| CVE | CVSS | EPSS | Posts | Repos | Nuclei | Updated | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-5629 | 8.8 | 0.00% | 4 | 0 | 2026-04-06T06:16:22.310000 | A vulnerability was detected in Belkin F9K1015 1.00.10. The affected element is | |
| CVE-2026-5628 | 8.8 | 0.00% | 4 | 0 | 2026-04-06T06:16:22.087000 | A security vulnerability has been detected in Belkin F9K1015 1.00.10. Impacted i | |
| CVE-2026-5614 | 8.8 | 0.00% | 4 | 0 | 2026-04-06T04:16:09.967000 | A security flaw has been discovered in Belkin F9K1015 1.00.10. Impacted is the f | |
| CVE-2026-5613 | 8.8 | 0.00% | 4 | 0 | 2026-04-06T03:16:07.990000 | A vulnerability was identified in Belkin F9K1015 1.00.10. This issue affects the | |
| CVE-2026-5612 | 8.8 | 0.00% | 2 | 0 | 2026-04-06T03:16:07.790000 | A vulnerability was determined in Belkin F9K1015 1.00.10. This vulnerability aff | |
| CVE-2026-5611 | 8.8 | 0.00% | 2 | 0 | 2026-04-06T03:16:07.570000 | A vulnerability was found in Belkin F9K1015 1.00.10. This affects the function f | |
| CVE-2026-5610 | 8.8 | 0.00% | 4 | 0 | 2026-04-06T02:16:00.927000 | A vulnerability has been found in Belkin F9K1015 1.00.10. Affected by this issue | |
| CVE-2026-5609 | 8.8 | 0.00% | 2 | 0 | 2026-04-06T02:16:00.670000 | A flaw has been found in Tenda i12 1.0.0.11(3862). Affected by this vulnerabilit | |
| CVE-2026-5608 | 8.8 | 0.00% | 4 | 0 | 2026-04-06T01:16:40.367000 | A vulnerability was detected in Belkin F9K1122 1.00.33. Affected is the function | |
| CVE-2026-5605 | 8.8 | 0.00% | 4 | 0 | 2026-04-06T00:30:31 | A weakness has been identified in Tenda CH22 1.0.0.1. This affects the function | |
| CVE-2026-5604 | 8.8 | 0.00% | 2 | 0 | 2026-04-06T00:30:31 | A security flaw has been discovered in Tenda CH22 1.0.0.1. The impacted element | |
| CVE-2026-4272 | 8.1 | 0.00% | 2 | 0 | 2026-04-06T00:30:31 | Missing Authentication for Critical Function vulnerability in Honeywell Handheld | |
| CVE-2026-5567 | 8.8 | 0.00% | 2 | 0 | 2026-04-05T15:32:03 | A flaw has been found in Tenda M3 1.0.0.10. This vulnerability affects the funct | |
| CVE-2026-5566 | 8.8 | 0.00% | 2 | 0 | 2026-04-05T15:32:03 | A vulnerability was detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. This | |
| CVE-2026-5558 | 6.3 | 0.03% | 2 | 0 | 2026-04-05T10:16:19.933000 | A flaw has been found in PHPGurukul PHPGurukul Online Shopping Portal Project up | |
| CVE-2026-5548 | 8.8 | 0.05% | 2 | 0 | 2026-04-05T09:30:22 | A vulnerability was found in Tenda AC10 16.03.10.10_multi_TDE01. Affected by thi | |
| CVE-2026-5550 | 8.8 | 0.05% | 4 | 0 | 2026-04-05T08:16:25.100000 | A vulnerability was identified in Tenda AC10 16.03.10.10_multi_TDE01. This affec | |
| CVE-2026-5544 | 8.8 | 0.04% | 5 | 0 | 2026-04-05T06:32:08 | A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-18053 | |
| CVE-2026-2936 | 7.2 | 0.02% | 2 | 0 | 2026-04-04T12:31:04 | The Visitor Traffic Real Time Statistics plugin for WordPress is vulnerable to S | |
| CVE-2026-3666 | 8.8 | 0.03% | 4 | 0 | 2026-04-04T12:31:04 | The wpForo Forum plugin for WordPress is vulnerable to arbitrary file deletion i | |
| CVE-2026-1233 | 7.5 | 0.02% | 4 | 0 | 2026-04-04T12:16:02.943000 | The Text to Speech for WP (AI Voices by Mementor) plugin for WordPress is vulner | |
| CVE-2026-5425 | 7.2 | 0.06% | 2 | 0 | 2026-04-04T09:30:37 | The Widgets for Social Photo Feed plugin for WordPress is vulnerable to Stored C | |
| CVE-2026-3445 | 7.1 | 0.03% | 2 | 0 | 2026-04-04T09:30:37 | The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User | |
| CVE-2026-4896 | 8.1 | 0.01% | 2 | 0 | 2026-04-04T09:30:31 | The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Lis | |
| CVE-2026-35216 | 9.1 | 0.34% | 1 | 0 | 2026-04-04T06:04:59 | ### Summary An unauthenticated attacker can achieve Remote Code Execution (RCE) | |
| CVE-2026-4634 | 7.5 | 0.07% | 2 | 0 | 2026-04-04T06:00:48 | A flaw was found in Keycloak. An unauthenticated attacker can exploit this vulne | |
| CVE-2026-35616 | 9.8 | 0.03% | 18 | 2 | 2026-04-04T01:16:39.720000 | A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through | |
| CVE-2026-34780 | 8.3 | 0.04% | 1 | 0 | 2026-04-04T01:16:39.540000 | Electron is a framework for writing cross-platform desktop applications using Ja | |
| CVE-2026-34769 | 7.7 | 0.02% | 1 | 0 | 2026-04-04T00:16:17.657000 | Electron is a framework for writing cross-platform desktop applications using Ja | |
| CVE-2026-34953 | 9.1 | 0.03% | 2 | 0 | 2026-04-03T23:17:06.653000 | PraisonAI is a multi-agent teams system. Prior to version 4.5.97, OAuthManager.v | |
| CVE-2026-34935 | 9.8 | 0.08% | 2 | 0 | 2026-04-03T23:17:05.693000 | PraisonAI is a multi-agent teams system. From version 4.5.15 to before version 4 | |
| CVE-2026-34612 | 9.9 | 0.14% | 2 | 0 | 2026-04-03T23:17:04.587000 | Kestra is an open-source, event-driven orchestration platform. Prior to version | |
| CVE-2026-33184 | 7.5 | 0.04% | 1 | 0 | 2026-04-03T23:17:03.600000 | nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake pro | |
| CVE-2025-15620 | 8.6 | 0.01% | 1 | 0 | 2026-04-03T23:17:03.417000 | HiOS Switch Platform versions 09.1.00 prior to 09.4.05 and 10.3.01 contains a de | |
| CVE-2026-27456 | 4.7 | 0.01% | 1 | 0 | 2026-04-03T22:16:25.400000 | util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a | |
| CVE-2026-34824 | 7.5 | 0.02% | 1 | 0 | 2026-04-03T21:54:37 | ### Summary An uncontrolled resource consumption vulnerability exists in the Web | |
| CVE-2026-33950 | 9.4 | 0.05% | 1 | 0 | 2026-04-03T21:37:19 | ## Summary According to SignalK's security documentation, when a server is firs | |
| CVE-2026-33175 | 8.8 | 0.10% | 1 | 0 | 2026-04-03T21:35:39 | ### Summary An authentication bypass vulnerability in `oauthenticator` allows a | |
| CVE-2026-31818 | 9.6 | 0.01% | 1 | 0 | 2026-04-03T21:34:49 | ## 1. Summary | Field | Value | |-------|-------| | **Title** | SSRF via REST C | |
| CVE-2026-25197 | 9.1 | 0.03% | 2 | 2 | 2026-04-03T21:31:49 | A specific endpoint allows authenticated users to pivot to other user profiles b | |
| CVE-2025-10681 | 8.6 | 0.04% | 1 | 2 | 2026-04-03T21:31:49 | Storage credentials are hardcoded in the mobile app and device firmware. These c | |
| CVE-2026-22665 | 8.1 | 0.03% | 1 | 0 | 2026-04-03T21:31:49 | prompts.chat prior to commit 1464475 contains an identity confusion vulnerabilit | |
| CVE-2026-28766 | 9.3 | 0.07% | 1 | 2 | 2026-04-03T21:31:49 | A specific endpoint exposes all user account information for registered Gardyn u | |
| CVE-2026-35558 | 7.8 | 0.04% | 1 | 0 | 2026-04-03T21:31:49 | Improper neutralization of special elements in the authentication components in | |
| CVE-2026-35562 | 7.5 | 0.08% | 1 | 0 | 2026-04-03T21:31:49 | Allocation of resources without limits in the parsing components in Amazon Athen | |
| CVE-2026-22661 | 8.1 | 0.04% | 1 | 0 | 2026-04-03T21:31:48 | prompts.chat prior to commit 0f8d4c3 contains a path traversal vulnerability in | |
| CVE-2026-5485 | 7.8 | 0.03% | 1 | 0 | 2026-04-03T21:17:12.603000 | OS command injection in the browser-based authentication component in Amazon Ath | |
| CVE-2026-32646 | 7.5 | 0.07% | 1 | 2 | 2026-04-03T21:17:11.137000 | A specific administrative endpoint is accessible without proper authentication, | |
| CVE-2026-22664 | 7.7 | 0.03% | 1 | 0 | 2026-04-03T21:17:09.513000 | prompts.chat prior to commit 30a8f04 contains a server-side request forgery vuln | |
| CVE-2026-22663 | 7.5 | 0.03% | 1 | 0 | 2026-04-03T21:17:09.337000 | prompts.chat prior to commit 7b81836 contains multiple authorization bypass vuln | |
| CVE-2026-25726 | 8.1 | 0.04% | 1 | 0 | 2026-04-03T20:16:02.263000 | Cloudreve is a self-hosted file management and sharing system. Prior to version | |
| CVE-2026-34758 | 9.1 | 0.03% | 1 | 0 | 2026-04-03T19:52:26.097000 | OneUptime is an open-source monitoring and observability platform. Prior to vers | |
| CVE-2026-34752 | 7.5 | 0.04% | 1 | 0 | 2026-04-03T19:50:42.600000 | Haraka is a Node.js mail server. Prior to version 3.1.4, sending an email with _ | |
| CVE-2026-34524 | 8.3 | 0.05% | 1 | 0 | 2026-04-03T19:17:22.687000 | SillyTavern is a locally installed user interface that allows users to interact | |
| CVE-2026-28373 | 9.7 | 0.03% | 2 | 0 | 2026-04-03T18:31:34 | The Stackfield Desktop App before 1.10.2 for macOS and Windows contains a path t | |
| CVE-2026-0545 | 9.1 | 0.20% | 1 | 0 | 2026-04-03T18:31:34 | In mlflow/mlflow, the FastAPI job endpoints under `/ajax-api/3.0/jobs/*` are not | |
| CVE-2026-26477 | 7.5 | 0.11% | 1 | 0 | 2026-04-03T18:31:21 | An issue in Dokuwiki v.2025-05-14b 'Librarian' allows a remote attacker to cause | |
| CVE-2025-43202 | 8.8 | 0.02% | 1 | 0 | 2026-04-03T18:31:17 | This issue was addressed with improved memory handling. This issue is fixed in i | |
| CVE-2025-43219 | 8.8 | 0.02% | 1 | 0 | 2026-04-03T18:31:17 | The issue was addressed with improved memory handling. This issue is fixed in ma | |
| CVE-2025-43264 | 8.8 | 0.02% | 1 | 0 | 2026-04-03T17:56:53.233000 | The issue was addressed with improved memory handling. This issue is fixed in ma | |
| CVE-2026-35218 | 8.7 | 0.03% | 1 | 0 | 2026-04-03T16:16:41.977000 | Budibase is an open-source low-code platform. Prior to version 3.32.5, Budibase' | |
| CVE-2026-35214 | 8.7 | 0.11% | 1 | 0 | 2026-04-03T16:16:41.607000 | Budibase is an open-source low-code platform. Prior to version 3.33.4, the plugi | |
| CVE-2025-59711 | 8.3 | 0.87% | 1 | 0 | 2026-04-03T16:16:22.840000 | An issue was discovered in Biztalk360 before 11.5. Because of mishandling of use | |
| CVE-2026-20093 | 9.8 | 0.03% | 1 | 0 | 2026-04-03T16:11:11.357000 | A vulnerability in the change password functionality of Cisco Integrated Managem | |
| CVE-2026-20160 | 9.8 | 0.17% | 1 | 0 | 2026-04-03T16:11:11.357000 | A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allo | |
| CVE-2026-4636 | 8.1 | 0.03% | 2 | 0 | 2026-04-03T16:10:52.680000 | A flaw was found in Keycloak. An authenticated user with the uma_protection role | |
| CVE-2026-31933 | 7.5 | 0.04% | 2 | 0 | 2026-04-03T16:10:52.680000 | Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0. | |
| CVE-2026-31932 | 7.5 | 0.04% | 1 | 0 | 2026-04-03T16:10:52.680000 | Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0. | |
| CVE-2026-35168 | 8.8 | 0.06% | 1 | 0 | 2026-04-03T16:10:52.680000 | OpenSTAManager is an open source management software for technical assistance an | |
| CVE-2026-31934 | 7.5 | 0.04% | 1 | 0 | 2026-04-03T16:10:52.680000 | Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before vers | |
| CVE-2026-34728 | 8.7 | 0.19% | 1 | 0 | 2026-04-03T16:10:52.680000 | phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the Medi | |
| CVE-2026-34791 | 8.8 | 0.24% | 1 | 0 | 2026-04-03T16:10:52.680000 | Endian Firewall version 3.3.25 and prior allow authenticated users to execute ar | |
| CVE-2026-34794 | 8.8 | 0.24% | 2 | 0 | 2026-04-03T16:10:52.680000 | Endian Firewall version 3.3.25 and prior allow authenticated users to execute ar | |
| CVE-2026-34795 | 8.8 | 0.24% | 1 | 0 | 2026-04-03T16:10:52.680000 | Endian Firewall version 3.3.25 and prior allow authenticated users to execute ar | |
| CVE-2026-34797 | 8.8 | 0.24% | 1 | 0 | 2026-04-03T16:10:52.680000 | Endian Firewall version 3.3.25 and prior allow authenticated users to execute ar | |
| CVE-2026-35467 | 7.5 | 0.02% | 1 | 0 | 2026-04-03T16:10:23.730000 | The stored API keys in temporary browser client is not marked as protected allow | |
| CVE-2026-25773 | 8.1 | 0.01% | 1 | 0 | 2026-04-03T16:10:23.730000 | ** UNSUPPORTED WHEN ASSIGNED ** Focalboard version 8.0 fails to sanitize categor | |
| CVE-2026-33105 | 10.0 | 0.05% | 2 | 0 | 2026-04-03T16:10:23.730000 | Improper authorization in Microsoft Azure Kubernetes Service allows an unauthori | |
| CVE-2026-34743 | 0 | 0.04% | 1 | 0 | 2026-04-03T16:10:23.730000 | XZ Utils provide a general-purpose data-compression library plus command-line to | |
| CVE-2026-34838 | 9.9 | 0.45% | 2 | 1 | 2026-04-03T16:10:23.730000 | Group-Office is an enterprise customer relationship management and groupware too | |
| CVE-2026-5463 | 8.6 | 0.85% | 2 | 0 | 2026-04-03T16:10:23.730000 | Command injection vulnerability in console.run_module_with_output() in pymetaspl | |
| CVE-2026-30332 | 7.5 | 0.01% | 1 | 1 | 2026-04-03T16:10:23.730000 | A Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability in Balena E | |
| CVE-2026-5350 | 8.8 | 0.04% | 1 | 0 | 2026-04-03T16:10:23.730000 | A security flaw has been discovered in Trendnet TEW-657BRM 1.00.1. The impacted | |
| CVE-2026-25212 | 9.9 | 0.04% | 1 | 0 | 2026-04-03T16:10:23.730000 | An issue was discovered in Percona PMM before 3.7. Because an internal database | |
| CVE-2025-65114 | 7.5 | 0.03% | 1 | 0 | 2026-04-03T16:10:23.730000 | Apache Traffic Server allows request smuggling if chunked messages are malformed | |
| CVE-2026-35385 | 7.5 | 0.04% | 2 | 0 | 2026-04-03T16:10:23.730000 | In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setg | |
| CVE-2026-34577 | 8.6 | 0.09% | 1 | 0 | 2026-04-03T16:10:23.730000 | Postiz is an AI social media scheduling tool. Prior to version 2.21.3, the GET / | |
| CVE-2026-34827 | 7.5 | 0.04% | 1 | 0 | 2026-04-03T16:10:23.730000 | Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before | |
| CVE-2026-34725 | 8.2 | 0.02% | 1 | 0 | 2026-04-03T16:10:23.730000 | DbGate is cross-platform database manager. From version 7.0.0 to before version | |
| CVE-2026-32173 | 8.6 | 0.06% | 1 | 0 | 2026-04-03T16:10:23.730000 | Improper authentication in Azure SRE Agent allows an unauthorized attacker to di | |
| CVE-2026-35386 | 3.6 | 0.01% | 1 | 0 | 2026-04-03T16:10:23.730000 | In OpenSSH before 10.3, command execution can occur via shell metacharacters in | |
| CVE-2026-3502 | 7.8 | 1.32% | 5 | 2 | 2026-04-03T11:40:57.390000 | TrueConf Client downloads application update code and applies it without perform | |
| CVE-2026-4350 | 8.1 | 0.10% | 1 | 0 | 2026-04-03T09:30:21 | The Perfmatters plugin for WordPress is vulnerable to arbitrary file deletion vi | |
| CVE-2026-28815 | None | 0.03% | 1 | 0 | 2026-04-03T03:39:42 | ### Summary The X-Wing decapsulation path accepts attacker-controlled encapsula | |
| CVE-2026-34774 | 8.1 | 0.04% | 1 | 0 | 2026-04-03T02:42:31 | ### Impact Apps that use offscreen rendering and allow child windows via `window | |
| CVE-2026-34771 | 7.5 | 0.04% | 1 | 0 | 2026-04-03T02:40:26 | ### Impact Apps that register an asynchronous `session.setPermissionRequestHandl | |
| CVE-2026-32213 | 10.0 | 0.05% | 2 | 0 | 2026-04-03T00:31:15 | Improper authorization in Azure AI Foundry allows an unauthorized attacker to el | |
| CVE-2026-33107 | 10.0 | 0.05% | 1 | 0 | 2026-04-03T00:31:15 | Server-side request forgery (ssrf) in Azure Databricks allows an unauthorized at | |
| CVE-2026-32211 | 9.1 | 0.05% | 1 | 0 | 2026-04-03T00:31:14 | Missing authentication for critical function in Azure MCP Server allows an unaut | |
| CVE-2026-26135 | 9.6 | 0.05% | 1 | 0 | 2026-04-03T00:31:14 | Server-side request forgery (ssrf) in Azure Custom Locations Resource Provider ( | |
| CVE-2025-58136 | 7.5 | 0.04% | 1 | 0 | 2026-04-02T21:34:00 | A bug in POST request handling causes a crash under a certain condition. This i | |
| CVE-2026-5429 | 7.8 | 0.02% | 1 | 0 | 2026-04-02T21:33:03 | Unsanitized input during web page generation in the Kiro Agent webview in Kiro I | |
| CVE-2025-43257 | 8.7 | 0.01% | 1 | 0 | 2026-04-02T21:33:02 | This issue was addressed with improved handling of symlinks. This issue is fixed | |
| CVE-2026-34426 | 7.6 | 0.04% | 1 | 0 | 2026-04-02T21:33:02 | OpenClaw versions prior to commit b57b680 contain an approval bypass vulnerabili | |
| CVE-2026-34829 | 7.5 | 0.04% | 1 | 0 | 2026-04-02T20:34:49 | ## Summary `Rack::Multipart::Parser` only wraps the request body in a `BoundedI | |
| CVE-2026-34785 | 7.5 | 0.03% | 1 | 0 | 2026-04-02T18:44:26 | ## Summary `Rack::Static` determines whether a request should be served as a st | |
| CVE-2026-34876 | 7.5 | 0.02% | 1 | 0 | 2026-04-02T18:31:45 | An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vuln | |
| CVE-2026-5349 | 8.8 | 0.04% | 1 | 0 | 2026-04-02T18:31:45 | A vulnerability was identified in Trendnet TEW-657BRM 1.00.1. The affected eleme | |
| CVE-2026-34877 | 9.8 | 0.07% | 1 | 0 | 2026-04-02T18:31:45 | An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4 | |
| CVE-2026-35388 | 2.5 | 0.01% | 1 | 0 | 2026-04-02T18:31:45 | OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode mu | |
| CVE-2026-35387 | 3.1 | 0.03% | 1 | 0 | 2026-04-02T18:31:45 | OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA al | |
| CVE-2026-34792 | 8.8 | 0.24% | 2 | 0 | 2026-04-02T15:31:49 | Endian Firewall version 3.3.25 and prior allow authenticated users to execute ar | |
| CVE-2026-34796 | 8.8 | 0.24% | 2 | 0 | 2026-04-02T15:31:49 | Endian Firewall version 3.3.25 and prior allow authenticated users to execute ar | |
| CVE-2026-34793 | 8.8 | 0.24% | 1 | 0 | 2026-04-02T15:31:49 | Endian Firewall version 3.3.25 and prior allow authenticated users to execute ar | |
| CVE-2026-2701 | 9.1 | 0.19% | 7 | 0 | 2026-04-02T15:31:41 | Authenticated user can upload a malicious file to the server and execute it, whi | |
| CVE-2026-2699 | 9.8 | 0.41% | 7 | 1 | 2026-04-02T15:31:40 | Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthentica | |
| CVE-2026-26928 | None | 0.02% | 1 | 0 | 2026-04-02T15:31:40 | SzafirHost downloads necessary files in the context of the initiating web page. | |
| CVE-2026-34952 | 9.1 | 0.04% | 3 | 0 | 2026-04-01T23:28:05 | ### Summary The PraisonAI Gateway server accepts WebSocket connections at `/ws` | |
| CVE-2026-34954 | 8.6 | 0.03% | 1 | 0 | 2026-04-01T23:27:07 | ### Summary `FileTools.download_file()` in `praisonaiagents` validates the dest | |
| CVE-2026-34955 | 8.8 | 0.02% | 1 | 0 | 2026-04-01T23:26:02 | ### Summary `SubprocessSandbox` in all modes (BASIC, STRICT, NETWORK_ISOLATED) | |
| CVE-2026-34936 | 7.7 | 0.03% | 1 | 0 | 2026-04-01T23:21:46 | ### Summary `passthrough()` and `apassthrough()` in `praisonai` accept a caller | |
| CVE-2026-34934 | 9.8 | 0.05% | 2 | 0 | 2026-04-01T23:20:34 | ## Summary The `get_all_user_threads` function constructs raw SQL queries using | |
| CVE-2026-34937 | 7.8 | 0.03% | 2 | 0 | 2026-04-01T23:18:18 | ### Summary `run_python()` in `praisonai` constructs a shell command string by | |
| CVE-2026-34938 | 10.0 | 0.10% | 2 | 0 | 2026-04-01T23:17:49 | ### Summary `execute_code()` in `praisonai-agents` runs attacker-controlled Pyt | |
| CVE-2026-34522 | 8.1 | 0.06% | 1 | 0 | 2026-04-01T21:36:44 | ### Summary A path traversal vulnerability in `/api/chats/import` allows an auth | |
