## Updated at UTC 2026-03-29T15:25:53.861673

Access data as JSON

CVE CVSS EPSS Posts Repos Nuclei Updated Description
CVE-2026-5045 8.8 0.00% 2 0 2026-03-29T14:16:32.547000 A vulnerability was detected in Tenda FH1201 1.2.0.14(408). This impacts the fun
CVE-2026-33573 8.8 0.00% 4 0 2026-03-29T13:17:02.980000 OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in the
CVE-2026-32987 9.8 0.00% 2 0 2026-03-29T13:17:02.563000 OpenClaw before 2026.3.13 allows bootstrap setup codes to be replayed during dev
CVE-2026-32980 7.5 0.00% 4 0 2026-03-29T13:17:02.353000 OpenClaw before 2026.3.13 reads and buffers Telegram webhook request bodies befo
CVE-2026-32978 8.0 0.00% 2 0 2026-03-29T13:17:01.963000 OpenClaw before 2026.3.11 contains an approval integrity vulnerability where sys
CVE-2026-32975 9.8 0.00% 2 0 2026-03-29T13:17:01.763000 OpenClaw before 2026.3.12 contains a weak authorization vulnerability in Zalouse
CVE-2026-32974 8.6 0.00% 6 0 2026-03-29T13:17:01.570000 OpenClaw before 2026.3.12 contains an authentication bypass vulnerability in Fei
CVE-2026-32973 9.8 0.00% 6 0 2026-03-29T13:17:01.367000 OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability where
CVE-2026-32924 9.8 0.00% 2 0 2026-03-29T13:17:00.963000 OpenClaw before 2026.3.12 contains an authorization bypass vulnerability where F
CVE-2026-32922 9.9 0.00% 4 0 2026-03-29T13:17:00.573000 OpenClaw before 2026.3.11 contains a privilege escalation vulnerability in devic
CVE-2026-32918 8.4 0.00% 2 0 2026-03-29T13:17:00.173000 OpenClaw before 2026.3.11 contains a session sandbox escape vulnerability in the
CVE-2026-32915 8.8 0.00% 2 0 2026-03-29T13:16:59.973000 OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability allow
CVE-2026-32914 8.8 0.00% 2 0 2026-03-29T13:16:59.767000 OpenClaw before 2026.3.12 contains an insufficient access control vulnerability
CVE-2026-5041 4.7 0.23% 2 0 2026-03-29T12:31:30 A vulnerability was identified in code-projects Chamber of Commerce Membership M
CVE-2026-5043 8.8 0.04% 2 0 2026-03-29T12:31:25 A weakness has been identified in Belkin F9K1122 1.00.33. The impacted element i
CVE-2026-5042 8.8 0.04% 2 0 2026-03-29T12:31:25 A security flaw has been discovered in Belkin F9K1122 1.00.33. The affected elem
CVE-2026-5035 7.3 0.03% 2 0 2026-03-29T09:30:17 A vulnerability has been found in code-projects Accounting System 1.0. This affe
CVE-2026-5036 8.8 0.05% 4 0 2026-03-29T08:15:56.063000 A vulnerability was found in Tenda 4G06 04.06.01.29. This vulnerability affects
CVE-2026-5033 7.3 0.03% 2 0 2026-03-29T06:31:22 A vulnerability was detected in code-projects Accounting System 1.0. Affected by
CVE-2026-5024 8.8 0.04% 4 0 2026-03-29T06:31:20 A vulnerability was found in D-Link DIR-513 1.10. This issue affects the functio
CVE-2026-5021 8.8 0.05% 4 0 2026-03-29T02:16:17.377000 A flaw has been found in Tenda F453 1.0.0.3. This affects the function fromPPTPU
CVE-2026-4851 0 0.09% 4 0 2026-03-29T01:15:56.967000 GRID::Machine versions through 0.127 for Perl allows arbitrary code execution vi
CVE-2026-5019 7.3 0.03% 2 0 2026-03-29T00:31:05 A security vulnerability has been detected in code-projects Simple Food Order Sy
CVE-2026-5004 8.8 0.04% 4 0 2026-03-28T18:30:20 A vulnerability was determined in Wavlink WL-WN579X3-C 231124. This impacts the
CVE-2017-20227 9.8 0.07% 1 0 2026-03-28T12:30:36 JAD Java Decompiler 1.5.8e-1kali1 and prior contains a stack-based buffer overfl
CVE-2026-30458 9.1 0.03% 2 0 2026-03-28T03:32:30 An issue in Daylight Studio FuelCMS v1.5.2 allows attackers to exfiltrate users'
CVE-2026-30457 9.8 0.07% 2 0 2026-03-28T03:16:00.830000 An issue in the /parser/dwoo component of Daylight Studio FuelCMS v1.5.2 allows
CVE-2026-4987 7.5 0.07% 6 0 2026-03-28T02:16:14.793000 The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin fo
CVE-2026-4976 8.8 0.08% 1 0 2026-03-27T23:17:18.700000 A vulnerability was found in Totolink LR350 9.3.5u.6369_B20220309. This vulnerab
CVE-2026-4961 8.8 0.05% 1 0 2026-03-27T23:17:16.953000 A vulnerability was identified in Tenda AC6 15.03.05.16. Affected by this vulner
CVE-2026-4248 8.0 0.03% 4 0 2026-03-27T23:17:14.753000 The Ultimate Member plugin for WordPress is vulnerable to Sensitive Information
CVE-2026-33989 8.1 0.04% 4 0 2026-03-27T22:16:22.950000 Mobile Next is an MCP server for mobile development and automation. Prior to ver
CVE-2026-33980 8.3 0.05% 2 0 2026-03-27T22:16:22.607000 Azure Data Explorer MCP Server is a Model Context Protocol (MCP) server that ena
CVE-2026-33976 9.6 0.14% 7 0 2026-03-27T22:16:22.250000 Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop and 3.3.1
CVE-2026-27309 7.8 0.03% 2 0 2026-03-27T22:16:20.497000 Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free
CVE-2026-33661 8.6 0.13% 1 0 2026-03-27T22:10:54 ## Summary The `verify_wechat_sign()` function in `src/Functions.php` unconditi
CVE-2026-33634 None 20.84% 2 1 2026-03-27T22:07:00 ## Summary On March 19, 2026, a threat actor used compromised credentials to pu
CVE-2026-33938 8.1 0.07% 1 0 2026-03-27T21:52:26 ## Summary The `@partial-block` special variable is stored in the template data
CVE-2026-33937 9.8 0.25% 4 1 2026-03-27T21:52:19 ## Summary `Handlebars.compile()` accepts a pre-parsed AST object in addition t
CVE-2026-33895 7.5 0.03% 2 0 2026-03-27T21:51:07 ## Summary Ed25519 signature verification accepts forged non-canonical signature
CVE-2026-33894 7.5 0.03% 2 0 2026-03-27T21:50:56 ## Summary RSASSA PKCS#1 v1.5 signature verification accepts forged signatures f
CVE-2026-32241 7.5 0.13% 2 0 2026-03-27T21:48:13 ### Background The Flannel project includes an experimental Extension backend th
CVE-2026-33744 7.8 0.02% 2 0 2026-03-27T21:37:34 ## Summary The `docker.system_packages` field in `bentofile.yaml` accepts arbit
CVE-2026-33701 None 0.50% 1 0 2026-03-27T21:37:05 In versions prior to 2.26.1, the RMI instrumentation registered a custom endpoin
CVE-2026-33671 7.5 0.04% 1 0 2026-03-27T21:36:14 ### Impact `picomatch` is vulnerable to Regular Expression Denial of Service (Re
CVE-2026-33686 8.8 0.06% 1 0 2026-03-27T21:36:05 ### Summary A path traversal vulnerability exists in the FileUtil class of the c
CVE-2026-33687 8.8 0.04% 1 0 2026-03-27T21:35:59 ### Summary The `code16/sharp` Laravel admin panel package contains a vulnerabi
CVE-2026-22743 7.5 0.04% 2 0 2026-03-27T21:32:40 Spring AI's spring-ai-neo4j-store contains a Cypher injection vulnerability in N
CVE-2026-30303 9.8 0.35% 3 0 2026-03-27T21:32:40 The command auto-approval module in Axon Code contains an OS Command Injection v
CVE-2026-30463 7.7 0.03% 2 0 2026-03-27T21:32:39 Daylight Studio FuelCMS v1.5.2 was discovered to contain a SQL injection vulnera
CVE-2026-30689 7.5 0.03% 2 0 2026-03-27T21:32:39 A blog.admin v.8.0 and before system's getinfobytoken API interface contains an
CVE-2026-30304 9.7 0.06% 2 0 2026-03-27T21:32:39 In its design for automatic terminal command execution, AI Code offers two optio
CVE-2026-30302 10.0 0.41% 2 0 2026-03-27T21:32:39 The command auto-approval module in CodeRider-Kilo contains an OS Command Inject
CVE-2026-4975 8.8 0.05% 1 0 2026-03-27T21:31:44 A vulnerability has been found in Tenda AC15 15.03.05.19. This affects the funct
CVE-2026-4974 8.8 0.05% 1 0 2026-03-27T21:31:44 A flaw has been found in Tenda AC7 15.03.06.44. Affected by this issue is the fu
CVE-2026-25075 7.5 0.15% 1 1 2026-03-27T21:31:33 strongSwan versions 4.5.0 prior to 6.0.5 contain an integer underflow vulnerabil
CVE-2026-33757 9.6 0.06% 2 0 2026-03-27T21:31:24 ### Impact OpenBao does not prompt for user confirmation when logging in via JW
CVE-2026-33891 7.5 0.04% 1 0 2026-03-27T21:17:25.817000 Forge (also called `node-forge`) is a native implementation of Transport Layer S
CVE-2026-33875 9.3 0.05% 4 0 2026-03-27T21:17:24.377000 Gematik Authenticator securely authenticates users for login to digital health a
CVE-2026-33874 7.8 0.07% 1 0 2026-03-27T21:17:24.213000 Gematik Authenticator securely authenticates users for login to digital health a
CVE-2026-33873 0 0.08% 2 0 2026-03-27T21:17:23.953000 Langflow is a tool for building and deploying AI-powered agents and workflows. P
CVE-2026-30637 7.5 0.08% 2 0 2026-03-27T21:17:22.420000 Server-Side Request Forgery (SSRF) vulnerability exists in the AnnounContent of
CVE-2026-29871 7.5 0.04% 2 0 2026-03-27T21:17:21.343000 A path traversal vulnerability exists in the awesome-llm-apps project in commit
CVE-2026-33494 10.0 0.04% 1 0 2026-03-27T20:59:22 ## Description Ory Oathkeeper is vulnerable to an authorization bypass via HTTP
CVE-2026-33496 8.1 0.14% 1 0 2026-03-27T20:59:11 ## Description Ory Oathkeeper is vulnerable to authentication bypass due to cac
CVE-2026-33413 None 0.05% 1 0 2026-03-27T20:48:47 ### Impact _What kind of vulnerability is it? Who is impacted?_ Multiple vulner
CVE-2025-53521 9.8 19.16% 9 0 2026-03-27T20:43:45.780000 When a BIG-IP APM access policy is configured on a virtual server, specific mali
CVE-2026-33870 7.5 0.03% 2 0 2026-03-27T20:16:34.663000 Netty is an asynchronous, event-driven network application framework. In version
CVE-2026-31945 7.7 0.03% 1 0 2026-03-27T20:16:30.060000 LibreChat is a ChatGPT clone with additional features. Versions 0.8.2-rc2 throug
CVE-2026-33696 8.8 0.24% 1 0 2026-03-27T19:40:55.160000 n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.
CVE-2026-34375 8.2 0.03% 2 0 2026-03-27T19:16:43.107000 WWBN AVideo is an open source video platform. In versions up to and including 26
CVE-2026-33942 None 0.33% 1 0 2026-03-27T18:33:44 ### Impact Users of the OAuth2 utilities in Saloon, specifically the `AccessToke
CVE-2026-1961 8.0 0.12% 1 0 2026-03-27T18:32:29 A flaw was found in Foreman. A remote attacker could exploit a command injection
CVE-2026-28367 8.7 0.04% 2 0 2026-03-27T18:31:34 A flaw was found in Undertow. A remote attacker can exploit this vulnerability b
CVE-2026-28369 8.7 0.13% 1 0 2026-03-27T18:31:34 A flaw was found in Undertow. When Undertow receives an HTTP request where the f
CVE-2026-4960 8.8 0.05% 1 0 2026-03-27T18:31:34 A vulnerability was determined in Tenda AC6 15.03.05.16. Affected is the functio
CVE-2025-15381 8.1 0.01% 2 0 2026-03-27T18:31:27 In the latest version of mlflow/mlflow, when the `basic-auth` app is enabled, tr
CVE-2026-33941 8.3 0.02% 2 0 2026-03-27T18:22:12 ## Summary The Handlebars CLI precompiler (`bin/handlebars` / `lib/precompiler.
CVE-2026-33940 8.1 0.04% 2 0 2026-03-27T18:21:45 ## Summary A crafted object placed in the template context can bypass all condi
CVE-2026-33939 7.5 0.04% 2 0 2026-03-27T18:21:16 ## Summary When a Handlebars template contains decorator syntax referencing an
CVE-2026-33979 8.2 0.01% 4 0 2026-03-27T17:56:47 ## Description A vulnerability has been identified in express-xss-sanitizer (<=
CVE-2026-33897 10.0 0.05% 2 0 2026-03-27T17:17:04 ### Summary Instance template files can be used to cause arbitrary read or write
CVE-2026-32857 8.6 0.03% 2 0 2026-03-27T17:16:29.177000 Firecrawl version 2.8.0 and prior contain a server-side request forgery (SSRF) p
CVE-2026-28368 8.7 0.10% 2 0 2026-03-27T17:16:27.993000 A flaw was found in Undertow. This vulnerability allows a remote attacker to con
CVE-2026-27876 9.1 0.08% 4 0 2026-03-27T17:16:27.600000 A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to
CVE-2026-28377 7.5 0.01% 1 0 2026-03-27T15:31:28 A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintex
CVE-2026-5026 None 0.07% 1 0 2026-03-27T15:30:32 The '/api/v1/files/images/{flow_id}/{file_name}' endpoint serves SVG files with
CVE-2026-27893 8.8 0.03% 2 0 2026-03-27T15:27:20 ### Summary Two model implementation files hardcode `trust_remote_code=True`
CVE-2026-5027 8.8 0.05% 3 0 2026-03-27T15:17:04.743000 The 'POST /api/v2/files' endpoint does not sanitize the 'filename' parameter fro
CVE-2026-4984 8.2 0.03% 3 0 2026-03-27T15:17:03.953000 The Twilio integration webhook handler accepts any POST request without validati
CVE-2026-33755 8.8 0.03% 2 0 2026-03-27T15:16:57.527000 Group-Office is an enterprise customer relationship management and groupware too
CVE-2026-27880 7.5 0.01% 4 0 2026-03-27T15:16:51.323000 The OpenFeature feature toggle evaluation endpoint reads unbounded values into m
CVE-2026-27858 7.5 0.05% 3 0 2026-03-27T09:31:30 Attacker can send a specifically crafted message before authentication that caus
CVE-2026-24031 7.7 0.05% 2 0 2026-03-27T09:31:19 Dovecot SQL based authentication can be bypassed when auth_username_chars is cle
CVE-2025-59032 7.5 0.06% 2 0 2026-03-27T09:31:18 ManageSieve AUTHENTICATE command crashes when using literal as SASL initial resp
CVE-2026-22738 9.8 0.07% 3 0 2026-03-27T06:31:54 In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a
CVE-2026-27650 8.8 0.12% 2 0 2026-03-27T06:31:54 OS Command Injection vulnerability exists in BUFFALO Wi-Fi router products. If t
CVE-2026-22744 7.5 0.03% 2 0 2026-03-27T06:31:44 In RedisFilterExpressionConverter of spring-ai-redis-store, when a user-controll
CVE-2026-32678 7.5 0.07% 2 0 2026-03-27T06:16:38.650000 Authentication bypass issue exists in BUFFALO Wi-Fi router products, which may a
CVE-2026-32669 8.8 0.04% 2 0 2026-03-27T06:16:38.450000 Code injection vulnerability exists in BUFFALO Wi-Fi router products. If this vu
CVE-2026-22742 8.6 0.03% 2 0 2026-03-27T06:16:37.833000 Spring AI's spring-ai-bedrock-converse contains a Server-Side Request Forgery (S
CVE-2026-4906 8.8 0.05% 2 0 2026-03-27T03:31:43 A vulnerability was determined in Tenda AC5 15.03.06.47. The affected element is
CVE-2026-33747 8.4 0.01% 2 0 2026-03-27T01:16:21.330000 BuildKit is a toolkit for converting source code to build artifacts in an effici
CVE-2026-33728 0 0.57% 1 0 2026-03-27T01:16:20.203000 dd-trace-java is a Datadog APM client for Java. In versions of dd-trace-java 0.4
CVE-2026-33718 7.6 0.23% 2 0 2026-03-27T01:16:19.483000 OpenHands is software for AI-driven development. Starting in version 1.5.0, a Co
CVE-2026-4904 8.8 0.05% 2 0 2026-03-27T00:31:32 A vulnerability has been found in Tenda AC5 15.03.06.47. This issue affects the
CVE-2026-34352 8.4 0.01% 1 0 2026-03-27T00:31:32 In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observ
CVE-2026-4902 8.8 0.05% 1 0 2026-03-27T00:31:32 A vulnerability was detected in Tenda AC5 15.03.06.47. This affects the function
CVE-2026-4905 8.8 0.05% 2 0 2026-03-27T00:16:24.393000 A vulnerability was found in Tenda AC5 15.03.06.47. Impacted is the function for
CVE-2026-33945 9.9 0.06% 3 0 2026-03-27T00:16:23.633000 Incus is a system container and virtual machine manager. Incus instances have an
CVE-2026-33898 8.8 0.06% 2 0 2026-03-27T00:16:23.333000 Incus is a system container and virtual machine manager. Prior to version 6.23.0
CVE-2026-4903 8.8 0.05% 1 0 2026-03-26T23:16:21.307000 A flaw has been found in Tenda AC5 15.03.06.47. This vulnerability affects the f
CVE-2026-33943 8.8 0.07% 2 0 2026-03-26T22:22:21 ### Summary A code injection vulnerability in `ECMAScriptModuleCompiler` allows
CVE-2026-3650 7.5 0.05% 1 0 2026-03-26T22:16:31.370000 A memory leak exists in the Grassroots DICOM library (GDCM). The bug occurs when
CVE-2026-33673 7.6 0.04% 2 0 2026-03-26T22:16:30.553000 PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5
CVE-2026-33670 9.8 0.06% 2 0 2026-03-26T22:16:30.050000 SiYuan is a personal knowledge management system. Prior to version 3.6.2, the /a
CVE-2026-33669 9.8 0.04% 2 0 2026-03-26T22:16:29.887000 SiYuan is a personal knowledge management system. Prior to version 3.6.2, docume
CVE-2025-12805 8.1 0.03% 1 0 2026-03-26T22:16:25.920000 A flaw was found in Red Hat OpenShift AI (RHOAI) llama-stack-operator. This vuln
CVE-2025-55262 8.3 0.03% 1 0 2026-03-26T21:32:35 HCL Aftermarket DPC is affected by SQL Injection which allows attacker to exploi
CVE-2025-41368 8.1 0.02% 1 0 2026-03-26T21:07:45.300000 Problem in the Small HTTP Server v3.06.36 service. An authenticated path travers
CVE-2025-41359 7.8 0.02% 1 0 2026-03-26T21:04:16.050000 Vulnerability related to an unquoted service path in Small HTTP Server 3.06.36,
CVE-2026-33396 9.9 0.76% 1 0 2026-03-26T20:40:52.840000 OneUptime is an open-source monitoring and observability platform. Prior to vers
CVE-2025-55261 8.1 0.04% 1 0 2026-03-26T20:01:57.193000 HCL Aftermarket DPC is affected by Missing Functional Level Access Control which
CVE-2026-32522 8.6 0.05% 1 0 2026-03-26T19:17:01.930000 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') v
CVE-2026-3108 8.1 0.04% 1 0 2026-03-26T18:31:49 Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, 11.
CVE-2026-33487 7.5 0.02% 1 0 2026-03-26T18:16:30.070000 goxmlsig provides XML Digital Signatures implemented in Go. Prior to version 1.6
CVE-2026-4867 7.5 0.04% 1 0 2026-03-26T17:16:42.983000 Impact: A bad regular expression is generated any time you have three or more p
CVE-2026-33468 8.1 0.05% 1 0 2026-03-26T17:16:41.007000 Kysely is a type-safe TypeScript SQL query builder. Prior to version 0.28.14, Ky
CVE-2026-33442 8.1 0.05% 1 0 2026-03-26T17:16:40.850000 Kysely is a type-safe TypeScript SQL query builder. In versions 0.28.12 and 0.28
CVE-2026-33009 8.2 0.04% 1 0 2026-03-26T17:16:37.813000 EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a dat
CVE-2025-15101 8.8 0.02% 1 0 2026-03-26T16:43:20.300000 A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Web
CVE-2026-33017 9.8 5.65% 3 5 2026-03-26T15:41:23 ## Summary The `POST /api/v1/build_public_tmp/{flow_id}/flow` endpoint allows b
CVE-2026-32530 8.8 0.04% 1 0 2026-03-26T15:31:39 Incorrect Privilege Assignment vulnerability in WPFunnels Creator LMS creatorlms
CVE-2026-4247 7.5 0.02% 1 0 2026-03-26T15:31:39 When a challenge ACK is to be sent tcp_respond() constructs and sends the challe
CVE-2026-4652 7.5 0.05% 1 0 2026-03-26T15:31:38 On a system exposing an NVMe/TCP target, a remote client can trigger a kernel pa
CVE-2026-2511 7.5 0.07% 1 0 2026-03-26T15:30:47 The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is
CVE-2026-27664 7.5 0.04% 1 0 2026-03-26T15:16:34.340000 A vulnerability has been identified in CPCI85 Central Processing/Communication (
CVE-2026-26008 7.5 0.04% 1 0 2026-03-26T15:16:32.510000 EVerest is an EV charging software stack. Versions prior to 2026.02.0 have an ou
CVE-2026-24068 8.8 0.04% 1 0 2026-03-26T15:16:32.303000 The VSL privileged helper does utilize NSXPC for IPC. The implementation of the
CVE-2026-23995 8.4 0.01% 2 0 2026-03-26T15:16:32.137000 EVerest is an EV charging software stack. Prior to version 2026.02.0, stack-base
CVE-2026-33660 0 0.11% 1 0 2026-03-26T15:13:15.790000 n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.
CVE-2026-4747 8.8 0.15% 1 0 2026-03-26T15:13:15.790000 Each RPCSEC_GSS data packet is validated by a routine which checks a signature i
CVE-2026-32523 9.9 0.04% 1 0 2026-03-26T14:16:11.417000 Unrestricted Upload of File with Dangerous Type vulnerability in denishua WPJAM
CVE-2026-4809 9.8 0.39% 1 0 2026-03-26T12:30:35 plank/laravel-mediable through version 6.4.0 can allow upload of a dangerous fil
CVE-2026-4862 8.8 0.04% 1 0 2026-03-26T10:16:26.850000 A security vulnerability has been detected in UTT HiPER 1250GW up to 3.2.7-21090
CVE-2026-4861 8.8 0.04% 1 0 2026-03-26T09:30:34 A weakness has been identified in Wavlink WL-NU516U1 260227. This vulnerability
CVE-2026-33167 None 0.02% 1 0 2026-03-25T20:46:52 ### Impact The debug exceptions page does not properly escape exception messages
CVE-2025-33244 9.0 0.03% 1 0 2026-03-25T15:41:58.280000 NVIDIA APEX for Linux contains a vulnerability where an unauthorized attacker co
CVE-2026-3055 0 0.03% 8 2 2026-03-24T15:54:09.400000 Insufficient input validation in NetScaler ADC and NetScaler Gateway when config
CVE-2026-3587 10.0 0.12% 1 1 2026-03-24T08:16:01.910000 An unauthenticated remote attacker can exploit a hidden function in the CLI prom
CVE-2026-4681 None 0.50% 1 0 2026-03-24T00:30:28 A critical remote code execution (RCE) vulnerability has been reported in PTC Wi
CVE-2026-3584 9.8 0.29% 1 1 2026-03-21T00:32:48 The Kali Forms plugin for WordPress is vulnerable to Remote Code Execution in al
CVE-2006-10003 9.8 0.07% 1 0 2026-03-19T18:41:18.180000 XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflo
CVE-2026-1678 9.4 0.05% 1 0 2026-03-09T18:33:42.917000 dns_unpack_name() caches the buffer tailroom once and reuses it while appending
CVE-2026-20079 10.0 0.05% 1 2 2026-03-04T18:32:03 A vulnerability in the web interface of Cisco Secure Firewall Management Center
CVE-2026-21962 10.0 0.02% 1 8 2026-02-03T00:16:10.653000 Vulnerability in the Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in pr
CVE-2025-12548 9.0 44.19% 1 0 2026-01-14T16:26:00.933000 A flaw was found in Eclipse Che che-machine-exec. This vulnerability allows unau
CVE-2024-54492 9.8 0.27% 2 0 2025-11-04T00:32:14 This issue was addressed by using HTTPS when sending information over the networ
CVE-2025-33073 8.8 41.04% 1 7 2025-10-22T00:34:22 Improper access control in Windows SMB allows an authorized attacker to elevate
CVE-2023-2868 9.4 90.02% 1 4 2025-10-22T00:33:51 A remote command injection vulnerability exists in the Barracuda Email Security
CVE-2020-14882 9.8 94.45% 1 41 template 2025-10-22T00:31:59 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware
CVE-2017-10271 7.5 94.44% 1 31 template 2025-10-22T00:31:29 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar
CVE-2025-5063 8.8 0.46% 1 0 2025-05-28T15:35:30 Use after free in Compositing in Google Chrome prior to 137.0.7151.55 allowed a
CVE-2020-8561 4.1 0.18% 1 0 2023-02-01T05:06:20 A security issue was discovered in Kubernetes where actors that control the resp
CVE-2026-5044 0 0.00% 4 0 N/A
CVE-2026-33575 0 0.00% 4 0 N/A
CVE-2026-33572 0 0.00% 2 0 N/A
CVE-2026-33697 0 0.00% 2 0 N/A
CVE-2026-33991 0 0.05% 4 0 N/A
CVE-2026-1679 0 0.03% 2 0 N/A
CVE-2026-34374 0 0.03% 3 0 N/A
CVE-2026-34205 0 0.02% 3 0 N/A
CVE-2026-33953 0 0.03% 2 0 N/A
CVE-2026-33955 0 0.06% 2 0 N/A
CVE-2026-34226 0 0.03% 2 0 N/A
CVE-2026-31943 0 0.03% 1 0 N/A
CVE-2026-32748 0 0.98% 1 0 N/A
CVE-2026-22790 0 0.05% 1 0 N/A
CVE-2026-22593 0 0.01% 1 0 N/A
CVE-2026-33416 0 0.05% 1 0 N/A
CVE-2026-33636 0 0.03% 1 0 N/A

