| CVE | CVSS | EPSS | Posts | Repos | Nuclei | Updated | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-20432 | 8.0 | 0.06% | 2 | 0 | 2026-04-07T15:31:49 | In Modem, there is a possible out of bounds write due to a missing bounds check. | |
| CVE-2026-5627 | 9.1 | 0.00% | 4 | 0 | 2026-04-07T15:30:58 | A path traversal vulnerability exists in mintplex-labs/anything-llm versions up | |
| CVE-2026-23818 | 8.8 | 0.00% | 2 | 0 | 2026-04-07T15:30:58 | A vulnerability has been identified in the graphical user interface (GUI) of HPE | |
| CVE-2026-22679 | 9.8 | 0.00% | 2 | 0 | 2026-04-07T15:30:53 | Weaver (Fanwei) E-cology 10.0 versions prior to 20260312 contain an unauthentica | |
| CVE-2026-34197 | 8.8 | 0.06% | 2 | 0 | 2026-04-07T15:30:49 | Improper Input Validation, Improper Control of Generation of Code ('Code Injecti | |
| CVE-2026-20433 | 8.8 | 0.06% | 2 | 0 | 2026-04-07T15:30:48 | In Modem, there is a possible out of bounds write due to a missing bounds check. | |
| CVE-2026-5373 | 8.1 | 0.00% | 2 | 0 | 2026-04-07T15:17:47.140000 | An issue that allowed all-organization administrators to promote accounts to sup | |
| CVE-2026-4740 | 8.2 | 0.00% | 2 | 0 | 2026-04-07T15:17:46.797000 | A flaw was found in Open Cluster Management (OCM), the technology underlying Red | |
| CVE-2026-35485 | 7.5 | 0.00% | 2 | 0 | 2026-04-07T15:17:45.677000 | text-generation-webui is an open-source web interface for running Large Language | |
| CVE-2026-35464 | 7.5 | 0.00% | 2 | 0 | 2026-04-07T15:17:44.523000 | pyLoad is a free and open-source download manager written in Python. The fix for | |
| CVE-2026-35463 | 8.8 | 0.00% | 2 | 0 | 2026-04-07T15:17:44.363000 | pyLoad is a free and open-source download manager written in Python. In 0.5.0b3. | |
| CVE-2026-35457 | 8.2 | 0.00% | 2 | 0 | 2026-04-07T15:17:43.587000 | libp2p-rust is the official rust language Implementation of the libp2p networkin | |
| CVE-2026-35405 | 7.5 | 0.00% | 2 | 0 | 2026-04-07T15:17:43.367000 | libp2p-rust is the official rust language Implementation of the libp2p networkin | |
| CVE-2026-35187 | 7.7 | 0.03% | 2 | 0 | 2026-04-07T15:17:42.940000 | pyLoad is a free and open-source download manager written in Python. In 0.5.0b3. | |
| CVE-2026-35164 | 8.8 | 0.21% | 2 | 0 | 2026-04-07T15:17:42.303000 | Brave CMS is an open-source CMS. Prior to 2.0.6, an unrestricted file upload vul | |
| CVE-2026-34783 | 8.1 | 0.16% | 1 | 0 | 2026-04-07T15:17:40.383000 | Ferret is a declarative system for working with web data. Prior to 2.0.0-alpha.4 | |
| CVE-2026-24660 | 8.1 | 0.00% | 2 | 0 | 2026-04-07T15:17:37.213000 | A heap-based buffer overflow vulnerability exists in the x3f_load_huffman functi | |
| CVE-2026-24450 | 8.1 | 0.00% | 2 | 0 | 2026-04-07T15:17:37.040000 | An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw fun | |
| CVE-2026-35409 | 7.7 | 0.03% | 2 | 0 | 2026-04-07T14:20:08 | ### Summary A Server-Side Request Forgery (SSRF) protection bypass has been iden | |
| CVE-2026-35408 | 8.7 | 0.01% | 2 | 0 | 2026-04-07T14:19:50 | ## Summary Directus's Single Sign-On (SSO) login pages lacked a `Cross-Origin-O | |
| CVE-2026-3184 | 3.7 | 0.08% | 1 | 1 | 2026-04-07T13:20:55.200000 | A flaw was found in util-linux. Improper hostname canonicalization in the `login | |
| CVE-2026-32186 | 9.8 | 0.09% | 1 | 0 | 2026-04-07T13:20:55.200000 | Microsoft Bing Elevation of Privilege Vulnerability | |
| CVE-2026-3445 | 7.1 | 0.03% | 1 | 0 | 2026-04-07T13:20:55.200000 | The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User | |
| CVE-2026-1233 | 7.5 | 0.02% | 2 | 0 | 2026-04-07T13:20:55.200000 | The Text to Speech for WP (AI Voices by Mementor) plugin for WordPress is vulner | |
| CVE-2026-3666 | 8.8 | 0.03% | 2 | 0 | 2026-04-07T13:20:55.200000 | The wpForo Forum plugin for WordPress is vulnerable to arbitrary file deletion i | |
| CVE-2026-34935 | 9.8 | 0.08% | 1 | 0 | 2026-04-07T13:20:55.200000 | PraisonAI is a multi-agent teams system. From version 4.5.15 to before version 4 | |
| CVE-2025-47390 | 7.8 | 0.01% | 1 | 0 | 2026-04-07T13:20:35.010000 | Memory corruption while preprocessing IOCTL request in JPEG driver. | |
| CVE-2026-21372 | 7.8 | 0.01% | 1 | 0 | 2026-04-07T13:20:35.010000 | Memory Corruption when sending IOCTL requests with invalid buffer sizes during m | |
| CVE-2026-21376 | 7.8 | 0.01% | 2 | 0 | 2026-04-07T13:20:35.010000 | Memory Corruption when accessing an output buffer without validating its size du | |
| CVE-2026-21380 | 7.8 | 0.01% | 1 | 0 | 2026-04-07T13:20:35.010000 | Memory Corruption when using deprecated DMABUF IOCTL calls to manage video memor | |
| CVE-2026-26263 | 8.1 | 0.03% | 1 | 0 | 2026-04-07T13:20:35.010000 | GLPI is a free asset and IT management software package. From 11.0.0 to before 1 | |
| CVE-2026-3524 | 8.8 | 0.01% | 1 | 0 | 2026-04-07T13:20:35.010000 | Mattermost Plugin Legal Hold versions <=1.1.4 fail to halt request processing af | |
| CVE-2026-5629 | 8.8 | 0.04% | 2 | 0 | 2026-04-07T13:20:35.010000 | A vulnerability was detected in Belkin F9K1015 1.00.10. The affected element is | |
| CVE-2026-5611 | 8.8 | 0.04% | 1 | 0 | 2026-04-07T13:20:35.010000 | A vulnerability was found in Belkin F9K1015 1.00.10. This affects the function f | |
| CVE-2026-5608 | 8.8 | 0.04% | 2 | 0 | 2026-04-07T13:20:35.010000 | A vulnerability was detected in Belkin F9K1122 1.00.33. Affected is the function | |
| CVE-2026-5558 | 6.3 | 0.01% | 1 | 0 | 2026-04-07T13:20:35.010000 | A flaw has been found in PHPGurukul PHPGurukul Online Shopping Portal Project up | |
| CVE-2026-5548 | 8.8 | 0.05% | 1 | 0 | 2026-04-07T13:20:35.010000 | A vulnerability was found in Tenda AC10 16.03.10.10_multi_TDE01. Affected by thi | |
| CVE-2026-34989 | 0 | 0.05% | 2 | 0 | 2026-04-07T13:20:11.643000 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, mo | |
| CVE-2026-35471 | 9.8 | 0.07% | 6 | 0 | 2026-04-07T13:20:11.643000 | goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, tdeleteFile() | |
| CVE-2026-35044 | 8.8 | 0.04% | 2 | 0 | 2026-04-07T13:20:11.643000 | BentoML is a Python library for building online serving systems optimized for AI | |
| CVE-2026-0740 | 9.8 | 0.08% | 4 | 0 | 2026-04-07T13:20:11.643000 | The Ninja Forms - File Uploads plugin for WordPress is vulnerable to arbitrary f | |
| CVE-2026-35022 | 9.8 | 0.25% | 4 | 0 | 2026-04-07T13:20:11.643000 | Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection v | |
| CVE-2026-35392 | 9.8 | 0.07% | 4 | 0 | 2026-04-07T13:20:11.643000 | goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, PUT upload in | |
| CVE-2026-35442 | 8.1 | 0.04% | 2 | 0 | 2026-04-07T13:20:11.643000 | Directus is a real-time API and App dashboard for managing SQL database content. | |
| CVE-2026-5709 | 8.8 | 0.07% | 2 | 0 | 2026-04-07T13:20:11.643000 | Unsanitized input in the FileBrowser API in AWS Research and Engineering Studio | |
| CVE-2026-5687 | 8.8 | 0.05% | 2 | 0 | 2026-04-07T13:20:11.643000 | A weakness has been identified in Tenda CX12L 16.03.53.12. This issue affects th | |
| CVE-2026-35174 | 9.1 | 0.35% | 2 | 0 | 2026-04-07T13:20:11.643000 | Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, a path tra | |
| CVE-2026-34986 | 7.5 | 0.01% | 1 | 0 | 2026-04-07T13:20:11.643000 | Go JOSE provides an implementation of the Javascript Object Signing and Encrypti | |
| CVE-2026-34208 | 10.0 | 0.06% | 1 | 0 | 2026-04-07T13:20:11.643000 | SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, SandboxJS blocks | |
| CVE-2026-33752 | 8.6 | 0.01% | 1 | 1 | 2026-04-07T13:20:11.643000 | curl_cffi is the a Python binding for curl. Prior to 0.15.0, curl_cffi does not | |
| CVE-2026-31842 | 7.5 | 0.05% | 2 | 0 | 2026-04-07T12:31:21 | Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization | |
| CVE-2026-34904 | 7.5 | 0.02% | 2 | 0 | 2026-04-07T09:31:28 | Cross-Site Request Forgery (CSRF) vulnerability in Analytify Simple Social Media | |
| CVE-2026-34896 | 7.5 | 0.02% | 2 | 0 | 2026-04-07T09:31:28 | Cross-Site Request Forgery (CSRF) vulnerability in Analytify Under Construction, | |
| CVE-2026-5465 | 8.8 | 0.05% | 2 | 1 | 2026-04-07T09:31:28 | The Booking for Appointments and Events Calendar – Amelia plugin for WordPress i | |
| CVE-2026-1114 | 9.8 | 0.04% | 4 | 0 | 2026-04-07T09:31:22 | In parisneo/lollms version 2.1.0, the application's session management is vulner | |
| CVE-2025-65115 | 8.8 | 0.07% | 2 | 0 | 2026-04-07T06:30:28 | Remote Code Execution Vulnerability in JP1/IT Desktop Management 2 - Manager on | |
| CVE-2026-5686 | 8.8 | 0.02% | 2 | 0 | 2026-04-07T00:30:28 | A security flaw has been discovered in Tenda CX12L 16.03.53.12. This vulnerabili | |
| CVE-2026-5708 | 8.8 | 0.12% | 2 | 0 | 2026-04-07T00:30:28 | Unsanitized control of user-modifiable attributes in the session creation compon | |
| CVE-2026-5707 | 8.8 | 0.21% | 2 | 0 | 2026-04-07T00:30:28 | Unsanitized input in an OS command in the virtual desktop session name handling | |
| CVE-2026-5685 | 8.8 | 0.05% | 2 | 0 | 2026-04-07T00:30:27 | A vulnerability was identified in Tenda CX12L 16.03.53.12. This affects the func | |
| CVE-2026-5684 | 8.0 | 0.03% | 2 | 0 | 2026-04-07T00:30:27 | A vulnerability was determined in Tenda CX12L 16.03.53.12. Affected by this issu | |
| CVE-2026-35394 | 8.3 | 0.04% | 2 | 0 | 2026-04-06T23:43:56 | ### Summary The `mobile_open_url` tool in mobile-mcp passes user-supplied URLs | |
| CVE-2026-35393 | 9.8 | 0.07% | 6 | 0 | 2026-04-06T23:43:51 | ### Summary * POST multipart upload directory not sanitized | `httpserver/updown | |
| CVE-2026-33540 | 7.5 | 0.03% | 2 | 0 | 2026-04-06T23:42:46 | hi guys, commit: 40594bd98e6d6ed993b5c6021c93fdf96d2e5851 (as-of 2026-01-31) co | |
| CVE-2026-35209 | 7.5 | 0.03% | 2 | 0 | 2026-04-06T23:42:30 | ### Impact Applications that pass unsanitized user input (e.g. parsed JSON requ | |
| CVE-2026-35043 | 7.8 | 0.07% | 2 | 0 | 2026-04-06T23:42:05 | Commit ce53491 (March 24) fixed command injection via `system_packages` in Docke | |
| CVE-2026-35042 | 7.5 | 0.01% | 2 | 0 | 2026-04-06T23:41:50 | ## Summary `fast-jwt` does not validate the `crit` (Critical) Header Parameter | |
| CVE-2026-35039 | 9.1 | 0.02% | 2 | 0 | 2026-04-06T23:41:46 | ## Impact Setting up a custom cacheKeyBuilder method which does not properly cr | |
| CVE-2026-35171 | 9.8 | 0.30% | 4 | 0 | 2026-04-06T23:41:21 | ### Impact This is a **critical Remote Code Execution (RCE)** vulnerability cau | |
| CVE-2026-35036 | 7.5 | 0.03% | 1 | 0 | 2026-04-06T23:41:05 | ### Summary Ech0 implements **link preview** (editor fetches a page title) thro | |
| CVE-2026-34841 | 9.8 | 0.02% | 1 | 0 | 2026-04-06T23:41:04 | ### **Impact** This is a **supply chain attack** involving compromised versions | |
| CVE-2026-33579 | None | 0.02% | 2 | 1 | 2026-04-06T23:39:45 | ## Summary The `/pair approve` command path called device approval without forw | |
| CVE-2026-34976 | 10.0 | 0.03% | 3 | 0 | 2026-04-06T23:26:04 | The `restoreTenant` admin mutation is missing from the authorization middleware | |
| CVE-2026-34950 | 9.1 | 0.02% | 2 | 0 | 2026-04-06T23:25:59 | ### Summary The fix for GHSA-c2ff-88x2-x9pg (CVE-2023-48223) is incomplete. The | |
| CVE-2026-35172 | 7.5 | 0.03% | 2 | 0 | 2026-04-06T23:14:52 | ## summary: distribution can restore read access in `repo a` after an explicit d | |
| CVE-2026-34938 | 10.0 | 0.10% | 1 | 0 | 2026-04-06T22:54:13 | ### Summary `execute_code()` in `praisonai-agents` runs attacker-controlled Pyt | |
| CVE-2026-34934 | 9.8 | 0.05% | 1 | 0 | 2026-04-06T22:53:55 | ## Summary The `get_all_user_threads` function constructs raw SQL queries using | |
| CVE-2025-54328 | 10.0 | 0.06% | 3 | 0 | 2026-04-06T21:31:41 | An issue was discovered in SMS in Samsung Mobile Processor, Wearable Processor, | |
| CVE-2025-57834 | 7.5 | 0.04% | 2 | 0 | 2026-04-06T21:31:41 | An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Mod | |
| CVE-2026-35020 | 8.4 | 0.06% | 2 | 0 | 2026-04-06T21:31:41 | Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection v | |
| CVE-2026-35021 | 7.8 | 0.03% | 2 | 0 | 2026-04-06T21:31:41 | Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection v | |
| CVE-2026-21373 | 7.8 | 0.01% | 1 | 0 | 2026-04-06T18:33:15 | Memory Corruption when accessing an output buffer without validating its size du | |
| CVE-2026-21367 | 7.7 | 0.04% | 1 | 0 | 2026-04-06T18:33:15 | Transient DOS when processing nonstandard FILS Discovery Frames with out-of-rang | |
| CVE-2026-21382 | 7.8 | 0.01% | 2 | 0 | 2026-04-06T18:33:15 | Memory Corruption when handling power management requests with improperly sized | |
| CVE-2026-21378 | 7.8 | 0.01% | 1 | 0 | 2026-04-06T18:33:15 | Memory Corruption when accessing an output buffer without validating its size du | |
| CVE-2026-21375 | 7.8 | 0.01% | 1 | 0 | 2026-04-06T18:33:15 | Memory Corruption when accessing an output buffer without validating its size du | |
| CVE-2026-21381 | 7.7 | 0.04% | 1 | 0 | 2026-04-06T18:33:15 | Transient DOS when receiving a service data frame with excessive length during d | |
| CVE-2026-21374 | 7.8 | 0.01% | 2 | 0 | 2026-04-06T18:33:07 | Memory Corruption when processing auxiliary sensor input/output control commands | |
| CVE-2025-47392 | 8.8 | 0.01% | 1 | 0 | 2026-04-06T18:33:06 | Memory corruption when decoding corrupted satellite data files with invalid sign | |