| CVE-2026-5281 | 8.8 | 3.03% | 8 | 1 | 2026-04-01T21:30:28 | Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote | |
| CVE-2026-34742 | None | 0.05% | 1 | 0 | 2026-04-01T21:09:10 | The Model Context Protocol (MCP) Go SDK does not enable DNS rebinding protection | |
| CVE-2026-34581 | 8.1 | 0.03% | 1 | 0 | 2026-04-01T20:58:51 | ### Summary When using the `Share Token` it is possible to bypass the limited se | |
| CVE-2026-33544 | 7.7 | 0.04% | 1 | 0 | 2026-04-01T19:52:05 | ### Summary All three OAuth service implementations (`GenericOAuthService`, `Gi | |
| CVE-2026-28805 | 8.8 | 0.03% | 2 | 0 | 2026-04-01T19:46:02 | ## Description Multiple AJAX select handlers in OpenSTAManager <= 2.10.1 are vu | |
| CVE-2026-33579 | 8.1 | 0.01% | 10 | 1 | 2026-04-01T19:07:04.223000 | OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the / | |
| CVE-2026-4747 | 8.8 | 0.18% | 2 | 0 | 2026-04-01T15:23:23.797000 | Each RPCSEC_GSS data packet is validated by a routine which checks a signature i | |
| CVE-2026-5176 | 7.3 | 2.96% | 2 | 0 | 2026-04-01T14:24:02.583000 | A security flaw has been discovered in Totolink A3300R 17.0.0cu.557_b20221024. A | |
| CVE-2026-34601 | 7.5 | 0.04% | 1 | 0 | 2026-04-01T00:19:07 | ## Summary `@xmldom/xmldom` allows attacker-controlled strings containing the C | |
| CVE-2026-34453 | 7.5 | 2.67% | 2 | 0 | template | 2026-03-31T23:30:05 | ### Summary The publish service exposes bookmarked blocks from password-protecte |
| CVE-2026-34156 | 10.0 | 5.19% | 2 | 1 | template | 2026-03-31T18:50:36 | `##` Summary NocoBase's Workflow Script Node executes user-supplied JavaScript |
| CVE-2026-4020 | 7.5 | 4.66% | 2 | 0 | template | 2026-03-31T03:31:35 | The Gravity SMTP plugin for WordPress is vulnerable to Sensitive Information Exp |
| CVE-2026-4257 | 9.8 | 19.61% | 2 | 0 | template | 2026-03-31T00:31:19 | The Contact Form by Supsystic plugin for WordPress is vulnerable to Server-Side |
| CVE-2026-5105 | 6.3 | 2.16% | 2 | 0 | 2026-03-30T18:32:18 | A vulnerability was detected in Totolink A3300R 17.0.0cu.557_b20221024. The affe | |
| CVE-2026-5104 | 6.3 | 2.16% | 2 | 0 | 2026-03-30T18:31:16 | A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_b2022 | |
| CVE-2026-5103 | 6.3 | 2.16% | 2 | 0 | 2026-03-30T18:31:16 | A weakness has been identified in Totolink A3300R 17.0.0cu.557_b20221024. This i | |
| CVE-2026-33645 | 7.1 | 0.07% | 1 | 0 | 2026-03-30T18:12:01.663000 | Fireshare facilitates self-hosted media and link sharing. In version 1.5.1, an a | |
| CVE-2026-33641 | 7.8 | 0.02% | 1 | 0 | 2026-03-30T17:01:32 | ## Summary Glances supports dynamic configuration values in which substrings enc | |
| CVE-2026-4415 | 8.1 | 0.48% | 1 | 0 | 2026-03-30T13:26:07.647000 | Gigabyte Control Center developed by GIGABYTE has an Arbitrary File Write vulner | |
| CVE-2026-4425 | None | 0.00% | 1 | 0 | 2026-03-30T12:32:36 | Rejected reason: Reserved for EastLink case, but no need for CVE anymore | |
| CVE-2026-5102 | 6.3 | 2.16% | 2 | 0 | 2026-03-30T00:31:08 | A security flaw has been discovered in Totolink A3300R 17.0.0cu.557_b20221024. T | |
| CVE-2026-21536 | 9.8 | 0.40% | 1 | 0 | 2026-03-16T15:40:44.357000 | Microsoft Devices Pricing Program Remote Code Execution Vulnerability | |
| CVE-2025-55182 | 10.0 | 66.27% | 4 | 100 | template | 2025-12-09T16:53:25 | ### Impact There is an unauthenticated remote code execution vulnerability in R |
| CVE-2025-50286 | 8.1 | 62.34% | 1 | 2 | 2025-11-07T19:18:37.380000 | A Remote Code Execution (RCE) vulnerability in Grav CMS v1.7.48 allows an authen | |
| CVE-2025-30208 | 5.3 | 88.96% | 1 | 23 | template | 2025-03-25T14:00:04 | ### Summary The contents of arbitrary files can be returned to the browser. ### |
| CVE-2025-70951 | 0 | 0.00% | 3 | 0 | N/A | ||
| CVE-2026-26026 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-26027 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-31931 | 0 | 0.05% | 1 | 0 | N/A | ||
| CVE-2026-28798 | 0 | 0.04% | 1 | 0 | N/A | ||
| CVE-2026-27833 | 0 | 0.04% | 1 | 0 | N/A | ||
| CVE-2026-28289 | 0 | 17.68% | 1 | 1 | N/A | ||
| CVE-2026-34745 | 0 | 0.04% | 2 | 0 | N/A | ||
| CVE-2026-31937 | 0 | 0.04% | 1 | 0 | N/A | ||
| CVE-2026-31935 | 0 | 0.04% | 1 | 0 | N/A | ||
| CVE-2026-33746 | 0 | 0.08% | 1 | 0 | N/A | ||
| CVE-2026-34717 | 0 | 0.04% | 1 | 0 | N/A | ||
| CVE-2026-34840 | 0 | 0.05% | 1 | 0 | N/A |
updated 2026-04-06T06:16:22.310000
4 posts
⚠️ CVE-2026-5629: High-severity stack buffer overflow in Belkin F9K1015 (v1.00.10). Remote exploit possible — public code out, no patch yet. Restrict device access & monitor vendor updates. https://radar.offseq.com/threat/cve-2026-5629-stack-based-buffer-overflow-in-belki-abbd3417 #OffSeq #Vulnerability #RouterSecurity #Belkin
##🟠 CVE-2026-5629 - High (8.8)
A vulnerability was detected in Belkin F9K1015 1.00.10. The affected element is the function formSetFirewall of the file /goform/formSetFirewall. The manipulation of the argument webpage results in stack-based buffer overflow. The attack can be ex...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5629/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CVE-2026-5629: High-severity stack buffer overflow in Belkin F9K1015 (v1.00.10). Remote exploit possible — public code out, no patch yet. Restrict device access & monitor vendor updates. https://radar.offseq.com/threat/cve-2026-5629-stack-based-buffer-overflow-in-belki-abbd3417 #OffSeq #Vulnerability #RouterSecurity #Belkin
##🟠 CVE-2026-5629 - High (8.8)
A vulnerability was detected in Belkin F9K1015 1.00.10. The affected element is the function formSetFirewall of the file /goform/formSetFirewall. The manipulation of the argument webpage results in stack-based buffer overflow. The attack can be ex...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5629/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-06T06:16:22.087000
4 posts
📢 CVE-2026-5628: HIGH severity stack buffer overflow in Belkin F9K1015 (v1.00.10). Remotely exploitable — no patch yet. Restrict mgmt access & disable remote mgmt until fixed. Info: https://radar.offseq.com/threat/cve-2026-5628-stack-based-buffer-overflow-in-belki-732548e5 #OffSeq #Vuln #IoT #Belkin
##🟠 CVE-2026-5628 - High (8.8)
A security vulnerability has been detected in Belkin F9K1015 1.00.10. Impacted is the function formSetSystemSettings of the file /goform/formSetSystemSettings of the component Setting Handler. The manipulation of the argument webpage leads to stac...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5628/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##📢 CVE-2026-5628: HIGH severity stack buffer overflow in Belkin F9K1015 (v1.00.10). Remotely exploitable — no patch yet. Restrict mgmt access & disable remote mgmt until fixed. Info: https://radar.offseq.com/threat/cve-2026-5628-stack-based-buffer-overflow-in-belki-732548e5 #OffSeq #Vuln #IoT #Belkin
##🟠 CVE-2026-5628 - High (8.8)
A security vulnerability has been detected in Belkin F9K1015 1.00.10. Impacted is the function formSetSystemSettings of the file /goform/formSetSystemSettings of the component Setting Handler. The manipulation of the argument webpage leads to stac...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5628/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-06T04:16:09.967000
4 posts
🔒 HIGH-severity stack buffer overflow in Belkin F9K1015 (v1.00.10) — CVE-2026-5614. Public exploit, no patch, vendor silent. Disable remote access, restrict device exposure. Stay vigilant! https://radar.offseq.com/threat/cve-2026-5614-stack-based-buffer-overflow-in-belki-4bd2dba3 #OffSeq #Infosec #Vuln #IoTSecurity
##🟠 CVE-2026-5614 - High (8.8)
A security flaw has been discovered in Belkin F9K1015 1.00.10. Impacted is the function formSetPassword of the file /goform/formSetPassword. The manipulation of the argument webpage results in stack-based buffer overflow. The attack may be launche...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5614/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔒 HIGH-severity stack buffer overflow in Belkin F9K1015 (v1.00.10) — CVE-2026-5614. Public exploit, no patch, vendor silent. Disable remote access, restrict device exposure. Stay vigilant! https://radar.offseq.com/threat/cve-2026-5614-stack-based-buffer-overflow-in-belki-4bd2dba3 #OffSeq #Infosec #Vuln #IoTSecurity
##🟠 CVE-2026-5614 - High (8.8)
A security flaw has been discovered in Belkin F9K1015 1.00.10. Impacted is the function formSetPassword of the file /goform/formSetPassword. The manipulation of the argument webpage results in stack-based buffer overflow. The attack may be launche...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5614/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-06T03:16:07.990000
4 posts
🔔 CVE-2026-5613: HIGH severity stack-based buffer overflow in Belkin F9K1015 v1.00.10. Remote code execution or DoS possible. No patch; exploit public. Restrict mgmt interface, disable remote mgmt. https://radar.offseq.com/threat/cve-2026-5613-stack-based-buffer-overflow-in-belki-4e7d7f43 #OffSeq #Infosec #IoT #Vuln
##🟠 CVE-2026-5613 - High (8.8)
A vulnerability was identified in Belkin F9K1015 1.00.10. This issue affects the function formReboot of the file /goform/formReboot. The manipulation of the argument webpage leads to stack-based buffer overflow. The attack may be initiated remotel...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5613/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔔 CVE-2026-5613: HIGH severity stack-based buffer overflow in Belkin F9K1015 v1.00.10. Remote code execution or DoS possible. No patch; exploit public. Restrict mgmt interface, disable remote mgmt. https://radar.offseq.com/threat/cve-2026-5613-stack-based-buffer-overflow-in-belki-4e7d7f43 #OffSeq #Infosec #IoT #Vuln
##🟠 CVE-2026-5613 - High (8.8)
A vulnerability was identified in Belkin F9K1015 1.00.10. This issue affects the function formReboot of the file /goform/formReboot. The manipulation of the argument webpage leads to stack-based buffer overflow. The attack may be initiated remotel...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5613/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-06T03:16:07.790000
2 posts
🟠 CVE-2026-5612 - High (8.8)
A vulnerability was determined in Belkin F9K1015 1.00.10. This vulnerability affects the function formWlEncrypt of the file /goform/formWlEncrypt. Executing a manipulation of the argument webpage can lead to stack-based buffer overflow. The attack...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5612/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-5612 - High (8.8)
A vulnerability was determined in Belkin F9K1015 1.00.10. This vulnerability affects the function formWlEncrypt of the file /goform/formWlEncrypt. Executing a manipulation of the argument webpage can lead to stack-based buffer overflow. The attack...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5612/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-06T03:16:07.570000
2 posts
🟠 CVE-2026-5611 - High (8.8)
A vulnerability was found in Belkin F9K1015 1.00.10. This affects the function formCrossBandSwitch of the file /goform/formCrossBandSwitch. Performing a manipulation of the argument webpage results in stack-based buffer overflow. The attack can be...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5611/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-5611 - High (8.8)
A vulnerability was found in Belkin F9K1015 1.00.10. This affects the function formCrossBandSwitch of the file /goform/formCrossBandSwitch. Performing a manipulation of the argument webpage results in stack-based buffer overflow. The attack can be...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5611/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-06T02:16:00.927000
4 posts
⚠️ HIGH severity: Belkin F9K1015 (v1.00.10) stack buffer overflow (CVE-2026-5610) in /goform/formWISP5G. Remotely exploitable, no patch yet. Restrict device exposure & monitor for anomalies. More at https://radar.offseq.com/threat/cve-2026-5610-stack-based-buffer-overflow-in-belki-eb86f832 #OffSeq #Vulnerability #Security
##🟠 CVE-2026-5610 - High (8.8)
A vulnerability has been found in Belkin F9K1015 1.00.10. Affected by this issue is the function formWISP5G of the file /goform/formWISP5G. Such manipulation of the argument webpage leads to stack-based buffer overflow. It is possible to launch th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5610/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ HIGH severity: Belkin F9K1015 (v1.00.10) stack buffer overflow (CVE-2026-5610) in /goform/formWISP5G. Remotely exploitable, no patch yet. Restrict device exposure & monitor for anomalies. More at https://radar.offseq.com/threat/cve-2026-5610-stack-based-buffer-overflow-in-belki-eb86f832 #OffSeq #Vulnerability #Security
##🟠 CVE-2026-5610 - High (8.8)
A vulnerability has been found in Belkin F9K1015 1.00.10. Affected by this issue is the function formWISP5G of the file /goform/formWISP5G. Such manipulation of the argument webpage leads to stack-based buffer overflow. It is possible to launch th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5610/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-06T02:16:00.670000
2 posts
🟠 CVE-2026-5609 - High (8.8)
A flaw has been found in Tenda i12 1.0.0.11(3862). Affected by this vulnerability is the function formwrlSSIDset of the file /goform/wifiSSIDset of the component Parameter Handler. This manipulation of the argument index/wl_radio causes stack-base...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5609/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-5609 - High (8.8)
A flaw has been found in Tenda i12 1.0.0.11(3862). Affected by this vulnerability is the function formwrlSSIDset of the file /goform/wifiSSIDset of the component Parameter Handler. This manipulation of the argument index/wl_radio causes stack-base...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5609/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-06T01:16:40.367000
4 posts
⚠️ HIGH severity: CVE-2026-5608 in Belkin F9K1122 v1.00.33 enables remote buffer overflow via the /goform/formWlanSetup endpoint. Exploit code is public; no patch from vendor. Restrict remote mgmt access now. https://radar.offseq.com/threat/cve-2026-5608-stack-based-buffer-overflow-in-belki-c4d65888 #OffSeq #Belkin #Vuln
##🟠 CVE-2026-5608 - High (8.8)
A vulnerability was detected in Belkin F9K1122 1.00.33. Affected is the function formWlanSetup of the file /goform/formWlanSetup. The manipulation of the argument webpage results in stack-based buffer overflow. The attack may be performed from rem...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5608/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ HIGH severity: CVE-2026-5608 in Belkin F9K1122 v1.00.33 enables remote buffer overflow via the /goform/formWlanSetup endpoint. Exploit code is public; no patch from vendor. Restrict remote mgmt access now. https://radar.offseq.com/threat/cve-2026-5608-stack-based-buffer-overflow-in-belki-c4d65888 #OffSeq #Belkin #Vuln
##🟠 CVE-2026-5608 - High (8.8)
A vulnerability was detected in Belkin F9K1122 1.00.33. Affected is the function formWlanSetup of the file /goform/formWlanSetup. The manipulation of the argument webpage results in stack-based buffer overflow. The attack may be performed from rem...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5608/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-06T00:30:31
4 posts
🟠 CVE-2026-5605 - High (8.8)
A weakness has been identified in Tenda CH22 1.0.0.1. This affects the function formWrlExtraSet of the file /goform/WrlExtraSet. Executing a manipulation of the argument GO can lead to stack-based buffer overflow. The attack can be executed remote...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5605/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 HIGH severity: CVE-2026-5605 in Tenda CH22 v1.0.0.1 — stack-based buffer overflow in /goform/WrlExtraSet. No patch yet. Restrict remote access & monitor for threats. Details: https://radar.offseq.com/threat/cve-2026-5605-stack-based-buffer-overflow-in-tenda-5175b382 #OffSeq #Vulnerability #IoTSecurity
##🟠 CVE-2026-5605 - High (8.8)
A weakness has been identified in Tenda CH22 1.0.0.1. This affects the function formWrlExtraSet of the file /goform/WrlExtraSet. Executing a manipulation of the argument GO can lead to stack-based buffer overflow. The attack can be executed remote...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5605/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 HIGH severity: CVE-2026-5605 in Tenda CH22 v1.0.0.1 — stack-based buffer overflow in /goform/WrlExtraSet. No patch yet. Restrict remote access & monitor for threats. Details: https://radar.offseq.com/threat/cve-2026-5605-stack-based-buffer-overflow-in-tenda-5175b382 #OffSeq #Vulnerability #IoTSecurity
##updated 2026-04-06T00:30:31
2 posts
🟠 CVE-2026-5604 - High (8.8)
A security flaw has been discovered in Tenda CH22 1.0.0.1. The impacted element is the function formCertLocalPrecreate of the file /goform/CertLocalPrecreate of the component Parameter Handler. Performing a manipulation of the argument standard re...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5604/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-5604 - High (8.8)
A security flaw has been discovered in Tenda CH22 1.0.0.1. The impacted element is the function formCertLocalPrecreate of the file /goform/CertLocalPrecreate of the component Parameter Handler. Performing a manipulation of the argument standard re...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5604/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-06T00:30:31
2 posts
🟠 CVE-2026-4272 - High (8.1)
Missing Authentication for Critical Function vulnerability in Honeywell Handheld Scanners allows Authentication Abuse.This issue affects Handheld Scanners: from C1 Base(Ingenic x1000) before GK000432BAA, from D1 Base(Ingenic x1600) before HE000085...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4272/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4272 - High (8.1)
Missing Authentication for Critical Function vulnerability in Honeywell Handheld Scanners allows Authentication Abuse.This issue affects Handheld Scanners: from C1 Base(Ingenic x1000) before GK000432BAA, from D1 Base(Ingenic x1600) before HE000085...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4272/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-05T15:32:03
2 posts
🟠 CVE-2026-5567 - High (8.8)