CVE-2026-5045
(8.8 HIGH)

EPSS: 0.00%

updated 2026-03-29T14:16:32.547000

2 posts

A vulnerability was detected in Tenda FH1201 1.2.0.14(408). This impacts the function WrlclientSet of the file /goform/WrlclientSet of the component Parameter Handler. Performing a manipulation of the argument GO results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used.

thehackerwire@mastodon.social at 2026-03-29T14:19:55.000Z ##

🟠 CVE-2026-5045 - High (8.8)

A vulnerability was detected in Tenda FH1201 1.2.0.14(408). This impacts the function WrlclientSet of the file /goform/WrlclientSet of the component Parameter Handler. Performing a manipulation of the argument GO results in stack-based buffer over...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-29T14:19:55.000Z ##

🟠 CVE-2026-5045 - High (8.8)

A vulnerability was detected in Tenda FH1201 1.2.0.14(408). This impacts the function WrlclientSet of the file /goform/WrlclientSet of the component Parameter Handler. Performing a manipulation of the argument GO results in stack-based buffer over...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33573
(8.8 HIGH)

EPSS: 0.00%

updated 2026-03-29T13:17:02.980000

4 posts

OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in the gateway agent RPC that allows authenticated operators with operator.write permission to override workspace boundaries by supplying attacker-controlled spawnedBy and workspaceDir values. Remote operators can escape the configured workspace boundary and execute arbitrary file and exec operations from any process-accessib

thehackerwire@mastodon.social at 2026-03-29T13:32:55.000Z ##

🟠 CVE-2026-33573 - High (8.8)

OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in the gateway agent RPC that allows authenticated operators with operator.write permission to override workspace boundaries by supplying attacker-controlled spawnedBy and wo...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-29T13:19:58.000Z ##

🟠 CVE-2026-33573 - High (8.8)

OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in the gateway agent RPC that allows authenticated operators with operator.write permission to override workspace boundaries by supplying attacker-controlled spawnedBy and wo...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-29T13:32:55.000Z ##

🟠 CVE-2026-33573 - High (8.8)

OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in the gateway agent RPC that allows authenticated operators with operator.write permission to override workspace boundaries by supplying attacker-controlled spawnedBy and wo...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-29T13:19:58.000Z ##

🟠 CVE-2026-33573 - High (8.8)

OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in the gateway agent RPC that allows authenticated operators with operator.write permission to override workspace boundaries by supplying attacker-controlled spawnedBy and wo...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32987
(9.8 CRITICAL)

EPSS: 0.00%

updated 2026-03-29T13:17:02.563000

2 posts

OpenClaw before 2026.3.13 allows bootstrap setup codes to be replayed during device pairing verification in src/infra/device-bootstrap.ts. Attackers can verify a valid bootstrap code multiple times before approval to escalate pending pairing scopes, including privilege escalation to operator.admin.

thehackerwire@mastodon.social at 2026-03-29T13:19:39.000Z ##

🔴 CVE-2026-32987 - Critical (9.8)

OpenClaw before 2026.3.13 allows bootstrap setup codes to be replayed during device pairing verification in src/infra/device-bootstrap.ts. Attackers can verify a valid bootstrap code multiple times before approval to escalate pending pairing scope...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-29T13:19:39.000Z ##

🔴 CVE-2026-32987 - Critical (9.8)

OpenClaw before 2026.3.13 allows bootstrap setup codes to be replayed during device pairing verification in src/infra/device-bootstrap.ts. Attackers can verify a valid bootstrap code multiple times before approval to escalate pending pairing scope...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32980
(7.5 HIGH)

EPSS: 0.00%

updated 2026-03-29T13:17:02.353000

4 posts

OpenClaw before 2026.3.13 reads and buffers Telegram webhook request bodies before validating the x-telegram-bot-api-secret-token header, allowing unauthenticated attackers to exhaust server resources. Attackers can send POST requests to the webhook endpoint to force memory consumption, socket time, and JSON parsing work before authentication validation occurs.

thehackerwire@mastodon.social at 2026-03-29T13:20:33.000Z ##

🟠 CVE-2026-32980 - High (7.5)

OpenClaw before 2026.3.13 reads and buffers Telegram webhook request bodies before validating the x-telegram-bot-api-secret-token header, allowing unauthenticated attackers to exhaust server resources. Attackers can send POST requests to the webho...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-29T13:19:33.000Z ##

🟠 CVE-2026-32980 - High (7.5)

OpenClaw before 2026.3.13 reads and buffers Telegram webhook request bodies before validating the x-telegram-bot-api-secret-token header, allowing unauthenticated attackers to exhaust server resources. Attackers can send POST requests to the webho...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-29T13:20:33.000Z ##

🟠 CVE-2026-32980 - High (7.5)

OpenClaw before 2026.3.13 reads and buffers Telegram webhook request bodies before validating the x-telegram-bot-api-secret-token header, allowing unauthenticated attackers to exhaust server resources. Attackers can send POST requests to the webho...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-29T13:19:33.000Z ##

🟠 CVE-2026-32980 - High (7.5)

OpenClaw before 2026.3.13 reads and buffers Telegram webhook request bodies before validating the x-telegram-bot-api-secret-token header, allowing unauthenticated attackers to exhaust server resources. Attackers can send POST requests to the webho...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32978
(8.0 HIGH)

EPSS: 0.00%

updated 2026-03-29T13:17:01.963000

2 posts

OpenClaw before 2026.3.11 contains an approval integrity vulnerability where system.run approvals fail to bind mutable file operands for certain script runners like tsx and jiti. Attackers can obtain approval for benign script commands, rewrite referenced scripts on disk, and execute modified code under the approved run context.

thehackerwire@mastodon.social at 2026-03-29T13:33:25.000Z ##

🟠 CVE-2026-32978 - High (8)

OpenClaw before 2026.3.11 contains an approval integrity vulnerability where system.run approvals fail to bind mutable file operands for certain script runners like tsx and jiti. Attackers can obtain approval for benign script commands, rewrite re...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-29T13:33:25.000Z ##

🟠 CVE-2026-32978 - High (8)

OpenClaw before 2026.3.11 contains an approval integrity vulnerability where system.run approvals fail to bind mutable file operands for certain script runners like tsx and jiti. Attackers can obtain approval for benign script commands, rewrite re...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32975
(9.8 CRITICAL)

EPSS: 0.00%

updated 2026-03-29T13:17:01.763000

2 posts

OpenClaw before 2026.3.12 contains a weak authorization vulnerability in Zalouser allowlist mode that matches mutable group display names instead of stable group identifiers. Attackers can create groups with identical names to allowlisted groups to bypass channel authorization and route messages from unintended groups to the agent.

thehackerwire@mastodon.social at 2026-03-29T13:33:15.000Z ##

🔴 CVE-2026-32975 - Critical (9.8)

OpenClaw before 2026.3.12 contains a weak authorization vulnerability in Zalouser allowlist mode that matches mutable group display names instead of stable group identifiers. Attackers can create groups with identical names to allowlisted groups t...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-29T13:33:15.000Z ##

🔴 CVE-2026-32975 - Critical (9.8)

OpenClaw before 2026.3.12 contains a weak authorization vulnerability in Zalouser allowlist mode that matches mutable group display names instead of stable group identifiers. Attackers can create groups with identical names to allowlisted groups t...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32974
(8.6 HIGH)

EPSS: 0.00%

updated 2026-03-29T13:17:01.570000

6 posts

OpenClaw before 2026.3.12 contains an authentication bypass vulnerability in Feishu webhook mode when only verificationToken is configured without encryptKey, allowing acceptance of forged events. Unauthenticated network attackers can inject forged Feishu events and trigger downstream tool execution by reaching the webhook endpoint.

thehackerwire@mastodon.social at 2026-03-29T13:36:49.000Z ##

🟠 CVE-2026-32974 - High (8.6)

OpenClaw before 2026.3.12 contains an authentication bypass vulnerability in Feishu webhook mode when only verificationToken is configured without encryptKey, allowing acceptance of forged events. Unauthenticated network attackers can inject forge...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-29T13:35:24.000Z ##

🟠 CVE-2026-32974 - High (8.6)

OpenClaw before 2026.3.12 contains an authentication bypass vulnerability in Feishu webhook mode when only verificationToken is configured without encryptKey, allowing acceptance of forged events. Unauthenticated network attackers can inject forge...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-29T13:33:14.000Z ##

🟠 CVE-2026-32974 - High (8.6)

OpenClaw before 2026.3.12 contains an authentication bypass vulnerability in Feishu webhook mode when only verificationToken is configured without encryptKey, allowing acceptance of forged events. Unauthenticated network attackers can inject forge...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-29T13:36:49.000Z ##

🟠 CVE-2026-32974 - High (8.6)

OpenClaw before 2026.3.12 contains an authentication bypass vulnerability in Feishu webhook mode when only verificationToken is configured without encryptKey, allowing acceptance of forged events. Unauthenticated network attackers can inject forge...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-29T13:35:24.000Z ##

🟠 CVE-2026-32974 - High (8.6)

OpenClaw before 2026.3.12 contains an authentication bypass vulnerability in Feishu webhook mode when only verificationToken is configured without encryptKey, allowing acceptance of forged events. Unauthenticated network attackers can inject forge...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-29T13:33:14.000Z ##

🟠 CVE-2026-32974 - High (8.6)

OpenClaw before 2026.3.12 contains an authentication bypass vulnerability in Feishu webhook mode when only verificationToken is configured without encryptKey, allowing acceptance of forged events. Unauthenticated network attackers can inject forge...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32973
(9.8 CRITICAL)

EPSS: 0.00%

updated 2026-03-29T13:17:01.367000

6 posts

OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability where matchesExecAllowlistPattern improperly normalizes patterns with lowercasing and glob matching that overmatches on POSIX paths. Attackers can exploit the ? wildcard matching across path segments to execute commands or paths not intended by operators.

thehackerwire@mastodon.social at 2026-03-29T13:36:39.000Z ##

🔴 CVE-2026-32973 - Critical (9.8)

OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability where matchesExecAllowlistPattern improperly normalizes patterns with lowercasing and glob matching that overmatches on POSIX paths. Attackers can exploit the ? wildcard mat...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-29T13:35:15.000Z ##

🔴 CVE-2026-32973 - Critical (9.8)

OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability where matchesExecAllowlistPattern improperly normalizes patterns with lowercasing and glob matching that overmatches on POSIX paths. Attackers can exploit the ? wildcard mat...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-29T13:33:04.000Z ##

🔴 CVE-2026-32973 - Critical (9.8)

OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability where matchesExecAllowlistPattern improperly normalizes patterns with lowercasing and glob matching that overmatches on POSIX paths. Attackers can exploit the ? wildcard mat...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-29T13:36:39.000Z ##

🔴 CVE-2026-32973 - Critical (9.8)

OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability where matchesExecAllowlistPattern improperly normalizes patterns with lowercasing and glob matching that overmatches on POSIX paths. Attackers can exploit the ? wildcard mat...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-29T13:35:15.000Z ##

🔴 CVE-2026-32973 - Critical (9.8)

OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability where matchesExecAllowlistPattern improperly normalizes patterns with lowercasing and glob matching that overmatches on POSIX paths. Attackers can exploit the ? wildcard mat...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-29T13:33:04.000Z ##

🔴 CVE-2026-32973 - Critical (9.8)

OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability where matchesExecAllowlistPattern improperly normalizes patterns with lowercasing and glob matching that overmatches on POSIX paths. Attackers can exploit the ? wildcard mat...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32924
(9.8 CRITICAL)

EPSS: 0.00%

updated 2026-03-29T13:17:00.963000

2 posts

OpenClaw before 2026.3.12 contains an authorization bypass vulnerability where Feishu reaction events with omitted chat_type are misclassified as p2p conversations instead of group chats. Attackers can exploit this misclassification to bypass groupAllowFrom and requireMention protections in group chat reaction-derived events.

thehackerwire@mastodon.social at 2026-03-29T13:35:40.000Z ##

🔴 CVE-2026-32924 - Critical (9.8)

OpenClaw before 2026.3.12 contains an authorization bypass vulnerability where Feishu reaction events with omitted chat_type are misclassified as p2p conversations instead of group chats. Attackers can exploit this misclassification to bypass grou...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-29T13:35:40.000Z ##

🔴 CVE-2026-32924 - Critical (9.8)

OpenClaw before 2026.3.12 contains an authorization bypass vulnerability where Feishu reaction events with omitted chat_type are misclassified as p2p conversations instead of group chats. Attackers can exploit this misclassification to bypass grou...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32922
(9.9 CRITICAL)

EPSS: 0.00%

updated 2026-03-29T13:17:00.573000

4 posts

OpenClaw before 2026.3.11 contains a privilege escalation vulnerability in device.token.rotate that allows callers with operator.pairing scope to mint tokens with broader scopes by failing to constrain newly minted scopes to the caller's current scope set. Attackers can obtain operator.admin tokens for paired devices and achieve remote code execution on connected nodes via system.run or gain unaut

thehackerwire@mastodon.social at 2026-03-29T13:36:58.000Z ##

🔴 CVE-2026-32922 - Critical (9.9)

OpenClaw before 2026.3.11 contains a privilege escalation vulnerability in device.token.rotate that allows callers with operator.pairing scope to mint tokens with broader scopes by failing to constrain newly minted scopes to the caller's current s...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-29T13:35:33.000Z ##

🔴 CVE-2026-32922 - Critical (9.9)

OpenClaw before 2026.3.11 contains a privilege escalation vulnerability in device.token.rotate that allows callers with operator.pairing scope to mint tokens with broader scopes by failing to constrain newly minted scopes to the caller's current s...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-29T13:36:58.000Z ##

🔴 CVE-2026-32922 - Critical (9.9)

OpenClaw before 2026.3.11 contains a privilege escalation vulnerability in device.token.rotate that allows callers with operator.pairing scope to mint tokens with broader scopes by failing to constrain newly minted scopes to the caller's current s...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-29T13:35:33.000Z ##

🔴 CVE-2026-32922 - Critical (9.9)

OpenClaw before 2026.3.11 contains a privilege escalation vulnerability in device.token.rotate that allows callers with operator.pairing scope to mint tokens with broader scopes by failing to constrain newly minted scopes to the caller's current s...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32918
(8.4 HIGH)

EPSS: 0.00%

updated 2026-03-29T13:17:00.173000

2 posts

OpenClaw before 2026.3.11 contains a session sandbox escape vulnerability in the session_status tool that allows sandboxed subagents to access parent or sibling session state. Attackers can supply arbitrary sessionKey values to read or modify session data outside their sandbox scope, including persisted model overrides.

thehackerwire@mastodon.social at 2026-03-29T13:33:34.000Z ##

🟠 CVE-2026-32918 - High (8.4)

OpenClaw before 2026.3.11 contains a session sandbox escape vulnerability in the session_status tool that allows sandboxed subagents to access parent or sibling session state. Attackers can supply arbitrary sessionKey values to read or modify sess...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-29T13:33:34.000Z ##

🟠 CVE-2026-32918 - High (8.4)

OpenClaw before 2026.3.11 contains a session sandbox escape vulnerability in the session_status tool that allows sandboxed subagents to access parent or sibling session state. Attackers can supply arbitrary sessionKey values to read or modify sess...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32915
(8.8 HIGH)

