## Updated at UTC 2026-04-24T04:23:12.159990

Access data as JSON

CVE CVSS EPSS Posts Repos Nuclei Updated Description
CVE-2026-40630 9.8 0.00% 2 0 2026-04-24T00:16:29.040000 A vulnerability in  SenseLive X3050’s web management interface allows unauthor
CVE-2026-40620 9.8 0.00% 2 0 2026-04-24T00:16:28.690000 A vulnerability in SenseLive X3050’s embedded management service allows full adm
CVE-2026-25775 9.8 0.00% 2 0 2026-04-24T00:16:26.757000 A vulnerability in SenseLive X3050’s remote management service allows firmware r
CVE-2026-41353 8.1 0.00% 2 0 2026-04-23T22:16:42.493000 OpenClaw before 2026.3.22 contains an access control bypass vulnerability in the
CVE-2026-41352 8.8 0.00% 2 0 2026-04-23T22:16:42.327000 OpenClaw before 2026.3.31 contains a remote code execution vulnerability where a
CVE-2026-41349 8.8 0.00% 2 0 2026-04-23T22:16:41.827000 OpenClaw before 2026.3.28 contains an agentic consent bypass vulnerability allow
CVE-2026-41336 7.8 0.00% 2 0 2026-04-23T22:16:39.603000 OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAW_B
CVE-2026-33819 10.0 0.00% 2 0 2026-04-23T22:16:37.817000 Deserialization of untrusted data in Microsoft Bing allows an unauthorized attac
CVE-2026-33102 9.3 0.00% 2 0 2026-04-23T22:16:37.093000 Url redirection to untrusted site ('open redirect') in M365 Copilot allows an un
CVE-2026-32210 9.3 0.00% 2 0 2026-04-23T22:16:35.260000 Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an
CVE-2026-32172 8.0 0.00% 2 0 2026-04-23T22:16:33.720000 Uncontrolled search path element in Microsoft Power Apps allows an unauthorized
CVE-2026-26210 9.8 0.00% 2 0 2026-04-23T22:16:26.400000 KTransformers through 0.5.3 contains an unsafe deserialization vulnerability in
CVE-2026-31178 9.8 0.00% 2 0 2026-04-23T21:32:28 An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allo
CVE-2026-6920 7.5 0.00% 2 0 2026-04-23T21:32:28 Out of bounds read in GPU in Google Chrome on Android prior to 147.0.7727.117 al
CVE-2026-39087 9.8 0.00% 2 0 2026-04-23T21:32:26 An issue in Ntfy ntfy.sh before v.2.21 allows a remote attacker to execute arbit
CVE-2026-31177 9.8 0.00% 2 0 2026-04-23T21:31:22 An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allo
CVE-2026-6942 9.8 0.00% 2 0 2026-04-23T21:16:06.947000 radare2-mcp version 1.6.0 and earlier contains an os command injection vulnerabi
CVE-2026-41268 7.7 0.00% 2 0 2026-04-23T21:16:06.120000 Flowise is a drag & drop user interface to build a customized large language mod
CVE-2026-28950 6.2 0.02% 5 0 2026-04-23T21:16:05.527000 A logging issue was addressed with improved data redaction. This issue is fixed
CVE-2026-5816 8.0 0.01% 1 0 2026-04-23T20:30:30.267000 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10
CVE-2026-41138 8.3 0.00% 2 0 2026-04-23T20:16:14.380000 Flowise is a drag & drop user interface to build a customized large language mod
CVE-2026-41246 8.1 0.00% 2 0 2026-04-23T19:17:29.670000 Contour is a Kubernetes ingress controller using Envoy proxy. From v1.19.0 to be
CVE-2026-40886 7.7 0.00% 2 0 2026-04-23T19:17:28.617000 Argo Workflows is an open source container-native workflow engine for orchestrat
CVE-2026-31181 9.8 0.00% 2 0 2026-04-23T19:17:26.633000 An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allo
CVE-2025-62373 9.8 0.00% 2 0 2026-04-23T19:17:22.843000 Pipecat is an open-source Python framework for building real-time voice and mult
CVE-2026-34291 8.7 0.03% 1 0 2026-04-23T18:48:51.783000 Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (com
CVE-2026-33999 7.8 0.00% 2 0 2026-04-23T18:33:25 A flaw was found in the X.Org X server. This integer underflow vulnerability, sp
CVE-2026-40471 9.6 0.00% 2 0 2026-04-23T18:33:25 hackage-server lacked Cross-Site Request Forgery (CSRF) protection across its en
CVE-2026-40472 9.9 0.00% 2 0 2026-04-23T18:33:23 In hackage-server, user-controlled metadata from .cabal files are rendered into
CVE-2026-35225 None 0.00% 2 0 2026-04-23T18:33:23 An unauthenticated remote attacker is able to exhaust all available TCP connecti
CVE-2026-34001 7.8 0.00% 2 0 2026-04-23T18:33:21 A flaw was found in the X.Org X server. This use-after-free vulnerability occurs
CVE-2026-41460 9.8 0.00% 2 0 2026-04-23T18:33:20 SocialEngine versions 7.8.0 and prior contain a SQL injection vulnerability in t
CVE-2026-41679 10.0 0.17% 4 0 2026-04-23T18:16:29.447000 Paperclip is a Node.js server and React UI that orchestrates a team of AI agents
CVE-2026-41461 8.5 0.00% 2 0 2026-04-23T18:16:29.330000 SocialEngine versions 7.8.0 and prior contain a blind server-side request forger
CVE-2026-34297 7.5 0.03% 2 0 2026-04-23T18:10:28.700000 Vulnerability in the Oracle HCM Common Architecture product of Oracle E-Business
CVE-2026-33825 7.8 13.76% 6 3 2026-04-23T17:26:30.713000 Insufficient granularity of access control in Microsoft Defender allows an autho
CVE-2026-40470 9.9 0.00% 2 0 2026-04-23T16:16:25.523000 A critical XSS vulnerability affected hackage-server and hackage.haskell.org. H
CVE-2026-34003 7.8 0.00% 2 0 2026-04-23T16:16:24.920000 A flaw was found in the X.Org X server's XKB key types request validation. A loc
CVE-2026-23751 9.8 0.00% 2 0 2026-04-23T16:16:24.463000 Kofax Capture, now referred to as Tungsten Capture, version 6.0.0.0 (other versi
CVE-2026-31018 8.8 0.04% 1 0 2026-04-23T16:15:59.613000 In Dolibarr ERP & CRM <= 22.0.4, PHP code detection and editing permission enfor
CVE-2026-40869 7.5 0.03% 1 0 2026-04-23T16:08:50.607000 Decidim is a participatory democracy framework. Starting in version 0.19.0 and p
CVE-2026-40931 8.4 0.01% 1 0 2026-04-23T15:49:20.480000 Compressing is a compressing and uncompressing lib for node. Prior to 2.1.1 and
CVE-2026-28386 9.1 0.05% 1 0 2026-04-23T15:40:23.007000 Issue summary: Applications using AES-CFB128 encryption or decryption on systems
CVE-2026-39440 10.0 0.00% 2 0 2026-04-23T15:39:02 Improper Control of Generation of Code ('Code Injection') vulnerability in Funne
CVE-2026-41167 9.1 0.08% 3 0 2026-04-23T15:37:23.773000 Jellystat is a free and open source Statistics App for Jellyfin. Prior to versio
CVE-2026-40882 7.6 0.06% 1 0 2026-04-23T15:37:23.580000 OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.
CVE-2026-40372 8.1 0.04% 7 0 2026-04-23T14:55:42 ## Executive Summary: A bug in `Microsoft.AspNetCore.DataProtection` 10.0.0-10
CVE-2026-35251 7.5 0.01% 1 0 2026-04-23T12:57:56.917000 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (comp
CVE-2026-35230 7.5 0.01% 1 0 2026-04-23T12:56:40.480000 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (comp
CVE-2026-6887 9.8 0.08% 6 0 2026-04-23T12:31:45 Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has
CVE-2026-6903 7.5 0.03% 2 0 2026-04-23T12:31:45 The LabOne Web Server, backing the LabOne User Interface, contains insufficient
CVE-2026-6886 9.8 0.16% 2 0 2026-04-23T12:31:45 Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has
CVE-2026-6885 9.8 0.19% 2 0 2026-04-23T12:31:45 Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has
CVE-2026-34285 9.1 0.03% 1 0 2026-04-23T12:08:08.803000 Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion
CVE-2026-34287 9.1 0.03% 1 0 2026-04-23T12:07:28.307000 Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion
CVE-2026-41040 7.5 0.04% 4 0 2026-04-23T09:33:05 GROWI provided by GROWI, Inc. is vulnerable to a regular expression denial of se
CVE-2026-3844 9.8 0.06% 3 0 2026-04-23T04:00:28 The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads du
CVE-2026-41196 0 0.07% 1 0 2026-04-23T02:16:17.900000 Luanti (formerly Minetest) is an open source voxel game-creation platform. Start
CVE-2026-41455 8.5 0.03% 1 0 2026-04-23T00:31:19 WeKan before 8.35 contains a server-side request forgery vulnerability in webhoo
CVE-2026-41454 8.3 0.04% 1 0 2026-04-23T00:31:19 WeKan before 8.35 contains a missing authorization vulnerability in the Integrat
CVE-2026-41175 8.1 0.05% 1 0 2026-04-22T22:16:31.820000 Statamic is a Laravel and Git powered content management system (CMS). Prior to
CVE-2026-40517 7.8 0.02% 1 0 2026-04-22T22:16:31.183000 radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB par
CVE-2026-41468 8.7 0.07% 3 0 2026-04-22T21:32:18 Beghelli Sicuro24 SicuroWeb embeds AngularJS 1.5.2, an end-of-life component con
CVE-2026-34415 9.8 0.19% 3 0 2026-04-22T21:32:18 Xerte Online Toolkits versions 3.15 and earlier contain an incomplete input vali
CVE-2026-26354 8.1 0.05% 1 0 2026-04-22T21:32:11 Dell PowerProtect Data Domain with Domain Operating System (DD OS) of Feature Re
CVE-2026-34275 9.8 0.04% 1 0 2026-04-22T21:24:26.997000 Vulnerability in the Oracle Advanced Inbound Telephony product of Oracle E-Busin
CVE-2026-40911 10.0 0.17% 2 0 2026-04-22T21:24:26.997000 WWBN AVideo is an open source video platform. In versions 29.0 and prior, the YP
CVE-2026-40906 9.9 0.03% 3 0 2026-04-22T21:24:26.997000 Electric is a Postgres sync engine. From 1.1.12 to before 1.5.0, the order_by pa
CVE-2026-35229 7.5 0.03% 1 0 2026-04-22T21:24:26.997000 Vulnerability in the Java VM component of Oracle Database Server. Supported ver
CVE-2026-40884 9.8 0.06% 1 0 2026-04-22T21:24:26.997000 goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs contains
CVE-2026-24189 8.2 0.04% 1 0 2026-04-22T21:24:26.997000 NVIDIA CUDA-Q contains a vulnerability in an endpoint, where an unauthenticated
CVE-2026-24177 7.7 0.03% 1 0 2026-04-22T21:24:26.997000 NVIDIA KAI Scheduler contains a vulnerability where an attacker could access API
CVE-2026-40868 8.1 0.03% 1 0 2026-04-22T21:24:26.997000 Kyverno is a policy engine designed for cloud native platform engineering teams.
CVE-2026-41651 8.8 0.03% 9 2 2026-04-22T21:23:52.620000 PackageKit is a a D-Bus abstraction layer that allows the user to manage package
CVE-2026-33471 9.6 0.03% 2 0 2026-04-22T21:23:52.620000 nimiq-block contains block primitives to be used in Nimiq's Rust implementation.
CVE-2026-41059 8.2 0.13% 1 0 2026-04-22T21:23:52.620000 OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 provid
CVE-2026-40575 9.1 0.08% 1 0 2026-04-22T21:23:52.620000 OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 provid
CVE-2026-41133 8.8 0.03% 1 0 2026-04-22T21:23:52.620000 pyLoad is a free and open-source download manager written in Python. Versions up
CVE-2026-22754 7.5 0.03% 1 0 2026-04-22T21:23:52.620000 Vulnerability in Spring Spring Security. If an application uses <sec:intercept-u
CVE-2026-22753 7.5 0.05% 1 0 2026-04-22T21:23:52.620000 Vulnerability in Spring Spring Security. If an application is using securityMatc
CVE-2026-6023 8.1 0.34% 1 0 2026-04-22T21:23:52.620000 In Progress® Telerik® UI for AJAX versions 2024.4.1114 through 2026.1.421, the R
CVE-2026-34065 7.5 0.04% 1 0 2026-04-22T21:23:52.620000 nimiq-primitives contains primitives (e.g., block, account, transaction) to be u
CVE-2026-6846 7.8 0.01% 1 0 2026-04-22T21:23:52.620000 A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when p
CVE-2026-6859 8.8 0.15% 1 0 2026-04-22T21:23:52.620000 A flaw was found in InstructLab. The `linux_train.py` script hardcodes `trust_re
CVE-2026-35548 8.5 0.03% 1 0 2026-04-22T21:23:52.620000 An issue was discovered in guardsix (formerly Logpoint) ODBC Enrichment Plugins
CVE-2026-41060 7.7 0.03% 1 0 2026-04-22T21:23:52.620000 WWBN AVideo is an open source video platform. In versions 29.0 and below, the `i
CVE-2026-6832 8.1 0.09% 1 0 2026-04-22T21:23:52.620000 Hermes WebUI contains an arbitrary file deletion vulnerability in the /api/sessi
CVE-2026-40925 8.3 0.02% 1 0 2026-04-22T21:23:52.620000 WWBN AVideo is an open source video platform. In versions 29.0 and prior, `objec
CVE-2026-6823 8.2 0.08% 1 0 2026-04-22T21:23:52.620000 HKUDS OpenHarness prior to PR #147 remediation contains an insecure default conf
CVE-2026-34413 8.6 0.33% 1 0 2026-04-22T21:18:45.917000 Xerte Online Toolkits versions 3.15 and earlier contain a missing authentication
CVE-2026-40568 8.5 0.03% 1 0 2026-04-22T21:10:14.290000 FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to
CVE-2026-40870 7.5 0.03% 1 0 2026-04-22T21:08:48.550000 Decidim is a participatory democracy framework. Starting in version 0.0.1 and pr
CVE-2026-40887 9.1 4.56% 1 0 template 2026-04-22T21:08:48.550000 Vendure is an open-source headless commerce platform. Starting in version 1.7.4
CVE-2026-40946 0 0.05% 1 0 2026-04-22T20:28:12.780000 Oxia is a metadata store and coordination system. Prior to 0.16.2, the OIDC auth
CVE-2026-41135 7.5 0.04% 1 0 2026-04-22T19:49:46 ## Summary A memory leak vulnerability in the free5GC PCF (Policy Control Funct
CVE-2026-40937 8.3 0.05% 1 0 2026-04-22T19:24:54 # Missing Admin Auth on Notification Target Endpoints in RustFS ### Finding Su
CVE-2026-5262 8.0 0.02% 1 0 2026-04-22T18:31:58 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.1.
CVE-2026-4922 8.1 0.01% 1 0 2026-04-22T18:31:58 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.0
CVE-2026-35344 3.3 0.01% 2 0 2026-04-22T18:31:54 The dd utility in uutils coreutils suppresses errors during file truncation oper
CVE-2018-25270 9.8 0.18% 1 0 2026-04-22T18:31:52 ThinkPHP 5.0.23 contains a remote code execution vulnerability that allows unaut
CVE-2026-35368 7.9 0.01% 1 0 2026-04-22T18:31:46 A vulnerability exists in the chroot utility of uutils coreutils when using the
CVE-2026-35246 7.6 0.01% 1 0 2026-04-22T18:31:43 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (comp
CVE-2026-35245 7.5 0.04% 1 0 2026-04-22T18:31:43 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (comp
CVE-2026-35242 7.6 0.01% 2 0 2026-04-22T18:31:43 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (comp
CVE-2026-35243 7.8 0.01% 1 0 2026-04-22T18:31:43 Vulnerability in the Oracle Application Development Framework (ADF) product of O
CVE-2026-34309 8.1 0.03% 1 0 2026-04-22T18:31:42 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleS
CVE-2026-35231 7.5 0.03% 1 0 2026-04-22T18:31:42 Vulnerability in the Oracle Financial Services Transaction Filtering product of
CVE-2026-34310 7.5 0.03% 1 0 2026-04-22T18:31:41 Vulnerability in the Oracle Financial Services Analytical Applications Infrastru
CVE-2026-34320 7.5 0.03% 1 0 2026-04-22T15:32:43 Vulnerability in the Oracle Financial Services Customer Screening product of Ora
CVE-2026-5398 8.4 0.01% 1 0 2026-04-22T15:32:43 The implementation of TIOCNOTTY failed to clear a back-pointer from the structur
CVE-2026-34290 7.5 0.04% 1 0 2026-04-22T15:32:42 Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion
CVE-2026-6356 9.6 0.03% 1 1 2026-04-22T15:31:57 A vulnerability in the web application allows standard users to escalate their p
CVE-2026-33593 7.5 0.02% 1 0 2026-04-22T15:31:56 A client can trigger a divide by zero error leading to crash by sending a crafte
CVE-2026-6857 7.5 0.37% 1 0 2026-04-22T15:31:51 A flaw was found in camel-infinispan. This vulnerability involves unsafe deseria
CVE-2026-34305 7.5 0.03% 2 0 2026-04-22T15:31:41 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware
CVE-2026-34279 9.1 0.04% 1 0 2026-04-22T15:31:40 Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle E
CVE-2026-34286 9.1 0.03% 2 0 2026-04-22T15:31:39 Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion
CVE-2026-40161 7.7 0.03% 1 0 2026-04-22T11:38:56 ### Summary The Tekton Pipelines git resolver in API mode sends the system-conf
CVE-2026-4119 9.1 0.02% 2 0 2026-04-22T09:31:41 The Create DB Tables plugin for WordPress is vulnerable to authorization bypass
CVE-2026-6022 7.5 0.04% 1 0 2026-04-22T09:31:40 In Progress® Telerik® UI for AJAX prior to 2026.1.421, RadAsyncUpload contains a
CVE-2026-6235 9.8 0.03% 1 0 2026-04-22T09:31:40 The Sendmachine for WordPress plugin for WordPress is vulnerable to authorizatio
CVE-2026-6834 6.5 0.04% 1 0 2026-04-22T06:30:35 The a+HRD developed by aEnrich has a Missing Authorization vulnerability, allowi
CVE-2026-6784 7.5 0.04% 2 0 2026-04-22T00:32:48 Memory safety bugs present in Firefox 149 and Thunderbird 149. Some of these bug
CVE-2026-6772 7.5 0.04% 1 0 2026-04-22T00:32:44 Incorrect boundary conditions in the Libraries component in NSS. This vulnerabil
CVE-2026-6748 9.8 0.05% 1 0 2026-04-22T00:32:43 Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerabilit
CVE-2026-6771 9.8 0.05% 1 0 2026-04-22T00:32:43 Mitigation bypass in the DOM: Security component. This vulnerability was fixed i
CVE-2026-31019 8.8 0.15% 1 0 2026-04-21T21:32:31 In the Website module of Dolibarr ERP & CRM 22.0.4 and below, the application us
CVE-2026-6819 8.8 0.04% 1 0 2026-04-21T21:31:34 HKUDS OpenHarness prior to PR #156 remediation exposes plugin lifecycle commands
CVE-2026-40938 7.5 0.07% 1 0 2026-04-21T20:28:37 ## Summary The git resolver's `revision` parameter is passed directly as a posi
CVE-2026-41197 None 0.04% 1 0 2026-04-21T20:16:10 ## Description Noir programs can invoke external functions through foreign call
CVE-2026-40050 9.8 0.27% 2 0 2026-04-21T18:32:04 CrowdStrike has released security updates to address a critical unauthenticated
CVE-2025-15638 10.0 0.01% 1 0 2026-04-21T18:32:04 Net::Dropbear versions before 0.14 for Perl contains a vulnerable version of lib
CVE-2026-41329 9.9 0.04% 1 0 2026-04-21T16:20:24.180000 OpenClaw before 2026.3.31 contains a sandbox bypass vulnerability allowing attac
CVE-2026-5752 9.3 0.02% 3 0 2026-04-21T15:16:37.563000 Sandbox Escape Vulnerability in Terrarium allows arbitrary code execution with r
CVE-2026-33626 7.5 0.03% 3 0 2026-04-21T15:04:13 ## Summary A Server-Side Request Forgery (SSRF) vulnerability exists in LMDeplo
CVE-2026-20128 7.5 0.05% 2 0 2026-04-21T13:00:03.373000 A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-
CVE-2026-20133 6.5 1.39% 1 0 2026-04-20T21:32:43 A vulnerability in Cisco Catalyst SD-WAN Manager could allow an unauthenticated,
CVE-2026-20122 5.4 1.12% 2 0 2026-04-20T21:31:38 A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authe
CVE-2026-33824 9.8 0.10% 3 2 2026-04-17T19:21:23.993000 Double free in Windows IKE Extension allows an unauthorized attacker to execute
CVE-2026-40933 10.0 0.07% 2 0 2026-04-16T21:18:18 ### Summary Due to unsafe serialization of stdio commands in the MCP adapter, an
CVE-2026-40890 7.5 0.04% 1 0 2026-04-15T21:18:41 ### Summary Processing a malformed input containing a `<` character that is not
CVE-2026-40879 7.5 0.04% 1 0 2026-04-15T21:14:55 ### Impact Attacker sends many small, valid JSON messages in one TCP frame → ha
CVE-2026-40576 9.4 0.05% 1 0 2026-04-15T21:06:59 ## Summary A path traversal vulnerability exists in [`excel-mcp-server`](https:
CVE-2018-25193 7.5 0.14% 2 0 2026-04-15T14:53:58.147000 Mongoose Web Server 6.9 contains a denial of service vulnerability that allows r
CVE-2026-34621 8.6 7.60% 2 5 2026-04-13T21:23:27 Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by a
CVE-2026-39987 None 6.99% 5 5 template 2026-04-09T19:06:18 ## Summary Marimo (19.6k stars) has a Pre-Auth RCE vulnerability. The terminal
CVE-2026-4747 8.8 0.08% 1 2 2026-04-01T15:30:57 Each RPCSEC_GSS data packet is validated by a routine which checks a signature i
CVE-2025-15467 8.8 0.70% 3 6 2026-03-19T19:16:19.230000 Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with malic
CVE-2026-20126 8.8 0.02% 1 0 2026-03-04T21:21:49.053000 A vulnerability in Cisco Catalyst SD-WAN Manager could allow an authenticated, l
CVE-2026-24884 8.4 0.01% 1 0 2026-02-27T20:27:32.587000 Compressing is a compressing and uncompressing lib for node. In version 2.0.0 an
CVE-2025-69419 7.4 0.06% 1 0 2026-01-29T18:32:43 Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously craft
CVE-2026-21445 None 6.97% 1 1 template 2026-01-05T01:10:11 ### Summary Multiple critical API endpoints in Langflow are missing authenticati
CVE-2023-46805 8.2 94.41% 2 9 template 2025-10-31T21:59:38.500000 An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 2
CVE-2024-21887 9.1 94.41% 2 12 template 2025-10-31T21:56:55.430000 A command injection vulnerability in web components of Ivanti Connect Secure (9.
CVE-2023-33538 8.8 89.90% 2 2 2025-10-22T00:33:51 TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to
CVE-2026-41267 0 0.00% 2 0 N/A
CVE-2026-41230 0 0.04% 2 0 N/A
CVE-2026-41229 0 0.04% 2 0 N/A
CVE-2026-41228 0 0.06% 3 0 N/A
CVE-2026-41564 0 0.02% 4 0 N/A
CVE-2026-41241 0 0.00% 2 0 N/A
CVE-2026-6786 0 0.05% 1 0 N/A
CVE-2026-6785 0 0.06% 1 0 N/A
CVE-2026-33656 0 0.05% 1 1 N/A
CVE-2026-41064 0 0.03% 2 0 N/A
CVE-2026-34063 0 0.04% 1 0 N/A
CVE-2026-35328 0 0.00% 1 0 N/A
CVE-2026-3323 0 0.00% 1 0 N/A
CVE-2026-41056 0 0.04% 1 0 N/A
CVE-2026-41055 0 0.03% 1 0 N/A
CVE-2026-41058 0 0.04% 1 0 N/A
CVE-2026-40706 0 0.01% 1 0 N/A
CVE-2026-40905 0 0.03% 2 0 N/A
CVE-2026-40903 0 0.03% 1 0 N/A
CVE-2026-40909 0 0.10% 1 0 N/A
CVE-2026-40569 0 0.04% 1 0 N/A
CVE-2026-40613 0 0.08% 1 0 N/A

