Spring AI: from 1.0.0 before 1.0.5, from 1.1.0 before 1.1.4.

offseq@infosec.exchange at 2026-03-27T06:00:29.000Z ##

🚨 CRITICAL: CVE-2026-22738 in Spring AI SimpleVectorStore allows unauth RCE via SpEL injection (1.0.0 – 1.0.4, 1.1.0 – 1.1.3). Patch to 1.0.5/1.1.4 when released. Validate input now! radar.offseq.com/threat/cve-20 #OffSeq #SpringAI #infosec #CVE202622738

##

CVE-2026-34352
(8.4 HIGH)

EPSS: 0.01%

updated 2026-03-27T00:31:32

1 posts

In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen contents, or cause an application crash, because of incorrect permissions.

thehackerwire@mastodon.social at 2026-03-26T23:18:07.000Z ##

🟠 CVE-2026-34352 - High (8.5)

In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen contents, or cause an application crash, because of incorrect permissions.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4902
(8.8 HIGH)

EPSS: 0.05%

updated 2026-03-27T00:31:32

1 posts

A vulnerability was detected in Tenda AC5 15.03.06.47. This affects the function fromAddressNat of the file /goform/addressNat of the component POST Request Handler. The manipulation of the argument page results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used.

thehackerwire@mastodon.social at 2026-03-26T23:17:01.000Z ##

🟠 CVE-2026-4902 - High (8.8)

A vulnerability was detected in Tenda AC5 15.03.06.47. This affects the function fromAddressNat of the file /goform/addressNat of the component POST Request Handler. The manipulation of the argument page results in stack-based buffer overflow. The...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-12805
(8.1 HIGH)

EPSS: 0.03%

updated 2026-03-27T00:31:32

1 posts

A flaw was found in Red Hat OpenShift AI (RHOAI) llama-stack-operator. This vulnerability allows unauthorized access to Llama Stack services deployed in other namespaces via direct network requests, because no NetworkPolicy restricts access to the llama-stack service endpoint. As a result, a user in one namespace can access another user’s Llama Stack instance and potentially view or manipulate sen

thehackerwire@mastodon.social at 2026-03-26T22:21:06.000Z ##

🟠 CVE-2025-12805 - High (8.1)

A flaw was found in Red Hat OpenShift AI (RHOAI) llama-stack-operator. This vulnerability allows unauthorized access to Llama Stack services deployed in other namespaces via direct network requests, because no NetworkPolicy restricts access to the...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-3650
(7.5 HIGH)

EPSS: 0.05%

updated 2026-03-27T00:31:32

2 posts

A memory leak exists in the Grassroots DICOM library (GDCM). The bug occurs when parsing malformed DICOM files with non-standard VR types in file meta information. The vulnerability leads to vast memory allocations and resource depletion, triggering a denial-of-service condition. A maliciously crafted file can fill the heap in a single read operation without properly releasing it.

thehackerwire@mastodon.social at 2026-03-26T22:18:27.000Z ##

🟠 CVE-2026-3650 - High (7.5)

A memory leak exists in the Grassroots DICOM library (GDCM). The bug occurs when parsing malformed DICOM files with non-standard VR types in file meta information. The vulnerability leads to vast memory allocations and resource depletion, triggeri...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
technadu@infosec.exchange at 2026-03-26T11:32:07.000Z ##

CVE-2026-3650 in Grassroots DICOM (GDCM):

• Memory leak via malformed DICOM parsing
• CVSS 7.5 → DoS risk
• No patch, no maintainer response
• Impacts healthcare imaging pipelines
Mitigate via isolation + strict input controls.

Source: hipaajournal.com/grassroots-di

Follow @technadu for more.

#InfoSec #HealthcareSecurity #Vulnerability

##

CVE-2026-33945
(9.9 CRITICAL)

EPSS: 0.06%

updated 2026-03-27T00:16:23.633000

1 posts

Incus is a system container and virtual machine manager. Incus instances have an option to provide credentials to systemd in the guest. For containers, this is handled through a shared directory. Prior to version 6.23.0, an attacker can set a configuration key named something like `systemd.credential.../../../../../../root/.bashrc` to cause Incus to write outside of the `credentials` directory ass

offseq@infosec.exchange at 2026-03-27T00:00:42.000Z ##

🚨 CVE-2026-33945 (CRITICAL, CVSS 10): lxc incus <6.23.0 is vulnerable to path traversal, enabling attackers to write as root & escalate privileges. Upgrade to 6.23.0+ ASAP, restrict config access! radar.offseq.com/threat/cve-20 #OffSeq #CVE202633945 #ContainerSecurity

##

CVE-2026-4903
(8.8 HIGH)

EPSS: 0.05%

updated 2026-03-26T23:16:21.307000

1 posts

A flaw has been found in Tenda AC5 15.03.06.47. This vulnerability affects the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. This manipulation of the argument PPPOEPassword causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been published and may be used.

thehackerwire@mastodon.social at 2026-03-26T23:17:11.000Z ##

🟠 CVE-2026-4903 - High (8.8)

A flaw has been found in Tenda AC5 15.03.06.47. This vulnerability affects the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. This manipulation of the argument PPPOEPassword causes stack-based buffer ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33943
(8.8 HIGH)

EPSS: 0.07%

updated 2026-03-26T22:22:21

2 posts

### Summary A code injection vulnerability in `ECMAScriptModuleCompiler` allows an attacker to achieve Remote Code Execution (RCE) by injecting arbitrary JavaScript expressions inside `export { }` declarations in ES module scripts processed by happy-dom. The compiler directly interpolates unsanitized content into generated code as an executable expression, and the quote filter does not strip back

thehackerwire@mastodon.social at 2026-03-27T22:28:01.000Z ##

🟠 CVE-2026-33943 - High (8.8)

Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. In versions 15.10.0 through 20.8.7, a code injection vulnerability in `ECMAScriptModuleCompiler` allows an attacker to achieve Remote Code Execution (R...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T22:28:01.000Z ##

🟠 CVE-2026-33943 - High (8.8)

Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. In versions 15.10.0 through 20.8.7, a code injection vulnerability in `ECMAScriptModuleCompiler` allows an attacker to achieve Remote Code Execution (R...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33686
(8.8 HIGH)

EPSS: 0.06%

updated 2026-03-26T22:16:31.050000

1 posts

Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 have a path traversal vulnerability in the FileUtil class. The application fails to sanitize file extensions properly, allowing path separators to be passed into the storage layer. In `src/Utils/FileUtil.php`, the `FileUtil::explodeExtension()` function extracts a file's extension by splitting the fil

thehackerwire@mastodon.social at 2026-03-26T22:18:08.000Z ##

🟠 CVE-2026-33686 - High (8.8)

Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 have a path traversal vulnerability in the FileUtil class. The application fails to sanitize file extensions properly, allowing path separators to be...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33670
(9.8 CRITICAL)

EPSS: 0.06%

updated 2026-03-26T22:16:30.050000

2 posts

SiYuan is a personal knowledge management system. Prior to version 3.6.2, the /api/file/readDir interface was used to traverse and retrieve the file names of all documents under a notebook. Version 3.6.2 patches the issue.

offseq@infosec.exchange at 2026-03-26T22:30:12.000Z ##

🚨 CRITICAL: CVE-2026-33670 in SiYuan (<3.6.2) lets remote attackers exploit /api/file/readDir for path traversal, exposing sensitive files. Patch to 3.6.2+ ASAP! Details: radar.offseq.com/threat/cve-20 #OffSeq #vuln #infosec #SiYuan

##
thehackerwire@mastodon.social at 2026-03-26T22:19:14.000Z ##

🔴 CVE-2026-33670 - Critical (9.8)

SiYuan is a personal knowledge management system. Prior to version 3.6.2, the /api/file/readDir interface was used to traverse and retrieve the file names of all documents under a notebook. Version 3.6.2 patches the issue.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-55262
(8.3 HIGH)

EPSS: 0.03%

updated 2026-03-26T21:32:35

1 posts

HCL Aftermarket DPC is affected by SQL Injection which allows attacker to exploit this vulnerability to retrieve sensitive information from the database.

thehackerwire@mastodon.social at 2026-03-26T23:01:08.000Z ##

🟠 CVE-2025-55262 - High (8.3)

HCL Aftermarket DPC is affected by SQL Injection which allows attacker to exploit this vulnerability to retrieve sensitive information from the database.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-41359
(7.8 HIGH)

EPSS: 0.02%

updated 2026-03-26T21:31:26

1 posts

Vulnerability related to an unquoted service path in Small HTTP Server 3.06.36, specifically affecting the executable located at 'C:\Program Files (x86)\shttps_mg\http.exe service'. This misconfiguration allows a local attacker to place a malicious executable with the same name in a higher priority directory, causing the service to execute the malicious file instead of the legitimate one. Exploiti

thehackerwire@mastodon.social at 2026-03-26T23:16:10.000Z ##

🟠 CVE-2025-41359 - High (7.8)

Vulnerability related to an unquoted service path in Small HTTP Server 3.06.36, specifically affecting the executable located at 'C:\Program Files (x86)\shttps_mg\http.exe service'. This misconfiguration allows a local attacker to place a maliciou...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-41368
(8.1 HIGH)

EPSS: 0.02%

updated 2026-03-26T21:07:45.300000

1 posts

Problem in the Small HTTP Server v3.06.36 service. An authenticated path traversal vulnerability in '/' allows remote users to bypass the intended restrictions of SecurityManager and display any file if they have the appropriate permissions outside the document root configured on the server.

thehackerwire@mastodon.social at 2026-03-26T23:20:43.000Z ##

🟠 CVE-2025-41368 - High (8.1)

Problem in the Small HTTP Server v3.06.36 service. An authenticated path traversal vulnerability in '/' allows remote users to bypass the intended restrictions of SecurityManager and display any file if they have the appropriate permissions outsid...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33942
(9.8 CRITICAL)

EPSS: 0.33%

updated 2026-03-26T20:42:31.563000

1 posts

Saloon is a PHP library that gives users tools to build API integrations and SDKs. Versions prior to 4.0.0 used PHP's unserialize() in AccessTokenAuthenticator::unserialize() to restore OAuth token state from cache or storage, with allowed_classes => true. An attacker who can control the serialized string (e.g. by overwriting a cached token file or via another injection) can supply a serialized "g

thehackerwire@mastodon.social at 2026-03-27T00:00:04.000Z ##

🔴 CVE-2026-33942 - Critical (9.8)

Saloon is a PHP library that gives users tools to build API integrations and SDKs. Versions prior to 4.0.0 used PHP's unserialize() in AccessTokenAuthenticator::unserialize() to restore OAuth token state from cache or storage, with allowed_classes...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-32991
(9.0 CRITICAL)

EPSS: 0.21%

updated 2026-03-26T20:36:42.620000

1 posts

In N2WS Backup & Recovery before 4.4.0, a two-step attack against the RESTful API results in remote code execution.

thehackerwire@mastodon.social at 2026-03-26T00:00:25.000Z ##

🔴 CVE-2025-32991 - Critical (9)

In N2WS Backup & Recovery before 4.4.0, a two-step attack against the RESTful API results in remote code execution.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33530
(7.7 HIGH)

EPSS: 0.03%

updated 2026-03-26T20:16:15.237000

1 posts

InvenTree is an Open Source Inventory Management System. Prior to version 1.2.6, certain API endpoints associated with bulk data operations can be hijacked to exfiltrate sensitive information from the database. The bulk operation API endpoints (e.g. `/api/part/`, `/api/stock/`, `/api/order/so/allocation/`, and others) accept a filters parameter that is passed directly to Django's ORM queryset.filt

thehackerwire@mastodon.social at 2026-03-26T20:35:28.000Z ##

🟠 CVE-2026-33530 - High (7.7)

InvenTree is an Open Source Inventory Management System. Prior to version 1.2.6, certain API endpoints associated with bulk data operations can be hijacked to exfiltrate sensitive information from the database. The bulk operation API endpoints (e....

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4926
(7.5 HIGH)

EPSS: 0.04%

updated 2026-03-26T19:17:08.387000

1 posts

Impact: A bad regular expression is generated any time you have multiple sequential optional groups (curly brace syntax), such as `{a}{b}{c}:z`. The generated regex grows exponentially with the number of groups, causing denial of service. Patches: Fixed in version 8.4.0. Workarounds: Limit the number of sequential optional groups in route patterns. Avoid passing user-controlled input as route

thehackerwire@mastodon.social at 2026-03-26T20:35:37.000Z ##

🟠 CVE-2026-4926 - High (7.5)

Impact:

A bad regular expression is generated any time you have multiple sequential optional groups (curly brace syntax), such as `{a}{b}{c}:z`. The generated regex grows exponentially with the number of groups, causing denial of service.