EPSS: 0.00%

updated 2026-03-29T13:16:59.973000

2 posts

OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability allowing leaf subagents to access the subagents control surface and resolve against parent requester scope instead of their own session tree. A low-privilege sandboxed leaf worker can steer or kill sibling runs and cause execution with broader tool policies by exploiting insufficient authorization checks on subagent control

thehackerwire@mastodon.social at 2026-03-29T13:35:58.000Z ##

🟠 CVE-2026-32915 - High (8.8)

OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability allowing leaf subagents to access the subagents control surface and resolve against parent requester scope instead of their own session tree. A low-privilege sandboxed leaf...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-29T13:35:58.000Z ##

🟠 CVE-2026-32915 - High (8.8)

OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability allowing leaf subagents to access the subagents control surface and resolve against parent requester scope instead of their own session tree. A low-privilege sandboxed leaf...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32914
(8.8 HIGH)

EPSS: 0.00%

updated 2026-03-29T13:16:59.767000

2 posts

OpenClaw before 2026.3.12 contains an insufficient access control vulnerability in the /config and /debug command handlers that allows command-authorized non-owners to access owner-only surfaces. Attackers with command authorization can read or modify privileged configuration settings restricted to owners by exploiting missing owner-level permission checks.

thehackerwire@mastodon.social at 2026-03-29T13:35:49.000Z ##

🟠 CVE-2026-32914 - High (8.8)

OpenClaw before 2026.3.12 contains an insufficient access control vulnerability in the /config and /debug command handlers that allows command-authorized non-owners to access owner-only surfaces. Attackers with command authorization can read or mo...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-29T13:35:49.000Z ##

🟠 CVE-2026-32914 - High (8.8)

OpenClaw before 2026.3.12 contains an insufficient access control vulnerability in the /config and /debug command handlers that allows command-authorized non-owners to access owner-only surfaces. Attackers with command authorization can read or mo...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5041
(4.7 MEDIUM)

EPSS: 0.23%

updated 2026-03-29T12:31:30

2 posts

A vulnerability was identified in code-projects Chamber of Commerce Membership Management System 1.0. Impacted is the function fwrite of the file admin/pageMail.php. The manipulation of the argument mailSubject/mailMessage leads to command injection. The attack may be initiated remotely. The exploit is publicly available and might be used.

offseq at 2026-03-29T10:30:26.173Z ##

⚠️ CVE-2026-5041 (MEDIUM): Command injection in Chamber of Commerce Membership Mgmt System v1.0 via admin/pageMail.php. High privileges needed, public exploit exists. Input validation & patching advised. radar.offseq.com/threat/cve-20

##
offseq@infosec.exchange at 2026-03-29T10:30:26.000Z ##

⚠️ CVE-2026-5041 (MEDIUM): Command injection in Chamber of Commerce Membership Mgmt System v1.0 via admin/pageMail.php. High privileges needed, public exploit exists. Input validation & patching advised. radar.offseq.com/threat/cve-20 #OffSeq #Vuln #CommandInjection #InfoSec

##

CVE-2026-5043
(8.8 HIGH)

EPSS: 0.04%

updated 2026-03-29T12:31:25

2 posts

A weakness has been identified in Belkin F9K1122 1.00.33. The impacted element is the function formSetPassword of the file /goform/formSetPassword of the component Parameter Handler. This manipulation of the argument webpage causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. The vendor

thehackerwire@mastodon.social at 2026-03-29T12:18:27.000Z ##

🟠 CVE-2026-5043 - High (8.8)

A weakness has been identified in Belkin F9K1122 1.00.33. The impacted element is the function formSetPassword of the file /goform/formSetPassword of the component Parameter Handler. This manipulation of the argument webpage causes stack-based buf...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-29T12:18:27.000Z ##

🟠 CVE-2026-5043 - High (8.8)

A weakness has been identified in Belkin F9K1122 1.00.33. The impacted element is the function formSetPassword of the file /goform/formSetPassword of the component Parameter Handler. This manipulation of the argument webpage causes stack-based buf...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5042
(8.8 HIGH)

EPSS: 0.04%

updated 2026-03-29T12:31:25

2 posts

A security flaw has been discovered in Belkin F9K1122 1.00.33. The affected element is the function formCrossBandSwitch of the file /goform/formCrossBandSwitch of the component Parameter Handler. The manipulation of the argument webpage results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor wa

thehackerwire@mastodon.social at 2026-03-29T11:17:47.000Z ##

🟠 CVE-2026-5042 - High (8.8)

A security flaw has been discovered in Belkin F9K1122 1.00.33. The affected element is the function formCrossBandSwitch of the file /goform/formCrossBandSwitch of the component Parameter Handler. The manipulation of the argument webpage results in...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-29T11:17:47.000Z ##

🟠 CVE-2026-5042 - High (8.8)

A security flaw has been discovered in Belkin F9K1122 1.00.33. The affected element is the function formCrossBandSwitch of the file /goform/formCrossBandSwitch of the component Parameter Handler. The manipulation of the argument webpage results in...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5035
(7.3 HIGH)

EPSS: 0.03%

updated 2026-03-29T09:30:17

2 posts

A vulnerability has been found in code-projects Accounting System 1.0. This affects an unknown part of the file /view_work.php of the component Parameter Handler. Such manipulation of the argument en_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

offseq at 2026-03-29T07:30:27.110Z ##

⚠️ MEDIUM severity SQL Injection (CVE-2026-5035) found in code-projects Accounting System 1.0 (/view_work.php, Parameter Handler). Public exploit available — review your systems and restrict access if possible. radar.offseq.com/threat/cve-20

##
offseq@infosec.exchange at 2026-03-29T07:30:27.000Z ##

⚠️ MEDIUM severity SQL Injection (CVE-2026-5035) found in code-projects Accounting System 1.0 (/view_work.php, Parameter Handler). Public exploit available — review your systems and restrict access if possible. radar.offseq.com/threat/cve-20 #OffSeq #SQLInjection #Vuln

##

CVE-2026-5036
(8.8 HIGH)

EPSS: 0.05%

updated 2026-03-29T08:15:56.063000

4 posts

A vulnerability was found in Tenda 4G06 04.06.01.29. This vulnerability affects the function fromDhcpListClient of the file /goform/DhcpListClient of the component Endpoint. Performing a manipulation of the argument page results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made public and could be used.

offseq at 2026-03-29T09:00:27.673Z ##

🚨 CVE-2026-5036: HIGH severity stack buffer overflow in Tenda 4G06 (04.06.01.29) enables remote code execution. Exploit code is public — patch or mitigate now. Watch for attacks on /goform/DhcpListClient. radar.offseq.com/threat/cve-20

##
thehackerwire@mastodon.social at 2026-03-29T08:17:22.000Z ##

🟠 CVE-2026-5036 - High (8.8)

A vulnerability was found in Tenda 4G06 04.06.01.29. This vulnerability affects the function fromDhcpListClient of the file /goform/DhcpListClient of the component Endpoint. Performing a manipulation of the argument page results in stack-based buf...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
offseq@infosec.exchange at 2026-03-29T09:00:27.000Z ##

🚨 CVE-2026-5036: HIGH severity stack buffer overflow in Tenda 4G06 (04.06.01.29) enables remote code execution. Exploit code is public — patch or mitigate now. Watch for attacks on /goform/DhcpListClient. radar.offseq.com/threat/cve-20 #OffSeq #CVE20265036 #RouterSecurity

##
thehackerwire@mastodon.social at 2026-03-29T08:17:22.000Z ##

🟠 CVE-2026-5036 - High (8.8)

A vulnerability was found in Tenda 4G06 04.06.01.29. This vulnerability affects the function fromDhcpListClient of the file /goform/DhcpListClient of the component Endpoint. Performing a manipulation of the argument page results in stack-based buf...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5033
(7.3 HIGH)

EPSS: 0.03%

updated 2026-03-29T06:31:22

2 posts

A vulnerability was detected in code-projects Accounting System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_costumer.php of the component Parameter Handler. The manipulation of the argument cos_id results in sql injection. The attack may be performed from remote. The exploit is now public and may be used.

offseq at 2026-03-29T06:00:29.808Z ##

🚨 CVE-2026-5033 (MEDIUM): SQL injection in code-projects Accounting System 1.0 (/view_costumer.php, cos_id) is being actively exploited. Remote risk — monitor and patch as soon as fixes arrive. More: radar.offseq.com/threat/cve-20

##
offseq@infosec.exchange at 2026-03-29T06:00:29.000Z ##

🚨 CVE-2026-5033 (MEDIUM): SQL injection in code-projects Accounting System 1.0 (/view_costumer.php, cos_id) is being actively exploited. Remote risk — monitor and patch as soon as fixes arrive. More: radar.offseq.com/threat/cve-20 #OffSeq #SQLInjection #VulnResearch

##

CVE-2026-5024
(8.8 HIGH)

EPSS: 0.04%

updated 2026-03-29T06:31:20

4 posts

A vulnerability was found in D-Link DIR-513 1.10. This issue affects the function formSetEmail of the file /goform/formSetEmail. Performing a manipulation of the argument curTime results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the m

offseq at 2026-03-29T04:30:27.484Z ##

🔴 CVE-2026-5024: HIGH-severity stack buffer overflow in D-Link DIR-513 (v1.10). Remote, no auth needed, public exploit released. Replace ASAP or isolate device & restrict access. No patch from vendor. radar.offseq.com/threat/cve-20

##
thehackerwire@mastodon.social at 2026-03-29T04:19:49.000Z ##

🟠 CVE-2026-5024 - High (8.8)

A vulnerability was found in D-Link DIR-513 1.10. This issue affects the function formSetEmail of the file /goform/formSetEmail. Performing a manipulation of the argument curTime results in stack-based buffer overflow. The attack is possible to be...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
offseq@infosec.exchange at 2026-03-29T04:30:27.000Z ##

🔴 CVE-2026-5024: HIGH-severity stack buffer overflow in D-Link DIR-513 (v1.10). Remote, no auth needed, public exploit released. Replace ASAP or isolate device & restrict access. No patch from vendor. radar.offseq.com/threat/cve-20 #OffSeq #Vulnerability #RouterSecurity

##
thehackerwire@mastodon.social at 2026-03-29T04:19:49.000Z ##

🟠 CVE-2026-5024 - High (8.8)

A vulnerability was found in D-Link DIR-513 1.10. This issue affects the function formSetEmail of the file /goform/formSetEmail. Performing a manipulation of the argument curTime results in stack-based buffer overflow. The attack is possible to be...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5021
(8.8 HIGH)

EPSS: 0.05%

updated 2026-03-29T02:16:17.377000

4 posts

A flaw has been found in Tenda F453 1.0.0.3. This affects the function fromPPTPUserSetting of the file /goform/PPTPUserSetting of the component httpd. This manipulation of the argument delno causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.

offseq at 2026-03-29T03:00:27.841Z ##

🔎 HIGH: CVE-2026-5021 in Tenda F453 v1.0.0.3 enables remote stack buffer overflow via /goform/PPTPUserSetting — no auth needed! PoC is public; patch/mitigate now to block total device compromise. radar.offseq.com/threat/cve-20

##
thehackerwire@mastodon.social at 2026-03-29T02:17:28.000Z ##

🟠 CVE-2026-5021 - High (8.8)

A flaw has been found in Tenda F453 1.0.0.3. This affects the function fromPPTPUserSetting of the file /goform/PPTPUserSetting of the component httpd. This manipulation of the argument delno causes stack-based buffer overflow. Remote exploitation ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
offseq@infosec.exchange at 2026-03-29T03:00:27.000Z ##

🔎 HIGH: CVE-2026-5021 in Tenda F453 v1.0.0.3 enables remote stack buffer overflow via /goform/PPTPUserSetting — no auth needed! PoC is public; patch/mitigate now to block total device compromise. radar.offseq.com/threat/cve-20 #OffSeq #CVE20265021 #Infosec #Router

##
thehackerwire@mastodon.social at 2026-03-29T02:17:28.000Z ##

🟠 CVE-2026-5021 - High (8.8)

A flaw has been found in Tenda F453 1.0.0.3. This affects the function fromPPTPUserSetting of the file /goform/PPTPUserSetting of the component httpd. This manipulation of the argument delno causes stack-based buffer overflow. Remote exploitation ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4851
(0 None)

EPSS: 0.09%

updated 2026-03-29T01:15:56.967000

4 posts

GRID::Machine versions through 0.127 for Perl allows arbitrary code execution via unsafe deserialization. GRID::Machine provides Remote Procedure Calls (RPC) over SSH for Perl. The client connects to remote hosts to execute code on them. A compromised or malicious remote host can execute arbitrary code back on the client through unsafe deserialization in the RPC protocol. read_operation() in lib

barubary at 2026-03-29T05:31:32.233Z ##

@offseq

CRITICAL: CVE-2026-4851 affects CASIANO GRID::Machine

... which is abandonware last updated in 2011.

##
offseq at 2026-03-29T01:30:28.414Z ##

⚠️ CRITICAL: CVE-2026-4851 affects CASIANO GRID::Machine (≤0.127). Malicious remote hosts can trigger client-side RCE via unsafe eval() deserialization. Only connect to trusted hosts & review code paths. Details: radar.offseq.com/threat/cve-20

##
barubary@infosec.exchange at 2026-03-29T05:31:32.000Z ##

@offseq

CRITICAL: CVE-2026-4851 affects CASIANO GRID::Machine

... which is abandonware last updated in 2011.

##
offseq@infosec.exchange at 2026-03-29T01:30:28.000Z ##

⚠️ CRITICAL: CVE-2026-4851 affects CASIANO GRID::Machine (≤0.127). Malicious remote hosts can trigger client-side RCE via unsafe eval() deserialization. Only connect to trusted hosts & review code paths. Details: radar.offseq.com/threat/cve-20 #OffSeq #CVE20264851 #Perl #Security

##

CVE-2026-5019
(7.3 HIGH)

EPSS: 0.03%

updated 2026-03-29T00:31:05

2 posts

A security vulnerability has been detected in code-projects Simple Food Order System 1.0. Affected by this vulnerability is an unknown functionality of the file all-orders.php of the component Parameter Handler. The manipulation of the argument Status leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.

offseq at 2026-03-29T00:00:37.316Z ##

⚠️ CVE-2026-5019: SQL injection in code-projects Simple Food Order System 1.0 (all-orders.php, Status param). MEDIUM severity, public exploit available — remote attackers at risk. Monitor and restrict exposure. radar.offseq.com/threat/cve-20

##
offseq@infosec.exchange at 2026-03-29T00:00:37.000Z ##

⚠️ CVE-2026-5019: SQL injection in code-projects Simple Food Order System 1.0 (all-orders.php, Status param). MEDIUM severity, public exploit available — remote attackers at risk. Monitor and restrict exposure. radar.offseq.com/threat/cve-20 #OffSeq #SQLi #Vuln

##

CVE-2026-5004
(8.8 HIGH)

EPSS: 0.04%

updated 2026-03-28T18:30:20

4 posts

A vulnerability was determined in Wavlink WL-WN579X3-C 231124. This impacts the function sub_4019FC of the file /cgi-bin/firewall.cgi of the component UPNP Handler. Executing a manipulation of the argument UpnpEnabled can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early abo

offseq at 2026-03-28T22:00:27.784Z ##

🚨 HIGH severity buffer overflow in Wavlink WL-WN579X3-C (231124): Remote attackers can exploit UPnP Handler to run code. No patch from vendor. Disable UPnP & block remote access immediately. CVE-2026-5004 radar.offseq.com/threat/cve-20

##
thehackerwire@mastodon.social at 2026-03-28T21:00:16.000Z ##

🟠 CVE-2026-5004 - High (8.8)

A vulnerability was determined in Wavlink WL-WN579X3-C 231124. This impacts the function sub_4019FC of the file /cgi-bin/firewall.cgi of the component UPNP Handler. Executing a manipulation of the argument UpnpEnabled can lead to stack-based buffe...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
offseq@infosec.exchange at 2026-03-28T22:00:27.000Z ##

🚨 HIGH severity buffer overflow in Wavlink WL-WN579X3-C (231124): Remote attackers can exploit UPnP Handler to run code. No patch from vendor. Disable UPnP & block remote access immediately. CVE-2026-5004 radar.offseq.com/threat/cve-20 #OffSeq #Infosec #RouterSecurity #CVE20265004

##
thehackerwire@mastodon.social at 2026-03-28T21:00:16.000Z ##

🟠 CVE-2026-5004 - High (8.8)

A vulnerability was determined in Wavlink WL-WN579X3-C 231124. This impacts the function sub_4019FC of the file /cgi-bin/firewall.cgi of the component UPNP Handler. Executing a manipulation of the argument UpnpEnabled can lead to stack-based buffe...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2017-20227
(9.8 CRITICAL)

EPSS: 0.07%

updated 2026-03-28T12:30:36

1 posts

JAD Java Decompiler 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying overly long input that exceeds buffer boundaries. Attackers can craft malicious input passed to the jad command to overflow the stack and execute a return-oriented programming chain that spawns a shell.

Matchbook3469@mastodon.social at 2026-03-29T07:34:36.000Z ##

🔴 New security advisory:

CVE-2017-20227 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
yazoul.net/advisory/cve/cve-20

#Cybersecurity #SecurityPatching #HackerNews

##

CVE-2026-30458
(9.1 CRITICAL)

EPSS: 0.03%

updated 2026-03-28T03:32:30

2 posts

An issue in Daylight Studio FuelCMS v1.5.2 allows attackers to exfiltrate users' password reset tokens via a mail splitting attack.

thehackerwire@mastodon.social at 2026-03-29T02:00:14.000Z ##

🔴 CVE-2026-30458 - Critical (9.1)

An issue in Daylight Studio FuelCMS v1.5.2 allows attackers to exfiltrate users' password reset tokens via a mail splitting attack.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-29T02:00:14.000Z ##

🔴 CVE-2026-30458 - Critical (9.1)

An issue in Daylight Studio FuelCMS v1.5.2 allows attackers to exfiltrate users' password reset tokens via a mail splitting attack.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-30457
(9.8 CRITICAL)

EPSS: 0.07%

updated 2026-03-28T03:16:00.830000

2 posts

An issue in the /parser/dwoo component of Daylight Studio FuelCMS v1.5.2 allows attackers to execute arbitrary code via crafted PHP code.

thehackerwire@mastodon.social at 2026-03-29T03:00:39.000Z ##

🔴 CVE-2026-30457 - Critical (9.8)

An issue in the /parser/dwoo component of Daylight Studio FuelCMS v1.5.2 allows attackers to execute arbitrary code via crafted PHP code.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-29T03:00:39.000Z ##

🔴 CVE-2026-30457 - Critical (9.8)

An issue in the /parser/dwoo component of Daylight Studio FuelCMS v1.5.2 allows attackers to execute arbitrary code via crafted PHP code.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4987
(7.5 HIGH)

EPSS: 0.07%

updated 2026-03-28T02:16:14.793000

6 posts

The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and including, 2.5.2. This is due to the create_payment_intent() function performing a payment validation solely based on the value of a user-controlled parameter. This makes it possible for unauthenticated attackers to bypass configured form pay

offseq at 2026-03-28T23:30:13.077Z ##

⚠️ CVE-2026-4987 (HIGH): SureForms plugin for WordPress lets attackers bypass payment amount validation by setting form_id to 0 — no auth needed, all versions <=2.5.2 at risk. Patch or mitigate now! radar.offseq.com/threat/cve-20

##
thehackerwire@mastodon.social at 2026-03-28T21:00:28.000Z ##

🟠 CVE-2026-4987 - High (7.5)

The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and including, 2.5.2. This is due to the create_payment_intent() function performing a paym...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
offseq at 2026-03-28T06:00:32.861Z ##

CVE-2026-4987 (HIGH): SureForms for WordPress lets unauthenticated attackers bypass payment validation via form_id=0. All versions vulnerable — financial loss risk. Patch when available or apply server-side validation. radar.offseq.com/threat/cve-20

##
offseq@infosec.exchange at 2026-03-28T23:30:13.000Z ##

⚠️ CVE-2026-4987 (HIGH): SureForms plugin for WordPress lets attackers bypass payment amount validation by setting form_id to 0 — no auth needed, all versions <=2.5.2 at risk. Patch or mitigate now! radar.offseq.com/threat/cve-20 #OffSeq #WordPress #Vuln #PaymentSecurity

##
thehackerwire@mastodon.social at 2026-03-28T21:00:28.000Z ##

🟠 CVE-2026-4987 - High (7.5)

The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and including, 2.5.2. This is due to the create_payment_intent() function performing a paym...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
offseq@infosec.exchange at 2026-03-28T06:00:32.000Z ##

CVE-2026-4987 (HIGH): SureForms for WordPress lets unauthenticated attackers bypass payment validation via form_id=0. All versions vulnerable — financial loss risk. Patch when available or apply server-side validation. radar.offseq.com/threat/cve-20 #OffSeq #WordPress #Vuln

##

CVE-2026-4976
(8.8 HIGH)