A flaw has been found in Tenda M3 1.0.0.10. This vulnerability affects the function setAdvPolicyData of the file /goform/setAdvPolicyData of the component Destination Handler. Executing a manipulation of the argument policyType can lead to buffer ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5567/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-5567 - High (8.8)
A flaw has been found in Tenda M3 1.0.0.10. This vulnerability affects the function setAdvPolicyData of the file /goform/setAdvPolicyData of the component Destination Handler. Executing a manipulation of the argument policyType can lead to buffer ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5567/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-05T15:32:03
2 posts
🟠 CVE-2026-5566 - High (8.8)
A vulnerability was detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. This affects the function strcpy of the file /goform/formNatStaticMap. Performing a manipulation of the argument NatBind results in buffer overflow. Remote exploitation of...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5566/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-5566 - High (8.8)
A vulnerability was detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. This affects the function strcpy of the file /goform/formNatStaticMap. Performing a manipulation of the argument NatBind results in buffer overflow. Remote exploitation of...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5566/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-05T10:16:19.933000
2 posts
⚠️ MEDIUM risk: CVE-2026-5558 allows SQL injection in PHPGurukul Online Shopping Portal (v2.0, 2.1) via /pending-orders.php. Exploit is public. Review your instances & restrict access if needed. Details: https://radar.offseq.com/threat/cve-2026-5558-sql-injection-in-phpgurukul-phpguruk-e94dae7f #OffSeq #SQLInjection #PHP #Vuln
##⚠️ MEDIUM risk: CVE-2026-5558 allows SQL injection in PHPGurukul Online Shopping Portal (v2.0, 2.1) via /pending-orders.php. Exploit is public. Review your instances & restrict access if needed. Details: https://radar.offseq.com/threat/cve-2026-5558-sql-injection-in-phpgurukul-phpguruk-e94dae7f #OffSeq #SQLInjection #PHP #Vuln
##updated 2026-04-05T09:30:22
2 posts
🟠 CVE-2026-5548 - High (8.8)
A vulnerability was found in Tenda AC10 16.03.10.10_multi_TDE01. Affected by this vulnerability is the function fromSysToolChangePwd of the file /bin/httpd. Performing a manipulation of the argument sys.userpass results in stack-based buffer overf...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5548/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-5548 - High (8.8)
A vulnerability was found in Tenda AC10 16.03.10.10_multi_TDE01. Affected by this vulnerability is the function fromSysToolChangePwd of the file /bin/httpd. Performing a manipulation of the argument sys.userpass results in stack-based buffer overf...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5548/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-05T08:16:25.100000
4 posts
🔎 HIGH severity: Tenda AC10 (v16.03.10.10_multi_TDE01) has a stack buffer overflow (CVE-2026-5550) in /bin/httpd. Remote code execution possible. No patch yet — restrict remote mgmt & monitor closely. https://radar.offseq.com/threat/cve-2026-5550-stack-based-buffer-overflow-in-tenda-a47995aa #OffSeq #infosec #CVE2026_5550
##🟠 CVE-2026-5550 - High (8.8)
A vulnerability was identified in Tenda AC10 16.03.10.10_multi_TDE01. This affects the function fromSysToolChangePwd of the file /bin/httpd. The manipulation leads to stack-based buffer overflow. The attack may be initiated remotely. Multiple endp...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5550/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔎 HIGH severity: Tenda AC10 (v16.03.10.10_multi_TDE01) has a stack buffer overflow (CVE-2026-5550) in /bin/httpd. Remote code execution possible. No patch yet — restrict remote mgmt & monitor closely. https://radar.offseq.com/threat/cve-2026-5550-stack-based-buffer-overflow-in-tenda-a47995aa #OffSeq #infosec #CVE2026_5550
##🟠 CVE-2026-5550 - High (8.8)
A vulnerability was identified in Tenda AC10 16.03.10.10_multi_TDE01. This affects the function fromSysToolChangePwd of the file /bin/httpd. The manipulation leads to stack-based buffer overflow. The attack may be initiated remotely. Multiple endp...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5550/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-05T06:32:08
5 posts
🔶 New security advisory:
CVE-2026-5544 affects multiple systems.
• Impact: Significant security breach potential
• Risk: Unauthorized access or data exposure
• Mitigation: Apply patches within 24-48 hours
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-5544-utt-hiper-1250gw-rce-exploit-released
🟠 CVE-2026-5544 - High (8.8)
A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. The impacted element is an unknown function of the file /goform/formRemoteControl. The manipulation of the argument Profile results in stack-based buffer overflow. ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5544/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔎 CVE-2026-5544: HIGH severity stack overflow in UTT HiPER 1250GW (≤ v3.2.7-210907-180535). Remote, no auth needed. Public exploit code available — restrict network access & monitor vendor alerts. https://radar.offseq.com/threat/cve-2026-5544-stack-based-buffer-overflow-in-utt-h-45d31ae5 #OffSeq #Vulnerability #CyberSecurity #UTT
##🟠 CVE-2026-5544 - High (8.8)
A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. The impacted element is an unknown function of the file /goform/formRemoteControl. The manipulation of the argument Profile results in stack-based buffer overflow. ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5544/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔎 CVE-2026-5544: HIGH severity stack overflow in UTT HiPER 1250GW (≤ v3.2.7-210907-180535). Remote, no auth needed. Public exploit code available — restrict network access & monitor vendor alerts. https://radar.offseq.com/threat/cve-2026-5544-stack-based-buffer-overflow-in-utt-h-45d31ae5 #OffSeq #Vulnerability #CyberSecurity #UTT
##updated 2026-04-04T12:31:04
2 posts
⚠️ HIGH severity XSS (CVE-2026-2936) in Visitor Traffic Real Time Statistics WP plugin ≤8.4. Unauth attackers can inject persistent scripts via 'page_title', executed by admins. No patch yet — restrict access or disable plugin. https://radar.offseq.com/threat/cve-2026-2936-cwe-79-improper-neutralization-of-in-422ba84b #OffSeq #WordPress #XSS
##⚠️ HIGH severity XSS (CVE-2026-2936) in Visitor Traffic Real Time Statistics WP plugin ≤8.4. Unauth attackers can inject persistent scripts via 'page_title', executed by admins. No patch yet — restrict access or disable plugin. https://radar.offseq.com/threat/cve-2026-2936-cwe-79-improper-neutralization-of-in-422ba84b #OffSeq #WordPress #XSS
##updated 2026-04-04T12:31:04
4 posts
🟠 CVE-2026-3666 - High (8.8)
The wpForo Forum plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 2.4.16. This is due to a missing file name/path validation against path traversal sequences. This makes it possible for authentica...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3666/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##wpForo Forum plugin for WordPress (up to 2.4.16) has a HIGH severity path traversal vuln (CVE-2026-3666) 🛡️. Authenticated users can delete server files. No patch yet — restrict permissions & watch for suspicious deletions. More: https://radar.offseq.com/threat/cve-2026-3666-cwe-22-improper-limitation-of-a-path-8b05d9d8 #OffSeq #WordPress #Infosec
##🟠 CVE-2026-3666 - High (8.8)
The wpForo Forum plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 2.4.16. This is due to a missing file name/path validation against path traversal sequences. This makes it possible for authentica...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3666/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##wpForo Forum plugin for WordPress (up to 2.4.16) has a HIGH severity path traversal vuln (CVE-2026-3666) 🛡️. Authenticated users can delete server files. No patch yet — restrict permissions & watch for suspicious deletions. More: https://radar.offseq.com/threat/cve-2026-3666-cwe-22-improper-limitation-of-a-path-8b05d9d8 #OffSeq #WordPress #Infosec
##updated 2026-04-04T12:16:02.943000
4 posts
CVE-2026-1233 (HIGH): The Text to Speech for WP plugin (<=1.9.8) exposes hardcoded MySQL creds, risking unauthorized write access to telemetry DB. No patch yet — disable or restrict access. https://radar.offseq.com/threat/cve-2026-1233-cwe-798-use-of-hard-coded-credential-6c6e620c #OffSeq #WordPress #InfoSec #CVE
##🟠 CVE-2026-1233 - High (7.5)
The Text to Speech for WP (AI Voices by Mementor) plugin for WordPress is vulnerable to sensitive information exposure in all versions up to, and including, 1.9.8. This is due to the plugin containing hardcoded MySQL database credentials for the v...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1233/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##CVE-2026-1233 (HIGH): The Text to Speech for WP plugin (<=1.9.8) exposes hardcoded MySQL creds, risking unauthorized write access to telemetry DB. No patch yet — disable or restrict access. https://radar.offseq.com/threat/cve-2026-1233-cwe-798-use-of-hard-coded-credential-6c6e620c #OffSeq #WordPress #InfoSec #CVE
##🟠 CVE-2026-1233 - High (7.5)
The Text to Speech for WP (AI Voices by Mementor) plugin for WordPress is vulnerable to sensitive information exposure in all versions up to, and including, 1.9.8. This is due to the plugin containing hardcoded MySQL database credentials for the v...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1233/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-04T09:30:37
2 posts
⚠️ HIGH severity: Stored XSS (CVE-2026-5425) in trustindex Widgets for Social Photo Feed (≤1.7.9) allows unauthenticated attackers to inject malicious scripts via 'feed_data'. No patch yet — disable plugin. Details: https://radar.offseq.com/threat/cve-2026-5425-cwe-79-improper-neutralization-of-in-1c7aa2af #OffSeq #WordPress #XSS #Vuln
##⚠️ HIGH severity: Stored XSS (CVE-2026-5425) in trustindex Widgets for Social Photo Feed (≤1.7.9) allows unauthenticated attackers to inject malicious scripts via 'feed_data'. No patch yet — disable plugin. Details: https://radar.offseq.com/threat/cve-2026-5425-cwe-79-improper-neutralization-of-in-1c7aa2af #OffSeq #WordPress #XSS #Vuln
##updated 2026-04-04T09:30:37
2 posts
🚨 HIGH severity: CVE-2026-3445 in ProfilePress plugin lets subscriber-level users bypass paid memberships via missing authorization in process_checkout(). No patch yet. Restrict privileges & monitor activity. Details: https://radar.offseq.com/threat/cve-2026-3445-cwe-862-missing-authorization-in-pro-38b78a54 #OffSeq #WordPress #Vuln
##🚨 HIGH severity: CVE-2026-3445 in ProfilePress plugin lets subscriber-level users bypass paid memberships via missing authorization in process_checkout(). No patch yet. Restrict privileges & monitor activity. Details: https://radar.offseq.com/threat/cve-2026-3445-cwe-862-missing-authorization-in-pro-38b78a54 #OffSeq #WordPress #Vuln
##updated 2026-04-04T09:30:31
2 posts
🟠 CVE-2026-4896 - High (8.1)
The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.25 via multiple AJAX actions includ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4896/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4896 - High (8.1)
The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.25 via multiple AJAX actions includ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4896/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-04T06:04:59
1 posts
🔴 CVE-2026-35216 - Critical (9)
Budibase is an open-source low-code platform. Prior to version 3.33.4, an unauthenticated attacker can achieve Remote Code Execution (RCE) on the Budibase server by triggering an automation that contains a Bash step via the public webhook endpoint...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35216/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-04T06:00:48
2 posts
🟠 CVE-2026-4634 - High (7.5)
A flaw was found in Keycloak. An unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with an excessively long scope parameter to the OpenID Connect (OIDC) token endpoint. This leads to high resource ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4634/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4634 - High (7.5)
A flaw was found in Keycloak. An unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with an excessively long scope parameter to the OpenID Connect (OIDC) token endpoint. This leads to high resource ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4634/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-04T01:16:39.720000
18 posts
2 repos
Fortinet Releases Emergency Patch as Critical FortiClient EMS Vulnerability Faces Active Exploitation + Video
🎯 Introduction: A Critical Security Gap Already Under Attack A newly disclosed vulnerability in Fortinet’s FortiClient EMS platform has escalated into a serious cybersecurity concern, with attackers already exploiting it in real-world environments. The flaw, identified as CVE-2026-35616, carries a high severity rating and exposes organizations to unauthorized…
##US President Trump issued an ultimatum to Iran: reopen the Strait of Hormuz by Tuesday or face strikes, intensifying Middle East tensions and driving up oil prices. NVIDIA unveiled new GPU compression technology, while a Chinese chipmaker claims a 300% performance lead over Nvidia's flagship GPU. In cybersecurity, Fortinet patched an actively exploited critical flaw (CVE-2026-35616) in FortiClient EMS. April has seen a surge in ransomware, including the Marquis fintech attack exposing 672,000 records.
##US-Iran geopolitical tensions escalate with downed aircraft and President Trump's threats. (Apr 5, 2026) On technology, Microsoft announced a ¥1.6 trillion investment in Japan for AI infrastructure and cybersecurity. (Apr 4, 2026) In cybersecurity, a critical Fortinet EMS zero-day (CVE-2026-35616) is actively exploited, and the EU Commission confirmed a 300GB data breach from a Trivy supply chain attack. (Apr 4, 2026)
##Fortinet corrige una #vulnerabilidad crítica explotada activamente en FortiClient EMS (CVE-2026-35616)
##Fortinet Issues Emergency Hotfix for Actively Exploited FortiClient EMS Zero-Day
Fortinet has released emergency hotfix for an actively exploited critical zero-day vulnerability (CVE-2026-35616) in FortiClient EMS that allows unauthenticated attackers to bypass API security and run arbitrary commands.
**If you use FortiClient EMS versions 7.4.5 or 7.4.6, apply Fortinet's emergency hotfix ASAP. It's being actively exploited andcan give attackers full control of your endpoint management server. While you're at it, check your EMS API logs for any signs of unauthorized access or unusual command execution that might indicate you've already been compromised.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/fortinet-issues-emergency-hotfix-for-actively-exploited-forticlient-ems-zero-day-p-2-q-w-2/gD2P6Ple2L
Recent global developments on April 4, 2026:
Geopolitical: Trump challenges NATO's future over "Operation Epic Fury" participation; US-Iran conflict ongoing, Planet Labs withholds satellite images.
Technology: AI breakthroughs include Google DeepMind's Alpha Green for code optimization & OpenAI's GPT-6 on smartphones. Green compute initiatives accelerate.
Cybersecurity: Fortinet zero-day (CVE-2026-35616) exploited; EC suffers Trivy supply chain breach. New polymorphic malware & AI-generated bot threats emerge.
Fortinet CVE-2026-35616 Actively Exploited - Decipher
https://decipher.sc/2026/04/04/fortinet-cve-2026-35616-actively-exploited/
Read on HackerWorkspace: https://hackerworkspace.com/article/fortinet-cve-2026-35616-actively-exploited-decipher
##Geopolitical tensions escalate as the Iran War continues, leading to the functional closure of the Strait of Hormuz, severely impacting global energy markets. In cybersecurity, the European Commission confirmed a 300GB data breach on April 4, 2026, stemming from a Trivy supply chain attack. Additionally, critical RCE flaws in Progress ShareFile were reported on April 3, 2026, and an actively exploited FortiClient EMS zero-day (CVE-2026-35616) necessitated urgent hotfixes on April 4, 2026.
##US President Trump issued an ultimatum to Iran: reopen the Strait of Hormuz by Tuesday or face strikes, intensifying Middle East tensions and driving up oil prices. NVIDIA unveiled new GPU compression technology, while a Chinese chipmaker claims a 300% performance lead over Nvidia's flagship GPU. In cybersecurity, Fortinet patched an actively exploited critical flaw (CVE-2026-35616) in FortiClient EMS. April has seen a surge in ransomware, including the Marquis fintech attack exposing 672,000 records.
##US-Iran geopolitical tensions escalate with downed aircraft and President Trump's threats. (Apr 5, 2026) On technology, Microsoft announced a ¥1.6 trillion investment in Japan for AI infrastructure and cybersecurity. (Apr 4, 2026) In cybersecurity, a critical Fortinet EMS zero-day (CVE-2026-35616) is actively exploited, and the EU Commission confirmed a 300GB data breach from a Trivy supply chain attack. (Apr 4, 2026)
##Fortinet Issues Emergency Hotfix for Actively Exploited FortiClient EMS Zero-Day
Fortinet has released emergency hotfix for an actively exploited critical zero-day vulnerability (CVE-2026-35616) in FortiClient EMS that allows unauthenticated attackers to bypass API security and run arbitrary commands.
**If you use FortiClient EMS versions 7.4.5 or 7.4.6, apply Fortinet's emergency hotfix ASAP. It's being actively exploited andcan give attackers full control of your endpoint management server. While you're at it, check your EMS API logs for any signs of unauthorized access or unusual command execution that might indicate you've already been compromised.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/fortinet-issues-emergency-hotfix-for-actively-exploited-forticlient-ems-zero-day-p-2-q-w-2/gD2P6Ple2L
Recent global developments on April 4, 2026:
Geopolitical: Trump challenges NATO's future over "Operation Epic Fury" participation; US-Iran conflict ongoing, Planet Labs withholds satellite images.
Technology: AI breakthroughs include Google DeepMind's Alpha Green for code optimization & OpenAI's GPT-6 on smartphones. Green compute initiatives accelerate.
Cybersecurity: Fortinet zero-day (CVE-2026-35616) exploited; EC suffers Trivy supply chain breach. New polymorphic malware & AI-generated bot threats emerge.