| CVE-2026-21371 | 7.8 | 0.01% | 1 | 0 | 2026-04-06T18:33:06 | Memory Corruption when retrieving output buffer with insufficient size validatio | |
| CVE-2025-47391 | 7.8 | 0.01% | 1 | 0 | 2026-04-06T18:33:05 | Memory corruption while processing a frame request from user. | |
| CVE-2025-47389 | 7.8 | 0.01% | 1 | 0 | 2026-04-06T18:33:05 | Memory corruption when buffer copy operation fails due to integer overflow durin | |
| CVE-2026-35616 | 9.8 | 5.95% | 29 | 5 | 2026-04-06T18:12:57.863000 | A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through | |
| CVE-2026-34752 | 7.5 | 0.04% | 1 | 0 | 2026-04-06T17:32:42 | ### Summary Sending an email with `__proto__:` as a header name crashes the Har | |
| CVE-2026-28805 | 8.8 | 0.03% | 1 | 0 | 2026-04-06T17:17:51 | ## Description Multiple AJAX select handlers in OpenSTAManager <= 2.10.1 are vu | |
| CVE-2026-5176 | 7.3 | 1.97% | 1 | 0 | 2026-04-06T15:35:31.710000 | A security flaw has been discovered in Totolink A3300R 17.0.0cu.557_b20221024. A | |
| CVE-2026-30078 | 7.5 | 0.06% | 2 | 0 | 2026-04-06T15:31:34 | OpenAirInterface V2.2.0 AMF crashes when it receives an NGAP message with invali | |
| CVE-2026-34885 | 8.5 | 0.03% | 1 | 0 | 2026-04-06T15:31:34 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2026-25773 | 8.1 | 0.01% | 1 | 0 | 2026-04-06T15:08:34 | ** UNSUPPORTED WHEN ASSIGNED ** Focalboard version 8.0 fails to sanitize categor | |
| CVE-2026-5628 | 8.8 | 0.04% | 2 | 0 | 2026-04-06T06:30:35 | A security vulnerability has been detected in Belkin F9K1015 1.00.10. Impacted i | |
| CVE-2026-5614 | 8.8 | 0.04% | 2 | 0 | 2026-04-06T06:30:29 | A security flaw has been discovered in Belkin F9K1015 1.00.10. Impacted is the f | |
| CVE-2026-5612 | 8.8 | 0.04% | 2 | 0 | 2026-04-06T03:30:30 | A vulnerability was determined in Belkin F9K1015 1.00.10. This vulnerability aff | |
| CVE-2026-5609 | 8.8 | 0.05% | 1 | 0 | 2026-04-06T03:30:25 | A flaw has been found in Tenda i12 1.0.0.11(3862). Affected by this vulnerabilit | |
| CVE-2026-5613 | 8.8 | 0.04% | 2 | 0 | 2026-04-06T03:30:20 | A vulnerability was identified in Belkin F9K1015 1.00.10. This issue affects the | |
| CVE-2026-5610 | 8.8 | 0.04% | 2 | 0 | 2026-04-06T03:30:20 | A vulnerability has been found in Belkin F9K1015 1.00.10. Affected by this issue | |
| CVE-2026-5605 | 8.8 | 0.02% | 2 | 0 | 2026-04-06T00:30:31 | A weakness has been identified in Tenda CH22 1.0.0.1. This affects the function | |
| CVE-2026-5604 | 8.8 | 0.05% | 1 | 0 | 2026-04-06T00:30:31 | A security flaw has been discovered in Tenda CH22 1.0.0.1. The impacted element | |
| CVE-2026-4272 | 8.1 | 0.11% | 1 | 0 | 2026-04-06T00:30:31 | Missing Authentication for Critical Function vulnerability in Honeywell Handheld | |
| CVE-2026-5567 | 8.8 | 0.05% | 1 | 0 | 2026-04-05T15:32:03 | A flaw has been found in Tenda M3 1.0.0.10. This vulnerability affects the funct | |
| CVE-2026-5566 | 8.8 | 0.04% | 1 | 0 | 2026-04-05T15:32:03 | A vulnerability was detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. This | |
| CVE-2026-5550 | 8.8 | 0.05% | 2 | 0 | 2026-04-05T09:30:29 | A vulnerability was identified in Tenda AC10 16.03.10.10_multi_TDE01. This affec | |
| CVE-2026-5544 | 8.8 | 0.04% | 2 | 0 | 2026-04-05T06:32:08 | A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-18053 | |
| CVE-2026-2936 | 7.2 | 0.02% | 1 | 0 | 2026-04-04T12:31:04 | The Visitor Traffic Real Time Statistics plugin for WordPress is vulnerable to S | |
| CVE-2026-5425 | 7.2 | 0.06% | 1 | 0 | 2026-04-04T09:30:37 | The Widgets for Social Photo Feed plugin for WordPress is vulnerable to Stored C | |
| CVE-2026-4896 | 8.1 | 0.01% | 1 | 0 | 2026-04-04T09:30:31 | The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Lis | |
| CVE-2026-4634 | 7.5 | 0.07% | 1 | 0 | 2026-04-04T06:00:48 | A flaw was found in Keycloak. An unauthenticated attacker can exploit this vulne | |
| CVE-2026-4636 | 8.1 | 0.03% | 1 | 0 | 2026-04-04T06:00:16 | A flaw was found in Keycloak. An authenticated user with the uma_protection role | |
| CVE-2026-35470 | 8.8 | 0.03% | 4 | 0 | 2026-04-03T21:57:08 | ## Description Six `confronta_righe.php` files across different modules in Open | |
| CVE-2026-25197 | 9.1 | 0.03% | 1 | 1 | 2026-04-03T21:31:49 | A specific endpoint allows authenticated users to pivot to other user profiles b | |
| CVE-2026-34742 | 8.1 | 0.05% | 1 | 0 | 2026-04-03T19:48:25.627000 | The Go MCP SDK used Go's standard encoding/json. Prior to version 1.4.0, the Mod | |
| CVE-2025-43202 | 8.8 | 0.02% | 1 | 0 | 2026-04-03T18:31:17 | This issue was addressed with improved memory handling. This issue is fixed in i | |
| CVE-2026-34453 | 7.5 | 3.47% | 1 | 0 | template | 2026-04-03T16:53:22.330000 | SiYuan is a personal knowledge management system. Prior to version 3.6.2, the pu |
| CVE-2026-31933 | 7.5 | 0.04% | 1 | 0 | 2026-04-03T16:10:52.680000 | Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0. | |
| CVE-2026-31931 | 7.5 | 0.05% | 1 | 0 | 2026-04-03T16:10:52.680000 | Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before vers | |
| CVE-2026-28815 | 7.5 | 0.03% | 1 | 0 | 2026-04-03T16:10:23.730000 | A remote attacker can supply a short X-Wing HPKE encapsulated key and trigger an | |
| CVE-2026-35467 | 7.5 | 0.02% | 1 | 0 | 2026-04-03T15:30:31 | The stored API keys in temporary browser client is not marked as protected allow | |
| CVE-2026-3502 | 7.8 | 1.48% | 1 | 2 | 2026-04-03T11:40:57.390000 | TrueConf Client downloads application update code and applies it without perform | |
| CVE-2026-4350 | 8.1 | 0.10% | 1 | 0 | 2026-04-03T09:30:21 | The Perfmatters plugin for WordPress is vulnerable to arbitrary file deletion vi | |
| CVE-2026-35168 | 8.8 | 0.06% | 1 | 0 | 2026-04-03T03:47:38 | ## Description The Aggiornamenti (Updates) module in OpenSTAManager <= 2.10.1 c | |
| CVE-2026-1668 | 9.8 | 0.37% | 2 | 1 | 2026-04-02T15:32:40 | The web interface on multiple Omada switches does not adequately validate certai | |
| CVE-2026-2701 | 9.1 | 0.19% | 2 | 0 | 2026-04-02T15:31:41 | Authenticated user can upload a malicious file to the server and execute it, whi | |
| CVE-2026-2699 | 9.8 | 0.41% | 2 | 1 | template | 2026-04-02T15:31:40 | Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthentica |
| CVE-2026-5281 | 8.8 | 3.28% | 4 | 2 | 2026-04-01T21:30:28 | Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote | |
| CVE-2026-4747 | 8.8 | 0.18% | 1 | 0 | 2026-04-01T15:23:23.797000 | Each RPCSEC_GSS data packet is validated by a routine which checks a signature i | |
| CVE-2026-34156 | 9.9 | 5.76% | 1 | 2 | template | 2026-04-01T14:24:02.583000 | NocoBase is an AI-powered no-code/low-code platform for building business applic |
| CVE-2026-4020 | 7.5 | 6.02% | 1 | 0 | template | 2026-03-31T03:31:35 | The Gravity SMTP plugin for WordPress is vulnerable to Sensitive Information Exp |
| CVE-2026-4257 | 9.8 | 19.61% | 1 | 0 | template | 2026-03-31T00:31:19 | The Contact Form by Supsystic plugin for WordPress is vulnerable to Server-Side |
| CVE-2026-5105 | 6.3 | 2.16% | 1 | 0 | 2026-03-30T18:32:18 | A vulnerability was detected in Totolink A3300R 17.0.0cu.557_b20221024. The affe | |
| CVE-2026-5103 | 6.3 | 2.16% | 1 | 0 | 2026-03-30T18:31:16 | A weakness has been identified in Totolink A3300R 17.0.0cu.557_b20221024. This i | |
| CVE-2026-5104 | 6.3 | 2.16% | 1 | 0 | 2026-03-30T18:31:16 | A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_b2022 | |
| CVE-2026-5102 | 6.3 | 2.16% | 1 | 0 | 2026-03-30T00:31:08 | A security flaw has been discovered in Totolink A3300R 17.0.0cu.557_b20221024. T | |
| CVE-2026-33744 | 7.8 | 0.01% | 2 | 0 | 2026-03-27T21:37:34 | ## Summary The `docker.system_packages` field in `bentofile.yaml` accepts arbit | |
| CVE-2025-59032 | 7.5 | 0.07% | 1 | 0 | 2026-03-27T09:31:18 | ManageSieve AUTHENTICATE command crashes when using literal as SASL initial resp | |
| CVE-2026-33509 | 7.5 | 0.08% | 2 | 0 | 2026-03-26T20:47:02.337000 | pyLoad is a free and open-source download manager written in Python. From versio | |
| CVE-2025-55182 | 10.0 | 66.27% | 4 | 100 | template | 2025-12-10T02:00:02.557000 | A pre-authentication remote code execution vulnerability exists in React Server |
| CVE-2024-40766 | 9.3 | 3.44% | 1 | 0 | 2025-10-22T00:33:06 | An improper access control vulnerability has been identified in the SonicWall So | |
| CVE-2021-34473 | 9.8 | 94.19% | 1 | 14 | template | 2025-10-22T00:32:19 | Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is uni |
| CVE-2016-2183 | 7.5 | 40.99% | 2 | 1 | 2025-04-12T10:46:40.837000 | The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and | |
| CVE-2026-28797 | 0 | 0.07% | 2 | 0 | N/A | ||
| CVE-2026-34990 | 0 | 0.01% | 2 | 0 | N/A | ||
| CVE-2026-35182 | 0 | 0.03% | 2 | 0 | N/A | ||
| CVE-2026-35203 | 0 | 0.04% | 2 | 0 | N/A | ||
| CVE-2026-35395 | 0 | 0.03% | 2 | 0 | N/A | ||
| CVE-2025-53906 | 0 | 0.02% | 1 | 0 | N/A | ||
| CVE-2026-35050 | 0 | 0.06% | 2 | 0 | N/A | ||
| CVE-2026-35045 | 0 | 0.03% | 2 | 1 | N/A | ||
| CVE-2026-34975 | 0 | 0.03% | 2 | 0 | N/A | ||
| CVE-2026-34148 | 0 | 0.04% | 1 | 0 | N/A | ||
| CVE-2026-34402 | 0 | 0.02% | 1 | 0 | N/A | ||
| CVE-2026-34982 | 0 | 0.02% | 1 | 0 | N/A | ||
| CVE-2026-33510 | 0 | 0.04% | 2 | 0 | N/A | ||
| CVE-2026-26027 | 0 | 0.05% | 2 | 0 | N/A | ||
| CVE-2026-26026 | 0 | 0.04% | 2 | 0 | N/A | ||
| CVE-2025-70951 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-27456 | 0 | 0.01% | 1 | 0 | N/A | ||
| CVE-2026-34612 | 0 | 0.14% | 1 | 0 | N/A | ||
| CVE-2026-31932 | 0 | 0.04% | 1 | 0 | N/A |
updated 2026-04-07T15:31:49
2 posts
🟠 CVE-2026-20432 - High (8)
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges n...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20432/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-20432 - High (8)
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges n...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20432/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-07T15:30:58
4 posts
🔴 CVE-2026-5627 - Critical (9.1)
A path traversal vulnerability exists in mintplex-labs/anything-llm versions up to and including 1.9.1, within the `AgentFlows` component. The vulnerability arises from improper handling of user input in the `loadFlow` and `deleteFlow` methods in ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5627/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CVE-2026-5627: Critical path traversal in mintplex-labs/anything-llm (<=1.9.1). Attackers with high privileges can access/delete sensitive .json files. Upgrade to 1.12.1. https://radar.offseq.com/threat/cve-2026-5627-cwe-29-path-traversal-filename-in-mi-9e476f7c #OffSeq #Vuln #PathTraversal #Security
##🔴 CVE-2026-5627 - Critical (9.1)
A path traversal vulnerability exists in mintplex-labs/anything-llm versions up to and including 1.9.1, within the `AgentFlows` component. The vulnerability arises from improper handling of user input in the `loadFlow` and `deleteFlow` methods in ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5627/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CVE-2026-5627: Critical path traversal in mintplex-labs/anything-llm (<=1.9.1). Attackers with high privileges can access/delete sensitive .json files. Upgrade to 1.12.1. https://radar.offseq.com/threat/cve-2026-5627-cwe-29-path-traversal-filename-in-mi-9e476f7c #OffSeq #Vuln #PathTraversal #Security
##updated 2026-04-07T15:30:58
2 posts
🟠 CVE-2026-23818 - High (8.8)
A vulnerability has been identified in the graphical user interface (GUI) of HPE Aruba Networking Private 5G Core On-Prem that could allow an attacker to abuse an open redirect vulnerability in the login flow using a crafted URL. Successful exploi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23818/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-23818 - High (8.8)
A vulnerability has been identified in the graphical user interface (GUI) of HPE Aruba Networking Private 5G Core On-Prem that could allow an attacker to abuse an open redirect vulnerability in the login flow using a crafted URL. Successful exploi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23818/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-07T15:30:53
2 posts
🔴 CVE-2026-22679 - Critical (9.8)
Weaver (Fanwei) E-cology 10.0 versions prior to 20260312 contain an unauthenticated remote code execution vulnerability in the /papi/esearch/data/devops/dubboApi/debug/method endpoint that allows attackers to execute arbitrary commands by invokin...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22679/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-22679 - Critical (9.8)
Weaver (Fanwei) E-cology 10.0 versions prior to 20260312 contain an unauthenticated remote code execution vulnerability in the /papi/esearch/data/devops/dubboApi/debug/method endpoint that allows attackers to execute arbitrary commands by invokin...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22679/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-07T15:30:49
2 posts
🟠 CVE-2026-34197 - High (8.8)
Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ.
Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The d...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34197/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34197 - High (8.8)
Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ.
Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The d...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34197/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-07T15:30:48
2 posts
🟠 CVE-2026-20433 - High (8.8)
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges n...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20433/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-20433 - High (8.8)
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges n...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20433/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-07T15:17:47.140000
2 posts
🟠 CVE-2026-5373 - High (8.1)
An issue that allowed all-organization administrators to promote accounts to superuser status has been resolved. This is an instance of CWE-269: Improper Privilege Management, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5373/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-5373 - High (8.1)
An issue that allowed all-organization administrators to promote accounts to superuser status has been resolved. This is an instance of CWE-269: Improper Privilege Management, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5373/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-07T15:17:46.797000
2 posts
🟠 CVE-2026-4740 - High (8.2)
A flaw was found in Open Cluster Management (OCM), the technology underlying Red Hat Advanced Cluster Management (ACM). Improper validation of Kubernetes client certificate renewal allows a managed cluster administrator to forge a client certifica...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4740/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4740 - High (8.2)
A flaw was found in Open Cluster Management (OCM), the technology underlying Red Hat Advanced Cluster Management (ACM). Improper validation of Kubernetes client certificate renewal allows a managed cluster administrator to forge a client certifica...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4740/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-07T15:17:45.677000
2 posts
🟠 CVE-2026-35485 - High (7.5)
text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load_grammar() allows reading any file on the server filesystem with no extension restriction...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35485/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-35485 - High (7.5)
text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load_grammar() allows reading any file on the server filesystem with no extension restriction...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35485/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-07T15:17:44.523000
2 posts
🟠 CVE-2026-35464 - High (7.5)
pyLoad is a free and open-source download manager written in Python. The fix for CVE-2026-33509 added an ADMIN_ONLY_OPTIONS set to block non-admin users from modifying security-critical config options. The storage_folder option is not in this set ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35464/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-35464 - High (7.5)
pyLoad is a free and open-source download manager written in Python. The fix for CVE-2026-33509 added an ADMIN_ONLY_OPTIONS set to block non-admin users from modifying security-critical config options. The storage_folder option is not in this set ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35464/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-07T15:17:44.363000
2 posts
🟠 CVE-2026-35463 - High (8.8)
pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, the ADMIN_ONLY_OPTIONS protection mechanism restricts security-critical configuration values (reconnect scripts, SSL certs, proxy credentials) to ad...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35463/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-35463 - High (8.8)
pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, the ADMIN_ONLY_OPTIONS protection mechanism restricts security-critical configuration values (reconnect scripts, SSL certs, proxy credentials) to ad...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35463/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-07T15:17:43.587000
2 posts
🟠 CVE-2026-35457 - High (8.2)
libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to 0.17.1, the rendezvous server stores pagination cookies without bounds. An unauthenticated peer can repeatedly issue DISCOVER requests and force unbo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35457/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-35457 - High (8.2)
libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to 0.17.1, the rendezvous server stores pagination cookies without bounds. An unauthenticated peer can repeatedly issue DISCOVER requests and force unbo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35457/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-07T15:17:43.367000
2 posts
🟠 CVE-2026-35405 - High (7.5)
libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to 0.17.1, libp2p-rendezvous server has no limit on how many namespaces a single peer can register. A malicious peer can just keep registering unique n...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35405/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-35405 - High (7.5)
libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to 0.17.1, libp2p-rendezvous server has no limit on how many namespaces a single peer can register. A malicious peer can just keep registering unique n...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35405/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-07T15:17:42.940000
2 posts
🟠 CVE-2026-35187 - High (7.7)
pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, the parse_urls API function in src/pyload/core/api/__init__.py fetches arbitrary URLs server-side via get_url(url) (pycurl) without any URL validati...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35187/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-35187 - High (7.7)
pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, the parse_urls API function in src/pyload/core/api/__init__.py fetches arbitrary URLs server-side via get_url(url) (pycurl) without any URL validati...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35187/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-07T15:17:42.303000
2 posts
🟠 CVE-2026-35164 - High (8.8)
Brave CMS is an open-source CMS. Prior to 2.0.6, an unrestricted file upload vulnerability exists in the CKEditor upload functionality. It is found in app/Http/Controllers/Dashboard/CkEditorController.php within the ckupload method. The method fai...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35164/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-35164 - High (8.8)
Brave CMS is an open-source CMS. Prior to 2.0.6, an unrestricted file upload vulnerability exists in the CKEditor upload functionality. It is found in app/Http/Controllers/Dashboard/CkEditorController.php within the ckupload method. The method fai...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35164/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-07T15:17:40.383000
1 posts
🟠 CVE-2026-34783 - High (8.1)
Ferret is a declarative system for working with web data. Prior to 2.0.0-alpha.4, a path traversal vulnerability in Ferret's IO::FS::WRITE standard library function allows a malicious website to write arbitrary files to the filesystem of the machi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34783/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-07T15:17:37.213000
2 posts
🟠 CVE-2026-24660 - High (8.1)
A heap-based buffer overflow vulnerability exists in the x3f_load_huffman functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulne...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24660/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-24660 - High (8.1)
A heap-based buffer overflow vulnerability exists in the x3f_load_huffman functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulne...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24660/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-07T15:17:37.040000
2 posts
🟠 CVE-2026-24450 - High (8.1)
An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24450/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-24450 - High (8.1)
An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24450/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-07T14:20:08
2 posts
🟠 CVE-2026-35409 - High (7.7)
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.0, a Server-Side Request Forgery (SSRF) protection bypass has been identified and fixed in Directus. The IP address validation mechanism used to block ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35409/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-35409 - High (7.7)
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.0, a Server-Side Request Forgery (SSRF) protection bypass has been identified and fixed in Directus. The IP address validation mechanism used to block ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35409/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-07T14:19:50
2 posts
🟠 CVE-2026-35408 - High (8.7)
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus's Single Sign-On (SSO) login pages lacked a Cross-Origin-Opener-Policy (COOP) HTTP response header. Without this header, a malicious cross-...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35408/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-35408 - High (8.7)
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus's Single Sign-On (SSO) login pages lacked a Cross-Origin-Opener-Policy (COOP) HTTP response header. Without this header, a malicious cross-...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35408/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-07T13:20:55.200000
1 posts
1 repos
updated 2026-04-07T13:20:55.200000
1 posts
🔴 CVE-2026-32186 - Critical (9.8)
Microsoft Bing Elevation of Privilege Vulnerability
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32186/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-07T13:20:55.200000
1 posts
🚨 HIGH severity: CVE-2026-3445 in ProfilePress plugin lets subscriber-level users bypass paid memberships via missing authorization in process_checkout(). No patch yet. Restrict privileges & monitor activity. Details: https://radar.offseq.com/threat/cve-2026-3445-cwe-862-missing-authorization-in-pro-38b78a54 #OffSeq #WordPress #Vuln
##updated 2026-04-07T13:20:55.200000
2 posts
CVE-2026-1233 (HIGH): The Text to Speech for WP plugin (<=1.9.8) exposes hardcoded MySQL creds, risking unauthorized write access to telemetry DB. No patch yet — disable or restrict access. https://radar.offseq.com/threat/cve-2026-1233-cwe-798-use-of-hard-coded-credential-6c6e620c #OffSeq #WordPress #InfoSec #CVE
##🟠 CVE-2026-1233 - High (7.5)
The Text to Speech for WP (AI Voices by Mementor) plugin for WordPress is vulnerable to sensitive information exposure in all versions up to, and including, 1.9.8. This is due to the plugin containing hardcoded MySQL database credentials for the v...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1233/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-07T13:20:55.200000
2 posts
🟠 CVE-2026-3666 - High (8.8)
The wpForo Forum plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 2.4.16. This is due to a missing file name/path validation against path traversal sequences. This makes it possible for authentica...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3666/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##wpForo Forum plugin for WordPress (up to 2.4.16) has a HIGH severity path traversal vuln (CVE-2026-3666) 🛡️. Authenticated users can delete server files. No patch yet — restrict permissions & watch for suspicious deletions. More: https://radar.offseq.com/threat/cve-2026-3666-cwe-22-improper-limitation-of-a-path-8b05d9d8 #OffSeq #WordPress #Infosec
##updated 2026-04-07T13:20:55.200000
1 posts
⚠️ CRITICAL: PraisonAI (v4.5.15 - <4.5.69) vulnerable to OS command injection via - -mcp, allowing arbitrary OS commands (CVE-2026-34935). Patch to 4.5.69+ now! https://radar.offseq.com/threat/cve-2026-34935-cwe-78-improper-neutralization-of-s-aa91a94a #OffSeq #CVE202634935 #PraisonAI #infosec
##updated 2026-04-07T13:20:35.010000
1 posts
🟠 CVE-2025-47390 - High (7.8)
Memory corruption while preprocessing IOCTL request in JPEG driver.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-47390/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-07T13:20:35.010000
1 posts
🟠 CVE-2026-21372 - High (7.8)
Memory Corruption when sending IOCTL requests with invalid buffer sizes during memcpy operations.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21372/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-07T13:20:35.010000
2 posts
🟠 CVE-2026-21376 - High (7.8)
Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21376/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21376 - High (7.8)
Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21376/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-07T13:20:35.010000
1 posts
🟠 CVE-2026-21380 - High (7.8)
Memory Corruption when using deprecated DMABUF IOCTL calls to manage video memory.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21380/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-07T13:20:35.010000
1 posts
🟠 CVE-2026-26263 - High (8.1)
GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated time-based blind SQL injection exists in GLPI's Search engine. This vulnerability is fixed in 11.0.6.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26263/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-07T13:20:35.010000
1 posts
🟠 CVE-2026-3524 - High (8.8)
Mattermost Plugin Legal Hold versions <=1.1.4 fail to halt request processing after a failed authorization check in ServeHTTP which allows an authenticated attacker to access, create, download, and delete legal hold data via crafted API request...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3524/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-07T13:20:35.010000
2 posts
⚠️ CVE-2026-5629: High-severity stack buffer overflow in Belkin F9K1015 (v1.00.10). Remote exploit possible — public code out, no patch yet. Restrict device access & monitor vendor updates. https://radar.offseq.com/threat/cve-2026-5629-stack-based-buffer-overflow-in-belki-abbd3417 #OffSeq #Vulnerability #RouterSecurity #Belkin
##🟠 CVE-2026-5629 - High (8.8)
A vulnerability was detected in Belkin F9K1015 1.00.10. The affected element is the function formSetFirewall of the file /goform/formSetFirewall. The manipulation of the argument webpage results in stack-based buffer overflow. The attack can be ex...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5629/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-07T13:20:35.010000
1 posts
🟠 CVE-2026-5611 - High (8.8)
A vulnerability was found in Belkin F9K1015 1.00.10. This affects the function formCrossBandSwitch of the file /goform/formCrossBandSwitch. Performing a manipulation of the argument webpage results in stack-based buffer overflow. The attack can be...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5611/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-07T13:20:35.010000
2 posts
⚠️ HIGH severity: CVE-2026-5608 in Belkin F9K1122 v1.00.33 enables remote buffer overflow via the /goform/formWlanSetup endpoint. Exploit code is public; no patch from vendor. Restrict remote mgmt access now. https://radar.offseq.com/threat/cve-2026-5608-stack-based-buffer-overflow-in-belki-c4d65888 #OffSeq #Belkin #Vuln
##🟠 CVE-2026-5608 - High (8.8)
A vulnerability was detected in Belkin F9K1122 1.00.33. Affected is the function formWlanSetup of the file /goform/formWlanSetup. The manipulation of the argument webpage results in stack-based buffer overflow. The attack may be performed from rem...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5608/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-07T13:20:35.010000
1 posts
⚠️ MEDIUM risk: CVE-2026-5558 allows SQL injection in PHPGurukul Online Shopping Portal (v2.0, 2.1) via /pending-orders.php. Exploit is public. Review your instances & restrict access if needed. Details: https://radar.offseq.com/threat/cve-2026-5558-sql-injection-in-phpgurukul-phpguruk-e94dae7f #OffSeq #SQLInjection #PHP #Vuln
##updated 2026-04-07T13:20:35.010000
1 posts
🟠 CVE-2026-5548 - High (8.8)
A vulnerability was found in Tenda AC10 16.03.10.10_multi_TDE01. Affected by this vulnerability is the function fromSysToolChangePwd of the file /bin/httpd. Performing a manipulation of the argument sys.userpass results in stack-based buffer overf...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5548/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-07T13:20:11.643000
2 posts
⚠️ CRITICAL: Stored XSS in ci4-cms-erp ci4ms (<31.0.0.0) lets attackers inject JS via profile names, risking user sessions. Fixed in 31.0.0.0. Patch now! CVE-2026-34989 https://radar.offseq.com/threat/cve-2026-34989-cwe-79-improper-neutralization-of-i-bdfd6b20 #OffSeq #XSS #WebSecurity #CVE202634989
##⚠️ CRITICAL: Stored XSS in ci4-cms-erp ci4ms (<31.0.0.0) lets attackers inject JS via profile names, risking user sessions. Fixed in 31.0.0.0. Patch now! CVE-2026-34989 https://radar.offseq.com/threat/cve-2026-34989-cwe-79-improper-neutralization-of-i-bdfd6b20 #OffSeq #XSS #WebSecurity #CVE202634989
##updated 2026-04-07T13:20:11.643000
6 posts
🚨 CRITICAL: goshs (<2.0.0-beta.3) vulnerable to path traversal (CVE-2026-35471). Remote attackers can access/delete files outside restricted dirs. Patch with 2.0.0-beta.3 ASAP! https://radar.offseq.com/threat/cve-2026-35471-cwe-22-improper-limitation-of-a-pat-515b5296 #OffSeq #infosec #golang #CVE202635471
##🔴 CVE-2026-35471 - Critical (9.8)
goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, tdeleteFile() missing return after path traversal check. This vulnerability is fixed in 2.0.0-beta.3.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35471/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔔 CRITICAL: CVE-2026-35471 in patrickhener goshs (<2.0.0-beta.3) allows path traversal via tdeleteFile(), enabling attackers to access or delete files outside the intended directory. Upgrade to 2.0.0-beta.3 ASAP! https://radar.offseq.com/threat/cve-2026-35471-cwe-22-improper-limitation-of-a-pat-515b5296 #OffSeq #CVE202635471 #GoLang #PathTraversal
##🚨 CRITICAL: goshs (<2.0.0-beta.3) vulnerable to path traversal (CVE-2026-35471). Remote attackers can access/delete files outside restricted dirs. Patch with 2.0.0-beta.3 ASAP! https://radar.offseq.com/threat/cve-2026-35471-cwe-22-improper-limitation-of-a-pat-515b5296 #OffSeq #infosec #golang #CVE202635471
##🔴 CVE-2026-35471 - Critical (9.8)
goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, tdeleteFile() missing return after path traversal check. This vulnerability is fixed in 2.0.0-beta.3.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35471/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔔 CRITICAL: CVE-2026-35471 in patrickhener goshs (<2.0.0-beta.3) allows path traversal via tdeleteFile(), enabling attackers to access or delete files outside the intended directory. Upgrade to 2.0.0-beta.3 ASAP! https://radar.offseq.com/threat/cve-2026-35471-cwe-22-improper-limitation-of-a-pat-515b5296 #OffSeq #CVE202635471 #GoLang #PathTraversal
##updated 2026-04-07T13:20:11.643000
2 posts
🟠 CVE-2026-35044 - High (8.8)
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.38, the Dockerfile generation function generate_containerfile() in src/bentoml/_internal/container/generate.py uses an unsandbo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35044/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-35044 - High (8.8)
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.38, the Dockerfile generation function generate_containerfile() in src/bentoml/_internal/container/generate.py uses an unsandbo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35044/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-07T13:20:11.643000
4 posts
🚨 CRITICAL: CVE-2026-0740 in Ninja Forms - File Uploads (≤3.3.26) lets unauthenticated attackers upload arbitrary files, enabling RCE. Patch to 3.3.27+ now! https://radar.offseq.com/threat/cve-2026-0740-cwe-434-unrestricted-upload-of-file--9ec11832 #OffSeq #WordPress #Vuln #BlueTeam
##🔴 CVE-2026-0740 - Critical (9.8)
The Ninja Forms - File Uploads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'NF_FU_AJAX_Controllers_Uploads::handle_upload' function in all versions up to, and including, 3.3.26. This make...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0740/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CRITICAL: CVE-2026-0740 in Ninja Forms - File Uploads (≤3.3.26) lets unauthenticated attackers upload arbitrary files, enabling RCE. Patch to 3.3.27+ now! https://radar.offseq.com/threat/cve-2026-0740-cwe-434-unrestricted-upload-of-file--9ec11832 #OffSeq #WordPress #Vuln #BlueTeam
##🔴 CVE-2026-0740 - Critical (9.8)
The Ninja Forms - File Uploads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'NF_FU_AJAX_Controllers_Uploads::handle_upload' function in all versions up to, and including, 3.3.26. This make...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0740/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-07T13:20:11.643000
4 posts
🔴 CVE-2026-35022 - Critical (9.8)
Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in authentication helper execution where helper configuration values are executed using shell=true without input validation. Attackers who can influence a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35022/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CRITICAL: Anthropic Claude Code CLI & Agent SDK vulnerable to OS command injection (CVE-2026-35022, CVSS 9.3). Attackers can exploit auth helpers for arbitrary command execution. Vendor patch is server-side — confirm update. https://radar.offseq.com/threat/cve-2026-35022-cwe-78-improper-neutralization-of-s-9ed949c7 #OffSeq #CVE #CloudSecurity
##🔴 CVE-2026-35022 - Critical (9.8)
Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in authentication helper execution where helper configuration values are executed using shell=true without input validation. Attackers who can influence a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35022/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CRITICAL: Anthropic Claude Code CLI & Agent SDK vulnerable to OS command injection (CVE-2026-35022, CVSS 9.3). Attackers can exploit auth helpers for arbitrary command execution. Vendor patch is server-side — confirm update. https://radar.offseq.com/threat/cve-2026-35022-cwe-78-improper-neutralization-of-s-9ed949c7 #OffSeq #CVE #CloudSecurity
##updated 2026-04-07T13:20:11.643000
4 posts
🔴 CVE-2026-35392 - Critical (9.8)
goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, PUT upload in httpserver/updown.go has no path sanitization. This vulnerability is fixed in 2.0.0-beta.3.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35392/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CVE-2026-35392: goshs < 2.0.0-beta.3 has a CRITICAL path traversal flaw (CVSS 9.8). Remote attackers can write files anywhere on the server. Upgrade to 2.0.0-beta.3+ ASAP! https://radar.offseq.com/threat/cve-2026-35392-cwe-22-improper-limitation-of-a-pat-4b67dff2 #OffSeq #Infosec #GoLang #Vulnerability
##🔴 CVE-2026-35392 - Critical (9.8)
goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, PUT upload in httpserver/updown.go has no path sanitization. This vulnerability is fixed in 2.0.0-beta.3.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35392/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CVE-2026-35392: goshs < 2.0.0-beta.3 has a CRITICAL path traversal flaw (CVSS 9.8). Remote attackers can write files anywhere on the server. Upgrade to 2.0.0-beta.3+ ASAP! https://radar.offseq.com/threat/cve-2026-35392-cwe-22-improper-limitation-of-a-pat-4b67dff2 #OffSeq #Infosec #GoLang #Vulnerability
##updated 2026-04-07T13:20:11.643000
2 posts
🟠 CVE-2026-35442 - High (8.1)
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, aggregate functions (min, max) applied to fields with the conceal special type incorrectly return raw database values instead of the masked placehol...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35442/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-35442 - High (8.1)
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, aggregate functions (min, max) applied to fields with the conceal special type incorrectly return raw database values instead of the masked placehol...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35442/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-07T13:20:11.643000
2 posts
🟠 CVE-2026-5709 - High (8.8)
Unsanitized input in the FileBrowser API in AWS Research and Engineering Studio (RES) version 2024.10 through 2025.12.01 might allow a remote authenticated actor to execute arbitrary commands on the cluster-manager EC2 instance via crafted input w...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5709/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-5709 - High (8.8)
Unsanitized input in the FileBrowser API in AWS Research and Engineering Studio (RES) version 2024.10 through 2025.12.01 might allow a remote authenticated actor to execute arbitrary commands on the cluster-manager EC2 instance via crafted input w...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5709/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-07T13:20:11.643000
2 posts
🟠 CVE-2026-5687 - High (8.8)
A weakness has been identified in Tenda CX12L 16.03.53.12. This issue affects the function fromNatStaticSetting of the file /goform/NatStaticSetting. This manipulation of the argument page causes stack-based buffer overflow. The attack may be init...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5687/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-5687 - High (8.8)
A weakness has been identified in Tenda CX12L 16.03.53.12. This issue affects the function fromNatStaticSetting of the file /goform/NatStaticSetting. This manipulation of the argument page causes stack-based buffer overflow. The attack may be init...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5687/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-07T13:20:11.643000
2 posts
🔴 CVE-2026-35174 - Critical (9.1)
Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, a path traversal vulnerability exists in the administration console that allows an administrator or a user with Change Settings permission to change the uploads path to any fold...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35174/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-35174 - Critical (9.1)
Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, a path traversal vulnerability exists in the administration console that allows an administrator or a user with Change Settings permission to change the uploads path to any fold...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35174/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-07T13:20:11.643000
1 posts
🟠 CVE-2026-34986 - High (7.5)
Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. Prior to 4.1.4 and 3.0.5, dec...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34986/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-07T13:20:11.643000
1 posts
🔴 CVE-2026-34208 - Critical (10)
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, SandboxJS blocks direct assignment to global objects (for example Math.random = ...), but this protection can be bypassed through an exposed callable constructor path: this.constructor...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34208/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-07T13:20:11.643000
1 posts
1 repos
🟠 CVE-2026-33752 - High (8.6)
curl_cffi is the a Python binding for curl. Prior to 0.15.0, curl_cffi does not restrict requests to internal IP ranges, and follows redirects automatically via the underlying libcurl. Because of this, an attacker-controlled URL can redirect reque...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33752/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-07T12:31:21
2 posts
🟠 CVE-2026-31842 - High (7.5)
Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive comparison of the Transfer-Encoding header in src/reqs.c. The is_chunked_transfer() function uses strcmp() to compare the header value against...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31842/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-31842 - High (7.5)
Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive comparison of the Transfer-Encoding header in src/reqs.c. The is_chunked_transfer() function uses strcmp() to compare the header value against...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31842/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-07T09:31:28
2 posts
🟠 CVE-2026-34904 - High (7.5)
Cross-Site Request Forgery (CSRF) vulnerability in Analytify Simple Social Media Share Buttons allows Cross Site Request Forgery.This issue affects Simple Social Media Share Buttons: from n/a through 6.2.0.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34904/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34904 - High (7.5)
Cross-Site Request Forgery (CSRF) vulnerability in Analytify Simple Social Media Share Buttons allows Cross Site Request Forgery.This issue affects Simple Social Media Share Buttons: from n/a through 6.2.0.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34904/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-07T09:31:28
2 posts
🟠 CVE-2026-34896 - High (7.5)
Cross-Site Request Forgery (CSRF) vulnerability in Analytify Under Construction, Coming Soon & Maintenance Mode allows Cross Site Request Forgery.This issue affects Under Construction, Coming Soon & Maintenance Mode: from n/a through 2.1.1.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34896/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34896 - High (7.5)
Cross-Site Request Forgery (CSRF) vulnerability in Analytify Under Construction, Coming Soon & Maintenance Mode allows Cross Site Request Forgery.This issue affects Under Construction, Coming Soon & Maintenance Mode: from n/a through 2.1.1.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34896/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-07T09:31:28
2 posts
1 repos
🟠 CVE-2026-5465 - High (8.8)
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.3. This is due to the `UpdateProviderCommandHandler` failing to validate c...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5465/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-5465 - High (8.8)
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.3. This is due to the `UpdateProviderCommandHandler` failing to validate c...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5465/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-07T09:31:22
4 posts
🔴 CVE-2026-1114 - Critical (9.8)
In parisneo/lollms version 2.1.0, the application's session management is vulnerable to improper access control due to the use of a weak secret key for signing JSON Web Tokens (JWT). This vulnerability allows an attacker to perform an offline brut...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1114/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CRITICAL: CVE-2026-1114 in parisneo/lollms v2.1.0 — weak JWT secret lets attackers brute-force, forge admin tokens & escalate privileges. Patch to v2.2.0 now! https://radar.offseq.com/threat/cve-2026-1114-cwe-284-improper-access-control-in-p-40f6ba09 #OffSeq #CVE20261114 #AppSec #infosec
##🔴 CVE-2026-1114 - Critical (9.8)
In parisneo/lollms version 2.1.0, the application's session management is vulnerable to improper access control due to the use of a weak secret key for signing JSON Web Tokens (JWT). This vulnerability allows an attacker to perform an offline brut...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1114/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CRITICAL: CVE-2026-1114 in parisneo/lollms v2.1.0 — weak JWT secret lets attackers brute-force, forge admin tokens & escalate privileges. Patch to v2.2.0 now! https://radar.offseq.com/threat/cve-2026-1114-cwe-284-improper-access-control-in-p-40f6ba09 #OffSeq #CVE20261114 #AppSec #infosec
##updated 2026-04-07T06:30:28
2 posts
🟠 CVE-2025-65115 - High (8.8)
Remote Code Execution Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Managemen...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-65115/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-65115 - High (8.8)
Remote Code Execution Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Managemen...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-65115/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-07T00:30:28
2 posts
🟠 CVE-2026-5686 - High (8.8)
A security flaw has been discovered in Tenda CX12L 16.03.53.12. This vulnerability affects the function fromRouteStatic of the file /goform/RouteStatic. The manipulation of the argument page results in stack-based buffer overflow. The attack can b...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5686/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-5686 - High (8.8)
A security flaw has been discovered in Tenda CX12L 16.03.53.12. This vulnerability affects the function fromRouteStatic of the file /goform/RouteStatic. The manipulation of the argument page results in stack-based buffer overflow. The attack can b...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5686/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-07T00:30:28
2 posts
🟠 CVE-2026-5708 - High (8.8)
Unsanitized control of user-modifiable attributes in the session creation component in AWS Research and Engineering Studio (RES) prior to version 2026.03 could allow an authenticated remote user to escalate privileges, assume the virtual desktop h...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5708/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-5708 - High (8.8)
Unsanitized control of user-modifiable attributes in the session creation component in AWS Research and Engineering Studio (RES) prior to version 2026.03 could allow an authenticated remote user to escalate privileges, assume the virtual desktop h...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5708/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-07T00:30:28
2 posts
🟠 CVE-2026-5707 - High (8.8)
Unsanitized input in an OS command in the virtual desktop session name handling in AWS Research and Engineering Studio (RES) version 2025.03 through 2025.12.01 might allow a remote authenticated actor to execute arbitrary commands as root on the...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5707/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-5707 - High (8.8)
Unsanitized input in an OS command in the virtual desktop session name handling in AWS Research and Engineering Studio (RES) version 2025.03 through 2025.12.01 might allow a remote authenticated actor to execute arbitrary commands as root on the...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5707/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-07T00:30:27
2 posts
🟠 CVE-2026-5685 - High (8.8)
A vulnerability was identified in Tenda CX12L 16.03.53.12. This affects the function fromAddressNat of the file /goform/addressNat. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be initiated remotely. T...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5685/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-5685 - High (8.8)
A vulnerability was identified in Tenda CX12L 16.03.53.12. This affects the function fromAddressNat of the file /goform/addressNat. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be initiated remotely. T...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5685/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-07T00:30:27
2 posts
🟠 CVE-2026-5684 - High (8)
A vulnerability was determined in Tenda CX12L 16.03.53.12. Affected by this issue is the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. Executing a manipulation of the argument page can lead to stack-based buffer overf...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5684/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-5684 - High (8)
A vulnerability was determined in Tenda CX12L 16.03.53.12. Affected by this issue is the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. Executing a manipulation of the argument page can lead to stack-based buffer overf...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5684/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-06T23:43:56
2 posts
🟠 CVE-2026-35394 - High (8.3)
Mobile Next is an MCP server for mobile development and automation. Prior to 0.0.50, the mobile_open_url tool in mobile-mcp passes user-supplied URLs directly to Android's intent system without any scheme validation, allowing execution of arbitrar...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35394/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-35394 - High (8.3)
Mobile Next is an MCP server for mobile development and automation. Prior to 0.0.50, the mobile_open_url tool in mobile-mcp passes user-supplied URLs directly to Android's intent system without any scheme validation, allowing execution of arbitrar...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35394/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-06T23:43:51
6 posts
🚨 CRITICAL: CVE-2026-35393 in goshs (<2.0.0-beta.3) allows unauthenticated path traversal via POST uploads. Remote attackers can write files anywhere on disk. Upgrade to 2.0.0-beta.3 now! https://radar.offseq.com/threat/cve-2026-35393-cwe-22-improper-limitation-of-a-pat-b57d1ba3 #OffSeq #Infosec #Vulnerability
##🔴 CVE-2026-35393 - Critical (9.8)
goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, the POST multipart upload directory not sanitized. This vulnerability is fixed in 2.0.0-beta.3.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35393/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CVE-2026-35393: Critical path traversal in goshs (<2.0.0-beta.3). Remote attackers can write files anywhere via unsanitized POST uploads. Upgrade to 2.0.0-beta.3 now! https://radar.offseq.com/threat/cve-2026-35393-cwe-22-improper-limitation-of-a-pat-b57d1ba3 #OffSeq #Vulnerability #GoLang #Infosec
##🚨 CRITICAL: CVE-2026-35393 in goshs (<2.0.0-beta.3) allows unauthenticated path traversal via POST uploads. Remote attackers can write files anywhere on disk. Upgrade to 2.0.0-beta.3 now! https://radar.offseq.com/threat/cve-2026-35393-cwe-22-improper-limitation-of-a-pat-b57d1ba3 #OffSeq #Infosec #Vulnerability
##🔴 CVE-2026-35393 - Critical (9.8)
goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, the POST multipart upload directory not sanitized. This vulnerability is fixed in 2.0.0-beta.3.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35393/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CVE-2026-35393: Critical path traversal in goshs (<2.0.0-beta.3). Remote attackers can write files anywhere via unsanitized POST uploads. Upgrade to 2.0.0-beta.3 now! https://radar.offseq.com/threat/cve-2026-35393-cwe-22-improper-limitation-of-a-pat-b57d1ba3 #OffSeq #Vulnerability #GoLang #Infosec
##updated 2026-04-06T23:42:46
2 posts
🟠 CVE-2026-33540 - High (7.5)
Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, in pull-through cache mode, distribution discovers token auth endpoints by parsing WWW-Authenticate challenges returned by the configured upstream regis...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33540/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33540 - High (7.5)
Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, in pull-through cache mode, distribution discovers token auth endpoints by parsing WWW-Authenticate challenges returned by the configured upstream regis...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33540/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-06T23:42:30
2 posts
🟠 CVE-2026-35209 - High (7.5)
defu is software that allows uers to assign default properties recursively. Prior to version 6.1.5, applications that pass unsanitized user input (e.g. parsed JSON request bodies, database records, or config files from untrusted sources) as the fi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35209/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-35209 - High (7.5)
defu is software that allows uers to assign default properties recursively. Prior to version 6.1.5, applications that pass unsanitized user input (e.g. parsed JSON request bodies, database records, or config files from untrusted sources) as the fi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35209/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-06T23:42:05
2 posts
🟠 CVE-2026-35043 - High (7.8)
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.38, the cloud deployment path in src/bentoml/_internal/cloud/deployment.py was not included in the fix for CVE-2026-33744. Line...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35043/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-35043 - High (7.8)
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.38, the cloud deployment path in src/bentoml/_internal/cloud/deployment.py was not included in the fix for CVE-2026-33744. Line...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35043/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-06T23:41:50
2 posts
🟠 CVE-2026-35042 - High (7.5)
fast-jwt provides fast JSON Web Token (JWT) implementation. In 6.1.0 and earlier, fast-jwt does not validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that fast-jwt...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35042/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-35042 - High (7.5)
fast-jwt provides fast JSON Web Token (JWT) implementation. In 6.1.0 and earlier, fast-jwt does not validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that fast-jwt...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35042/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-06T23:41:46
2 posts
🔴 CVE-2026-35039 - Critical (9.1)
fast-jwt provides fast JSON Web Token (JWT) implementation. From 0.0.1 to before 6.1.0, setting up a custom cacheKeyBuilder method which does not properly create unique keys for different tokens can lead to cache collisions. This could cause token...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35039/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-35039 - Critical (9.1)
fast-jwt provides fast JSON Web Token (JWT) implementation. From 0.0.1 to before 6.1.0, setting up a custom cacheKeyBuilder method which does not properly create unique keys for different tokens can lead to cache collisions. This could cause token...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35039/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-06T23:41:21
4 posts
🔴 CVE-2026-35171 - Critical (9.8)
Kedro is a toolbox for production-ready data science. Prior to 1.3.0, Kedro allows the logging configuration file path to be set via the KEDRO_LOGGING_CONFIG environment variable and loads it without validation. The logging configuration schema su...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35171/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-35171 - Critical (9.8)
Kedro is a toolbox for production-ready data science. Prior to 1.3.0, Kedro allows the logging configuration file path to be set via the KEDRO_LOGGING_CONFIG environment variable and loads it without validation. The logging configuration schema su...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35171/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-35171 - Critical (9.8)
Kedro is a toolbox for production-ready data science. Prior to 1.3.0, Kedro allows the logging configuration file path to be set via the KEDRO_LOGGING_CONFIG environment variable and loads it without validation. The logging configuration schema su...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35171/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-35171 - Critical (9.8)
Kedro is a toolbox for production-ready data science. Prior to 1.3.0, Kedro allows the logging configuration file path to be set via the KEDRO_LOGGING_CONFIG environment variable and loads it without validation. The logging configuration schema su...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35171/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-06T23:41:05
1 posts
🟠 CVE-2026-35036 - High (7.5)
Ech0 is an open-source, self-hosted publishing platform for personal idea sharing. Prior to 4.2.8, Ech0 implements link preview (editor fetches a page title) through GET /api/website/title. That is legitimate product behavior, but the implementati...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35036/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-06T23:41:04
1 posts
🔴 CVE-2026-34841 - Critical (9.8)
Bruno is an open source IDE for exploring and testing APIs. Prior to 3.2.1, Bruno was affected by a supply chain attack involving compromised versions of the axios npm package, which introduced a hidden dependency deploying a cross-platform Remote...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34841/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-06T23:39:45
2 posts
1 repos
OpenClaw also got a terrifying privilege escalation vulnerability https://nvd.nist.gov/vuln/detail/CVE-2026-33579
Meanwhile the OpenClaw founder is claiming shush, it's no big deal, probably most of these aren't really exploitable! (There's good business interest reasons to argue that, since OpenClaw's founders got acquired by OpenAI) https://news.ycombinator.com/item?id=47629849
Okay. I know I have more than a few security researchers following me. There's a public list of literally hundreds of thousands of publicly accessible OpenClaw instances right here: https://openclaw.allegro.earth/
Anyone try taking a sampling of them and testing how vulnerable against recent escalation CVEs they are? Could be a rather juicy writeup!
##OpenClaw privilege escalation vulnerability
https://nvd.nist.gov/vuln/detail/CVE-2026-33579
Discussion: https://news.ycombinator.com/item?id=47628608
updated 2026-04-06T23:26:04
3 posts
Critical Authentication Bypass in Dgraph Database Allows Remote Takeover
Dgraph disclosed a critical authentication bypass vulnerability (CVE-2026-34976) in its administrative API that allows unauthenticated attackers to overwrite databases and read sensitive server files.
**If you are using Dgraph, this is urgent. Immediately make sure that public access to Dgraph's administration port 8080 is blocked, and add restoreTenant to adminMutationMWConfig: "restoreTenant": gogMutMWs.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-authentication-bypass-in-dgraph-database-allows-remote-takeover-a-s-2-r-4/gD2P6Ple2L
Critical Authentication Bypass in Dgraph Database Allows Remote Takeover
Dgraph disclosed a critical authentication bypass vulnerability (CVE-2026-34976) in its administrative API that allows unauthenticated attackers to overwrite databases and read sensitive server files.