EPSS: 0.08%

updated 2026-03-27T23:17:18.700000

1 posts

A vulnerability was found in Totolink LR350 9.3.5u.6369_B20220309. This vulnerability affects the function setWiFiGuestCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid results in buffer overflow. The attack can be launched remotely. The exploit has been made public and could be used.

thehackerwire@mastodon.social at 2026-03-27T21:37:46.000Z ##

🟠 CVE-2026-4976 - High (8.8)

A vulnerability was found in Totolink LR350 9.3.5u.6369_B20220309. This vulnerability affects the function setWiFiGuestCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid results in buffer overflow. The attack can be launch...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4961
(8.8 HIGH)

EPSS: 0.05%

updated 2026-03-27T23:17:16.953000

1 posts

A vulnerability was identified in Tenda AC6 15.03.05.16. Affected by this vulnerability is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.

thehackerwire@mastodon.social at 2026-03-27T22:00:29.000Z ##

🟠 CVE-2026-4961 - High (8.8)

A vulnerability was identified in Tenda AC6 15.03.05.16. Affected by this vulnerability is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. The manipulation of the argument PPPOEPassword leads to st...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4248
(8.0 HIGH)

EPSS: 0.03%

updated 2026-03-27T23:17:14.753000

4 posts

The Ultimate Member plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11.2. This is due to the '{usermeta:password_reset_link}' template tag being processed within post content via the '[um_loggedin]' shortcode, which generates a valid password reset token for the currently logged-in user viewing the page. This makes it possible for authen

offseq at 2026-03-28T09:00:28.256Z ##

🔥 HIGH severity: CVE-2026-4248 in Ultimate Member plugin (≤2.11.2) lets Contributor users trigger admin password resets via malicious post preview — risking full site takeover. Restrict access & monitor now! radar.offseq.com/threat/cve-20

##
thehackerwire@mastodon.social at 2026-03-27T23:18:48.000Z ##

🟠 CVE-2026-4248 - High (8)

The Ultimate Member plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11.2. This is due to the '{usermeta:password_reset_link}' template tag being processed within post content via the '[u...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
offseq@infosec.exchange at 2026-03-28T09:00:28.000Z ##

🔥 HIGH severity: CVE-2026-4248 in Ultimate Member plugin (≤2.11.2) lets Contributor users trigger admin password resets via malicious post preview — risking full site takeover. Restrict access & monitor now! radar.offseq.com/threat/cve-20 #OffSeq #WordPress #CVE20264248 #Vuln

##
thehackerwire@mastodon.social at 2026-03-27T23:18:48.000Z ##

🟠 CVE-2026-4248 - High (8)

The Ultimate Member plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11.2. This is due to the '{usermeta:password_reset_link}' template tag being processed within post content via the '[u...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33989
(8.1 HIGH)

EPSS: 0.04%

updated 2026-03-27T22:16:22.950000

4 posts

Mobile Next is an MCP server for mobile development and automation. Prior to version 0.0.49, the `@mobilenext/mobile-mcp` server contains a Path Traversal vulnerability in the `mobile_save_screenshot` and `mobile_start_screen_recording` tools. The `saveTo` and `output` parameters were passed directly to filesystem operations without validation, allowing an attacker to write files outside the inten

thehackerwire@mastodon.social at 2026-03-27T22:24:35.000Z ##

🟠 CVE-2026-33989 - High (8.1)

Mobile Next is an MCP server for mobile development and automation. Prior to version 0.0.49, the `@mobilenext/mobile-mcp` server contains a Path Traversal vulnerability in the `mobile_save_screenshot` and `mobile_start_screen_recording` tools. The...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T22:18:49.000Z ##

🟠 CVE-2026-33989 - High (8.1)

Mobile Next is an MCP server for mobile development and automation. Prior to version 0.0.49, the `@mobilenext/mobile-mcp` server contains a Path Traversal vulnerability in the `mobile_save_screenshot` and `mobile_start_screen_recording` tools. The...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T22:24:35.000Z ##

🟠 CVE-2026-33989 - High (8.1)

Mobile Next is an MCP server for mobile development and automation. Prior to version 0.0.49, the `@mobilenext/mobile-mcp` server contains a Path Traversal vulnerability in the `mobile_save_screenshot` and `mobile_start_screen_recording` tools. The...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T22:18:49.000Z ##

🟠 CVE-2026-33989 - High (8.1)

Mobile Next is an MCP server for mobile development and automation. Prior to version 0.0.49, the `@mobilenext/mobile-mcp` server contains a Path Traversal vulnerability in the `mobile_save_screenshot` and `mobile_start_screen_recording` tools. The...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33980
(8.3 HIGH)

EPSS: 0.05%

updated 2026-03-27T22:16:22.607000

2 posts

Azure Data Explorer MCP Server is a Model Context Protocol (MCP) server that enables AI assistants to execute KQL queries and explore Azure Data Explorer (ADX/Kusto) databases through standardized interfaces. Versions up to and including 0.1.1 contain KQL (Kusto Query Language) injection vulnerabilities in three MCP tool handlers: `get_table_schema`, `sample_table_data`, and `get_table_details`. T

thehackerwire@mastodon.social at 2026-03-27T22:18:43.000Z ##

🟠 CVE-2026-33980 - High (8.3)

Azure Data Explorer MCP Server is a Model Context Protocol (MCP) server that enables AI assistants to execute KQL queries and explore Azure Data Explorer (ADX/Kusto) databases through standardized interfaces. Versions up to and including 0.1.1 con...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T22:18:43.000Z ##

🟠 CVE-2026-33980 - High (8.3)

Azure Data Explorer MCP Server is a Model Context Protocol (MCP) server that enables AI assistants to execute KQL queries and explore Azure Data Explorer (ADX/Kusto) databases through standardized interfaces. Versions up to and including 0.1.1 con...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33976
(9.6 CRITICAL)

EPSS: 0.14%

updated 2026-03-27T22:16:22.250000

7 posts

Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop and 3.3.17 on Android/iOS, a stored XSS in the Web Clipper rendering flow can be escalated to remote code execution in the desktop app. The root cause is that the clipper preserves attacker-controlled attributes from the source page’s root element and stores them inside web-clip HTML. When the clip is later opened, Notesnook re

offseq at 2026-03-28T20:30:35.764Z ##

🚨 CVE-2026-33976 (CRITICAL, CVSS 9.7): Notesnook Web/Desktop <3.3.11 vulnerable to stored XSS → RCE via Web Clipper. Patch ASAP & review Electron settings. Details: radar.offseq.com/threat/cve-20

##
thehackerwire@mastodon.social at 2026-03-27T22:24:17.000Z ##

🔴 CVE-2026-33976 - Critical (9.6)

Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop and 3.3.17 on Android/iOS, a stored XSS in the Web Clipper rendering flow can be escalated to remote code execution in the desktop app. The root cause is that the clipper prese...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T22:18:30.000Z ##

🔴 CVE-2026-33976 - Critical (9.6)

Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop and 3.3.17 on Android/iOS, a stored XSS in the Web Clipper rendering flow can be escalated to remote code execution in the desktop app. The root cause is that the clipper prese...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
offseq@infosec.exchange at 2026-03-28T20:30:35.000Z ##

🚨 CVE-2026-33976 (CRITICAL, CVSS 9.7): Notesnook Web/Desktop <3.3.11 vulnerable to stored XSS → RCE via Web Clipper. Patch ASAP & review Electron settings. Details: radar.offseq.com/threat/cve-20 #OffSeq #Cybersecurity #Infosec #Vulnerability

##
thehackerwire@mastodon.social at 2026-03-27T22:24:17.000Z ##

🔴 CVE-2026-33976 - Critical (9.6)

Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop and 3.3.17 on Android/iOS, a stored XSS in the Web Clipper rendering flow can be escalated to remote code execution in the desktop app. The root cause is that the clipper prese...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T22:18:30.000Z ##

🔴 CVE-2026-33976 - Critical (9.6)

Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop and 3.3.17 on Android/iOS, a stored XSS in the Web Clipper rendering flow can be escalated to remote code execution in the desktop app. The root cause is that the clipper prese...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
offseq@infosec.exchange at 2026-03-27T22:00:29.000Z ##

🚨CRITICAL: CVE-2026-33976 in Notesnook Web/Desktop <3.3.11 — stored XSS in Web Clipper leads to RCE via Electron misconfig. Patch ASAP & review Electron security settings. More: radar.offseq.com/threat/cve-20 #OffSeq #XSS #CyberSecurity #RCE

##

CVE-2026-27309
(7.8 HIGH)

EPSS: 0.03%

updated 2026-03-27T22:16:20.497000

2 posts

Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

thehackerwire@mastodon.social at 2026-03-27T22:28:20.000Z ##

🟠 CVE-2026-27309 - High (7.8)

Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T22:28:20.000Z ##

🟠 CVE-2026-27309 - High (7.8)

Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33661
(8.6 HIGH)

EPSS: 0.13%

updated 2026-03-27T22:10:54

1 posts

## Summary The `verify_wechat_sign()` function in `src/Functions.php` unconditionally **skips all signature verification** when the PSR-7 request reports `localhost` as the host. An attacker can exploit this by sending a crafted HTTP request to the WeChat Pay callback endpoint with a `Host: localhost` header, bypassing the RSA signature check entirely. This allows forging fake WeChat Pay payment

thehackerwire@mastodon.social at 2026-03-26T22:19:43.000Z ##

🟠 CVE-2026-33661 - High (8.6)

Pay is an open-source payment SDK extension package for various Chinese payment services. Prior to version 3.7.20, the `verify_wechat_sign()` function in `src/Functions.php` unconditionally skips all signature verification when the PSR-7 request r...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33634(CVSS UNKNOWN)

EPSS: 20.84%

updated 2026-03-27T22:07:00

2 posts

## Summary On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in `aquasecurity/trivy-action` to credential-stealing malware, and replace all 7 tags in `aquasecurity/setup-trivy` with malicious commits. On March 22, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.5 and v0

1 repos

https://github.com/ugurrates/teampcp-supply-chain-attack

technadu@infosec.exchange at 2026-03-27T08:14:16.000Z ##

CISA adds CVE-2026-33634 (Trivy) to KEV - active exploitation confirmed.

If it’s in KEV, it’s already a threat.

Source: cisa.gov/news-events/alerts/20

💬 Is KEV your top patch priority?
🔔 Follow TechNadu

#InfoSec #KEV #CyberSecurity

##
secdb@infosec.exchange at 2026-03-26T22:21:34.000Z ##

🚨 [CISA-2026:0326] CISA Adds One Known Exploited Vulnerability to Catalog (secdb.nttzen.cloud/security-ad)

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2026-33634 (secdb.nttzen.cloud/cve/detail/)
- Name: Aquasecurity Trivy Embedded Malicious Code Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Aquasecurity
- Product: Trivy
- Notes: This vulnerability involves a supply‑chain compromise in a product that may be used across multiple products and environments. Additional vendor‑provided guidance must be followed to ensure full remediation. For more information, please see: github.com/advisories/GHSA-69f ; nvd.nist.gov/vuln/detail/CVE-2

#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260326 #cisa20260326 #cve_2026_33634 #cve202633634

##

CVE-2026-33938
(8.1 HIGH)

EPSS: 0.07%

updated 2026-03-27T21:52:26

1 posts

## Summary The `@partial-block` special variable is stored in the template data context and is reachable and mutable from within a template via helpers that accept arbitrary objects. When a helper overwrites `@partial-block` with a crafted Handlebars AST, a subsequent invocation of `{{> @partial-block}}` compiles and executes that AST, enabling arbitrary JavaScript execution on the server. ## De

thehackerwire@mastodon.social at 2026-03-27T21:38:04.000Z ##

🟠 CVE-2026-33938 - High (8.1)

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the `@partial-block` special variable is stored in the template data context and is reachable and mutable from within a template via he...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33937
(9.8 CRITICAL)

EPSS: 0.25%

updated 2026-03-27T21:52:19

4 posts

## Summary `Handlebars.compile()` accepts a pre-parsed AST object in addition to a template string. The `value` field of a `NumberLiteral` AST node is emitted directly into the generated JavaScript without quoting or sanitization. An attacker who can supply a crafted AST to `compile()` can therefore inject and execute arbitrary JavaScript, leading to Remote Code Execution on the server. ## Descr

1 repos

https://github.com/dinhvaren/cve-2026-33937

Matchbook3469@mastodon.social at 2026-03-28T15:23:18.000Z ##

🚨 New security advisory:

CVE-2026-33937 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
yazoul.net/advisory/cve/cve-20

#Cybersecurity #SecurityPatching #HackerNews

##
offseq at 2026-03-27T23:30:27.895Z ##

⚠️ CRITICAL: handlebars.js v4.0.0 – 4.7.8 vulnerable (CVE-2026-33937). Type confusion in compile() lets attackers inject JS & gain RCE via crafted AST. Upgrade to 4.7.9+, validate inputs, use runtime-only build if possible. radar.offseq.com/threat/cve-20

##
offseq@infosec.exchange at 2026-03-27T23:30:27.000Z ##

⚠️ CRITICAL: handlebars.js v4.0.0 – 4.7.8 vulnerable (CVE-2026-33937). Type confusion in compile() lets attackers inject JS & gain RCE via crafted AST. Upgrade to 4.7.9+, validate inputs, use runtime-only build if possible. radar.offseq.com/threat/cve-20 #OffSeq #CVE202633937 #infosec

##
thehackerwire@mastodon.social at 2026-03-27T21:37:55.000Z ##

🔴 CVE-2026-33937 - Critical (9.8)

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, `Handlebars.compile()` accepts a pre-parsed AST object in addition to a template string. The `value` field of a `NumberLiteral` AST nod...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33895
(7.5 HIGH)

EPSS: 0.03%

updated 2026-03-27T21:51:07

2 posts

## Summary Ed25519 signature verification accepts forged non-canonical signatures where the scalar S is not reduced modulo the group order (`S >= L`). A valid signature and its `S + L` variant both verify in forge, while Node.js `crypto.verify` (OpenSSL-backed) rejects the `S + L` variant, [as defined by the specification](https://datatracker.ietf.org/doc/html/rfc8032#section-8.4). This class of s

thehackerwire@mastodon.social at 2026-03-27T21:43:40.000Z ##

🟠 CVE-2026-33895 - High (7.5)

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, Ed25519 signature verification accepts forged non-canonical signatures where the scalar S is not reduced modulo the grou...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T21:39:16.000Z ##

🟠 CVE-2026-33895 - High (7.5)

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, Ed25519 signature verification accepts forged non-canonical signatures where the scalar S is not reduced modulo the grou...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33894
(7.5 HIGH)

EPSS: 0.03%

updated 2026-03-27T21:50:56

2 posts

## Summary RSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low public exponent keys (e=3). Attackers can forge signatures by stuffing “garbage” bytes within the ASN structure in order to construct a signature that passes verification, enabling [Bleichenbacher style forgery](https://mailarchive.ietf.org/arch/msg/openpgp/5rnE9ZRN1AokBVj3VqblGlP63QE/). This issue is similar to

thehackerwire@mastodon.social at 2026-03-27T21:43:49.000Z ##

🟠 CVE-2026-33894 - High (7.5)

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, RSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low public exponent keys (e=3). Attackers can fo...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T21:39:25.000Z ##

🟠 CVE-2026-33894 - High (7.5)

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, RSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low public exponent keys (e=3). Attackers can fo...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32241
(7.5 HIGH)

EPSS: 0.13%

updated 2026-03-27T21:48:13

2 posts

### Background The Flannel project includes an experimental Extension backend that allows users to easily prototype new backend types. This backend uses shell commands stored in Kubernetes annotations to configure network connectivity on the node. Note: consumers are only affected by this vulnerability if they use the experimental Extension backend. Other backends such as vxlan and wireguard are

thehackerwire@mastodon.social at 2026-03-27T21:39:38.000Z ##

🟠 CVE-2026-32241 - High (7.5)

Flannel is a network fabric for containers, designed for Kubernetes. The Flannel project includes an experimental Extension backend that allows users to easily prototype new backend types. In versions of Flannel prior to 0.28.2, this Extension bac...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T21:00:55.000Z ##

🟠 CVE-2026-32241 - High (7.5)

Flannel is a network fabric for containers, designed for Kubernetes. The Flannel project includes an experimental Extension backend that allows users to easily prototype new backend types. In versions of Flannel prior to 0.28.2, this Extension bac...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33744
(7.8 HIGH)

EPSS: 0.02%

updated 2026-03-27T21:37:34

2 posts

## Summary The `docker.system_packages` field in `bentofile.yaml` accepts arbitrary strings that are interpolated directly into Dockerfile `RUN` commands without sanitization. Since `system_packages` is semantically a list of OS package names (data), users do not expect values to be interpreted as shell commands. A malicious `bentofile.yaml` achieves arbitrary command execution during `bentoml co

thehackerwire@mastodon.social at 2026-03-28T23:00:29.000Z ##

🟠 CVE-2026-33744 - High (7.8)

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.37, the `docker.system_packages` field in `bentofile.yaml` accepts arbitrary strings that are interpolated directly into Docker...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-28T23:00:29.000Z ##

🟠 CVE-2026-33744 - High (7.8)

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.37, the `docker.system_packages` field in `bentofile.yaml` accepts arbitrary strings that are interpolated directly into Docker...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33701(CVSS UNKNOWN)

EPSS: 0.50%

updated 2026-03-27T21:37:05

1 posts

In versions prior to 2.26.1, the RMI instrumentation registered a custom endpoint that deserialized incoming data without applying serialization filters. An attacker with network access to a JMX or RMI port on an instrumented JVM could exploit this to potentially achieve remote code execution. All three of the following conditions must be true to exploit this vulnerability: 1. OpenTelemetry Java i

offseq@infosec.exchange at 2026-03-27T03:00:29.000Z ##

🚨 CRITICAL: CVE-2026-33701 affects opentelemetry-java-instrumentation <2.26.1. Unauthenticated RCE possible on Java ≤16 via unsafe RMI deserialization. Upgrade to 2.26.1+ or disable RMI now! Details: radar.offseq.com/threat/cve-20 #OffSeq #Java #RCE #Vuln

##

CVE-2026-33671
(7.5 HIGH)

EPSS: 0.04%

updated 2026-03-27T21:36:14

1 posts

### Impact `picomatch` is vulnerable to Regular Expression Denial of Service (ReDoS) when processing crafted extglob patterns. Certain patterns using extglob quantifiers such as `+()` and `*()`, especially when combined with overlapping alternatives or nested extglobs, are compiled into regular expressions that can exhibit catastrophic backtracking on non-matching input. Examples of problematic p

thehackerwire@mastodon.social at 2026-03-26T22:19:23.000Z ##

🟠 CVE-2026-33671 - High (7.5)

Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) when processing crafted extglob patterns. Certain patterns using extglob quantifiers such as `...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33686
(8.8 HIGH)

EPSS: 0.06%

updated 2026-03-27T21:36:05

1 posts

### Summary A path traversal vulnerability exists in the FileUtil class of the code16/sharp package. The application fails to sanitize file extensions properly, allowing path separators to be passed into the storage layer. ### Detail In `src/Utils/FileUtil.php`, the `FileUtil::explodeExtension()` function extracts a file's extension by splitting the filename at the last dot. However, the extracte

thehackerwire@mastodon.social at 2026-03-26T22:18:08.000Z ##

🟠 CVE-2026-33686 - High (8.8)

Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 have a path traversal vulnerability in the FileUtil class. The application fails to sanitize file extensions properly, allowing path separators to be...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33687
(8.8 HIGH)

EPSS: 0.04%

updated 2026-03-27T21:35:59

1 posts

### Summary The `code16/sharp` Laravel admin panel package contains a vulnerability in its file upload endpoint that allows authenticated users to bypass all file type restrictions. ### Details The upload endpoint within the `ApiFormUploadController` accepts a client-controlled `validation_rule` parameter. This parameter is directly passed into the Laravel validator without sufficient server-sid

thehackerwire@mastodon.social at 2026-03-26T22:18:17.000Z ##

🟠 CVE-2026-33687 - High (8.8)

Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 contain a vulnerability in the file upload endpoint that allows authenticated users to bypass all file type restrictions. The upload endpoint within t...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-22743
(7.5 HIGH)

EPSS: 0.04%

updated 2026-03-27T21:32:40

2 posts

Spring AI's spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpressionConverter. When a user-controlled string is passed as a filter expression key in Neo4jVectorFilterExpressionConverter of spring-ai-neo4j-store, doKey() embeds the key into a backtick-delimited Cypher property accessor (node.`metadata.`) after stripping only double quotes, without escaping embe

thehackerwire@mastodon.social at 2026-03-28T23:00:18.000Z ##

🟠 CVE-2026-22743 - High (7.5)

Spring AI's spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpressionConverter. When a user-controlled string is passed as a filter expression key in Neo4jVectorFilterExpressionConverter of spring-ai-neo4...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-28T23:00:18.000Z ##

🟠 CVE-2026-22743 - High (7.5)

Spring AI's spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpressionConverter. When a user-controlled string is passed as a filter expression key in Neo4jVectorFilterExpressionConverter of spring-ai-neo4...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-30303
(9.8 CRITICAL)