Fortinet CVE-2026-35616 Actively Exploited - Decipher
https://decipher.sc/2026/04/04/fortinet-cve-2026-35616-actively-exploited/
Read on HackerWorkspace: https://hackerworkspace.com/article/fortinet-cve-2026-35616-actively-exploited-decipher
##Geopolitical tensions escalate as the Iran War continues, leading to the functional closure of the Strait of Hormuz, severely impacting global energy markets. In cybersecurity, the European Commission confirmed a 300GB data breach on April 4, 2026, stemming from a Trivy supply chain attack. Additionally, critical RCE flaws in Progress ShareFile were reported on April 3, 2026, and an actively exploited FortiClient EMS zero-day (CVE-2026-35616) necessitated urgent hotfixes on April 4, 2026.
##FortiYikes at it again..
🔐 CVE-2026-35616
📊 CVSS: 9.1 · Critical
📅 04/04/2026, 05:31 AM
🛡️ CWE: CWE-284
📦 Affected: Fortinet FortiClientEMS (>= 7.4.5, <= 7.4.6)
📚 https://fortiguard.fortinet.com/psirt/FG-IR-26-099 https://nvd.nist.gov/vuln/detail/CVE-2026-35616
🚨 Forticlient EMS Zero Day disclosed minutes ago actively being exploited in the wild as being report by @DefusedCyber & @fortinet
I've created a vulnerability detection script to check for vulnerable instances:
https://github.com/rxerium/rxerium-templates/blob/main/2026/CVE-2026-35616.yaml
Fortinet recommends that you install hotfixes for EMS 7.4.5 / 7.4.6 as per their advisory:
https://www.fortiguard.com/psirt/FG-IR-26-099
🚨 CRITICAL: CVE-2026-35616 affects Fortinet FortiClientEMS 7.4.5 – 7.4.6. Unauthenticated attackers can run code via crafted requests — leading to total system compromise. Official fix is out. Patch ASAP! https://radar.offseq.com/threat/cve-2026-35616-escalation-of-privilege-in-fortinet-1f903372 #OffSeq #Fortinet #Vuln #PatchTuesday
##🔴 CVE-2026-35616 - Critical (9.8)
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35616/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-04T01:16:39.540000
1 posts
🟠 CVE-2026-34780 - High (8.3)
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From versions 39.0.0-alpha.1 to before 39.8.0, 40.0.0-alpha.1 to before 40.7.0, and 41.0.0-alpha.1 to before 41.0.0-beta.8, apps that pass Vide...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34780/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-04T00:16:17.657000
1 posts
🟠 CVE-2026-34769 - High (7.7)
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, an undocumented commandLineSwitches webPreference allowed arbitrary switches to be...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34769/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T23:17:06.653000
2 posts
🔴 CVE-2026-34953 - Critical (9.1)
PraisonAI is a multi-agent teams system. Prior to version 4.5.97, OAuthManager.validate_token() returns True for any token not found in its internal store, which is empty by default. Any HTTP request to the MCP server with an arbitrary Bearer toke...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34953/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CRITICAL vuln in PraisonAI (<4.5.97): CVE-2026-34953 allows any bearer token to bypass auth & gain full access to all agent capabilities. Patch to 4.5.97+ now! No exploits yet. Details: https://radar.offseq.com/threat/cve-2026-34953-cwe-863-incorrect-authorization-in--72e3ef5e #OffSeq #CVE202634953 #infosec #patch
##updated 2026-04-03T23:17:05.693000
2 posts
⚠️ CRITICAL: PraisonAI (v4.5.15 - <4.5.69) vulnerable to OS command injection via - -mcp, allowing arbitrary OS commands (CVE-2026-34935). Patch to 4.5.69+ now! https://radar.offseq.com/threat/cve-2026-34935-cwe-78-improper-neutralization-of-s-aa91a94a #OffSeq #CVE202634935 #PraisonAI #infosec
##🔴 CVE-2026-34935 - Critical (9.8)
PraisonAI is a multi-agent teams system. From version 4.5.15 to before version 4.5.69, the --mcp CLI argument is passed directly to shlex.split() and forwarded through the call chain to anyio.open_process() with no validation, allowlist check, or ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34935/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T23:17:04.587000
2 posts
⚠️ SQL Injection (CVSS 10, CRITICAL) in Kestra < 1.3.7 — authenticated users can trigger RCE via /api/v1/main/flows/search. Patch to v1.3.7 to mitigate. CVE-2026-34612. Details: https://radar.offseq.com/threat/cve-2026-34612-cwe-89-improper-neutralization-of-s-c7c6454f #OffSeq #Kestra #SQLInjection #RCE
##🔴 CVE-2026-34612 - Critical (9.9)
Kestra is an open-source, event-driven orchestration platform. Prior to version 1.3.7, Kestra (default docker-compose deployment) contains a SQL Injection vulnerability that leads to Remote Code Execution (RCE) in the following endpoint "GET /api/...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34612/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T23:17:03.600000
1 posts
🟠 CVE-2026-33184 - High (7.5)
nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, the discovery handler accepts a peer-controlled limit during handshake and stores it unchange...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33184/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T23:17:03.417000
1 posts
🟠 CVE-2025-15620 - High (8.6)
HiOS Switch Platform versions 09.1.00 prior to 09.4.05 and 10.3.01 contains a denial-of-service vulnerability in the web interface that allows remote attackers to reboot the affected device by sending a malicious HTTP GET request to a specific end...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-15620/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T22:16:25.400000
1 posts
updated 2026-04-03T21:54:37
1 posts
🟠 CVE-2026-34824 - High (7.5)
Mesop is a Python-based UI framework that allows users to build web applications. From version 1.2.3 to before version 1.2.5, an uncontrolled resource consumption vulnerability exists in the WebSocket implementation of the Mesop framework. An unau...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34824/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T21:37:19
1 posts
🔴 CVE-2026-33950 - Critical (9.4)
Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.4, there is a privilege escalation vulnerability by Admin Role Injection via /enableSecurity. An unauthenticated attacker can gain full Admi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33950/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T21:35:39
1 posts
🟠 CVE-2026-33175 - High (8.8)
OAuthenticator is software that allows OAuth2 identity providers to be plugged in and used with JupyterHub. Prior to version 17.4.0, an authentication bypass vulnerability in oauthenticator allows an attacker with an unverified email address on an...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33175/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T21:34:49
1 posts
🔴 CVE-2026-31818 - Critical (9.6)
Budibase is an open-source low-code platform. Prior to version 3.33.4, a server-side request forgery (SSRF) vulnerability exists in Budibase's REST datasource connector. The platform's SSRF protection mechanism (IP blacklist) is rendered completel...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31818/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T21:31:49
2 posts
2 repos
🚨 CVE-2026-25197 (CRITICAL): Gardyn Cloud API lets authenticated users access other profiles by tweaking ID in API calls (CWE-639). No patch yet — restrict access & monitor for abuse. Details: https://radar.offseq.com/threat/cve-2026-25197-cwe-639-in-gardyn-cloud-api-0887f9ef #OffSeq #APIsecurity #CVE202625197
##🔴 CVE-2026-25197 - Critical (9.1)
A specific endpoint allows authenticated users to pivot to other user profiles by modifying the id number in the API call.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25197/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T21:31:49
1 posts
2 repos
🟠 CVE-2025-10681 - High (8.6)
Storage credentials are hardcoded in the mobile app and device firmware. These credentials do not adequately limit end user permissions and do not expire within a reasonable amount of time. This vulnerability may grant unauthorized access to produ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-10681/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T21:31:49
1 posts
🟠 CVE-2026-22665 - High (8.1)
prompts.chat prior to commit 1464475 contains an identity confusion vulnerability due to inconsistent case-sensitive and case-insensitive handling of usernames across write and read paths, allowing attackers to create case-variant usernames that b...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22665/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T21:31:49
1 posts
2 repos
🔴 CVE-2026-28766 - Critical (9.3)
A specific endpoint exposes all user account information for registered Gardyn users without requiring authentication.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28766/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T21:31:49
1 posts
🟠 CVE-2026-35558 - High (7.8)
Improper neutralization of special elements in the authentication components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to execute arbitrary code or redirect authentication flows by using specially crafted connection pa...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35558/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T21:31:49
1 posts
🟠 CVE-2026-35562 - High (7.5)
Allocation of resources without limits in the parsing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to cause a denial of service by delivering crafted input that triggers excessive resource consumption during th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35562/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T21:31:48
1 posts
🟠 CVE-2026-22661 - High (8.1)
prompts.chat prior to commit 0f8d4c3 contains a path traversal vulnerability in skill file handling that allows attackers to write arbitrary files to the client system by crafting malicious ZIP archives with unsanitized filenames containing path t...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22661/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T21:17:12.603000
1 posts
🟠 CVE-2026-5485 - High (7.8)
OS command injection in the browser-based authentication component in Amazon Athena ODBC driver before 2.0.5.1 on Linux might allow a threat actor to execute arbitrary code by using specially crafted connection parameters that are loaded by the dr...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5485/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T21:17:11.137000
1 posts
2 repos
🟠 CVE-2026-32646 - High (7.5)
A specific administrative endpoint is accessible without proper authentication, exposing device management functions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32646/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T21:17:09.513000
1 posts
🟠 CVE-2026-22664 - High (7.7)
prompts.chat prior to commit 30a8f04 contains a server-side request forgery vulnerability in Fal.ai media status polling that allows authenticated users to perform arbitrary outbound requests by supplying attacker-controlled URLs in the token para...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22664/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T21:17:09.337000
1 posts
🟠 CVE-2026-22663 - High (7.5)
prompts.chat prior to commit 7b81836 contains multiple authorization bypass vulnerabilities due to missing isPrivate checks across API endpoints and page metadata generation that allow unauthorized users to access sensitive data associated with pr...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22663/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T20:16:02.263000
1 posts
🟠 CVE-2026-25726 - High (8.1)
Cloudreve is a self-hosted file management and sharing system. Prior to version 4.13.0, the application uses the weak pseudo-random number generator math/rand seeded with time.Now().UnixNano() to generate critical security secrets, including the s...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25726/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T19:52:26.097000
1 posts
🔴 CVE-2026-34758 - Critical (9.1)
OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, unauthenticated access to Notification test and Phone Number management endpoints allows SMS/Call/Email/WhatsApp abuse and phone number purchase. This iss...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34758/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T19:50:42.600000
1 posts
🟠 CVE-2026-34752 - High (7.5)
Haraka is a Node.js mail server. Prior to version 3.1.4, sending an email with __proto__: as a header name crashes the Haraka worker process. This issue has been patched in version 3.1.4.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34752/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T19:17:22.687000
1 posts
🟠 CVE-2026-34524 - High (8.3)
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, a path traversal vulnerability in chat ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34524/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T18:31:34
2 posts
🔴 New security advisory:
CVE-2026-28373 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-28373-stackfield-desktop-app-path-traversal
🔴 CVE-2026-28373 - Critical (9.6)
The Stackfield Desktop App before 1.10.2 for macOS and Windows contains a path traversal vulnerability in certain decryption functionality when processing the filePath property. A malicious export can write arbitrary content to any path on the vic...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28373/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T18:31:34
1 posts
🔴 CVE-2026-0545 - Critical (9.1)
In mlflow/mlflow, the FastAPI job endpoints under `/ajax-api/3.0/jobs/*` are not protected by authentication or authorization when the `basic-auth` app is enabled. This vulnerability affects the latest version of the repository. If job execution i...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0545/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T18:31:21
1 posts
🟠 CVE-2026-26477 - High (7.5)
An issue in Dokuwiki v.2025-05-14b 'Librarian' allows a remote attacker to cause a denial of service via the media_upload_xhr() function in the media.php file
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26477/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T18:31:17
1 posts
🟠 CVE-2025-43202 - High (8.8)
This issue was addressed with improved memory handling. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6. Processing a file may lead to memory corruption.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-43202/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T18:31:17
1 posts
🟠 CVE-2025-43219 - High (8.8)
The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6. Processing a maliciously crafted image may corrupt process memory.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-43219/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T17:56:53.233000
1 posts
🟠 CVE-2025-43264 - High (8.8)
The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6. Processing a maliciously crafted image may corrupt process memory.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-43264/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T16:16:41.977000
1 posts
🟠 CVE-2026-35218 - High (8.7)
Budibase is an open-source low-code platform. Prior to version 3.32.5, Budibase's Builder Command Palette renders entity names (tables, views, queries, automations) using Svelte's {@html} directive without any sanitization. An authenticated user w...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35218/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T16:16:41.607000
1 posts
🟠 CVE-2026-35214 - High (8.7)
Budibase is an open-source low-code platform. Prior to version 3.33.4, the plugin file upload endpoint (POST /api/plugin/upload) passes the user-supplied filename directly to createTempFolder() without sanitizing path traversal sequences. An attac...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35214/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T16:16:22.840000
1 posts
🟠 CVE-2025-59711 - High (8.3)
An issue was discovered in Biztalk360 before 11.5. Because of mishandling of user-provided input in an upload mechanism, an authenticated attacker is able to write files outside of the destination directory and/or coerce an authentication from the...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-59711/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T16:11:11.357000
1 posts
Critical Cisco IMC Authentication Bypass Allows Remote Administrative Takeover
Cisco patched a critical authentication bypass (CVE-2026-20093) in its Integrated Management Controller that allows unauthenticated attackers to gain Admin access by changing passwords via crafted HTTP requests.
**If your organization is running Cisco FMC on-premise, SSM On-Prem, or UCS servers with exposed IMC interfaces, consider this urgent and critical. Your immediate first step must be to ensure the web and management interfaces for all these devices are strictly isolated and accessible only from highly trusted internal networks. Even if you have them isolated, threat actors will weaponize these flaws and look for a way in.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-cisco-imc-authentication-bypass-allows-remote-administrative-takeover-6-o-v-j-i/gD2P6Ple2L
updated 2026-04-03T16:11:11.357000
1 posts
Critical Cisco Smart Software Manager Vulnerability Allows Root Command Execution
Cisco patched a critical unauthenticated remote code execution vulnerability (CVE-2026-20160) in its Smart Software Manager On-Prem platform that allows attackers to gain root access. The flaw is caused by an exposed internal API and requires no user interaction to exploit.
**Treat this Cisco SSM update as an emergency priority because it allows full root access without a password and has no available workarounds. First, make sure the SSM is isolated from the internet and accessible only from trusted networks. Even with that, patch ASAP. Since license managers often have broad network reach, a compromise here provides attackers an ideal platform for lateral movement across your entire infrastructure.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-cisco-smart-software-manager-vulnerability-allows-root-command-execution-5-h-v-c-1/gD2P6Ple2L
updated 2026-04-03T16:10:52.680000
2 posts
🟠 CVE-2026-4636 - High (8.1)
A flaw was found in Keycloak. An authenticated user with the uma_protection role can bypass User-Managed Access (UMA) policy validation. This allows the attacker to include resource identifiers owned by other users in a policy creation request, ev...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4636/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4636 - High (8.1)
A flaw was found in Keycloak. An authenticated user with the uma_protection role can bypass User-Managed Access (UMA) policy validation. This allows the attacker to include resource identifiers owned by other users in a policy creation request, ev...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4636/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T16:10:52.680000
2 posts
🟠 CVE-2026-31933 - High (7.5)
Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, specially crafted traffic can cause Suricata to slow down, affecting performance in IDS mode. This issue has been patched in versions 7.0.15 and 8.0.4.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31933/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-31933 - High (7.5)
Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, specially crafted traffic can cause Suricata to slow down, affecting performance in IDS mode. This issue has been patched in versions 7.0.15 and 8.0.4.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31933/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T16:10:52.680000
1 posts
🟠 CVE-2026-31932 - High (7.5)
Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, inefficiency in KRB5 buffering can lead to performance degradation. This issue has been patched in versions 7.0.15 and 8.0.4.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31932/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T16:10:52.680000
1 posts
🟠 CVE-2026-35168 - High (8.8)
OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.10.2, the Aggiornamenti (Updates) module in OpenSTAManager contains a database conflict resolution feature (op=risolvi-conflitti-databa...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35168/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T16:10:52.680000
1 posts
🟠 CVE-2026-31934 - High (7.5)
Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, there is a quadratic complexity issue when searching for URLs in mime encoded messages over SMTP leading to a performance impact. This issue has been patche...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31934/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T16:10:52.680000
1 posts
🟠 CVE-2026-34728 - High (8.7)
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the MediaBrowserController::index() method handles file deletion for the media browser. When the fileRemove action is triggered, the user-supplied name parameter is concatenat...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34728/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T16:10:52.680000
1 posts
🟠 CVE-2026-34791 - High (8.8)
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_proxy.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open() call, ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34791/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T16:10:52.680000
2 posts
🟠 CVE-2026-34794 - High (8.8)
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_ids.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open() call, wh...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34794/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34794 - High (8.8)
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_ids.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open() call, wh...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34794/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T16:10:52.680000
1 posts
🟠 CVE-2026-34795 - High (8.8)
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_log.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open() call, wh...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34795/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T16:10:52.680000
1 posts
🟠 CVE-2026-34797 - High (8.8)
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_smtp.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open() call, w...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34797/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T16:10:23.730000
1 posts
🟠 CVE-2026-35467 - High (7.5)
The stored API keys in temporary browser client is not marked as protected allowing for JavScript console or other errors to allow for extraction of the encryption credentials.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35467/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T16:10:23.730000
1 posts
🟠 CVE-2026-25773 - High (8.1)
** UNSUPPORTED WHEN ASSIGNED ** Focalboard version 8.0 fails to sanitize category IDs before incorporating them into dynamic SQL statements when reordering categories. An attacker can inject a malicious SQL payload into the category id field, whic...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25773/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T16:10:23.730000
2 posts
CVE-2026-33105 hits Azure Kubernetes Service with CVSS 10.0. Unauthenticated remote privilege escalation - Microsoft patched it but check your AKS clusters. Critical severity, no user interaction required.
##🔴 CVE-2026-33105 - Critical (10)
Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33105/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T16:10:23.730000
1 posts
XZ Utils 5.8.3 Released to Patch Buffer Overflow and Memory Access Flaws
XZ Utils version 5.8.3 addresses a critical buffer overflow (CVE-2026-34743) and a 32-bit memory access flaw affecting versions 5.0.0 and later. Although developers consider the real-world risk low, security organizations have assigned a CVSS score of 9.8 due to the potential for arbitrary code execution.
**Even if developers claim a bug is hard to hit, a CVSS 9.8 in a core library like XZ requires attention. Plan an update of your Linux distributions and container images now to ensure this foundational component isn't a weak link in your supply chain.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/xz-utils-5-8-3-released-to-patch-buffer-overflow-and-memory-access-flaws-8-i-t-m-h/gD2P6Ple2L
updated 2026-04-03T16:10:23.730000
2 posts
1 repos
🚨 CVE-2026-34838 (CRITICAL, CVSS 10): Group-Office <6.8.156, <25.0.90, <26.0.12 vulnerable to insecure deserialization (CWE-502). Authenticated attackers can achieve RCE by injecting malicious serialized objects. Patch now! https://radar.offseq.com/threat/cve-2026-34838-cwe-502-deserialization-of-untruste-f6c31d56 #OffSeq #Vuln #RCE
##🔴 CVE-2026-34838 - Critical (9.9)
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.156, 25.0.90, and 26.0.12, a vulnerability in the AbstractSettingsCollection model leads to insecure deserialization when these settings are l...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34838/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T16:10:23.730000
2 posts
⚠️ CRITICAL vuln: pymetasploit3 ≤1.0.6 (CVE-2026-5463) lets attackers inject commands via newline chars in console.run_module_with_output(), risking full session compromise. Avoid untrusted input, watch for patches. https://radar.offseq.com/threat/cve-2026-5463-cwe-77-improper-neutralization-of-sp-6f7ed040 #OffSeq #CVE20265463 #infosec
##🟠 CVE-2026-5463 - High (8.6)
Command injection vulnerability in console.run_module_with_output() in pymetasploit3 through version 1.0.6 allows attackers to inject newline characters into module options such as RHOSTS. This breaks the intended command structure and causes the ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5463/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T16:10:23.730000
1 posts
1 repos
🟠 CVE-2026-30332 - High (7.5)
A Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability in Balena Etcher for Windows prior to v2.1.4 allows attackers to escalate privileges and execute arbitrary code via replacing a legitimate script with a crafted payload during th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30332/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T16:10:23.730000
1 posts
🟠 CVE-2026-5350 - High (8.8)
A security flaw has been discovered in Trendnet TEW-657BRM 1.00.1. The impacted element is the function update_pcdb of the file /setup.cgi. The manipulation of the argument mac_pc_dba results in stack-based buffer overflow. The attack can be launc...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5350/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T16:10:23.730000
1 posts
🔴 CVE-2026-25212 - Critical (9.9)
An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser privileges, an attacker with pmm-admin rights can abuse the "Add data source" feature to break out of the database context and execute ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25212/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T16:10:23.730000
1 posts
🟠 CVE-2025-65114 - High (7.5)
Apache Traffic Server allows request smuggling if chunked messages are malformed.