CVE-2026-40630
(9.8 CRITICAL)

EPSS: 0.00%

updated 2026-04-24T00:16:29.040000

2 posts

A vulnerability in  SenseLive X3050’s web management interface allows unauthorized access to certain configuration endpoints due to improper access control enforcement. An attacker with network access to the device may be able to bypass the intended authentication mechanism and directly interact with sensitive configuration functions.

offseq at 2026-04-24T00:00:38.328Z ##

🚨 CRITICAL: SenseLive X3050 v1.523 is vulnerable to authentication bypass (CVE-2026-40630) via alternate paths. No fix yet — restrict device network access and monitor closely. radar.offseq.com/threat/cve-20

##

offseq@infosec.exchange at 2026-04-24T00:00:38.000Z ##

🚨 CRITICAL: SenseLive X3050 v1.523 is vulnerable to authentication bypass (CVE-2026-40630) via alternate paths. No fix yet — restrict device network access and monitor closely. radar.offseq.com/threat/cve-20 #OffSeq #CVE202640630 #IoTSecurity #VulnAlert

##

CVE-2026-40620
(9.8 CRITICAL)

EPSS: 0.00%

updated 2026-04-24T00:16:28.690000

2 posts

A vulnerability in SenseLive X3050’s embedded management service allows full administrative control to be established without any form of authentication or authorization on the SenseLive config application. The service accepts management connections from any reachable host, enabling unrestricted modification of critical configuration parameters, operational modes, and device state through a vendor

offseq at 2026-04-24T03:00:25.381Z ##

SenseLive X3050 V1.523 is at CRITICAL risk (CVE-2026-40620, CVSS 9.3): missing auth lets remote attackers gain admin access. No patch yet — restrict management access, monitor logs, and follow vendor updates. radar.offseq.com/threat/cve-20

##

offseq@infosec.exchange at 2026-04-24T03:00:25.000Z ##

SenseLive X3050 V1.523 is at CRITICAL risk (CVE-2026-40620, CVSS 9.3): missing auth lets remote attackers gain admin access. No patch yet — restrict management access, monitor logs, and follow vendor updates. radar.offseq.com/threat/cve-20 #OffSeq #CVE202640620 #IoTSecurity

##

CVE-2026-25775
(9.8 CRITICAL)

EPSS: 0.00%

updated 2026-04-24T00:16:26.757000

2 posts

A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-related requests from any reachable host and does not verify user privileges, integrity of uploaded images, or the authenticity of provided firmware.

offseq at 2026-04-24T01:30:28.276Z ##

🔍 CVE-2026-25775: SenseLive X3050 (V1.523) critical vuln — remote firmware updates possible without auth! Patch unavailable. Restrict access & monitor for unauthorized firmware actions. radar.offseq.com/threat/cve-20

##

offseq@infosec.exchange at 2026-04-24T01:30:28.000Z ##

🔍 CVE-2026-25775: SenseLive X3050 (V1.523) critical vuln — remote firmware updates possible without auth! Patch unavailable. Restrict access & monitor for unauthorized firmware actions. radar.offseq.com/threat/cve-20 #OffSeq #IoTSecurity #CVE202625775

##

CVE-2026-41353
(8.1 HIGH)

EPSS: 0.00%

updated 2026-04-23T22:16:42.493000

2 posts

OpenClaw before 2026.3.22 contains an access control bypass vulnerability in the allowProfiles feature that allows attackers to circumvent profile restrictions through persistent profile mutation and runtime profile selection. Remote attackers can exploit this by manipulating browser proxy profiles at runtime to access restricted profiles and bypass intended access controls.

thehackerwire@mastodon.social at 2026-04-23T22:25:21.000Z ##

🟠 CVE-2026-41353 - High (8.1)

OpenClaw before 2026.3.22 contains an access control bypass vulnerability in the allowProfiles feature that allows attackers to circumvent profile restrictions through persistent profile mutation and runtime profile selection. Remote attackers can...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-23T22:25:21.000Z ##

🟠 CVE-2026-41353 - High (8.1)

OpenClaw before 2026.3.22 contains an access control bypass vulnerability in the allowProfiles feature that allows attackers to circumvent profile restrictions through persistent profile mutation and runtime profile selection. Remote attackers can...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41352
(8.8 HIGH)

EPSS: 0.00%

updated 2026-04-23T22:16:42.327000

2 posts

OpenClaw before 2026.3.31 contains a remote code execution vulnerability where a device-paired node can bypass the node scope gate authentication mechanism. Attackers with device pairing credentials can execute arbitrary node commands on the host system without proper node pairing validation.

thehackerwire@mastodon.social at 2026-04-23T22:25:10.000Z ##

🟠 CVE-2026-41352 - High (8.8)

OpenClaw before 2026.3.31 contains a remote code execution vulnerability where a device-paired node can bypass the node scope gate authentication mechanism. Attackers with device pairing credentials can execute arbitrary node commands on the host ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-23T22:25:10.000Z ##

🟠 CVE-2026-41352 - High (8.8)

OpenClaw before 2026.3.31 contains a remote code execution vulnerability where a device-paired node can bypass the node scope gate authentication mechanism. Attackers with device pairing credentials can execute arbitrary node commands on the host ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41349
(8.8 HIGH)

EPSS: 0.00%

updated 2026-04-23T22:16:41.827000

2 posts

OpenClaw before 2026.3.28 contains an agentic consent bypass vulnerability allowing LLM agents to silently disable execution approval via config.patch parameter. Remote attackers can exploit this to bypass security controls and execute unauthorized operations without user consent.

thehackerwire@mastodon.social at 2026-04-23T22:25:31.000Z ##

🟠 CVE-2026-41349 - High (8.8)

OpenClaw before 2026.3.28 contains an agentic consent bypass vulnerability allowing LLM agents to silently disable execution approval via config.patch parameter. Remote attackers can exploit this to bypass security controls and execute unauthorize...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-23T22:25:31.000Z ##

🟠 CVE-2026-41349 - High (8.8)

OpenClaw before 2026.3.28 contains an agentic consent bypass vulnerability allowing LLM agents to silently disable execution approval via config.patch parameter. Remote attackers can exploit this to bypass security controls and execute unauthorize...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41336
(7.8 HIGH)

EPSS: 0.00%

updated 2026-04-23T22:16:39.603000

2 posts

OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAW_BUNDLED_HOOKS_DIR environment variable, enabling loading of attacker-controlled hook code. Attackers can replace trusted default-on bundled hooks from untrusted workspaces to execute arbitrary code.

thehackerwire@mastodon.social at 2026-04-23T22:26:18.000Z ##

🟠 CVE-2026-41336 - High (7.8)

OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAW_BUNDLED_HOOKS_DIR environment variable, enabling loading of attacker-controlled hook code. Attackers can replace trusted default-on bundled hooks from untrusted workspa...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-23T22:26:18.000Z ##

🟠 CVE-2026-41336 - High (7.8)

OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAW_BUNDLED_HOOKS_DIR environment variable, enabling loading of attacker-controlled hook code. Attackers can replace trusted default-on bundled hooks from untrusted workspa...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33819
(10.0 CRITICAL)

EPSS: 0.00%

updated 2026-04-23T22:16:37.817000

2 posts

Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to execute code over a network.

thehackerwire@mastodon.social at 2026-04-23T22:26:43.000Z ##

🔴 CVE-2026-33819 - Critical (10)

Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to execute code over a network.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-23T22:26:43.000Z ##

🔴 CVE-2026-33819 - Critical (10)

Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to execute code over a network.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33102
(9.3 CRITICAL)

EPSS: 0.00%

updated 2026-04-23T22:16:37.093000

2 posts

Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.

thehackerwire@mastodon.social at 2026-04-23T22:26:34.000Z ##

🔴 CVE-2026-33102 - Critical (9.3)

Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-23T22:26:34.000Z ##

🔴 CVE-2026-33102 - Critical (9.3)

Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32210
(9.3 CRITICAL)

EPSS: 0.00%

updated 2026-04-23T22:16:35.260000

2 posts

Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofing over a network.

thehackerwire@mastodon.social at 2026-04-23T23:06:15.000Z ##

🔴 CVE-2026-32210 - Critical (9.3)

Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofing over a network.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-23T23:06:15.000Z ##

🔴 CVE-2026-32210 - Critical (9.3)

Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofing over a network.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32172
(8.0 HIGH)

EPSS: 0.00%

updated 2026-04-23T22:16:33.720000

2 posts

Uncontrolled search path element in Microsoft Power Apps allows an unauthorized attacker to execute code over a network.

thehackerwire@mastodon.social at 2026-04-23T23:06:24.000Z ##

🟠 CVE-2026-32172 - High (8)

Uncontrolled search path element in Microsoft Power Apps allows an unauthorized attacker to execute code over a network.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-23T23:06:24.000Z ##

🟠 CVE-2026-32172 - High (8)

Uncontrolled search path element in Microsoft Power Apps allows an unauthorized attacker to execute code over a network.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-26210
(9.8 CRITICAL)

EPSS: 0.00%

updated 2026-04-23T22:16:26.400000

2 posts

KTransformers through 0.5.3 contains an unsafe deserialization vulnerability in the balance_serve backend mode where the scheduler RPC server binds a ZMQ ROUTER socket to all interfaces with no authentication and deserializes incoming messages using pickle.loads() without validation. Attackers can send a crafted pickle payload to the exposed ZMQ socket to execute arbitrary code on the server with

thehackerwire@mastodon.social at 2026-04-23T23:06:34.000Z ##

🔴 CVE-2026-26210 - Critical (9.8)

KTransformers through 0.5.3 contains an unsafe deserialization vulnerability in the balance_serve backend mode where the scheduler RPC server binds a ZMQ ROUTER socket to all interfaces with no authentication and deserializes incoming messages usi...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-23T23:06:34.000Z ##

🔴 CVE-2026-26210 - Critical (9.8)

KTransformers through 0.5.3 contains an unsafe deserialization vulnerability in the balance_serve backend mode where the scheduler RPC server binds a ZMQ ROUTER socket to all interfaces with no authentication and deserializes incoming messages usi...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-31178
(9.8 CRITICAL)

EPSS: 0.00%

updated 2026-04-23T21:32:28

2 posts

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunMaxAlive parameter to /cgi-bin/cstecgi.cgi.

thehackerwire@mastodon.social at 2026-04-23T19:33:55.000Z ##

🔴 CVE-2026-31178 - Critical (9.8)

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunMaxAlive parameter to /cgi-bin/cstecgi.cgi.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-23T19:33:55.000Z ##

🔴 CVE-2026-31178 - Critical (9.8)

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunMaxAlive parameter to /cgi-bin/cstecgi.cgi.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6920
(7.5 HIGH)

EPSS: 0.00%

updated 2026-04-23T21:32:28

2 posts

Out of bounds read in GPU in Google Chrome on Android prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

thehackerwire@mastodon.social at 2026-04-23T19:00:44.000Z ##

🟠 CVE-2026-6920 - High (7.5)

Out of bounds read in GPU in Google Chrome on Android prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-23T19:00:44.000Z ##

🟠 CVE-2026-6920 - High (7.5)

Out of bounds read in GPU in Google Chrome on Android prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-39087
(9.8 CRITICAL)

EPSS: 0.00%

updated 2026-04-23T21:32:26

2 posts

An issue in Ntfy ntfy.sh before v.2.21 allows a remote attacker to execute arbitrary code via the parseActions function

thehackerwire@mastodon.social at 2026-04-23T19:36:14.000Z ##

🔴 CVE-2026-39087 - Critical (9.8)

An issue in Ntfy ntfy.sh before v.2.21 allows a remote attacker to execute arbitrary code via the parseActions function

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-23T19:36:14.000Z ##

🔴 CVE-2026-39087 - Critical (9.8)

An issue in Ntfy ntfy.sh before v.2.21 allows a remote attacker to execute arbitrary code via the parseActions function

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-31177
(9.8 CRITICAL)

EPSS: 0.00%

updated 2026-04-23T21:31:22

2 posts

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunMinAlive parameter to /cgi-bin/cstecgi.cgi.

thehackerwire@mastodon.social at 2026-04-23T19:34:17.000Z ##

🔴 CVE-2026-31177 - Critical (9.8)

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunMinAlive parameter to /cgi-bin/cstecgi.cgi.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-23T19:34:17.000Z ##

🔴 CVE-2026-31177 - Critical (9.8)

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunMinAlive parameter to /cgi-bin/cstecgi.cgi.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6942
(9.8 CRITICAL)

EPSS: 0.00%

updated 2026-04-23T21:16:06.947000

2 posts

radare2-mcp version 1.6.0 and earlier contains an os command injection vulnerability that allows remote attackers to execute arbitrary commands by bypassing the command filter through shell metacharacters in user-controlled input passed to r2_cmd_str(). Attackers can inject shell metacharacters through the jsonrpc interface parameters to achieve remote code execution on the host running radare2-mc

thehackerwire@mastodon.social at 2026-04-23T21:44:42.000Z ##

🔴 CVE-2026-6942 - Critical (9.8)

radare2-mcp version 1.6.0 and earlier contains an os command injection vulnerability that allows remote attackers to execute arbitrary commands by bypassing the command filter through shell metacharacters in user-controlled input passed to r2_cmd_...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-23T21:44:42.000Z ##

🔴 CVE-2026-6942 - Critical (9.8)

radare2-mcp version 1.6.0 and earlier contains an os command injection vulnerability that allows remote attackers to execute arbitrary commands by bypassing the command filter through shell metacharacters in user-controlled input passed to r2_cmd_...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41268
(7.7 HIGH)

EPSS: 0.00%

updated 2026-04-23T21:16:06.120000

2 posts

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise is vulnerable to a critical unauthenticated remote command execution (RCE) vulnerability. It can be exploited via a parameter override bypass using the FILE-STORAGE:: keyword combined with a NODE_OPTIONS environment variable injection. This allows for the execution of arbitrary system c

thehackerwire@mastodon.social at 2026-04-23T20:30:20.000Z ##

🟠 CVE-2026-41268 - High (7.7)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise is vulnerable to a critical unauthenticated remote command execution (RCE) vulnerability. It can be exploited via a parameter override...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-23T20:30:20.000Z ##

🟠 CVE-2026-41268 - High (7.7)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise is vulnerable to a critical unauthenticated remote command execution (RCE) vulnerability. It can be exploited via a parameter override...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-28950
(6.2 MEDIUM)

EPSS: 0.02%

updated 2026-04-23T21:16:05.527000

5 posts

A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.8 and iPadOS 18.7.8, iOS 26.4.2 and iPadOS 26.4.2. Notifications marked for deletion could be unexpectedly retained on the device.

nemo@mas.to at 2026-04-24T02:35:04.000Z ##

Apple issues iOS/iPadOS 26.4.2 to fix a Notification Services bug (CVE-2026-28950) that could retain deleted-app notification previews — Signal says preserved fragments will be removed after users update. Install now: cyberinsider.com/apple-fixes-i 🔒📱 #iOS #Privacy #Security

##

technadu at 2026-04-23T13:12:29.016Z ##

Apple fixes iOS flaw exposing deleted messages via notification logs (CVE-2026-28950).

Even encrypted apps were impacted.
Patch now.

technadu.com/apple-patches-bug

##

nemo@mas.to at 2026-04-24T02:35:04.000Z ##

Apple issues iOS/iPadOS 26.4.2 to fix a Notification Services bug (CVE-2026-28950) that could retain deleted-app notification previews — Signal says preserved fragments will be removed after users update. Install now: cyberinsider.com/apple-fixes-i 🔒📱 #iOS #Privacy #Security

##

technadu@infosec.exchange at 2026-04-23T13:12:29.000Z ##

Apple fixes iOS flaw exposing deleted messages via notification logs (CVE-2026-28950).

Even encrypted apps were impacted.
Patch now.

technadu.com/apple-patches-bug

#Infosec #iOS #Privacy

##

zaphodb@twitter.resolvt.net at 2026-04-22T21:59:04.000Z ##

support.apple.com/en-us/127002
Impact: Notifications marked for deletion could be unexpectedly retained on the device

Description: A logging issue was addressed with improved data redaction.