EPSS: 0.35%

updated 2026-03-27T21:32:40

3 posts

The command auto-approval module in Axon Code contains an OS Command Injection vulnerability, rendering its whitelist security mechanism ineffective. The vulnerability stems from the incorrect use of an incompatible command parser (the Unix-based shell-quote library) to analyze commands on the Windows platform, coupled with a failure to correctly handle Windows CMD-specific escape sequences (^). A

Matchbook3469@mastodon.social at 2026-03-28T11:21:25.000Z ##

🚨 New security advisory:

CVE-2026-30303 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
yazoul.net/advisory/cve/cve-20

#Cybersecurity #SecurityPatching #HackerNews

##
thehackerwire@mastodon.social at 2026-03-27T23:05:25.000Z ##

🔴 CVE-2026-30303 - Critical (9.8)

The command auto-approval module in Axon Code contains an OS Command Injection vulnerability, rendering its whitelist security mechanism ineffective. The vulnerability stems from the incorrect use of an incompatible command parser (the Unix-based ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T23:05:25.000Z ##

🔴 CVE-2026-30303 - Critical (9.8)

The command auto-approval module in Axon Code contains an OS Command Injection vulnerability, rendering its whitelist security mechanism ineffective. The vulnerability stems from the incorrect use of an incompatible command parser (the Unix-based ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-30463
(7.7 HIGH)

EPSS: 0.03%

updated 2026-03-27T21:32:39

2 posts

Daylight Studio FuelCMS v1.5.2 was discovered to contain a SQL injection vulnerability via the /controllers/Login.php component.

thehackerwire@mastodon.social at 2026-03-29T03:00:30.000Z ##

🟠 CVE-2026-30463 - High (7.7)

Daylight Studio FuelCMS v1.5.2 was discovered to contain a SQL injection vulnerability via the /controllers/Login.php component.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-29T03:00:30.000Z ##

🟠 CVE-2026-30463 - High (7.7)

Daylight Studio FuelCMS v1.5.2 was discovered to contain a SQL injection vulnerability via the /controllers/Login.php component.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-30689
(7.5 HIGH)

EPSS: 0.03%

updated 2026-03-27T21:32:39

2 posts

A blog.admin v.8.0 and before system's getinfobytoken API interface contains an improper access control which leads to sensitive data exposure. Unauthorized parties can obtain sensitive administrator account information via a valid token, threatening system security.

thehackerwire@mastodon.social at 2026-03-27T23:00:50.000Z ##

🟠 CVE-2026-30689 - High (7.5)

A blog.admin v.8.0 and before system's getinfobytoken API interface contains an improper access control which leads to sensitive data exposure. Unauthorized parties can obtain sensitive administrator account information via a valid token, threaten...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T23:00:50.000Z ##

🟠 CVE-2026-30689 - High (7.5)

A blog.admin v.8.0 and before system's getinfobytoken API interface contains an improper access control which leads to sensitive data exposure. Unauthorized parties can obtain sensitive administrator account information via a valid token, threaten...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-30304
(9.7 CRITICAL)

EPSS: 0.06%

updated 2026-03-27T21:32:39

2 posts

In its design for automatic terminal command execution, AI Code offers two options: Execute safe commands and execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges a command to be potentially destructive, it still requires user approval. However, this design is highly susceptible to p

thehackerwire@mastodon.social at 2026-03-27T23:00:30.000Z ##

🔴 CVE-2026-30304 - Critical (9.6)

In its design for automatic terminal command execution, AI Code offers two options: Execute safe commands and execute all commands. The description for the former states that commands determined by the model to be safe will be automatically execut...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T23:00:30.000Z ##

🔴 CVE-2026-30304 - Critical (9.6)

In its design for automatic terminal command execution, AI Code offers two options: Execute safe commands and execute all commands. The description for the former states that commands determined by the model to be safe will be automatically execut...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-30302
(10.0 CRITICAL)

EPSS: 0.41%

updated 2026-03-27T21:32:39

2 posts

The command auto-approval module in CodeRider-Kilo contains an OS Command Injection vulnerability, rendering its whitelist security mechanism ineffective. The vulnerability stems from the incorrect use of an incompatible command parser (the Unix-based shell-quote library) to analyze commands on the Windows platform, coupled with a failure to correctly handle Windows CMD-specific escape sequences (

thehackerwire@mastodon.social at 2026-03-27T22:01:45.000Z ##

🔴 CVE-2026-30302 - Critical (10)

The command auto-approval module in CodeRider-Kilo contains an OS Command Injection vulnerability, rendering its whitelist security mechanism ineffective. The vulnerability stems from the incorrect use of an incompatible command parser (the Unix-b...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T22:01:45.000Z ##

🔴 CVE-2026-30302 - Critical (10)

The command auto-approval module in CodeRider-Kilo contains an OS Command Injection vulnerability, rendering its whitelist security mechanism ineffective. The vulnerability stems from the incorrect use of an incompatible command parser (the Unix-b...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4975
(8.8 HIGH)

EPSS: 0.05%

updated 2026-03-27T21:31:44

1 posts

A vulnerability has been found in Tenda AC15 15.03.05.19. This affects the function formSetCfm of the file /goform/setcfm of the component POST Request Handler. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

thehackerwire@mastodon.social at 2026-03-27T21:00:09.000Z ##

🟠 CVE-2026-4975 - High (8.8)

A vulnerability has been found in Tenda AC15 15.03.05.19. This affects the function formSetCfm of the file /goform/setcfm of the component POST Request Handler. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The a...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4974
(8.8 HIGH)

EPSS: 0.05%

updated 2026-03-27T21:31:44

1 posts

A flaw has been found in Tenda AC7 15.03.06.44. Affected by this issue is the function fromSetSysTime of the file /goform/SetSysTimeCfg of the component POST Request Handler. Executing a manipulation of the argument Time can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used.

thehackerwire@mastodon.social at 2026-03-27T20:59:59.000Z ##

🟠 CVE-2026-4974 - High (8.8)

A flaw has been found in Tenda AC7 15.03.06.44. Affected by this issue is the function fromSetSysTime of the file /goform/SetSysTimeCfg of the component POST Request Handler. Executing a manipulation of the argument Time can lead to stack-based bu...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-25075
(7.5 HIGH)

EPSS: 0.15%

updated 2026-03-27T21:31:33

1 posts

strongSwan versions 4.5.0 prior to 6.0.5 contain an integer underflow vulnerability in the EAP-TTLS AVP parser that allows unauthenticated remote attackers to cause a denial of service by sending crafted AVP data with invalid length fields during IKEv2 authentication. Attackers can exploit the failure to validate AVP length fields before subtraction to trigger excessive memory allocation or NULL p

1 repos

https://github.com/BishopFox/CVE-2026-25075-check

hackerworkspace@infosec.exchange at 2026-03-26T21:48:45.000Z ##

strongSwan CVE-2026-25075: Integer Underflow in VPN Authentication

bishopfox.com/blog/strongswan-

Short summary: hackerworkspace.com/article/st

#cybersecurity #vulnerability #exploit

##

CVE-2026-33757
(9.6 CRITICAL)

EPSS: 0.06%

updated 2026-03-27T21:31:24

2 posts

### Impact OpenBao does not prompt for user confirmation when logging in via JWT/OIDC and a role with `callback_mode` set to `direct`. This allows an attacker to start an authentication request and perform "remote phishing" by having the victim visit the URL and automatically log-in to the session of the attacker. Despite being based on the authorization code flow, the `direct` mode calls back

thehackerwire@mastodon.social at 2026-03-27T22:15:08.000Z ##

🔴 CVE-2026-33757 - Critical (9.6)

OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao does not prompt for user confirmation when logging in via JWT/OIDC and a role with `callback_mode` set to `direct`. This allows an attacker to star...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T22:15:08.000Z ##

🔴 CVE-2026-33757 - Critical (9.6)

OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao does not prompt for user confirmation when logging in via JWT/OIDC and a role with `callback_mode` set to `direct`. This allows an attacker to star...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33891
(7.5 HIGH)

EPSS: 0.04%

updated 2026-03-27T21:17:25.817000

1 posts

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service (DoS) vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse() function (inherited from the bundled jsbn library). When modInverse() is called with a zero value as input, the internal Extended Euclidean Algor

thehackerwire@mastodon.social at 2026-03-27T21:39:19.000Z ##

🟠 CVE-2026-33891 - High (7.5)

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service (DoS) vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modIn...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33875
(9.3 CRITICAL)

EPSS: 0.05%

updated 2026-03-27T21:17:24.377000

4 posts

Gematik Authenticator securely authenticates users for login to digital health applications. Versions prior to 4.16.0 are vulnerable to authentication flow hijacking, potentially allowing attackers to authenticate with the identities of victim users who click on a malicious deep link. Update Gematik Authenticator to version 4.16.0 or greater to receive a patch. There are no known workarounds.

offseq at 2026-03-28T00:00:39.667Z ##

🚨 CVE-2026-33875 (CRITICAL, CVSS 9.3): gematik app-Authenticator <4.16.0 is vulnerable to authentication hijack via malicious deep links. No workarounds — update to 4.16.0+ urgently! radar.offseq.com/threat/cve-20

##
offseq@infosec.exchange at 2026-03-28T00:00:39.000Z ##

🚨 CVE-2026-33875 (CRITICAL, CVSS 9.3): gematik app-Authenticator <4.16.0 is vulnerable to authentication hijack via malicious deep links. No workarounds — update to 4.16.0+ urgently! radar.offseq.com/threat/cve-20 #OffSeq #CVE202633875 #HealthIT #VulnAlert

##
thehackerwire@mastodon.social at 2026-03-27T21:43:58.000Z ##

🔴 CVE-2026-33875 - Critical (9.3)

Gematik Authenticator securely authenticates users for login to digital health applications. Versions prior to 4.16.0 are vulnerable to authentication flow hijacking, potentially allowing attackers to authenticate with the identities of victim use...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T21:39:33.000Z ##

🔴 CVE-2026-33875 - Critical (9.3)

Gematik Authenticator securely authenticates users for login to digital health applications. Versions prior to 4.16.0 are vulnerable to authentication flow hijacking, potentially allowing attackers to authenticate with the identities of victim use...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33874
(7.8 HIGH)

EPSS: 0.07%

updated 2026-03-27T21:17:24.213000

1 posts

Gematik Authenticator securely authenticates users for login to digital health applications. Starting in version 4.12.0 and prior to version 4.16.0, the Mac OS version of the Authenticator is vulnerable to remote code execution, triggered when victims open a malicious file. Update the gematik Authenticator to version 4.16.0 or greater to receive a patch. There are no known workarounds.

thehackerwire@mastodon.social at 2026-03-27T21:39:28.000Z ##

🟠 CVE-2026-33874 - High (7.8)

Gematik Authenticator securely authenticates users for login to digital health applications. Starting in version 4.12.0 and prior to version 4.16.0, the Mac OS version of the Authenticator is vulnerable to remote code execution, triggered when vic...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33873
(0 None)

EPSS: 0.08%

updated 2026-03-27T21:17:23.953000

2 posts

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.9.0, the Agentic Assistant feature in Langflow executes LLM-generated Python code during its validation phase. Although this phase appears intended to validate generated component code, the implementation reaches dynamic execution sinks and instantiates the generated class server-side. In deployments

offseq at 2026-03-28T01:30:27.951Z ##

⚠️ CRITICAL vuln in langflow-ai langflow < 1.9.0 (CVE-2026-33873): Agentic Assistant allows remote code injection via LLM-generated Python. Patch to 1.9.0+ or restrict feature access immediately. Details: radar.offseq.com/threat/cve-20

##
offseq@infosec.exchange at 2026-03-28T01:30:27.000Z ##

⚠️ CRITICAL vuln in langflow-ai langflow < 1.9.0 (CVE-2026-33873): Agentic Assistant allows remote code injection via LLM-generated Python. Patch to 1.9.0+ or restrict feature access immediately. Details: radar.offseq.com/threat/cve-20 #OffSeq #CVE202633873 #AIsecurity

##

CVE-2026-30637
(7.5 HIGH)

EPSS: 0.08%

updated 2026-03-27T21:17:22.420000

2 posts

Server-Side Request Forgery (SSRF) vulnerability exists in the AnnounContent of the /admin/read.php in OTCMS V7.66 and before. The vulnerability allows remote attackers to craft HTTP requests, without authentication, containing a URL pointing to internal services or any remote server

thehackerwire@mastodon.social at 2026-03-27T23:00:41.000Z ##

🟠 CVE-2026-30637 - High (7.5)

Server-Side Request Forgery (SSRF) vulnerability exists in the AnnounContent of the /admin/read.php in OTCMS V7.66 and before. The vulnerability allows remote attackers to craft HTTP requests, without authentication, containing a URL pointing to i...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T23:00:41.000Z ##

🟠 CVE-2026-30637 - High (7.5)

Server-Side Request Forgery (SSRF) vulnerability exists in the AnnounContent of the /admin/read.php in OTCMS V7.66 and before. The vulnerability allows remote attackers to craft HTTP requests, without authentication, containing a URL pointing to i...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-29871
(7.5 HIGH)

EPSS: 0.04%

updated 2026-03-27T21:17:21.343000

2 posts

A path traversal vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80a9877fab52acacf7ab8251 (2026-01-19) in the Beifong AI News and Podcast Agent backend in FastAPI backend, stream-audio endpoint, in file routers/podcast_router.py, in function stream_audio. The stream-audio endpoint accepts a user-controlled path parameter that is concatenated into a filesystem path wi

thehackerwire@mastodon.social at 2026-03-27T23:05:15.000Z ##

🟠 CVE-2026-29871 - High (7.5)

A path traversal vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80a9877fab52acacf7ab8251 (2026-01-19) in the Beifong AI News and Podcast Agent backend in FastAPI backend, stream-audio endpoint, in file routers/podca...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T23:05:15.000Z ##

🟠 CVE-2026-29871 - High (7.5)

A path traversal vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80a9877fab52acacf7ab8251 (2026-01-19) in the Beifong AI News and Podcast Agent backend in FastAPI backend, stream-audio endpoint, in file routers/podca...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33494
(10.0 CRITICAL)

EPSS: 0.04%

updated 2026-03-27T20:59:22

1 posts

## Description Ory Oathkeeper is vulnerable to an authorization bypass via HTTP path traversal. An attacker can craft a URL containing path traversal sequences (e.g. `/public/../admin/secrets`) that resolves to a protected path after normalization, but is matched against a permissive rule because the raw, un-normalized path is used during rule evaluation. ## Preconditions Ory Oathkeeper rules a

thehackerwire@mastodon.social at 2026-03-26T21:20:37.000Z ##

🔴 CVE-2026-33494 - Critical (10)

ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Versions prior to 26.2.0 are vulnerable to an authorization bypass via HTTP path traversal. An attacker...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33496
(8.1 HIGH)

EPSS: 0.14%

updated 2026-03-27T20:59:11

1 posts

## Description Ory Oathkeeper is vulnerable to authentication bypass due to cache key confusion. The `oauth2_introspection` authenticator cache does not distinguish tokens that were validated with different introspection URLs. An attacker can therefore legitimately use a token to prime the cache, and subsequently use the same token for rules that use a different introspection server. ## Precondi

thehackerwire@mastodon.social at 2026-03-26T22:00:16.000Z ##

🟠 CVE-2026-33496 - High (8.1)

ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Versions prior to 26.2.0 are vulnerable to authentication bypass due to cache key confusion. The `oaut...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33413(CVSS UNKNOWN)

EPSS: 0.05%

updated 2026-03-27T20:48:47

1 posts

### Impact _What kind of vulnerability is it? Who is impacted?_ Multiple vulnerabilities allow unauthorized users to bypass authentication or authorization checks and call certain etcd functions in clusters that expose the gRPC API to untrusted or partially trusted clients. In unpatched etcd clusters with etcd auth enabled, unauthorized users are able to: - call MemberList and learn cluster t

thehackerwire@mastodon.social at 2026-03-26T22:22:36.000Z ##

🟠 CVE-2026-33413 - High (8.8)

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, unauthorized users may bypass authentication or authorization checks and call certain etcd functions in clusters that expose t...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-53521
(9.8 CRITICAL)

EPSS: 19.16%

updated 2026-03-27T20:43:45.780000

9 posts

When a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code Execution (RCE).   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

thecybermind at 2026-03-29T14:03:40.319Z ##

Confused by the recent F5 BIG-IP vulnerability alerts? 🚨 We broke down exactly what this legacy appliance is, why its centralized architecture is a massive single point of failure, and how to replace it with sovereign, zero-trust hardware. Read the plain breakdown.

thecybermind.co/2026/03/29/thr

##
beyondmachines1 at 2026-03-28T12:01:46.852Z ##

F5 Warns of Critical BIG-IP APM Zero-Day Exploited by Nation-State Actors

F5 re-categorized a BIG-IP APM vulnerability (CVE-2025-53521) from a DoS to a critical 9.8 RCE after discovering active exploitation by a nation-state actor using memory-only webshells and lateral movement tools. The flaw allows unauthenticated attackers to execute code and gain full control over network access infrastructure.

**If you have F5 BIG-IP APM devices, if possible make sure they are isolated from the internet and accessible from trusted networks only. Then immediately update to the fixed firmware versions (17.5.1.3, 17.1.3, 16.1.6.1, or 15.1.10.8). If you suspect a device has already been compromised, rebuild it from scratch - don't restore from backups, as they may contain persistent malware. Also, audit for disabled SELinux and unauthorized webshells.**

beyondmachines.net/event_detai

##
undercodenews@mastodon.social at 2026-03-28T11:40:09.000Z ##

Critical F5 Vulnerability Sparks Alarm as Active Exploitation Forces Urgent Global Patching

Introduction: A New Cybersecurity Emergency Unfolds A newly disclosed cybersecurity threat has quickly escalated into a global concern after authorities confirmed active exploitation in the wild. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added a high-severity vulnerability—CVE-2025-53521—affecting F5 BIG-IP Access Policy Manager (APM)…

undercodenews.com/critical-f5-

##
secdb at 2026-03-28T02:00:13.684Z ##

🚨 [CISA-2026:0327] CISA Adds One Known Exploited Vulnerability to Catalog (secdb.nttzen.cloud/security-ad)

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2025-53521 (secdb.nttzen.cloud/cve/detail/)
- Name: F5 BIG-IP Unspecified Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: F5
- Product: BIG-IP
- Notes: Please adhere to F5’s guidelines to assess exposure and mitigate risks. Check for signs of potential compromise on all internet accessible F5 products affected by this vulnerability. For more information please see: my.f5.com/manage/s/article/K00 ; my.f5.com/manage/s/article/K00 ; my.f5.com/manage/s/article/K11 ; nvd.nist.gov/vuln/detail/CVE-2

##
thecybermind@infosec.exchange at 2026-03-29T14:03:40.000Z ##

Confused by the recent F5 BIG-IP vulnerability alerts? 🚨 We broke down exactly what this legacy appliance is, why its centralized architecture is a massive single point of failure, and how to replace it with sovereign, zero-trust hardware. Read the plain breakdown.
#Ransier_Sentinel

thecybermind.co/2026/03/29/thr

##
beyondmachines1@infosec.exchange at 2026-03-28T12:01:46.000Z ##

F5 Warns of Critical BIG-IP APM Zero-Day Exploited by Nation-State Actors

F5 re-categorized a BIG-IP APM vulnerability (CVE-2025-53521) from a DoS to a critical 9.8 RCE after discovering active exploitation by a nation-state actor using memory-only webshells and lateral movement tools. The flaw allows unauthenticated attackers to execute code and gain full control over network access infrastructure.

**If you have F5 BIG-IP APM devices, if possible make sure they are isolated from the internet and accessible from trusted networks only. Then immediately update to the fixed firmware versions (17.5.1.3, 17.1.3, 16.1.6.1, or 15.1.10.8). If you suspect a device has already been compromised, rebuild it from scratch - don't restore from backups, as they may contain persistent malware. Also, audit for disabled SELinux and unauthorized webshells.**
#cybersecurity #infosec #attack #activeexploit
beyondmachines.net/event_detai

##
secdb@infosec.exchange at 2026-03-28T02:00:13.000Z ##

🚨 [CISA-2026:0327] CISA Adds One Known Exploited Vulnerability to Catalog (secdb.nttzen.cloud/security-ad)

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2025-53521 (secdb.nttzen.cloud/cve/detail/)
- Name: F5 BIG-IP Unspecified Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: F5
- Product: BIG-IP
- Notes: Please adhere to F5’s guidelines to assess exposure and mitigate risks. Check for signs of potential compromise on all internet accessible F5 products affected by this vulnerability. For more information please see: my.f5.com/manage/s/article/K00 ; my.f5.com/manage/s/article/K00 ; my.f5.com/manage/s/article/K11 ; nvd.nist.gov/vuln/detail/CVE-2

#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260327 #cisa20260327 #cve_2025_53521 #cve202553521

##
GossiTheDog@cyberplace.social at 2026-03-27T21:36:49.000Z ##

For F5 BIG-IP APM customers, CVE-2025-53521 is being exploited in the wild by a nation state threat actor

It allows unauth RCE and applies to the data plane (not the management interface) - the one available over the internet.

my.f5.com/manage/s/article/K00

Attackers have been deploying webshells, so boxes are still vuln post patching if already exploited prior.