This issue affects Apache Traffic Server: from 9.0.0 through 9.2.12, from 10.0.0 through 10.1.1.
Users are recommended to upgrade to version 9.2.13 or 10.1.2, wh...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-65114/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T16:10:23.730000
2 posts
🟠 CVE-2026-35385 - High (7.5)
In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O (legacy scp protocol) and without -p (preserve mode).
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35385/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Anyone have time to look through the vuln fixes for OpenSSH today? I haven't yet because I'm trying not to care about it but there are at least four CVEs apparently.
https://www.openssh.org/txt/release-10.3
CVE-2026-35385
CVE-2026-35386
CVE-2026-35387
CVE-2026-35388
updated 2026-04-03T16:10:23.730000
1 posts
🟠 CVE-2026-34577 - High (8.6)
Postiz is an AI social media scheduling tool. Prior to version 2.21.3, the GET /public/stream endpoint in PublicController accepts a user-supplied url query parameter and proxies the full HTTP response back to the caller. The only validation is ur...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34577/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T16:10:23.730000
1 posts
🟠 CVE-2026-34827 - High (7.5)
Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack::Multipart::Parser#handle_mime_head parses quoted multipart parameters such as Content-Disposition: form-data; name="..." usin...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34827/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T16:10:23.730000
1 posts
🟠 CVE-2026-34725 - High (8.2)
DbGate is cross-platform database manager. From version 7.0.0 to before version 7.1.5, a stored XSS vulnerability exists in DbGate because attacker-controlled SVG icon strings are rendered as raw HTML without sanitization. In the web UI this allow...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34725/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T16:10:23.730000
1 posts
🟠 CVE-2026-32173 - High (8.6)
Improper authentication in Azure SRE Agent allows an unauthorized attacker to disclose information over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32173/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T16:10:23.730000
1 posts
Anyone have time to look through the vuln fixes for OpenSSH today? I haven't yet because I'm trying not to care about it but there are at least four CVEs apparently.
https://www.openssh.org/txt/release-10.3
CVE-2026-35385
CVE-2026-35386
CVE-2026-35387
CVE-2026-35388
updated 2026-04-03T11:40:57.390000
5 posts
2 repos
https://github.com/fevar54/CVE-2026-3502-Scanner---TrueConf-Vulnerability-Detection-Tool
https://github.com/fevar54/CVE-2026-3502---TrueConf-Client-Update-Hijacking-PoC
Geopolitical tensions escalate between Algeria and Morocco, impacting European security and energy stability. In technology, IBM and Arm announced a strategic collaboration on new dual-architecture hardware for future AI and data-intensive workloads. On the cybersecurity front, CISA added a new exploited vulnerability (CVE-2026-3502) to its catalog, while L.A. Metro confirmed a mid-March hack, with systems still being restored.
##🚨 [CISA-2026:0402] CISA Adds One Known Exploited Vulnerability to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0402)
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2026-3502 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3502)
- Name: TrueConf Client Download of Code Without Integrity Check Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: TrueConf
- Product: Client
- Notes: https://trueconf.com/blog/update/trueconf-8-5 ; https://trueconf.com/downloads/windows.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-3502
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260402 #cisa20260402 #cve_2026_3502 #cve20263502
##CVE ID: CVE-2026-3502
Vendor: TrueConf
Product: Client
Date Added: 2026-04-02
Notes: https://trueconf.com/blog/update/trueconf-8-5 ; https://trueconf.com/downloads/windows.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-3502
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-3502
TrueConf Zero-Day Exploited in Targeted Government Attacks
China-nexus attackers exploited a zero-day vulnerability (CVE-2026-3502) in TrueConf's update mechanism to deploy the Havoc C2 framework across Southeast Asian government networks. The flaw allows attackers who compromise an on-premises server to push malicious updates to all connected clients without verification.
**If you use TrueConf for videoconferencing, update all Windows clients to version 8.5.3 immediately. Also check your systems for signs of compromise. Look for files like poweriso.exe or iscsiexe.dll in unexpected folders, and make sure any trueconf_windows_update.exe file has a valid digital signature before allowing it to run.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/trueconf-zero-day-exploited-in-targeted-government-attacks-9-4-c-x-v/gD2P6Ple2L
Broadcom has several advisories today, three critical and one high-severity, plus more https://support.broadcom.com/web/ecx/security-advisory #Broadcom
CISA has added to the KEV catalogue:
- CVE-2026-3502: TrueConf Client Download of Code Without Integrity Check Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-3502
- Three industrial vulnerabilities added https://www.cisa.gov/ #CISA
Cisco has tagged Apple for zero-day reports https://talosintelligence.com/vulnerability_info @TalosSecurity #Cisco #Apple #infosec #vulnerability
##updated 2026-04-03T09:30:21
1 posts
🟠 CVE-2026-4350 - High (8.1)
The Perfmatters plugin for WordPress is vulnerable to arbitrary file deletion via path traversal in all versions up to, and including, 2.5.9.1. This is due to the `PMCS::action_handler()` method processing the `$_GET['delete']` parameter without a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4350/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T03:39:42
1 posts
🟠 CVE-2026-28815 - High (7.5)
A remote attacker can supply a short X-Wing HPKE encapsulated key and trigger an out-of-bounds read in the C decapsulation path, potentially causing a crash or memory disclosure depending on runtime protections. This issue is fixed in swift-crypto...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28815/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T02:42:31
1 posts
🟠 CVE-2026-34774 - High (8.1)
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 39.8.1, 40.7.0, and 41.0.0, apps that use offscreen rendering and allow child windows via window.open() may be vulnerable to ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34774/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T02:40:26
1 posts
🟠 CVE-2026-34771 - High (7.5)
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, apps that register an asynchronous session.setPermissionRequestHandler() may be vu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34771/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T00:31:15
2 posts
🛑 CRITICAL: CVE-2026-32213 impacts Azure AI Foundry. Improper authorization lets remote attackers fully compromise systems — no auth needed! Restrict access, enhance monitoring, & prep IR now. https://radar.offseq.com/threat/cve-2026-32213-cwe-285-improper-authorization-in-m-b7cd2d00 #OffSeq #Azure #Cloud #Vuln #BlueTeam
##🔴 CVE-2026-32213 - Critical (10)
Improper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32213/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T00:31:15
1 posts
🔴 CVE-2026-33107 - Critical (10)
Server-side request forgery (ssrf) in Azure Databricks allows an unauthorized attacker to elevate privileges over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33107/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T00:31:14
1 posts
🔴 CVE-2026-32211 - Critical (9.1)
Missing authentication for critical function in Azure MCP Server allows an unauthorized attacker to disclose information over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32211/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-03T00:31:14
1 posts
🔴 CVE-2026-26135 - Critical (9.6)
Server-side request forgery (ssrf) in Azure Custom Locations Resource Provider (RP) allows an authorized attacker to elevate privileges over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26135/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-02T21:34:00
1 posts
🟠 CVE-2025-58136 - High (7.5)
A bug in POST request handling causes a crash under a certain condition.
This issue affects Apache Traffic Server: from 10.0.0 through 10.1.1, from 9.0.0 through 9.2.12.
Users are recommended to upgrade to version 10.1.2 or 9.2.13, which fix the...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-58136/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-02T21:33:03
1 posts
🟠 CVE-2026-5429 - High (7.8)
Unsanitized input during web page generation in the Kiro Agent webview in Kiro IDE before version 0.8.140 allows a remote unauthenticated threat actor to execute arbitrary code via a potentially damaging crafted color theme name when a local user ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5429/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-02T21:33:02
1 posts
🟠 CVE-2025-43257 - High (8.7)
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.6. An app may be able to break out of its sandbox.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-43257/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-02T21:33:02
1 posts
🟠 CVE-2026-34426 - High (7.6)
OpenClaw versions prior to commit b57b680 contain an approval bypass vulnerability due to inconsistent environment variable normalization between approval and execution paths, allowing attackers to inject attacker-controlled environment variables...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34426/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-02T20:34:49
1 posts
🟠 CVE-2026-34829 - High (7.5)
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser only wraps the request body in a BoundedIO when CONTENT_LENGTH is present. When a multipart/form-data request is sent without a Conte...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34829/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-02T18:44:26
1 posts
🟠 CVE-2026-34785 - High (7.5)
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Static determines whether a request should be served as a static file using a simple string prefix check. When configured with URL prefixes such as "/c...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34785/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-02T18:31:45
1 posts
🟠 CVE-2026-34876 - High (7.5)
An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtls_ccm_finish() in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation of the multipart CCM API with an oversized tag_l...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34876/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-02T18:31:45
1 posts
🟠 CVE-2026-5349 - High (8.8)
A vulnerability was identified in Trendnet TEW-657BRM 1.00.1. The affected element is the function add_apcdb of the file /setup.cgi. The manipulation of the argument mac_pc_dba leads to stack-based buffer overflow. The attack can be initiated remo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5349/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-02T18:31:45
1 posts
🔴 CVE-2026-34877 - Critical (9.8)
An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce memory corruption, ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34877/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-02T18:31:45
1 posts
Anyone have time to look through the vuln fixes for OpenSSH today? I haven't yet because I'm trying not to care about it but there are at least four CVEs apparently.
https://www.openssh.org/txt/release-10.3
CVE-2026-35385
CVE-2026-35386
CVE-2026-35387
CVE-2026-35388
updated 2026-04-02T18:31:45
1 posts
Anyone have time to look through the vuln fixes for OpenSSH today? I haven't yet because I'm trying not to care about it but there are at least four CVEs apparently.
https://www.openssh.org/txt/release-10.3
CVE-2026-35385
CVE-2026-35386
CVE-2026-35387
CVE-2026-35388
updated 2026-04-02T15:31:49
2 posts
🟠 CVE-2026-34792 - High (8.8)
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_clamav.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open() call,...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34792/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34792 - High (8.8)
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_clamav.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open() call,...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34792/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-02T15:31:49
2 posts
🟠 CVE-2026-34796 - High (8.8)
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_openvpn.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open() call...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34796/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34796 - High (8.8)
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_openvpn.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open() call...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34796/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-02T15:31:49
1 posts
🟠 CVE-2026-34793 - High (8.8)
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_firewall.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open() cal...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34793/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-02T15:31:41
7 posts
🔴 CVE-2026-2701 - Critical (9.1)
Authenticated user can upload a malicious file to the server and execute it, which leads to remote code execution.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2701/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-2701 - Critical (9.1)
Authenticated user can upload a malicious file to the server and execute it, which leads to remote code execution.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2701/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Progress Software Patches Critical RCE Chain in ShareFile Storage Zones Controller
Progress Software patched two critical vulnerabilities (CVE-2026-2699 and CVE-2026-2701) in ShareFile Storage Zones Controller that allow unauthenticated attackers to bypass authentication and execute remote code.
**If you manage your own ShareFile storage zones, update to version 5.12.4 or move to version 6 to prevent full system takeover. File transfer tools are high-value targets for ransomware groups, so treat this patch as a top priority. If you can't patch, isolate the instances until they are patched. General isolation doesn't work since these systems are designed to be accessible from the public internet.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/progress-software-patches-critical-rce-chain-in-sharefile-storage-zones-controller-6-f-a-f-n/gD2P6Ple2L
New.
WatchTower: You’re Not Supposed To ShareFile With Everyone (Progress ShareFile Pre-Auth RCE Chain CVE-2026-2699 & CVE-2026-2701) https://labs.watchtowr.com/youre-not-supposed-to-sharefile-with-everyone-progress-sharefile-pre-auth-rce-chain-cve-2026-2699-cve-2026-2701/
Recorded Future: Latin America and the Caribbean Cybercrime Landscape https://www.recordedfuture.com/research/latin-america-and-the-caribbean-cybercrime-landscape
Mandiant: vSphere and BRICKSTORM Malware: A Defender's Guide https://cloud.google.com/blog/topics/threat-intelligence/vsphere-brickstorm-defender-guide
Cisco: UAT-10608: Inside a large-scale automated credential harvesting operation targeting web applications https://blog.talosintelligence.com/uat-10608-inside-a-large-scale-automated-credential-harvesting-operation-targeting-web-applications/
Threat Fabric: The Malware Gap: Why Fraud & Security Controls Still Miss Mobile Malware https://www.threatfabric.com/blogs/the-malware-gap-why-fraud-security-controls-still-miss-mobile-malware
Abnormal Security: Meet VENOM: The PhaaS Platform That Neutralizes MFA https://abnormal.ai/blog/venom-phishing-campaign-mfa-credential-theft
From yesterday:
Zscaler: Anthropic Claude Code Leak https://www.zscaler.com/blogs/security-research/anthropic-claude-code-leak #infosec #threatresearch #vulnerability #malware #threatintel #threatintelligence
##You’re Not Supposed To ShareFile With Everyone (Progress ShareFile Pre-Auth RCE Chain CVE-2026-2699 and CVE-2026-2701) https://labs.watchtowr.com/youre-not-supposed-to-sharefile-with-everyone-progress-sharefile-pre-auth-rce-chain-cve-2026-2699-cve-2026-2701/
##You’re Not Supposed To ShareFile With Everyone (Progress ShareFile Pre-Auth RCE Chain CVE-2026-2699 & CVE-2026-2701)
#CVE_2026_2699 #CVE_2026_2701
https://labs.watchtowr.com/youre-not-supposed-to-sharefile-with-everyone-progress-sharefile-pre-auth-rce-chain-cve-2026-2699-cve-2026-2701/
You’re Not Supposed To ShareFile With Everyone (Progress ShareFile Pre-Auth RCE Chain CVE-2026-2699 & CVE-2026-2701) - watchTowr Labs https://labs.watchtowr.com/youre-not-supposed-to-sharefile-with-everyone-progress-sharefile-pre-auth-rce-chain-cve-2026-2699-cve-2026-2701/
##updated 2026-04-02T15:31:40
7 posts
1 repos
https://github.com/watchtowrlabs/watchTowr-vs-Progress-ShareFile-CVE-2026-2699
🔴 CVE-2026-2699 - Critical (9.8)
Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2699/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-2699 - Critical (9.8)
Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2699/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Progress Software Patches Critical RCE Chain in ShareFile Storage Zones Controller
Progress Software patched two critical vulnerabilities (CVE-2026-2699 and CVE-2026-2701) in ShareFile Storage Zones Controller that allow unauthenticated attackers to bypass authentication and execute remote code.
**If you manage your own ShareFile storage zones, update to version 5.12.4 or move to version 6 to prevent full system takeover. File transfer tools are high-value targets for ransomware groups, so treat this patch as a top priority. If you can't patch, isolate the instances until they are patched. General isolation doesn't work since these systems are designed to be accessible from the public internet.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/progress-software-patches-critical-rce-chain-in-sharefile-storage-zones-controller-6-f-a-f-n/gD2P6Ple2L
New.
WatchTower: You’re Not Supposed To ShareFile With Everyone (Progress ShareFile Pre-Auth RCE Chain CVE-2026-2699 & CVE-2026-2701) https://labs.watchtowr.com/youre-not-supposed-to-sharefile-with-everyone-progress-sharefile-pre-auth-rce-chain-cve-2026-2699-cve-2026-2701/
Recorded Future: Latin America and the Caribbean Cybercrime Landscape https://www.recordedfuture.com/research/latin-america-and-the-caribbean-cybercrime-landscape
Mandiant: vSphere and BRICKSTORM Malware: A Defender's Guide https://cloud.google.com/blog/topics/threat-intelligence/vsphere-brickstorm-defender-guide
Cisco: UAT-10608: Inside a large-scale automated credential harvesting operation targeting web applications https://blog.talosintelligence.com/uat-10608-inside-a-large-scale-automated-credential-harvesting-operation-targeting-web-applications/
Threat Fabric: The Malware Gap: Why Fraud & Security Controls Still Miss Mobile Malware https://www.threatfabric.com/blogs/the-malware-gap-why-fraud-security-controls-still-miss-mobile-malware
Abnormal Security: Meet VENOM: The PhaaS Platform That Neutralizes MFA https://abnormal.ai/blog/venom-phishing-campaign-mfa-credential-theft
From yesterday:
Zscaler: Anthropic Claude Code Leak https://www.zscaler.com/blogs/security-research/anthropic-claude-code-leak #infosec #threatresearch #vulnerability #malware #threatintel #threatintelligence
##You’re Not Supposed To ShareFile With Everyone (Progress ShareFile Pre-Auth RCE Chain CVE-2026-2699 and CVE-2026-2701) https://labs.watchtowr.com/youre-not-supposed-to-sharefile-with-everyone-progress-sharefile-pre-auth-rce-chain-cve-2026-2699-cve-2026-2701/
##You’re Not Supposed To ShareFile With Everyone (Progress ShareFile Pre-Auth RCE Chain CVE-2026-2699 & CVE-2026-2701)
#CVE_2026_2699 #CVE_2026_2701
https://labs.watchtowr.com/youre-not-supposed-to-sharefile-with-everyone-progress-sharefile-pre-auth-rce-chain-cve-2026-2699-cve-2026-2701/
You’re Not Supposed To ShareFile With Everyone (Progress ShareFile Pre-Auth RCE Chain CVE-2026-2699 & CVE-2026-2701) - watchTowr Labs https://labs.watchtowr.com/youre-not-supposed-to-sharefile-with-everyone-progress-sharefile-pre-auth-rce-chain-cve-2026-2699-cve-2026-2701/
##updated 2026-04-02T15:31:40
1 posts
Ciekawy błąd, 0/1 click RCE w oprogramowaniu związanym z Szafir/KIR służącym do elektronicznych podpisów, używanym przez 900k użytkowników.
Tldr: wchodzisz w link, (niekoniecznie) klikasz "ok" w zespoofowanym okienku, dostajesz malware.