CVE-2026-28950

<3

##

CVE-2026-5816
(8.0 HIGH)

EPSS: 0.01%

updated 2026-04-23T20:30:30.267000

1 posts

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.4 and 18.11 before 18.11.1 that could have allowed an unauthenticated user to execute arbitrary JavaScript in a user's browser session due to improper path validation under certain conditions.

thehackerwire@mastodon.social at 2026-04-22T19:00:08.000Z ##

🟠 CVE-2026-5816 - High (8)

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.4 and 18.11 before 18.11.1 that could have allowed an unauthenticated user to execute arbitrary JavaScript in a user's browser session due to improper pa...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41138
(8.3 HIGH)

EPSS: 0.00%

updated 2026-04-23T20:16:14.380000

2 posts

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, there is a remote code execution vulnerability in AirtableAgent.ts caused by lack of input verification when using Pandas. The user’s input is directly applied to the question parameter within the prompt template and it is reflected to the Python code without any sanitization. This vulnerabilit

thehackerwire@mastodon.social at 2026-04-23T20:30:29.000Z ##

🟠 CVE-2026-41138 - High (8.3)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, there is a remote code execution vulnerability in AirtableAgent.ts caused by lack of input verification when using Pandas. The user’s input ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-23T20:30:29.000Z ##

🟠 CVE-2026-41138 - High (8.3)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, there is a remote code execution vulnerability in AirtableAgent.ts caused by lack of input verification when using Pandas. The user’s input ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41246
(8.1 HIGH)

EPSS: 0.00%

updated 2026-04-23T19:17:29.670000

2 posts

Contour is a Kubernetes ingress controller using Envoy proxy. From v1.19.0 to before v1.33.4, v1.32.5, and v1.31.6, Contour's Cookie Rewriting feature is vulnerable to Lua code injection. An attacker with RBAC permissions to create or modify HTTPProxy resources can craft a malicious value in spec.routes[].cookieRewritePolicies[].pathRewrite.value or spec.routes[].services[].cookieRewritePolicies[]

thehackerwire@mastodon.social at 2026-04-23T19:32:39.000Z ##

🟠 CVE-2026-41246 - High (8.1)

Contour is a Kubernetes ingress controller using Envoy proxy. From v1.19.0 to before v1.33.4, v1.32.5, and v1.31.6, Contour's Cookie Rewriting feature is vulnerable to Lua code injection. An attacker with RBAC permissions to create or modify HTTPP...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-23T19:32:39.000Z ##

🟠 CVE-2026-41246 - High (8.1)

Contour is a Kubernetes ingress controller using Envoy proxy. From v1.19.0 to before v1.33.4, v1.32.5, and v1.31.6, Contour's Cookie Rewriting feature is vulnerable to Lua code injection. An attacker with RBAC permissions to create or modify HTTPP...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40886
(7.7 HIGH)

EPSS: 0.00%

updated 2026-04-23T19:17:28.617000

2 posts

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 3.6.5 to 4.0.4, an unchecked array index in the pod informer's podGCFromPod() function causes a controller-wide panic when a workflow pod carries a malformed workflows.argoproj.io/pod-gc-strategy annotation. Because the panic occurs inside an informer goroutine (outside the control

thehackerwire@mastodon.social at 2026-04-23T19:32:48.000Z ##

🟠 CVE-2026-40886 - High (7.7)

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 3.6.5 to 4.0.4, an unchecked array index in the pod informer's podGCFromPod() function causes a controller-wide panic when a work...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-23T19:32:48.000Z ##

🟠 CVE-2026-40886 - High (7.7)

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 3.6.5 to 4.0.4, an unchecked array index in the pod informer's podGCFromPod() function causes a controller-wide panic when a work...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-31181
(9.8 CRITICAL)

EPSS: 0.00%

updated 2026-04-23T19:17:26.633000

2 posts

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunServerAddr parameter to /cgi-bin/cstecgi.cgi.

thehackerwire@mastodon.social at 2026-04-23T19:34:03.000Z ##

🔴 CVE-2026-31181 - Critical (9.8)

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunServerAddr parameter to /cgi-bin/cstecgi.cgi.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-23T19:34:03.000Z ##

🔴 CVE-2026-31181 - Critical (9.8)

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunServerAddr parameter to /cgi-bin/cstecgi.cgi.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-62373
(9.8 CRITICAL)

EPSS: 0.00%

updated 2026-04-23T19:17:22.843000

2 posts

Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. Versions 0.0.41 through 0.0.93 have a vulnerability in `LivekitFrameSerializer` – an optional, non-default, undocumented frame serializer class (now deprecated) intended for LiveKit integration. The class's `deserialize()` method uses Python's `pickle.loads()` on data received from WebSock

thehackerwire@mastodon.social at 2026-04-23T19:37:32.000Z ##

🔴 CVE-2025-62373 - Critical (9.8)

Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. Versions 0.0.41 through 0.0.93 have a vulnerability in `LivekitFrameSerializer` – an optional, non-default, undocumented frame serializ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-23T19:37:32.000Z ##

🔴 CVE-2025-62373 - Critical (9.8)

Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. Versions 0.0.41 through 0.0.93 have a vulnerability in `LivekitFrameSerializer` – an optional, non-default, undocumented frame serializ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-34291
(8.7 HIGH)

EPSS: 0.03%

updated 2026-04-23T18:48:51.783000

1 posts

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. While the vulnerability is in Oracle HTTP Server, attacks may significantly impact additional products (

thehackerwire@mastodon.social at 2026-04-23T00:00:05.000Z ##

🟠 CVE-2026-34291 - High (8.7)

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network ac...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33999
(7.8 HIGH)

EPSS: 0.00%

updated 2026-04-23T18:33:25

2 posts

A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of service (DoS) or other severe impacts.

thehackerwire@mastodon.social at 2026-04-23T19:38:41.000Z ##

🟠 CVE-2026-33999 - High (7.8)

A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-s...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-23T19:38:41.000Z ##

🟠 CVE-2026-33999 - High (7.8)

A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-s...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40471
(9.6 CRITICAL)

EPSS: 0.00%

updated 2026-04-23T18:33:25

2 posts

hackage-server lacked Cross-Site Request Forgery (CSRF) protection across its endpoints. Scripts on foreign sites could trigger requests to hackage server, possibly abusing latent credentials to upload packages or perform other administrative actions. Some unauthenticated actions could also be abused (e.g. creating new user accounts).

thehackerwire@mastodon.social at 2026-04-23T19:36:33.000Z ##

🔴 CVE-2026-40471 - Critical (9.6)

hackage-server lacked Cross-Site Request Forgery (CSRF) protection across its endpoints. Scripts on foreign sites could trigger requests to hackage server, possibly abusing latent credentials to upload packages or perform other administrative acti...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-23T19:36:33.000Z ##

🔴 CVE-2026-40471 - Critical (9.6)

hackage-server lacked Cross-Site Request Forgery (CSRF) protection across its endpoints. Scripts on foreign sites could trigger requests to hackage server, possibly abusing latent credentials to upload packages or perform other administrative acti...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40472
(9.9 CRITICAL)

EPSS: 0.00%

updated 2026-04-23T18:33:23

2 posts

In hackage-server, user-controlled metadata from .cabal files are rendered into HTML href attributes without proper sanitization, enabling stored Cross-Site Scripting (XSS) attacks.

thehackerwire@mastodon.social at 2026-04-23T19:37:22.000Z ##

🔴 CVE-2026-40472 - Critical (9.9)

In hackage-server, user-controlled metadata from .cabal files are rendered into HTML
href attributes without proper sanitization, enabling stored
Cross-Site Scripting (XSS) attacks.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-23T19:37:22.000Z ##

🔴 CVE-2026-40472 - Critical (9.9)

In hackage-server, user-controlled metadata from .cabal files are rendered into HTML
href attributes without proper sanitization, enabling stored
Cross-Site Scripting (XSS) attacks.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-35225(CVSS UNKNOWN)

EPSS: 0.00%

updated 2026-04-23T18:33:23

2 posts

An unauthenticated remote attacker is able to exhaust all available TCP connections in the CODESYS EtherNet/IP adapter stack, preventing legitimate clients from establishing new connections.

certvde at 2026-04-23T13:35:32.468Z ##

VDE-2026-040
CODESYS EtherNetIP - Improper timeout handling

CODESYS EtherNet/IP is an add‑on for the CODESYS Development System that provides a fully integrated EtherNet/IP protocol stack along with diagnostic capabilities. A flaw in the EtherNet/IP adapter protocol stack library results in a vulnerability within the generated application code. When an EtherNet/IP adapter is configured, this vulnerable protocol stack is downloaded to and executed by CODESYS Control runtime systems.
CVE-2026-35225

certvde.com/en/advisories/vde-

codesys.csaf-tp.certvde.com/.w

##

certvde@infosec.exchange at 2026-04-23T13:35:32.000Z ##

#OT #Advisory VDE-2026-040
CODESYS EtherNetIP - Improper timeout handling

CODESYS EtherNet/IP is an add‑on for the CODESYS Development System that provides a fully integrated EtherNet/IP protocol stack along with diagnostic capabilities. A flaw in the EtherNet/IP adapter protocol stack library results in a vulnerability within the generated application code. When an EtherNet/IP adapter is configured, this vulnerable protocol stack is downloaded to and executed by CODESYS Control runtime systems.
#CVE CVE-2026-35225

certvde.com/en/advisories/vde-
#oCSAF
#CSAF codesys.csaf-tp.certvde.com/.w

##

CVE-2026-34001
(7.8 HIGH)

EPSS: 0.00%

updated 2026-04-23T18:33:21

2 posts

A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence() function. An attacker with access to the X11 server can exploit this without user interaction, leading to a server crash and potentially enabling memory corruption. This could result in a denial of service or further compromise of the sy

thehackerwire@mastodon.social at 2026-04-23T19:38:51.000Z ##

🟠 CVE-2026-34001 - High (7.8)

A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence() function. An attacker with access to the X11 server can exploit this without user in...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-23T19:38:51.000Z ##

🟠 CVE-2026-34001 - High (7.8)

A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence() function. An attacker with access to the X11 server can exploit this without user in...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41460
(9.8 CRITICAL)

EPSS: 0.00%

updated 2026-04-23T18:33:20

2 posts

SocialEngine versions 7.8.0 and prior contain a SQL injection vulnerability in the /activity/index/get-memberall endpoint where user-supplied input passed via the text parameter is not sanitized before being incorporated into a SQL query. An unauthenticated remote attacker can exploit this vulnerability to read arbitrary data from the database, reset administrator account passwords, and gain unaut

thehackerwire@mastodon.social at 2026-04-23T19:39:51.000Z ##

🔴 CVE-2026-41460 - Critical (9.8)

SocialEngine versions 7.8.0 and prior contain a SQL injection vulnerability in the /activity/index/get-memberall endpoint where user-supplied input passed via the text parameter is not sanitized before being incorporated into a SQL query. An unaut...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-23T19:39:51.000Z ##

🔴 CVE-2026-41460 - Critical (9.8)

SocialEngine versions 7.8.0 and prior contain a SQL injection vulnerability in the /activity/index/get-memberall endpoint where user-supplied input passed via the text parameter is not sanitized before being incorporated into a SQL query. An unaut...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41679
(10.0 CRITICAL)

EPSS: 0.17%

updated 2026-04-23T18:16:29.447000

4 posts

Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Prior to version 2026.416.0, an unauthenticated attacker can achieve full remote code execution on any network-accessible Paperclip instance running in `authenticated` mode with default configuration. No user interaction, no credentials, just the target's address. The chain consists of six API calls

thehackerwire@mastodon.social at 2026-04-23T21:45:06.000Z ##

🔴 CVE-2026-41679 - Critical (10)

Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Prior to version 2026.416.0, an unauthenticated attacker can achieve full remote code execution on any network-accessible Paperclip instance runnin...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

Matchbook3469@mastodon.social at 2026-04-23T08:19:58.000Z ##

🔴 New security advisory:

CVE-2026-41679 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
yazoul.net/advisory/cve/cve-20

#InfoSec #ZeroDay #ThreatIntel

##

thehackerwire@mastodon.social at 2026-04-23T21:45:06.000Z ##

🔴 CVE-2026-41679 - Critical (10)

Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Prior to version 2026.416.0, an unauthenticated attacker can achieve full remote code execution on any network-accessible Paperclip instance runnin...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-04-23T01:30:28.000Z ##

🚨 CRITICAL: CVE-2026-41679 in Paperclip (<2026.416.0) enables unauthenticated remote code execution via API chain — no user creds needed. Upgrade to 2026.416.0+ ASAP! Full details: radar.offseq.com/threat/cve-20 #OffSeq #CVE202641679 #infosec #rce

##

CVE-2026-41461
(8.5 HIGH)

EPSS: 0.00%

updated 2026-04-23T18:16:29.330000

2 posts

SocialEngine versions 7.8.0 and prior contain a blind server-side request forgery vulnerability in the /core/link/preview endpoint where user-supplied input passed via the uri request parameter is not sanitized before being used to construct outbound HTTP requests. Authenticated remote attackers can supply arbitrary URLs including internal network addresses and loopback addresses to cause the serv

thehackerwire@mastodon.social at 2026-04-23T19:40:00.000Z ##

🟠 CVE-2026-41461 - High (8.5)

SocialEngine versions 7.8.0 and prior contain a blind server-side request forgery vulnerability in the /core/link/preview endpoint where user-supplied input passed via the uri request parameter is not sanitized before being used to construct outbo...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-23T19:40:00.000Z ##

🟠 CVE-2026-41461 - High (8.5)

SocialEngine versions 7.8.0 and prior contain a blind server-side request forgery vulnerability in the /core/link/preview endpoint where user-supplied input passed via the uri request parameter is not sanitized before being used to construct outbo...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-34297
(7.5 HIGH)

EPSS: 0.03%

updated 2026-04-23T18:10:28.700000

2 posts

Vulnerability in the Oracle HCM Common Architecture product of Oracle E-Business Suite (component: Knowledge Integration). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HCM Common Architecture. Successful attacks of this vulnerability can result in unauthorized access to

thehackerwire@mastodon.social at 2026-04-22T23:46:44.000Z ##

🟠 CVE-2026-34297 - High (7.5)

Vulnerability in the Oracle HCM Common Architecture product of Oracle E-Business Suite (component: Knowledge Integration). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker w...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-22T23:30:54.000Z ##

🟠 CVE-2026-34297 - High (7.5)

Vulnerability in the Oracle HCM Common Architecture product of Oracle E-Business Suite (component: Knowledge Integration). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker w...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33825
(7.8 HIGH)

EPSS: 13.76%

updated 2026-04-23T17:26:30.713000

6 posts

Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.

3 repos

https://github.com/kaleth4/CVE-2026-33825

https://github.com/Letlaka/redsun-bluehammer-undefend-detection-pack

https://github.com/Bilal3755/Detecting_blue_hammer_vuln

Chris@mast.social at 2026-04-23T15:09:06.000Z ##

🛡️ Microsoft Defender Elevation of Privilege Vulnerability
Description

🛡️ Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.

cve.org/CVERecord?id=CVE-2026-

#Cybersecurity #CISA #Security #Microsoft

##

christopherkunz@chaos.social at 2026-04-23T12:19:48.000Z ##

Just in: CVE-2026-33825 "BlueHammer" just hit the CISA KEV. Meanwhile, I'm not near my Windows PC, so I'm not sure if the Red Sun still prevails.

##

Chris@mast.social at 2026-04-23T15:09:06.000Z ##

🛡️ Microsoft Defender Elevation of Privilege Vulnerability
Description

🛡️ Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.

cve.org/CVERecord?id=CVE-2026-

#Cybersecurity #CISA #Security #Microsoft

##

christopherkunz@chaos.social at 2026-04-23T12:19:48.000Z ##

Just in: CVE-2026-33825 "BlueHammer" just hit the CISA KEV. Meanwhile, I'm not near my Windows PC, so I'm not sure if the Red Sun still prevails.

##

secdb@infosec.exchange at 2026-04-22T22:00:14.000Z ##

🚨 [CISA-2026:0422] CISA Adds One Known Exploited Vulnerability to Catalog (secdb.nttzen.cloud/security-ad)

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2026-33825 (secdb.nttzen.cloud/cve/detail/)
- Name: Microsoft Defender Insufficient Granularity of Access Control Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Defender
- Notes: msrc.microsoft.com/update-guid ; nvd.nist.gov/vuln/detail/CVE-2

#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260422 #cisa20260422 #cve_2026_33825 #cve202633825

##

cisakevtracker@mastodon.social at 2026-04-22T20:01:06.000Z ##

CVE ID: CVE-2026-33825
Vendor: Microsoft
Product: Defender
Date Added: 2026-04-22
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2026-40470
(9.9 CRITICAL)

EPSS: 0.00%

updated 2026-04-23T16:16:25.523000

2 posts

A critical XSS vulnerability affected hackage-server and hackage.haskell.org. HTML and JavaScript files provided in source packages or via the documentation upload facility were served as-is on the main hackage.haskell.org domain. As a consequence, when a user with latent HTTP credentials browses to the package pages or documentation uploaded by a malicious package maintainer, their session can

thehackerwire@mastodon.social at 2026-04-23T19:36:23.000Z ##

🔴 CVE-2026-40470 - Critical (9.9)

A critical XSS vulnerability affected hackage-server and
hackage.haskell.org. HTML and JavaScript files provided in source
packages or via the documentation upload facility were served
as-is on the main hackage.haskell.org domain. As a consequen...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-23T19:36:23.000Z ##

🔴 CVE-2026-40470 - Critical (9.9)

A critical XSS vulnerability affected hackage-server and
hackage.haskell.org. HTML and JavaScript files provided in source
packages or via the documentation upload facility were served
as-is on the main hackage.haskell.org domain. As a consequen...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-34003
(7.8 HIGH)

EPSS: 0.00%

updated 2026-04-23T16:16:24.920000

2 posts

A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could send a specially crafted request to the X server, leading to an out-of-bounds memory access vulnerability. This could result in the disclosure of sensitive information or cause the server to crash, leading to a Denial of Service (DoS). In certain configurations, higher impact outcomes may be possible.

thehackerwire@mastodon.social at 2026-04-23T19:39:00.000Z ##

🟠 CVE-2026-34003 - High (7.8)

A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could send a specially crafted request to the X server, leading to an out-of-bounds memory access vulnerability. This could result in the disclosure of sen...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-23T19:39:00.000Z ##

🟠 CVE-2026-34003 - High (7.8)

A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could send a specially crafted request to the X server, leading to an out-of-bounds memory access vulnerability. This could result in the disclosure of sen...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-23751
(9.8 CRITICAL)

EPSS: 0.00%

updated 2026-04-23T16:16:24.463000

2 posts

Kofax Capture, now referred to as Tungsten Capture, version 6.0.0.0 (other versions may be affected) exposes a deprecated .NET Remoting HTTP channel on port 2424 via the Ascent Capture Service that is accessible without authentication and uses a default, publicly known endpoint identifier. An unauthenticated remote attacker can exploit .NET Remoting object unmarshalling techniques to instantiate a

thehackerwire@mastodon.social at 2026-04-23T19:37:39.000Z ##

🔴 CVE-2026-23751 - Critical (9.8)

Kofax Capture, now referred to as Tungsten Capture, version 6.0.0.0 (other versions may be affected) exposes a deprecated .NET Remoting HTTP channel on port 2424 via the Ascent Capture Service that is accessible without authentication and uses a d...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-23T19:37:39.000Z ##

🔴 CVE-2026-23751 - Critical (9.8)

Kofax Capture, now referred to as Tungsten Capture, version 6.0.0.0 (other versions may be affected) exposes a deprecated .NET Remoting HTTP channel on port 2424 via the Ascent Capture Service that is accessible without authentication and uses a d...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-31018
(8.8 HIGH)

EPSS: 0.04%

updated 2026-04-23T16:15:59.613000

1 posts

In Dolibarr ERP & CRM <= 22.0.4, PHP code detection and editing permission enforcement in the Website module is not applied consistently to all input parameters, allowing an authenticated user restricted to HTML/JavaScript editing to inject PHP code through unprotected inputs during website page creation.

thehackerwire@mastodon.social at 2026-04-21T21:07:48.000Z ##

🟠 CVE-2026-31018 - High (8.8)

In Dolibarr ERP & CRM &lt;= 22.0.4, PHP code detection and editing permission enforcement in the Website module is not applied consistently to all input parameters, allowing an authenticated user restricted to HTML/JavaScript editing to inject PHP...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40869
(7.5 HIGH)

EPSS: 0.03%

updated 2026-04-23T16:08:50.607000

1 posts

Decidim is a participatory democracy framework. Starting in version 0.19.0 and prior to versions 0.30.5 and 0.31.1, a vulnerability allows any registered and authenticated user to accept or reject any amendments. The impact is on any users who have created proposals where the amendments feature is enabled. This also elevates the user accepting the amendment as the author of the original proposal a

thehackerwire@mastodon.social at 2026-04-21T21:01:55.000Z ##

🟠 CVE-2026-40869 - High (7.5)

Decidim is a participatory democracy framework. Starting in version 0.19.0 and prior to versions 0.30.5 and 0.31.1, a vulnerability allows any registered and authenticated user to accept or reject any amendments. The impact is on any users who hav...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40931
(8.4 HIGH)

EPSS: 0.01%

updated 2026-04-23T15:49:20.480000

1 posts

Compressing is a compressing and uncompressing lib for node. Prior to 2.1.1 and 1.10.5, the patch for CVE-2026-24884 relies on a purely logical string validation within the isPathWithinParent utility. This check verifies if a resolved path string starts with the destination directory string but fails to account for the actual filesystem state. By exploiting this "Logical vs. Physical" divergence,

thehackerwire@mastodon.social at 2026-04-21T22:37:09.000Z ##

🟠 CVE-2026-40931 - High (8.4)

Compressing is a compressing and uncompressing lib for node. Prior to 2.1.1 and 1.10.5, the patch for CVE-2026-24884 relies on a purely logical string validation within the isPathWithinParent utility. This check verifies if a resolved path string ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-28386
(9.1 CRITICAL)

EPSS: 0.05%

updated 2026-04-23T15:40:23.007000

1 posts

Issue summary: Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VAES support can trigger an out-of-bounds read of up to 15 bytes when processing partial cipher blocks. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application if the input buffer ends at a memory page boundary and the following page is unmapped

AAKL@infosec.exchange at 2026-04-22T18:03:53.000Z ##

Broadcom has three critical listings today: support.broadcom.com/web/ecx/s

- Datacom Health Check Analyzer 1.1 Vulnerability
- IDMS Server: OpenSSL Vulnerability CVE-2026-28386
- MICS REST API SERVER - 14.5 Vulnerability in Spring Security

Also:

Cisco has a critical advisory:

- CVE-2026-20122; CVE-2026-20126 and CVE-2026-20128: Cisco Catalyst SD-WAN Vulnerabilities sec.cloudapps.cisco.com/securi

Cisco has also tagged 7Zip and Adobe for zero-day reports talosintelligence.com/vulnerab @TalosSecurity #infoec #Broadcom #vulnerability #zeroday #Adobe

##

CVE-2026-39440
(10.0 CRITICAL)

EPSS: 0.00%

updated 2026-04-23T15:39:02

2 posts

Improper Control of Generation of Code ('Code Injection') vulnerability in Funnelforms LLC FunnelFormsPro allows Remote Code Inclusion.This issue affects FunnelFormsPro: from n/a through 3.8.1.

thehackerwire@mastodon.social at 2026-04-23T19:40:07.000Z ##

🔴 CVE-2026-39440 - Critical (9.9)

Improper Control of Generation of Code ('Code Injection') vulnerability in Funnelforms LLC FunnelFormsPro allows Remote Code Inclusion.This issue affects FunnelFormsPro: from n/a through 3.8.1.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-23T19:40:07.000Z ##

🔴 CVE-2026-39440 - Critical (9.9)

Improper Control of Generation of Code ('Code Injection') vulnerability in Funnelforms LLC FunnelFormsPro allows Remote Code Inclusion.This issue affects FunnelFormsPro: from n/a through 3.8.1.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41167
(9.1 CRITICAL)

EPSS: 0.08%

updated 2026-04-23T15:37:23.773000

3 posts

Jellystat is a free and open source Statistics App for Jellyfin. Prior to version 1.1.10, multiple API endpoints in Jellystat build SQL queries by interpolating unsanitized request-body fields directly into raw SQL strings. An authenticated user can inject arbitrary SQL via `POST /api/getUserDetails` and `POST /api/getLibrary`, enabling full read of any table in the database - including `app_confi

canartuc@mastodon.social at 2026-04-23T15:32:01.000Z ##

Five critical self-hosted flaws landed April 20-22. Marimo pre-auth remote takeover (CVE-2026-39987, CVSS 9.3), exploited in 10 hours. Apache Airflow XCom. Spinnaker Echo. Jellystat SQL injection to takeover (CVE-2026-41167, 9.1). OpenVPN 2.7.2 fixed two. Three trace to injection. Across 14 compliant platforms I have architected, the audit finding is patch cadence, not availability. A 10-hour window makes quarterly cadence a breach timeline.