##
cisakevtracker@mastodon.social at 2026-03-27T21:00:46.000Z ##

CVE ID: CVE-2025-53521
Vendor: F5
Product: BIG-IP
Date Added: 2026-03-27
Notes: Please adhere to F5’s guidelines to assess exposure and mitigate risks. Check for signs of potential compromise on all internet accessible F5 products affected by this vulnerability. For more information please see: my.f5.com/manage/s/article/K00 ; my.f5.com/manage/s/article/K00 ; my.f5.com/manage/s/article/K11 ; nvd.nist.gov/vuln/detail/CVE-2
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2026-33870
(7.5 HIGH)

EPSS: 0.03%

updated 2026-03-27T20:16:34.663000

2 posts

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. Versions 4.1.132.Final and 4.2.10.Final fix the issue.

thehackerwire@mastodon.social at 2026-03-27T21:02:29.000Z ##

🟠 CVE-2026-33870 - High (7.5)

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling a...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T21:00:46.000Z ##

🟠 CVE-2026-33870 - High (7.5)

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling a...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-31945
(7.7 HIGH)

EPSS: 0.03%

updated 2026-03-27T20:16:30.060000

1 posts

LibreChat is a ChatGPT clone with additional features. Versions 0.8.2-rc2 through 0.8.2 are vulnerable to a server-side request forgery (SSRF) attack when using agent actions or MCP. Although a previous SSRF vulnerability (https://github.com/danny-avila/LibreChat/security/advisories/GHSA-rgjq-4q58-m3q8) was reported and patched, the fix only introduced hostname validation. It does not verify wheth

thehackerwire@mastodon.social at 2026-03-27T21:00:54.000Z ##

🟠 CVE-2026-31945 - High (7.7)

LibreChat is a ChatGPT clone with additional features. Versions 0.8.2-rc2 through 0.8.2 are vulnerable to a server-side request forgery (SSRF) attack when using agent actions or MCP. Although a previous SSRF vulnerability (github.com/danny...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33696
(8.8 HIGH)

EPSS: 0.24%

updated 2026-03-27T19:40:55.160000

1 posts

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with permission to create or modify workflows could exploit a prototype pollution vulnerability in the XML and the GSuiteAdmin nodes. By supplying a crafted parameters as part of node configuration, an attacker could write attacker-controlled values onto `Object.prototype`. An

beyondmachines1@infosec.exchange at 2026-03-27T11:01:47.000Z ##

n8n Patches Critical Remote Code Execution and Credential Theft Vulnerabilities

n8n patched multiple vulnerabilities, including two critical RCE flaws (CVE-2026-33660 and CVE-2026-33696) and a credential theft issue that allow authenticated users to take over host systems or steal plaintext secrets.

**If you use n8n, update immediately to version 1.123.27, 2.13.3, or 2.14.1. These patches fix critical flaws that let anyone with workflow permissions take over your server and steal all stored credentials. If you can't update right away, restrict workflow creation permissions to only fully trusted users and disable the Merge and XML nodes via the NODES_EXCLUDE environment variable until you can patch.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

CVE-2026-34375
(8.2 HIGH)

EPSS: 0.03%

updated 2026-03-27T19:16:43.107000

2 posts

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the YPTWallet Stripe payment confirmation page directly echoes the `$_REQUEST['plugin']` parameter into a JavaScript block without any encoding or sanitization. The `plugin` parameter is not included in any of the framework's input filter lists defined in `security.php`, so it passes through completely raw. An atta

thehackerwire@mastodon.social at 2026-03-27T22:00:19.000Z ##

🟠 CVE-2026-34375 - High (8.2)

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the YPTWallet Stripe payment confirmation page directly echoes the `$_REQUEST['plugin']` parameter into a JavaScript block without any encoding or sanitization. Th...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T21:01:05.000Z ##

🟠 CVE-2026-34375 - High (8.2)

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the YPTWallet Stripe payment confirmation page directly echoes the `$_REQUEST['plugin']` parameter into a JavaScript block without any encoding or sanitization. Th...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33942(CVSS UNKNOWN)

EPSS: 0.33%

updated 2026-03-27T18:33:44

1 posts

### Impact Users of the OAuth2 utilities in Saloon, specifically the `AccessTokenAuthenticator` class. ### Patches Upgrade to Saloon v4+ Upgrade guide: https://docs.saloon.dev/upgrade/upgrading-from-v3-to-v4 ### Description The Saloon PHP library used PHP's unserialize() in AccessTokenAuthenticator::unserialize() to restore OAuth token state from cache or storage, with allowed_classes => true.

thehackerwire@mastodon.social at 2026-03-27T00:00:04.000Z ##

🔴 CVE-2026-33942 - Critical (9.8)

Saloon is a PHP library that gives users tools to build API integrations and SDKs. Versions prior to 4.0.0 used PHP's unserialize() in AccessTokenAuthenticator::unserialize() to restore OAuth token state from cache or storage, with allowed_classes...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-1961
(8.0 HIGH)

EPSS: 0.12%

updated 2026-03-27T18:32:29

1 posts

A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman's WebSocket proxy implementation. This vulnerability arises from the system's use of unsanitized hostname values from compute resource providers when constructing shell commands. By operating a malicious compute resource server, an attacker could achieve remote code execution on the Foreman se

thehackerwire@mastodon.social at 2026-03-26T23:16:01.000Z ##

🟠 CVE-2026-1961 - High (8)

A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman's WebSocket proxy implementation. This vulnerability arises from the system's use of unsanitized hostname values from compute resource provid...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-28367
(8.7 HIGH)

EPSS: 0.04%

updated 2026-03-27T18:31:34

2 posts

A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending `\r\r\r` as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and Google Cloud Classic Application Load Balancer, potentially leading to unauthorized access or manipulation of web requests.

thehackerwire@mastodon.social at 2026-03-27T22:01:11.000Z ##

🟠 CVE-2026-28367 - High (8.7)

A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending `\r\r\r` as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T22:01:11.000Z ##

🟠 CVE-2026-28367 - High (8.7)

A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending `\r\r\r` as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-28369
(8.7 HIGH)

EPSS: 0.13%

updated 2026-03-27T18:31:34

1 posts

A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spaces, it incorrectly processes the request by stripping these leading spaces. This behavior, which violates HTTP standards, can be exploited by a remote attacker to perform request smuggling. Request smuggling allows an attacker to bypass security mechanisms, access restricted

thehackerwire@mastodon.social at 2026-03-27T22:01:02.000Z ##

🟠 CVE-2026-28369 - High (8.7)

A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spaces, it incorrectly processes the request by stripping these leading spaces. This behavior, which violates HTTP standards, ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4960
(8.8 HIGH)

EPSS: 0.05%

updated 2026-03-27T18:31:34

1 posts

A vulnerability was determined in Tenda AC6 15.03.05.16. Affected is the function fromWizardHandle of the file /goform/WizardHandle of the component POST Request Handler. Executing a manipulation of the argument WANT/WANS can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. If you want to get the best quality for

thehackerwire@mastodon.social at 2026-03-27T22:00:39.000Z ##

🟠 CVE-2026-4960 - High (8.8)

A vulnerability was determined in Tenda AC6 15.03.05.16. Affected is the function fromWizardHandle of the file /goform/WizardHandle of the component POST Request Handler. Executing a manipulation of the argument WANT/WANS can lead to stack-based b...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-15381
(8.1 HIGH)

EPSS: 0.01%

updated 2026-03-27T18:31:27

2 posts

In the latest version of mlflow/mlflow, when the `basic-auth` app is enabled, tracing and assessment endpoints are not protected by permission validators. This allows any authenticated user, including those with `NO_PERMISSIONS` on the experiment, to read trace information and create assessments for traces they should not have access to. This vulnerability impacts confidentiality by exposing trace

thehackerwire@mastodon.social at 2026-03-27T22:01:36.000Z ##

🟠 CVE-2025-15381 - High (8.1)

In the latest version of mlflow/mlflow, when the `basic-auth` app is enabled, tracing and assessment endpoints are not protected by permission validators. This allows any authenticated user, including those with `NO_PERMISSIONS` on the experiment,...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T22:01:36.000Z ##

🟠 CVE-2025-15381 - High (8.1)

In the latest version of mlflow/mlflow, when the `basic-auth` app is enabled, tracing and assessment endpoints are not protected by permission validators. This allows any authenticated user, including those with `NO_PERMISSIONS` on the experiment,...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33941
(8.3 HIGH)

EPSS: 0.02%

updated 2026-03-27T18:22:12

2 posts

## Summary The Handlebars CLI precompiler (`bin/handlebars` / `lib/precompiler.js`) concatenates user-controlled strings — template file names and several CLI options — directly into the JavaScript it emits, without any escaping or sanitization. An attacker who can influence template filenames or CLI arguments can inject arbitrary JavaScript that executes when the generated bundle is loaded in No

thehackerwire@mastodon.social at 2026-03-27T22:19:01.000Z ##

🟠 CVE-2026-33941 - High (8.2)

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the Handlebars CLI precompiler (`bin/handlebars` / `lib/precompiler.js`) concatenates user-controlled strings — template file names a...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T22:19:01.000Z ##

🟠 CVE-2026-33941 - High (8.2)

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the Handlebars CLI precompiler (`bin/handlebars` / `lib/precompiler.js`) concatenates user-controlled strings — template file names a...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33940
(8.1 HIGH)

EPSS: 0.04%

updated 2026-03-27T18:21:45

2 posts

## Summary A crafted object placed in the template context can bypass all conditional guards in `resolvePartial()` and cause `invokePartial()` to return `undefined`. The Handlebars runtime then treats the unresolved partial as a source that needs to be compiled, passing the crafted object to `env.compile()`. Because the object is a valid Handlebars AST containing injected code, the generated Java

thehackerwire@mastodon.social at 2026-03-27T22:18:52.000Z ##

🟠 CVE-2026-33940 - High (8.1)

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, a crafted object placed in the template context can bypass all conditional guards in `resolvePartial()` and cause `invokePartial()` to ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T22:18:52.000Z ##

🟠 CVE-2026-33940 - High (8.1)

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, a crafted object placed in the template context can bypass all conditional guards in `resolvePartial()` and cause `invokePartial()` to ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33939
(7.5 HIGH)

EPSS: 0.04%

updated 2026-03-27T18:21:16

2 posts

## Summary When a Handlebars template contains decorator syntax referencing an unregistered decorator (e.g. `{{*n}}`), the compiled template calls `lookupProperty(decorators, "n")`, which returns `undefined`. The runtime then immediately invokes the result as a function, causing an unhandled `TypeError: ... is not a function` that crashes the Node.js process. Any application that compiles user-su

thehackerwire@mastodon.social at 2026-03-27T22:33:53.000Z ##

🟠 CVE-2026-33939 - High (7.5)

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, when a Handlebars template contains decorator syntax referencing an unregistered decorator (e.g. `{{*n}}`), the compiled template calls...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T22:33:53.000Z ##

🟠 CVE-2026-33939 - High (7.5)

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, when a Handlebars template contains decorator syntax referencing an unregistered decorator (e.g. `{{*n}}`), the compiled template calls...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33979
(8.2 HIGH)

EPSS: 0.01%

updated 2026-03-27T17:56:47

4 posts

## Description A vulnerability has been identified in express-xss-sanitizer (<= 2.0.1) where restrictive sanitization configurations are silently ignored. When a developer explicitly sets: allowedTags: [] allowedAttributes: {} the library incorrectly treats these values as "not provided" due to length/emptiness checks, and falls back to sanitize-html's default configuration. As a result, i

thehackerwire@mastodon.social at 2026-03-27T22:24:27.000Z ##

🟠 CVE-2026-33979 - High (8.2)

Express XSS Sanitizer is Express 4.x and 5.x middleware which sanitizes user input data (in req.body, req.query, req.headers and req.params) to prevent Cross Site Scripting (XSS) attack. A vulnerability has been identified in versions prior to 2.0...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T22:18:40.000Z ##

🟠 CVE-2026-33979 - High (8.2)

Express XSS Sanitizer is Express 4.x and 5.x middleware which sanitizes user input data (in req.body, req.query, req.headers and req.params) to prevent Cross Site Scripting (XSS) attack. A vulnerability has been identified in versions prior to 2.0...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T22:24:27.000Z ##

🟠 CVE-2026-33979 - High (8.2)

Express XSS Sanitizer is Express 4.x and 5.x middleware which sanitizes user input data (in req.body, req.query, req.headers and req.params) to prevent Cross Site Scripting (XSS) attack. A vulnerability has been identified in versions prior to 2.0...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T22:18:40.000Z ##

🟠 CVE-2026-33979 - High (8.2)

Express XSS Sanitizer is Express 4.x and 5.x middleware which sanitizes user input data (in req.body, req.query, req.headers and req.params) to prevent Cross Site Scripting (XSS) attack. A vulnerability has been identified in versions prior to 2.0...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33897
(10.0 CRITICAL)

EPSS: 0.05%

updated 2026-03-27T17:17:04

2 posts

### Summary Instance template files can be used to cause arbitrary read or writes as root on the host server. ### Details Incus allows for pongo2 templates within instances which can be used at various times in the instance lifecycle to template files inside of the instance. This particular implementation of pongo2 within Incus allowed for file read/write but with the expectation that the pongo2

offseq@infosec.exchange at 2026-03-27T04:30:29.000Z ##

🚨 CVE-2026-33897 (CRITICAL, CVSS 10): Incus <6.23.0 flaw in pongo2 template isolation lets attackers with local access escape containers & gain root on host. Upgrade ASAP! radar.offseq.com/threat/cve-20 #OffSeq #LinuxSecurity #CVE202633897 #Containers

##
thehackerwire@mastodon.social at 2026-03-26T23:17:57.000Z ##

🔴 CVE-2026-33897 - Critical (9.9)

Incus is a system container and virtual machine manager. Prior to version 6.23.0, instance template files can be used to cause arbitrary read or writes as root on the host server. Incus allows for pongo2 templates within instances which can be use...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32857
(8.6 HIGH)

EPSS: 0.03%

updated 2026-03-27T17:16:29.177000

2 posts

Firecrawl version 2.8.0 and prior contain a server-side request forgery (SSRF) protection bypass vulnerability in the Playwright scraping service where network policy validation is applied only to the initial user-supplied URL and not to subsequent redirect destinations. Attackers can supply an externally valid URL that passes validation and returns an HTTP redirect to an internal or restricted re

thehackerwire@mastodon.social at 2026-03-29T03:00:49.000Z ##

🟠 CVE-2026-32857 - High (8.6)

Firecrawl version 2.8.0 and prior contain a server-side request forgery (SSRF) protection bypass vulnerability in the Playwright scraping service where network policy validation is applied only to the initial user-supplied URL and not to subsequen...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-29T03:00:49.000Z ##

🟠 CVE-2026-32857 - High (8.6)

Firecrawl version 2.8.0 and prior contain a server-side request forgery (SSRF) protection bypass vulnerability in the Playwright scraping service where network policy validation is applied only to the initial user-supplied URL and not to subsequen...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-28368
(8.7 HIGH)

EPSS: 0.10%

updated 2026-03-27T17:16:27.993000

2 posts

A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where header names are parsed differently by Undertow compared to upstream proxies. This discrepancy in header interpretation can be exploited to launch request smuggling attacks, potentially bypassing security controls and accessing unauthorized resources.

thehackerwire@mastodon.social at 2026-03-27T22:01:20.000Z ##

🟠 CVE-2026-28368 - High (8.7)

A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where header names are parsed differently by Undertow compared to upstream proxies. This discrepancy in header interpretation can be ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T22:01:20.000Z ##

🟠 CVE-2026-28368 - High (8.7)

A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where header names are parsed differently by Undertow compared to upstream proxies. This discrepancy in header interpretation can be ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-27876
(9.1 CRITICAL)

EPSS: 0.08%

updated 2026-03-27T17:16:27.600000

4 posts

A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact (RCE). This is enabled by a feature in Grafana (OSS), so all users are always recommended to update to avoid future attack vectors going this path. Only instances with the sqlExpressions feature toggle enabled are vulnerable.

luca@social.luca.run at 2026-03-28T11:06:17.000Z ##

- Syncthing got a 2.0 release and switched from LevelDB to SQLite github.com/syncthing/syncthing
- macOS did that weird (a) Upgrade support.apple.com/de-de/126604 and is now at 2.6.4 with 8 (eight!) new emojis support.apple.com/en-us/122868
- Grafana security fix 12.4.1 -> 12.4.2 grafana.com/blog/grafana-secur
- TandoorRecipes got shared shopping lists and pantry inventory with 2.6.0 and an security update to 2.6.1 github.com/TandoorRecipes/reci
- Grist, qbittorrent and smokeping got updates for their containers. I haven't figured out what changed. hub.docker.com/r/gristlabs/gri github.com/linuxserver/docker- github.com/linuxserver/docker-
- Redis 8.6.2 with some bugfixes github.com/redis/redis/releases
- Home Assistant 2026.3.3 -> 2026.3.4. Nothing interesting. github.com/home-assistant/core
- oh-my-zsh with tiny changes github.com/ohmyzsh/ohmyzsh/com
- Next section is done by homebrew. I don't even know what half of the stuff is used for. Don't judge for having fish and zsh.
ffmpeg 8.0.1_4 -> 8.1
pandoc 3.9 -> 3.9.0.2
nghttp2 1.68.0_1 -> 1.68.1
simdjson 4.4.0 -> 4.4.2
freetype 2.14.2 -> 2.14.3
cryptography 46.0.5 -> 46.0.6
ipython 9.11.0 -> 9.12.0
libavif 1.4.0 -> 1.4.1
harfbuzz 13.1.1 -> 13.2.1
glib 2.86.4 -> 2.88.0
aom 3.13.1 -> 3.13.2
svt-av1 4.0.1 -> 4.1.0
libnghttp2 1.68.0 -> 1.68.1
openexr 3.4.6 -> 3.4.8
ca-certificates 2025-12-02 -> 2026-03-19
esphome 2026.2.4 -> 2026.3.1
jupyterlab 4.5.6 -> 4.5.6_1
ada-url 3.4.3 -> 3.4.4
node 25.8.1_1 -> 25.8.2
fish 4.5.0 -> 4.6.0
icu4c@78 78.2 -> 78.3
jpeg-turbo 3.1.3 -> 3.1.4
- tailscale 1.96.2 now with easy file transfers "taildrop" tailscale.com/changelog
- Xcode 26.4 developer.apple.com/documentat

I haven't touched my desktop yet and probably won't.

Edit 1
I missed the Nextcloud update because I use that weird Nextcloud All-In-One container. nextcloud.com/changelog/

Edit 2
How did I miss the Mastodon upgrade from 4.5.7 to 4.5.8. I may be gone for a moment. github.com/mastodon/mastodon/r

Edit 3
Why do I run a server in the garage?
evcc 0.209.6 -> 0.303.2 github.com/evcc-io/evcc/releas

##
thehackerwire@mastodon.social at 2026-03-27T23:15:48.000Z ##

🔴 CVE-2026-27876 - Critical (9.1)

A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact (RCE). This is enabled by a feature in Grafana (OSS), so all users are always recommended to update to avoid future attack ve...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
luca@social.luca.run at 2026-03-28T11:06:17.000Z ##

- Syncthing got a 2.0 release and switched from LevelDB to SQLite github.com/syncthing/syncthing
- macOS did that weird (a) Upgrade support.apple.com/de-de/126604 and is now at 2.6.4 with 8 (eight!) new emojis support.apple.com/en-us/122868
- Grafana security fix 12.4.1 -> 12.4.2 grafana.com/blog/grafana-secur
- TandoorRecipes got shared shopping lists and pantry inventory with 2.6.0 and an security update to 2.6.1 github.com/TandoorRecipes/reci
- Grist, qbittorrent and smokeping got updates for their containers. I haven't figured out what changed. hub.docker.com/r/gristlabs/gri github.com/linuxserver/docker- github.com/linuxserver/docker-
- Redis 8.6.2 with some bugfixes github.com/redis/redis/releases
- Home Assistant 2026.3.3 -> 2026.3.4. Nothing interesting. github.com/home-assistant/core
- oh-my-zsh with tiny changes github.com/ohmyzsh/ohmyzsh/com
- Next section is done by homebrew. I don't even know what half of the stuff is used for. Don't judge for having fish and zsh.
ffmpeg 8.0.1_4 -> 8.1
pandoc 3.9 -> 3.9.0.2
nghttp2 1.68.0_1 -> 1.68.1
simdjson 4.4.0 -> 4.4.2
freetype 2.14.2 -> 2.14.3
cryptography 46.0.5 -> 46.0.6
ipython 9.11.0 -> 9.12.0
libavif 1.4.0 -> 1.4.1
harfbuzz 13.1.1 -> 13.2.1
glib 2.86.4 -> 2.88.0
aom 3.13.1 -> 3.13.2
svt-av1 4.0.1 -> 4.1.0
libnghttp2 1.68.0 -> 1.68.1
openexr 3.4.6 -> 3.4.8
ca-certificates 2025-12-02 -> 2026-03-19
esphome 2026.2.4 -> 2026.3.1
jupyterlab 4.5.6 -> 4.5.6_1
ada-url 3.4.3 -> 3.4.4
node 25.8.1_1 -> 25.8.2
fish 4.5.0 -> 4.6.0
icu4c@78 78.2 -> 78.3
jpeg-turbo 3.1.3 -> 3.1.4
- tailscale 1.96.2 now with easy file transfers "taildrop" tailscale.com/changelog
- Xcode 26.4 developer.apple.com/documentat

I haven't touched my desktop yet and probably won't.