Research: Michał Leszczyński
https://www.cve.org/CVERecord?id=CVE-2026-26928
updated 2026-04-01T23:28:05
3 posts
⛔ New security advisory:
CVE-2026-34952 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-34952-praisonai-agent-access-flaw
🚨 CVE-2026-34952 (CRITICAL): PraisonAI < 4.5.97 lets unauthenticated users access /ws & /info — enumerate agents & send arbitrary messages. High confidentiality & integrity risk. Patch to 4.5.97+ now! https://radar.offseq.com/threat/cve-2026-34952-cwe-306-missing-authentication-for--4a535aff #OffSeq #PraisonAI #Vuln #Cybersecurity
##🔴 CVE-2026-34952 - Critical (9.1)
PraisonAI is a multi-agent teams system. Prior to version 4.5.97, the PraisonAI Gateway server accepts WebSocket connections at /ws and serves agent topology at /info with no authentication. Any network client can connect, enumerate registered age...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34952/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T23:27:07
1 posts
🟠 CVE-2026-34954 - High (8.6)
PraisonAI is a multi-agent teams system. Prior to version 1.5.95, FileTools.download_file() in praisonaiagents validates the destination path but performs no validation on the url parameter, passing it directly to httpx.stream() with follow_redire...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34954/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T23:26:02
1 posts
🟠 CVE-2026-34955 - High (8.8)
PraisonAI is a multi-agent teams system. Prior to version 4.5.97, SubprocessSandbox in all modes (BASIC, STRICT, NETWORK_ISOLATED) calls subprocess.run() with shell=True and relies solely on string-pattern matching to block dangerous commands. The...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34955/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T23:21:46
1 posts
🟠 CVE-2026-34936 - High (7.7)
PraisonAI is a multi-agent teams system. Prior to version 4.5.90, passthrough() and apassthrough() in praisonai accept a caller-controlled api_base parameter that is concatenated with endpoint and passed directly to httpx.Client.request() when the...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34936/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T23:20:34
2 posts
🚨 CVE-2026-34934: PraisonAI <4.5.90 affected by CRITICAL SQL injection (CVSS 9.8). Unauthenticated attackers can gain full DB access via unsanitized thread IDs. Upgrade to 4.5.90+ ASAP. Details: https://radar.offseq.com/threat/cve-2026-34934-cwe-89-improper-neutralization-of-s-2e7eac46 #OffSeq #infosec #SQLInjection #PraisonAI
##🔴 CVE-2026-34934 - Critical (9.8)
PraisonAI is a multi-agent teams system. Prior to version 4.5.90, the get_all_user_threads function constructs raw SQL queries using f-strings with unescaped thread IDs fetched from the database. An attacker stores a malicious thread ID via update...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34934/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T23:18:18
2 posts
🟠 CVE-2026-34937 - High (7.8)
PraisonAI is a multi-agent teams system. Prior to version 1.5.90, run_python() in praisonai constructs a shell command string by interpolating user-controlled code into python3 -c "" and passing it to subprocess.run(..., shell=True). The escaping ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34937/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34937 - High (7.8)
PraisonAI is a multi-agent teams system. Prior to version 1.5.90, run_python() in praisonai constructs a shell command string by interpolating user-controlled code into python3 -c "" and passing it to subprocess.run(..., shell=True). The escaping ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34937/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T23:17:49
2 posts
🚨 CRITICAL: CVE-2026-34938 in PraisonAI <1.5.90 lets attackers bypass sandbox protections and achieve arbitrary OS command execution. Immediate upgrade to v1.5.90+ required. Full system compromise possible. https://radar.offseq.com/threat/cve-2026-34938-cwe-693-protection-mechanism-failur-01ac669c #OffSeq #CVE202634938 #infosec #PraisonAI
##🔴 CVE-2026-34938 - Critical (10)
PraisonAI is a multi-agent teams system. Prior to version 1.5.90, execute_code() in praisonai-agents runs attacker-controlled Python inside a three-layer sandbox that can be fully bypassed by passing a str subclass with an overridden startswith() ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34938/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T21:36:44
1 posts
🟠 CVE-2026-34522 - High (8.1)
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, a path traversal vulnerability in /api/...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34522/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T21:30:28
8 posts
1 repos
https://github.com/umair-aziz025/CVE-2026-5281-Research-Toolkit
📈 CVE Published in last 7 days (2026-03-30 - 2026-04-06)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1282
Severity:
- Critical: 134
- High: 375
- Medium: 561
- Low: 63
- None: 149
Status:
- : 54
- Analyzed: 257
- Awaiting Analysis: 410
- Modified: 9
- Received: 265
- Rejected: 7
- Undergoing Analysis: 280
Top CNAs:
- GitHub, Inc.: 374
- VulDB: 165
- VulnCheck: 147
- MITRE: 109
- kernel.org: 91
- N/A: 54
- Wordfence: 43
- Chrome: 21
- IBM Corporation: 17
- Cisco Systems, Inc.: 16
Top Affected Products:
- UNKNOWN: 933
- Endian Firewall: 30
- Openclaw: 24
- Google Chrome: 21
- Seppmail Secure Email Gateway: 14
- Apple Macos: 13
- Wwbn Avideo: 13
- Ahsanriaz26gmailcom Sales And Inventory System: 11
- Xenforo: 10
- Parseplatform Parse-server: 9
Top EPSS Score:
- CVE-2026-4257 - 15.83 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4257)
- CVE-2026-34156 - 5.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34156)
- CVE-2026-4020 - 4.49 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4020)
- CVE-2026-5281 - 3.03 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5281)
- CVE-2026-5176 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5176)
- CVE-2026-34453 - 2.67 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34453)
- CVE-2026-5102 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5102)
- CVE-2026-5103 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5103)
- CVE-2026-5104 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5104)
- CVE-2026-5105 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5105)
#Google parchea un zero-day de #Chrome en #WebGPU (CVE-2026-5281) que ya se está explotando
##📈 CVE Published in last 7 days (2026-03-30 - 2026-04-06)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1282
Severity:
- Critical: 134
- High: 375
- Medium: 561
- Low: 63
- None: 149
Status:
- : 54
- Analyzed: 257
- Awaiting Analysis: 410
- Modified: 9
- Received: 265
- Rejected: 7
- Undergoing Analysis: 280
Top CNAs:
- GitHub, Inc.: 374
- VulDB: 165
- VulnCheck: 147
- MITRE: 109
- kernel.org: 91
- N/A: 54
- Wordfence: 43
- Chrome: 21
- IBM Corporation: 17
- Cisco Systems, Inc.: 16
Top Affected Products:
- UNKNOWN: 933
- Endian Firewall: 30
- Openclaw: 24
- Google Chrome: 21
- Seppmail Secure Email Gateway: 14
- Apple Macos: 13
- Wwbn Avideo: 13
- Ahsanriaz26gmailcom Sales And Inventory System: 11
- Xenforo: 10
- Parseplatform Parse-server: 9
Top EPSS Score:
- CVE-2026-4257 - 15.83 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4257)
- CVE-2026-34156 - 5.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34156)
- CVE-2026-4020 - 4.49 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4020)
- CVE-2026-5281 - 3.03 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5281)
- CVE-2026-5176 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5176)
- CVE-2026-34453 - 2.67 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34453)
- CVE-2026-5102 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5102)
- CVE-2026-5103 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5103)
- CVE-2026-5104 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5104)
- CVE-2026-5105 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5105)
Geopolitical: US-Israel/Iran conflict intensifies; F-15E reportedly downed. UN debates Strait of Hormuz access.
Technology: 6G networks raise significant AI-driven cybersecurity risks. Apple plans to open Siri to rival AI in iOS 27. NASA's Artemis II mission launched astronauts to the Moon.
Cybersecurity: Google Chrome zero-day (CVE-2026-5281) actively exploited. Odido Telecom suffered a breach exposing 6 million identities. Lapsus$ claimed a supply chain attack on LiteLLM. Texas hospital hit by ransomware, affecting 250,000 patients.
#AnonNews_irc #Cybersecurity #News
CISA just added CVE-2026-5281, a vulnerability in Google Dawn, to its Known Exploited Vulnerabilities catalog. Dawn is the WebGPU implementation used across Chromium-based browsers, which means this flaw has a wide attack surface touching Chrome, Edge, and other...
Read more: https://steelefortress.com/jycnya
Cybersecurity #CyberDefense #DataPrivacy
##Geopolitical tensions rise as Iran's Strait of Hormuz blockade severely disrupts shipping, causing global oil price surges. In cybersecurity, Google issued an emergency patch for a Chrome zero-day (CVE-2026-5281) actively exploited, alongside critical F5 BIG-IP and Citrix NetScaler vulnerabilities under exploitation. The tech sector saw OpenAI secure $122B in funding, with Oracle cutting jobs for AI infrastructure investments. Social media companies face new addiction lawsuits.
##⚪️ Google Chrome patches fourth actively exploited zero‑day vulnerability
🗨️ Google developers have released an emergency update for the Chrome browser that fixes the 0‑day vulnerability CVE-2026-5281, which has already been exploited in real-world attacks. The vulnerability tracked as CVE-2026-5281 is related to a use-after-free issue in Dawn, the cross-platform…
##updated 2026-04-01T21:09:10
1 posts
🟠 CVE-2026-34742 - High (8.1)
The Go MCP SDK used Go's standard encoding/json. Prior to version 1.4.0, the Model Context Protocol (MCP) Go SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34742/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T20:58:51
1 posts
🟠 CVE-2026-34581 - High (8.1)
goshs is a SimpleHTTPServer written in Go. From version 1.1.0 to before version 2.0.0-beta.2, when using the Share Token it is possible to bypass the limited selected file download with all the gosh functionalities, including code exec. This issue...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34581/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T19:52:05
1 posts
🟠 CVE-2026-33544 - High (7.7)
Tinyauth is an authentication and authorization server. Prior to version 5.0.5, all three OAuth service implementations (GenericOAuthService, GithubOAuthService, GoogleOAuthService) store PKCE verifiers and access tokens as mutable struct fields o...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33544/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T19:46:02
2 posts
🟠 CVE-2026-28805 - High (8.8)
OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.10.2, multiple AJAX select handlers in OpenSTAManager are vulnerable to Time-Based Blind SQL Injection through the options[stato] GET p...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28805/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-28805 - High (8.8)
OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.10.2, multiple AJAX select handlers in OpenSTAManager are vulnerable to Time-Based Blind SQL Injection through the options[stato] GET p...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28805/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T19:07:04.223000
10 posts
1 repos
OpenClaw privilege escalation vulnerability: https://nvd.nist.gov/vuln/detail/CVE-2026-33579
Discussion: http://news.ycombinator.com/item?id=47628608
##OpenClaw also got a terrifying privilege escalation vulnerability https://nvd.nist.gov/vuln/detail/CVE-2026-33579
Meanwhile the OpenClaw founder is claiming shush, it's no big deal, probably most of these aren't really exploitable! (There's good business interest reasons to argue that, since OpenClaw's founders got acquired by OpenAI) https://news.ycombinator.com/item?id=47629849
Okay. I know I have more than a few security researchers following me. There's a public list of literally hundreds of thousands of publicly accessible OpenClaw instances right here: https://openclaw.allegro.earth/
Anyone try taking a sampling of them and testing how vulnerable against recent escalation CVEs they are? Could be a rather juicy writeup!
##OpenClaw also got a terrifying privilege escalation vulnerability https://nvd.nist.gov/vuln/detail/CVE-2026-33579
Meanwhile the OpenClaw founder is claiming shush, it's no big deal, probably most of these aren't really exploitable! (There's good business interest reasons to argue that, since OpenClaw's founders got acquired by OpenAI) https://news.ycombinator.com/item?id=47629849
Okay. I know I have more than a few security researchers following me. There's a public list of literally hundreds of thousands of publicly accessible OpenClaw instances right here: https://openclaw.allegro.earth/
Anyone try taking a sampling of them and testing how vulnerable against recent escalation CVEs they are? Could be a rather juicy writeup!
##OpenClaw privilege escalation vulnerability
https://nvd.nist.gov/vuln/detail/CVE-2026-33579
Discussion: https://news.ycombinator.com/item?id=47628608
OpenClaw privilege escalation vulnerability
Link: https://nvd.nist.gov/vuln/detail/CVE-2026-33579
Discussion: https://news.ycombinator.com/item?id=47628608
OpenClaw privilege escalation vulnerability
##@masek Thanks for the screenshot and the reference to CVE-2026-33579 - the reddit comment has been removed. 🙏
##Also, is it possible the github commit links for the patch for CVE-2026-33579 are... just wrong? That commit doesnt really seem to match the description? (Didnt fully check it yet)
##I'm trying to understand a bit more about CVE-2026-33579, the critical vulnerability in OpenClaw. To exploit, an attacker needs low-level paring privilege permissions. How does one acquire such privileges? Can anyone do it? I'm asking because I want to understand what's required for an attacker to exploit.
Feel free to ping me at DanArs.82, or drop an answer here.
##If you're running OpenClaw, you probably got hacked in the last week https://blink.new/blog/cve-2026-33579-openclaw-privilege-escalation-2026
##updated 2026-04-01T15:23:23.797000
2 posts
CVE-2026-4747
Re what's quoted in the opening post at <https://forums.freebsd.org/threads/102251/>, please note that Nicholas Carlini has not yet made a public statement about findings.
(I should not treat notebookcheck.net as an authoritative source on this matter.)
##CVE-2026-4747
Re what's quoted in the opening post at <https://forums.freebsd.org/threads/102251/>, please note that Nicholas Carlini has not yet made a public statement about findings.
(I should not treat notebookcheck.net as an authoritative source on this matter.)
##updated 2026-04-01T14:24:02.583000
2 posts
📈 CVE Published in last 7 days (2026-03-30 - 2026-04-06)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1282
Severity:
- Critical: 134
- High: 375
- Medium: 561
- Low: 63
- None: 149
Status:
- : 54
- Analyzed: 257
- Awaiting Analysis: 410
- Modified: 9
- Received: 265
- Rejected: 7
- Undergoing Analysis: 280
Top CNAs:
- GitHub, Inc.: 374
- VulDB: 165
- VulnCheck: 147
- MITRE: 109
- kernel.org: 91
- N/A: 54
- Wordfence: 43
- Chrome: 21
- IBM Corporation: 17
- Cisco Systems, Inc.: 16
Top Affected Products:
- UNKNOWN: 933
- Endian Firewall: 30
- Openclaw: 24
- Google Chrome: 21
- Seppmail Secure Email Gateway: 14
- Apple Macos: 13
- Wwbn Avideo: 13
- Ahsanriaz26gmailcom Sales And Inventory System: 11
- Xenforo: 10
- Parseplatform Parse-server: 9
Top EPSS Score:
- CVE-2026-4257 - 15.83 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4257)
- CVE-2026-34156 - 5.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34156)
- CVE-2026-4020 - 4.49 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4020)
- CVE-2026-5281 - 3.03 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5281)
- CVE-2026-5176 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5176)
- CVE-2026-34453 - 2.67 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34453)
- CVE-2026-5102 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5102)
- CVE-2026-5103 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5103)
- CVE-2026-5104 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5104)
- CVE-2026-5105 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5105)
📈 CVE Published in last 7 days (2026-03-30 - 2026-04-06)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1282
Severity:
- Critical: 134
- High: 375
- Medium: 561
- Low: 63
- None: 149
Status:
- : 54
- Analyzed: 257
- Awaiting Analysis: 410
- Modified: 9
- Received: 265
- Rejected: 7
- Undergoing Analysis: 280
Top CNAs:
- GitHub, Inc.: 374
- VulDB: 165
- VulnCheck: 147
- MITRE: 109
- kernel.org: 91
- N/A: 54
- Wordfence: 43
- Chrome: 21
- IBM Corporation: 17
- Cisco Systems, Inc.: 16
Top Affected Products:
- UNKNOWN: 933
- Endian Firewall: 30
- Openclaw: 24
- Google Chrome: 21
- Seppmail Secure Email Gateway: 14
- Apple Macos: 13
- Wwbn Avideo: 13
- Ahsanriaz26gmailcom Sales And Inventory System: 11
- Xenforo: 10
- Parseplatform Parse-server: 9
Top EPSS Score:
- CVE-2026-4257 - 15.83 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4257)
- CVE-2026-34156 - 5.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34156)
- CVE-2026-4020 - 4.49 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4020)
- CVE-2026-5281 - 3.03 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5281)
- CVE-2026-5176 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5176)
- CVE-2026-34453 - 2.67 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34453)
- CVE-2026-5102 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5102)
- CVE-2026-5103 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5103)
- CVE-2026-5104 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5104)
- CVE-2026-5105 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5105)
updated 2026-04-01T00:19:07
1 posts
🟠 CVE-2026-34601 - High (7.5)
xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In xmldom versions 0.6.0 and prior and @xmldom/xmldom prior to versions 0.8.12 and 0.9.9, xmldom/xmldom allows attacker-controlled string...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34601/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T23:30:05
2 posts
📈 CVE Published in last 7 days (2026-03-30 - 2026-04-06)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1282
Severity:
- Critical: 134
- High: 375
- Medium: 561
- Low: 63
- None: 149
Status:
- : 54
- Analyzed: 257
- Awaiting Analysis: 410
- Modified: 9
- Received: 265
- Rejected: 7
- Undergoing Analysis: 280
Top CNAs:
- GitHub, Inc.: 374
- VulDB: 165
- VulnCheck: 147
- MITRE: 109
- kernel.org: 91
- N/A: 54
- Wordfence: 43
- Chrome: 21
- IBM Corporation: 17
- Cisco Systems, Inc.: 16
Top Affected Products:
- UNKNOWN: 933
- Endian Firewall: 30
- Openclaw: 24
- Google Chrome: 21
- Seppmail Secure Email Gateway: 14
- Apple Macos: 13
- Wwbn Avideo: 13
- Ahsanriaz26gmailcom Sales And Inventory System: 11
- Xenforo: 10
- Parseplatform Parse-server: 9
Top EPSS Score:
- CVE-2026-4257 - 15.83 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4257)
- CVE-2026-34156 - 5.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34156)
- CVE-2026-4020 - 4.49 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4020)
- CVE-2026-5281 - 3.03 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5281)
- CVE-2026-5176 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5176)
- CVE-2026-34453 - 2.67 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34453)
- CVE-2026-5102 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5102)
- CVE-2026-5103 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5103)
- CVE-2026-5104 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5104)
- CVE-2026-5105 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5105)
📈 CVE Published in last 7 days (2026-03-30 - 2026-04-06)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1282
Severity:
- Critical: 134
- High: 375
- Medium: 561
- Low: 63
- None: 149
Status:
- : 54
- Analyzed: 257
- Awaiting Analysis: 410
- Modified: 9
- Received: 265
- Rejected: 7
- Undergoing Analysis: 280
Top CNAs:
- GitHub, Inc.: 374
- VulDB: 165
- VulnCheck: 147
- MITRE: 109
- kernel.org: 91
- N/A: 54
- Wordfence: 43
- Chrome: 21
- IBM Corporation: 17
- Cisco Systems, Inc.: 16
Top Affected Products:
- UNKNOWN: 933
- Endian Firewall: 30
- Openclaw: 24
- Google Chrome: 21
- Seppmail Secure Email Gateway: 14
- Apple Macos: 13
- Wwbn Avideo: 13
- Ahsanriaz26gmailcom Sales And Inventory System: 11
- Xenforo: 10
- Parseplatform Parse-server: 9
Top EPSS Score:
- CVE-2026-4257 - 15.83 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4257)