#CyberSecurity #SelfHosted #OpenSource #InfoSec

##

offseq@infosec.exchange at 2026-04-22T22:30:30.000Z ##

🚨 CRITICAL: CyferShepard Jellystat <1.1.10 vulnerable to SQL injection (CVE-2026-41167). Auth’d users can read any DB table & execute commands on the PostgreSQL host. Upgrade to 1.1.10 ASAP! radar.offseq.com/threat/cve-20 #OffSeq #Jellystat #SQLi #Infosec

##

thehackerwire@mastodon.social at 2026-04-22T21:23:33.000Z ##

🔴 CVE-2026-41167 - Critical (9.1)

Jellystat is a free and open source Statistics App for Jellyfin. Prior to version 1.1.10, multiple API endpoints in Jellystat build SQL queries by interpolating unsanitized request-body fields directly into raw SQL strings. An authenticated user c...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40882
(7.6 HIGH)

EPSS: 0.06%

updated 2026-04-23T15:37:23.580000

1 posts

OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.0, the Velbus asset import path parses attacker-controlled XML without explicit XXE hardening. An authenticated user who can call the import endpoint may trigger XML external entity processing, which can lead to server-side file disclosure and SSRF. The target file must be less than 1023 characters. Version 1.22.0 fixe

thehackerwire@mastodon.social at 2026-04-22T21:23:43.000Z ##

🟠 CVE-2026-40882 - High (7.6)

OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.0, the Velbus asset import path parses attacker-controlled XML without explicit XXE hardening. An authenticated user who can call the import endpoint may trigger XML e...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40372
(8.1 HIGH)

EPSS: 0.04%

updated 2026-04-23T14:55:42

7 posts

## Executive Summary: A bug in `Microsoft.AspNetCore.DataProtection` 10.0.0-10.0.6 NuGet packages can give an attacker the opportunity to execute an Elevation of Privilege attack by forging authentication cookies, and also allows some protected payloads to be decrypted. If an attacker used forged payloads to authenticate as a privileged user during the vulnerable window, they may have induced t

benzogaga33@mamot.fr at 2026-04-23T15:40:05.000Z ##

Microsoft a publié un patch pour une faille critique dans ASP.NET : CVE-2026-40372 it-connect.fr/microsoft-a-publ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Microsoft

##

cktodon@mas.to at 2026-04-23T15:00:02.000Z ##

#Microsoft corrige de urgencia un fallo crítico en ASP.NET Core Data Protection (CVE-2026-40372)

unaaldia.hispasec.com/2026/04/

##

benzogaga33@mamot.fr at 2026-04-23T15:40:05.000Z ##

Microsoft a publié un patch pour une faille critique dans ASP.NET : CVE-2026-40372 it-connect.fr/microsoft-a-publ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Microsoft

##

beyondmachines1@infosec.exchange at 2026-04-22T16:01:09.000Z ##

Microsoft Issues Emergency Patches for Critical ASP.NET Core Cryptographic Flaw

Microsoft released emergency patches for a critical ASP.NET Core vulnerability (CVE-2026-40372) that allows unauthenticated attackers to forge authentication cookies and gain SYSTEM privileges. The flaw primarily affects applications on Linux and macOS using specific versions of the Data Protection NuGet package.

**If you're running ASP.NET Core apps using the Microsoft.AspNetCore.DataProtection NuGet package (versions 10.0.0 through 10.0.6), especially on Linux or macOS, upgrade immediately to version 10.0.7 and redeploy your applications. After updating, rotate the DataProtection key ring to invalidate any forged tokens or sessions that may have been issued during the vulnerable window.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

AAKL@infosec.exchange at 2026-04-22T15:40:11.000Z ##

If you missed this. Microsoft posted this patch yesterday:

ASP.NET Core Elevation of Privilege Vulnerability msrc.microsoft.com/update-guid

More:

The Hacker News: Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug thehackernews.com/2026/04/micr @thehackernews #Microsoft #infosec #vulnerability

##

technadu@infosec.exchange at 2026-04-22T15:20:28.000Z ##

CVE-2026-40372 in ASP.NET Core enables privilege escalation via cryptographic validation flaws.
Patch released - but token persistence risk remains without key rotation.

Source: thehackernews.com/2026/04/micr

Follow TechNadu. Insights? 👇

#Infosec #Microsoft #Vulnerability

##

thehackerwire@mastodon.social at 2026-04-21T21:07:28.000Z ##

🔴 CVE-2026-40372 - Critical (9.1)

Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-35251
(7.5 HIGH)

EPSS: 0.01%

updated 2026-04-23T12:57:56.917000

1 posts

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impa

thehackerwire@mastodon.social at 2026-04-21T22:01:34.000Z ##

🟠 CVE-2026-35251 - High (7.5)

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure wh...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-35230
(7.5 HIGH)

EPSS: 0.01%

updated 2026-04-23T12:56:40.480000

1 posts

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impa

thehackerwire@mastodon.social at 2026-04-21T23:23:54.000Z ##

🟠 CVE-2026-35230 - High (7.5)

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure wh...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6887
(9.8 CRITICAL)

EPSS: 0.08%

updated 2026-04-23T12:31:45

6 posts

Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

thehackerwire@mastodon.social at 2026-04-23T19:43:27.000Z ##

🔴 CVE-2026-6887 - Critical (9.8)

Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-23T19:42:45.000Z ##

🔴 CVE-2026-6887 - Critical (9.8)

Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq at 2026-04-23T10:30:28.259Z ##

🚨 CRITICAL SQL Injection (CVE-2026-6887) in BorG SPM 2007: unauthenticated remote attackers can manipulate databases. No patch, product EOL. Isolate or discontinue use ASAP. Details: radar.offseq.com/threat/cve-20

##

thehackerwire@mastodon.social at 2026-04-23T19:43:27.000Z ##

🔴 CVE-2026-6887 - Critical (9.8)

Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-23T19:42:45.000Z ##

🔴 CVE-2026-6887 - Critical (9.8)

Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-04-23T10:30:28.000Z ##

🚨 CRITICAL SQL Injection (CVE-2026-6887) in BorG SPM 2007: unauthenticated remote attackers can manipulate databases. No patch, product EOL. Isolate or discontinue use ASAP. Details: radar.offseq.com/threat/cve-20 #OffSeq #SQLInjection #Vuln #InfoSec

##

CVE-2026-6903
(7.5 HIGH)

EPSS: 0.03%

updated 2026-04-23T12:31:45

2 posts

The LabOne Web Server, backing the LabOne User Interface, contains insufficient input validation in its file access functionality. An unauthenticated attacker could exploit this vulnerability to read arbitrary files on the host system that are accessible to the operating system user running the LabOne software. Additionally, the Web Server does not sufficiently restrict cross-origin requests, whi

thehackerwire@mastodon.social at 2026-04-23T19:42:49.000Z ##

🟠 CVE-2026-6903 - High (7.5)

The LabOne Web Server, backing the LabOne User Interface, contains insufficient input validation in its file access functionality. An unauthenticated attacker could exploit this vulnerability to read arbitrary files on the host system that are acc...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-23T19:42:49.000Z ##

🟠 CVE-2026-6903 - High (7.5)

The LabOne Web Server, backing the LabOne User Interface, contains insufficient input validation in its file access functionality. An unauthenticated attacker could exploit this vulnerability to read arbitrary files on the host system that are acc...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6886
(9.8 CRITICAL)

EPSS: 0.16%

updated 2026-04-23T12:31:45

2 posts

Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a Authentication Bypass vulnerability, allowing unauthenticated remote attackers to log into the system as any user.

thehackerwire@mastodon.social at 2026-04-23T19:42:40.000Z ##

🔴 CVE-2026-6886 - Critical (9.8)

Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a Authentication Bypass vulnerability, allowing unauthenticated remote attackers to log into the system as any user.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-23T19:42:40.000Z ##

🔴 CVE-2026-6886 - Critical (9.8)

Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a Authentication Bypass vulnerability, allowing unauthenticated remote attackers to log into the system as any user.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6885
(9.8 CRITICAL)

EPSS: 0.19%

updated 2026-04-23T12:31:45

2 posts

Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

thehackerwire@mastodon.social at 2026-04-23T19:42:31.000Z ##

🔴 CVE-2026-6885 - Critical (9.8)

Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-23T19:42:31.000Z ##

🔴 CVE-2026-6885 - Critical (9.8)

Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-34285
(9.1 CRITICAL)

EPSS: 0.03%

updated 2026-04-23T12:08:08.803000

1 posts

Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Identity Manager Connector. Successful attacks of this vulnerability can result in unauthorized creation, deletion o

thehackerwire@mastodon.social at 2026-04-22T23:30:56.000Z ##

🔴 CVE-2026-34285 - Critical (9.1)

Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network acc...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-34287
(9.1 CRITICAL)

EPSS: 0.03%

updated 2026-04-23T12:07:28.307000

1 posts

Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Identity Manager Connector. Successful attacks of this vulnerability can result in unauthorized creation, deletion o

thehackerwire@mastodon.social at 2026-04-22T23:31:06.000Z ##

🔴 CVE-2026-34287 - Critical (9.1)

Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network acc...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41040
(7.5 HIGH)

EPSS: 0.04%

updated 2026-04-23T09:33:05

4 posts

GROWI provided by GROWI, Inc. is vulnerable to a regular expression denial of service (ReDoS) via a crafted input string.

thehackerwire@mastodon.social at 2026-04-23T19:43:41.000Z ##

🟠 CVE-2026-41040 - High (7.5)

GROWI provided by GROWI, Inc. is vulnerable to a regular expression denial of service (ReDoS) via a crafted input string.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-23T19:43:04.000Z ##

🟠 CVE-2026-41040 - High (7.5)

GROWI provided by GROWI, Inc. is vulnerable to a regular expression denial of service (ReDoS) via a crafted input string.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-23T19:43:41.000Z ##

🟠 CVE-2026-41040 - High (7.5)

GROWI provided by GROWI, Inc. is vulnerable to a regular expression denial of service (ReDoS) via a crafted input string.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-23T19:43:04.000Z ##

🟠 CVE-2026-41040 - High (7.5)

GROWI provided by GROWI, Inc. is vulnerable to a regular expression denial of service (ReDoS) via a crafted input string.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-3844
(9.8 CRITICAL)

EPSS: 0.06%

updated 2026-04-23T04:00:28

3 posts

The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetch_gravatar_from_remote' function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. The vulnerability can only be exploited

thehackerwire@mastodon.social at 2026-04-23T21:44:57.000Z ##

🔴 CVE-2026-3844 - Critical (9.8)

The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetch_gravatar_from_remote' function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-23T21:44:57.000Z ##

🔴 CVE-2026-3844 - Critical (9.8)

The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetch_gravatar_from_remote' function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-04-23T03:00:30.000Z ##

🚩 CVE-2026-3844 (CRITICAL): Breeze Cache ≤2.4.4 lets unauthenticated attackers upload arbitrary files via 'fetch_gravatar_from_remote' if "Host Files Locally - Gravatars" is enabled. RCE possible. Check settings & update! radar.offseq.com/threat/cve-20 #OffSeq #WordPress #infosec

##

CVE-2026-41196
(0 None)

EPSS: 0.07%

updated 2026-04-23T02:16:17.900000

1 posts

Luanti (formerly Minetest) is an open source voxel game-creation platform. Starting in version 5.0.0 and prior to version 5.15.2, a malicious mod can trivially escape the sandboxed Lua environment to execute arbitrary code and gain full filesystem access on the user's device. This applies to the server-side mod, async and mapgen as well as the client-side (CSM) environments. This vulnerability is

offseq@infosec.exchange at 2026-04-23T06:00:29.000Z ##

🔴 CVE-2026-41196: luanti 5.0.0 – 5.15.1 has a CRITICAL code injection vuln (CVSS 9.0). Malicious mods can break Lua sandbox with LuaJIT, gaining full filesystem access. Patch: upgrade to 5.15.2 or mitigate via getfenv = nil. radar.offseq.com/threat/cve-20 #OffSeq #CVE202641196 #vuln

##

CVE-2026-41455
(8.5 HIGH)

EPSS: 0.03%

updated 2026-04-23T00:31:19

1 posts

WeKan before 8.35 contains a server-side request forgery vulnerability in webhook integration URL handling where the url schema field accepts any string without protocol restriction or destination validation. Attackers who can create or modify integrations can set webhook URLs to internal network addresses, causing the server to issue HTTP POST requests to attacker-controlled internal targets with

thehackerwire@mastodon.social at 2026-04-22T23:00:05.000Z ##

🟠 CVE-2026-41455 - High (8.5)

WeKan before 8.35 contains a server-side request forgery vulnerability in webhook integration URL handling where the url schema field accepts any string without protocol restriction or destination validation. Attackers who can create or modify in...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41454
(8.3 HIGH)

EPSS: 0.04%

updated 2026-04-23T00:31:19

1 posts

WeKan before 8.35 contains a missing authorization vulnerability in the Integration REST API endpoints that allows authenticated board members to perform administrative actions without proper privilege verification. Attackers can enumerate integrations including webhook URLs, create new integrations, modify or delete existing integrations, and manage integration activities by exploiting insufficie

thehackerwire@mastodon.social at 2026-04-22T22:59:54.000Z ##

🟠 CVE-2026-41454 - High (8.3)

WeKan before 8.35 contains a missing authorization vulnerability in the Integration REST API endpoints that allows authenticated board members to perform administrative actions without proper privilege verification. Attackers can enumerate integr...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41175
(8.1 HIGH)

EPSS: 0.05%

updated 2026-04-22T22:16:31.820000

1 posts

Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.20 and 6.13.0, manipulating query parameters on Control Panel and REST API endpoints, or arguments in GraphQL queries, could result in the loss of content, assets, and user accounts. The Control Panel requires authentication with minimal permissions in order to exploit. e.g. "view entries" permission to d

thehackerwire@mastodon.social at 2026-04-22T23:00:56.000Z ##

🟠 CVE-2026-41175 - High (8.1)

Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.20 and 6.13.0, manipulating query parameters on Control Panel and REST API endpoints, or arguments in GraphQL queries, could result in the loss of conten...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40517
(7.8 HIGH)

EPSS: 0.02%

updated 2026-04-22T22:16:31.183000

1 posts

radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's print_gvars() function that allows attackers to execute arbitrary commands by crafting a malicious PDB file with newline characters in symbol names. Attackers can inject arbitrary radare2 commands through unsanitized symbol name interpolation in the flag rename command, which are then executed when a user runs th

thehackerwire@mastodon.social at 2026-04-22T23:00:16.000Z ##

🟠 CVE-2026-40517 - High (7.8)

radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's print_gvars() function that allows attackers to execute arbitrary commands by crafting a malicious PDB file with newline characters in symbol names. Attackers ca...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41468
(8.7 HIGH)

EPSS: 0.07%

updated 2026-04-22T21:32:18

3 posts

Beghelli Sicuro24 SicuroWeb embeds AngularJS 1.5.2, an end-of-life component containing known sandbox escape primitives. When combined with template injection present in the same application, these primitives allow attackers to escape the AngularJS sandbox and achieve arbitrary JavaScript execution in operator browser sessions, enabling session hijacking, DOM manipulation, and persistent browser c

offseq at 2026-04-23T09:00:27.943Z ##

🛑 CVE-2026-41468: Beghelli SicuroWeb (Sicuro24) uses unmaintained AngularJS 1.5.2, allowing network-adjacent attackers to hijack sessions via MITM and template injection. Enforce HTTPS, monitor activity. No patch yet. More: radar.offseq.com/threat/cve-20

##

offseq@infosec.exchange at 2026-04-23T09:00:27.000Z ##

🛑 CVE-2026-41468: Beghelli SicuroWeb (Sicuro24) uses unmaintained AngularJS 1.5.2, allowing network-adjacent attackers to hijack sessions via MITM and template injection. Enforce HTTPS, monitor activity. No patch yet. More: radar.offseq.com/threat/cve-20 #OffSeq #CVE202641468 #infosec

##

thehackerwire@mastodon.social at 2026-04-22T20:00:54.000Z ##

🟠 CVE-2026-41468 - High (8.7)

Beghelli Sicuro24 SicuroWeb embeds AngularJS 1.5.2, an end-of-life component containing known sandbox escape primitives. When combined with template injection present in the same application, these primitives allow attackers to escape the AngularJ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-34415
(9.8 CRITICAL)

EPSS: 0.19%

updated 2026-04-22T21:32:18

3 posts

Xerte Online Toolkits versions 3.15 and earlier contain an incomplete input validation vulnerability in the elFinder connector endpoint that fails to block PHP-executable extensions .php4 due to an incorrect regex pattern. Unauthenticated attackers can exploit this flaw combined with authentication bypass and path traversal vulnerabilities to upload malicious PHP code, rename it with a .php4 exten

offseq at 2026-04-23T07:30:27.400Z ##

⚠️ CRITICAL: xerteonlinetoolkits ≤3.15 has incomplete input validation in elFinder — .php4 files can be uploaded & executed, enabling unauth RCE. Restrict endpoint, monitor uploads, apply custom filters. Patch status unknown. CVE-2026-34415 radar.offseq.com/threat/cve-20

##

offseq@infosec.exchange at 2026-04-23T07:30:27.000Z ##

⚠️ CRITICAL: xerteonlinetoolkits ≤3.15 has incomplete input validation in elFinder — .php4 files can be uploaded & executed, enabling unauth RCE. Restrict endpoint, monitor uploads, apply custom filters. Patch status unknown. CVE-2026-34415 radar.offseq.com/threat/cve-20 #OffSeq #Vuln #RCE

##

thehackerwire@mastodon.social at 2026-04-22T20:01:03.000Z ##

🔴 CVE-2026-34415 - Critical (9.8)

Xerte Online Toolkits versions 3.15 and earlier contain an incomplete input validation vulnerability in the elFinder connector endpoint that fails to block PHP-executable extensions .php4 due to an incorrect regex pattern. Unauthenticated attacker...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-26354
(8.1 HIGH)

EPSS: 0.05%

updated 2026-04-22T21:32:11

1 posts

Dell PowerProtect Data Domain with Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.60, contain a stack-based Buffer Overflow vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execut

thehackerwire@mastodon.social at 2026-04-22T20:01:46.000Z ##

🟠 CVE-2026-26354 - High (8.1)

Dell PowerProtect Data Domain with Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.60, contain a stack-based Buffer...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-34275
(9.8 CRITICAL)

EPSS: 0.04%

updated 2026-04-22T21:24:26.997000

1 posts

Vulnerability in the Oracle Advanced Inbound Telephony product of Oracle E-Business Suite (component: Setup and Administration). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Inbound Telephony. Successful attacks of this vulnerability can result in takeover of Or

Matchbook3469@mastodon.social at 2026-04-23T23:16:26.000Z ##

🔴 New security advisory:

CVE-2026-34275 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
yazoul.net/advisory/cve/cve-20

#InfoSec #ZeroDay #ThreatIntel

##

CVE-2026-40911
(10.0 CRITICAL)

EPSS: 0.17%

updated 2026-04-22T21:24:26.997000

2 posts

WWBN AVideo is an open source video platform. In versions 29.0 and prior, the YPTSocket plugin's WebSocket server relays attacker-supplied JSON message bodies to every connected client without sanitizing the `msg` or `callback` fields. On the client side, `plugin/YPTSocket/script.js` contains two `eval()` sinks fed directly by those relayed fields (`json.msg.autoEvalCodeOnHTML` at line 568 and `js

offseq@infosec.exchange at 2026-04-22T07:30:28.000Z ##

🚨 CVE-2026-40911: WWBN AVideo <=29.0 CRITICAL code injection via YPTSocket plugin. Unauthenticated attacker can execute JS on all connected clients, risking account takeover. Patch with commit c08694bf ASAP. radar.offseq.com/threat/cve-20 #OffSeq #CVE202640911 #infosec #security