Patche...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33149
(8.1 HIGH)

EPSS: 0.03%

updated 2026-03-26T19:17:02.967000

1 posts

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Versions up to and including 2.5.3 set ALLOWED_HOSTS = '*' by default, which causes Django to accept any value in the HTTP Host header without validation. The application uses request.build_absolute_uri() to generate absolute URLs in multiple contexts, including invite link emails, API pagination,

thehackerwire@mastodon.social at 2026-03-26T21:20:17.000Z ##

🟠 CVE-2026-33149 - High (8.1)

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Versions up to and including 2.5.3 set ALLOWED_HOSTS = '*' by default, which causes Django to accept any value in the HTTP Host header without val...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32522
(8.6 HIGH)

EPSS: 0.05%

updated 2026-03-26T19:17:01.930000

1 posts

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish WooCommerce Support Ticket System woocommerce-support-ticket-system allows Path Traversal.This issue affects WooCommerce Support Ticket System: from n/a through < 18.5.

thehackerwire@mastodon.social at 2026-03-27T00:01:09.000Z ##

🟠 CVE-2026-32522 - High (8.6)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish WooCommerce Support Ticket System woocommerce-support-ticket-system allows Path Traversal.This issue affects WooCommerce Support Ticket System...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33496
(8.1 HIGH)

EPSS: 0.14%

updated 2026-03-26T18:16:30.730000

1 posts

ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Versions prior to 26.2.0 are vulnerable to authentication bypass due to cache key confusion. The `oauth2_introspection` authenticator cache does not distinguish tokens that were validated with different introspection URLs. An attacker can therefore legiti

thehackerwire@mastodon.social at 2026-03-26T22:00:16.000Z ##

🟠 CVE-2026-33496 - High (8.1)

ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Versions prior to 26.2.0 are vulnerable to authentication bypass due to cache key confusion. The `oaut...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33487
(7.5 HIGH)

EPSS: 0.02%

updated 2026-03-26T18:16:30.070000

1 posts

goxmlsig provides XML Digital Signatures implemented in Go. Prior to version 1.6.0, the `validateSignature` function in `validate.go` goes through the references in the `SignedInfo` block to find one that matches the signed element's ID. In Go versions before 1.22, or when `go.mod` uses an older version, there is a loop variable capture issue. The code takes the address of the loop variable `_ref`

thehackerwire@mastodon.social at 2026-03-26T21:20:27.000Z ##

🟠 CVE-2026-33487 - High (7.5)

goxmlsig provides XML Digital Signatures implemented in Go. Prior to version 1.6.0, the `validateSignature` function in `validate.go` goes through the references in the `SignedInfo` block to find one that matches the signed element's ID. In Go ver...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33348
(8.7 HIGH)

EPSS: 0.07%

updated 2026-03-26T18:02:20.603000

1 posts

OpenEMR is a free and open source electronic health records and medical practice management application. Users with the `Notes - my encounters` role can fill Eye Exam forms in patient encounters. The answers to the form are displayed on the encounter page and in the visit history for the users with the same role. Versions prior to 8.0.0.3 have a stored cross-site scripting (XSS) vulnerability in t

thehackerwire@mastodon.social at 2026-03-25T23:20:35.000Z ##

🟠 CVE-2026-33348 - High (8.7)

OpenEMR is a free and open source electronic health records and medical practice management application. Users with the `Notes - my encounters` role can fill Eye Exam forms in patient encounters. The answers to the form are displayed on the en...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-3108
(8.0 HIGH)

EPSS: 0.04%

updated 2026-03-26T17:16:41.797000

1 posts

Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, 11.3.x <= 11.3.1 fail to sanitize user-controlled post content in the mmctl commands terminal output which allows attackers to manipulate administrator terminals via crafted messages containing ANSI and OSC escape sequences that enable screen manipulation, fake prompts, and clipboard hijacking.. Mattermost Advisory ID: MM

thehackerwire@mastodon.social at 2026-03-26T22:01:04.000Z ##

🟠 CVE-2026-3108 - High (8)

Mattermost versions 11.2.x &lt;= 11.2.2, 10.11.x &lt;= 10.11.10, 11.4.x &lt;= 11.4.0, 11.3.x &lt;= 11.3.1 fail to sanitize user-controlled post content in the mmctl commands terminal output which allows attackers to manipulate administrator termin...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33442
(8.1 HIGH)

EPSS: 0.05%

updated 2026-03-26T17:16:40.850000

1 posts

Kysely is a type-safe TypeScript SQL query builder. In versions 0.28.12 and 0.28.13, the `sanitizeStringLiteral` method in Kysely's query compiler escapes single quotes (`'` → `''`) but does not escape backslashes. On MySQL with the default `BACKSLASH_ESCAPES` SQL mode, an attacker can inject a backslash before a single quote to neutralize the escaping, breaking out of the JSON path string literal

thehackerwire@mastodon.social at 2026-03-26T22:01:14.000Z ##

🟠 CVE-2026-33442 - High (8.1)

Kysely is a type-safe TypeScript SQL query builder. In versions 0.28.12 and 0.28.13, the `sanitizeStringLiteral` method in Kysely's query compiler escapes single quotes (`'` → `''`) but does not escape backslashes. On MySQL with the default `BAC...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33009
(8.2 HIGH)

EPSS: 0.04%

updated 2026-03-26T17:16:37.813000

1 posts

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to C++ UB (potential memory corruption). This is triggered by an MQTT `everest_external/nodered/{connector}/cmd/switch_three_phases_while_charging` message and results in `Charger::shared_context` / `internal_context` accessed concurrently without lock. Version 2026.02.0 contains a patch.

thehackerwire@mastodon.social at 2026-03-26T22:15:45.000Z ##

🟠 CVE-2026-33009 - High (8.2)

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to C++ UB (potential memory corruption). This is triggered by an MQTT `everest_external/nodered/{connector}/cmd/switch_three_phases_while_charging` mess...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-15101
(8.8 HIGH)

EPSS: 0.02%

updated 2026-03-26T16:43:20.300000

1 posts

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Web management interface of certain ASUS router models. This vulnerability potentially allows actions to be performed with the existing privileges of an authenticated user on the affected device, including the ability to execute system commands through unintended mechanisms. Refer to the 'Security Update for ASUS Router F

thehackerwire@mastodon.social at 2026-03-26T23:55:32.000Z ##

🟠 CVE-2025-15101 - High (8.8)

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Web management interface of certain ASUS router models. This vulnerability potentially allows actions to be performed with the existing privileges of an authenticated use...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33696
(10.0 CRITICAL)

EPSS: 0.24%

updated 2026-03-26T16:41:02

2 posts

## Impact An authenticated user with permission to create or modify workflows could exploit a prototype pollution vulnerability in the GSuiteAdmin node. By supplying a crafted parameter as part of node configuration, an attacker could write attacker-controlled values onto `Object.prototype`. An attacker could use this prototype pollution to achieve remote code execution on the n8n instance. ## Pa

beyondmachines1@infosec.exchange at 2026-03-27T11:01:47.000Z ##

n8n Patches Critical Remote Code Execution and Credential Theft Vulnerabilities

n8n patched multiple vulnerabilities, including two critical RCE flaws (CVE-2026-33660 and CVE-2026-33696) and a credential theft issue that allow authenticated users to take over host systems or steal plaintext secrets.

**If you use n8n, update immediately to version 1.123.27, 2.13.3, or 2.14.1. These patches fix critical flaws that let anyone with workflow permissions take over your server and steal all stored credentials. If you can't update right away, restrict workflow creation permissions to only fully trusted users and disable the Merge and XML nodes via the NODES_EXCLUDE environment variable until you can patch.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##
offseq@infosec.exchange at 2026-03-26T00:00:42.000Z ##

🚩 CRITICAL: CVE-2026-33696 in n8n-io n8n (CVSS 9.4) - Prototype pollution enables remote code execution via XML/GSuiteAdmin nodes. Patch to 2.14.1, 2.13.3, or 1.123.27+. Restrict permissions & disable XML node as temp fix. radar.offseq.com/threat/cve-20 #OffSeq #n8n #CVE2026_33696

##

CVE-2026-33918
(7.6 HIGH)

EPSS: 0.03%

updated 2026-03-26T16:27:29.090000

2 posts

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the billing file-download endpoint `interface/billing/get_claim_file.php` only verifies that the caller has a valid session and CSRF token, but does not check any ACL permissions. This allows any authenticated OpenEMR user — regardless of whether they have billing priv

thehackerwire@mastodon.social at 2026-03-26T01:03:46.000Z ##

🟠 CVE-2026-33918 - High (7.6)

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the billing file-download endpoint `interface/billing/get_claim_file.php` only verifies that the caller has a valid ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-26T01:01:14.000Z ##

🟠 CVE-2026-33918 - High (7.6)

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the billing file-download endpoint `interface/billing/get_claim_file.php` only verifies that the caller has a valid ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33917
(8.8 HIGH)

EPSS: 0.00%

updated 2026-03-26T16:26:36.493000

2 posts

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulnerability in the ajax_save CAMOS form that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input validation in the ajax_save page in the CAMOS form. Version 8.0.0.3 patches the issue.

1 repos

https://github.com/ChrisSub08/CVE-2026-33917_SqlInjectionVulnerabilityOpenEMR8.0.0

thehackerwire@mastodon.social at 2026-03-26T01:03:36.000Z ##

🟠 CVE-2026-33917 - High (8.8)

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulnerability in the ajax_save CAMOS form that can be exploited by authenticated attackers. ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-26T01:01:04.000Z ##

🟠 CVE-2026-33917 - High (8.8)

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulnerability in the ajax_save CAMOS form that can be exploited by authenticated attackers. ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33913
(7.7 HIGH)

EPSS: 0.05%

updated 2026-03-26T16:25:24.290000

1 posts

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an authenticated user with access to the Carecoordination module can upload a crafted CCDA document containing `<xi:include href="file:///etc/passwd" parse="text"/>` to read arbitrary files from the server. Version 8.0.0.3 patches the issue.

thehackerwire@mastodon.social at 2026-03-25T23:20:25.000Z ##

🟠 CVE-2026-33913 - High (7.7)

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an authenticated user with access to the Carecoordination module can upload a crafted CCDA document containing `` to...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-34056
(7.7 HIGH)

EPSS: 0.02%

updated 2026-03-26T16:15:22.680000

1 posts

OpenEMR is a free and open source electronic health records and medical practice management application. A Broken Access Control vulnerability in OpenEMR up to and including version 8.0.0.3 allows low-privilege users to view and download Ensora eRx error logs without proper authorization checks. This flaw compromises system confidentiality by exposing sensitive information, potentially leading to

thehackerwire@mastodon.social at 2026-03-26T01:00:33.000Z ##

🟠 CVE-2026-34056 - High (7.7)

OpenEMR is a free and open source electronic health records and medical practice management application. A Broken Access Control vulnerability in OpenEMR up to and including version 8.0.0.3 allows low-privilege users to view and download Ensora eR...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-24068
(8.8 HIGH)

EPSS: 0.04%

updated 2026-03-26T15:31:40

1 posts

The VSL privileged helper does utilize NSXPC for IPC. The implementation of the "shouldAcceptNewConnection" function, which is used by the NSXPC framework to validate if a client should be allowed to connect to the XPC listener, does not validate clients at all. This means that any process can connect to this service using the configured protocol. A malicious process is able to call all the functi

thehackerwire@mastodon.social at 2026-03-26T23:21:00.000Z ##

🟠 CVE-2026-24068 - High (8.8)

The VSL privileged helper does utilize NSXPC for IPC. The implementation of the "shouldAcceptNewConnection" function, which is used by the NSXPC framework to validate if a client should be allowed to connect to the XPC listener, does not validate ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32530
(8.8 HIGH)

EPSS: 0.04%

updated 2026-03-26T15:31:39

1 posts

Incorrect Privilege Assignment vulnerability in WPFunnels Creator LMS creatorlms allows Privilege Escalation.This issue affects Creator LMS: from n/a through <= 1.1.18.

thehackerwire@mastodon.social at 2026-03-27T00:00:25.000Z ##

🟠 CVE-2026-32530 - High (8.8)

Incorrect Privilege Assignment vulnerability in WPFunnels Creator LMS creatorlms allows Privilege Escalation.This issue affects Creator LMS: from n/a through &lt;= 1.1.18.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4747
(8.8 HIGH)

EPSS: 0.15%

updated 2026-03-26T15:31:39

1 posts

Each RPCSEC_GSS data packet is validated by a routine which checks a signature in the packet. This routine copies a portion of the packet into a stack buffer, but fails to ensure that the buffer is sufficiently large, and a malicious client can trigger a stack overflow. Notably, this does not require the client to authenticate itself first. As kgssapi.ko's RPCSEC_GSS implementation is vulnerabl

thehackerwire@mastodon.social at 2026-03-26T23:55:23.000Z ##

🟠 CVE-2026-4747 - High (8.8)

Each RPCSEC_GSS data packet is validated by a routine which checks a signature in the packet. This routine copies a portion of the packet into a stack buffer, but fails to ensure that the buffer is sufficiently large, and a malicious client can t...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4247
(7.5 HIGH)

EPSS: 0.02%

updated 2026-03-26T15:31:39

1 posts

When a challenge ACK is to be sent tcp_respond() constructs and sends the challenge ACK and consumes the mbuf that is passed in. When no challenge ACK should be sent the function returns and leaks the mbuf. If an attacker is either on path with an established TCP connection, or can themselves establish a TCP connection, to an affected FreeBSD machine, they can easily craft and send packets which

thehackerwire@mastodon.social at 2026-03-26T23:21:29.000Z ##

🟠 CVE-2026-4247 - High (7.5)

When a challenge ACK is to be sent tcp_respond() constructs and sends the challenge ACK and consumes the mbuf that is passed in. When no challenge ACK should be sent the function returns and leaks the mbuf.

If an attacker is either on path with ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4652
(7.5 HIGH)

EPSS: 0.05%

updated 2026-03-26T15:31:38

1 posts

On a system exposing an NVMe/TCP target, a remote client can trigger a kernel panic by sending a CONNECT command for an I/O queue with a bogus or stale CNTLID. An attacker with network access to the NVMe/TCP target can trigger an unauthenticated Denial of Service condition on the affected machine.

thehackerwire@mastodon.social at 2026-03-26T23:55:15.000Z ##

🟠 CVE-2026-4652 - High (7.5)

On a system exposing an NVMe/TCP target, a remote client can trigger a kernel panic by sending a CONNECT command for an I/O queue with a bogus or stale CNTLID.