- CVE-2026-34156 - 5.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34156)
- CVE-2026-4020 - 4.49 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4020)
- CVE-2026-5281 - 3.03 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5281)
- CVE-2026-5176 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5176)
- CVE-2026-34453 - 2.67 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34453)
- CVE-2026-5102 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5102)
- CVE-2026-5103 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5103)
- CVE-2026-5104 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5104)
- CVE-2026-5105 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5105)
updated 2026-03-31T18:50:36
2 posts
1 repos
📈 CVE Published in last 7 days (2026-03-30 - 2026-04-06)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1282
Severity:
- Critical: 134
- High: 375
- Medium: 561
- Low: 63
- None: 149
Status:
- : 54
- Analyzed: 257
- Awaiting Analysis: 410
- Modified: 9
- Received: 265
- Rejected: 7
- Undergoing Analysis: 280
Top CNAs:
- GitHub, Inc.: 374
- VulDB: 165
- VulnCheck: 147
- MITRE: 109
- kernel.org: 91
- N/A: 54
- Wordfence: 43
- Chrome: 21
- IBM Corporation: 17
- Cisco Systems, Inc.: 16
Top Affected Products:
- UNKNOWN: 933
- Endian Firewall: 30
- Openclaw: 24
- Google Chrome: 21
- Seppmail Secure Email Gateway: 14
- Apple Macos: 13
- Wwbn Avideo: 13
- Ahsanriaz26gmailcom Sales And Inventory System: 11
- Xenforo: 10
- Parseplatform Parse-server: 9
Top EPSS Score:
- CVE-2026-4257 - 15.83 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4257)
- CVE-2026-34156 - 5.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34156)
- CVE-2026-4020 - 4.49 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4020)
- CVE-2026-5281 - 3.03 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5281)
- CVE-2026-5176 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5176)
- CVE-2026-34453 - 2.67 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34453)
- CVE-2026-5102 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5102)
- CVE-2026-5103 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5103)
- CVE-2026-5104 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5104)
- CVE-2026-5105 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5105)
📈 CVE Published in last 7 days (2026-03-30 - 2026-04-06)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1282
Severity:
- Critical: 134
- High: 375
- Medium: 561
- Low: 63
- None: 149
Status:
- : 54
- Analyzed: 257
- Awaiting Analysis: 410
- Modified: 9
- Received: 265
- Rejected: 7
- Undergoing Analysis: 280
Top CNAs:
- GitHub, Inc.: 374
- VulDB: 165
- VulnCheck: 147
- MITRE: 109
- kernel.org: 91
- N/A: 54
- Wordfence: 43
- Chrome: 21
- IBM Corporation: 17
- Cisco Systems, Inc.: 16
Top Affected Products:
- UNKNOWN: 933
- Endian Firewall: 30
- Openclaw: 24
- Google Chrome: 21
- Seppmail Secure Email Gateway: 14
- Apple Macos: 13
- Wwbn Avideo: 13
- Ahsanriaz26gmailcom Sales And Inventory System: 11
- Xenforo: 10
- Parseplatform Parse-server: 9
Top EPSS Score:
- CVE-2026-4257 - 15.83 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4257)
- CVE-2026-34156 - 5.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34156)
- CVE-2026-4020 - 4.49 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4020)
- CVE-2026-5281 - 3.03 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5281)
- CVE-2026-5176 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5176)
- CVE-2026-34453 - 2.67 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34453)
- CVE-2026-5102 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5102)
- CVE-2026-5103 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5103)
- CVE-2026-5104 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5104)
- CVE-2026-5105 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5105)
updated 2026-03-31T03:31:35
2 posts
📈 CVE Published in last 7 days (2026-03-30 - 2026-04-06)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1282
Severity:
- Critical: 134
- High: 375
- Medium: 561
- Low: 63
- None: 149
Status:
- : 54
- Analyzed: 257
- Awaiting Analysis: 410
- Modified: 9
- Received: 265
- Rejected: 7
- Undergoing Analysis: 280
Top CNAs:
- GitHub, Inc.: 374
- VulDB: 165
- VulnCheck: 147
- MITRE: 109
- kernel.org: 91
- N/A: 54
- Wordfence: 43
- Chrome: 21
- IBM Corporation: 17
- Cisco Systems, Inc.: 16
Top Affected Products:
- UNKNOWN: 933
- Endian Firewall: 30
- Openclaw: 24
- Google Chrome: 21
- Seppmail Secure Email Gateway: 14
- Apple Macos: 13
- Wwbn Avideo: 13
- Ahsanriaz26gmailcom Sales And Inventory System: 11
- Xenforo: 10
- Parseplatform Parse-server: 9
Top EPSS Score:
- CVE-2026-4257 - 15.83 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4257)
- CVE-2026-34156 - 5.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34156)
- CVE-2026-4020 - 4.49 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4020)
- CVE-2026-5281 - 3.03 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5281)
- CVE-2026-5176 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5176)
- CVE-2026-34453 - 2.67 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34453)
- CVE-2026-5102 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5102)
- CVE-2026-5103 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5103)
- CVE-2026-5104 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5104)
- CVE-2026-5105 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5105)
📈 CVE Published in last 7 days (2026-03-30 - 2026-04-06)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1282
Severity:
- Critical: 134
- High: 375
- Medium: 561
- Low: 63
- None: 149
Status:
- : 54
- Analyzed: 257
- Awaiting Analysis: 410
- Modified: 9
- Received: 265
- Rejected: 7
- Undergoing Analysis: 280
Top CNAs:
- GitHub, Inc.: 374
- VulDB: 165
- VulnCheck: 147
- MITRE: 109
- kernel.org: 91
- N/A: 54
- Wordfence: 43
- Chrome: 21
- IBM Corporation: 17
- Cisco Systems, Inc.: 16
Top Affected Products:
- UNKNOWN: 933
- Endian Firewall: 30
- Openclaw: 24
- Google Chrome: 21
- Seppmail Secure Email Gateway: 14
- Apple Macos: 13
- Wwbn Avideo: 13
- Ahsanriaz26gmailcom Sales And Inventory System: 11
- Xenforo: 10
- Parseplatform Parse-server: 9
Top EPSS Score:
- CVE-2026-4257 - 15.83 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4257)
- CVE-2026-34156 - 5.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34156)
- CVE-2026-4020 - 4.49 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4020)
- CVE-2026-5281 - 3.03 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5281)
- CVE-2026-5176 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5176)
- CVE-2026-34453 - 2.67 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34453)
- CVE-2026-5102 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5102)
- CVE-2026-5103 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5103)
- CVE-2026-5104 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5104)
- CVE-2026-5105 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5105)
updated 2026-03-31T00:31:19
2 posts
📈 CVE Published in last 7 days (2026-03-30 - 2026-04-06)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1282
Severity:
- Critical: 134
- High: 375
- Medium: 561
- Low: 63
- None: 149
Status:
- : 54
- Analyzed: 257
- Awaiting Analysis: 410
- Modified: 9
- Received: 265
- Rejected: 7
- Undergoing Analysis: 280
Top CNAs:
- GitHub, Inc.: 374
- VulDB: 165
- VulnCheck: 147
- MITRE: 109
- kernel.org: 91
- N/A: 54
- Wordfence: 43
- Chrome: 21
- IBM Corporation: 17
- Cisco Systems, Inc.: 16
Top Affected Products:
- UNKNOWN: 933
- Endian Firewall: 30
- Openclaw: 24
- Google Chrome: 21
- Seppmail Secure Email Gateway: 14
- Apple Macos: 13
- Wwbn Avideo: 13
- Ahsanriaz26gmailcom Sales And Inventory System: 11
- Xenforo: 10
- Parseplatform Parse-server: 9
Top EPSS Score:
- CVE-2026-4257 - 15.83 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4257)
- CVE-2026-34156 - 5.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34156)
- CVE-2026-4020 - 4.49 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4020)
- CVE-2026-5281 - 3.03 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5281)
- CVE-2026-5176 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5176)
- CVE-2026-34453 - 2.67 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34453)
- CVE-2026-5102 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5102)
- CVE-2026-5103 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5103)
- CVE-2026-5104 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5104)
- CVE-2026-5105 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5105)
📈 CVE Published in last 7 days (2026-03-30 - 2026-04-06)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1282
Severity:
- Critical: 134
- High: 375
- Medium: 561
- Low: 63
- None: 149
Status:
- : 54
- Analyzed: 257
- Awaiting Analysis: 410
- Modified: 9
- Received: 265
- Rejected: 7
- Undergoing Analysis: 280
Top CNAs:
- GitHub, Inc.: 374
- VulDB: 165
- VulnCheck: 147
- MITRE: 109
- kernel.org: 91
- N/A: 54
- Wordfence: 43
- Chrome: 21
- IBM Corporation: 17
- Cisco Systems, Inc.: 16
Top Affected Products:
- UNKNOWN: 933
- Endian Firewall: 30
- Openclaw: 24
- Google Chrome: 21
- Seppmail Secure Email Gateway: 14
- Apple Macos: 13
- Wwbn Avideo: 13
- Ahsanriaz26gmailcom Sales And Inventory System: 11
- Xenforo: 10
- Parseplatform Parse-server: 9
Top EPSS Score:
- CVE-2026-4257 - 15.83 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4257)
- CVE-2026-34156 - 5.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34156)
- CVE-2026-4020 - 4.49 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4020)
- CVE-2026-5281 - 3.03 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5281)
- CVE-2026-5176 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5176)
- CVE-2026-34453 - 2.67 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34453)
- CVE-2026-5102 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5102)
- CVE-2026-5103 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5103)
- CVE-2026-5104 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5104)
- CVE-2026-5105 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5105)
updated 2026-03-30T18:32:18
2 posts
📈 CVE Published in last 7 days (2026-03-30 - 2026-04-06)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1282
Severity:
- Critical: 134
- High: 375
- Medium: 561
- Low: 63
- None: 149
Status:
- : 54
- Analyzed: 257
- Awaiting Analysis: 410
- Modified: 9
- Received: 265
- Rejected: 7
- Undergoing Analysis: 280
Top CNAs:
- GitHub, Inc.: 374
- VulDB: 165
- VulnCheck: 147
- MITRE: 109
- kernel.org: 91
- N/A: 54
- Wordfence: 43
- Chrome: 21
- IBM Corporation: 17
- Cisco Systems, Inc.: 16
Top Affected Products:
- UNKNOWN: 933
- Endian Firewall: 30
- Openclaw: 24
- Google Chrome: 21
- Seppmail Secure Email Gateway: 14
- Apple Macos: 13
- Wwbn Avideo: 13
- Ahsanriaz26gmailcom Sales And Inventory System: 11
- Xenforo: 10
- Parseplatform Parse-server: 9
Top EPSS Score:
- CVE-2026-4257 - 15.83 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4257)
- CVE-2026-34156 - 5.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34156)
- CVE-2026-4020 - 4.49 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4020)
- CVE-2026-5281 - 3.03 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5281)
- CVE-2026-5176 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5176)
- CVE-2026-34453 - 2.67 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34453)
- CVE-2026-5102 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5102)
- CVE-2026-5103 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5103)
- CVE-2026-5104 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5104)
- CVE-2026-5105 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5105)
📈 CVE Published in last 7 days (2026-03-30 - 2026-04-06)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1282
Severity:
- Critical: 134
- High: 375
- Medium: 561
- Low: 63
- None: 149
Status:
- : 54
- Analyzed: 257
- Awaiting Analysis: 410
- Modified: 9
- Received: 265
- Rejected: 7
- Undergoing Analysis: 280
Top CNAs:
- GitHub, Inc.: 374
- VulDB: 165
- VulnCheck: 147
- MITRE: 109
- kernel.org: 91
- N/A: 54
- Wordfence: 43
- Chrome: 21
- IBM Corporation: 17
- Cisco Systems, Inc.: 16
Top Affected Products:
- UNKNOWN: 933
- Endian Firewall: 30
- Openclaw: 24
- Google Chrome: 21
- Seppmail Secure Email Gateway: 14
- Apple Macos: 13
- Wwbn Avideo: 13
- Ahsanriaz26gmailcom Sales And Inventory System: 11
- Xenforo: 10
- Parseplatform Parse-server: 9
Top EPSS Score:
- CVE-2026-4257 - 15.83 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4257)
- CVE-2026-34156 - 5.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34156)
- CVE-2026-4020 - 4.49 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4020)
- CVE-2026-5281 - 3.03 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5281)
- CVE-2026-5176 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5176)
- CVE-2026-34453 - 2.67 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34453)
- CVE-2026-5102 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5102)
- CVE-2026-5103 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5103)
- CVE-2026-5104 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5104)
- CVE-2026-5105 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5105)
updated 2026-03-30T18:31:16
2 posts
📈 CVE Published in last 7 days (2026-03-30 - 2026-04-06)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1282
Severity:
- Critical: 134
- High: 375
- Medium: 561
- Low: 63
- None: 149
Status:
- : 54
- Analyzed: 257
- Awaiting Analysis: 410
- Modified: 9
- Received: 265
- Rejected: 7
- Undergoing Analysis: 280
Top CNAs:
- GitHub, Inc.: 374
- VulDB: 165
- VulnCheck: 147
- MITRE: 109
- kernel.org: 91
- N/A: 54
- Wordfence: 43
- Chrome: 21
- IBM Corporation: 17
- Cisco Systems, Inc.: 16
Top Affected Products:
- UNKNOWN: 933
- Endian Firewall: 30
- Openclaw: 24
- Google Chrome: 21
- Seppmail Secure Email Gateway: 14
- Apple Macos: 13
- Wwbn Avideo: 13
- Ahsanriaz26gmailcom Sales And Inventory System: 11
- Xenforo: 10
- Parseplatform Parse-server: 9
Top EPSS Score:
- CVE-2026-4257 - 15.83 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4257)
- CVE-2026-34156 - 5.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34156)
- CVE-2026-4020 - 4.49 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4020)
- CVE-2026-5281 - 3.03 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5281)
- CVE-2026-5176 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5176)
- CVE-2026-34453 - 2.67 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34453)
- CVE-2026-5102 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5102)
- CVE-2026-5103 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5103)
- CVE-2026-5104 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5104)
- CVE-2026-5105 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5105)
📈 CVE Published in last 7 days (2026-03-30 - 2026-04-06)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1282
Severity:
- Critical: 134
- High: 375
- Medium: 561
- Low: 63
- None: 149
Status:
- : 54
- Analyzed: 257
- Awaiting Analysis: 410
- Modified: 9
- Received: 265
- Rejected: 7
- Undergoing Analysis: 280
Top CNAs:
- GitHub, Inc.: 374
- VulDB: 165
- VulnCheck: 147
- MITRE: 109
- kernel.org: 91
- N/A: 54
- Wordfence: 43
- Chrome: 21
- IBM Corporation: 17
- Cisco Systems, Inc.: 16
Top Affected Products:
- UNKNOWN: 933
- Endian Firewall: 30
- Openclaw: 24
- Google Chrome: 21
- Seppmail Secure Email Gateway: 14
- Apple Macos: 13
- Wwbn Avideo: 13
- Ahsanriaz26gmailcom Sales And Inventory System: 11
- Xenforo: 10
- Parseplatform Parse-server: 9
Top EPSS Score:
- CVE-2026-4257 - 15.83 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4257)
- CVE-2026-34156 - 5.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34156)
- CVE-2026-4020 - 4.49 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4020)
- CVE-2026-5281 - 3.03 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5281)
- CVE-2026-5176 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5176)
- CVE-2026-34453 - 2.67 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34453)
- CVE-2026-5102 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5102)
- CVE-2026-5103 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5103)
- CVE-2026-5104 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5104)
- CVE-2026-5105 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5105)
updated 2026-03-30T18:31:16
2 posts
📈 CVE Published in last 7 days (2026-03-30 - 2026-04-06)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1282
Severity:
- Critical: 134
- High: 375
- Medium: 561
- Low: 63
- None: 149
Status:
- : 54
- Analyzed: 257
- Awaiting Analysis: 410
- Modified: 9
- Received: 265
- Rejected: 7
- Undergoing Analysis: 280
Top CNAs:
- GitHub, Inc.: 374
- VulDB: 165
- VulnCheck: 147
- MITRE: 109
- kernel.org: 91
- N/A: 54
- Wordfence: 43
- Chrome: 21
- IBM Corporation: 17
- Cisco Systems, Inc.: 16
Top Affected Products:
- UNKNOWN: 933
- Endian Firewall: 30
- Openclaw: 24
- Google Chrome: 21
- Seppmail Secure Email Gateway: 14
- Apple Macos: 13
- Wwbn Avideo: 13
- Ahsanriaz26gmailcom Sales And Inventory System: 11
- Xenforo: 10
- Parseplatform Parse-server: 9
Top EPSS Score:
- CVE-2026-4257 - 15.83 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4257)
- CVE-2026-34156 - 5.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34156)
- CVE-2026-4020 - 4.49 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4020)
- CVE-2026-5281 - 3.03 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5281)
- CVE-2026-5176 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5176)
- CVE-2026-34453 - 2.67 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34453)
- CVE-2026-5102 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5102)
- CVE-2026-5103 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5103)
- CVE-2026-5104 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5104)
- CVE-2026-5105 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5105)
📈 CVE Published in last 7 days (2026-03-30 - 2026-04-06)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1282
Severity:
- Critical: 134
- High: 375
- Medium: 561
- Low: 63
- None: 149
Status:
- : 54
- Analyzed: 257
- Awaiting Analysis: 410
- Modified: 9
- Received: 265
- Rejected: 7
- Undergoing Analysis: 280
Top CNAs:
- GitHub, Inc.: 374
- VulDB: 165
- VulnCheck: 147
- MITRE: 109
- kernel.org: 91
- N/A: 54
- Wordfence: 43
- Chrome: 21
- IBM Corporation: 17
- Cisco Systems, Inc.: 16
Top Affected Products:
- UNKNOWN: 933
- Endian Firewall: 30
- Openclaw: 24
- Google Chrome: 21
- Seppmail Secure Email Gateway: 14
- Apple Macos: 13
- Wwbn Avideo: 13
- Ahsanriaz26gmailcom Sales And Inventory System: 11
- Xenforo: 10
- Parseplatform Parse-server: 9
Top EPSS Score:
- CVE-2026-4257 - 15.83 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4257)
- CVE-2026-34156 - 5.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34156)
- CVE-2026-4020 - 4.49 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4020)
- CVE-2026-5281 - 3.03 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5281)
- CVE-2026-5176 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5176)
- CVE-2026-34453 - 2.67 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34453)
- CVE-2026-5102 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5102)
- CVE-2026-5103 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5103)
- CVE-2026-5104 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5104)
- CVE-2026-5105 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5105)
updated 2026-03-30T18:12:01.663000
1 posts
🔴 CVE-2026-34745 - Critical (9.1)
Fireshare facilitates self-hosted media and link sharing. Prior to version 1.5.3, the fix for CVE-2026-33645 was applied to the authenticated /api/uploadChunked endpoint but was not applied to the unauthenticated /api/uploadChunked/public endpoint...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34745/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-30T17:01:32
1 posts
🟠 CVE-2026-33641 - High (7.8)
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuration parsing. This beh...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33641/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-30T13:26:07.647000
1 posts
INTEL ALERT] CVE-2026-4425 is live. Is your GIGABYTE Control Center (GCC) acting as a backdoor for digital decay? I’m breaking down the forensic evidence and showing you how to harden your precinct. Don't let unpatched utilities breach your perimeter.
Read the full brief at The Cyber Mind Co.
##updated 2026-03-30T12:32:36
1 posts
INTEL ALERT] CVE-2026-4425 is live. Is your GIGABYTE Control Center (GCC) acting as a backdoor for digital decay? I’m breaking down the forensic evidence and showing you how to harden your precinct. Don't let unpatched utilities breach your perimeter.
Read the full brief at The Cyber Mind Co.