**If you are using Dgraph, this is urgent. Immediately make sure that public access to Dgraph's administration port 8080 is blocked, and add restoreTenant to adminMutationMWConfig: "restoreTenant": gogMutMWs.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-authentication-bypass-in-dgraph-database-allows-remote-takeover-a-s-2-r-4/gD2P6Ple2L
🔴 CVE-2026-34976 - Critical (10)
Dgraph is an open source distributed GraphQL database. Prior to 25.3.1, the restoreTenant admin mutation is missing from the authorization middleware config (admin.go), making it completely unauthenticated. Unlike the similar restore mutation whic...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34976/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-06T23:25:59
2 posts
🔴 CVE-2026-34950 - Critical (9.1)
fast-jwt provides fast JSON Web Token (JWT) implementation. In 6.1.0 and earlier, the publicKeyPemMatcher regex in fast-jwt/src/crypto.js uses a ^ anchor that is defeated by any leading whitespace in the key string, re-enabling the exact same JWT ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34950/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-34950 - Critical (9.1)
fast-jwt provides fast JSON Web Token (JWT) implementation. In 6.1.0 and earlier, the publicKeyPemMatcher regex in fast-jwt/src/crypto.js uses a ^ anchor that is defeated by any leading whitespace in the key string, re-enabling the exact same JWT ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34950/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-06T23:14:52
2 posts
🟠 CVE-2026-35172 - High (7.5)
Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, distribution can restore read access in repo a after an explicit delete when storage.cache.blobdescriptor: redis and storage.delete.enabled: true are bo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35172/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-35172 - High (7.5)
Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, distribution can restore read access in repo a after an explicit delete when storage.cache.blobdescriptor: redis and storage.delete.enabled: true are bo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35172/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-06T22:54:13
1 posts
🚨 CRITICAL: CVE-2026-34938 in PraisonAI <1.5.90 lets attackers bypass sandbox protections and achieve arbitrary OS command execution. Immediate upgrade to v1.5.90+ required. Full system compromise possible. https://radar.offseq.com/threat/cve-2026-34938-cwe-693-protection-mechanism-failur-01ac669c #OffSeq #CVE202634938 #infosec #PraisonAI
##updated 2026-04-06T22:53:55
1 posts
🚨 CVE-2026-34934: PraisonAI <4.5.90 affected by CRITICAL SQL injection (CVSS 9.8). Unauthenticated attackers can gain full DB access via unsanitized thread IDs. Upgrade to 4.5.90+ ASAP. Details: https://radar.offseq.com/threat/cve-2026-34934-cwe-89-improper-neutralization-of-s-2e7eac46 #OffSeq #infosec #SQLInjection #PraisonAI
##updated 2026-04-06T21:31:41
3 posts
🔴 New security advisory:
CVE-2025-54328 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2025-54328-samsung-exynos-sms-buffer-overflow
🔴 CVE-2025-54328 - Critical (10)
An issue was discovered in SMS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. A Stack-ba...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-54328/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-54328 - Critical (10)
An issue was discovered in SMS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. A Stack-ba...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-54328/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-06T21:31:41
2 posts
🟠 CVE-2025-57834 - High (7.5)
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem (Exynos 980, 850, 990, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 1680, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400, and Modem 5410...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-57834/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-57834 - High (7.5)
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem (Exynos 980, 850, 990, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 1680, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400, and Modem 5410...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-57834/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-06T21:31:41
2 posts
🟠 CVE-2026-35020 - High (8.4)
Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the command lookup helper and deep-link terminal launcher that allows local attackers to execute arbitrary commands by manipulating the TERMINAL enviro...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35020/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-35020 - High (8.4)
Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the command lookup helper and deep-link terminal launcher that allows local attackers to execute arbitrary commands by manipulating the TERMINAL enviro...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35020/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-06T21:31:41
2 posts
🟠 CVE-2026-35021 - High (7.8)
Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the prompt editor invocation utility that allows attackers to execute arbitrary commands by crafting malicious file paths. Attackers can inject shell m...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35021/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-35021 - High (7.8)
Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the prompt editor invocation utility that allows attackers to execute arbitrary commands by crafting malicious file paths. Attackers can inject shell m...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35021/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-06T18:33:15
1 posts
🟠 CVE-2026-21373 - High (7.8)
Memory Corruption when accessing an output buffer without validating its size during IOCTL processing.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21373/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-06T18:33:15
1 posts
🟠 CVE-2026-21367 - High (7.6)
Transient DOS when processing nonstandard FILS Discovery Frames with out-of-range action sizes during initial scans.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21367/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-06T18:33:15
2 posts
🟠 CVE-2026-21382 - High (7.8)
Memory Corruption when handling power management requests with improperly sized input/output buffers.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21382/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21382 - High (7.8)
Memory Corruption when handling power management requests with improperly sized input/output buffers.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21382/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-06T18:33:15
1 posts
🟠 CVE-2026-21378 - High (7.8)
Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21378/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-06T18:33:15
1 posts
🟠 CVE-2026-21375 - High (7.8)
Memory Corruption when accessing an output buffer without validating its size during IOCTL processing.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21375/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-06T18:33:15
1 posts
🟠 CVE-2026-21381 - High (7.6)
Transient DOS when receiving a service data frame with excessive length during device matching over a neighborhood awareness network protocol connection.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21381/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-06T18:33:07
2 posts
🟠 CVE-2026-21374 - High (7.8)
Memory Corruption when processing auxiliary sensor input/output control commands with insufficient buffer size validation.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21374/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21374 - High (7.8)
Memory Corruption when processing auxiliary sensor input/output control commands with insufficient buffer size validation.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21374/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-06T18:33:06
1 posts
🟠 CVE-2025-47392 - High (8.8)
Memory corruption when decoding corrupted satellite data files with invalid signature offsets.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-47392/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-06T18:33:06
1 posts
🟠 CVE-2026-21371 - High (7.8)
Memory Corruption when retrieving output buffer with insufficient size validation.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21371/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-06T18:33:05
1 posts
🟠 CVE-2025-47391 - High (7.8)
Memory corruption while processing a frame request from user.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-47391/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-06T18:33:05
1 posts
🟠 CVE-2025-47389 - High (7.8)
Memory corruption when buffer copy operation fails due to integer overflow during attestation report generation.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-47389/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-06T18:12:57.863000
29 posts
5 repos
https://github.com/z3r0h3ro/CVE-2026-35616-poc
https://github.com/0xBlackash/CVE-2026-35616
https://github.com/fevar54/forticlient_ems_cve_2026_35616_poc.py
CVE-2026-35616: Fortinet Releases Hotfix for Critical Exploited Vulnerability in FortiClient EMS
#CVE_2026_35616
https://arcticwolf.com/resources/blog/cve-2026-35616/
Geopolitical tensions rise as Trump issues a Strait of Hormuz ultimatum amidst Middle East oil disruptions (Apr 7). In cybersecurity, North Korea's UNC4736 is linked to a $285M crypto heist (Apr 6), and a critical Fortinet zero-day (CVE-2026-35616) is under active exploitation (Apr 6-7). Technology advances with Fortrea launching AI-enhanced clinical trial solutions (Apr 7).
##The authentication bypass flaw, tracked as CVE-2026-35616, is the latest in a series of Fortinet vulnerabilities that have been exploited in the wild. https://www.darkreading.com/vulnerabilities-threats/fortinet-emergency-patch-forticlient-zero-day
##📢 CVE-2026-35616 : faille critique FortiClient EMS exploitée activement en zero-day
📝 ## 🗓️ Contexte
Source : BleepingComputer — publié le 5 avril 2026.
📖 cyberveille : https://cyberveille.ch/posts/2026-04-07-cve-2026-35616-faille-critique-forticlient-ems-exploitee-activement-en-zero-day/
🌐 source : https://www.bleepingcomputer.com/news/security/new-fortinet-forticlient-ems-flaw-cve-2026-35616-exploited-in-attacks/
#CVE_2026_21643 #CVE_2026_35616 #Cyberveille
CVE-2026-35616 : déjà exploitée, cette faille Fortinet a été patchée en urgence ! https://www.it-connect.fr/cve-2026-35616-deja-exploitee-cette-faille-fortinet-a-ete-patchee-en-urgence/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Fortinet
##Fortinet customers confront actively exploited zero-day, with a full patch still pending https://cyberscoop.com/fortinet-forticlient-ems-zero-day-cve-2026-35616-hotfix-known-exploited/
##"Fortinet on April 4 released a hotfix for a critical 9.8 bug in FortiClient EMS 7.4.5 and 7.4.6, saying that it had observed exploitation in the wild.
The API access bypass flaw – tracked as CVE-2026-35616 – was first reported to Fortinet by DefusedCyber, which posted on X about the bug early Saturday morning."
https://www.scworld.com/news/fortinet-issues-easter-weekend-hotfix-for-forticlient-ems
##🖲️ #Cybersecurity #Ciberseguridad #Ciberseguranca #Security #Seguridad #Seguranca #News #Noticia #Noticias #Tecnologia #Technology
⚫ Fortinet Issues Emergency Patch for FortiClient Zero-Day
🔗 https://www.darkreading.com/vulnerabilities-threats/fortinet-emergency-patch-forticlient-zero-day
The authentication bypass flaw, tracked as CVE-2026-35616, is the latest in a series of Fortinet vulnerabilities that have been exploited in the wild.
##Geopolitical tensions are escalating in the Middle East, impacting global oil markets. A critical zero-day vulnerability in FortiClient EMS (CVE-2026-35616) is under active exploitation, with a hotfix released. DPRK-linked hackers are leveraging GitHub for command-and-control in South Korea-targeted attacks. AI continues to influence tech job reductions while also expanding the cyberattack surface. Japanese companies are forming a new organization to bolster cybersecurity cooperation.
##🚨 [CISA-2026:0406] CISA Adds One Known Exploited Vulnerability to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0406)
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2026-35616 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-35616)
- Name: Fortinet FortiClient EMS Improper Access Control Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Fortinet
- Product: FortiClient EMS
- Notes: Please adhere to Fortinet's guidelines to assess exposure and mitigate risks. Check for signs of potential compromise on all internet accessible Fortinet products affected by this vulnerability. Apply any final mitigations provided by the vendor as soon as they become available. For more information please see: https://fortiguard.fortinet.com/psirt/FG-IR-26-099 ; https://nvd.nist.gov/vuln/detail/CVE-2026-35616
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260406 #cisa20260406 #cve_2026_35616 #cve202635616
##CVE-2026-35616: Fortinet Releases Hotfix for Critical Exploited Vulnerability in FortiClient EMS
#CVE_2026_35616
https://arcticwolf.com/resources/blog/cve-2026-35616/
Geopolitical tensions rise as Trump issues a Strait of Hormuz ultimatum amidst Middle East oil disruptions (Apr 7). In cybersecurity, North Korea's UNC4736 is linked to a $285M crypto heist (Apr 6), and a critical Fortinet zero-day (CVE-2026-35616) is under active exploitation (Apr 6-7). Technology advances with Fortrea launching AI-enhanced clinical trial solutions (Apr 7).
##The authentication bypass flaw, tracked as CVE-2026-35616, is the latest in a series of Fortinet vulnerabilities that have been exploited in the wild. https://www.darkreading.com/vulnerabilities-threats/fortinet-emergency-patch-forticlient-zero-day
##CVE-2026-35616 : déjà exploitée, cette faille Fortinet a été patchée en urgence ! https://www.it-connect.fr/cve-2026-35616-deja-exploitee-cette-faille-fortinet-a-ete-patchee-en-urgence/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Fortinet
##Fortinet customers confront actively exploited zero-day, with a full patch still pending https://cyberscoop.com/fortinet-forticlient-ems-zero-day-cve-2026-35616-hotfix-known-exploited/
##"Fortinet on April 4 released a hotfix for a critical 9.8 bug in FortiClient EMS 7.4.5 and 7.4.6, saying that it had observed exploitation in the wild.
The API access bypass flaw – tracked as CVE-2026-35616 – was first reported to Fortinet by DefusedCyber, which posted on X about the bug early Saturday morning."
https://www.scworld.com/news/fortinet-issues-easter-weekend-hotfix-for-forticlient-ems
##Geopolitical tensions are escalating in the Middle East, impacting global oil markets. A critical zero-day vulnerability in FortiClient EMS (CVE-2026-35616) is under active exploitation, with a hotfix released. DPRK-linked hackers are leveraging GitHub for command-and-control in South Korea-targeted attacks. AI continues to influence tech job reductions while also expanding the cyberattack surface. Japanese companies are forming a new organization to bolster cybersecurity cooperation.
##🚨 [CISA-2026:0406] CISA Adds One Known Exploited Vulnerability to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0406)
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2026-35616 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-35616)
- Name: Fortinet FortiClient EMS Improper Access Control Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Fortinet
- Product: FortiClient EMS
- Notes: Please adhere to Fortinet's guidelines to assess exposure and mitigate risks. Check for signs of potential compromise on all internet accessible Fortinet products affected by this vulnerability. Apply any final mitigations provided by the vendor as soon as they become available. For more information please see: https://fortiguard.fortinet.com/psirt/FG-IR-26-099 ; https://nvd.nist.gov/vuln/detail/CVE-2026-35616
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260406 #cisa20260406 #cve_2026_35616 #cve202635616
##New #FortiClient #EMS flaw exploited in attacks, emergency patch released
##The latest Fortinet vulnerability has been added to the KEV catalogue.
CVE-2026-35616: Fortinet FortiClient EMS Improper Access Control Vulnerabilityhttps://www.cve.org/CVERecord?id=CVE-2026-35616 #CISA #Fortinet #infosec #vulnerability
##CVE ID: CVE-2026-35616
Vendor: Fortinet
Product: FortiClient EMS
Date Added: 2026-04-06
Notes: Please adhere to Fortinet's guidelines to assess exposure and mitigate risks. Check for signs of potential compromise on all internet accessible Fortinet products affected by this vulnerability. Apply any final mitigations provided by the vendor as soon as they become available. For more information please see: https://fortiguard.fortinet.com/psirt/FG-IR-26-099 ; https://nvd.nist.gov/vuln/detail/CVE-2026-35616
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-35616
US President Trump issued an ultimatum to Iran: reopen the Strait of Hormuz by Tuesday or face strikes, intensifying Middle East tensions and driving up oil prices. NVIDIA unveiled new GPU compression technology, while a Chinese chipmaker claims a 300% performance lead over Nvidia's flagship GPU. In cybersecurity, Fortinet patched an actively exploited critical flaw (CVE-2026-35616) in FortiClient EMS. April has seen a surge in ransomware, including the Marquis fintech attack exposing 672,000 records.
##US-Iran geopolitical tensions escalate with downed aircraft and President Trump's threats. (Apr 5, 2026) On technology, Microsoft announced a ¥1.6 trillion investment in Japan for AI infrastructure and cybersecurity. (Apr 4, 2026) In cybersecurity, a critical Fortinet EMS zero-day (CVE-2026-35616) is actively exploited, and the EU Commission confirmed a 300GB data breach from a Trivy supply chain attack. (Apr 4, 2026)
##Fortinet Issues Emergency Hotfix for Actively Exploited FortiClient EMS Zero-Day
Fortinet has released emergency hotfix for an actively exploited critical zero-day vulnerability (CVE-2026-35616) in FortiClient EMS that allows unauthenticated attackers to bypass API security and run arbitrary commands.
**If you use FortiClient EMS versions 7.4.5 or 7.4.6, apply Fortinet's emergency hotfix ASAP. It's being actively exploited andcan give attackers full control of your endpoint management server. While you're at it, check your EMS API logs for any signs of unauthorized access or unusual command execution that might indicate you've already been compromised.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/fortinet-issues-emergency-hotfix-for-actively-exploited-forticlient-ems-zero-day-p-2-q-w-2/gD2P6Ple2L
Recent global developments on April 4, 2026:
Geopolitical: Trump challenges NATO's future over "Operation Epic Fury" participation; US-Iran conflict ongoing, Planet Labs withholds satellite images.
Technology: AI breakthroughs include Google DeepMind's Alpha Green for code optimization & OpenAI's GPT-6 on smartphones. Green compute initiatives accelerate.
Cybersecurity: Fortinet zero-day (CVE-2026-35616) exploited; EC suffers Trivy supply chain breach. New polymorphic malware & AI-generated bot threats emerge.
Fortinet CVE-2026-35616 Actively Exploited - Decipher
https://decipher.sc/2026/04/04/fortinet-cve-2026-35616-actively-exploited/
Read on HackerWorkspace: https://hackerworkspace.com/article/fortinet-cve-2026-35616-actively-exploited-decipher
##Geopolitical tensions escalate as the Iran War continues, leading to the functional closure of the Strait of Hormuz, severely impacting global energy markets. In cybersecurity, the European Commission confirmed a 300GB data breach on April 4, 2026, stemming from a Trivy supply chain attack. Additionally, critical RCE flaws in Progress ShareFile were reported on April 3, 2026, and an actively exploited FortiClient EMS zero-day (CVE-2026-35616) necessitated urgent hotfixes on April 4, 2026.
##FortiYikes at it again..