An attacker with network access to the NVMe/TCP target can trigger an unauthenticated ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-55261
(8.1 HIGH)

EPSS: 0.04%

updated 2026-03-26T15:30:48

1 posts

HCL Aftermarket DPC is affected by Missing Functional Level Access Control which will allow attacker to escalate his privileges and may compromise the application and may steal and manipulate the data.

thehackerwire@mastodon.social at 2026-03-26T23:00:57.000Z ##

🟠 CVE-2025-55261 - High (8.1)

HCL Aftermarket DPC is affected by Missing Functional Level Access Control which will allow attacker to escalate his privileges and may compromise the application and may steal and manipulate the data.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-27664
(7.5 HIGH)

EPSS: 0.04%

updated 2026-03-26T15:30:48

1 posts

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.10), SICORE Base system (All versions < V26.10.0). The affected application contains an out-of-bounds write vulnerability while parsing specially crafted XML inputs. This could allow an unauthenticated attacker to exploit this issue by sending a malicious XML request, which may cause the service to c

thehackerwire@mastodon.social at 2026-03-26T22:15:54.000Z ##

🟠 CVE-2026-27664 - High (7.5)

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions &lt; V26.10), SICORE Base system (All versions &lt; V26.10.0). The affected application contains an out-of-bounds write vulnerability while parsing specia...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33287
(7.5 HIGH)

EPSS: 0.04%

updated 2026-03-26T15:16:38.133000

1 posts

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, the `replace_first` filter in LiquidJS uses JavaScript's `String.prototype.replace()` which interprets `$&` as a back reference to the matched substring. The filter only charges `memoryLimit` for the input string length, not the amplified output. An attacker can achieve exponential memory

thehackerwire@mastodon.social at 2026-03-26T01:36:13.000Z ##

🟠 CVE-2026-33287 - High (7.5)

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, the `replace_first` filter in LiquidJS uses JavaScript's `String.prototype.replace()` which interprets `$&` as a back reference to the ma...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-26008
(7.5 HIGH)

EPSS: 0.04%

updated 2026-03-26T15:16:32.510000

1 posts

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have an out-of-bounds access (std::vector) that leads to possible remote crash/memory corruption. This is because the CSMS sends UpdateAllowedEnergyTransferModes over the network. Version 2026.2.0 contains a patch.

thehackerwire@mastodon.social at 2026-03-26T22:21:27.000Z ##

🟠 CVE-2026-26008 - High (7.5)

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have an out-of-bounds access (std::vector) that leads to possible remote crash/memory corruption. This is because the CSMS sends UpdateAllowedEnergyTransferModes over the networ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-23995
(8.4 HIGH)

EPSS: 0.01%

updated 2026-03-26T15:16:32.137000

2 posts

EVerest is an EV charging software stack. Prior to version 2026.02.0, stack-based buffer overflow in CAN interface initialization: passing an interface name longer than IFNAMSIZ (16) to CAN open routines overflows `ifreq.ifr_name`, corrupting adjacent stack data and enabling potential code execution. A malicious or misconfigured interface name can trigger this before any privilege checks. Version

thehackerwire@mastodon.social at 2026-03-26T22:22:17.000Z ##

🟠 CVE-2026-23995 - High (8.4)

EVerest is an EV charging software stack. Prior to version 2026.02.0, stack-based buffer overflow in CAN interface initialization: passing an interface name longer than IFNAMSIZ (16) to CAN open routines overflows `ifreq.ifr_name`, corrupting adja...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-26T22:21:15.000Z ##

🟠 CVE-2026-23995 - High (8.4)

EVerest is an EV charging software stack. Prior to version 2026.02.0, stack-based buffer overflow in CAN interface initialization: passing an interface name longer than IFNAMSIZ (16) to CAN open routines overflows `ifreq.ifr_name`, corrupting adja...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-22593
(8.4 HIGH)

EPSS: 0.01%

updated 2026-03-26T15:16:31.800000

1 posts

EVerest is an EV charging software stack. Prior to version 2026.02.0, an off-by-one check in IsoMux certificate filename handling causes a stack-based buffer overflow when a filename length equals `MAX_FILE_NAME_LENGTH` (100). A crafted filename in the certificate directory can overflow `file_names[idx]`, corrupting stack state and enabling potential code execution. Version 2026.02.0 contains a pa

thehackerwire@mastodon.social at 2026-03-26T22:21:36.000Z ##

🟠 CVE-2026-22593 - High (8.4)

EVerest is an EV charging software stack. Prior to version 2026.02.0, an off-by-one check in IsoMux certificate filename handling causes a stack-based buffer overflow when a filename length equals `MAX_FILE_NAME_LENGTH` (100). A crafted filename i...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-20084
(8.6 HIGH)

EPSS: 0.11%

updated 2026-03-26T15:13:33.940000

1 posts

A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause BOOTP packets to be forwarded between VLANs, resulting in a denial of service (DoS) condition. This vulnerability is due to improper handling of BOOTP packets on Cisco Catalyst 9000 Series Switches. An attacker could exploit this vulnerability by sending BOOTP request

thehackerwire@mastodon.social at 2026-03-25T22:00:41.000Z ##

🟠 CVE-2026-20084 - High (8.6)

A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause BOOTP packets to be forwarded between VLANs, resulting in a denial of service (DoS) condition.

This vulnerability is...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33285
(7.5 HIGH)

EPSS: 0.04%

updated 2026-03-26T15:13:15.790000

1 posts

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, LiquidJS's `memoryLimit` security mechanism can be completely bypassed by using reverse range expressions (e.g., `(100000000..1)`), allowing an attacker to allocate unlimited memory. Combined with a string flattening operation (e.g., `replace` filter), this causes a V8 Fatal error that cra

thehackerwire@mastodon.social at 2026-03-26T01:18:13.000Z ##

🟠 CVE-2026-33285 - High (7.5)

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, LiquidJS's `memoryLimit` security mechanism can be completely bypassed by using reverse range expressions (e.g., `(100000000..1)`), allow...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-20125
(7.7 HIGH)

EPSS: 0.14%

updated 2026-03-26T15:13:15.790000

1 posts

A vulnerability in the HTTP Server feature of Cisco IOS Software and Cisco IOS XE Software Release 3E could allow an authenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending malformed HTTP req

thehackerwire@mastodon.social at 2026-03-25T22:00:32.000Z ##

🟠 CVE-2026-20125 - High (7.7)

A vulnerability in the HTTP Server feature of Cisco IOS Software and Cisco IOS XE Software Release 3E could allow an authenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) conditio...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32523
(9.9 CRITICAL)

EPSS: 0.04%

updated 2026-03-26T14:16:11.417000

1 posts

Unrestricted Upload of File with Dangerous Type vulnerability in denishua WPJAM Basic wpjam-basic allows Using Malicious Files.This issue affects WPJAM Basic: from n/a through <= 6.9.2.

thehackerwire@mastodon.social at 2026-03-27T00:01:19.000Z ##

🔴 CVE-2026-32523 - Critical (9.9)

Unrestricted Upload of File with Dangerous Type vulnerability in denishua WPJAM Basic wpjam-basic allows Using Malicious Files.This issue affects WPJAM Basic: from n/a through &lt;= 6.9.2.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-2511
(7.5 HIGH)

EPSS: 0.07%

updated 2026-03-26T14:16:10.017000

1 posts

The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL Injection via the `multiformid` parameter in the `storeTickets()` function in all versions up to, and including, 3.0.4. This is due to the user-supplied `multiformid` value being passed to `esc_sql()` without enclosing the result in quotes in the SQL query, rendering the escaping ineffective against

thehackerwire@mastodon.social at 2026-03-26T23:00:47.000Z ##

🟠 CVE-2026-2511 - High (7.5)

The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL Injection via the `multiformid` parameter in the `storeTickets()` function in all versions up to, and including, 3.0.4. This is due to the user-su...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33017
(9.8 CRITICAL)

EPSS: 5.65%

updated 2026-03-26T13:26:16.393000

4 posts

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses attacker-controlled flow data (containing arbitrary Python code in node definitions) instead of the stored f

5 repos

https://github.com/rootdirective-sec/CVE-2026-33017-Lab

https://github.com/z4yd3/PoC-CVE-2026-33017

https://github.com/omer-efe-curkus/CVE-2026-33017-Langflow-RCE-PoC

https://github.com/SimoesCTT/Sovereign-Echo-33017

https://github.com/MaxMnMl/langflow-CVE-2026-33017-poc

steelefortress at 2026-03-28T11:00:13.491Z ##

CISA just added two critical vulnerabilities to its Known Exploited Vulnerabilities catalog and both deserve your immediate attention.

First up is CVE-2026-33017, a code injection flaw in Langflow, the open-source AI workflow builder that has exploded in popularity.

Read more: steelefortress.com/7448up

##
steelefortress@infosec.exchange at 2026-03-28T11:00:13.000Z ##

CISA just added two critical vulnerabilities to its Known Exploited Vulnerabilities catalog and both deserve your immediate attention.

First up is CVE-2026-33017, a code injection flaw in Langflow, the open-source AI workflow builder that has exploded in popularity.

Read more: steelefortress.com/7448up

#Cybersecurity #InfoSec #Privacy #ThreatIntel

##
secdb@infosec.exchange at 2026-03-26T22:21:34.000Z ##

🚨 [CISA-2026:0325] CISA Adds One Known Exploited Vulnerability to Catalog (secdb.nttzen.cloud/security-ad)

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2026-33017 (secdb.nttzen.cloud/cve/detail/)
- Name: Langflow Code Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Langflow
- Product: Langflow
- Notes: github.com/langflow-ai/langflo ; nvd.nist.gov/vuln/detail/CVE-2

#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260325 #cisa20260325 #cve_2026_33017 #cve202633017

##
gtronix@infosec.exchange at 2026-03-26T20:01:42.000Z ##

"CISA: New Langflow flaw actively exploited to hijack AI workflows"

"[...] The Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are actively exploiting a critical vulnerability identified as CVE-2026-33017, which affects the Langflow framework for building AI agents."

bleepingcomputer.com/news/secu

#Cybersecurity

##

CVE-2026-4809
(9.8 CRITICAL)

EPSS: 0.39%

updated 2026-03-26T12:30:35

2 posts

plank/laravel-mediable through version 6.4.0 can allow upload of a dangerous file type when an application using the package accepts or prefers a client-supplied MIME type during file upload handling. In that configuration, a remote attacker can submit a file containing executable PHP code while declaring a benign image MIME type, resulting in arbitrary file upload. If the uploaded file is stored

thehackerwire@mastodon.social at 2026-03-26T23:20:52.000Z ##

🔴 CVE-2026-4809 - Critical (9.8)

plank/laravel-mediable through version 6.4.0 can allow upload of a dangerous file type when an application using the package accepts or prefers a client-supplied MIME type during file upload handling. In that configuration, a remote attacker can s...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
offseq@infosec.exchange at 2026-03-26T21:00:17.000Z ##

🚨 CRITICAL vuln in plank/laravel-mediable <=6.4.0 (CVE-2026-4809): attackers can upload malicious PHP files by spoofing MIME types. No patch yet. Disable client MIME trust & enforce server-side checks! Details: radar.offseq.com/threat/cve-20 #OffSeq #CVE20264809 #Laravel #RCE

##

CVE-2026-4862
(8.8 HIGH)

EPSS: 0.04%

updated 2026-03-26T10:16:26.850000

1 posts

A security vulnerability has been detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file /goform/formConfigDnsFilterGlobal of the component Parameter Handler. Such manipulation of the argument GroupName leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.

thehackerwire@mastodon.social at 2026-03-26T23:21:12.000Z ##

🟠 CVE-2026-4862 - High (8.8)

A security vulnerability has been detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file /goform/formConfigDnsFilterGlobal of the component Parameter Handler. Such manipulation of the argument Gr...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-28760
(7.8 HIGH)

EPSS: 0.01%

updated 2026-03-26T09:30:33

2 posts

The installer of RATOC RAID Monitoring Manager for Windows searches the current directory to load certain DLLs. If a user is directed to place a crafted DLL with the installer, an arbitrary code may be executed with the administrator privilege.

offseq@infosec.exchange at 2026-03-26T09:00:28.000Z ##

🛡️ HIGH-severity: CVE-2026-28760 in RATOC RAID Monitoring Manager for Windows (<2.00.009.260220) allows DLL hijacking — local attackers may run code as admin. Patch ASAP, restrict installer access, and audit installs. radar.offseq.com/threat/cve-20 #OffSeq #infosec #vuln #windows

##
thehackerwire@mastodon.social at 2026-03-26T07:19:31.000Z ##

🟠 CVE-2026-28760 - High (7.8)

The installer of RATOC RAID Monitoring Manager for Windows searches the current directory to load certain DLLs. If a user is directed to place a crafted DLL with the installer, an arbitrary code may be executed with the administrator privilege.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32680
(7.8 HIGH)

EPSS: 0.01%

updated 2026-03-26T09:30:33

2 posts

The installer of RATOC RAID Monitoring Manager for Windows allows to customize the installation folder. If the installation folder is customized to some non-default one, the folder may be left with un-secure ACLs and non-administrative users can alter contents of that folder. It may allow a non-administrative user to execute an arbitrary code with SYSTEM privilege.

offseq@infosec.exchange at 2026-03-26T07:30:29.000Z ##

HIGH severity alert: RATOC RAID Monitoring Manager for Windows (<2.00.009.260220) can leave custom install folders with insecure ACLs, letting non-admins run code as SYSTEM. Check permissions & update! CVE-2026-32680 radar.offseq.com/threat/cve-20 #OffSeq #Vuln #Windows #SysAdmin

##
thehackerwire@mastodon.social at 2026-03-26T07:19:40.000Z ##

🟠 CVE-2026-32680 - High (7.8)

The installer of RATOC RAID Monitoring Manager for Windows allows to customize the installation folder. If the installation folder is customized to some non-default one, the folder may be left with un-secure ACLs and non-administrative users can a...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4861
(8.8 HIGH)

EPSS: 0.04%

updated 2026-03-26T09:16:06.720000

1 posts

A weakness has been identified in Wavlink WL-NU516U1 260227. This vulnerability affects the function ftext of the file /cgi-bin/nas.cgi. This manipulation of the argument Content-Length causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but di

thehackerwire@mastodon.social at 2026-03-26T23:21:20.000Z ##

🟠 CVE-2026-4861 - High (8.8)

A weakness has been identified in Wavlink WL-NU516U1 260227. This vulnerability affects the function ftext of the file /cgi-bin/nas.cgi. This manipulation of the argument Content-Length causes stack-based buffer overflow. The attack can be initiat...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4840
(8.8 HIGH)