##updated 2026-03-30T00:31:08
2 posts
📈 CVE Published in last 7 days (2026-03-30 - 2026-04-06)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1282
Severity:
- Critical: 134
- High: 375
- Medium: 561
- Low: 63
- None: 149
Status:
- : 54
- Analyzed: 257
- Awaiting Analysis: 410
- Modified: 9
- Received: 265
- Rejected: 7
- Undergoing Analysis: 280
Top CNAs:
- GitHub, Inc.: 374
- VulDB: 165
- VulnCheck: 147
- MITRE: 109
- kernel.org: 91
- N/A: 54
- Wordfence: 43
- Chrome: 21
- IBM Corporation: 17
- Cisco Systems, Inc.: 16
Top Affected Products:
- UNKNOWN: 933
- Endian Firewall: 30
- Openclaw: 24
- Google Chrome: 21
- Seppmail Secure Email Gateway: 14
- Apple Macos: 13
- Wwbn Avideo: 13
- Ahsanriaz26gmailcom Sales And Inventory System: 11
- Xenforo: 10
- Parseplatform Parse-server: 9
Top EPSS Score:
- CVE-2026-4257 - 15.83 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4257)
- CVE-2026-34156 - 5.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34156)
- CVE-2026-4020 - 4.49 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4020)
- CVE-2026-5281 - 3.03 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5281)
- CVE-2026-5176 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5176)
- CVE-2026-34453 - 2.67 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34453)
- CVE-2026-5102 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5102)
- CVE-2026-5103 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5103)
- CVE-2026-5104 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5104)
- CVE-2026-5105 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5105)
📈 CVE Published in last 7 days (2026-03-30 - 2026-04-06)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1282
Severity:
- Critical: 134
- High: 375
- Medium: 561
- Low: 63
- None: 149
Status:
- : 54
- Analyzed: 257
- Awaiting Analysis: 410
- Modified: 9
- Received: 265
- Rejected: 7
- Undergoing Analysis: 280
Top CNAs:
- GitHub, Inc.: 374
- VulDB: 165
- VulnCheck: 147
- MITRE: 109
- kernel.org: 91
- N/A: 54
- Wordfence: 43
- Chrome: 21
- IBM Corporation: 17
- Cisco Systems, Inc.: 16
Top Affected Products:
- UNKNOWN: 933
- Endian Firewall: 30
- Openclaw: 24
- Google Chrome: 21
- Seppmail Secure Email Gateway: 14
- Apple Macos: 13
- Wwbn Avideo: 13
- Ahsanriaz26gmailcom Sales And Inventory System: 11
- Xenforo: 10
- Parseplatform Parse-server: 9
Top EPSS Score:
- CVE-2026-4257 - 15.83 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4257)
- CVE-2026-34156 - 5.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34156)
- CVE-2026-4020 - 4.49 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4020)
- CVE-2026-5281 - 3.03 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5281)
- CVE-2026-5176 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5176)
- CVE-2026-34453 - 2.67 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34453)
- CVE-2026-5102 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5102)
- CVE-2026-5103 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5103)
- CVE-2026-5104 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5104)
- CVE-2026-5105 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5105)
updated 2026-03-16T15:40:44.357000
1 posts
XBOW autonomous AI found 3 critical RCEs in Microsoft Cloud - first time AI discovered production vulnerabilities without source code access. CVE-2026-21536 was flagged as one of March Patch Tuesday's most severe issues. The arms race between researchers and hackers has shifted.
##updated 2025-12-09T16:53:25
4 posts
100 repos
https://github.com/zack0x01/vuln-app-CVE-2025-55182
https://github.com/vijay-shirhatti/RSC-Detect-CVE-2025-55182
https://github.com/acheong08/CVE-2025-55182-poc
https://github.com/sumanrox/rschunter
https://github.com/anuththara2007-W/CVE-2025-55182-Exploit-extension
https://github.com/M4xSec/CVE-2025-55182-React2Shell-RCE-Shell
https://github.com/emredavut/CVE-2025-55182
https://github.com/dwisiswant0/CVE-2025-55182
https://github.com/AliHzSec/CVE-2025-55182
https://github.com/jctommasi/react2shellVulnApp
https://github.com/whiteov3rflow/CVE-2025-55182-poc
https://github.com/pyroxenites/Nextjs_RCE_Exploit_Tool
https://github.com/kondukto-io/vulnerable-next-js-poc
https://github.com/Dh4v4l8/CVE-2025-55182-poc-tool
https://github.com/subhdotsol/CVE-2025-55182
https://github.com/alfazhossain/CVE-2025-55182-Exploiter
https://github.com/c0rydoras/CVE-2025-55182
https://github.com/Archerkong/CVE-2025-55182
https://github.com/Updatelap/CVE-2025-55182
https://github.com/Faithtiannn/CVE-2025-55182
https://github.com/RuoJi6/CVE-2025-55182-RCE-shell
https://github.com/yanoshercohen/React2Shell_CVE-2025-55182
https://github.com/momika233/CVE-2025-55182-bypass
https://github.com/MrR0b0t19/CVE-2025-55182-shellinteractive
https://github.com/Chocapikk/CVE-2025-55182
https://github.com/timsonner/React2Shell-CVE-2025-55182
https://github.com/Cr4at0r/Next.js-RCE-Scanner-BurpSuite-Extension-
https://github.com/pax-k/react2shell-CVE-2025-55182-full-rce-script
https://github.com/ZihxS/check-react-rce-cve-2025-55182
https://github.com/Spritualkb/CVE-2025-55182-exp
https://github.com/hoosin/CVE-2025-55182
https://github.com/alptexans/RSC-Detect-CVE-2025-55182
https://github.com/heiheishushu/rsc_detect_CVE-2025-55182
https://github.com/LemonTeatw1/CVE-2025-55182-exploit
https://github.com/xcanwin/CVE-2025-55182-React-RCE
https://github.com/im-ezboy/CVE-2025-55182-zoomeye
https://github.com/theman001/CVE-2025-55182
https://github.com/zzhorc/CVE-2025-55182
https://github.com/chrahman/react2shell-CVE-2025-55182-full-rce-script
https://github.com/mrknow001/RSC_Detector
https://github.com/kOaDT/poc-cve-2025-55182
https://github.com/websecuritylabs/React2Shell-Library
https://github.com/zack0x01/CVE-2025-55182-advanced-scanner-
https://github.com/xalgord/React2Shell
https://github.com/RavinduRathnayaka/CVE-2025-55182-PoC
https://github.com/santihabib/CVE-2025-55182-analysis
https://github.com/logesh-GIT001/CVE-2025-55182
https://github.com/surajhacx/react2shellpoc
https://github.com/cybertechajju/R2C-CVE-2025-55182-66478
https://github.com/fatguru/CVE-2025-55182-scanner
https://github.com/ThemeHackers/CVE-2025-55182
https://github.com/Syrins/CVE-2025-55182-React2Shell-RCE
https://github.com/hualy13/CVE-2025-55182
https://github.com/hackersatyamrastogi/react2shell-ultimate
https://github.com/Tiger-Foxx/exploit-react-CVE-2025-55182
https://github.com/sudo-Yangziran/CVE-2025-55182POC
https://github.com/VeilVulp/RscScan-cve-2025-55182
https://github.com/keklick1337/CVE-2025-55182-golang-PoC
https://github.com/shamo0/react2shell-PoC
https://github.com/assetnote/react2shell-scanner
https://github.com/hidden-investigations/react2shell-scanner
https://github.com/StealthMoud/CVE-2025-55182-Scanner
https://github.com/msanft/CVE-2025-55182
https://github.com/EynaExp/CVE-2025-55182-POC
https://github.com/AdityaBhatt3010/React2Shell-CVE-2025-55182
https://github.com/techgaun/cve-2025-55182-scanner
https://github.com/BeichenDream/CVE-2025-55182-GodzillaMemoryShell
https://github.com/shyambhanushali/React2Shell
https://github.com/lachlan2k/React2Shell-CVE-2025-55182-original-poc
https://github.com/jf0x3a/CVE-2025-55182-exploit
https://github.com/LucasPDiniz/CVE-2025-55182
https://github.com/freeqaz/react2shell
https://github.com/BlackTechX011/React2Shell
https://github.com/Rsatan/Next.js-Exploit-Tool
https://github.com/l4rm4nd/CVE-2025-55182
https://github.com/kavienanj/CVE-2025-55182
https://github.com/ynsmroztas/NextRce
https://github.com/alsaut1/react2shell-lab
https://github.com/snipevx/React2Shell-POC
https://github.com/MoLeft/React2Shell-Toolbox
https://github.com/gensecaihq/react2shell-scanner
https://github.com/xkillbit/cve-2025-55182-scanner
https://github.com/zr0n/react2shell
https://github.com/ejpir/CVE-2025-55182-research
https://github.com/Pizz33/CVE-2025-55182-burpscanner
https://github.com/CymulateResearch/React2Shell-Scanner
https://github.com/aliclub0x00/CVE-2025-55182-POC-NEXTJS
https://github.com/BankkRoll/Quickcheck-CVE-2025-55182-React-and-CVE-2025-66478-Next.js
https://github.com/vulncheck-oss/cve-2025-55182
https://github.com/theori-io/reactguard
https://github.com/sickwell/CVE-2025-55182
https://github.com/tobiasGuta/Next.js-RSC-RCE-Scanner-Burp-Suite-Extension
https://github.com/nehkark/CVE-2025-55182
https://github.com/songsanggggg/CVE-2025-55182
https://github.com/CirqueiraDev/MassExploit-CVE-2025-55182
https://github.com/ejpir/CVE-2025-55182-bypass
https://github.com/MemerGamer/CVE-2025-55182
Hackers exploit React2Shell in automated credential theft campaign
Hackers are running a large-scale campaign to steal credentials in an automated way after exploiting React2Shell (CVE-2025-55182) in vulnerable...
🔗️ [Bleepingcomputer] https://link.is.it/7WBrWn
##Hackers exploit React2Shell in automated credential theft campaign
Hackers are running a large-scale campaign to steal credentials in an automated way after exploiting React2Shell (CVE-2025-55182) in vulnerable...
🔗️ [Bleepingcomputer] https://link.is.it/7WBrWn
##⚠️ Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials
「 The campaign is assessed to be targeting Next.js applications that are vulnerable to CVE-2025-55182 (CVSS score: 10.0), a critical flaw in React Server Components and Next.js App Router that could result in remote code execution, for initial access, and then dropping the NEXUS Listener collection framework 」
https://thehackernews.com/2026/04/hackers-exploit-cve-2025-55182-to.html
##Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials
https://thehackernews.com/2026/04/hackers-exploit-cve-2025-55182-to.html
Read on HackerWorkspace: https://hackerworkspace.com/article/hackers-exploit-cve-2025-55182-to-breach-766-next-js-hosts-steal-credentials
##updated 2025-11-07T19:18:37.380000
1 posts
2 repos
Metasploit Framework is here with 5 new modules! Exploits for FreeScout (CVE-2026-28289) and Grav CMS (CVE-2025-50286) RCEs, plus a generic HTTP command execution module and a new Windows persistence technique. We also have a slew of bug fixes and enhancements including SOCKS proxy performance improvements #Metasploit https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-04-03-2026/1
##updated 2025-03-25T14:00:04
1 posts
23 repos
https://github.com/iSee857/CVE-2025-30208-PoC
https://github.com/ThumpBo/CVE-2025-30208-EXP
https://github.com/sumeet-darekar/CVE-2025-30208
https://github.com/sadhfdw129/CVE-2025-30208-Vite
https://github.com/marino-admin/Vite-CVE-2025-30208-Scanner
https://github.com/4xura/CVE-2025-30208
https://github.com/xuemian168/CVE-2025-30208
https://github.com/HaGsec/CVE-2025-30208
https://github.com/lilil3333/Vite-CVE-2025-30208-EXP
https://github.com/jackieya/ViteVulScan
https://github.com/HazaVVIP/CVE-2025-30208
https://github.com/TH-SecForge/CVE-2025-30208
https://github.com/keklick1337/CVE-2025-30208-ViteVulnScanner
https://github.com/ThemeHackers/CVE-2025-30208
https://github.com/kk12-30/CVE-2025-30208
https://github.com/nkuty/CVE-2025-30208-31125-31486-32395
https://github.com/4m3rr0r/CVE-2025-30208-PoC
https://github.com/MiclelsonCN/CVE-2025-30208_POC
https://github.com/imbas007/CVE-2025-30208-template
https://github.com/Lusensec/CVE-2025-30208
https://github.com/0xshaheen/CVE-2025-30208
Attempts to Exploit Exposed "Vite" Installs (CVE-2025-30208) https://isc.sans.edu/diary/32860
##There's a new unauth remote code execution bug in the CentOS Control Web Panel web hosting toolkit, tracked as CVE-2025-70951, that will need patching in the coming days
##There's a new unauth remote code execution bug in the CentOS Control Web Panel web hosting toolkit, tracked as CVE-2025-70951, that will need patching in the coming days
##New RCE in Control Web Panel (CVE-2025-70951) https://fenrisk.com/rce-centos-webpanel-2
##Tiens, intéressant : il s’agit du rapport technique sur la faille #glpi, à l'origine du patch du mois passé.
Si vous administrez un service GLPI
⬇️
"mettez à jour vers la version 11.0.6 disponible depuis le 3 mars 2026. Si la mise à jour n’est pas encore possible, activez l’authentification sur l’endpoint /Inventory (Paramètres → Inventaire → En-tête d’autorisation)."
⬇️
"GLPI : Blind XSS → ATO → SSTI → RCE — anatomie d'une chaîne 0-day
BZHunt a découvert deux vulnérabilités chaînées dans GLPI 11.0.0–11.0.5 (CVE-2026-26026, CVE-2026-26027) permettant à un attaquant non authentifié d'exécuter du code arbitraire via une Blind Stored XSS et une SSTI. Analyse technique complète et responsible disclosure."
👇
https://www.bzhunt.fr/blog/cve_glpi/
...et nice to know: Claude a encore aidé & tiré (Notice de transparence très appréciée)
"Cette recherche a été conduite avec l’assistance de Claude Opus 4.6 (Anthropic), utilisé par BZHunt dans son processus de R&D. Toutes les vulnérabilités ont été identifiées, vérifiées et exploitées par des chercheurs humains. Nous faisons le choix de la transparence sur l’usage de l’IA dans nos travaux, dans l’attente que des standards clairs émergent sur ce sujet."
#CyberVeille #CVE_2026_26026 CVE-2026-26027
##Tiens, intéressant : il s’agit du rapport technique sur la faille #glpi, à l'origine du patch du mois passé.
Si vous administrez un service GLPI
⬇️
"mettez à jour vers la version 11.0.6 disponible depuis le 3 mars 2026. Si la mise à jour n’est pas encore possible, activez l’authentification sur l’endpoint /Inventory (Paramètres → Inventaire → En-tête d’autorisation)."
⬇️
"GLPI : Blind XSS → ATO → SSTI → RCE — anatomie d'une chaîne 0-day
BZHunt a découvert deux vulnérabilités chaînées dans GLPI 11.0.0–11.0.5 (CVE-2026-26026, CVE-2026-26027) permettant à un attaquant non authentifié d'exécuter du code arbitraire via une Blind Stored XSS et une SSTI. Analyse technique complète et responsible disclosure."
👇
https://www.bzhunt.fr/blog/cve_glpi/
...et nice to know: Claude a encore aidé & tiré (Notice de transparence très appréciée)
"Cette recherche a été conduite avec l’assistance de Claude Opus 4.6 (Anthropic), utilisé par BZHunt dans son processus de R&D. Toutes les vulnérabilités ont été identifiées, vérifiées et exploitées par des chercheurs humains. Nous faisons le choix de la transparence sur l’usage de l’IA dans nos travaux, dans l’attente que des standards clairs émergent sur ce sujet."
#CyberVeille #CVE_2026_26026 CVE-2026-26027
##Tiens, intéressant : il s’agit du rapport technique sur la faille #glpi, à l'origine du patch du mois passé.
Si vous administrez un service GLPI
⬇️
"mettez à jour vers la version 11.0.6 disponible depuis le 3 mars 2026. Si la mise à jour n’est pas encore possible, activez l’authentification sur l’endpoint /Inventory (Paramètres → Inventaire → En-tête d’autorisation)."
⬇️
"GLPI : Blind XSS → ATO → SSTI → RCE — anatomie d'une chaîne 0-day
BZHunt a découvert deux vulnérabilités chaînées dans GLPI 11.0.0–11.0.5 (CVE-2026-26026, CVE-2026-26027) permettant à un attaquant non authentifié d'exécuter du code arbitraire via une Blind Stored XSS et une SSTI. Analyse technique complète et responsible disclosure."
👇
https://www.bzhunt.fr/blog/cve_glpi/
...et nice to know: Claude a encore aidé & tiré (Notice de transparence très appréciée)
"Cette recherche a été conduite avec l’assistance de Claude Opus 4.6 (Anthropic), utilisé par BZHunt dans son processus de R&D. Toutes les vulnérabilités ont été identifiées, vérifiées et exploitées par des chercheurs humains. Nous faisons le choix de la transparence sur l’usage de l’IA dans nos travaux, dans l’attente que des standards clairs émergent sur ce sujet."
#CyberVeille #CVE_2026_26026 CVE-2026-26027
##Tiens, intéressant : il s’agit du rapport technique sur la faille #glpi, à l'origine du patch du mois passé.
Si vous administrez un service GLPI
⬇️
"mettez à jour vers la version 11.0.6 disponible depuis le 3 mars 2026. Si la mise à jour n’est pas encore possible, activez l’authentification sur l’endpoint /Inventory (Paramètres → Inventaire → En-tête d’autorisation)."
⬇️
"GLPI : Blind XSS → ATO → SSTI → RCE — anatomie d'une chaîne 0-day
BZHunt a découvert deux vulnérabilités chaînées dans GLPI 11.0.0–11.0.5 (CVE-2026-26026, CVE-2026-26027) permettant à un attaquant non authentifié d'exécuter du code arbitraire via une Blind Stored XSS et une SSTI. Analyse technique complète et responsible disclosure."
👇
https://www.bzhunt.fr/blog/cve_glpi/
...et nice to know: Claude a encore aidé & tiré (Notice de transparence très appréciée)
"Cette recherche a été conduite avec l’assistance de Claude Opus 4.6 (Anthropic), utilisé par BZHunt dans son processus de R&D. Toutes les vulnérabilités ont été identifiées, vérifiées et exploitées par des chercheurs humains. Nous faisons le choix de la transparence sur l’usage de l’IA dans nos travaux, dans l’attente que des standards clairs émergent sur ce sujet."
#CyberVeille #CVE_2026_26026 CVE-2026-26027
##🟠 CVE-2026-31931 - High (7.5)
Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, use of the "tls.alpn" rule keyword can cause Suricata to crash with a NULL dereference. This issue has been patched in version 8.0.4.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31931/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-28798 - Critical (9)
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. Prior to version 1.5.3, a proxy endpoint (/v1/sys/proxy) exposed by ZimaOS's web interface can be abused (via an externally reachable domain using a Clo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28798/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27833 - High (7.5)
Piwigo is an open source photo gallery application for the web. Prior to version 16.3.0, the pwg.history.search API method in Piwigo is registered without the admin_only option, allowing unauthenticated users to access the full browsing history of...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27833/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Metasploit Framework is here with 5 new modules! Exploits for FreeScout (CVE-2026-28289) and Grav CMS (CVE-2025-50286) RCEs, plus a generic HTTP command execution module and a new Windows persistence technique. We also have a slew of bug fixes and enhancements including SOCKS proxy performance improvements #Metasploit https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-04-03-2026/1
##🚨 CRITICAL: CVE-2026-34745 in ShaneIsrael fireshare (<1.5.3) enables unauth’d file writes to any server path via /api/uploadChunked/public. Upgrade to 1.5.3 ASAP or restrict access. Full details: https://radar.offseq.com/threat/cve-2026-34745-cwe-22-improper-limitation-of-a-pat-3a68f043 #OffSeq #CVE202634745 #infosec #patchnow
##🔴 CVE-2026-34745 - Critical (9.1)
Fireshare facilitates self-hosted media and link sharing. Prior to version 1.5.3, the fix for CVE-2026-33645 was applied to the authenticated /api/uploadChunked endpoint but was not applied to the unauthenticated /api/uploadChunked/public endpoint...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34745/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-31937 - High (7.5)
Suricata is a network IDS, IPS and NSM engine. Prior to version 7.0.15, inefficiency in DCERPC buffering can lead to a performance degradation. This issue has been patched in version 7.0.15.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31937/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-31935 - High (7.5)
Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, flooding of craft HTTP2 continuation frames can lead to memory exhaustion, usually resulting in the Suricata process being shut down by the operating system. This i...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31935/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-33746 - Critical (9.8)
Convoy is a KVM server management panel for hosting businesses. From version 3.9.0-beta to before version 4.5.1, the JWTService::decode() method did not verify the cryptographic signature of JWT tokens. While the method configured a symmetric HMAC...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33746/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-34717 - Critical (9.9)
OpenProject is an open-source, web-based project management software. Prior to version 17.2.3, the =n operator in modules/reporting/lib/report/operator.rb:177 embeds user input directly into SQL WHERE clauses without parameterization. This issue h...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34717/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34840 - High (8.1)
OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, OneUptime's SAML SSO implementation (App/FeatureSet/Identity/Utils/SSO.ts) has decoupled signature verification and identity extraction. isSignatureValid(...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34840/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##