Edit 1
I missed the Nextcloud update because I use that weird Nextcloud All-In-One container. nextcloud.com/changelog/

Edit 2
How did I miss the Mastodon upgrade from 4.5.7 to 4.5.8. I may be gone for a moment. github.com/mastodon/mastodon/r

Edit 3
Why do I run a server in the garage?
evcc 0.209.6 -> 0.303.2 github.com/evcc-io/evcc/releas

##
thehackerwire@mastodon.social at 2026-03-27T23:15:48.000Z ##

🔴 CVE-2026-27876 - Critical (9.1)

A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact (RCE). This is enabled by a feature in Grafana (OSS), so all users are always recommended to update to avoid future attack ve...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-28377
(7.5 HIGH)

EPSS: 0.01%

updated 2026-03-27T15:31:28

1 posts

A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the /status/config endpoint, potentially allowing unauthorized users to obtain the key used to encrypt trace data stored in S3. Thanks to william_goodfellow for reporting this vulnerability.

thehackerwire@mastodon.social at 2026-03-26T22:20:02.000Z ##

🟠 CVE-2026-28377 - High (7.5)

A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the /status/config endpoint, potentially allowing unauthorized users to obtain the key used to encrypt trace data stored in S3.

Thanks to william_goodfellow...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5026(CVSS UNKNOWN)

EPSS: 0.07%

updated 2026-03-27T15:30:32

1 posts

The '/api/v1/files/images/{flow_id}/{file_name}' endpoint serves SVG files with the 'image/svg+xml' content type without sanitizing their content. Since SVG files can contain embedded JavaScript, an attacker can upload a malicious SVG that executes arbitrary JavaScript when viewed by other users, leading to stored cross-site scripting (XSS). This allows stealing authentication tokens stored in co

AAKL@infosec.exchange at 2026-03-27T18:19:59.000Z ##

Tenable Research Advisories have listed several vulnerabilities, three of them high-severity.

High: CVE-2026-5027: Langflow - Path Traversal Arbitrary File Write via upload_user_file tenable.com/security/research/

High: CVE-2026-5026: Langflow - Stored XSS via Malicious SVG Upload tenable.com/security/research/

High: CVE-2026-4984: Botpress - Credential Disclosure via Twilio Webhook Handler tenable.com/security/research/

More here: tenable.com/security/research @tenable #infosec #vulnerability

##

CVE-2026-27893
(8.8 HIGH)

EPSS: 0.03%

updated 2026-03-27T15:27:20

2 posts

### Summary Two model implementation files hardcode `trust_remote_code=True` when loading sub-components, bypassing the user's explicit `--trust-remote-code=False` security opt-out. This enables remote code execution via malicious model repositories even when the user has explicitly disabled remote code trust. ### Details **Affected files (latest main branch):** 1. `vllm/model_execut

thehackerwire@mastodon.social at 2026-03-29T02:00:04.000Z ##

🟠 CVE-2026-27893 - High (8.8)

vLLM is an inference and serving engine for large language models (LLMs). Starting in version 0.10.1 and prior to version 0.18.0, two model implementation files hardcode `trust_remote_code=True` when loading sub-components, bypassing the user's ex...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-29T02:00:04.000Z ##

🟠 CVE-2026-27893 - High (8.8)

vLLM is an inference and serving engine for large language models (LLMs). Starting in version 0.10.1 and prior to version 0.18.0, two model implementation files hardcode `trust_remote_code=True` when loading sub-components, bypassing the user's ex...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5027
(8.8 HIGH)

EPSS: 0.05%

updated 2026-03-27T15:17:04.743000

3 posts

The 'POST /api/v2/files' endpoint does not sanitize the 'filename' parameter from the multipart form data, allowing an attacker to write files to arbitrary locations on the filesystem using path traversal sequences ('../').

thehackerwire@mastodon.social at 2026-03-27T22:01:54.000Z ##

🟠 CVE-2026-5027 - High (8.8)

The 'POST /api/v2/files' endpoint does not sanitize the 'filename' parameter from the multipart form data, allowing an attacker to write files to arbitrary locations on the filesystem using path traversal sequences ('../').

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T22:01:54.000Z ##

🟠 CVE-2026-5027 - High (8.8)

The 'POST /api/v2/files' endpoint does not sanitize the 'filename' parameter from the multipart form data, allowing an attacker to write files to arbitrary locations on the filesystem using path traversal sequences ('../').

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
AAKL@infosec.exchange at 2026-03-27T18:19:59.000Z ##

Tenable Research Advisories have listed several vulnerabilities, three of them high-severity.

High: CVE-2026-5027: Langflow - Path Traversal Arbitrary File Write via upload_user_file tenable.com/security/research/

High: CVE-2026-5026: Langflow - Stored XSS via Malicious SVG Upload tenable.com/security/research/

High: CVE-2026-4984: Botpress - Credential Disclosure via Twilio Webhook Handler tenable.com/security/research/

More here: tenable.com/security/research @tenable #infosec #vulnerability

##

CVE-2026-4984
(8.2 HIGH)

EPSS: 0.03%

updated 2026-03-27T15:17:03.953000

3 posts

The Twilio integration webhook handler accepts any POST request without validating Twilio's 'X-Twilio-Signature'. When processing media messages, it fetches user-controlled URLs ('MediaUrlN' parameters) using HTTP requests that include the integration's Twilio credentials in the 'Authorization' header. An attacker can forge a webhook payload pointing to their own server and receive the victim's

thehackerwire@mastodon.social at 2026-03-27T22:14:50.000Z ##

🟠 CVE-2026-4984 - High (8.2)

The Twilio integration webhook handler accepts any POST request without validating Twilio's 'X-Twilio-Signature'.

When processing media messages, it fetches user-controlled URLs ('MediaUrlN' parameters) using HTTP requests that include the integr...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T22:14:50.000Z ##

🟠 CVE-2026-4984 - High (8.2)

The Twilio integration webhook handler accepts any POST request without validating Twilio's 'X-Twilio-Signature'.

When processing media messages, it fetches user-controlled URLs ('MediaUrlN' parameters) using HTTP requests that include the integr...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
AAKL@infosec.exchange at 2026-03-27T18:19:59.000Z ##

Tenable Research Advisories have listed several vulnerabilities, three of them high-severity.

High: CVE-2026-5027: Langflow - Path Traversal Arbitrary File Write via upload_user_file tenable.com/security/research/

High: CVE-2026-5026: Langflow - Stored XSS via Malicious SVG Upload tenable.com/security/research/

High: CVE-2026-4984: Botpress - Credential Disclosure via Twilio Webhook Handler tenable.com/security/research/

More here: tenable.com/security/research @tenable #infosec #vulnerability

##

CVE-2026-33755
(8.8 HIGH)

EPSS: 0.03%

updated 2026-03-27T15:16:57.527000

2 posts

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.158, 25.0.92, and 26.0.17, an authenticated SQL Injection vulnerability in the JMAP `Contact/query` endpoint allows any authenticated user with basic addressbook access to extract arbitrary data from the database — including active session tokens of other users. This enables full account takeov

thehackerwire@mastodon.social at 2026-03-27T22:14:59.000Z ##

🟠 CVE-2026-33755 - High (8.8)

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.158, 25.0.92, and 26.0.17, an authenticated SQL Injection vulnerability in the JMAP `Contact/query` endpoint allows any authenticated user wit...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T22:14:59.000Z ##

🟠 CVE-2026-33755 - High (8.8)

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.158, 25.0.92, and 26.0.17, an authenticated SQL Injection vulnerability in the JMAP `Contact/query` endpoint allows any authenticated user wit...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-27880
(7.5 HIGH)

EPSS: 0.01%

updated 2026-03-27T15:16:51.323000

4 posts

The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes.

luca@social.luca.run at 2026-03-28T11:06:17.000Z ##

- Syncthing got a 2.0 release and switched from LevelDB to SQLite github.com/syncthing/syncthing
- macOS did that weird (a) Upgrade support.apple.com/de-de/126604 and is now at 2.6.4 with 8 (eight!) new emojis support.apple.com/en-us/122868
- Grafana security fix 12.4.1 -> 12.4.2 grafana.com/blog/grafana-secur
- TandoorRecipes got shared shopping lists and pantry inventory with 2.6.0 and an security update to 2.6.1 github.com/TandoorRecipes/reci
- Grist, qbittorrent and smokeping got updates for their containers. I haven't figured out what changed. hub.docker.com/r/gristlabs/gri github.com/linuxserver/docker- github.com/linuxserver/docker-
- Redis 8.6.2 with some bugfixes github.com/redis/redis/releases
- Home Assistant 2026.3.3 -> 2026.3.4. Nothing interesting. github.com/home-assistant/core
- oh-my-zsh with tiny changes github.com/ohmyzsh/ohmyzsh/com
- Next section is done by homebrew. I don't even know what half of the stuff is used for. Don't judge for having fish and zsh.
ffmpeg 8.0.1_4 -> 8.1
pandoc 3.9 -> 3.9.0.2
nghttp2 1.68.0_1 -> 1.68.1
simdjson 4.4.0 -> 4.4.2
freetype 2.14.2 -> 2.14.3
cryptography 46.0.5 -> 46.0.6
ipython 9.11.0 -> 9.12.0
libavif 1.4.0 -> 1.4.1
harfbuzz 13.1.1 -> 13.2.1
glib 2.86.4 -> 2.88.0
aom 3.13.1 -> 3.13.2
svt-av1 4.0.1 -> 4.1.0
libnghttp2 1.68.0 -> 1.68.1
openexr 3.4.6 -> 3.4.8
ca-certificates 2025-12-02 -> 2026-03-19
esphome 2026.2.4 -> 2026.3.1
jupyterlab 4.5.6 -> 4.5.6_1
ada-url 3.4.3 -> 3.4.4
node 25.8.1_1 -> 25.8.2
fish 4.5.0 -> 4.6.0
icu4c@78 78.2 -> 78.3
jpeg-turbo 3.1.3 -> 3.1.4
- tailscale 1.96.2 now with easy file transfers "taildrop" tailscale.com/changelog
- Xcode 26.4 developer.apple.com/documentat

I haven't touched my desktop yet and probably won't.

Edit 1
I missed the Nextcloud update because I use that weird Nextcloud All-In-One container. nextcloud.com/changelog/

Edit 2
How did I miss the Mastodon upgrade from 4.5.7 to 4.5.8. I may be gone for a moment. github.com/mastodon/mastodon/r

Edit 3
Why do I run a server in the garage?
evcc 0.209.6 -> 0.303.2 github.com/evcc-io/evcc/releas

##
thehackerwire@mastodon.social at 2026-03-27T23:05:34.000Z ##

🟠 CVE-2026-27880 - High (7.5)

The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
luca@social.luca.run at 2026-03-28T11:06:17.000Z ##

- Syncthing got a 2.0 release and switched from LevelDB to SQLite github.com/syncthing/syncthing
- macOS did that weird (a) Upgrade support.apple.com/de-de/126604 and is now at 2.6.4 with 8 (eight!) new emojis support.apple.com/en-us/122868
- Grafana security fix 12.4.1 -> 12.4.2 grafana.com/blog/grafana-secur
- TandoorRecipes got shared shopping lists and pantry inventory with 2.6.0 and an security update to 2.6.1 github.com/TandoorRecipes/reci
- Grist, qbittorrent and smokeping got updates for their containers. I haven't figured out what changed. hub.docker.com/r/gristlabs/gri github.com/linuxserver/docker- github.com/linuxserver/docker-
- Redis 8.6.2 with some bugfixes github.com/redis/redis/releases
- Home Assistant 2026.3.3 -> 2026.3.4. Nothing interesting. github.com/home-assistant/core
- oh-my-zsh with tiny changes github.com/ohmyzsh/ohmyzsh/com
- Next section is done by homebrew. I don't even know what half of the stuff is used for. Don't judge for having fish and zsh.
ffmpeg 8.0.1_4 -> 8.1
pandoc 3.9 -> 3.9.0.2
nghttp2 1.68.0_1 -> 1.68.1
simdjson 4.4.0 -> 4.4.2
freetype 2.14.2 -> 2.14.3
cryptography 46.0.5 -> 46.0.6
ipython 9.11.0 -> 9.12.0
libavif 1.4.0 -> 1.4.1
harfbuzz 13.1.1 -> 13.2.1
glib 2.86.4 -> 2.88.0
aom 3.13.1 -> 3.13.2
svt-av1 4.0.1 -> 4.1.0
libnghttp2 1.68.0 -> 1.68.1
openexr 3.4.6 -> 3.4.8
ca-certificates 2025-12-02 -> 2026-03-19
esphome 2026.2.4 -> 2026.3.1
jupyterlab 4.5.6 -> 4.5.6_1
ada-url 3.4.3 -> 3.4.4
node 25.8.1_1 -> 25.8.2
fish 4.5.0 -> 4.6.0
icu4c@78 78.2 -> 78.3
jpeg-turbo 3.1.3 -> 3.1.4
- tailscale 1.96.2 now with easy file transfers "taildrop" tailscale.com/changelog
- Xcode 26.4 developer.apple.com/documentat

I haven't touched my desktop yet and probably won't.

Edit 1
I missed the Nextcloud update because I use that weird Nextcloud All-In-One container. nextcloud.com/changelog/

Edit 2
How did I miss the Mastodon upgrade from 4.5.7 to 4.5.8. I may be gone for a moment. github.com/mastodon/mastodon/r

Edit 3
Why do I run a server in the garage?
evcc 0.209.6 -> 0.303.2 github.com/evcc-io/evcc/releas

##
thehackerwire@mastodon.social at 2026-03-27T23:05:34.000Z ##

🟠 CVE-2026-27880 - High (7.5)

The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-27858
(7.5 HIGH)

EPSS: 0.05%

updated 2026-03-27T09:31:30

3 posts

Attacker can send a specifically crafted message before authentication that causes managesieve to allocate large amount of memory. Attacker can force managesieve-login to be unavailable by repeatedly crashing the process. Protect access to managesieve protocol, or install fixed version. No publicly available exploits are known.

thehackerwire@mastodon.social at 2026-03-27T23:15:58.000Z ##

🟠 CVE-2026-27858 - High (7.5)

Attacker can send a specifically crafted message before authentication that causes managesieve to allocate large amount of memory.
Attacker can force managesieve-login to be unavailable by repeatedly crashing the process. Protect access to manag...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T23:15:58.000Z ##

🟠 CVE-2026-27858 - High (7.5)

Attacker can send a specifically crafted message before authentication that causes managesieve to allocate large amount of memory.
Attacker can force managesieve-login to be unavailable by repeatedly crashing the process. Protect access to manag...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
offseq@infosec.exchange at 2026-03-27T09:00:44.000Z ##

⚠️ CVE-2026-27858 (HIGH, 7.5): OX Dovecot Pro’s managesieve is at risk of remote DoS via unauthenticated memory exhaustion. Restrict access, monitor logs, and patch ASAP. No public exploits yet, but stay alert. radar.offseq.com/threat/cve-20 #OffSeq #Dovecot #EmailSecurity

##

CVE-2026-24031
(7.7 HIGH)

EPSS: 0.05%

updated 2026-03-27T09:31:19

2 posts

Dovecot SQL based authentication can be bypassed when auth_username_chars is cleared by admin. This vulnerability allows bypassing authentication for any user and user enumeration. Do not clear auth_username_chars. If this is not possible, install latest fixed version. No publicly available exploits are known.

thehackerwire@mastodon.social at 2026-03-27T23:16:09.000Z ##

🟠 CVE-2026-24031 - High (7.7)

Dovecot SQL based authentication can be bypassed when auth_username_chars is cleared by admin. This vulnerability allows bypassing authentication for any user and user enumeration. Do not clear auth_username_chars. If this is not possible, install...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T23:16:09.000Z ##

🟠 CVE-2026-24031 - High (7.7)

Dovecot SQL based authentication can be bypassed when auth_username_chars is cleared by admin. This vulnerability allows bypassing authentication for any user and user enumeration. Do not clear auth_username_chars. If this is not possible, install...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-59032
(7.5 HIGH)

EPSS: 0.06%

updated 2026-03-27T09:31:18

2 posts

ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedly, making it unavailable for other users. Control access to ManageSieve port, or disable the service if it's not needed. Alternatively upgrade to a fixed version. No publicly available exploits are known.

thehackerwire@mastodon.social at 2026-03-28T21:00:39.000Z ##

🟠 CVE-2025-59032 - High (7.5)

ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedly, making it unavailable for other users. Control access to ManageSieve port, or disable the service if it...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-28T21:00:39.000Z ##

🟠 CVE-2025-59032 - High (7.5)

ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedly, making it unavailable for other users. Control access to ManageSieve port, or disable the service if it...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-22738
(9.8 CRITICAL)

EPSS: 0.07%

updated 2026-03-27T06:31:54

3 posts

In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A malicious actor could exploit this to execute arbitrary code. Only applications that use SimpleVectorStore and pass user-supplied input as a filter expression key are affected. This issue affects Spring AI: from 1.0.0 before 1.0.5, from 1.1.0 before 1.1.4.

thehackerwire@mastodon.social at 2026-03-28T22:00:33.000Z ##

🔴 CVE-2026-22738 - Critical (9.8)

In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A malicious actor could exploit this to execute arbitrary code. Only applications that use SimpleVectorStor...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-28T22:00:33.000Z ##

🔴 CVE-2026-22738 - Critical (9.8)

In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A malicious actor could exploit this to execute arbitrary code. Only applications that use SimpleVectorStor...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
offseq@infosec.exchange at 2026-03-27T06:00:29.000Z ##

🚨 CRITICAL: CVE-2026-22738 in Spring AI SimpleVectorStore allows unauth RCE via SpEL injection (1.0.0 – 1.0.4, 1.1.0 – 1.1.3). Patch to 1.0.5/1.1.4 when released. Validate input now! radar.offseq.com/threat/cve-20 #OffSeq #SpringAI #infosec #CVE202622738

##

CVE-2026-27650
(8.8 HIGH)

EPSS: 0.12%

updated 2026-03-27T06:31:54

2 posts

OS Command Injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary OS command may be executed on the products.

thehackerwire@mastodon.social at 2026-03-28T21:06:59.000Z ##

🟠 CVE-2026-27650 - High (8.8)

OS Command Injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary OS command may be executed on the products.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-28T21:06:59.000Z ##

🟠 CVE-2026-27650 - High (8.8)

OS Command Injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary OS command may be executed on the products.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-22744
(7.5 HIGH)

EPSS: 0.03%

updated 2026-03-27T06:31:44

2 posts

In RedisFilterExpressionConverter of spring-ai-redis-store, when a user-controlled string is passed as a filter value for a TAG field, stringValue() inserts the value directly into the @field:{VALUE} RediSearch TAG block without escaping characters.This issue affects Spring AI: from 1.0.0 before 1.0.5, from 1.1.0 before 1.1.4.

thehackerwire@mastodon.social at 2026-03-28T21:06:49.000Z ##

🟠 CVE-2026-22744 - High (7.5)

In RedisFilterExpressionConverter of spring-ai-redis-store, when a user-controlled string is passed as a filter value for a TAG field, stringValue() inserts the value directly into the @field:{VALUE} RediSearch TAG block without escaping ch...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-28T21:06:49.000Z ##

🟠 CVE-2026-22744 - High (7.5)

In RedisFilterExpressionConverter of spring-ai-redis-store, when a user-controlled string is passed as a filter value for a TAG field, stringValue() inserts the value directly into the @field:{VALUE} RediSearch TAG block without escaping ch...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32678
(7.5 HIGH)

EPSS: 0.07%

updated 2026-03-27T06:16:38.650000

2 posts

Authentication bypass issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to alter critical configuration settings without authentication.

thehackerwire@mastodon.social at 2026-03-28T22:00:23.000Z ##

🟠 CVE-2026-32678 - High (7.5)

Authentication bypass issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to alter critical configuration settings without authentication.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-28T22:00:23.000Z ##

🟠 CVE-2026-32678 - High (7.5)

Authentication bypass issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to alter critical configuration settings without authentication.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32669
(8.8 HIGH)

EPSS: 0.04%

updated 2026-03-27T06:16:38.450000

2 posts

Code injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary code may be executed on the products.

thehackerwire@mastodon.social at 2026-03-28T21:07:08.000Z ##

🟠 CVE-2026-32669 - High (8.8)

Code injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary code may be executed on the products.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-28T21:07:08.000Z ##

🟠 CVE-2026-32669 - High (8.8)

Code injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary code may be executed on the products.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-22742
(8.6 HIGH)

EPSS: 0.03%

updated 2026-03-27T06:16:37.833000

2 posts

Spring AI's spring-ai-bedrock-converse contains a Server-Side Request Forgery (SSRF) vulnerability in BedrockProxyChatModel when processing multimodal messages that include user-supplied media URLs. Insufficient validation of those URLs allows an attacker to induce the server to issue HTTP requests to unintended internal or external destinations. This issue affects Spring AI: from 1.0.0 before 1.0

thehackerwire@mastodon.social at 2026-03-28T22:00:46.000Z ##

🟠 CVE-2026-22742 - High (8.6)