EPSS: 0.15%

updated 2026-03-26T05:16:40.840000

2 posts

A security flaw has been discovered in Netcore Power 15AX up to 3.0.0.6938. Affected by this issue is the function setTools of the file /bin/netis.cgi of the component Diagnostic Tool Interface. Performing a manipulation of the argument IpAddr results in os command injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The

offseq@infosec.exchange at 2026-03-26T06:00:30.000Z ##

🔥 CVE-2026-4840: HIGH-severity OS command injection in Netcore Power 15AX (≤3.0.0.6938). No patch, public exploit out. Remote code execution possible — immediate mitigation needed! Full compromise risk. Details: radar.offseq.com/threat/cve-20 #OffSeq #Netcore #Security #CVE20264840

##
thehackerwire@mastodon.social at 2026-03-26T05:17:52.000Z ##

🟠 CVE-2026-4840 - High (8.8)

A security flaw has been discovered in Netcore Power 15AX up to 3.0.0.6938. Affected by this issue is the function setTools of the file /bin/netis.cgi of the component Diagnostic Tool Interface. Performing a manipulation of the argument IpAddr res...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-2931
(8.8 HIGH)

EPSS: 0.04%

updated 2026-03-26T05:16:39.030000

1 posts

The Amelia Booking plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 9.1.2. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated attackers with customer-level permissions or above to change user passwords and potentially

thehackerwire@mastodon.social at 2026-03-26T05:18:02.000Z ##

🟠 CVE-2026-2931 - High (8.8)

The Amelia Booking plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 9.1.2. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and acce...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4484
(9.8 CRITICAL)

EPSS: 0.04%

updated 2026-03-26T03:30:34

1 posts

The Masteriyo LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.6. This is due to the plugin allowing a user to update the user role through the 'InstructorsController::prepare_object_for_database' function. This makes it possible for authenticated attackers, with Student-level access and above, to elevate their privileges to that of an admini

thehackerwire@mastodon.social at 2026-03-26T03:00:03.000Z ##

🔴 CVE-2026-4484 - Critical (9.8)

The Masteriyo LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.6. This is due to the plugin allowing a user to update the user role through the 'InstructorsController::prepare_object_for_data...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4758
(8.8 HIGH)

EPSS: 0.25%

updated 2026-03-26T00:16:41.570000

1 posts

The WP Job Portal plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'WPJOBPORTALcustomfields::removeFileCustom' function in all versions up to, and including, 2.4.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code exec

thehackerwire@mastodon.social at 2026-03-26T01:00:42.000Z ##

🟠 CVE-2026-4758 - High (8.8)

The WP Job Portal plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'WPJOBPORTALcustomfields::removeFileCustom' function in all versions up to, and including, 2.4.9. This makes it possibl...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32536
(10.0 CRITICAL)

EPSS: 0.04%

updated 2026-03-25T21:31:40

1 posts

Unrestricted Upload of File with Dangerous Type vulnerability in halfdata Green Downloads halfdata-paypal-green-downloads allows Using Malicious Files.This issue affects Green Downloads: from n/a through <= 2.08.

thehackerwire@mastodon.social at 2026-03-25T21:43:40.000Z ##

🔴 CVE-2026-32536 - Critical (9.9)

Unrestricted Upload of File with Dangerous Type vulnerability in halfdata Green Downloads halfdata-paypal-green-downloads allows Using Malicious Files.This issue affects Green Downloads: from n/a through &lt;= 2.08.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32538
(7.5 HIGH)

EPSS: 0.03%

updated 2026-03-25T21:31:39

1 posts

Insertion of Sensitive Information Into Sent Data vulnerability in Noor Alam SMTP Mailer smtp-mailer allows Retrieve Embedded Sensitive Data.This issue affects SMTP Mailer: from n/a through <= 1.1.24.

thehackerwire@mastodon.social at 2026-03-25T21:44:23.000Z ##

🟠 CVE-2026-32538 - High (7.5)

Insertion of Sensitive Information Into Sent Data vulnerability in Noor Alam SMTP Mailer smtp-mailer allows Retrieve Embedded Sensitive Data.This issue affects SMTP Mailer: from n/a through &lt;= 1.1.24.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32573
(9.1 CRITICAL)

EPSS: 0.04%

updated 2026-03-25T21:30:36

1 posts

Improper Control of Generation of Code ('Code Injection') vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Code Injection.This issue affects Nelio AB Testing: from n/a through <= 8.2.7.

offseq@infosec.exchange at 2026-03-26T04:30:28.000Z ##

🚨 CRITICAL: CVE-2026-32573 in Nelio AB Testing plugin (≤8.2.7) enables code injection on WordPress sites. No active exploits, but risk of remote code execution. Monitor for patches & harden configs. radar.offseq.com/threat/cve-20 #OffSeq #WordPress #Vuln

##

CVE-2026-32513
(8.8 HIGH)

EPSS: 0.05%

updated 2026-03-25T21:30:35

1 posts

Deserialization of Untrusted Data vulnerability in Miguel Useche JS Archive List jquery-archive-list-widget allows Object Injection.This issue affects JS Archive List: from n/a through <= 6.1.7.

thehackerwire@mastodon.social at 2026-03-25T21:44:41.000Z ##

🟠 CVE-2026-32513 - High (8.8)

Deserialization of Untrusted Data vulnerability in Miguel Useche JS Archive List jquery-archive-list-widget allows Object Injection.This issue affects JS Archive List: from n/a through &lt;= 6.1.7.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32537
(7.5 HIGH)

EPSS: 0.11%

updated 2026-03-25T21:16:46.153000

1 posts

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in nK Visual Portfolio, Photo Gallery & Post Grid visual-portfolio allows PHP Local File Inclusion.This issue affects Visual Portfolio, Photo Gallery & Post Grid: from n/a through <= 3.5.1.

thehackerwire@mastodon.social at 2026-03-25T21:43:49.000Z ##

🟠 CVE-2026-32537 - High (7.5)

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in nK Visual Portfolio, Photo Gallery & Post Grid visual-portfolio allows PHP Local File Inclusion.This issue affects Visual Port...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32531
(8.1 HIGH)

EPSS: 0.11%

updated 2026-03-25T21:16:44.300000

1 posts

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Kunco kunco allows PHP Local File Inclusion.This issue affects Kunco: from n/a through < 1.4.5.

thehackerwire@mastodon.social at 2026-03-25T21:44:32.000Z ##

🟠 CVE-2026-32531 - High (8.1)

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Kunco kunco allows PHP Local File Inclusion.This issue affects Kunco: from n/a through &lt; 1.4.5.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33660
(10.0 CRITICAL)

EPSS: 0.11%

updated 2026-03-25T21:07:45

2 posts

## Impact An authenticated user with permission to create or modify workflows could use the Merge node's "Combine by SQL" mode to read local files on the n8n host and achieve remote code execution. The AlaSQL sandbox did not sufficiently restrict certain SQL statements, allowing an attacker to access sensitive files on the server or even compromise the intance. ## Patches The issue has been fixed

beyondmachines1@infosec.exchange at 2026-03-27T11:01:47.000Z ##

n8n Patches Critical Remote Code Execution and Credential Theft Vulnerabilities

n8n patched multiple vulnerabilities, including two critical RCE flaws (CVE-2026-33660 and CVE-2026-33696) and a credential theft issue that allow authenticated users to take over host systems or steal plaintext secrets.

**If you use n8n, update immediately to version 1.123.27, 2.13.3, or 2.14.1. These patches fix critical flaws that let anyone with workflow permissions take over your server and steal all stored credentials. If you can't update right away, restrict workflow creation permissions to only fully trusted users and disable the Merge and XML nodes via the NODES_EXCLUDE environment variable until you can patch.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##
offseq@infosec.exchange at 2026-03-26T03:00:33.000Z ##

⚠️ CRITICAL RCE in n8n (CVE-2026-33660): Auth'd users can exploit Merge node SQL to read files & execute code on n8n host. Patch to 2.14.1/2.13.3/1.123.26 ASAP. Limit permissions if you can't patch yet. radar.offseq.com/threat/cve-20 #OffSeq #n8n #infosec #CVE202633660

##

CVE-2026-33056
(6.5 MEDIUM)

EPSS: 0.01%

updated 2026-03-25T18:36:34

1 posts

## Summary When unpacking a tar archive, the `tar` crate's `unpack_dir` function uses `fs::metadata()` to check whether a path that already exists is a directory. Because `fs::metadata()` follows symbolic links, a crafted tarball containing a symlink entry followed by a directory entry with the same name causes the crate to treat the symlink target as a valid existing directory — and subsequently

rustaceans@mastodon.social at 2026-03-26T10:11:36.000Z ##

link: blog.rust-lang.org/2026/03/21/

##

CVE-2026-20012
(8.6 HIGH)

EPSS: 0.10%

updated 2026-03-25T18:31:51

1 posts

A vulnerability in the Internet Key Exchange version 2 (IKEv2) feature of Cisco IOS Software, Cisco IOS XE Software, Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a memory leak, resulting in a denial of service (DoS) condition on an affected device. This vulnerab

thehackerwire@mastodon.social at 2026-03-25T23:00:33.000Z ##

🟠 CVE-2026-20012 - High (8.6)

A vulnerability in the Internet Key Exchange version 2 (IKEv2) feature of Cisco IOS Software, Cisco IOS XE Software, Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, and Cisco Secure Firewall Threat Defense (FTD) Software could al...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-20086
(8.6 HIGH)

EPSS: 0.10%

updated 2026-03-25T18:31:47

1 posts

A vulnerability in the processing of Control and Provisioning of Wireless Access Points (CAPWAP) packets of Cisco IOS XE Wireless Controller Software for the Catalyst CW9800 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of a malformed CAPWAP packet. An attacker could exploi

thehackerwire@mastodon.social at 2026-03-25T23:00:24.000Z ##

🟠 CVE-2026-20086 - High (8.6)

A vulnerability in the processing of Control and Provisioning of Wireless Access Points (CAPWAP) packets of Cisco IOS XE Wireless Controller Software for the Catalyst CW9800 Family could allow an unauthenticated, remote attacker to cause a denial ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-33244
(9.0 CRITICAL)

EPSS: 0.03%

updated 2026-03-25T15:41:58.280000

1 posts

NVIDIA APEX for Linux contains a vulnerability where an unauthorized attacker could cause a deserialization of untrusted data. This vulnerability affects environments that use PyTorch versions earlier than 2.6. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, data tampering, and information disclosure.

beyondmachines1@infosec.exchange at 2026-03-27T10:01:47.000Z ##

NVIDIA Patches Multiple Flaws Including Critical RCE Vulnerability in Apex AI Optimization Library

NVIDIA's March 2026 security bulletins address multiple vulnerabilities across its AI and infrastructure products including CVE-2025-33244, a critical deserialization flaw in NVIDIA Apex that could allow remote code execution, privilege escalation, and full compromise of AI training pipelines.

**If you're running NVIDIA AI tools like Apex, Triton, NeMo, or Megatron, check the March 2026 security bulletins and apply all available patches immediately — several of these flaws are high-severity and could let attackers take over your AI pipelines. Subscribe to NVIDIA's security advisories so you don't miss future updates, and prioritize patching any internet-facing or shared infrastructure components first.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

CVE-2026-3104
(7.5 HIGH)

EPSS: 0.03%

updated 2026-03-25T15:31:37

1 posts

A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this domain. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.

thehackerwire@mastodon.social at 2026-03-26T00:00:35.000Z ##

🟠 CVE-2026-3104 - High (7.5)

A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this domain.
This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1.
BIND 9 versions 9...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-1519
(7.5 HIGH)

EPSS: 0.04%

updated 2026-03-25T15:31:36

1 posts

If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where authoritative servers may make recursive queries (see: https://kb.isc.org/docs/why-does-my-authoritative-server-make-recursive-queries). This issue affects BIND 9 versions 9.

thehackerwire@mastodon.social at 2026-03-26T00:01:34.000Z ##

🟠 CVE-2026-1519 - High (7.5)

If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where authoritative servers...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33167
(0 None)

EPSS: 0.01%

updated 2026-03-24T15:53:48.067000

1 posts

Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page, leading to XSS. This affects applications with detailed exception pages enabled (`config.consider_all_requ

vitobotta@mastodon.social at 2026-03-27T12:55:29.000Z ##

Rails released security patches for versions 7.2, 8.0, and 8.1 this week, addressing 10 vulnerabilities. The list includes XSS vulnerabilities in Action Pack debug exceptions and Action View tag helpers, DoS vulnerabilities in Active Storage (range requests) and Active Support (number formatting), plus path traversal and glob injection issues in Active Storage DiskService

The most interesting one for me is CVE-2026-33167 - XSS via debug exceptions in development mode. Interesting attack vector!

##

CVE-2026-3587
(10.0 CRITICAL)

EPSS: 0.09%

updated 2026-03-24T08:16:01.910000

1 posts

An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface, leading to full compromise of the device.

1 repos

https://github.com/z3r0h3ro/cve-2026-3587-poc

beyondmachines1@infosec.exchange at 2026-03-27T08:01:46.000Z ##

Critical Hidden Functionality Vulnerability in WAGO Industrial Managed Switches

WAGO reports a critical CVSS 10.0 vulnerability (CVE-2026-3587) in its industrial managed switches that allows unauthenticated remote attackers to escape the CLI and gain full device control. The flaw affects numerous models used in critical infrastructure.