##

thehackerwire@mastodon.social at 2026-04-21T22:00:20.000Z ##

🔴 CVE-2026-40911 - Critical (10)

WWBN AVideo is an open source video platform. In versions 29.0 and prior, the YPTSocket plugin's WebSocket server relays attacker-supplied JSON message bodies to every connected client without sanitizing the `msg` or `callback` fields. On the clie...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40906
(9.9 CRITICAL)

EPSS: 0.03%

updated 2026-04-22T21:24:26.997000

3 posts

Electric is a Postgres sync engine. From 1.1.12 to before 1.5.0, the order_by parameter in the ElectricSQL /v1/shape API is vulnerable to error-based SQL injection, allowing any authenticated user to read, write, and destroy the full contents of the underlying PostgreSQL database through crafted ORDER BY expressions. This vulnerability is fixed in 1.5.0.

offseq@infosec.exchange at 2026-04-22T06:00:28.000Z ##

⚠️ CRITICAL: ElectricSQL (v1.1.12 - <1.5.0) has a CVE-2026-40906 SQL injection in /v1/shape API. Authenticated users can fully compromise PostgreSQL DB. Upgrade to 1.5.0+ now! radar.offseq.com/threat/cve-20 #OffSeq #SQLInjection #ElectricSQL #InfoSec

##

thehackerwire@mastodon.social at 2026-04-21T22:03:11.000Z ##

🔴 CVE-2026-40906 - Critical (9.9)

Electric is a Postgres sync engine. From 1.1.12 to before 1.5.0, the order_by parameter in the ElectricSQL /v1/shape API is vulnerable to error-based SQL injection, allowing any authenticated user to read, write, and destroy the full contents of t...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-21T22:01:31.000Z ##

🔴 CVE-2026-40906 - Critical (9.9)

Electric is a Postgres sync engine. From 1.1.12 to before 1.5.0, the order_by parameter in the ElectricSQL /v1/shape API is vulnerable to error-based SQL injection, allowing any authenticated user to read, write, and destroy the full contents of t...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-35229
(7.5 HIGH)

EPSS: 0.03%

updated 2026-04-22T21:24:26.997000

1 posts

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.30 and 21.3-21.21. Easily exploitable vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java VM accessible da

thehackerwire@mastodon.social at 2026-04-21T23:00:16.000Z ##

🟠 CVE-2026-35229 - High (7.5)

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.30 and 21.3-21.21. Easily exploitable vulnerability allows unauthenticated attacker with network access via Oracle Net to compromi...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40884
(9.8 CRITICAL)

EPSS: 0.06%

updated 2026-04-22T21:24:26.997000

1 posts

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs contains an SFTP authentication bypass when the documented empty-username basic-auth syntax is used. If the server is started with -b ':pass' together with -sftp, goshs accepts that configuration but does not install any SFTP password handler. As a result, an unauthenticated network attacker can connect to the SFTP service and

thehackerwire@mastodon.social at 2026-04-21T21:00:20.000Z ##

🔴 CVE-2026-40884 - Critical (9.8)

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs contains an SFTP authentication bypass when the documented empty-username basic-auth syntax is used. If the server is started with -b ':pass' together with -sftp, goshs accept...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-24189
(8.2 HIGH)

EPSS: 0.04%

updated 2026-04-22T21:24:26.997000

1 posts

NVIDIA CUDA-Q contains a vulnerability in an endpoint, where an unauthenticated attacker could cause an out-of-bounds read by sending a maliciously crafted request. A successful exploit of this vulnerability might lead to denial of service and information disclosure.

thehackerwire@mastodon.social at 2026-04-21T20:05:31.000Z ##

🟠 CVE-2026-24189 - High (8.2)

NVIDIA CUDA-Q contains a vulnerability in an endpoint, where an unauthenticated attacker could cause an out-of-bounds read by sending a maliciously crafted request. A successful exploit of this vulnerability might lead to denial of service and inf...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-24177
(7.7 HIGH)

EPSS: 0.03%

updated 2026-04-22T21:24:26.997000

1 posts

NVIDIA KAI Scheduler contains a vulnerability where an attacker could access API endpoints without authorization. A successful exploit of this vulnerability might lead to information disclosure.

thehackerwire@mastodon.social at 2026-04-21T20:05:20.000Z ##

🟠 CVE-2026-24177 - High (7.7)

NVIDIA KAI Scheduler contains a vulnerability where an attacker could access API endpoints without authorization. A successful exploit of this vulnerability might lead to information disclosure.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40868
(8.1 HIGH)

EPSS: 0.03%

updated 2026-04-22T21:24:26.997000

1 posts

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to 1.16.4, kyverno’s apiCall servicecall helper implicitly injects Authorization: Bearer ... using the kyverno controller serviceaccount token when a policy does not explicitly set an Authorization header. Because context.apiCall.service.url is policy-controlled, this can send the kyverno serviceaccount token to

thehackerwire@mastodon.social at 2026-04-21T19:58:02.000Z ##

🟠 CVE-2026-40868 - High (8.1)

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to 1.16.4, kyverno’s apiCall servicecall helper implicitly injects Authorization: Bearer ... using the kyverno controller serviceaccount token when a policy d...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41651
(8.8 HIGH)

EPSS: 0.03%

updated 2026-04-22T21:23:52.620000

9 posts

PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between and including versions 1.0.2 and 1.3.4 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition on transaction flags that allows unprivileged users to install packages as root and thus leads to a local privilege escalation. T

2 repos

https://github.com/CipherCloak/CVE-2026-41651

https://github.com/Vozec/CVE-2026-41651

hillu at 2026-04-23T17:04:36.528Z ##

Here's a harmless little for the LPE vulnerability (CVE-2026-41651), by @brezel@infosec.exchange and myself: codeberg.org/hillu/cve-2026-41
It was a lot of fun to piece together.

##

cyberveille@mastobot.ping.moi at 2026-04-23T15:30:25.000Z ##

📢 CVE-2026-41651 : Élévation de privilèges locale cross-distro via PackageKit (Pack2TheRoot)
📝 ## 🔍 Contexte

Publié le 22 avril 2026 par l'équipe Red Team de Deutsche Telekom sur leur blog séc...
📖 cyberveille : cyberveille.ch/posts/2026-04-2
🌐 source : github.security.telekom.com/20
#CVE_2026_41651 #IOC #Cyberveille

##

hillu@infosec.exchange at 2026-04-23T17:04:36.000Z ##

Here's a harmless little #PoC for the #PackageKit LPE vulnerability (CVE-2026-41651), by @brezel@infosec.exchange and myself: codeberg.org/hillu/cve-2026-41
It was a lot of fun to piece together.

##

cyberveille@mastobot.ping.moi at 2026-04-23T15:30:25.000Z ##

📢 CVE-2026-41651 : Élévation de privilèges locale cross-distro via PackageKit (Pack2TheRoot)
📝 ## 🔍 Contexte

Publié le 22 avril 2026 par l'équipe Red Team de Deutsche Telekom sur leur blog séc...
📖 cyberveille : cyberveille.ch/posts/2026-04-2
🌐 source : github.security.telekom.com/20
#CVE_2026_41651 #IOC #Cyberveille

##

_r_netsec@infosec.exchange at 2026-04-22T20:13:06.000Z ##

Pack2TheRoot (CVE-2026-41651): Cross-Distro Local Privilege Escalation Vulnerability github.security.telekom.com/20

##

thehackerwire@mastodon.social at 2026-04-22T19:13:48.000Z ##

🟠 CVE-2026-41651 - High (8.8)

PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between and including versions 1.0.2 and 1.3.4 is vulnerable to a time-of-check time-of-use ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

matk@mastodon.social at 2026-04-22T15:50:24.000Z ##

Forgot your root password? No problem! With #PackageKit <= 1.3.4 you can do all the fun root action on any Linux system you have local access to, no privileges required!

Don't like that? Then PLEASE UPDATE your system ASAP to PackageKit >= 1.3.5 or any fixed distro package. Fixes for this vulnerability should already be available everywhere since today.

You can read more about CVE-2026-41651 on the security researcher's blog:
github.security.telekom.com/20

#pack2theroot #osssecurity

##

intuentis0x0@infosec.exchange at 2026-04-22T12:48:07.000Z ##

There is a great report out there by @dtcert

Telekom Red Team (great work guys) found a high severity LPE vulnerability in PackageKit daemon. In the report the distros of Ubuntu, Debian and Fedora and some more are mentioned as affected. Some left traces to hunt for the exploitation comes with the report, which is helpful.

edit: now known as CVE-2026-41651

github.security.telekom.com/20

##

AwkwardTuring@infosec.exchange at 2026-04-22T12:35:27.000Z ##

Pack2TheRoot: Cross-Distro LPE in PackageKit

CVE: CVE-2026-41651
CVSS3: 8.8

github.security.telekom.com/20

#privescalation #CVE_2026_41651 #vulnerability

##

CVE-2026-33471
(9.6 CRITICAL)

EPSS: 0.03%

updated 2026-04-22T21:23:52.620000

2 posts

nimiq-block contains block primitives to be used in Nimiq's Rust implementation. `SkipBlockProof::verify` computes its quorum check using `BitSet.len()`, then iterates `BitSet` indices and casts each `usize` index to `u16` (`slot as u16`) for slot lookup. Prior to version 1.3.0, if an attacker can get a `SkipBlockProof` verified where `MultiSignature.signers` contains out-of-range indices spaced b

offseq@infosec.exchange at 2026-04-23T00:00:39.000Z ##

🔥 CRITICAL vuln in nimiq-block (<1.3.0): Flawed input validation in SkipBlockProof::verify lets attackers bypass PoS quorum using crafted indices. Patch in v1.3.0 — upgrade ASAP! CVE-2026-33471 radar.offseq.com/threat/cve-20 #OffSeq #Rust #Security #Blockchain

##

thehackerwire@mastodon.social at 2026-04-22T20:59:59.000Z ##

🔴 CVE-2026-33471 - Critical (9.6)

nimiq-block contains block primitives to be used in Nimiq's Rust implementation. `SkipBlockProof::verify` computes its quorum check using `BitSet.len()`, then iterates `BitSet` indices and casts each `usize` index to `u16` (`slot as u16`) for slot...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41059
(8.2 HIGH)

EPSS: 0.13%

updated 2026-04-22T21:23:52.620000

1 posts

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 have a configuration-dependent authentication bypass. Deployments are affected when all of the following are true: Use of `skip_auth_routes` or the legacy `skip_auth_regex`; use of patterns that can be widened by attacker-controlled suffixes, such as `^/foo/.*/bar$` causing potential

thehackerwire@mastodon.social at 2026-04-22T21:59:51.000Z ##

🟠 CVE-2026-41059 - High (8.2)

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 have a configuration-dependent authentication bypass. Deployments are affected when all of the following are true: Use of `skip_auth...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40575
(9.1 CRITICAL)

EPSS: 0.08%

updated 2026-04-22T21:23:52.620000

1 posts

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 may trust a client-supplied `X-Forwarded-Uri` header when `--reverse-proxy` is enabled and `--skip-auth-regex` or `--skip-auth-route` is configured. An attacker can spoof this header so OAuth2 Proxy evaluates authentication and skip-auth rules against a different path than the one act

thehackerwire@mastodon.social at 2026-04-22T21:15:34.000Z ##

🔴 CVE-2026-40575 - Critical (9.1)

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 may trust a client-supplied `X-Forwarded-Uri` header when `--reverse-proxy` is enabled and `--skip-auth-regex` or `--skip-auth-route...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41133
(8.8 HIGH)

EPSS: 0.03%

updated 2026-04-22T21:23:52.620000

1 posts

pyLoad is a free and open-source download manager written in Python. Versions up to and including 0.5.0b3.dev97 cache `role` and `permission` in the session at login and continues to authorize requests using these cached values, even after an admin changes the user's role/permissions in the database. As a result, an already logged-in user can keep old (revoked) privileges until logout/session expi

thehackerwire@mastodon.social at 2026-04-22T21:14:24.000Z ##

🟠 CVE-2026-41133 - High (8.8)

pyLoad is a free and open-source download manager written in Python. Versions up to and including 0.5.0b3.dev97 cache `role` and `permission` in the session at login and continues to authorize requests using these cached values, even after an admi...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-22754
(7.5 HIGH)

EPSS: 0.03%

updated 2026-04-22T21:23:52.620000

1 posts

Vulnerability in Spring Spring Security. If an application uses <sec:intercept-url servlet-path="/servlet-path" pattern="/endpoint/**"/> to define the servlet path for computing a path matcher, then the servlet path is not included and the related authorization rules are not exercised. This can lead to an authorization bypass.This issue affects Spring Security: from 7.0.0 through 7.0.4.

thehackerwire@mastodon.social at 2026-04-22T21:14:06.000Z ##

🟠 CVE-2026-22754 - High (7.5)

Vulnerability in Spring Spring Security. If an application uses  to define the servlet path for computing a path matcher, then the servlet path is not included and the related authorization rules are not exercised. This can lead to an authorizat...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-22753
(7.5 HIGH)

EPSS: 0.05%

updated 2026-04-22T21:23:52.620000

1 posts

Vulnerability in Spring Spring Security. If an application is using securityMatchers(String) and a PathPatternRequestMatcher.Builder bean to prepend a servlet path, matching requests to that filter chain may fail and its related security components will not be exercised as intended by the application. This can lead to the authentication, authorization, and other security controls being rendered in

thehackerwire@mastodon.social at 2026-04-22T21:01:05.000Z ##

🟠 CVE-2026-22753 - High (7.5)

Vulnerability in Spring Spring Security. If an application is using securityMatchers(String) and a PathPatternRequestMatcher.Builder bean to prepend a servlet path, matching requests to that filter chain may fail and its related security compo...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6023
(8.1 HIGH)

EPSS: 0.34%

updated 2026-04-22T21:23:52.620000

1 posts

In Progress® Telerik® UI for AJAX versions 2024.4.1114 through 2026.1.421, the RadFilter control is vulnerable to insecure deserialization when restoring filter state if the state is exposed to the client. If an attacker tampers with this state, a server-side remote code execution is possible.

thehackerwire@mastodon.social at 2026-04-22T21:00:46.000Z ##

🟠 CVE-2026-6023 - High (8.1)

In Progress® Telerik® UI for AJAX versions 2024.4.1114 through 2026.1.421, the RadFilter control is vulnerable to insecure deserialization when restoring filter state if the state is exposed to the client. If an attacker tampers with this state,...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-34065
(7.5 HIGH)

EPSS: 0.04%

updated 2026-04-22T21:23:52.620000

1 posts

nimiq-primitives contains primitives (e.g., block, account, transaction) to be used in Nimiq's Rust implementation. Prior to version 1.3.0, an untrusted p2p peer can cause a node to panic by announcing an election macro block whose `validators` set contains an invalid compressed BLS voting key. Hashing an election macro header hashes `validators` and reaches `Validators::voting_keys()`, which call

thehackerwire@mastodon.social at 2026-04-22T20:59:49.000Z ##

🟠 CVE-2026-34065 - High (7.5)

nimiq-primitives contains primitives (e.g., block, account, transaction) to be used in Nimiq's Rust implementation. Prior to version 1.3.0, an untrusted p2p peer can cause a node to panic by announcing an election macro block whose `validators` se...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6846
(7.8 HIGH)

EPSS: 0.01%

updated 2026-04-22T21:23:52.620000

1 posts

A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF (Extended Common Object File Format) object file during linking. A local attacker could trick a user into processing this malicious file, which could lead to arbitrary code execution, allowing the attacker to run unauthorized commands, or cause a denial of service, making the system

thehackerwire@mastodon.social at 2026-04-22T20:09:46.000Z ##

🟠 CVE-2026-6846 - High (7.8)

A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF (Extended Common Object File Format) object file during linking. A local attacker could trick a user into processing this malicious...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6859
(8.8 HIGH)

EPSS: 0.15%

updated 2026-04-22T21:23:52.620000

1 posts

A flaw was found in InstructLab. The `linux_train.py` script hardcodes `trust_remote_code=True` when loading models from HuggingFace. This allows a remote attacker to achieve arbitrary Python code execution by convincing a user to run `ilab train/download/generate` with a specially crafted malicious model from the HuggingFace Hub. This vulnerability can lead to complete system compromise.

thehackerwire@mastodon.social at 2026-04-22T19:00:42.000Z ##

🟠 CVE-2026-6859 - High (8.8)

A flaw was found in InstructLab. The `linux_train.py` script hardcodes `trust_remote_code=True` when loading models from HuggingFace. This allows a remote attacker to achieve arbitrary Python code execution by convincing a user to run `ilab train/...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-35548
(8.5 HIGH)

EPSS: 0.03%

updated 2026-04-22T21:23:52.620000

1 posts

An issue was discovered in guardsix (formerly Logpoint) ODBC Enrichment Plugins before 5.2.1 (5.2.1 is used in guardsix 7.9.0.0). A logic flaw allowed stored database credentials to be reused after modification of the target Host, IP address, or Port. When editing an existing Enrichment Source, previously stored credentials were retained even if the connection endpoint was changed. An authenticate

thehackerwire@mastodon.social at 2026-04-22T19:00:33.000Z ##

🟠 CVE-2026-35548 - High (8.5)

An issue was discovered in guardsix (formerly Logpoint) ODBC Enrichment Plugins before 5.2.1 (5.2.1 is used in guardsix 7.9.0.0). A logic flaw allowed stored database credentials to be reused after modification of the target Host, IP address, or P...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41060
(7.7 HIGH)

EPSS: 0.03%

updated 2026-04-22T21:23:52.620000

1 posts

WWBN AVideo is an open source video platform. In versions 29.0 and below, the `isSSRFSafeURL()` function in `objects/functions.php` contains a same-domain shortcircuit (lines 4290-4296) that allows any URL whose hostname matches `webSiteRootURL` to bypass all SSRF protections. Because the check compares only the hostname and ignores the port, an attacker can reach arbitrary ports on the AVideo ser

thehackerwire@mastodon.social at 2026-04-21T23:21:56.000Z ##

🟠 CVE-2026-41060 - High (7.7)

WWBN AVideo is an open source video platform. In versions 29.0 and below, the `isSSRFSafeURL()` function in `objects/functions.php` contains a same-domain shortcircuit (lines 4290-4296) that allows any URL whose hostname matches `webSiteRootURL` t...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6832
(8.1 HIGH)

EPSS: 0.09%

updated 2026-04-22T21:23:52.620000

1 posts

Hermes WebUI contains an arbitrary file deletion vulnerability in the /api/session/delete endpoint that allows authenticated attackers to delete files outside the session directory by supplying an absolute path or path traversal payload in the session_id parameter. Attackers can exploit unvalidated session identifiers to construct paths that bypass the SESSION_DIR boundary and delete writable JSON

thehackerwire@mastodon.social at 2026-04-21T22:36:50.000Z ##

🟠 CVE-2026-6832 - High (8.1)

Hermes WebUI contains an arbitrary file deletion vulnerability in the /api/session/delete endpoint that allows authenticated attackers to delete files outside the session directory by supplying an absolute path or path traversal payload in the ses...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40925
(8.3 HIGH)

EPSS: 0.02%

updated 2026-04-22T21:23:52.620000

1 posts

WWBN AVideo is an open source video platform. In versions 29.0 and prior, `objects/configurationUpdate.json.php` (also routed via `/updateConfig`) persists dozens of global site settings from `$_POST` but protects the endpoint only with `User::isAdmin()`. It does not call `forbidIfIsUntrustedRequest()`, does not verify a `globalToken`, and does not validate the Origin/Referer header. Because AVide

thehackerwire@mastodon.social at 2026-04-21T22:01:24.000Z ##

🟠 CVE-2026-40925 - High (8.3)

WWBN AVideo is an open source video platform. In versions 29.0 and prior, `objects/configurationUpdate.json.php` (also routed via `/updateConfig`) persists dozens of global site settings from `$_POST` but protects the endpoint only with `User::isA...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6823
(8.2 HIGH)

EPSS: 0.08%

updated 2026-04-22T21:23:52.620000

1 posts

HKUDS OpenHarness prior to PR #147 remediation contains an insecure default configuration vulnerability where remote channels inherit allow_from = ["*"] permitting arbitrary remote senders to pass admission checks. Attackers who can reach the configured channel can bypass access controls and reach host-backed agent runtimes, potentially leading to unauthorized file disclosure and read access throu

thehackerwire@mastodon.social at 2026-04-21T21:59:59.000Z ##

🟠 CVE-2026-6823 - High (8.2)

HKUDS OpenHarness prior to PR #147 remediation contains an insecure default configuration vulnerability where remote channels inherit allow_from = ["*"] permitting arbitrary remote senders to pass admission checks. Attackers who can reach the conf...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-34413
(8.6 HIGH)

EPSS: 0.33%

updated 2026-04-22T21:18:45.917000

1 posts

Xerte Online Toolkits versions 3.15 and earlier contain a missing authentication vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where an HTTP redirect to unauthenticated callers does not call exit() or die(), allowing PHP execution to continue and process the full request server-side. Unauthenticated attackers can perform file operations on project media dir

thehackerwire@mastodon.social at 2026-04-22T20:01:36.000Z ##

🟠 CVE-2026-34413 - High (8.6)