🔐 CVE-2026-35616
📊 CVSS: 9.1 · Critical
📅 04/04/2026, 05:31 AM
🛡️ CWE: CWE-284
📦 Affected: Fortinet FortiClientEMS (>= 7.4.5, <= 7.4.6)
📚 https://fortiguard.fortinet.com/psirt/FG-IR-26-099 https://nvd.nist.gov/vuln/detail/CVE-2026-35616
🚨 Forticlient EMS Zero Day disclosed minutes ago actively being exploited in the wild as being report by @DefusedCyber & @fortinet
I've created a vulnerability detection script to check for vulnerable instances:
https://github.com/rxerium/rxerium-templates/blob/main/2026/CVE-2026-35616.yaml
Fortinet recommends that you install hotfixes for EMS 7.4.5 / 7.4.6 as per their advisory:
https://www.fortiguard.com/psirt/FG-IR-26-099
updated 2026-04-06T17:32:42
1 posts
🟠 CVE-2026-34752 - High (7.5)
Haraka is a Node.js mail server. Prior to version 3.1.4, sending an email with __proto__: as a header name crashes the Haraka worker process. This issue has been patched in version 3.1.4.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34752/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-06T17:17:51
1 posts
🟠 CVE-2026-28805 - High (8.8)
OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.10.2, multiple AJAX select handlers in OpenSTAManager are vulnerable to Time-Based Blind SQL Injection through the options[stato] GET p...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28805/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-06T15:35:31.710000
1 posts
📈 CVE Published in last 7 days (2026-03-30 - 2026-04-06)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1282
Severity:
- Critical: 134
- High: 375
- Medium: 561
- Low: 63
- None: 149
Status:
- : 54
- Analyzed: 257
- Awaiting Analysis: 410
- Modified: 9
- Received: 265
- Rejected: 7
- Undergoing Analysis: 280
Top CNAs:
- GitHub, Inc.: 374
- VulDB: 165
- VulnCheck: 147
- MITRE: 109
- kernel.org: 91
- N/A: 54
- Wordfence: 43
- Chrome: 21
- IBM Corporation: 17
- Cisco Systems, Inc.: 16
Top Affected Products:
- UNKNOWN: 933
- Endian Firewall: 30
- Openclaw: 24
- Google Chrome: 21
- Seppmail Secure Email Gateway: 14
- Apple Macos: 13
- Wwbn Avideo: 13
- Ahsanriaz26gmailcom Sales And Inventory System: 11
- Xenforo: 10
- Parseplatform Parse-server: 9
Top EPSS Score:
- CVE-2026-4257 - 15.83 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4257)
- CVE-2026-34156 - 5.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34156)
- CVE-2026-4020 - 4.49 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4020)
- CVE-2026-5281 - 3.03 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5281)
- CVE-2026-5176 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5176)
- CVE-2026-34453 - 2.67 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34453)
- CVE-2026-5102 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5102)
- CVE-2026-5103 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5103)
- CVE-2026-5104 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5104)
- CVE-2026-5105 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5105)
updated 2026-04-06T15:31:34
2 posts
🟠 CVE-2026-30078 - High (7.5)
OpenAirInterface V2.2.0 AMF crashes when it receives an NGAP message with invalid procedure code or invalid PDU-type. For example when the message specification requires InitiatingMessage but sent with successfulOutcome.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30078/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-30078 - High (7.5)
OpenAirInterface V2.2.0 AMF crashes when it receives an NGAP message with invalid procedure code or invalid PDU-type. For example when the message specification requires InitiatingMessage but sent with successfulOutcome.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30078/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-06T15:31:34
1 posts
🟠 CVE-2026-34885 - High (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Lingren Media LIbrary Assistant allows SQL Injection.This issue affects Media LIbrary Assistant: from n/a through 3.34.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34885/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-06T15:08:34
1 posts
🟠 CVE-2026-25773 - High (8.1)
** UNSUPPORTED WHEN ASSIGNED ** Focalboard version 8.0 fails to sanitize category IDs before incorporating them into dynamic SQL statements when reordering categories. An attacker can inject a malicious SQL payload into the category id field, whic...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25773/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-06T06:30:35
2 posts
📢 CVE-2026-5628: HIGH severity stack buffer overflow in Belkin F9K1015 (v1.00.10). Remotely exploitable — no patch yet. Restrict mgmt access & disable remote mgmt until fixed. Info: https://radar.offseq.com/threat/cve-2026-5628-stack-based-buffer-overflow-in-belki-732548e5 #OffSeq #Vuln #IoT #Belkin
##🟠 CVE-2026-5628 - High (8.8)
A security vulnerability has been detected in Belkin F9K1015 1.00.10. Impacted is the function formSetSystemSettings of the file /goform/formSetSystemSettings of the component Setting Handler. The manipulation of the argument webpage leads to stac...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5628/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-06T06:30:29
2 posts
🔒 HIGH-severity stack buffer overflow in Belkin F9K1015 (v1.00.10) — CVE-2026-5614. Public exploit, no patch, vendor silent. Disable remote access, restrict device exposure. Stay vigilant! https://radar.offseq.com/threat/cve-2026-5614-stack-based-buffer-overflow-in-belki-4bd2dba3 #OffSeq #Infosec #Vuln #IoTSecurity
##🟠 CVE-2026-5614 - High (8.8)
A security flaw has been discovered in Belkin F9K1015 1.00.10. Impacted is the function formSetPassword of the file /goform/formSetPassword. The manipulation of the argument webpage results in stack-based buffer overflow. The attack may be launche...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5614/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-06T03:30:30
2 posts
⚠️ HIGH severity: Stack buffer overflow in Belkin F9K1015 v1.00.10 (/goform/formWlEncrypt, CVE-2026-5612). Remote code exec/DoS possible. No vendor patch. Restrict remote access & monitor advisories. https://radar.offseq.com/threat/cve-2026-5612-stack-based-buffer-overflow-in-belki-c7735710 #OffSeq #Vulnerability #RouterSecurity #CVE20265612
##🟠 CVE-2026-5612 - High (8.8)
A vulnerability was determined in Belkin F9K1015 1.00.10. This vulnerability affects the function formWlEncrypt of the file /goform/formWlEncrypt. Executing a manipulation of the argument webpage can lead to stack-based buffer overflow. The attack...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5612/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-06T03:30:25
1 posts
🟠 CVE-2026-5609 - High (8.8)
A flaw has been found in Tenda i12 1.0.0.11(3862). Affected by this vulnerability is the function formwrlSSIDset of the file /goform/wifiSSIDset of the component Parameter Handler. This manipulation of the argument index/wl_radio causes stack-base...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5609/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-06T03:30:20
2 posts
🔔 CVE-2026-5613: HIGH severity stack-based buffer overflow in Belkin F9K1015 v1.00.10. Remote code execution or DoS possible. No patch; exploit public. Restrict mgmt interface, disable remote mgmt. https://radar.offseq.com/threat/cve-2026-5613-stack-based-buffer-overflow-in-belki-4e7d7f43 #OffSeq #Infosec #IoT #Vuln
##🟠 CVE-2026-5613 - High (8.8)
A vulnerability was identified in Belkin F9K1015 1.00.10. This issue affects the function formReboot of the file /goform/formReboot. The manipulation of the argument webpage leads to stack-based buffer overflow. The attack may be initiated remotel...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5613/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-06T03:30:20
2 posts
⚠️ HIGH severity: Belkin F9K1015 (v1.00.10) stack buffer overflow (CVE-2026-5610) in /goform/formWISP5G. Remotely exploitable, no patch yet. Restrict device exposure & monitor for anomalies. More at https://radar.offseq.com/threat/cve-2026-5610-stack-based-buffer-overflow-in-belki-eb86f832 #OffSeq #Vulnerability #Security
##🟠 CVE-2026-5610 - High (8.8)
A vulnerability has been found in Belkin F9K1015 1.00.10. Affected by this issue is the function formWISP5G of the file /goform/formWISP5G. Such manipulation of the argument webpage leads to stack-based buffer overflow. It is possible to launch th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5610/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-06T00:30:31
2 posts
🟠 CVE-2026-5605 - High (8.8)
A weakness has been identified in Tenda CH22 1.0.0.1. This affects the function formWrlExtraSet of the file /goform/WrlExtraSet. Executing a manipulation of the argument GO can lead to stack-based buffer overflow. The attack can be executed remote...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5605/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 HIGH severity: CVE-2026-5605 in Tenda CH22 v1.0.0.1 — stack-based buffer overflow in /goform/WrlExtraSet. No patch yet. Restrict remote access & monitor for threats. Details: https://radar.offseq.com/threat/cve-2026-5605-stack-based-buffer-overflow-in-tenda-5175b382 #OffSeq #Vulnerability #IoTSecurity
##updated 2026-04-06T00:30:31
1 posts
🟠 CVE-2026-5604 - High (8.8)
A security flaw has been discovered in Tenda CH22 1.0.0.1. The impacted element is the function formCertLocalPrecreate of the file /goform/CertLocalPrecreate of the component Parameter Handler. Performing a manipulation of the argument standard re...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5604/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-06T00:30:31
1 posts
🟠 CVE-2026-4272 - High (8.1)
Missing Authentication for Critical Function vulnerability in Honeywell Handheld Scanners allows Authentication Abuse.This issue affects Handheld Scanners: from C1 Base(Ingenic x1000) before GK000432BAA, from D1 Base(Ingenic x1600) before HE000085...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4272/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-05T15:32:03
1 posts
🟠 CVE-2026-5567 - High (8.8)
A flaw has been found in Tenda M3 1.0.0.10. This vulnerability affects the function setAdvPolicyData of the file /goform/setAdvPolicyData of the component Destination Handler. Executing a manipulation of the argument policyType can lead to buffer ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5567/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-05T15:32:03
1 posts
🟠 CVE-2026-5566 - High (8.8)
A vulnerability was detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. This affects the function strcpy of the file /goform/formNatStaticMap. Performing a manipulation of the argument NatBind results in buffer overflow. Remote exploitation of...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5566/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-05T09:30:29
2 posts
🔎 HIGH severity: Tenda AC10 (v16.03.10.10_multi_TDE01) has a stack buffer overflow (CVE-2026-5550) in /bin/httpd. Remote code execution possible. No patch yet — restrict remote mgmt & monitor closely. https://radar.offseq.com/threat/cve-2026-5550-stack-based-buffer-overflow-in-tenda-a47995aa #OffSeq #infosec #CVE2026_5550
##🟠 CVE-2026-5550 - High (8.8)
A vulnerability was identified in Tenda AC10 16.03.10.10_multi_TDE01. This affects the function fromSysToolChangePwd of the file /bin/httpd. The manipulation leads to stack-based buffer overflow. The attack may be initiated remotely. Multiple endp...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5550/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-05T06:32:08
2 posts
🟠 CVE-2026-5544 - High (8.8)
A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. The impacted element is an unknown function of the file /goform/formRemoteControl. The manipulation of the argument Profile results in stack-based buffer overflow. ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5544/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔎 CVE-2026-5544: HIGH severity stack overflow in UTT HiPER 1250GW (≤ v3.2.7-210907-180535). Remote, no auth needed. Public exploit code available — restrict network access & monitor vendor alerts. https://radar.offseq.com/threat/cve-2026-5544-stack-based-buffer-overflow-in-utt-h-45d31ae5 #OffSeq #Vulnerability #CyberSecurity #UTT
##updated 2026-04-04T12:31:04
1 posts
⚠️ HIGH severity XSS (CVE-2026-2936) in Visitor Traffic Real Time Statistics WP plugin ≤8.4. Unauth attackers can inject persistent scripts via 'page_title', executed by admins. No patch yet — restrict access or disable plugin. https://radar.offseq.com/threat/cve-2026-2936-cwe-79-improper-neutralization-of-in-422ba84b #OffSeq #WordPress #XSS
##updated 2026-04-04T09:30:37
1 posts
⚠️ HIGH severity: Stored XSS (CVE-2026-5425) in trustindex Widgets for Social Photo Feed (≤1.7.9) allows unauthenticated attackers to inject malicious scripts via 'feed_data'. No patch yet — disable plugin. Details: https://radar.offseq.com/threat/cve-2026-5425-cwe-79-improper-neutralization-of-in-1c7aa2af #OffSeq #WordPress #XSS #Vuln
##updated 2026-04-04T09:30:31
1 posts
🟠 CVE-2026-4896 - High (8.1)
The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.25 via multiple AJAX actions includ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4896/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-04T06:00:48
1 posts
🟠 CVE-2026-4634 - High (7.5)
A flaw was found in Keycloak. An unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with an excessively long scope parameter to the OpenID Connect (OIDC) token endpoint. This leads to high resource ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4634/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-04T06:00:16
1 posts
🟠 CVE-2026-4636 - High (8.1)
A flaw was found in Keycloak. An authenticated user with the uma_protection role can bypass User-Managed Access (UMA) policy validation. This allows the attacker to include resource identifiers owned by other users in a policy creation request, ev...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4636/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T21:57:08
4 posts
🟠 CVE-2026-35470 - High (8.8)
OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to 2.10.2, confronta_righe.php files across different modules in OpenSTAManager contain an SQL Injection vulnerability. The righe parameter received...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35470/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-35470 - High (8.8)
OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to 2.10.2, confronta_righe.php files across different modules in OpenSTAManager contain an SQL Injection vulnerability. The righe parameter received...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35470/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-35470 - High (8.8)
OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to 2.10.2, confronta_righe.php files across different modules in OpenSTAManager contain an SQL Injection vulnerability. The righe parameter received...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35470/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-35470 - High (8.8)
OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to 2.10.2, confronta_righe.php files across different modules in OpenSTAManager contain an SQL Injection vulnerability. The righe parameter received...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35470/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T21:31:49
1 posts
1 repos
🚨 CVE-2026-25197 (CRITICAL): Gardyn Cloud API lets authenticated users access other profiles by tweaking ID in API calls (CWE-639). No patch yet — restrict access & monitor for abuse. Details: https://radar.offseq.com/threat/cve-2026-25197-cwe-639-in-gardyn-cloud-api-0887f9ef #OffSeq #APIsecurity #CVE202625197
##updated 2026-04-03T19:48:25.627000
1 posts
🟠 CVE-2026-34742 - High (8.1)
The Go MCP SDK used Go's standard encoding/json. Prior to version 1.4.0, the Model Context Protocol (MCP) Go SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34742/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T18:31:17
1 posts
🟠 CVE-2025-43202 - High (8.8)
This issue was addressed with improved memory handling. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6. Processing a file may lead to memory corruption.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-43202/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T16:53:22.330000
1 posts
📈 CVE Published in last 7 days (2026-03-30 - 2026-04-06)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1282
Severity:
- Critical: 134
- High: 375
- Medium: 561
- Low: 63
- None: 149
Status:
- : 54
- Analyzed: 257
- Awaiting Analysis: 410
- Modified: 9
- Received: 265
- Rejected: 7
- Undergoing Analysis: 280
Top CNAs:
- GitHub, Inc.: 374
- VulDB: 165
- VulnCheck: 147
- MITRE: 109
- kernel.org: 91
- N/A: 54
- Wordfence: 43
- Chrome: 21
- IBM Corporation: 17
- Cisco Systems, Inc.: 16
Top Affected Products:
- UNKNOWN: 933
- Endian Firewall: 30
- Openclaw: 24
- Google Chrome: 21
- Seppmail Secure Email Gateway: 14
- Apple Macos: 13
- Wwbn Avideo: 13
- Ahsanriaz26gmailcom Sales And Inventory System: 11
- Xenforo: 10
- Parseplatform Parse-server: 9
Top EPSS Score:
- CVE-2026-4257 - 15.83 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4257)
- CVE-2026-34156 - 5.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34156)
- CVE-2026-4020 - 4.49 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4020)
- CVE-2026-5281 - 3.03 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5281)
- CVE-2026-5176 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5176)
- CVE-2026-34453 - 2.67 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34453)
- CVE-2026-5102 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5102)
- CVE-2026-5103 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5103)
- CVE-2026-5104 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5104)
- CVE-2026-5105 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5105)
updated 2026-04-03T16:10:52.680000
1 posts
🟠 CVE-2026-31933 - High (7.5)
Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, specially crafted traffic can cause Suricata to slow down, affecting performance in IDS mode. This issue has been patched in versions 7.0.15 and 8.0.4.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31933/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T16:10:52.680000
1 posts
🟠 CVE-2026-31931 - High (7.5)
Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, use of the "tls.alpn" rule keyword can cause Suricata to crash with a NULL dereference. This issue has been patched in version 8.0.4.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31931/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T16:10:23.730000
1 posts
🟠 CVE-2026-28815 - High (7.5)
A remote attacker can supply a short X-Wing HPKE encapsulated key and trigger an out-of-bounds read in the C decapsulation path, potentially causing a crash or memory disclosure depending on runtime protections. This issue is fixed in swift-crypto...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28815/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T15:30:31
1 posts
🟠 CVE-2026-35467 - High (7.5)
The stored API keys in temporary browser client is not marked as protected allowing for JavScript console or other errors to allow for extraction of the encryption credentials.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35467/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T11:40:57.390000
1 posts
2 repos
https://github.com/fevar54/CVE-2026-3502-Scanner---TrueConf-Vulnerability-Detection-Tool
https://github.com/fevar54/CVE-2026-3502---TrueConf-Client-Update-Hijacking-PoC
📢 Exploitation active de CVE-2026-3502 dans TrueConf par des acteurs chinois ciblant l'Asie du Sud-Est
📝 ## 🗓️ Contexte
Source : The Record Media, publié le 3 avril 2026.
📖 cyberveille : https://cyberveille.ch/posts/2026-04-07-exploitation-active-de-cve-2026-3502-dans-trueconf-par-des-acteurs-chinois-ciblant-l-asie-du-sud-est/
🌐 source : https://therecord.media/trueconf-cyberattack-cisa-hackers
#CVE_2026_3502 #Chinese_state_sponsored_actors #Cyberveille
updated 2026-04-03T09:30:21
1 posts
🟠 CVE-2026-4350 - High (8.1)
The Perfmatters plugin for WordPress is vulnerable to arbitrary file deletion via path traversal in all versions up to, and including, 2.5.9.1. This is due to the `PMCS::action_handler()` method processing the `$_GET['delete']` parameter without a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4350/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T03:47:38
1 posts
🟠 CVE-2026-35168 - High (8.8)
OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.10.2, the Aggiornamenti (Updates) module in OpenSTAManager contains a database conflict resolution feature (op=risolvi-conflitti-databa...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35168/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-02T15:32:40
2 posts
1 repos
Getting root on on TP-Link Smart Switches using CVE-2026-1668 https://lobste.rs/s/kgbtwo #networking #reversing #security
https://blog.tangrs.id.au/2026/04/06/exploiting-cve-2026-1668-part-3/
Getting root on on TP-Link Smart Switches using CVE-2026-1668 https://lobste.rs/s/kgbtwo #networking #reversing #security
https://blog.tangrs.id.au/2026/04/06/exploiting-cve-2026-1668-part-3/
updated 2026-04-02T15:31:41
2 posts
🔴 CVE-2026-2701 - Critical (9.1)
Authenticated user can upload a malicious file to the server and execute it, which leads to remote code execution.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2701/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Progress Software Patches Critical RCE Chain in ShareFile Storage Zones Controller
Progress Software patched two critical vulnerabilities (CVE-2026-2699 and CVE-2026-2701) in ShareFile Storage Zones Controller that allow unauthenticated attackers to bypass authentication and execute remote code.