**Make sure all WAGO managed switches (Lean and Industrial series) are isolated from the internet and accessible from trusted networks only. Then update the firmware to the latest "S1" patched versions if you can't patch immediately, disable SSH and Telnet so the command line is only reachable through a physical connection on the device itself.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

CVE-2026-4681(CVSS UNKNOWN)

EPSS: 0.38%

updated 2026-03-24T00:30:28

1 posts

A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data. This issue affects Windchill PDMLink: 11.0 M030, 11.1 M020, 11.2.1.0, 12.0.2.0, 12.1.2.0, 13.0.2.0, 13.1.0.0, 13.1.1.0, 13.1.2.0, 13.1.3.0; FlexPLM: 11.0 M030, 11.1 M020, 11.2.1.0, 12.0.0.0, 12.0.2.0, 12.0.3.0, 1

offseq@infosec.exchange at 2026-03-27T10:30:29.000Z ##

🚨 CRITICAL: CISA flags CVE-2026-4681 in PTC Windchill PLM. German police issued physical warnings — high urgency! No active exploits, but risk to manufacturing & engineering data is severe. Audit & secure now. radar.offseq.com/threat/cisa-f #OffSeq #Vulnerability #PLM #InfoSec

##

CVE-2026-3055(CVSS UNKNOWN)

EPSS: 0.02%

updated 2026-03-23T21:30:58

2 posts

Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread

1 repos

https://github.com/RootAid/CVE-2026-3055

hackerworkspace@infosec.exchange at 2026-03-26T18:53:12.000Z ##

March 26 Advisory: Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerability [CVE-2026-3055] - Censys

censys.com/advisory/cve-2026-3

Short summary: hackerworkspace.com/article/ma

#cybersecurity #vulnerability #exploit

##
benzogaga33@mamot.fr at 2026-03-26T10:40:04.000Z ##

CVE-2026-3055 : appliquez ce patch Citrix avant qu’il ne soit trop tard it-connect.fr/cve-2026-3055-ap #ActuCybersécurité #Vulnérabilités #Cybersécurité

##

CVE-2025-15605(CVSS UNKNOWN)

EPSS: 0.01%

updated 2026-03-23T18:30:39

1 posts

A hardcoded cryptographic key within the configuration mechanism on TP-Link Archer NX200, NX210, NX500 and NX600 enables decryption and re-encryption of device configuration data. An authenticated attacker may decrypt configuration files, modify them, and re-encrypt them, affecting the confidentiality and integrity of device configuration data.

agowa338@chaos.social at 2026-03-26T09:05:52.000Z ##

@heisec

Außerdem, wenn man in die CVEs kuckt, habt ihr das komplett Falsch dargestellt.

feedly.com/cve/CVE-2026-15518 and feedly.com/cve/CVE-2026-15519: that allows unauthenticated attackers to decrypt sensitive device configurations

feedly.com/cve/CVE-2025-15605: An authenticated attacker with low privileges and adjacent network access

##

CVE-2025-15517(CVSS UNKNOWN)

EPSS: 0.04%

updated 2026-03-23T18:30:39

1 posts

A missing authentication check in the HTTP server on TP-Link Archer NX200, NX210, NX500 and NX600 to certain cgi endpoints allows unauthenticated access intended for authenticated users. An attacker may perform privileged HTTP actions without authentication, including firmware upload and configuration operations.

beyondmachines1@infosec.exchange at 2026-03-26T08:01:47.000Z ##

TP-Link Patches Multiple Flaws Including Authentication Bypass in Archer NX Routers

TP-Link patched four high-severity vulnerabilities in its Archer NX router series, including a authentication bypass (CVE-2025-15517) that allows unauthenticated attackers to upload malicious firmware and take full control of the device.

**If you own a TP-Link Archer NX router (NX600, NX500, NX210, or NX200), make sure it is isolated from the internet and accessible from trusted networks only. Then plan a quick patch to the latest firmware from the official TP-Link Support portal for your specific hardware version. Disable remote management and ensure the admin interface is only reachable from your internal network.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

CVE-2026-3584
(9.8 CRITICAL)

EPSS: 0.29%

updated 2026-03-23T14:32:02.800000

1 posts

The Kali Forms plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.4.9 via the 'form_process' function. This is due to the 'prepare_post_data' function mapping user-supplied keys directly into internal placeholder storage, combined with the use of 'call_user_func' on these placeholder values. This makes it possible for unauthenticated attackers to ex

1 repos

https://github.com/Yucaerin/CVE-2026-3584

fbinin@mastodon.fbin.in at 2026-03-28T15:07:56.000Z ##

Also @beyondmachines1

Hackers Actively Exploiting 9.8 Critical RCE Flaw in Kali Forms WordPress Plugin

securityonline.info/kali-forms

#wordpress #plugins #kaliforms #vulnerability #critical

##

CVE-2026-32628
(8.8 HIGH)

EPSS: 0.03%

updated 2026-03-16T20:33:27.493000

1 posts

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, a SQL injection vulnerability in the built-in SQL Agent plugin allows any user who can invoke the agent to execute arbitrary SQL commands on connected databases. The getTableSchemaSql() method in all three database connectors (MySQL, PostgreSQL, MSSQL)

LLMs@activitypub.awakari.com at 2026-03-26T09:43:00.000Z ## A 56,000-Star AI App Shipped With a Textbook SQL Injection Flaw A 56,000-star LLM app ships with raw string concatenation in its database connector. I found it, reported it, got the CVE. Here is th...

#cybersecurity #ai-security #offensive-security #vulnerability-research #anythingllm-cve #cve-2026-32628 #ai-agent-security #sql-injection-flaw

Origin | Interest | Match ##

CVE-2026-26123
(5.5 MEDIUM)

EPSS: 0.05%

updated 2026-03-13T20:45:13.817000

1 posts

Cwe is not in rca categories in Microsoft Authenticator allows an unauthorized attacker to disclose information locally.

BugBountyShorts@infosec.exchange at 2026-03-25T23:40:25.000Z ##

Microsoft Authenticator’s Unclaimed Deep Link: A Full Account Takeover Story (CVE-2026–26123)
This vulnerability is an Authentication Bypass, specifically a session hijacking issue affecting the Microsoft Authenticator app. The root cause was improper handling of deep links within the application, which allowed malicious actors to craft unclaimed deep links containing account tokens. When users clicked these links, their active sessions were hijacked, resulting in full account takeover without requiring any user interaction other than clicking a link. To exploit this, an attacker could generate a malicious deep link with an embedded account token and share it via SMS or email. The session hijack occurred due to the application's failure to verify the authenticity of deep links before processing them. This vulnerability has been assigned CVE-2026–26123. Microsoft rewarded $50,000 for this find and immediately patched the issue. To prevent similar vulnerabilities, it is crucial to thoroughly validate and sanitize all user-controlled inputs, including deep links. Key lesson: Always verify the authenticity of user-supplied data before processing it. #BugBounty #Cybersecurity #AuthenticationBypass #SessionHijacking #Infosec

infosecwriteups.com/microsoft-

##

CVE-2026-20079
(10.0 CRITICAL)

EPSS: 0.06%

updated 2026-03-04T18:32:03

1 posts

A vulnerability in the web interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authentication and execute script files on an affected device to obtain root access to the underlying operating system. This vulnerability is due to an improper system process that is created at boot time. An attacker could exploit this vulnerab

2 repos

https://github.com/0xBlackash/CVE-2026-20079

https://github.com/Sushilsin/CVE-2026-20079

catc0n@infosec.exchange at 2026-03-26T22:49:46.000Z ##

After 2+ weeks of semi-painful exploit development, @yeslikethefood and team have a full RCA out for Cisco Secure Firewall Management Center (FMC) CVE-2026-20079.

The bug is a CVSS 10, but there are significant prerequisites that may limit exploitability in real-world scenarios. There are between 300 and 700 FMC systems on the public internet as of today.

vulncheck.com/blog/cisco-fmc-a

##

CVE-2026-21962
(10.0 CRITICAL)

EPSS: 0.02%

updated 2026-02-03T00:30:18

1 posts

Vulnerability in the Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in product of Oracle Fusion Middleware (component: Weblogic Server Proxy Plug-in for Apache HTTP Server, Weblogic Server Proxy Plug-in for IIS). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to c

8 repos

https://github.com/gregk4sec/cve-2026-21962

https://github.com/ThumpBo/CVE-2026-21962

https://github.com/gregk4sec/CVE-2026-21962-o

https://github.com/George0Papasotiriou/CVE-2026-21962-Oracle-HTTP-Server-WebLogic-Proxy-Plug-in-Critical-

https://github.com/gglessner/cve_2026_21962_scanner

https://github.com/samael0x4/CVE-2026-21962

https://github.com/naozibuhao/CVE-2026-21962_Java_GUI_Exploit_Tool

https://github.com/boroeurnprach/Ashwesker-CVE-2026-21962

beyondmachines1@infosec.exchange at 2026-03-27T09:01:47.000Z ##

Oracle WebLogic Servers Face Immediate Exploitation of Critical RCE Vulnerabilities

Oracle WebLogic Server is under active attack following the rapid weaponization of CVE-2026-21962, a critical RCE flaw exploited the same day its exploit code was released. Attackers are using automated tools and VPS infrastructure to target both new and legacy vulnerabilities.

**If you're running Oracle WebLogic Server, patch immediately. CVE-2026-21962 is being exploited in the wild on the same day exploit code dropped, and attackers are also chaining older flaws like CVE-2020-14882 and CVE-2017-10271 that still work on unpatched systems. Restrict WebLogic admin console access to internal networks or VPN only, disable protocols you don't need (IIOP, T3), and prioritize getting those patches applied today. These attacks are fully automated, require no login, and give attackers complete control of your server.**
#cybersecurity #infosec #attack #activeexploit
beyondmachines.net/event_detai

##

CVE-2025-12548
(9.0 CRITICAL)

EPSS: 44.19%

updated 2026-01-14T16:26:00.933000

2 posts

A flaw was found in Eclipse Che che-machine-exec. This vulnerability allows unauthenticated remote arbitrary command execution and secret exfiltration (SSH keys, tokens, etc.) from other users' Developer Workspace containers, via an unauthenticated JSON-RPC / websocket API exposed on TCP port 3333.

metasploit at 2026-03-27T21:24:25.470Z ##

The latest Wrapup is here! 🎉 This week brings enhanced SMB NTLM relaying for better client compatibility (including smbclient), plus new modules for RCE in Eclipse Che (CVE-2025-12548), Barracuda ESG command injection (CVE-2023-2868), and an ESC/POS printer injector.

Check it out at rapid7.com/blog/post/pt-metasp

##
metasploit@infosec.exchange at 2026-03-27T21:24:25.000Z ##

The latest #Metasploit Wrapup is here! 🎉 This week brings enhanced SMB NTLM relaying for better client compatibility (including smbclient), plus new modules for RCE in Eclipse Che (CVE-2025-12548), Barracuda ESG command injection (CVE-2023-2868), and an ESC/POS printer injector.

Check it out at rapid7.com/blog/post/pt-metasp

##

CVE-2025-55182
(10.0 CRITICAL)

EPSS: 71.17%

updated 2025-12-09T16:53:25

1 posts

### Impact There is an unauthenticated remote code execution vulnerability in React Server Components. We recommend upgrading immediately. The vulnerability is present in versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 of: * [react-server-dom-webpack](https://www.npmjs.com/package/react-server-dom-webpack) * [react-server-dom-parcel](https://www.npmjs.com/package/react-server-dom-parcel) * [react-s

Nuclei template

100 repos

https://github.com/zzhorc/CVE-2025-55182

https://github.com/mrknow001/RSC_Detector

https://github.com/BeichenDream/CVE-2025-55182-GodzillaMemoryShell

https://github.com/Chocapikk/CVE-2025-55182

https://github.com/surajhacx/react2shellpoc

https://github.com/im-ezboy/CVE-2025-55182-zoomeye

https://github.com/Tiger-Foxx/exploit-react-CVE-2025-55182

https://github.com/Syrins/CVE-2025-55182-React2Shell-RCE

https://github.com/Security-Phoenix-demo/react2shell-scanner-rce-react-next-CVE-2025-55182-CVE-2025-66478

https://github.com/theman001/CVE-2025-55182

https://github.com/AdityaBhatt3010/React2Shell-CVE-2025-55182

https://github.com/StealthMoud/CVE-2025-55182-Scanner

https://github.com/anuththara2007-W/CVE-2025-55182-Exploit-extension

https://github.com/CymulateResearch/React2Shell-Scanner

https://github.com/ynsmroztas/NextRce

https://github.com/AdityaBhatt3010/React2Shell-CVE-2025-55182-The-Deserialization-Bug-That-Broke-the-Web