Xerte Online Toolkits versions 3.15 and earlier contain a missing authentication vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where an HTTP redirect to unauthenticated callers does not call exit() or die()...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40568
(8.5 HIGH)

EPSS: 0.03%

updated 2026-04-22T21:10:14.290000

1 posts

FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a stored cross-site scripting (XSS) vulnerability in the mailbox signature feature. The sanitization function `Helper::stripDangerousTags()` (`app/Misc/Helper.php:568`) uses an incomplete blocklist of only four HTML tags (`script`, `form`, `iframe`, `object`) and does not remove event handler attributes. W

thehackerwire@mastodon.social at 2026-04-21T19:58:22.000Z ##

🟠 CVE-2026-40568 - High (8.5)

FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a stored cross-site scripting (XSS) vulnerability in the mailbox signature feature. The sanitization function `Helper::stripDangerousTags()` (`app/Misc/He...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40870
(7.5 HIGH)

EPSS: 0.03%

updated 2026-04-22T21:08:48.550000

1 posts

Decidim is a participatory democracy framework. Starting in version 0.0.1 and prior to versions 0.30.5 and 0.31.1, the root level `commentable` field in the API allows access to all commentable resources within the platform, without any permission checks. All Decidim instances are impacted that have not secured the `/api` endpoint. The `/api` endpoint is publicly available with the default configu

thehackerwire@mastodon.social at 2026-04-21T21:02:05.000Z ##

🟠 CVE-2026-40870 - High (7.5)

Decidim is a participatory democracy framework. Starting in version 0.0.1 and prior to versions 0.30.5 and 0.31.1, the root level `commentable` field in the API allows access to all commentable resources within the platform, without any permission...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40887
(9.1 CRITICAL)

EPSS: 4.56%

updated 2026-04-22T21:08:48.550000

1 posts

Vendure is an open-source headless commerce platform. Starting in version 1.7.4 and prior to versions 2.3.4, 3.5.7, and 3.6.2, an unauthenticated SQL injection vulnerability exists in the Vendure Shop API. A user-controlled query string parameter is interpolated directly into a raw SQL expression without parameterization or validation, allowing an attacker to execute arbitrary SQL against the data

Nuclei template

thehackerwire@mastodon.social at 2026-04-21T21:01:10.000Z ##

🔴 CVE-2026-40887 - Critical (9.1)

Vendure is an open-source headless commerce platform. Starting in version 1.7.4 and prior to versions 2.3.4, 3.5.7, and 3.6.2, an unauthenticated SQL injection vulnerability exists in the Vendure Shop API. A user-controlled query string parameter ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40946
(0 None)

EPSS: 0.05%

updated 2026-04-22T20:28:12.780000

1 posts

Oxia is a metadata store and coordination system. Prior to 0.16.2, the OIDC authentication provider unconditionally sets SkipClientIDCheck: true in the go-oidc verifier configuration, disabling the standard audience (aud) claim validation at the library level. This allows tokens issued for unrelated services by the same OIDC issuer to be accepted by Oxia. This vulnerability is fixed in 0.16.2.

offseq@infosec.exchange at 2026-04-22T01:30:30.000Z ##

🔒 CVE-2026-40946 (CRITICAL, CVSS 9.2): oxia-db oxia < 0.16.2 improperly authenticates OIDC tokens, accepting tokens from other services. Upgrade to 0.16.2+ ASAP. No exploits seen. radar.offseq.com/threat/cve-20 #OffSeq #oxia #infosec #OIDC

##

CVE-2026-41135
(7.5 HIGH)

EPSS: 0.04%

updated 2026-04-22T19:49:46

1 posts

## Summary A memory leak vulnerability in the free5GC PCF (Policy Control Function) allows any unauthenticated attacker with network access to the PCF SBI interface to cause uncontrolled memory growth by sending repeated HTTP requests to the OAM endpoint. The root cause is a `router.Use()` call inside an HTTP handler that registers a new CORS middleware on every incoming request, permanently grow

thehackerwire@mastodon.social at 2026-04-22T21:15:11.000Z ##

🟠 CVE-2026-41135 - High (7.5)

free5GC UDR is the Policy Control Function (PCF) for free5GC, an an open-source project for 5th generation (5G) mobile core networks. A memory leak vulnerability in versions prior to 1.4.3 allows any unauthenticated attacker with network access to...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40937
(8.3 HIGH)

EPSS: 0.05%

updated 2026-04-22T19:24:54

1 posts

# Missing Admin Auth on Notification Target Endpoints in RustFS ### Finding Summary All four notification target admin API endpoints in `rustfs/src/admin/handlers/event.rs` use a `check_permissions` helper that validates authentication only (access key + session token), without performing any admin-action authorization via `validate_admin_request`. Every other admin handler in the codebase corr

thehackerwire@mastodon.social at 2026-04-22T21:23:52.000Z ##

🟠 CVE-2026-40937 - High (8.3)

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-alpha.94, all four notification target admin API endpoints in `rustfs/src/admin/handlers/event.rs` use a `check_permissions` helper that validates authentication only (acc...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5262
(8.0 HIGH)

EPSS: 0.02%

updated 2026-04-22T18:31:58

1 posts

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.1.0 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an unauthenticated user to access tokens in the Storybook development environment due to improper input validation.

thehackerwire@mastodon.social at 2026-04-22T18:59:58.000Z ##

🟠 CVE-2026-5262 - High (8)

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.1.0 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an unauthenticated user to access tokens in the Storyb...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4922
(8.1 HIGH)

EPSS: 0.01%

updated 2026-04-22T18:31:58

1 posts

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.0 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed an unauthenticated user to execute GraphQL mutations on behalf of authenticated users due to insufficient CSRF protection.

thehackerwire@mastodon.social at 2026-04-22T18:59:49.000Z ##

🟠 CVE-2026-4922 - High (8.1)

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.0 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed an unauthenticated user to execute GraphQL mutations on behalf of authenticated u...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-35344
(3.3 LOW)

EPSS: 0.01%

updated 2026-04-22T18:31:54

2 posts

The dd utility in uutils coreutils suppresses errors during file truncation operations by unconditionally calling Result::ok() on truncation attempts. While intended to mimic GNU behavior for special files like /dev/null, the uutils implementation also hides failures on regular files and directories caused by full disks or read-only file systems. This can lead to silent data corruption in backup o

CVE-2018-25270
(9.8 CRITICAL)

EPSS: 0.18%

updated 2026-04-22T18:31:52

1 posts

ThinkPHP 5.0.23 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by invoking functions through the routing parameter. Attackers can craft requests to the index.php endpoint with malicious function parameters to execute system commands with application privileges.

Matchbook3469@mastodon.social at 2026-04-23T15:19:11.000Z ##

⛔ New security advisory:

CVE-2018-25270 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
yazoul.net/advisory/cve/cve-20

#Cybersecurity #VulnerabilityManagement #CyberSec

##

CVE-2026-35368
(7.9 HIGH)

EPSS: 0.01%

updated 2026-04-22T18:31:46

1 posts

A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. The utility resolves the user specification via getpwnam() after entering the chroot but before dropping root privileges. On glibc-based systems, this can trigger the Name Service Switch (NSS) to load shared libraries (e.g., libnss_*.so.2) from the new root directory. If the NEWROOT is writable by an

thehackerwire@mastodon.social at 2026-04-22T19:00:22.000Z ##

🟠 CVE-2026-35368 - High (7.8)

A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. The utility resolves the user specification via getpwnam() after entering the chroot but before dropping root privileges. On glibc-based systems, th...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-35246
(7.6 HIGH)

EPSS: 0.01%

updated 2026-04-22T18:31:43

1 posts

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impa

thehackerwire@mastodon.social at 2026-04-21T23:00:07.000Z ##

🟠 CVE-2026-35246 - High (7.5)

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure wh...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-35245
(7.5 HIGH)

EPSS: 0.04%

updated 2026-04-22T18:31:43

1 posts

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via RDP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (c

thehackerwire@mastodon.social at 2026-04-21T22:59:57.000Z ##

🟠 CVE-2026-35245 - High (7.5)

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via RDP to compro...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-35242
(7.6 HIGH)

EPSS: 0.01%

updated 2026-04-22T18:31:43

2 posts

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impa

thehackerwire@mastodon.social at 2026-04-21T22:03:20.000Z ##

🟠 CVE-2026-35242 - High (7.5)

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure wh...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-21T22:01:41.000Z ##

🟠 CVE-2026-35242 - High (7.5)

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure wh...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-35243
(7.8 HIGH)

EPSS: 0.01%

updated 2026-04-22T18:31:43

1 posts

Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Application Development Framework (ADF) executes to compromise Oracle Application Developmen

thehackerwire@mastodon.social at 2026-04-21T22:01:44.000Z ##

🟠 CVE-2026-35243 - High (7.8)

Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privi...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-34309
(8.1 HIGH)

EPSS: 0.03%

updated 2026-04-22T18:31:42

1 posts

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security). Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modifi

thehackerwire@mastodon.social at 2026-04-22T23:01:07.000Z ##

🟠 CVE-2026-34309 - High (8.1)

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security). Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows low privileged attacker with network access via...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-35231
(7.5 HIGH)

EPSS: 0.03%

updated 2026-04-22T18:31:42

1 posts

Vulnerability in the Oracle Financial Services Transaction Filtering product of Oracle Financial Services Applications (component: User Interface). The supported version that is affected is 8.1.2.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Transaction Filtering. Successful attacks of this vulnerabilit

thehackerwire@mastodon.social at 2026-04-22T22:00:01.000Z ##

🟠 CVE-2026-35231 - High (7.5)

Vulnerability in the Oracle Financial Services Transaction Filtering product of Oracle Financial Services Applications (component: User Interface). The supported version that is affected is 8.1.2.8.0. Easily exploitable vulnerability allows unau...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-34310
(7.5 HIGH)

EPSS: 0.03%

updated 2026-04-22T18:31:41

1 posts

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastruc

thehackerwire@mastodon.social at 2026-04-22T23:01:17.000Z ##

🟠 CVE-2026-34310 - High (7.5)

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploita...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-34320
(7.5 HIGH)

EPSS: 0.03%

updated 2026-04-22T15:32:43

1 posts

Vulnerability in the Oracle Financial Services Customer Screening product of Oracle Financial Services Applications (component: User Interface). The supported version that is affected is 8.1.2.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Customer Screening. Successful attacks of this vulnerability can

thehackerwire@mastodon.social at 2026-04-22T22:00:12.000Z ##

🟠 CVE-2026-34320 - High (7.5)

Vulnerability in the Oracle Financial Services Customer Screening product of Oracle Financial Services Applications (component: User Interface). The supported version that is affected is 8.1.2.8.0. Easily exploitable vulnerability allows unauthe...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5398
(8.4 HIGH)

EPSS: 0.01%

updated 2026-04-22T15:32:43

1 posts

The implementation of TIOCNOTTY failed to clear a back-pointer from the structure representing the controlling terminal to the calling process' session. If the invoking process then exits, the terminal structure may end up containing a pointer to freed memory. A malicious process can abuse the dangling pointer to grant itself root privileges.

thehackerwire@mastodon.social at 2026-04-22T21:14:15.000Z ##

🟠 CVE-2026-5398 - High (8.4)

The implementation of TIOCNOTTY failed to clear a back-pointer from the structure representing the controlling terminal to the calling process' session. If the invoking process then exits, the terminal structure may end up containing a pointer to...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-34290
(7.5 HIGH)

EPSS: 0.04%

updated 2026-04-22T15:32:42

1 posts

Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Identity Manager Connector. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang

thehackerwire@mastodon.social at 2026-04-22T23:31:16.000Z ##

🟠 CVE-2026-34290 - High (7.5)

Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network acc...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6356
(9.6 CRITICAL)

EPSS: 0.03%

updated 2026-04-22T15:31:57

1 posts

A vulnerability in the web application allows standard users to escalate their privileges to those of a super administrator through parameter manipulation, enabling them to access and modify sensitive information.

1 repos

https://github.com/Penguinsecq/CVE-2026-6356

thehackerwire@mastodon.social at 2026-04-22T19:13:38.000Z ##

🔴 CVE-2026-6356 - Critical (9.6)

A vulnerability in the web application allows standard users to escalate their privileges to those of a super administrator through parameter manipulation, enabling them to access and modify sensitive information.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33593
(7.5 HIGH)

EPSS: 0.02%

updated 2026-04-22T15:31:56

1 posts

A client can trigger a divide by zero error leading to crash by sending a crafted DNSCrypt query.

thehackerwire@mastodon.social at 2026-04-22T19:13:57.000Z ##

🟠 CVE-2026-33593 - High (7.5)

A client can trigger a divide by zero error leading to crash by sending a crafted DNSCrypt query.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6857
(7.5 HIGH)

EPSS: 0.37%

updated 2026-04-22T15:31:51

1 posts

A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the ProtoStream remote aggregation repository. A remote attacker with low privileges could exploit this by sending specially crafted data, leading to arbitrary code execution. This allows the attacker to gain full control over the affected system, impacting its confidentiality, integrity, and availability.

thehackerwire@mastodon.social at 2026-04-22T20:01:56.000Z ##

🟠 CVE-2026-6857 - High (7.5)

A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the ProtoStream remote aggregation repository. A remote attacker with low privileges could exploit this by sending specially crafted data, leading to arbit...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-34305
(7.5 HIGH)

EPSS: 0.03%

updated 2026-04-22T15:31:41

2 posts

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0 and 15.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthoriz

thehackerwire@mastodon.social at 2026-04-22T23:46:34.000Z ##

🟠 CVE-2026-34305 - High (7.5)

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0 and 15.1.1.0.0. Easily exploitable vulnerability allows unauth...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-22T23:30:44.000Z ##

🟠 CVE-2026-34305 - High (7.5)

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0 and 15.1.1.0.0. Easily exploitable vulnerability allows unauth...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-34279
(9.1 CRITICAL)

EPSS: 0.04%

updated 2026-04-22T15:31:40

1 posts

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Event Management). Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Enterprise Manager Base Platform. While the vulnerability is in Oracle Enterprise Manager Base Pl

thehackerwire@mastodon.social at 2026-04-23T00:00:16.000Z ##

🔴 CVE-2026-34279 - Critical (9.1)

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Event Management). Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows high privileged atta...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-34286
(9.1 CRITICAL)

EPSS: 0.03%

updated 2026-04-22T15:31:39

2 posts

Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Identity Manager Connector. Successful attacks of this vulnerability can result in unauthorized creation, deletion o

thehackerwire@mastodon.social at 2026-04-22T23:46:54.000Z ##

🔴 CVE-2026-34286 - Critical (9.1)

Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network acc...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-22T23:31:03.000Z ##

🔴 CVE-2026-34286 - Critical (9.1)

Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network acc...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40161
(7.7 HIGH)

EPSS: 0.03%

updated 2026-04-22T11:38:56

1 posts

### Summary The Tekton Pipelines git resolver in API mode sends the system-configured Git API token to a user-controlled `serverURL` when the user omits the `token` parameter. A tenant with TaskRun or PipelineRun create permission can exfiltrate the shared API token (GitHub PAT, GitLab token, etc.) by pointing `serverURL` to an attacker-controlled endpoint. ### Details The git resolver's `Resol

thehackerwire@mastodon.social at 2026-04-21T20:05:08.000Z ##

🟠 CVE-2026-40161 - High (7.7)

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. From 1.0.0 to 1.10.0, the Tekton Pipelines git resolver in API mode sends the system-configured Git API token to a user-controlled serverURL when the user o...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4119
(9.1 CRITICAL)

EPSS: 0.02%

updated 2026-04-22T09:31:41

2 posts

The Create DB Tables plugin for WordPress is vulnerable to authorization bypass in all versions up to and including 1.2.1. The plugin registers admin_post action hooks for creating tables (admin_post_add_table) and deleting tables (admin_post_delete_db_table) without implementing any capability checks via current_user_can() or nonce verification via wp_verify_nonce()/check_admin_referer(). The adm

thehackerwire@mastodon.social at 2026-04-22T20:10:06.000Z ##

🔴 CVE-2026-4119 - Critical (9.1)

The Create DB Tables plugin for WordPress is vulnerable to authorization bypass in all versions up to and including 1.2.1. The plugin registers admin_post action hooks for creating tables (admin_post_add_table) and deleting tables (admin_post_dele...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-04-22T09:00:27.000Z ##

🚨 CVE-2026-4119: CRITICAL vuln in WordPress Create DB Tables plugin (≤1.2.1). Any authenticated user can create/delete DB tables, risking total site loss. Disable or restrict roles until patched. radar.offseq.com/threat/cve-20 #OffSeq #WordPress #Vuln #CVE20264119

##

CVE-2026-6022
(7.5 HIGH)

EPSS: 0.04%

updated 2026-04-22T09:31:40

1 posts

In Progress® Telerik® UI for AJAX prior to 2026.1.421, RadAsyncUpload contains an uncontrolled resource consumption vulnerability that allows file uploads to exceed the configured maximum size due to missing cumulative size enforcement during chunk reassembly, leading to disk space exhaustion.

thehackerwire@mastodon.social at 2026-04-22T21:00:56.000Z ##

🟠 CVE-2026-6022 - High (7.5)

In Progress® Telerik® UI for AJAX prior to 2026.1.421, RadAsyncUpload contains an uncontrolled resource consumption vulnerability that allows file uploads to exceed the configured maximum size due to missing cumulative size enforcement during ch...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6235
(9.8 CRITICAL)

EPSS: 0.03%

updated 2026-04-22T09:31:40

1 posts

The Sendmachine for WordPress plugin for WordPress is vulnerable to authorization bypass via the 'manage_admin_requests' function in all versions up to, and including, 1.0.20. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrite the plugin's SMTP configuration, which can be leveraged to in

thehackerwire@mastodon.social at 2026-04-22T20:09:56.000Z ##

🔴 CVE-2026-6235 - Critical (9.8)

The Sendmachine for WordPress plugin for WordPress is vulnerable to authorization bypass via the 'manage_admin_requests' function in all versions up to, and including, 1.0.20. This is due to the plugin not properly verifying that a user is authori...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6834
(6.5 MEDIUM)

EPSS: 0.04%

updated 2026-04-22T06:30:35

1 posts

The a+HRD developed by aEnrich has a Missing Authorization vulnerability, allowing authenticated remote attackers to arbitrarily read database contents through a specific API method.

offseq@infosec.exchange at 2026-04-22T04:30:27.000Z ##

🔒 HIGH severity: aEnrich a+HRD (CVE-2026-6834) missing authorization flaw lets authenticated users read any database content via API. No patch yet — restrict API access & monitor for abuse. radar.offseq.com/threat/cve-20 #OffSeq #Vulnerability #InfoSec #aEnrich

##

CVE-2026-6784
(7.5 HIGH)

EPSS: 0.04%

updated 2026-04-22T00:32:48

2 posts

Memory safety bugs present in Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.

dangoodin@infosec.exchange at 2026-04-22T22:32:40.000Z ##

@paco

I just asked Mozilla about this. Someone responded that internally found bugs like the 271 go into “roll-up” advisories with, each rollup providing a link to the bug list covered.

The 3 rollups are:

mozilla.org/en-US/security/adv

mozilla.org/en-US/security/adv

mozilla.org/en-US/security/adv

When you look at these rollups they say that "Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code."

With no way of knowing how many vulnerabilities were truly severe and exploitable, I think Mozilla, like others gushing ab out LLM-assisted vuln finding, is denying us the data to assess the true value of Mythos.

##

thehackerwire@mastodon.social at 2026-04-21T21:10:58.000Z ##

🟠 CVE-2026-6784 - High (7.5)

Memory safety bugs present in Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fix...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6772
(7.5 HIGH)

EPSS: 0.04%

updated 2026-04-22T00:32:44

1 posts

Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, and Firefox ESR 140.10.

thehackerwire@mastodon.social at 2026-04-21T21:11:07.000Z ##

🟠 CVE-2026-6772 - High (7.5)

Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, and Firefox ESR 140.10.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6748
(9.8 CRITICAL)

EPSS: 0.05%

updated 2026-04-22T00:32:43

1 posts

Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150 and Firefox ESR 140.10.

Matchbook3469@mastodon.social at 2026-04-23T17:39:41.000Z ##

🚨 New security advisory:

CVE-2026-6748 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
yazoul.net/advisory/cve/cve-20

#CVE #PatchNow #InfoSecCommunity

##

CVE-2026-6771
(9.8 CRITICAL)

EPSS: 0.05%

updated 2026-04-22T00:32:43

1 posts

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150 and Firefox ESR 140.10.