**If you manage your own ShareFile storage zones, update to version 5.12.4 or move to version 6 to prevent full system takeover. File transfer tools are high-value targets for ransomware groups, so treat this patch as a top priority. If you can't patch, isolate the instances until they are patched. General isolation doesn't work since these systems are designed to be accessible from the public internet.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/progress-software-patches-critical-rce-chain-in-sharefile-storage-zones-controller-6-f-a-f-n/gD2P6Ple2L
updated 2026-04-02T15:31:40
2 posts
1 repos
https://github.com/watchtowrlabs/watchTowr-vs-Progress-ShareFile-CVE-2026-2699
🔴 CVE-2026-2699 - Critical (9.8)
Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2699/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Progress Software Patches Critical RCE Chain in ShareFile Storage Zones Controller
Progress Software patched two critical vulnerabilities (CVE-2026-2699 and CVE-2026-2701) in ShareFile Storage Zones Controller that allow unauthenticated attackers to bypass authentication and execute remote code.
**If you manage your own ShareFile storage zones, update to version 5.12.4 or move to version 6 to prevent full system takeover. File transfer tools are high-value targets for ransomware groups, so treat this patch as a top priority. If you can't patch, isolate the instances until they are patched. General isolation doesn't work since these systems are designed to be accessible from the public internet.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/progress-software-patches-critical-rce-chain-in-sharefile-storage-zones-controller-6-f-a-f-n/gD2P6Ple2L
updated 2026-04-01T21:30:28
4 posts
2 repos
https://github.com/TheMalwareGuardian/CVE-2026-5281
https://github.com/umair-aziz025/CVE-2026-5281-Research-Toolkit
📈 CVE Published in last 7 days (2026-03-30 - 2026-04-06)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1282
Severity:
- Critical: 134
- High: 375
- Medium: 561
- Low: 63
- None: 149
Status:
- : 54
- Analyzed: 257
- Awaiting Analysis: 410
- Modified: 9
- Received: 265
- Rejected: 7
- Undergoing Analysis: 280
Top CNAs:
- GitHub, Inc.: 374
- VulDB: 165
- VulnCheck: 147
- MITRE: 109
- kernel.org: 91
- N/A: 54
- Wordfence: 43
- Chrome: 21
- IBM Corporation: 17
- Cisco Systems, Inc.: 16
Top Affected Products:
- UNKNOWN: 933
- Endian Firewall: 30
- Openclaw: 24
- Google Chrome: 21
- Seppmail Secure Email Gateway: 14
- Apple Macos: 13
- Wwbn Avideo: 13
- Ahsanriaz26gmailcom Sales And Inventory System: 11
- Xenforo: 10
- Parseplatform Parse-server: 9
Top EPSS Score:
- CVE-2026-4257 - 15.83 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4257)
- CVE-2026-34156 - 5.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34156)
- CVE-2026-4020 - 4.49 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4020)
- CVE-2026-5281 - 3.03 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5281)
- CVE-2026-5176 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5176)
- CVE-2026-34453 - 2.67 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34453)
- CVE-2026-5102 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5102)
- CVE-2026-5103 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5103)
- CVE-2026-5104 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5104)
- CVE-2026-5105 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5105)
Geopolitical: US-Israel/Iran conflict intensifies; F-15E reportedly downed. UN debates Strait of Hormuz access.
Technology: 6G networks raise significant AI-driven cybersecurity risks. Apple plans to open Siri to rival AI in iOS 27. NASA's Artemis II mission launched astronauts to the Moon.
Cybersecurity: Google Chrome zero-day (CVE-2026-5281) actively exploited. Odido Telecom suffered a breach exposing 6 million identities. Lapsus$ claimed a supply chain attack on LiteLLM. Texas hospital hit by ransomware, affecting 250,000 patients.
#AnonNews_irc #Cybersecurity #News
CISA just added CVE-2026-5281, a vulnerability in Google Dawn, to its Known Exploited Vulnerabilities catalog. Dawn is the WebGPU implementation used across Chromium-based browsers, which means this flaw has a wide attack surface touching Chrome, Edge, and other...
Read more: https://steelefortress.com/jycnya
Cybersecurity #CyberDefense #DataPrivacy
##Geopolitical tensions rise as Iran's Strait of Hormuz blockade severely disrupts shipping, causing global oil price surges. In cybersecurity, Google issued an emergency patch for a Chrome zero-day (CVE-2026-5281) actively exploited, alongside critical F5 BIG-IP and Citrix NetScaler vulnerabilities under exploitation. The tech sector saw OpenAI secure $122B in funding, with Oracle cutting jobs for AI infrastructure investments. Social media companies face new addiction lawsuits.
##updated 2026-04-01T15:23:23.797000
1 posts
CVE-2026-4747
Re what's quoted in the opening post at <https://forums.freebsd.org/threads/102251/>, please note that Nicholas Carlini has not yet made a public statement about findings.
(I should not treat notebookcheck.net as an authoritative source on this matter.)
##updated 2026-04-01T14:24:02.583000
1 posts
2 repos
📈 CVE Published in last 7 days (2026-03-30 - 2026-04-06)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1282
Severity:
- Critical: 134
- High: 375
- Medium: 561
- Low: 63
- None: 149
Status:
- : 54
- Analyzed: 257
- Awaiting Analysis: 410
- Modified: 9
- Received: 265
- Rejected: 7
- Undergoing Analysis: 280
Top CNAs:
- GitHub, Inc.: 374
- VulDB: 165
- VulnCheck: 147
- MITRE: 109
- kernel.org: 91
- N/A: 54
- Wordfence: 43
- Chrome: 21
- IBM Corporation: 17
- Cisco Systems, Inc.: 16
Top Affected Products:
- UNKNOWN: 933
- Endian Firewall: 30
- Openclaw: 24
- Google Chrome: 21
- Seppmail Secure Email Gateway: 14
- Apple Macos: 13
- Wwbn Avideo: 13
- Ahsanriaz26gmailcom Sales And Inventory System: 11
- Xenforo: 10
- Parseplatform Parse-server: 9
Top EPSS Score:
- CVE-2026-4257 - 15.83 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4257)
- CVE-2026-34156 - 5.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34156)
- CVE-2026-4020 - 4.49 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4020)
- CVE-2026-5281 - 3.03 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5281)
- CVE-2026-5176 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5176)
- CVE-2026-34453 - 2.67 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34453)
- CVE-2026-5102 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5102)
- CVE-2026-5103 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5103)
- CVE-2026-5104 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5104)
- CVE-2026-5105 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5105)
updated 2026-03-31T03:31:35
1 posts
📈 CVE Published in last 7 days (2026-03-30 - 2026-04-06)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1282
Severity:
- Critical: 134
- High: 375
- Medium: 561
- Low: 63
- None: 149
Status:
- : 54
- Analyzed: 257
- Awaiting Analysis: 410
- Modified: 9
- Received: 265
- Rejected: 7
- Undergoing Analysis: 280
Top CNAs:
- GitHub, Inc.: 374
- VulDB: 165
- VulnCheck: 147
- MITRE: 109
- kernel.org: 91
- N/A: 54
- Wordfence: 43
- Chrome: 21
- IBM Corporation: 17
- Cisco Systems, Inc.: 16
Top Affected Products:
- UNKNOWN: 933
- Endian Firewall: 30
- Openclaw: 24
- Google Chrome: 21
- Seppmail Secure Email Gateway: 14
- Apple Macos: 13
- Wwbn Avideo: 13
- Ahsanriaz26gmailcom Sales And Inventory System: 11
- Xenforo: 10
- Parseplatform Parse-server: 9
Top EPSS Score:
- CVE-2026-4257 - 15.83 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4257)
- CVE-2026-34156 - 5.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34156)
- CVE-2026-4020 - 4.49 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4020)
- CVE-2026-5281 - 3.03 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5281)
- CVE-2026-5176 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5176)
- CVE-2026-34453 - 2.67 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34453)
- CVE-2026-5102 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5102)
- CVE-2026-5103 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5103)
- CVE-2026-5104 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5104)
- CVE-2026-5105 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5105)
updated 2026-03-31T00:31:19
1 posts
📈 CVE Published in last 7 days (2026-03-30 - 2026-04-06)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1282
Severity:
- Critical: 134
- High: 375
- Medium: 561
- Low: 63
- None: 149
Status:
- : 54
- Analyzed: 257
- Awaiting Analysis: 410
- Modified: 9
- Received: 265
- Rejected: 7
- Undergoing Analysis: 280
Top CNAs:
- GitHub, Inc.: 374
- VulDB: 165
- VulnCheck: 147
- MITRE: 109
- kernel.org: 91
- N/A: 54
- Wordfence: 43
- Chrome: 21
- IBM Corporation: 17
- Cisco Systems, Inc.: 16
Top Affected Products:
- UNKNOWN: 933
- Endian Firewall: 30
- Openclaw: 24
- Google Chrome: 21
- Seppmail Secure Email Gateway: 14
- Apple Macos: 13
- Wwbn Avideo: 13
- Ahsanriaz26gmailcom Sales And Inventory System: 11
- Xenforo: 10
- Parseplatform Parse-server: 9
Top EPSS Score:
- CVE-2026-4257 - 15.83 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4257)
- CVE-2026-34156 - 5.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34156)
- CVE-2026-4020 - 4.49 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4020)
- CVE-2026-5281 - 3.03 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5281)
- CVE-2026-5176 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5176)
- CVE-2026-34453 - 2.67 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34453)
- CVE-2026-5102 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5102)
- CVE-2026-5103 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5103)
- CVE-2026-5104 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5104)
- CVE-2026-5105 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5105)
updated 2026-03-30T18:32:18
1 posts
📈 CVE Published in last 7 days (2026-03-30 - 2026-04-06)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1282
Severity:
- Critical: 134
- High: 375
- Medium: 561
- Low: 63
- None: 149
Status:
- : 54
- Analyzed: 257
- Awaiting Analysis: 410
- Modified: 9
- Received: 265
- Rejected: 7
- Undergoing Analysis: 280
Top CNAs:
- GitHub, Inc.: 374
- VulDB: 165
- VulnCheck: 147
- MITRE: 109
- kernel.org: 91
- N/A: 54
- Wordfence: 43
- Chrome: 21
- IBM Corporation: 17
- Cisco Systems, Inc.: 16
Top Affected Products:
- UNKNOWN: 933
- Endian Firewall: 30
- Openclaw: 24
- Google Chrome: 21
- Seppmail Secure Email Gateway: 14
- Apple Macos: 13
- Wwbn Avideo: 13
- Ahsanriaz26gmailcom Sales And Inventory System: 11
- Xenforo: 10
- Parseplatform Parse-server: 9
Top EPSS Score:
- CVE-2026-4257 - 15.83 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4257)
- CVE-2026-34156 - 5.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34156)
- CVE-2026-4020 - 4.49 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4020)
- CVE-2026-5281 - 3.03 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5281)
- CVE-2026-5176 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5176)
- CVE-2026-34453 - 2.67 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34453)
- CVE-2026-5102 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5102)
- CVE-2026-5103 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5103)
- CVE-2026-5104 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5104)
- CVE-2026-5105 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5105)
updated 2026-03-30T18:31:16
1 posts
📈 CVE Published in last 7 days (2026-03-30 - 2026-04-06)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1282
Severity:
- Critical: 134
- High: 375
- Medium: 561
- Low: 63
- None: 149
Status:
- : 54
- Analyzed: 257
- Awaiting Analysis: 410
- Modified: 9
- Received: 265
- Rejected: 7
- Undergoing Analysis: 280
Top CNAs:
- GitHub, Inc.: 374
- VulDB: 165
- VulnCheck: 147
- MITRE: 109
- kernel.org: 91
- N/A: 54
- Wordfence: 43
- Chrome: 21
- IBM Corporation: 17
- Cisco Systems, Inc.: 16
Top Affected Products:
- UNKNOWN: 933
- Endian Firewall: 30
- Openclaw: 24
- Google Chrome: 21
- Seppmail Secure Email Gateway: 14
- Apple Macos: 13
- Wwbn Avideo: 13
- Ahsanriaz26gmailcom Sales And Inventory System: 11
- Xenforo: 10
- Parseplatform Parse-server: 9
Top EPSS Score:
- CVE-2026-4257 - 15.83 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4257)
- CVE-2026-34156 - 5.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34156)
- CVE-2026-4020 - 4.49 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4020)
- CVE-2026-5281 - 3.03 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5281)
- CVE-2026-5176 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5176)
- CVE-2026-34453 - 2.67 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34453)
- CVE-2026-5102 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5102)
- CVE-2026-5103 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5103)
- CVE-2026-5104 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5104)
- CVE-2026-5105 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5105)
updated 2026-03-30T18:31:16
1 posts
📈 CVE Published in last 7 days (2026-03-30 - 2026-04-06)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1282
Severity:
- Critical: 134
- High: 375
- Medium: 561
- Low: 63
- None: 149
Status:
- : 54
- Analyzed: 257
- Awaiting Analysis: 410
- Modified: 9
- Received: 265
- Rejected: 7
- Undergoing Analysis: 280
Top CNAs:
- GitHub, Inc.: 374
- VulDB: 165
- VulnCheck: 147
- MITRE: 109
- kernel.org: 91
- N/A: 54
- Wordfence: 43
- Chrome: 21
- IBM Corporation: 17
- Cisco Systems, Inc.: 16
Top Affected Products:
- UNKNOWN: 933
- Endian Firewall: 30
- Openclaw: 24
- Google Chrome: 21
- Seppmail Secure Email Gateway: 14
- Apple Macos: 13
- Wwbn Avideo: 13
- Ahsanriaz26gmailcom Sales And Inventory System: 11
- Xenforo: 10
- Parseplatform Parse-server: 9
Top EPSS Score:
- CVE-2026-4257 - 15.83 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4257)
- CVE-2026-34156 - 5.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34156)
- CVE-2026-4020 - 4.49 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4020)
- CVE-2026-5281 - 3.03 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5281)
- CVE-2026-5176 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5176)
- CVE-2026-34453 - 2.67 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34453)
- CVE-2026-5102 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5102)
- CVE-2026-5103 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5103)
- CVE-2026-5104 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5104)
- CVE-2026-5105 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5105)
updated 2026-03-30T00:31:08
1 posts
📈 CVE Published in last 7 days (2026-03-30 - 2026-04-06)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1282
Severity:
- Critical: 134
- High: 375
- Medium: 561
- Low: 63
- None: 149
Status:
- : 54
- Analyzed: 257
- Awaiting Analysis: 410
- Modified: 9
- Received: 265
- Rejected: 7
- Undergoing Analysis: 280
Top CNAs:
- GitHub, Inc.: 374
- VulDB: 165
- VulnCheck: 147
- MITRE: 109
- kernel.org: 91
- N/A: 54
- Wordfence: 43
- Chrome: 21
- IBM Corporation: 17
- Cisco Systems, Inc.: 16
Top Affected Products:
- UNKNOWN: 933
- Endian Firewall: 30
- Openclaw: 24
- Google Chrome: 21
- Seppmail Secure Email Gateway: 14
- Apple Macos: 13
- Wwbn Avideo: 13
- Ahsanriaz26gmailcom Sales And Inventory System: 11
- Xenforo: 10
- Parseplatform Parse-server: 9
Top EPSS Score:
- CVE-2026-4257 - 15.83 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4257)
- CVE-2026-34156 - 5.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34156)
- CVE-2026-4020 - 4.49 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4020)
- CVE-2026-5281 - 3.03 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5281)
- CVE-2026-5176 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5176)
- CVE-2026-34453 - 2.67 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34453)
- CVE-2026-5102 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5102)
- CVE-2026-5103 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5103)
- CVE-2026-5104 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5104)
- CVE-2026-5105 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5105)
updated 2026-03-27T21:37:34
2 posts
🟠 CVE-2026-35043 - High (7.8)
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.38, the cloud deployment path in src/bentoml/_internal/cloud/deployment.py was not included in the fix for CVE-2026-33744. Line...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35043/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-35043 - High (7.8)
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.38, the cloud deployment path in src/bentoml/_internal/cloud/deployment.py was not included in the fix for CVE-2026-33744. Line...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35043/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-27T09:31:18
1 posts
updated 2026-03-26T20:47:02.337000
2 posts
🟠 CVE-2026-35464 - High (7.5)
pyLoad is a free and open-source download manager written in Python. The fix for CVE-2026-33509 added an ADMIN_ONLY_OPTIONS set to block non-admin users from modifying security-critical config options. The storage_folder option is not in this set ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35464/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-35464 - High (7.5)
pyLoad is a free and open-source download manager written in Python. The fix for CVE-2026-33509 added an ADMIN_ONLY_OPTIONS set to block non-admin users from modifying security-critical config options. The storage_folder option is not in this set ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35464/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2025-12-10T02:00:02.557000
4 posts
100 repos
https://github.com/zack0x01/vuln-app-CVE-2025-55182
https://github.com/AdityaBhatt3010/React2Shell-CVE-2025-55182
https://github.com/dwisiswant0/CVE-2025-55182
https://github.com/sickwell/CVE-2025-55182
https://github.com/Archerkong/CVE-2025-55182
https://github.com/songsanggggg/CVE-2025-55182
https://github.com/zr0n/react2shell
https://github.com/Chocapikk/CVE-2025-55182
https://github.com/RavinduRathnayaka/CVE-2025-55182-PoC
https://github.com/CirqueiraDev/MassExploit-CVE-2025-55182
https://github.com/gensecaihq/react2shell-scanner
https://github.com/kOaDT/poc-cve-2025-55182
https://github.com/LemonTeatw1/CVE-2025-55182-exploit
https://github.com/Tiger-Foxx/exploit-react-CVE-2025-55182
https://github.com/alfazhossain/CVE-2025-55182-Exploiter
https://github.com/AliHzSec/CVE-2025-55182