https://github.com/kOaDT/poc-cve-2025-55182

https://github.com/alptexans/RSC-Detect-CVE-2025-55182

https://github.com/RuoJi6/CVE-2025-55182-RCE-shell

https://github.com/keklick1337/CVE-2025-55182-golang-PoC

https://github.com/alfazhossain/CVE-2025-55182-Exploiter

https://github.com/logesh-GIT001/CVE-2025-55182

https://github.com/fatguru/CVE-2025-55182-scanner

https://github.com/xcanwin/CVE-2025-55182-React-RCE

https://github.com/hackersatyamrastogi/react2shell-ultimate

https://github.com/LemonTeatw1/CVE-2025-55182-exploit

https://github.com/kavienanj/CVE-2025-55182

https://github.com/shyambhanushali/React2Shell

https://github.com/santihabib/CVE-2025-55182-analysis

https://github.com/alsaut1/react2shell-lab

https://github.com/ThemeHackers/CVE-2025-55182

https://github.com/MrR0b0t19/CVE-2025-55182-shellinteractive

https://github.com/c0rydoras/CVE-2025-55182

https://github.com/zack0x01/CVE-2025-55182-advanced-scanner-

https://github.com/dwisiswant0/CVE-2025-55182

https://github.com/Dh4v4l8/CVE-2025-55182-poc-tool

https://github.com/jctommasi/react2shellVulnApp

https://github.com/Faithtiannn/CVE-2025-55182

https://github.com/vulncheck-oss/cve-2025-55182

https://github.com/jf0x3a/CVE-2025-55182-exploit

https://github.com/MemerGamer/CVE-2025-55182

https://github.com/acheong08/CVE-2025-55182-poc

https://github.com/techgaun/cve-2025-55182-scanner

https://github.com/emredavut/CVE-2025-55182

https://github.com/EynaExp/CVE-2025-55182-POC

https://github.com/theori-io/reactguard

https://github.com/sumanrox/rschunter

https://github.com/xalgord/React2Shell

https://github.com/Pizz33/CVE-2025-55182-burpscanner

https://github.com/yanoshercohen/React2Shell_CVE-2025-55182

https://github.com/momika233/CVE-2025-55182-bypass

https://github.com/songsanggggg/CVE-2025-55182

https://github.com/chrahman/react2shell-CVE-2025-55182-full-rce-script

https://github.com/zack0x01/vuln-app-CVE-2025-55182

https://github.com/snipevx/React2Shell-POC

https://github.com/ZihxS/check-react-rce-cve-2025-55182

https://github.com/whiteov3rflow/CVE-2025-55182-poc

https://github.com/nehkark/CVE-2025-55182

https://github.com/aliclub0x00/CVE-2025-55182-POC-NEXTJS

https://github.com/ejpir/CVE-2025-55182-research

https://github.com/AliHzSec/CVE-2025-55182

https://github.com/Archerkong/CVE-2025-55182

https://github.com/hidden-investigations/react2shell-scanner

https://github.com/sudo-Yangziran/CVE-2025-55182POC

https://github.com/Updatelap/CVE-2025-55182

https://github.com/assetnote/react2shell-scanner

https://github.com/lachlan2k/React2Shell-CVE-2025-55182-original-poc

https://github.com/hualy13/CVE-2025-55182

https://github.com/BlackTechX011/React2Shell

https://github.com/hoosin/CVE-2025-55182

https://github.com/zr0n/react2shell

https://github.com/Rsatan/Next.js-Exploit-Tool

https://github.com/MoLeft/React2Shell-Toolbox

https://github.com/vijay-shirhatti/RSC-Detect-CVE-2025-55182

https://github.com/Spritualkb/CVE-2025-55182-exp

https://github.com/Cillian-Collins/CVE-2025-55182

https://github.com/cybertechajju/R2C-CVE-2025-55182-66478

https://github.com/pyroxenites/Nextjs_RCE_Exploit_Tool

https://github.com/msanft/CVE-2025-55182

https://github.com/RavinduRathnayaka/CVE-2025-55182-PoC

https://github.com/l4rm4nd/CVE-2025-55182

https://github.com/freeqaz/react2shell

https://github.com/kondukto-io/vulnerable-next-js-poc

https://github.com/VeilVulp/RscScan-cve-2025-55182

https://github.com/xkillbit/cve-2025-55182-scanner

https://github.com/gensecaihq/react2shell-scanner

https://github.com/CirqueiraDev/MassExploit-CVE-2025-55182

https://github.com/ejpir/CVE-2025-55182-bypass

https://github.com/tobiasGuta/Next.js-RSC-RCE-Scanner-Burp-Suite-Extension

https://github.com/timsonner/React2Shell-CVE-2025-55182

https://github.com/sickwell/CVE-2025-55182

https://github.com/heiheishushu/rsc_detect_CVE-2025-55182

https://github.com/Cr4at0r/Next.js-RCE-Scanner-BurpSuite-Extension-

https://github.com/pax-k/react2shell-CVE-2025-55182-full-rce-script

https://github.com/shamo0/react2shell-PoC

https://github.com/websecuritylabs/React2Shell-Library

https://github.com/M4xSec/CVE-2025-55182-React2Shell-RCE-Shell

https://github.com/subhdotsol/CVE-2025-55182

https://github.com/rix4uni/CVE-2025-55182

https://github.com/BankkRoll/Quickcheck-CVE-2025-55182-React-and-CVE-2025-66478-Next.js

AAKL@infosec.exchange at 2026-03-26T17:21:40.000Z ##

New. This relates to CVE-2023-46604, CVE-2023-38646, and CVE-2025-55182.

VulnCheck: The Return of the Kinsing vulncheck.com/blog/return-of-t @vulncheck #infosec #threatresearch #botnet

##

CVE-2023-46604
(10.0 CRITICAL)

EPSS: 94.44%

updated 2025-11-04T16:41:16.217000

1 posts

The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client or the broker (respectively) to instantiate any class on the classpath. Users

Nuclei template

34 repos

https://github.com/justdoit-cai/CVE-2023-46604-Apache-ActiveMQ-RCE-exp

https://github.com/mrpentst/CVE-2023-46604

https://github.com/pulentoski/CVE-2023-46604

https://github.com/stegano5/ExploitScript-CVE-2023-46604

https://github.com/CCIEVoice2009/CVE-2023-46604

https://github.com/dcm2406/CVE-Lab

https://github.com/cuanh2333/CVE-2023-46604

https://github.com/minhangxiaohui/ActiveMQ_CVE-2023-46604

https://github.com/Anekant-Singhai/Exploits

https://github.com/fiza-naeem0902/Vulnerability-Assessment

https://github.com/h3x3h0g/ActiveMQ-RCE-CVE-2023-46604-Write-up

https://github.com/tomasmussi/activemq-cve-2023-46604

https://github.com/Arlenhiack/ActiveMQ-RCE-Exploit

https://github.com/Mudoleto/Broker_ApacheMQ

https://github.com/RockyDesigne/SSP-Assignment-3-RCEYouLater

https://github.com/mranv/honeypot.rs

https://github.com/thinkycx/activemq-rce-cve-2023-46604

https://github.com/vaishnavucv/Project-Vuln-Detection-N-Mitigation_101

https://github.com/trganda/ActiveMQ-RCE

https://github.com/LiritoShawshark/CVE-2023-46604_ActiveMQ_RCE_Recurrence

https://github.com/pavanaa4k/CVE-2023-46604-LAB

https://github.com/nitzanoligo/CVE-2023-46604-demo

https://github.com/NKeshawarz/CVE-2023-46604-RCE

https://github.com/skrkcb2/CVE-2023-46604

https://github.com/vulncheck-oss/cve-2023-46604

https://github.com/evkl1d/CVE-2023-46604

https://github.com/dcm2406/CVE-2023-46604

https://github.com/duck-sec/CVE-2023-46604-ActiveMQ-RCE-pseudoshell

https://github.com/ImuSpirit/ActiveMQ_RCE_Pro_Max

https://github.com/vjayant93/CVE-2023-46604-POC

https://github.com/SaumyajeetDas/CVE-2023-46604-RCE-Reverse-Shell-Apache-ActiveMQ

https://github.com/hh-hunter/cve-2023-46604

https://github.com/sangrok-jeon/CVE-2023-46604-Analysis

https://github.com/infokek/activemq-honeypot

AAKL@infosec.exchange at 2026-03-26T17:21:40.000Z ##

New. This relates to CVE-2023-46604, CVE-2023-38646, and CVE-2025-55182.

VulnCheck: The Return of the Kinsing vulncheck.com/blog/return-of-t @vulncheck #infosec #threatresearch #botnet

##

CVE-2024-54492
(5.9 MEDIUM)

EPSS: 0.27%

updated 2025-11-03T23:17:25.830000

2 posts

This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, visionOS 2.2. An attacker in a privileged network position may be able to alter network traffic.

mysk@mastodon.social at 2026-03-27T23:48:02.000Z ##

Good to know but every vulnerability we discovered and reported to Apple also affected the Lockdown Mode. This includes CVE-2024-54492 that impacted the Passwords app. An option to "Allow Contacting Websites" was added starting iOS 26

#privacy #security #iOS #Apple #infosec
--------
Apple Says No iPhone in Lockdown Mode Has Ever Been Hacked

macrumors.com/2026/03/27/no-ip

##
mysk@mastodon.social at 2026-03-27T23:48:02.000Z ##

Good to know but every vulnerability we discovered and reported to Apple also affected the Lockdown Mode. This includes CVE-2024-54492 that impacted the Passwords app. An option to "Allow Contacting Websites" was added starting iOS 26

#privacy #security #iOS #Apple #infosec
--------
Apple Says No iPhone in Lockdown Mode Has Ever Been Hacked

macrumors.com/2026/03/27/no-ip

##

CVE-2023-2868
(9.4 CRITICAL)

EPSS: 90.02%

updated 2025-10-22T00:33:51

2 posts

A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives). The vulnerability stems from incomplete input validation of a user-supplied .tar file as it pertains to the names of the

4 repos

https://github.com/cfielding-r7/poc-cve-2023-2868

https://github.com/krmxd/CVE-2023-2868

https://github.com/getdrive/PoC

https://github.com/cashapp323232/CVE-2023-2868CVE-2023-2868

metasploit at 2026-03-27T21:24:25.470Z ##

The latest Wrapup is here! 🎉 This week brings enhanced SMB NTLM relaying for better client compatibility (including smbclient), plus new modules for RCE in Eclipse Che (CVE-2025-12548), Barracuda ESG command injection (CVE-2023-2868), and an ESC/POS printer injector.

Check it out at rapid7.com/blog/post/pt-metasp

##
metasploit@infosec.exchange at 2026-03-27T21:24:25.000Z ##

The latest #Metasploit Wrapup is here! 🎉 This week brings enhanced SMB NTLM relaying for better client compatibility (including smbclient), plus new modules for RCE in Eclipse Che (CVE-2025-12548), Barracuda ESG command injection (CVE-2023-2868), and an ESC/POS printer injector.

Check it out at rapid7.com/blog/post/pt-metasp

##

CVE-2023-32434
(7.8 HIGH)

EPSS: 61.25%

updated 2025-10-22T00:33:51

2 posts

An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 8.8.1, iOS 16.5.1 and iPadOS 16.5.1, iOS 15.7.7 and iPadOS 15.7.7, macOS Big Sur 11.7.8, macOS Monterey 12.6.7, macOS Ventura 13.4.1, watchOS 9.5.2. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against v

2 repos

https://github.com/rkrakesh524/oob_entry

https://github.com/alfiecg24/Trigon

decio@infosec.exchange at 2026-03-26T14:50:23.000Z ##

👆
🖼️
"Analysis of the kit showed that it relies on the exploitation of many previously patched vulnerabilities and also includes exploits for CVE-2023-32434 and CVE-2023-38606. These two vulnerabilities particularly caught our attention because they had been first first discovered as zero-days used in Operation Triangulation. "
👇
securelist.com/coruna-framewor

ah oueee... ça c'est une jolie "coïncidence" & plot twist

intéressant maintenant de voir quelles etaient les cibles...

#CyberVeille #Triangulation

##
oversecurity@mastodon.social at 2026-03-26T08:20:04.000Z ##

Coruna: the framework used in Operation Triangulation

Kaspersky GReAT experts look into the Coruna exploit kit targeting iPhones. We discovered that the kernel exploit for CVE-2023-32434 and...

🔗️ [Securelist] link.is.it/XwhkQ8

##

CVE-2023-38606
(5.5 MEDIUM)

EPSS: 0.12%

updated 2025-10-22T00:33:51

1 posts

This issue was addressed with improved state management. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Big Sur 11.7.9, macOS Monterey 12.6.8, tvOS 16.6, watchOS 9.6, macOS Ventura 13.5, iOS 15.7.8 and iPadOS 15.7.8. An app may be able to modify sensitive kernel state. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15

decio@infosec.exchange at 2026-03-26T14:50:23.000Z ##

👆
🖼️
"Analysis of the kit showed that it relies on the exploitation of many previously patched vulnerabilities and also includes exploits for CVE-2023-32434 and CVE-2023-38606. These two vulnerabilities particularly caught our attention because they had been first first discovered as zero-days used in Operation Triangulation. "
👇
securelist.com/coruna-framewor

ah oueee... ça c'est une jolie "coïncidence" & plot twist

intéressant maintenant de voir quelles etaient les cibles...

#CyberVeille #Triangulation

##

CVE-2020-14882
(9.8 CRITICAL)

EPSS: 94.45%

updated 2025-10-22T00:31:59

1 posts

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeove

Nuclei template

41 repos

https://github.com/exploitblizzard/CVE-2020-14882-WebLogic

https://github.com/GGyao/CVE-2020-14882_ALL

https://github.com/ovProphet/CVE-2020-14882-checker

https://github.com/KKC73/weblogic-cve-2020-14882

https://github.com/0xn0ne/weblogicScanner

https://github.com/Danny-LLi/CVE-2020-14882

https://github.com/NS-Sp4ce/CVE-2020-14882

https://github.com/zesnd/CVE-2020-14882-POC

https://github.com/qianniaoge/CVE-2020-14882_Exploit_Gui

https://github.com/milo2012/CVE-2020-14882

https://github.com/nik0nz7/CVE-2020-14882

https://github.com/LucasPDiniz/CVE-2020-14882

https://github.com/XTeam-Wing/CVE-2020-14882

https://github.com/AleksaZatezalo/CVE-2020-14882

https://github.com/pwn3z/CVE-2020-14882-WebLogic

https://github.com/1n7erface/PocList

https://github.com/Root-Shells/CVE-2020-14882

https://github.com/corelight/CVE-2020-14882-weblogicRCE

https://github.com/Ormicron/CVE-2020-14882-GUI-Test

https://github.com/s1kr10s/CVE-2020-14882

https://github.com/QmF0c3UK/CVE-2020-14882

https://github.com/GGyao/CVE-2020-14882_POC

https://github.com/zhzyker/exphub

https://github.com/b1g-b33f/CVE-2020-14882

https://github.com/ludy-dev/Weblogic_Unauthorized-bypass-RCE

https://github.com/pprietosanchez/CVE-2020-14750

https://github.com/N0Coriander/CVE-2020-14882-14883

https://github.com/tpdlshdmlrkfmcla/WebLogic_CVE_2020_14882

https://github.com/zhzyker/vulmap

https://github.com/BabyTeam1024/CVE-2020-14882

https://github.com/murataydemir/CVE-2020-14882

https://github.com/xMr110/CVE-2020-14882

https://github.com/murataydemir/CVE-2020-14883

https://github.com/xfiftyone/CVE-2020-14882

https://github.com/kk98kk0/CVE-2020-14882

https://github.com/alexfrancow/CVE-2020-14882

https://github.com/jas502n/CVE-2020-14882

https://github.com/mmioimm/cve-2020-14882

https://github.com/0thm4n3/cve-2020-14882

https://github.com/adm1in/CodeTest

https://github.com/wsfengfan/cve-2020-14882

beyondmachines1@infosec.exchange at 2026-03-27T09:01:47.000Z ##

Oracle WebLogic Servers Face Immediate Exploitation of Critical RCE Vulnerabilities

Oracle WebLogic Server is under active attack following the rapid weaponization of CVE-2026-21962, a critical RCE flaw exploited the same day its exploit code was released. Attackers are using automated tools and VPS infrastructure to target both new and legacy vulnerabilities.