Matchbook3469@mastodon.social at 2026-04-23T16:18:14.000Z ##

🔴 New security advisory:

CVE-2026-6771 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
yazoul.net/advisory/cve/cve-20

#InfoSec #ZeroDay #ThreatIntel

##

CVE-2026-31019
(8.8 HIGH)

EPSS: 0.15%

updated 2026-04-21T21:32:31

1 posts

In the Website module of Dolibarr ERP & CRM 22.0.4 and below, the application uses blacklist-based filtering to restrict dangerous PHP functions related to system command execution. An authenticated user with permission to edit PHP content can bypass this filtering, resulting in full remote code execution with the ability to execute arbitrary operating system commands on the server.

thehackerwire@mastodon.social at 2026-04-21T21:10:48.000Z ##

🟠 CVE-2026-31019 - High (8.8)

In the Website module of Dolibarr ERP & CRM 22.0.4 and below, the application uses blacklist-based filtering to restrict dangerous PHP functions related to system command execution. An authenticated user with permission to edit PHP content can byp...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6819
(8.8 HIGH)

EPSS: 0.04%

updated 2026-04-21T21:31:34

1 posts

HKUDS OpenHarness prior to PR #156 remediation exposes plugin lifecycle commands including /plugin install, /plugin enable, /plugin disable, and /reload-plugins to remote senders by default. Attackers who gain access through the channel layer can remotely manage plugin trust and activation state, enabling unauthorized plugin installation and activation on the system.

thehackerwire@mastodon.social at 2026-04-21T20:59:59.000Z ##

🟠 CVE-2026-6819 - High (8.8)

HKUDS OpenHarness prior to PR #156 remediation exposes plugin lifecycle commands including /plugin install, /plugin enable, /plugin disable, and /reload-plugins to remote senders by default. Attackers who gain access through the channel layer can ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40938
(7.5 HIGH)

EPSS: 0.07%

updated 2026-04-21T20:28:37

1 posts

## Summary The git resolver's `revision` parameter is passed directly as a positional argument to `git fetch` without any validation that it does not begin with a `-` character. Because git parses flags from mixed positional arguments, an attacker can inject arbitrary `git fetch` flags such as `--upload-pack=<binary>`. Combined with the `validateRepoURL` function explicitly permitting URLs that b

thehackerwire@mastodon.social at 2026-04-21T22:00:09.000Z ##

🟠 CVE-2026-40938 - High (7.5)

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. From 1.0.0 to before 1.11.0, the git resolver's revision parameter is passed directly as a positional argument to git fetch without any validation that it d...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41197(CVSS UNKNOWN)

EPSS: 0.04%

updated 2026-04-21T20:16:10

1 posts

## Description Noir programs can invoke external functions through foreign calls. When compiling to Brillig bytecode, the SSA instructions are processed block-by-block in `BrilligBlock::compile_block()`. When the compiler encounters an `Instruction::Call` with a `Value::ForeignFunction` target, it invokes `codegen_call()` in `brillig_call/code_gen_call.rs`, which dispatches to `convert_ssa_foreig

offseq@infosec.exchange at 2026-04-23T04:30:27.000Z ##

🚩 CRITICAL: CVE-2026-41197 in noir-lang noir (<1.0.0-beta.19). Incorrect buffer allocation for nested arrays can corrupt Brillig VM heap. Memory safety risk! Upgrade to 1.0.0-beta.19+ ASAP. radar.offseq.com/threat/cve-20 #OffSeq #NoirLang #CVE202641197 #AppSec

##

CVE-2026-40050
(9.8 CRITICAL)

EPSS: 0.27%

updated 2026-04-21T18:32:04

2 posts

CrowdStrike has released security updates to address a critical unauthenticated path traversal vulnerability (CVE-2026-40050) in LogScale. This vulnerability only requires mitigation by customers that host specific versions of LogScale and does not affect Next-Gen SIEM customers. The vulnerability exists in a specific cluster API endpoint that, if exposed, allows a remote attacker to read arbitrar

cR0w@infosec.exchange at 2026-04-22T21:47:11.000Z ##

@reverseics I went to the Crowdstrike site to see if there was a new advisory and found this instead. Obviously better than any advisory. Even a ../ in CVE-2026-40050.

##

thehackerwire@mastodon.social at 2026-04-21T20:00:25.000Z ##

🔴 CVE-2026-40050 - Critical (9.8)

CrowdStrike has released security updates to address a critical unauthenticated path traversal vulnerability (CVE-2026-40050) in LogScale. This vulnerability only requires mitigation by customers that host specific versions of LogScale and does no...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-15638
(10.0 CRITICAL)

EPSS: 0.01%

updated 2026-04-21T18:32:04

1 posts

Net::Dropbear versions before 0.14 for Perl contains a vulnerable version of libtomcrypt. Net::Dropbear versions before 0.14 includes versions of Dropbear 2019.78 or earlier. These include versions of libtomcrypt v1.18.1 or earlier, which is affected by CVE-2016-6129 and CVE-2018-12437.

thehackerwire@mastodon.social at 2026-04-21T21:07:38.000Z ##

🔴 CVE-2025-15638 - Critical (10)

Net::Dropbear versions before 0.14 for Perl contains a vulnerable version of libtomcrypt.

Net::Dropbear versions before 0.14 includes versions of Dropbear 2019.78 or earlier. These include versions of libtomcrypt v1.18.1 or earlier, which is affe...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41329
(9.9 CRITICAL)

EPSS: 0.04%

updated 2026-04-21T16:20:24.180000

1 posts

OpenClaw before 2026.3.31 contains a sandbox bypass vulnerability allowing attackers to escalate privileges via heartbeat context inheritance and senderIsOwner parameter manipulation. Attackers can exploit improper context validation to bypass sandbox restrictions and achieve unauthorized privilege escalation.

beyondmachines1@infosec.exchange at 2026-04-22T09:01:09.000Z ##

Critical Privilege Escalation Vulnerability in OpenClaw AI Agent Platform

OpenClaw patched a critical privilege escalation vulnerability (CVE-2026-41329) that allows remote attackers to bypass sandbox restrictions and gain full control over AI agent workflows.

**If you use OpenClaw for AI automation, update to version 2026.3.31 ASAP to prevent unauthorized system access. Ensure your AI agents are isolated from sensitive internal networks to limit the impact of potential sandbox escapes.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

CVE-2026-5752
(9.3 CRITICAL)

EPSS: 0.02%

updated 2026-04-21T15:16:37.563000

3 posts

Sandbox Escape Vulnerability in Terrarium allows arbitrary code execution with root privileges on a host process via JavaScript prototype chain traversal.

aisight@mastodon.social at 2026-04-23T18:35:36.000Z ##

Projekt Terrarium, który miał uruchamiać kod generowany przez modele AI w bezpiecznej piaskownicy, okazał się śmiertelną pułapką. Luka CVE-2026-5752 pozwala napastnikom na przejęcie pełnej kontroli nad systemem, a najgorsze jest to, że projekt nie jest już rozwijany.

#si #ai #sztucznainteligencja #wiadomości #informacje #technologia

aisight.pl/cyberbezpieczenstwo

##

aisight@mastodon.social at 2026-04-23T18:35:36.000Z ##

Projekt Terrarium, który miał uruchamiać kod generowany przez modele AI w bezpiecznej piaskownicy, okazał się śmiertelną pułapką. Luka CVE-2026-5752 pozwala napastnikom na przejęcie pełnej kontroli nad systemem, a najgorsze jest to, że projekt nie jest już rozwijany.

#si #ai #sztucznainteligencja #wiadomości #informacje #technologia

aisight.pl/cyberbezpieczenstwo

##

beyondmachines1@infosec.exchange at 2026-04-22T15:01:10.000Z ##

Critical Unpatched Sandbox Escape in Cohere AI Terrarium Allows Root Code Execution

Cohere AI's Terrarium sandbox contains a critical unpatched vulnerability (CVE-2026-5752) that allows attackers to escape the environment and execute commands as root on the host system.

**Stop using Cohere Terrarium immediately because it is unmaintained and the root-level escape vulnerability will not be patched. If you can't migrate, isolate the service in a dedicated virtual machine and block all outbound network access from the container.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

CVE-2026-33626
(7.5 HIGH)

EPSS: 0.03%

updated 2026-04-21T15:04:13

3 posts

## Summary A Server-Side Request Forgery (SSRF) vulnerability exists in LMDeploy's vision-language module. The `load_image()` function in `lmdeploy/vl/utils.py` fetches arbitrary URLs without validating internal/private IP addresses, allowing attackers to access cloud metadata services, internal networks, and sensitive resources. ## Affected Versions - **Tested on:** main branch (2026-02-04) -

campuscodi@mastodon.social at 2026-04-23T20:29:56.000Z ##

An SSRF bug in an LLM deployment server got exploited 12 hours after it was patched

sysdig.com/blog/cve-2026-33626

##

campuscodi@mastodon.social at 2026-04-23T20:29:56.000Z ##

An SSRF bug in an LLM deployment server got exploited 12 hours after it was patched

sysdig.com/blog/cve-2026-33626

##

LLMs@activitypub.awakari.com at 2026-04-22T00:00:00.000Z ## CVE-2026-33626: How attackers exploited LMDeploy LLM Inference Engines in 12 hours CVE-2026-33626 in LMDeploy was exploited within 12 hours of disclosure, enabling attackers to use a vision-LLM end...


Origin | Interest | Match ##

CVE-2026-20128
(7.5 HIGH)

EPSS: 0.05%

updated 2026-04-21T13:00:03.373000

2 posts

A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain DCA user privileges on an affected system. This vulnerability is due to the presence of a credential file for the DCA user on an affected system. An attacker could exploit this vulnerability by sending a crafted HTTP request and reading the file tha

AAKL@infosec.exchange at 2026-04-22T18:03:53.000Z ##

Broadcom has three critical listings today: support.broadcom.com/web/ecx/s

- Datacom Health Check Analyzer 1.1 Vulnerability
- IDMS Server: OpenSSL Vulnerability CVE-2026-28386
- MICS REST API SERVER - 14.5 Vulnerability in Spring Security

Also:

Cisco has a critical advisory:

- CVE-2026-20122; CVE-2026-20126 and CVE-2026-20128: Cisco Catalyst SD-WAN Vulnerabilities sec.cloudapps.cisco.com/securi

Cisco has also tagged 7Zip and Adobe for zero-day reports talosintelligence.com/vulnerab @TalosSecurity #infoec #Broadcom #vulnerability #zeroday #Adobe

##

beyondmachines1@infosec.exchange at 2026-04-22T08:01:09.000Z ##

CISA Confirms Active Exploitation of Three Cisco Networking Vulnerabilities

CISA has confirmed the active exploitation of three Cisco Catalyst SD-WAN Manager vulnerabilities (CVE-2026-20122, CVE-2026-20128, and CVE-2026-20133) that allow attackers to overwrite system files, steal credentials, and access sensitive data. Federal agencies are required to patch these flaws by April 23, 2026, to mitigate risks of unauthorized system takeover.

**If you use Cisco Catalyst SD-WAN Manager check your versions against the February advisory. CISA has confirmed these flaws are exploited, so start patching.**
#cybersecurity #infosec #attack #activeexploit
beyondmachines.net/event_detai

##

CVE-2026-20133
(6.5 MEDIUM)

EPSS: 1.39%

updated 2026-04-20T21:32:43

1 posts

A vulnerability in Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system access restrictions. An attacker could exploit this vulnerability by accessing the API of an affected system. A successful exploit could allow the attacker to read sensitive information on the un

beyondmachines1@infosec.exchange at 2026-04-22T08:01:09.000Z ##

CISA Confirms Active Exploitation of Three Cisco Networking Vulnerabilities

CISA has confirmed the active exploitation of three Cisco Catalyst SD-WAN Manager vulnerabilities (CVE-2026-20122, CVE-2026-20128, and CVE-2026-20133) that allow attackers to overwrite system files, steal credentials, and access sensitive data. Federal agencies are required to patch these flaws by April 23, 2026, to mitigate risks of unauthorized system takeover.

**If you use Cisco Catalyst SD-WAN Manager check your versions against the February advisory. CISA has confirmed these flaws are exploited, so start patching.**
#cybersecurity #infosec #attack #activeexploit
beyondmachines.net/event_detai

##

CVE-2026-20122
(5.4 MEDIUM)

EPSS: 1.12%

updated 2026-04-20T21:31:38

2 posts

A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. To exploit this vulnerability, the attacker must have valid read-only credentials with API access on the affected system. This vulnerability is due to improper file handling on the API interface of an affected system. An attacker could ex

AAKL@infosec.exchange at 2026-04-22T18:03:53.000Z ##

Broadcom has three critical listings today: support.broadcom.com/web/ecx/s

- Datacom Health Check Analyzer 1.1 Vulnerability
- IDMS Server: OpenSSL Vulnerability CVE-2026-28386
- MICS REST API SERVER - 14.5 Vulnerability in Spring Security

Also:

Cisco has a critical advisory:

- CVE-2026-20122; CVE-2026-20126 and CVE-2026-20128: Cisco Catalyst SD-WAN Vulnerabilities sec.cloudapps.cisco.com/securi

Cisco has also tagged 7Zip and Adobe for zero-day reports talosintelligence.com/vulnerab @TalosSecurity #infoec #Broadcom #vulnerability #zeroday #Adobe

##

beyondmachines1@infosec.exchange at 2026-04-22T08:01:09.000Z ##

CISA Confirms Active Exploitation of Three Cisco Networking Vulnerabilities

CISA has confirmed the active exploitation of three Cisco Catalyst SD-WAN Manager vulnerabilities (CVE-2026-20122, CVE-2026-20128, and CVE-2026-20133) that allow attackers to overwrite system files, steal credentials, and access sensitive data. Federal agencies are required to patch these flaws by April 23, 2026, to mitigate risks of unauthorized system takeover.

**If you use Cisco Catalyst SD-WAN Manager check your versions against the February advisory. CISA has confirmed these flaws are exploited, so start patching.**
#cybersecurity #infosec #attack #activeexploit
beyondmachines.net/event_detai

##

CVE-2026-33824
(9.8 CRITICAL)

EPSS: 0.10%

updated 2026-04-17T19:21:23.993000

3 posts

Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network.

2 repos

https://github.com/kaleth4/CVE-2026-33824

https://github.com/z3r0h3ro/CVE-2026-33824

glitterbean@wehavecookies.social at 2026-04-23T17:09:53.000Z ##

CVE-2026-33824: Remote Code Execution in Windows IKEv2 thezdi.com/blog/2026/4/22/cve-

##

thezdi at 2026-04-23T15:44:41.343Z ##

CVE-2026-33824: Remote Code Execution in Windows IKEv2 - the folks from TrendAI Research break down this wormable bug that was patched last week. The show root cause & offer detection guidance. Read the details as zerodayinitiative.com/blog/202

##

thezdi@infosec.exchange at 2026-04-23T15:44:41.000Z ##

CVE-2026-33824: Remote Code Execution in Windows IKEv2 - the folks from TrendAI Research break down this wormable bug that was patched last week. The show root cause & offer detection guidance. Read the details as zerodayinitiative.com/blog/202

##

CVE-2026-40933
(10.0 CRITICAL)

EPSS: 0.07%

updated 2026-04-16T21:18:18

2 posts

### Summary Due to unsafe serialization of stdio commands in the MCP adapter, an authenticated attacker can add an MCP stdio server with an arbitrary command, achieving command execution. ### Details The vulnerability lies in a bug in the input sanitization from the “Custom MCP” configuration in http://localhost:3000/canvas - where any user can add a new MCP, when doing so - adding a new MCP usin

offseq@infosec.exchange at 2026-04-22T03:00:28.000Z ##

🚨 CRITICAL: CVE-2026-40933 in FlowiseAI Flowise (< 3.1.0) allows authenticated OS command injection via unsafe MCP adapter serialization. Upgrade to 3.1.0+ to fully mitigate. CVSS 10 — patch now! radar.offseq.com/threat/cve-20 #OffSeq #Vulnerability #FlowiseAI #Cybersecurity

##

thehackerwire@mastodon.social at 2026-04-21T22:51:48.000Z ##

🔴 CVE-2026-40933 - Critical (9.9)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, due to unsafe serialization of stdio commands in the MCP adapter, an authenticated attacker can add an MCP stdio server with an arbitrary comm...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40890
(7.5 HIGH)

EPSS: 0.04%

updated 2026-04-15T21:18:41

1 posts

### Summary Processing a malformed input containing a `<` character that is not followed by a `>` character anywhere in the remaining text with a SmartypantsRenderer will lead to Out of Bounds read or a panic. ### Details The `smartLeftAngle()` function in `html/smartypants.go:367-376` performs an out-of-bounds slice operation when processing a `<` character that is not followed by a `>` charac

thehackerwire@mastodon.social at 2026-04-21T21:01:19.000Z ##

🟠 CVE-2026-40890 - High (7.5)

The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Processing a malformed input containing a < character that is not followed by a > character anywhere in the remaining text with a Smartyp...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40879
(7.5 HIGH)

EPSS: 0.04%

updated 2026-04-15T21:14:55

1 posts

### Impact Attacker sends many small, valid JSON messages in one TCP frame → handleData() recurses once per message; buffer shrinks each call → maxBufferSize is never reached; call stack overflows instead → A ~47 KB payload is sufficient to trigger RangeError ### Patches Fixed in `@nestjs/microservices@11.1.19` ### References Discovered by https://github.com/hwpark6804-gif

thehackerwire@mastodon.social at 2026-04-21T21:01:45.000Z ##

🟠 CVE-2026-40879 - High (7.5)

Nest is a framework for building scalable Node.js server-side applications. Prior to 11.1.19, when an attacker sends many small, valid JSON messages in one TCP frame, handleData() recurses once per message; the buffer shrinks each call. maxBufferS...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40576
(9.4 CRITICAL)

EPSS: 0.05%

updated 2026-04-15T21:06:59

1 posts

## Summary A path traversal vulnerability exists in [`excel-mcp-server`](https://github.com/haris-musa/excel-mcp-server) versions up to and including `0.1.7`. When running in SSE or Streamable-HTTP transport mode (the documented way to use this server remotely), an unauthenticated attacker on the network can read, write, and overwrite arbitrary files on the host filesystem by supplying crafted `f

thehackerwire@mastodon.social at 2026-04-21T20:00:06.000Z ##

🔴 CVE-2026-40576 - Critical (9.4)

excel-mcp-server is a Model Context Protocol server for Excel file manipulation. A path traversal vulnerability exists in excel-mcp-server versions up to and including 0.1.7. When running in SSE or Streamable-HTTP transport mode (the documented wa...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2018-25193
(7.5 HIGH)

EPSS: 0.14%

updated 2026-04-15T14:53:58.147000

2 posts

Mongoose Web Server 6.9 contains a denial of service vulnerability that allows remote attackers to crash the service by establishing multiple socket connections. Attackers can repeatedly create connections to the default port and send malformed data to exhaust server resources and cause service unavailability.

certvde at 2026-04-23T12:45:22.039Z ##

VDE-2026-019
Pilz: Vulnerability affecting PASvisu Runtime

The PASvisu Runtime is affected by a vulnerability in a third-party component which can be exploited by malicious web requests.
CVE-2018-25193

certvde.com/en/advisories/vde-

pilz.csaf-tp.certvde.com/.well

##

certvde@infosec.exchange at 2026-04-23T12:45:22.000Z ##

#OT #Advisory VDE-2026-019
Pilz: Vulnerability affecting PASvisu Runtime

The PASvisu Runtime is affected by a vulnerability in a third-party component which can be exploited by malicious web requests.
#CVE CVE-2018-25193

certvde.com/en/advisories/vde-

#CSAF pilz.csaf-tp.certvde.com/.well

##

CVE-2026-34621
(8.6 HIGH)

EPSS: 7.60%

updated 2026-04-13T21:23:27

2 posts

Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

5 repos

https://github.com/ercihan/CVE-2026-34621

https://github.com/eduardorossi84/CVE-2026-34621-POC

https://github.com/ercihan/CVE-2026-34621_PDF_SAMPLE

https://github.com/KeulenR01/Remediate-AdobeAcrobat-CVE-2026-34621

https://github.com/NULL200OK/cve_2026_34621_advanced

_r_netsec at 2026-04-23T18:28:05.870Z ##

CVE-2026-34621: Adobe Acrobat Reader zero-day was on VirusTotal for 136 days before Adobe named it a CVE nefariousplan.com/posts/adobe-

##

_r_netsec@infosec.exchange at 2026-04-23T18:28:05.000Z ##

CVE-2026-34621: Adobe Acrobat Reader zero-day was on VirusTotal for 136 days before Adobe named it a CVE nefariousplan.com/posts/adobe-

##

CVE-2026-39987(CVSS UNKNOWN)

EPSS: 6.99%

updated 2026-04-09T19:06:18

5 posts

## Summary Marimo (19.6k stars) has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint `/terminal/ws` lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSocket endpoints (e.g., `/ws`) that correctly call `validate_auth()` for authentication, the `/terminal/ws` endpoint only checks the

Nuclei template

5 repos

https://github.com/keraattin/CVE-2026-39987

https://github.com/fevar54/marimo_CVE-2026-39987_RCE_PoC

https://github.com/Nxploited/CVE-2026-39987

https://github.com/0xBlackash/CVE-2026-39987

https://github.com/mki9/CVE-2026-39987_exploit

secdb at 2026-04-23T20:00:16.316Z ##

🚨 [CISA-2026:0423] CISA Adds One Known Exploited Vulnerability to Catalog (secdb.nttzen.cloud/security-ad)

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2026-39987 (secdb.nttzen.cloud/cve/detail/)
- Name: Marimo Remote Code Execution Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Marimo
- Product: Marimo
- Notes: github.com/marimo-team/marimo/ ; nvd.nist.gov/vuln/detail/CVE-2

##

cisakevtracker@mastodon.social at 2026-04-23T18:00:51.000Z ##

CVE ID: CVE-2026-39987
Vendor: Marimo
Product: Marimo
Date Added: 2026-04-23
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

canartuc@mastodon.social at 2026-04-23T15:32:01.000Z ##

Five critical self-hosted flaws landed April 20-22. Marimo pre-auth remote takeover (CVE-2026-39987, CVSS 9.3), exploited in 10 hours. Apache Airflow XCom. Spinnaker Echo. Jellystat SQL injection to takeover (CVE-2026-41167, 9.1). OpenVPN 2.7.2 fixed two. Three trace to injection. Across 14 compliant platforms I have architected, the audit finding is patch cadence, not availability. A 10-hour window makes quarterly cadence a breach timeline.