https://github.com/hidden-investigations/react2shell-scanner
https://github.com/momika233/CVE-2025-55182-bypass
https://github.com/MoLeft/React2Shell-Toolbox
https://github.com/snipevx/React2Shell-POC
https://github.com/ejpir/CVE-2025-55182-bypass
https://github.com/Cillian-Collins/CVE-2025-55182
https://github.com/xcanwin/CVE-2025-55182-React-RCE
https://github.com/im-ezboy/CVE-2025-55182-zoomeye
https://github.com/surajhacx/react2shellpoc
https://github.com/mrknow001/RSC_Detector
https://github.com/santihabib/CVE-2025-55182-analysis
https://github.com/chrahman/react2shell-CVE-2025-55182-full-rce-script
https://github.com/aliclub0x00/CVE-2025-55182-POC-NEXTJS
https://github.com/alsaut1/react2shell-lab
https://github.com/Cr4at0r/Next.js-RCE-Scanner-BurpSuite-Extension-
https://github.com/msanft/CVE-2025-55182
https://github.com/subhdotsol/CVE-2025-55182
https://github.com/anuththara2007-W/CVE-2025-55182-Exploit-extension
https://github.com/keklick1337/CVE-2025-55182-golang-PoC
https://github.com/StealthMoud/CVE-2025-55182-Scanner
https://github.com/sumanrox/rschunter
https://github.com/BeichenDream/CVE-2025-55182-GodzillaMemoryShell
https://github.com/xkillbit/cve-2025-55182-scanner
https://github.com/cybertechajju/R2C-CVE-2025-55182-66478
https://github.com/M4xSec/CVE-2025-55182-React2Shell-RCE-Shell
https://github.com/hualy13/CVE-2025-55182
https://github.com/CymulateResearch/React2Shell-Scanner
https://github.com/yanoshercohen/React2Shell_CVE-2025-55182
https://github.com/Dh4v4l8/CVE-2025-55182-poc-tool
https://github.com/c0rydoras/CVE-2025-55182
https://github.com/vulncheck-oss/cve-2025-55182
https://github.com/ZihxS/check-react-rce-cve-2025-55182
https://github.com/freeqaz/react2shell
https://github.com/kavienanj/CVE-2025-55182
https://github.com/shyambhanushali/React2Shell
https://github.com/theman001/CVE-2025-55182
https://github.com/EynaExp/CVE-2025-55182-POC
https://github.com/tobiasGuta/Next.js-RSC-RCE-Scanner-Burp-Suite-Extension
https://github.com/l4rm4nd/CVE-2025-55182
https://github.com/zzhorc/CVE-2025-55182
https://github.com/Faithtiannn/CVE-2025-55182
https://github.com/websecuritylabs/React2Shell-Library
https://github.com/RuoJi6/CVE-2025-55182-RCE-shell
https://github.com/acheong08/CVE-2025-55182-poc
https://github.com/pax-k/react2shell-CVE-2025-55182-full-rce-script
https://github.com/hoosin/CVE-2025-55182
https://github.com/zack0x01/CVE-2025-55182-advanced-scanner-
https://github.com/xalgord/React2Shell
https://github.com/jctommasi/react2shellVulnApp
https://github.com/whiteov3rflow/CVE-2025-55182-poc
https://github.com/pyroxenites/Nextjs_RCE_Exploit_Tool
https://github.com/Pizz33/CVE-2025-55182-burpscanner
https://github.com/MrR0b0t19/CVE-2025-55182-shellinteractive
https://github.com/hackersatyamrastogi/react2shell-ultimate
https://github.com/BlackTechX011/React2Shell
https://github.com/theori-io/reactguard
https://github.com/MemerGamer/CVE-2025-55182
https://github.com/timsonner/React2Shell-CVE-2025-55182
https://github.com/alptexans/RSC-Detect-CVE-2025-55182
https://github.com/Rsatan/Next.js-Exploit-Tool
https://github.com/Spritualkb/CVE-2025-55182-exp
https://github.com/lachlan2k/React2Shell-CVE-2025-55182-original-poc
https://github.com/nehkark/CVE-2025-55182
https://github.com/techgaun/cve-2025-55182-scanner
https://github.com/shamo0/react2shell-PoC
https://github.com/sudo-Yangziran/CVE-2025-55182POC
https://github.com/hexsh1dow/CVE-2025-55182
https://github.com/logesh-GIT001/CVE-2025-55182
https://github.com/vijay-shirhatti/RSC-Detect-CVE-2025-55182
https://github.com/jf0x3a/CVE-2025-55182-exploit
https://github.com/VeilVulp/RscScan-cve-2025-55182
https://github.com/ThemeHackers/CVE-2025-55182
https://github.com/Updatelap/CVE-2025-55182
https://github.com/GelukCrab/React-Server-Components-RCE
https://github.com/BankkRoll/Quickcheck-CVE-2025-55182-React-and-CVE-2025-66478-Next.js
https://github.com/fatguru/CVE-2025-55182-scanner
https://github.com/ynsmroztas/NextRce
https://github.com/assetnote/react2shell-scanner
https://github.com/heiheishushu/rsc_detect_CVE-2025-55182
https://github.com/ejpir/CVE-2025-55182-research
📢 UAT-10608 : Campagne automatisée de vol de credentials ciblant les apps Next.js via CVE-2025-55182
📝 ## 🔍 Contexte
Publié le 2 avril 2026 p...
📖 cyberveille : https://cyberveille.ch/posts/2026-04-07-uat-10608-campagne-automatisee-de-vol-de-credentials-ciblant-les-apps-next-js-via-cve-2025-55182/
🌐 source : https://blog.talosintelligence.com/uat-10608-inside-a-large-scale-automated-credential-harvesting-operation-targeting-web-applications/
#CVE_2025_55182 #IOC #Cyberveille
Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials https://thehackernews.com/2026/04/hackers-exploit-cve-2025-55182-to.html
##Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials https://thehackernews.com/2026/04/hackers-exploit-cve-2025-55182-to.html
##Hackers exploit React2Shell in automated credential theft campaign
Hackers are running a large-scale campaign to steal credentials in an automated way after exploiting React2Shell (CVE-2025-55182) in vulnerable...
🔗️ [Bleepingcomputer] https://link.is.it/7WBrWn
##updated 2025-10-22T00:33:06
1 posts
📢 Akira Ransomware : compromission complète en moins d'une heure via CVE-2024-40766
📝 ## 🔍 Contexte
Cette analyse technique est publiée par le **Halcyon Ransomware Research Center** le 2 avril 2026.
📖 cyberveille : https://cyberveille.ch/posts/2026-04-05-akira-ransomware-compromission-complete-en-moins-d-une-heure-via-cve-2024-40766/
🌐 source : https://www.halcyon.ai/ransomware-research-reports/akira-ransomware-attacks-in-under-an-hour
#Akira #Akira_v2 #Cyberveille
updated 2025-10-22T00:32:19
1 posts
14 repos
https://github.com/learningsurface/ProxyShell-CVE-2021-34473.py
https://github.com/je6k/CVE-2021-34473-Exchange-ProxyShell
https://github.com/Udyz/proxyshell-auto
https://github.com/psc4re/NSE-scripts
https://github.com/horizon3ai/proxyshell
https://github.com/mithridates1313/ProxyShell_POC
https://github.com/cyberheartmi9/Proxyshell-Scanner
https://github.com/hosch3n/ProxyVulns
https://github.com/RaouzRouik/CVE-2021-34473-scanner
https://github.com/ipsBruno/CVE-2021-34473-NMAP-SCANNER
https://github.com/W01fh4cker/Serein
https://github.com/kh4sh3i/ProxyShell
hey girl, are you CVE-2021-34473? because you are a 10/10
##updated 2025-04-12T10:46:40.837000
2 posts
1 repos
#OT #Advisory VDE-2026-013
Helmholz: Use of a Broken or Risky Cryptographic Algorithm
Vulnerabilities in PROFINET-Switch devices with firmware <= V1.12.010 that allow an attacker to gain control over the device.
#CVE CVE-2016-2183
https://certvde.com/en/advisories/vde-2026-013/
#oCSAF
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-013.json
#OT #Advisory VDE-2026-013
Helmholz: Use of a Broken or Risky Cryptographic Algorithm
Vulnerabilities in PROFINET-Switch devices with firmware <= V1.12.010 that allow an attacker to gain control over the device.
#CVE CVE-2016-2183
https://certvde.com/en/advisories/vde-2026-013/
#oCSAF
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-013.json
🟠 CVE-2026-28797 - High (8.8)
RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In versions 0.24.0 and prior, a Server-Side Template Injection (SSTI) vulnerability exists in RAGFlow's Agent workflow Text Processing (StringTransform) and Message components....
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28797/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-28797 - High (8.8)
RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In versions 0.24.0 and prior, a Server-Side Template Injection (SSTI) vulnerability exists in RAGFlow's Agent workflow Text Processing (StringTransform) and Message components....
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28797/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34990 - High (7.8)
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a local unprivileged user can coerce cupsd into authenticating to an attacker-controlled localhost IPP service with ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34990/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34990 - High (7.8)
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a local unprivileged user can coerce cupsd into authenticating to an attacker-controlled localhost IPP service with ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34990/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-35182 - High (8.8)
Brave CMS is an open-source CMS. Prior to 2.0.6, this vulnerability is a missing authorization check found in the update role endpoint at routes/web.php. The POST route for /rights/update-role/{id} lacks the checkUserPermissions:assign-user-roles ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35182/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-35182 - High (8.8)
Brave CMS is an open-source CMS. Prior to 2.0.6, this vulnerability is a missing authorization check found in the update role endpoint at routes/web.php. The POST route for /rights/update-role/{id} lacks the checkUserPermissions:assign-user-roles ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35182/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-35203 - High (7.5)
ZLMediaKit is a streaming media service framework. the VP9 RTP payload parser in ext-codec/VP9Rtp.cpp reads multiple fields from the RTP payload based on flag bits in the first byte, without verifying that sufficient data exists in the buffer. A c...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35203/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-35203 - High (7.5)
ZLMediaKit is a streaming media service framework. the VP9 RTP payload parser in ext-codec/VP9Rtp.cpp reads multiple fields from the RTP payload based on flag bits in the first byte, without verifying that sufficient data exists in the buffer. A c...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35203/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-35395 - High (8.8)
WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, WeGIA (Web gerenciador para instituições assistenciais) contains a SQL injection vulnerability in dao/memorando/DespachoDAO.php. The id_memorando parameter is extracted from $_R...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35395/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-35395 - High (8.8)
WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, WeGIA (Web gerenciador para instituições assistenciais) contains a SQL injection vulnerability in dao/memorando/DespachoDAO.php. The id_memorando parameter is extracted from $_R...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35395/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 EUVD-2026-19426
📊 Score: 4.1/10 (CVSS v3.1)
📦 Product: vim
🏢 Vendor: vim
📅 Updated: 2026-04-06
📝 Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives, circumventing the previous fix for CVE-2025-53906. This vulnerabili...
🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-19426
##🔴 CVE-2026-35050 - Critical (9.1)
text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.1.1, users can save extention settings in "py" format and in the app root directory. This allows to overwrite python files, for instance the "downl...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35050/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-35050 - Critical (9.1)
text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.1.1, users can save extention settings in "py" format and in the app root directory. This allows to overwrite python files, for instance the "downl...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35050/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-35045 - High (8.1)
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the PUT /api/recipe/batch_update/ endpoint in Tandoor Recipes allows any authenticated user within a Space to modify any recipe in...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35045/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-35045 - High (8.1)
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the PUT /api/recipe/batch_update/ endpoint in Tandoor Recipes allows any authenticated user within a Space to modify any recipe in...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35045/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34975 - High (8.5)
Plunk is an open-source email platform built on top of AWS SES. Prior to 0.8.0, a CRLF header injection vulnerability was discovered in SESService.ts, where user-supplied values for from.name, subject, custom header keys/values, and attachment fil...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34975/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34975 - High (8.5)
Plunk is an open-source email platform built on top of AWS SES. Prior to 0.8.0, a CRLF header injection vulnerability was discovered in SESService.ts, where user-supplied values for from.name, subject, custom header keys/values, and attachment fil...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34975/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34148 - High (7.5)
Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to 1.9.6, 1.10.5, 2.0.8, and 2.1.1, @fedify/fedify follows HTTP redirects recursively in its remote document loader and authenticated document loader w...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34148/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34402 - High (8.1)
ChurchCRM is an open-source church management system. Prior to 7.1.0, authenticated users with Edit Records or Manage Groups permissions can exploit a time-based blind SQL injection vulnerability in the PropertyAssign.php endpoint to exfiltrate or...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34402/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34982 - High (8.2)
Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The `complete`, `guitabtooltip` and `printheader` options are miss...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34982/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33510 - High (8.8)
Homarr is an open-source dashboard. Prior to 1.57.0, a DOM-based Cross-Site Scripting (XSS) vulnerability has been discovered in Homarr's /auth/login page. The application improperly trusts a URL parameter (callbackUrl), which is passed to redirec...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33510/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33510 - High (8.8)
Homarr is an open-source dashboard. Prior to 1.57.0, a DOM-based Cross-Site Scripting (XSS) vulnerability has been discovered in Homarr's /auth/login page. The application improperly trusts a URL parameter (callbackUrl), which is passed to redirec...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33510/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26027 - High (7.5)
GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated user can store an XSS payload through the inventory endpoint. This vulnerability is fixed in 11.0.6.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26027/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Tiens, intéressant : il s’agit du rapport technique sur la faille #glpi, à l'origine du patch du mois passé.
Si vous administrez un service GLPI
⬇️
"mettez à jour vers la version 11.0.6 disponible depuis le 3 mars 2026. Si la mise à jour n’est pas encore possible, activez l’authentification sur l’endpoint /Inventory (Paramètres → Inventaire → En-tête d’autorisation)."
⬇️
"GLPI : Blind XSS → ATO → SSTI → RCE — anatomie d'une chaîne 0-day
BZHunt a découvert deux vulnérabilités chaînées dans GLPI 11.0.0–11.0.5 (CVE-2026-26026, CVE-2026-26027) permettant à un attaquant non authentifié d'exécuter du code arbitraire via une Blind Stored XSS et une SSTI. Analyse technique complète et responsible disclosure."
👇
https://www.bzhunt.fr/blog/cve_glpi/
...et nice to know: Claude a encore aidé & tiré (Notice de transparence très appréciée)
"Cette recherche a été conduite avec l’assistance de Claude Opus 4.6 (Anthropic), utilisé par BZHunt dans son processus de R&D. Toutes les vulnérabilités ont été identifiées, vérifiées et exploitées par des chercheurs humains. Nous faisons le choix de la transparence sur l’usage de l’IA dans nos travaux, dans l’attente que des standards clairs émergent sur ce sujet."
#CyberVeille #CVE_2026_26026 CVE-2026-26027
##🔴 CVE-2026-26026 - Critical (9.1)
GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, template injection by an administrator lead to RCE. This vulnerability is fixed in 11.0.6.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26026/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Tiens, intéressant : il s’agit du rapport technique sur la faille #glpi, à l'origine du patch du mois passé.
Si vous administrez un service GLPI
⬇️
"mettez à jour vers la version 11.0.6 disponible depuis le 3 mars 2026. Si la mise à jour n’est pas encore possible, activez l’authentification sur l’endpoint /Inventory (Paramètres → Inventaire → En-tête d’autorisation)."
⬇️
"GLPI : Blind XSS → ATO → SSTI → RCE — anatomie d'une chaîne 0-day
BZHunt a découvert deux vulnérabilités chaînées dans GLPI 11.0.0–11.0.5 (CVE-2026-26026, CVE-2026-26027) permettant à un attaquant non authentifié d'exécuter du code arbitraire via une Blind Stored XSS et une SSTI. Analyse technique complète et responsible disclosure."
👇
https://www.bzhunt.fr/blog/cve_glpi/
...et nice to know: Claude a encore aidé & tiré (Notice de transparence très appréciée)
"Cette recherche a été conduite avec l’assistance de Claude Opus 4.6 (Anthropic), utilisé par BZHunt dans son processus de R&D. Toutes les vulnérabilités ont été identifiées, vérifiées et exploitées par des chercheurs humains. Nous faisons le choix de la transparence sur l’usage de l’IA dans nos travaux, dans l’attente que des standards clairs émergent sur ce sujet."
#CyberVeille #CVE_2026_26026 CVE-2026-26027
##There's a new unauth remote code execution bug in the CentOS Control Web Panel web hosting toolkit, tracked as CVE-2025-70951, that will need patching in the coming days
##⚠️ SQL Injection (CVSS 10, CRITICAL) in Kestra < 1.3.7 — authenticated users can trigger RCE via /api/v1/main/flows/search. Patch to v1.3.7 to mitigate. CVE-2026-34612. Details: https://radar.offseq.com/threat/cve-2026-34612-cwe-89-improper-neutralization-of-s-c7c6454f #OffSeq #Kestra #SQLInjection #RCE
##🟠 CVE-2026-31932 - High (7.5)
Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, inefficiency in KRB5 buffering can lead to performance degradation. This issue has been patched in versions 7.0.15 and 8.0.4.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31932/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##