**If you're running Oracle WebLogic Server, patch immediately. CVE-2026-21962 is being exploited in the wild on the same day exploit code dropped, and attackers are also chaining older flaws like CVE-2020-14882 and CVE-2017-10271 that still work on unpatched systems. Restrict WebLogic admin console access to internal networks or VPN only, disable protocols you don't need (IIOP, T3), and prioritize getting those patches applied today. These attacks are fully automated, require no login, and give attackers complete control of your server.**
#cybersecurity #infosec #attack #activeexploit
beyondmachines.net/event_detai

##

CVE-2017-10271
(7.5 HIGH)

EPSS: 94.44%

updated 2025-10-22T00:16:01.457000

1 posts

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of

Nuclei template

31 repos

https://github.com/ZH3FENG/PoCs-Weblogic_2017_10271

https://github.com/0xn0ne/weblogicScanner

https://github.com/Al1ex/CVE-2017-10271

https://github.com/SuperHacker-liuan/cve-2017-10271-poc

https://github.com/lonehand/Oracle-WebLogic-CVE-2017-10271-master

https://github.com/kkirsche/CVE-2017-10271

https://github.com/Yuusuke4/WebLogic_CNVD_C_2019_48814

https://github.com/peterpeter228/Oracle-WebLogic-CVE-2017-10271

https://github.com/KKsdall/7kbstormq

https://github.com/7kbstorm/WebLogic_CNVD_C2019_48814

https://github.com/JackyTsuuuy/weblogic_wls_rce_poc-exp

https://github.com/shack2/javaserializetools

https://github.com/Cymmetria/weblogic_honeypot

https://github.com/c0mmand3rOpSec/CVE-2017-10271

https://github.com/ETOCheney/JavaDeserialization

https://github.com/cjjduck/weblogic_wls_wsat_rce

https://github.com/testwc/CVE-2017-10271

https://github.com/kbsec/Weblogic_Wsat_RCE

https://github.com/SkyBlueEternal/CNVD-C-2019-48814-CNNVD-201904-961

https://github.com/XHSecurity/Oracle-WebLogic-CVE-2017-10271

https://github.com/r4b3rt/CVE-2017-10271

https://github.com/pssss/CVE-2017-10271

https://github.com/1337g/CVE-2017-10271

https://github.com/bigsizeme/weblogic-XMLDecoder

https://github.com/Luffin/CVE-2017-10271

https://github.com/ianxtianxt/-CVE-2017-10271-

https://github.com/cved-sources/cve-2017-10271

https://github.com/seoyoung-kang/CVE-2017-10271

https://github.com/rambleZzz/weblogic_CVE_2017_10271

https://github.com/pizza-power/weblogic-CVE-2019-2729-POC

https://github.com/s3xy/CVE-2017-10271

beyondmachines1@infosec.exchange at 2026-03-27T09:01:47.000Z ##

Oracle WebLogic Servers Face Immediate Exploitation of Critical RCE Vulnerabilities

Oracle WebLogic Server is under active attack following the rapid weaponization of CVE-2026-21962, a critical RCE flaw exploited the same day its exploit code was released. Attackers are using automated tools and VPS infrastructure to target both new and legacy vulnerabilities.

**If you're running Oracle WebLogic Server, patch immediately. CVE-2026-21962 is being exploited in the wild on the same day exploit code dropped, and attackers are also chaining older flaws like CVE-2020-14882 and CVE-2017-10271 that still work on unpatched systems. Restrict WebLogic admin console access to internal networks or VPN only, disable protocols you don't need (IIOP, T3), and prioritize getting those patches applied today. These attacks are fully automated, require no login, and give attackers complete control of your server.**
#cybersecurity #infosec #attack #activeexploit
beyondmachines.net/event_detai

##

CVE-2025-9959
(7.6 HIGH)

EPSS: 0.04%

updated 2025-09-04T15:35:29.497000

1 posts

Incomplete validation of dunder attributes allows an attacker to escape from the Local Python execution environment sandbox, enforced by smolagents. The attack requires a Prompt Injection in order to trick the agent to create malicious code.

EUVD_Bot@mastodon.social at 2026-03-27T18:02:07.000Z ##

🚨 EUVD-2026-16726

📊 Score: 5.3/10 (CVSS v3.1)
📦 Product: smolagents
🏢 Vendor: huggingface
📅 Updated: 2026-03-27

📝 A weakness has been identified in huggingface smolagents 1.25.0.dev0. This affects the function evaluate_augassign/evaluate_call/evaluate_with of the file src/smolagents/local_python_executor.py of the component Incomplete Fix CVE-2025-9959. This mani...

🔗 euvd.enisa.europa.eu/vulnerabi

#cybersecurity #infosec #euvd #cve #vulnerability

##

CVE-2025-5063
(8.8 HIGH)

EPSS: 0.46%

updated 2025-07-02T14:15:26.493000

1 posts

Use after free in Compositing in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Mozilla@activitypub.awakari.com at 2026-03-27T14:57:12.000Z ## Google’s Latest Chrome Patch Exposes the Fragile Underbelly of the World’s Most Popular Browser Google's latest Chrome update patches eight security vulnerabilities affecting 3.5 billion us...

#AppSecurityUpdate #browser #security #patch #Chrome #security #vulnerabilities #CVE-2025-5063 #Google #Chrome #update

Origin | Interest | Match ##

CVE-2025-6101
(5.5 MEDIUM)

EPSS: 0.05%

updated 2025-06-16T12:32:18.840000

1 posts

A vulnerability classified as critical has been found in letta-ai letta up to 0.4.1. Affected is the function function_message of the file letta/letta/interface.py. The manipulation of the argument function_name/function_args leads to improper neutralization of directives in dynamically evaluated code. The exploit has been disclosed to the public and may be used.

EUVD_Bot@mastodon.social at 2026-03-27T19:01:09.000Z ##

🚨 EUVD-2026-16736

📊 Score: 6.9/10 (CVSS v3.1)
📦 Product: letta
🏢 Vendor: letta-ai
📅 Updated: 2026-03-27

📝 A vulnerability was detected in letta-ai letta 0.16.4. This issue affects the function resolve_type of the file letta/functions/ast_parsers.py of the component Incomplete Fix CVE-2025-6101. Performing a manipulation results in improper neutralization of direc...

🔗 euvd.enisa.europa.eu/vulnerabi

#cybersecurity #infosec #euvd #cve #vulnerability

##

CVE-2023-38646
(9.8 CRITICAL)

EPSS: 94.25%

updated 2024-11-21T08:13:58.837000

1 posts

Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.

Nuclei template

41 repos

https://github.com/Chocapikk/CVE-2023-38646

https://github.com/Micky1warrior/metabase-pre-auth-rce-poc

https://github.com/j0yb0y0h/CVE-2023-38646

https://github.com/Red4mber/CVE-2023-38646

https://github.com/threatHNTR/CVE-2023-38646

https://github.com/adriyansyah-mf/CVE-2023-38646--Metabase-

https://github.com/fidjiw/CVE-2023-38646-POC

https://github.com/Anekant-Singhai/Exploits

https://github.com/alexandre-pecorilla/CVE-2023-38646

https://github.com/Mrunalkaran/CVE-2023-38646

https://github.com/asepsaepdin/CVE-2023-38646

https://github.com/m3m0o/metabase-pre-auth-rce-poc

https://github.com/BreezeGalaxy/CVE-2023-38646

https://github.com/securezeron/CVE-2023-38646

https://github.com/DaniTheHack3r/CVE-2023-38646

https://github.com/Boogipop/MetabaseRceTools

https://github.com/CN016/Metabase-H2-CVE-2023-38646-

https://github.com/UserConnecting/Exploit-CVE-2023-38646-Metabase

https://github.com/acesoyeo/METABASE-RCE-CVE-2023-38646-

https://github.com/passwa11/CVE-2023-38646

https://github.com/robotmikhro/CVE-2023-38646

https://github.com/birdm4nw/CVE-2023-38646

https://github.com/Zenmovie/CVE-2023-38646

https://github.com/kh4sh3i/CVE-2023-38646

https://github.com/Xuxfff/CVE-2023-38646-Poc

https://github.com/shamo0/CVE-2023-38646-PoC

https://github.com/Pumpkin-Garden/POC_Metabase_CVE-2023-38646

https://github.com/cleanmgr112/cve-2023-38646-poc

https://github.com/nickswink/CVE-2023-38646

https://github.com/yxl2001/CVE-2023-38646

https://github.com/AnvithLobo/CVE-2023-38646

https://github.com/Shisones/MetabaseRCE_CVE-2023-38646

https://github.com/getdrive/PoC

https://github.com/raytheon0x21/CVE-2023-38646

https://github.com/0utl4nder/Another-Metabase-RCE-CVE-2023-38646

https://github.com/Any3ite/cve-2023-38646-metabase-ReverseShell

https://github.com/junnythemarksman/CVE-2023-38646

https://github.com/JayRyz/CVE-2023-38646-PoC-Metabase

https://github.com/Ego1stoo/CVE-2023-38646

https://github.com/0xrobiul/CVE-2023-38646

https://github.com/Pyr0sec/CVE-2023-38646

AAKL@infosec.exchange at 2026-03-26T17:21:40.000Z ##

New. This relates to CVE-2023-46604, CVE-2023-38646, and CVE-2025-55182.

VulnCheck: The Return of the Kinsing vulncheck.com/blog/return-of-t @vulncheck #infosec #threatresearch #botnet

##

CVE-2020-8561
(4.1 MEDIUM)

EPSS: 0.18%

updated 2024-11-21T05:39:02.050000

1 posts

A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs.

raesene@infosec.exchange at 2026-03-27T10:23:01.000Z ##

Just released another entry in my blog series looking at the unpatchable vulnerabilities of Kubernetes.

Whilst the CVEs are quite old, understanding them is useful, both to understand if you need to apply mitigations and also for some of the low-level Kubernetes implementation details they involve.

securitylabs.datadoghq.com/art

##

CVE-2026-33953
(0 None)

EPSS: 0.03%

2 posts

N/A

thehackerwire@mastodon.social at 2026-03-27T22:28:11.000Z ##

🟠 CVE-2026-33953 - High (8.5)

LinkAce is a self-hosted archive to collect website links. Versions prior to 2.5.3 block direct requests to private IP literals, but still performs server-side requests to internal-only resources when those resources are referenced through an inte...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T22:28:11.000Z ##

🟠 CVE-2026-33953 - High (8.5)

LinkAce is a self-hosted archive to collect website links. Versions prior to 2.5.3 block direct requests to private IP literals, but still performs server-side requests to internal-only resources when those resources are referenced through an inte...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33976
(0 None)

EPSS: 0.14%

6 posts

N/A

thehackerwire@mastodon.social at 2026-03-27T22:24:17.000Z ##

🔴 CVE-2026-33976 - Critical (9.6)

Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop and 3.3.17 on Android/iOS, a stored XSS in the Web Clipper rendering flow can be escalated to remote code execution in the desktop app. The root cause is that the clipper prese...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T22:18:30.000Z ##

🔴 CVE-2026-33976 - Critical (9.6)

Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop and 3.3.17 on Android/iOS, a stored XSS in the Web Clipper rendering flow can be escalated to remote code execution in the desktop app. The root cause is that the clipper prese...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
offseq at 2026-03-27T22:00:29.089Z ##

🚨CRITICAL: CVE-2026-33976 in Notesnook Web/Desktop <3.3.11 — stored XSS in Web Clipper leads to RCE via Electron misconfig. Patch ASAP & review Electron security settings. More: radar.offseq.com/threat/cve-20

##
thehackerwire@mastodon.social at 2026-03-27T22:24:17.000Z ##

🔴 CVE-2026-33976 - Critical (9.6)

Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop and 3.3.17 on Android/iOS, a stored XSS in the Web Clipper rendering flow can be escalated to remote code execution in the desktop app. The root cause is that the clipper prese...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T22:18:30.000Z ##

🔴 CVE-2026-33976 - Critical (9.6)

Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop and 3.3.17 on Android/iOS, a stored XSS in the Web Clipper rendering flow can be escalated to remote code execution in the desktop app. The root cause is that the clipper prese...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
offseq@infosec.exchange at 2026-03-27T22:00:29.000Z ##

🚨CRITICAL: CVE-2026-33976 in Notesnook Web/Desktop <3.3.11 — stored XSS in Web Clipper leads to RCE via Electron misconfig. Patch ASAP & review Electron security settings. More: radar.offseq.com/threat/cve-20 #OffSeq #XSS #CyberSecurity #RCE

##

CVE-2026-33955
(0 None)

EPSS: 0.06%

2 posts

N/A

thehackerwire@mastodon.social at 2026-03-27T22:17:56.000Z ##

🟠 CVE-2026-33955 - High (8.6)

Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop, a cross-site scripting vulnerability stored in the note history comparison viewer can escalate to remote code execution in a desktop application. The issue is triggered when a...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T22:17:56.000Z ##

🟠 CVE-2026-33955 - High (8.6)

Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop, a cross-site scripting vulnerability stored in the note history comparison viewer can escalate to remote code execution in a desktop application. The issue is triggered when a...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-34226
(0 None)

EPSS: 0.03%

2 posts

N/A

thehackerwire@mastodon.social at 2026-03-27T22:17:47.000Z ##

🟠 CVE-2026-34226 - High (7.5)

Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Versions prior to 20.8.9 may attach cookies from the current page origin (`window.location`) instead of the request target URL when `fetch(..., { crede...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T22:17:47.000Z ##

🟠 CVE-2026-34226 - High (7.5)

Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Versions prior to 20.8.9 may attach cookies from the current page origin (`window.location`) instead of the request target URL when `fetch(..., { crede...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33755
(0 None)

EPSS: 0.03%

2 posts

N/A

thehackerwire@mastodon.social at 2026-03-27T22:14:59.000Z ##

🟠 CVE-2026-33755 - High (8.8)

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.158, 25.0.92, and 26.0.17, an authenticated SQL Injection vulnerability in the JMAP `Contact/query` endpoint allows any authenticated user wit...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T22:14:59.000Z ##

🟠 CVE-2026-33755 - High (8.8)

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.158, 25.0.92, and 26.0.17, an authenticated SQL Injection vulnerability in the JMAP `Contact/query` endpoint allows any authenticated user wit...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-34375
(0 None)

EPSS: 0.03%

4 posts

N/A

thehackerwire@mastodon.social at 2026-03-27T22:00:19.000Z ##

🟠 CVE-2026-34375 - High (8.2)

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the YPTWallet Stripe payment confirmation page directly echoes the `$_REQUEST['plugin']` parameter into a JavaScript block without any encoding or sanitization. Th...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T21:01:05.000Z ##

🟠 CVE-2026-34375 - High (8.2)

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the YPTWallet Stripe payment confirmation page directly echoes the `$_REQUEST['plugin']` parameter into a JavaScript block without any encoding or sanitization. Th...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T22:00:19.000Z ##

🟠 CVE-2026-34375 - High (8.2)

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the YPTWallet Stripe payment confirmation page directly echoes the `$_REQUEST['plugin']` parameter into a JavaScript block without any encoding or sanitization. Th...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T21:01:05.000Z ##

🟠 CVE-2026-34375 - High (8.2)

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the YPTWallet Stripe payment confirmation page directly echoes the `$_REQUEST['plugin']` parameter into a JavaScript block without any encoding or sanitization. Th...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33874
(0 None)

EPSS: 0.07%

2 posts

N/A

thehackerwire@mastodon.social at 2026-03-27T21:39:28.000Z ##

🟠 CVE-2026-33874 - High (7.8)

Gematik Authenticator securely authenticates users for login to digital health applications. Starting in version 4.12.0 and prior to version 4.16.0, the Mac OS version of the Authenticator is vulnerable to remote code execution, triggered when vic...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T21:39:28.000Z ##

🟠 CVE-2026-33874 - High (7.8)

Gematik Authenticator securely authenticates users for login to digital health applications. Starting in version 4.12.0 and prior to version 4.16.0, the Mac OS version of the Authenticator is vulnerable to remote code execution, triggered when vic...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-1678
(0 None)

EPSS: 0.05%

2 posts

N/A

jtk at 2026-03-27T19:30:21.171Z ##

Weekend Reads

* DNS parser overflow in Zephyr
0xkato.xyz/CVE-2026-1678-DNS-P
* Telegram bots measurement survey
arxiv.org/abs/2603.24302
* AS-path prepending for anycast optimization
arxiv.org/abs/2603.21082
* Building the largest data center
spectrum.ieee.org/5gw-data-cen
* OpenBSD init system and boot process
overeducated-redneck.net/blurg

##
jtk@infosec.exchange at 2026-03-27T19:30:21.000Z ##

Weekend Reads

* DNS parser overflow in Zephyr
0xkato.xyz/CVE-2026-1678-DNS-P
* Telegram bots measurement survey
arxiv.org/abs/2603.24302
* AS-path prepending for anycast optimization
arxiv.org/abs/2603.21082
* Building the largest data center
spectrum.ieee.org/5gw-data-cen
* OpenBSD init system and boot process
overeducated-redneck.net/blurg

#DNS #Telegram #BGP #AI #OpenBSD

##

CVE-2026-32748
(0 None)

EPSS: 0.98%

1 posts

N/A

thehackerwire@mastodon.social at 2026-03-27T00:00:14.000Z ##

🟠 CVE-2026-32748 - High (7.5)

Squid is a caching proxy for the Web. Prior to version 7.5, due to premature release of resource during expected lifetime and heap Use-After-Free bugs, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remot...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33396
(0 None)

EPSS: 0.76%

1 posts

N/A

thehackerwire@mastodon.social at 2026-03-26T22:22:27.000Z ##

🔴 CVE-2026-33396 - Critical (9.9)

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.35, a low-privileged authenticated user (ProjectMember) can achieve remote command execution on the Probe container/host by abusing Synthetic Monitor Playwrig...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-22790
(0 None)

EPSS: 0.05%

1 posts

N/A

thehackerwire@mastodon.social at 2026-03-26T22:21:46.000Z ##

🟠 CVE-2026-22790 - High (8.8)

EVerest is an EV charging software stack. Prior to version 2026.02.0, `HomeplugMessage::setup_payload` trusts `len` after an `assert`; in release builds the check is removed, so oversized SLAC payloads are `memcpy`'d into a ~1497-byte stack buffer...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33416
(0 None)

EPSS: 0.05%

2 posts

N/A

thehackerwire@mastodon.social at 2026-03-26T22:15:35.000Z ##

🟠 CVE-2026-33416 - High (7.5)

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.2.1 through 1.6.55, `png_set_tRNS` and `png_set_PLTE` each alias a heap-allocated buffer betw...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
harrysintonen@infosec.exchange at 2026-03-26T16:00:58.000Z ##

#libpng 1.6.56 fixes two high-severity vulnerabilities: CVE-2026-33416 and CVE-2026-33636.

Out of these CVE-2026-33416: Use-after-free via pointer aliasing in png_set_tRNS and png_set_PLTE is particularly serious as arbitrary code execution has been demonstrated. Applications that call png_free_data() to release memory between png_read_info() and png_read_update_info() are affected.

github.com/pnggroup/libpng/sec

The second vulnerability CVE-2026-33636: Out-of-bounds read/write in the palette expansion on ARM Neon is of more limited concern as only crashes has been demonstrated. More serious impacts have not been ruled out, however.

github.com/pnggroup/libpng/sec

#infosec #cybersecurity #CVE_2026_33416 #CVE_2026_33636

##

CVE-2026-33636
(0 None)

EPSS: 0.03%

2 posts

N/A

thehackerwire@mastodon.social at 2026-03-26T22:00:53.000Z ##

🟠 CVE-2026-33636 - High (7.6)

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.6.36 through 1.6.55, an out-of-bounds read and write exists in libpng's ARM/AArch64 Neon-opti...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
harrysintonen@infosec.exchange at 2026-03-26T16:00:58.000Z ##

#libpng 1.6.56 fixes two high-severity vulnerabilities: CVE-2026-33416 and CVE-2026-33636.

Out of these CVE-2026-33416: Use-after-free via pointer aliasing in png_set_tRNS and png_set_PLTE is particularly serious as arbitrary code execution has been demonstrated. Applications that call png_free_data() to release memory between png_read_info() and png_read_update_info() are affected.

github.com/pnggroup/libpng/sec

The second vulnerability CVE-2026-33636: Out-of-bounds read/write in the palette expansion on ARM Neon is of more limited concern as only crashes has been demonstrated. More serious impacts have not been ruled out, however.

github.com/pnggroup/libpng/sec

#infosec #cybersecurity #CVE_2026_33416 #CVE_2026_33636

##

CVE-2026-33152
(0 None)

EPSS: 0.06%

2 posts

N/A

thehackerwire@mastodon.social at 2026-03-26T21:00:53.000Z ##

🔴 CVE-2026-33152 - Critical (9.1)

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, Tandoor Recipes configures Django REST Framework with BasicAuthentication as one of the default authentication backend...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
offseq@infosec.exchange at 2026-03-26T19:30:29.000Z ##

⚠️ CVE-2026-33152: TandoorRecipes < 2.6.0 suffers CRITICAL vuln (CVSS 9.1). No rate limiting on API BasicAuth enables unlimited password guessing. Patch to 2.6.0 now! radar.offseq.com/threat/cve-20 #OffSeq #Vulnerability #TandoorRecipes #APIsecurity

##

CVE-2026-33491
(0 None)

EPSS: 0.01%

1 posts

N/A

thehackerwire@mastodon.social at 2026-03-26T21:00:43.000Z ##

🟠 CVE-2026-33491 - High (7.8)

Zen C is a systems programming language that compiles to human-readable GNU C/C11. Prior to version 0.4.4, a stack-based buffer overflow vulnerability in the Zen C compiler allows attackers to cause a compiler crash or potentially execute arbitrar...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33506
(0 None)

EPSS: 0.07%

1 posts

N/A

thehackerwire@mastodon.social at 2026-03-26T21:00:31.000Z ##

🟠 CVE-2026-33506 - High (8.8)

Ory Polis, formerly known as BoxyHQ Jackson, bridges or proxies a SAML login flow to OAuth 2.0 or OpenID Connect. Versions prior to 26.2.0 contain a DOM-based Cross-Site Scripting (XSS) vulnerability in Ory Polis's login functionality. The applica...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33631
(0 None)

EPSS: 0.01%

1 posts

N/A

thehackerwire@mastodon.social at 2026-03-26T20:35:18.000Z ##

🟠 CVE-2026-33631 - High (8.7)

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. In versions on the 4.1 branch and earlier, the opfilter Endpoint Security system extension enforced file access policy exclusively by intercepting...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-15519
(0 None)

EPSS: 0.00%

2 posts

N/A

agowa338@chaos.social at 2026-03-26T09:05:52.000Z ##

@heisec

Außerdem, wenn man in die CVEs kuckt, habt ihr das komplett Falsch dargestellt.

feedly.com/cve/CVE-2026-15518 and feedly.com/cve/CVE-2026-15519: that allows unauthenticated attackers to decrypt sensitive device configurations

feedly.com/cve/CVE-2025-15605: An authenticated attacker with low privileges and adjacent network access

##
agowa338@chaos.social at 2026-03-26T09:00:45.000Z ##

@heisec

Ehm:

> Für die Ausnutzung zwei weiterer Schwachstellen (CVE-2026-15518, CVE-2026-15519) benötigen Angreifer Adminrechte. Ist das gegeben, können sie eigene Befehle auf Ebene des Betriebssystems ausführen.

Wenn jemand Adminrechte dafür braucht, ist das KEINE Schwachstelle...

##

CVE-2026-15518
(0 None)

EPSS: 0.00%

2 posts

N/A

agowa338@chaos.social at 2026-03-26T09:05:52.000Z ##

@heisec

Außerdem, wenn man in die CVEs kuckt, habt ihr das komplett Falsch dargestellt.

feedly.com/cve/CVE-2026-15518 and feedly.com/cve/CVE-2026-15519: that allows unauthenticated attackers to decrypt sensitive device configurations

feedly.com/cve/CVE-2025-15605: An authenticated attacker with low privileges and adjacent network access

##
agowa338@chaos.social at 2026-03-26T09:00:45.000Z ##

@heisec

Ehm:

> Für die Ausnutzung zwei weiterer Schwachstellen (CVE-2026-15518, CVE-2026-15519) benötigen Angreifer Adminrechte. Ist das gegeben, können sie eigene Befehle auf Ebene des Betriebssystems ausführen.

Wenn jemand Adminrechte dafür braucht, ist das KEINE Schwachstelle...

##

CVE-2026-33526
(0 None)

EPSS: 1.98%

1 posts

N/A

offseq@infosec.exchange at 2026-03-26T01:30:27.000Z ##

🚨 CVE-2026-33526: Critical Use-After-Free in Squid (<7.5) allows remote attackers to crash Squid via ICP traffic. icp_access rules are ineffective. Upgrade to 7.5+ or disable ICP (icp_port=0) ASAP! radar.offseq.com/threat/cve-20 #OffSeq #Squid #Vuln #DoS

##

CVE-2026-33932
(0 None)

EPSS: 0.03%

1 posts

N/A

thehackerwire@mastodon.social at 2026-03-26T01:01:16.000Z ##

🟠 CVE-2026-33932 - High (7.6)

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, a stored cross-site scripting vulnerability in the CCDA document preview allows an attacker who can upload or send a...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-34055
(0 None)

EPSS: 0.02%

1 posts

N/A

thehackerwire@mastodon.social at 2026-03-26T01:00:23.000Z ##

🟠 CVE-2026-34055 - High (8.1)

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the legacy patient notes functions in `library/pnotes.inc.php` perform updates and deletes using `WHERE id = ?` with...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-23514
(0 None)

EPSS: 0.03%

1 posts

N/A

thehackerwire@mastodon.social at 2026-03-26T00:00:17.000Z ##

🟠 CVE-2026-23514 - High (8.8)

Kiteworks is a private data network (PDN). Versions 9.2.0 and 9.2.1 of Kiteworks Core have an access control vulnerability that allows authenticated users to access unauthorized content. Upgrade Kiteworks Core to version 9.2.2 or later to receive ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-29187
(0 None)

EPSS: 0.00%

2 posts

N/A

1 repos

https://github.com/ChrisSub08/CVE-2026-29187_SqlInjectionVulnerabilityOpenEMR7.0.4

thehackerwire@mastodon.social at 2026-03-25T23:35:39.000Z ##

🟠 CVE-2026-29187 - High (8.1)

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, a Blind SQL Injection vulnerability exists in the Patient Search functionality (/interface/new/new_search_popup.php)...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-25T23:20:27.000Z ##

🟠 CVE-2026-29187 - High (8.1)

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, a Blind SQL Injection vulnerability exists in the Patient Search functionality (/interface/new/new_search_popup.php)...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-24750
(0 None)

EPSS: 0.03%

1 posts

N/A

thehackerwire@mastodon.social at 2026-03-25T22:00:21.000Z ##

🟠 CVE-2026-24750 - High (7.6)

Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, an authenticated attacker could exploit an Improper Neutralization of Input During Web Page Generation as Stored XSS when modifying forms. Upgrade Ki...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
Visit counter For Websites