#CyberSecurity #SelfHosted #OpenSource #InfoSec

##

secdb@infosec.exchange at 2026-04-23T20:00:16.000Z ##

🚨 [CISA-2026:0423] CISA Adds One Known Exploited Vulnerability to Catalog (secdb.nttzen.cloud/security-ad)

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2026-39987 (secdb.nttzen.cloud/cve/detail/)
- Name: Marimo Remote Code Execution Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Marimo
- Product: Marimo
- Notes: github.com/marimo-team/marimo/ ; nvd.nist.gov/vuln/detail/CVE-2

#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260423 #cisa20260423 #cve_2026_39987 #cve202639987

##

cisakevtracker@mastodon.social at 2026-04-23T18:00:51.000Z ##

CVE ID: CVE-2026-39987
Vendor: Marimo
Product: Marimo
Date Added: 2026-04-23
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2026-4747
(8.8 HIGH)

EPSS: 0.08%

updated 2026-04-01T15:30:57

1 posts

Each RPCSEC_GSS data packet is validated by a routine which checks a signature in the packet. This routine copies a portion of the packet into a stack buffer, but fails to ensure that the buffer is sufficiently large, and a malicious client can trigger a stack overflow. Notably, this does not require the client to authenticate itself first. As kgssapi.ko's RPCSEC_GSS implementation is vulnerabl

2 repos

https://github.com/kaleth4/CVE-2026-4747

https://github.com/kaleth4/CVE-2026-4747-

CVE-2025-15467
(8.8 HIGH)

EPSS: 0.70%

updated 2026-03-19T19:16:19.230000

3 posts

Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encode

6 repos

https://github.com/x-stp/cves-2025-11187_15467_69418

https://github.com/materaj2/cve-2025-15467

https://github.com/guiimoraes/CVE-2025-15467

https://github.com/WostGit/cve-2025-15467-crash

https://github.com/mr-r3b00t/CVE-2025-15467

https://github.com/balgan/CVE-2025-15467

certvde at 2026-04-23T10:49:13.995Z ##

VDE-2026-029
METTLER TOLEDO: OpenSSL vulnerability in MX and MR balances

MX/MR firmware V2.0.0 or earlier is affected by the OpenSSL vulnerability CVE-2025-15467.
CVE-2025-15467

certvde.com/en/advisories/vde-

mettler-toledo.csaf-tp.certvde

##

certvde@infosec.exchange at 2026-04-23T10:49:13.000Z ##

#OT #Advisory VDE-2026-029
METTLER TOLEDO: OpenSSL vulnerability in MX and MR balances

MX/MR firmware V2.0.0 or earlier is affected by the OpenSSL vulnerability CVE-2025-15467.
#CVE CVE-2025-15467

certvde.com/en/advisories/vde-
#oCSAF
#CSAF mettler-toledo.csaf-tp.certvde

##

certvde@infosec.exchange at 2026-04-22T08:52:06.000Z ##

#OT #Advisory VDE-2026-023
Phoenix Contact: Several products are affected by vulnerabilities found in OpenSSL

Attacks are possible when installing key files and digitally signed objects. These attacks can only be carried out if these files are uploaded and installed by a logged-in user with high privileges.
#CVE CVE-2025-15467, CVE-2025-69419

certvde.com/en/advisories/vde-

#CSAF phoenixcontact.csaf-tp.certvde

##

CVE-2026-20126
(8.8 HIGH)

EPSS: 0.02%

updated 2026-03-04T21:21:49.053000

1 posts

A vulnerability in Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker with low privileges to gain root privileges on the underlying operating system. This vulnerability is due to an insufficient user authentication mechanism in the REST API. An attacker could exploit this vulnerability by sending a request to the REST API of the affected system. A successful exploit coul

AAKL@infosec.exchange at 2026-04-22T18:03:53.000Z ##

Broadcom has three critical listings today: support.broadcom.com/web/ecx/s

- Datacom Health Check Analyzer 1.1 Vulnerability
- IDMS Server: OpenSSL Vulnerability CVE-2026-28386
- MICS REST API SERVER - 14.5 Vulnerability in Spring Security

Also:

Cisco has a critical advisory:

- CVE-2026-20122; CVE-2026-20126 and CVE-2026-20128: Cisco Catalyst SD-WAN Vulnerabilities sec.cloudapps.cisco.com/securi

Cisco has also tagged 7Zip and Adobe for zero-day reports talosintelligence.com/vulnerab @TalosSecurity #infoec #Broadcom #vulnerability #zeroday #Adobe

##

CVE-2026-24884
(8.4 HIGH)

EPSS: 0.01%

updated 2026-02-27T20:27:32.587000

1 posts

Compressing is a compressing and uncompressing lib for node. In version 2.0.0 and 1.10.3 and prior, Compressing extracts TAR archives while restoring symbolic links without validating their targets. By embedding symlinks that resolve outside the intended extraction directory, an attacker can cause subsequent file entries to be written to arbitrary locations on the host file system. Depending on th

thehackerwire@mastodon.social at 2026-04-21T22:37:09.000Z ##

🟠 CVE-2026-40931 - High (8.4)

Compressing is a compressing and uncompressing lib for node. Prior to 2.1.1 and 1.10.5, the patch for CVE-2026-24884 relies on a purely logical string validation within the isPathWithinParent utility. This check verifies if a resolved path string ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-69419
(7.4 HIGH)

EPSS: 0.06%

updated 2026-01-29T18:32:43

1 posts

Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service. The OPENSSL_uni2utf8() functi

certvde@infosec.exchange at 2026-04-22T08:52:06.000Z ##

#OT #Advisory VDE-2026-023
Phoenix Contact: Several products are affected by vulnerabilities found in OpenSSL

Attacks are possible when installing key files and digitally signed objects. These attacks can only be carried out if these files are uploaded and installed by a logged-in user with high privileges.
#CVE CVE-2025-15467, CVE-2025-69419

certvde.com/en/advisories/vde-

#CSAF phoenixcontact.csaf-tp.certvde

##

CVE-2026-21445(CVSS UNKNOWN)

EPSS: 6.97%

updated 2026-01-05T01:10:11

1 posts

### Summary Multiple critical API endpoints in Langflow are missing authentication controls, allowing any unauthenticated user to access sensitive user conversation data, transaction histories, and perform destructive operations including message deletion. This affects endpoints handling personal data and system operations that should require proper authorization. ### Details The vulnerability ex

Nuclei template

1 repos

https://github.com/chinaxploiter/CVE-2026-21445-PoC

thecybermind at 2026-04-24T01:03:05.238Z ##

CVE-2023-46805 is actively exploited in Ivanti Connect Secure and Policy Secure gateways. When chained with CVE-2024-21887, attackers gain unauthenticated RCE and full VPN appliance compromise, posing critical enterprise perimeter risk.

Read the full threat brief:
thecybermind.co/i1n8

thecybermind.co/2026/04/23/iva

##

thecybermind@infosec.exchange at 2026-04-24T01:03:05.000Z ##

CVE-2023-46805 is actively exploited in Ivanti Connect Secure and Policy Secure gateways. When chained with CVE-2024-21887, attackers gain unauthenticated RCE and full VPN appliance compromise, posing critical enterprise perimeter risk.

Read the full threat brief:
thecybermind.co/i1n8

thecybermind.co/2026/04/23/iva

##

thecybermind at 2026-04-24T01:03:05.238Z ##

CVE-2023-46805 is actively exploited in Ivanti Connect Secure and Policy Secure gateways. When chained with CVE-2024-21887, attackers gain unauthenticated RCE and full VPN appliance compromise, posing critical enterprise perimeter risk.

Read the full threat brief:
thecybermind.co/i1n8

thecybermind.co/2026/04/23/iva

##

thecybermind@infosec.exchange at 2026-04-24T01:03:05.000Z ##

CVE-2023-46805 is actively exploited in Ivanti Connect Secure and Policy Secure gateways. When chained with CVE-2024-21887, attackers gain unauthenticated RCE and full VPN appliance compromise, posing critical enterprise perimeter risk.

Read the full threat brief:
thecybermind.co/i1n8

thecybermind.co/2026/04/23/iva

##

CVE-2023-33538
(8.8 HIGH)

EPSS: 89.90%

updated 2025-10-22T00:33:51

2 posts

TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm .

2 repos

https://github.com/explxx/CVE-2023-33538

https://github.com/mrowkoob/CVE-2023-33538-msf

CVE-2026-41267
(0 None)

EPSS: 0.00%

2 posts

N/A

thehackerwire@mastodon.social at 2026-04-23T20:30:10.000Z ##

🟠 CVE-2026-41267 - High (8.1)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, an improper mass assignment (JSON injection) vulnerability in the account registration endpoint of Flowise Cloud allows unauthenticated attack...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-23T20:30:10.000Z ##

🟠 CVE-2026-41267 - High (8.1)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, an improper mass assignment (JSON injection) vulnerability in the account registration endpoint of Flowise Cloud allows unauthenticated attack...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41230
(0 None)

EPSS: 0.04%

2 posts

N/A

thehackerwire@mastodon.social at 2026-04-23T19:44:22.000Z ##

🟠 CVE-2026-41230 - High (8.5)

Froxlor is open source server administration software. Prior to version 2.3.6, `DomainZones::add()` accepts arbitrary DNS record types without a whitelist and does not sanitize newline characters in the `content` field. When a DNS type not covered...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-23T19:44:22.000Z ##

🟠 CVE-2026-41230 - High (8.5)

Froxlor is open source server administration software. Prior to version 2.3.6, `DomainZones::add()` accepts arbitrary DNS record types without a whitelist and does not sanitize newline characters in the `content` field. When a DNS type not covered...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41229
(0 None)

EPSS: 0.04%

2 posts

N/A

thehackerwire@mastodon.social at 2026-04-23T19:44:13.000Z ##

🔴 CVE-2026-41229 - Critical (9.1)

Froxlor is open source server administration software. Prior to version 2.3.6, `PhpHelper::parseArrayToString()` writes string values into single-quoted PHP string literals without escaping single quotes. When an admin with `change_serversettings`...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-23T19:44:13.000Z ##

🔴 CVE-2026-41229 - Critical (9.1)

Froxlor is open source server administration software. Prior to version 2.3.6, `PhpHelper::parseArrayToString()` writes string values into single-quoted PHP string literals without escaping single quotes. When an admin with `change_serversettings`...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41228
(0 None)

EPSS: 0.06%

3 posts

N/A

thehackerwire@mastodon.social at 2026-04-23T19:44:04.000Z ##

🔴 CVE-2026-41228 - Critical (9.9)

Froxlor is open source server administration software. Prior to version 2.3.6, the Froxlor API endpoint `Customers.update` (and `Admins.update`) does not validate the `def_language` parameter against the list of available language files. An authen...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

Matchbook3469@mastodon.social at 2026-04-23T11:15:48.000Z ##

🚨 New security advisory:

CVE-2026-41228 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
yazoul.net/advisory/cve/cve-20

#CVE #PatchNow #InfoSecCommunity

##

thehackerwire@mastodon.social at 2026-04-23T19:44:04.000Z ##

🔴 CVE-2026-41228 - Critical (9.9)

Froxlor is open source server administration software. Prior to version 2.3.6, the Froxlor API endpoint `Customers.update` (and `Admins.update`) does not validate the `def_language` parameter against the list of available language files. An authen...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41564
(0 None)

EPSS: 0.02%

4 posts

N/A

thehackerwire@mastodon.social at 2026-04-23T19:43:32.000Z ##

🟠 CVE-2026-41564 - High (7.5)

CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking.

The Crypt::PK::RSA, Crypt::PK::DSA, Crypt::PK::DH, Crypt::PK::ECC, Crypt::PK::Ed25519 and Crypt::PK::X25519 modules seed a per-object PRNG state in their ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-23T19:42:54.000Z ##

🟠 CVE-2026-41564 - High (7.5)

CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking.

The Crypt::PK::RSA, Crypt::PK::DSA, Crypt::PK::DH, Crypt::PK::ECC, Crypt::PK::Ed25519 and Crypt::PK::X25519 modules seed a per-object PRNG state in their ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-23T19:43:32.000Z ##

🟠 CVE-2026-41564 - High (7.5)

CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking.

The Crypt::PK::RSA, Crypt::PK::DSA, Crypt::PK::DH, Crypt::PK::ECC, Crypt::PK::Ed25519 and Crypt::PK::X25519 modules seed a per-object PRNG state in their ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-23T19:42:54.000Z ##

🟠 CVE-2026-41564 - High (7.5)

CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking.

The Crypt::PK::RSA, Crypt::PK::DSA, Crypt::PK::DH, Crypt::PK::ECC, Crypt::PK::Ed25519 and Crypt::PK::X25519 modules seed a per-object PRNG state in their ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41241
(0 None)

EPSS: 0.00%

2 posts

N/A

thehackerwire@mastodon.social at 2026-04-23T19:32:29.000Z ##

🟠 CVE-2026-41241 - High (8.7)

pretalx is a conference planning tool. Prior to 2026.1.0, The organiser search in the pretalx backend rendered submission titles, speaker display names, and user names/emails into the result dropdown using innerHTML string interpolation. Any user ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-23T19:32:29.000Z ##

🟠 CVE-2026-41241 - High (8.7)

pretalx is a conference planning tool. Prior to 2026.1.0, The organiser search in the pretalx backend rendered submission titles, speaker display names, and user names/emails into the result dropdown using innerHTML string interpolation. Any user ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6786
(0 None)

EPSS: 0.05%

1 posts

N/A

dangoodin@infosec.exchange at 2026-04-22T22:32:40.000Z ##

@paco

I just asked Mozilla about this. Someone responded that internally found bugs like the 271 go into “roll-up” advisories with, each rollup providing a link to the bug list covered.

The 3 rollups are:

mozilla.org/en-US/security/adv

mozilla.org/en-US/security/adv

mozilla.org/en-US/security/adv

When you look at these rollups they say that "Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code."

With no way of knowing how many vulnerabilities were truly severe and exploitable, I think Mozilla, like others gushing ab out LLM-assisted vuln finding, is denying us the data to assess the true value of Mythos.

##

CVE-2026-6785
(0 None)

EPSS: 0.06%

1 posts

N/A

dangoodin@infosec.exchange at 2026-04-22T22:32:40.000Z ##

@paco

I just asked Mozilla about this. Someone responded that internally found bugs like the 271 go into “roll-up” advisories with, each rollup providing a link to the bug list covered.

The 3 rollups are:

mozilla.org/en-US/security/adv

mozilla.org/en-US/security/adv

mozilla.org/en-US/security/adv

When you look at these rollups they say that "Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code."

With no way of knowing how many vulnerabilities were truly severe and exploitable, I think Mozilla, like others gushing ab out LLM-assisted vuln finding, is denying us the data to assess the true value of Mythos.

##

thehackerwire@mastodon.social at 2026-04-22T21:24:21.000Z ##

🔴 CVE-2026-33656 - Critical (9.1)

EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, EspoCRM's built-in formula scripting engine allowing updating attachment's sourceId thus allowing an authenticated admin to overwrite the `sourceId` fi...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41064
(0 None)

EPSS: 0.03%

2 posts

N/A

thehackerwire@mastodon.social at 2026-04-22T21:15:22.000Z ##

🔴 CVE-2026-41064 - Critical (9.3)

WWBN AVideo is an open source video platform. In versions up to and including 29.0, an incomplete fix for AVideo's `test.php` adds `escapeshellarg` for wget but leaves the `file_get_contents` and `curl` code paths unsanitized, and the URL validati...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-04-22T00:00:39.000Z ##

🛑 CRITICAL: WWBN AVideo <=29.0 vulnerable to OS command injection (CVE-2026-41064, CVSS 9.3). Unauthenticated attackers can exploit weak URL validation to run arbitrary commands. No official patch — see commit for fix details. radar.offseq.com/threat/cve-20 #OffSeq #CVE202641064 #infosec

##

CVE-2026-34063
(0 None)

EPSS: 0.04%

1 posts

N/A

thehackerwire@mastodon.social at 2026-04-22T21:00:08.000Z ##

🟠 CVE-2026-34063 - High (7.5)

Nimiq's network-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, `network-libp2p` discovery uses a libp2p `ConnectionHandler` state machine. the handler assumes there is at most one inbound and one outbound discove...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-35328
(0 None)

EPSS: 0.00%

1 posts

N/A

linux@activitypub.awakari.com at 2026-04-22T12:57:06.000Z ## Debian DSA-6227-1 StrongSwan Critical Infinite Loop Crash Vulnerabilities Multiple vulnerabilities were fixed in strongSwan, an IKE/IPsec suite. CVE-2026-35328 A vulnerability in libtls related to ...

#Debian #Linux #Distribution #- #Security #Advisories

Origin | Interest | Match ##

CVE-2026-3323
(0 None)

EPSS: 0.00%

1 posts

N/A

certvde@infosec.exchange at 2026-04-22T09:45:07.000Z ##

#OT #Advisory VDE-2026-016
VEGA: Unsecured Configuration Interface Allows Unauthorized Access Leading to Privilege Escalation

Vulnerable components expose sensitive information to unauthorized actors through an unsecured configuration interface. Vulnerable firmware releases contain an unsecured configuration interface that allows retrieval of sensitive information such as hashed credentials.
#CVE CVE-2026-3323

certvde.com/en/advisories/vde-

#CSAF vega.csaf-tp.certvde.com/.well

##

CVE-2026-41056
(0 None)

EPSS: 0.04%

1 posts

N/A

thehackerwire@mastodon.social at 2026-04-21T23:23:21.000Z ##

🟠 CVE-2026-41056 - High (8.1)

WWBN AVideo is an open source video platform. In versions 29.0 and below, the `allowOrigin($allowAll=true)` function in `objects/functions.php` reflects any arbitrary `Origin` header back in `Access-Control-Allow-Origin` along with `Access-Control...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41055
(0 None)

EPSS: 0.03%

1 posts

N/A

thehackerwire@mastodon.social at 2026-04-21T23:22:07.000Z ##

🟠 CVE-2026-41055 - High (8.6)

WWBN AVideo is an open source video platform. In versions 29.0 and below, an incomplete SSRF fix in AVideo's LiveLinks proxy adds `isSSRFSafeURL()` validation but leaves DNS TOCTOU vulnerabilities where DNS rebinding between validation and the act...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41058
(0 None)

EPSS: 0.04%

1 posts

N/A

thehackerwire@mastodon.social at 2026-04-21T23:21:46.000Z ##

🟠 CVE-2026-41058 - High (8.1)

WWBN AVideo is an open source video platform. In versions 29.0 and below, the incomplete fix for AVideo's CloneSite `deleteDump` parameter does not apply path traversal filtering, allowing `unlink()` of arbitrary files via `../../` sequences in th...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40706
(0 None)

EPSS: 0.01%

1 posts

N/A

thehackerwire@mastodon.social at 2026-04-21T22:37:00.000Z ##

🟠 CVE-2026-40706 - High (8.4)

In NTFS-3G 2022.10.3 before 2026.2.25, a heap buffer overflow exists in ntfs_build_permissions_posix() in acls.c that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The overflow is tri...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40905
(0 None)

EPSS: 0.03%

2 posts

N/A

thehackerwire@mastodon.social at 2026-04-21T22:03:01.000Z ##

🟠 CVE-2026-40905 - High (8.1)

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, a password reset poisoning vulnerability was identified in the application due to improper trust of user-controlled HTTP headers. The application uses the X-Forwarded-Host ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-21T22:01:22.000Z ##

🟠 CVE-2026-40905 - High (8.1)

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, a password reset poisoning vulnerability was identified in the application due to improper trust of user-controlled HTTP headers. The application uses the X-Forwarded-Host ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40903
(0 None)

EPSS: 0.03%

1 posts

N/A

thehackerwire@mastodon.social at 2026-04-21T21:01:29.000Z ##

🔴 CVE-2026-40903 - Critical (9.1)

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs has an ArtiPACKED vulnerability. ArtiPACKED can lead to leakage of the GITHUB_TOKEN through workflow artifacts, even though the token is not present in the repository source c...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40909
(0 None)

EPSS: 0.10%

1 posts

N/A

thehackerwire@mastodon.social at 2026-04-21T21:00:10.000Z ##

🟠 CVE-2026-40909 - High (8.7)

WWBN AVideo is an open source video platform. In versions 29.0 and prior, the locale save endpoint (`locale/save.php`) constructs a file path by directly concatenating `$_POST['flag']` into the path at line 30 without any sanitization. The `$_POST...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40569
(0 None)

EPSS: 0.04%

1 posts

N/A

thehackerwire@mastodon.social at 2026-04-21T19:59:57.000Z ##

🔴 CVE-2026-40569 - Critical (9)

FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a mass assignment vulnerability in the mailbox connection settings endpoints of FreeScout (`connectionIncomingSave()` at `app/Http/Controllers/MailboxesCo...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40613
(0 None)

EPSS: 0.08%

1 posts

N/A

thehackerwire@mastodon.social at 2026-04-21T19:58:13.000Z ##

🟠 CVE-2026-40613 - High (7.5)

Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.10.0, the STUN/TURN attribute parsing functions in coturn perform unsafe pointer casts from uint8_t * to uint16_t * without alignment checks. When processing a crafted...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

Visit counter For Websites