Spring AI's spring-ai-bedrock-converse contains a Server-Side Request Forgery (SSRF) vulnerability in BedrockProxyChatModel when processing multimodal messages that include user-supplied media URLs. Insufficient validation of those URLs allows ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-28T22:00:46.000Z ##

🟠 CVE-2026-22742 - High (8.6)

Spring AI's spring-ai-bedrock-converse contains a Server-Side Request Forgery (SSRF) vulnerability in BedrockProxyChatModel when processing multimodal messages that include user-supplied media URLs. Insufficient validation of those URLs allows ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4906
(8.8 HIGH)

EPSS: 0.05%

updated 2026-03-27T03:31:43

2 posts

A vulnerability was determined in Tenda AC5 15.03.06.47. The affected element is the function decodePwd of the file /goform/WizardHandle of the component POST Request Handler. Executing a manipulation of the argument WANT/WANS can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.

thehackerwire@mastodon.social at 2026-03-29T00:00:12.000Z ##

🟠 CVE-2026-4906 - High (8.8)

A vulnerability was determined in Tenda AC5 15.03.06.47. The affected element is the function decodePwd of the file /goform/WizardHandle of the component POST Request Handler. Executing a manipulation of the argument WANT/WANS can lead to stack-ba...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-29T00:00:12.000Z ##

🟠 CVE-2026-4906 - High (8.8)

A vulnerability was determined in Tenda AC5 15.03.06.47. The affected element is the function decodePwd of the file /goform/WizardHandle of the component POST Request Handler. Executing a manipulation of the argument WANT/WANS can lead to stack-ba...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33747
(8.4 HIGH)

EPSS: 0.01%

updated 2026-03-27T01:16:21.330000

2 posts

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, when using a custom BuildKit frontend, the frontend can craft an API message that causes files to be written outside of the BuildKit state directory for the execution context. The issue has been fixed in v0.28.1. The vulnerability requires using an untrust

thehackerwire@mastodon.social at 2026-03-28T23:00:39.000Z ##

🟠 CVE-2026-33747 - High (8.4)

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, when using a custom BuildKit frontend, the frontend can craft an API message that causes files to be wr...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-28T23:00:39.000Z ##

🟠 CVE-2026-33747 - High (8.4)

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, when using a custom BuildKit frontend, the frontend can craft an API message that causes files to be wr...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33728
(0 None)

EPSS: 0.57%

updated 2026-03-27T01:16:20.203000

1 posts

dd-trace-java is a Datadog APM client for Java. In versions of dd-trace-java 0.40.0 through prior to 1.60.2, the RMI instrumentation registered a custom endpoint that deserialized incoming data without applying serialization filters. On JDK version 16 and earlier, an attacker with network access to a JMX or RMI port on an instrumented JVM could exploit this to potentially achieve remote code execu

offseq@infosec.exchange at 2026-03-27T01:30:30.000Z ##

⚠️ CRITICAL: CVE-2026-33728 in DataDog dd-trace-java (0.40.0 - <1.60.3) allows unauth RCE via unsafe deserialization if JMX/RMI port is exposed on JDK ≤16. Upgrade to 1.60.3+ & restrict access! radar.offseq.com/threat/cve-20 #OffSeq #Java #Infosec #CVE202633728

##

CVE-2026-33718
(7.6 HIGH)

EPSS: 0.23%

updated 2026-03-27T01:16:19.483000

2 posts

OpenHands is software for AI-driven development. Starting in version 1.5.0, a Command Injection vulnerability exists in the `get_git_diff()` method at `openhands/runtime/utils/git_handler.py:134`. The `path` parameter from the `/api/conversations/{conversation_id}/git/diff` API endpoint is passed unsanitized to a shell command, allowing authenticated attackers to execute arbitrary commands in the

thehackerwire@mastodon.social at 2026-03-29T00:00:21.000Z ##

🟠 CVE-2026-33718 - High (7.6)

OpenHands is software for AI-driven development. Starting in version 1.5.0, a Command Injection vulnerability exists in the `get_git_diff()` method at `openhands/runtime/utils/git_handler.py:134`. The `path` parameter from the `/api/conversations/...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-29T00:00:21.000Z ##

🟠 CVE-2026-33718 - High (7.6)

OpenHands is software for AI-driven development. Starting in version 1.5.0, a Command Injection vulnerability exists in the `get_git_diff()` method at `openhands/runtime/utils/git_handler.py:134`. The `path` parameter from the `/api/conversations/...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4904
(8.8 HIGH)

EPSS: 0.05%

updated 2026-03-27T00:31:32

2 posts

A vulnerability has been found in Tenda AC5 15.03.06.47. This issue affects the function formSetCfm of the file /goform/setcfm of the component POST Request Handler. Such manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

thehackerwire@mastodon.social at 2026-03-29T00:00:31.000Z ##

🟠 CVE-2026-4904 - High (8.8)

A vulnerability has been found in Tenda AC5 15.03.06.47. This issue affects the function formSetCfm of the file /goform/setcfm of the component POST Request Handler. Such manipulation of the argument funcpara1 leads to stack-based buffer overflow....

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-29T00:00:31.000Z ##

🟠 CVE-2026-4904 - High (8.8)

A vulnerability has been found in Tenda AC5 15.03.06.47. This issue affects the function formSetCfm of the file /goform/setcfm of the component POST Request Handler. Such manipulation of the argument funcpara1 leads to stack-based buffer overflow....

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-34352
(8.4 HIGH)

EPSS: 0.01%

updated 2026-03-27T00:31:32

1 posts

In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen contents, or cause an application crash, because of incorrect permissions.

thehackerwire@mastodon.social at 2026-03-26T23:18:07.000Z ##

🟠 CVE-2026-34352 - High (8.5)

In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen contents, or cause an application crash, because of incorrect permissions.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4902
(8.8 HIGH)

EPSS: 0.05%

updated 2026-03-27T00:31:32

1 posts

A vulnerability was detected in Tenda AC5 15.03.06.47. This affects the function fromAddressNat of the file /goform/addressNat of the component POST Request Handler. The manipulation of the argument page results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used.

thehackerwire@mastodon.social at 2026-03-26T23:17:01.000Z ##

🟠 CVE-2026-4902 - High (8.8)

A vulnerability was detected in Tenda AC5 15.03.06.47. This affects the function fromAddressNat of the file /goform/addressNat of the component POST Request Handler. The manipulation of the argument page results in stack-based buffer overflow. The...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4905
(8.8 HIGH)

EPSS: 0.05%

updated 2026-03-27T00:16:24.393000

2 posts

A vulnerability was found in Tenda AC5 15.03.06.47. Impacted is the function formWifiWpsOOB of the file /goform/WifiWpsOOB of the component POST Request Handler. Performing a manipulation of the argument index results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used.

thehackerwire@mastodon.social at 2026-03-29T01:01:41.000Z ##

🟠 CVE-2026-4905 - High (8.8)

A vulnerability was found in Tenda AC5 15.03.06.47. Impacted is the function formWifiWpsOOB of the file /goform/WifiWpsOOB of the component POST Request Handler. Performing a manipulation of the argument index results in stack-based buffer overflo...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-29T01:01:41.000Z ##

🟠 CVE-2026-4905 - High (8.8)

A vulnerability was found in Tenda AC5 15.03.06.47. Impacted is the function formWifiWpsOOB of the file /goform/WifiWpsOOB of the component POST Request Handler. Performing a manipulation of the argument index results in stack-based buffer overflo...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33945
(9.9 CRITICAL)

EPSS: 0.06%

updated 2026-03-27T00:16:23.633000

3 posts

Incus is a system container and virtual machine manager. Incus instances have an option to provide credentials to systemd in the guest. For containers, this is handled through a shared directory. Prior to version 6.23.0, an attacker can set a configuration key named something like `systemd.credential.../../../../../../root/.bashrc` to cause Incus to write outside of the `credentials` directory ass

thehackerwire@mastodon.social at 2026-03-29T01:59:55.000Z ##

🔴 CVE-2026-33945 - Critical (9.9)

Incus is a system container and virtual machine manager. Incus instances have an option to provide credentials to systemd in the guest. For containers, this is handled through a shared directory. Prior to version 6.23.0, an attacker can set a conf...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-29T01:59:55.000Z ##

🔴 CVE-2026-33945 - Critical (9.9)

Incus is a system container and virtual machine manager. Incus instances have an option to provide credentials to systemd in the guest. For containers, this is handled through a shared directory. Prior to version 6.23.0, an attacker can set a conf...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
offseq@infosec.exchange at 2026-03-27T00:00:42.000Z ##

🚨 CVE-2026-33945 (CRITICAL, CVSS 10): lxc incus <6.23.0 is vulnerable to path traversal, enabling attackers to write as root & escalate privileges. Upgrade to 6.23.0+ ASAP, restrict config access! radar.offseq.com/threat/cve-20 #OffSeq #CVE202633945 #ContainerSecurity

##

CVE-2026-33898
(8.8 HIGH)

EPSS: 0.06%

updated 2026-03-27T00:16:23.333000

2 posts

Incus is a system container and virtual machine manager. Prior to version 6.23.0, the web server spawned by `incus webui` incorrectly validates the authentication token such that an invalid value will be accepted. `incus webui` runs a local web server on a random localhost port. For authentication, it provides the user with a URL containing an authentication token. When accessed with that token, I

thehackerwire@mastodon.social at 2026-03-29T01:02:00.000Z ##

🟠 CVE-2026-33898 - High (8.8)

Incus is a system container and virtual machine manager. Prior to version 6.23.0, the web server spawned by `incus webui` incorrectly validates the authentication token such that an invalid value will be accepted. `incus webui` runs a local web se...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-29T01:02:00.000Z ##

🟠 CVE-2026-33898 - High (8.8)

Incus is a system container and virtual machine manager. Prior to version 6.23.0, the web server spawned by `incus webui` incorrectly validates the authentication token such that an invalid value will be accepted. `incus webui` runs a local web se...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4903
(8.8 HIGH)

EPSS: 0.05%

updated 2026-03-26T23:16:21.307000

1 posts

A flaw has been found in Tenda AC5 15.03.06.47. This vulnerability affects the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. This manipulation of the argument PPPOEPassword causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been published and may be used.

thehackerwire@mastodon.social at 2026-03-26T23:17:11.000Z ##

🟠 CVE-2026-4903 - High (8.8)

A flaw has been found in Tenda AC5 15.03.06.47. This vulnerability affects the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. This manipulation of the argument PPPOEPassword causes stack-based buffer ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33943
(8.8 HIGH)

EPSS: 0.07%

updated 2026-03-26T22:22:21

2 posts

### Summary A code injection vulnerability in `ECMAScriptModuleCompiler` allows an attacker to achieve Remote Code Execution (RCE) by injecting arbitrary JavaScript expressions inside `export { }` declarations in ES module scripts processed by happy-dom. The compiler directly interpolates unsanitized content into generated code as an executable expression, and the quote filter does not strip back

thehackerwire@mastodon.social at 2026-03-27T22:28:01.000Z ##

🟠 CVE-2026-33943 - High (8.8)

Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. In versions 15.10.0 through 20.8.7, a code injection vulnerability in `ECMAScriptModuleCompiler` allows an attacker to achieve Remote Code Execution (R...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T22:28:01.000Z ##

🟠 CVE-2026-33943 - High (8.8)

Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. In versions 15.10.0 through 20.8.7, a code injection vulnerability in `ECMAScriptModuleCompiler` allows an attacker to achieve Remote Code Execution (R...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-3650
(7.5 HIGH)

EPSS: 0.05%

updated 2026-03-26T22:16:31.370000

1 posts

A memory leak exists in the Grassroots DICOM library (GDCM). The bug occurs when parsing malformed DICOM files with non-standard VR types in file meta information. The vulnerability leads to vast memory allocations and resource depletion, triggering a denial-of-service condition. A maliciously crafted file can fill the heap in a single read operation without properly releasing it.

thehackerwire@mastodon.social at 2026-03-26T22:18:27.000Z ##

🟠 CVE-2026-3650 - High (7.5)

A memory leak exists in the Grassroots DICOM library (GDCM). The bug occurs when parsing malformed DICOM files with non-standard VR types in file meta information. The vulnerability leads to vast memory allocations and resource depletion, triggeri...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33673
(7.6 HIGH)

EPSS: 0.04%

updated 2026-03-26T22:16:30.553000

2 posts

PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 are vulnerable to stored Cross-Site Scripting (stored XSS) vulnerabilities in the BO. An attacker who can inject data into the database, via limited back-office access or a previously existing vulnerability, can exploit unprotected variables in back-office templates. Versions 8.2.5 and 9.1.0 contain a fix. N

thehackerwire@mastodon.social at 2026-03-26T22:20:57.000Z ##

🟠 CVE-2026-33673 - High (7.6)

PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 are vulnerable to stored Cross-Site Scripting (stored XSS) vulnerabilities in the BO. An attacker who can inject data into the database, via limited back-of...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-26T22:19:33.000Z ##

🟠 CVE-2026-33673 - High (7.6)

PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 are vulnerable to stored Cross-Site Scripting (stored XSS) vulnerabilities in the BO. An attacker who can inject data into the database, via limited back-of...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33670
(9.8 CRITICAL)

EPSS: 0.06%

updated 2026-03-26T22:16:30.050000

2 posts

SiYuan is a personal knowledge management system. Prior to version 3.6.2, the /api/file/readDir interface was used to traverse and retrieve the file names of all documents under a notebook. Version 3.6.2 patches the issue.

offseq@infosec.exchange at 2026-03-26T22:30:12.000Z ##

🚨 CRITICAL: CVE-2026-33670 in SiYuan (<3.6.2) lets remote attackers exploit /api/file/readDir for path traversal, exposing sensitive files. Patch to 3.6.2+ ASAP! Details: radar.offseq.com/threat/cve-20 #OffSeq #vuln #infosec #SiYuan

##
thehackerwire@mastodon.social at 2026-03-26T22:19:14.000Z ##

🔴 CVE-2026-33670 - Critical (9.8)

SiYuan is a personal knowledge management system. Prior to version 3.6.2, the /api/file/readDir interface was used to traverse and retrieve the file names of all documents under a notebook. Version 3.6.2 patches the issue.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33669
(9.8 CRITICAL)

EPSS: 0.04%

updated 2026-03-26T22:16:29.887000

2 posts

SiYuan is a personal knowledge management system. Prior to version 3.6.2, document IDs were retrieved via the /api/file/readDir interface, and then the /api/block/getChildBlocks interface was used to view the content of all documents. Version 3.6.2 patches the issue.

offseq@infosec.exchange at 2026-03-27T07:30:27.000Z ##

🚨 CVE-2026-33669: SiYuan (<3.6.2) has a CRITICAL out-of-bounds read flaw (CVSS 9.8). No auth/user interaction needed — remote attackers can leak sensitive memory. Upgrade to 3.6.2 ASAP! radar.offseq.com/threat/cve-20 #OffSeq #Vulnerability #SiYuan #Cybersecurity

##
thehackerwire@mastodon.social at 2026-03-26T22:19:53.000Z ##

🔴 CVE-2026-33669 - Critical (9.8)

SiYuan is a personal knowledge management system. Prior to version 3.6.2, document IDs were retrieved via the /api/file/readDir interface, and then the /api/block/getChildBlocks interface was used to view the content of all documents. Version 3.6....

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-12805
(8.1 HIGH)

EPSS: 0.03%

updated 2026-03-26T22:16:25.920000

1 posts

A flaw was found in Red Hat OpenShift AI (RHOAI) llama-stack-operator. This vulnerability allows unauthorized access to Llama Stack services deployed in other namespaces via direct network requests, because no NetworkPolicy restricts access to the llama-stack service endpoint. As a result, a user in one namespace can access another user’s Llama Stack instance and potentially view or manipulate sen

thehackerwire@mastodon.social at 2026-03-26T22:21:06.000Z ##

🟠 CVE-2025-12805 - High (8.1)

A flaw was found in Red Hat OpenShift AI (RHOAI) llama-stack-operator. This vulnerability allows unauthorized access to Llama Stack services deployed in other namespaces via direct network requests, because no NetworkPolicy restricts access to the...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-55262
(8.3 HIGH)

EPSS: 0.03%

updated 2026-03-26T21:32:35

1 posts

HCL Aftermarket DPC is affected by SQL Injection which allows attacker to exploit this vulnerability to retrieve sensitive information from the database.

thehackerwire@mastodon.social at 2026-03-26T23:01:08.000Z ##

🟠 CVE-2025-55262 - High (8.3)

HCL Aftermarket DPC is affected by SQL Injection which allows attacker to exploit this vulnerability to retrieve sensitive information from the database.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-41368
(8.1 HIGH)

EPSS: 0.02%

updated 2026-03-26T21:07:45.300000

1 posts

Problem in the Small HTTP Server v3.06.36 service. An authenticated path traversal vulnerability in '/' allows remote users to bypass the intended restrictions of SecurityManager and display any file if they have the appropriate permissions outside the document root configured on the server.

thehackerwire@mastodon.social at 2026-03-26T23:20:43.000Z ##

🟠 CVE-2025-41368 - High (8.1)

Problem in the Small HTTP Server v3.06.36 service. An authenticated path traversal vulnerability in '/' allows remote users to bypass the intended restrictions of SecurityManager and display any file if they have the appropriate permissions outsid...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-41359
(7.8 HIGH)

EPSS: 0.02%

updated 2026-03-26T21:04:16.050000

1 posts

Vulnerability related to an unquoted service path in Small HTTP Server 3.06.36, specifically affecting the executable located at 'C:\Program Files (x86)\shttps_mg\http.exe service'. This misconfiguration allows a local attacker to place a malicious executable with the same name in a higher priority directory, causing the service to execute the malicious file instead of the legitimate one. Exploiti

thehackerwire@mastodon.social at 2026-03-26T23:16:10.000Z ##

🟠 CVE-2025-41359 - High (7.8)

Vulnerability related to an unquoted service path in Small HTTP Server 3.06.36, specifically affecting the executable located at 'C:\Program Files (x86)\shttps_mg\http.exe service'. This misconfiguration allows a local attacker to place a maliciou...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33396
(9.9 CRITICAL)

EPSS: 0.76%

updated 2026-03-26T20:40:52.840000

1 posts

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.35, a low-privileged authenticated user (ProjectMember) can achieve remote command execution on the Probe container/host by abusing Synthetic Monitor Playwright script execution. Synthetic monitor code is executed in VMRunner.runCodeInNodeVM with a live Playwright page object in context. The sandbox relies on

thehackerwire@mastodon.social at 2026-03-26T22:22:27.000Z ##

🔴 CVE-2026-33396 - Critical (9.9)

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.35, a low-privileged authenticated user (ProjectMember) can achieve remote command execution on the Probe container/host by abusing Synthetic Monitor Playwrig...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-55261
(8.1 HIGH)

EPSS: 0.04%

updated 2026-03-26T20:01:57.193000

1 posts

HCL Aftermarket DPC is affected by Missing Functional Level Access Control which will allow attacker to escalate his privileges and may compromise the application and may steal and manipulate the data.

thehackerwire@mastodon.social at 2026-03-26T23:00:57.000Z ##

🟠 CVE-2025-55261 - High (8.1)

HCL Aftermarket DPC is affected by Missing Functional Level Access Control which will allow attacker to escalate his privileges and may compromise the application and may steal and manipulate the data.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32522
(8.6 HIGH)

EPSS: 0.05%

updated 2026-03-26T19:17:01.930000

1 posts

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish WooCommerce Support Ticket System woocommerce-support-ticket-system allows Path Traversal.This issue affects WooCommerce Support Ticket System: from n/a through < 18.5.

thehackerwire@mastodon.social at 2026-03-27T00:01:09.000Z ##

🟠 CVE-2026-32522 - High (8.6)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish WooCommerce Support Ticket System woocommerce-support-ticket-system allows Path Traversal.This issue affects WooCommerce Support Ticket System...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-3108
(8.1 HIGH)

EPSS: 0.04%

updated 2026-03-26T18:31:49

1 posts

Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, 11.3.x <= 11.3.1 fail to sanitize user-controlled post content in the mmctl commands terminal output which allows attackers to manipulate administrator terminals via crafted messages containing ANSI and OSC escape sequences that enable screen manipulation, fake prompts, and clipboard hijacking.. Mattermost Advisory ID: MM

thehackerwire@mastodon.social at 2026-03-26T22:01:04.000Z ##

🟠 CVE-2026-3108 - High (8)

Mattermost versions 11.2.x &lt;= 11.2.2, 10.11.x &lt;= 10.11.10, 11.4.x &lt;= 11.4.0, 11.3.x &lt;= 11.3.1 fail to sanitize user-controlled post content in the mmctl commands terminal output which allows attackers to manipulate administrator termin...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33487
(7.5 HIGH)

EPSS: 0.02%

updated 2026-03-26T18:16:30.070000

1 posts

goxmlsig provides XML Digital Signatures implemented in Go. Prior to version 1.6.0, the `validateSignature` function in `validate.go` goes through the references in the `SignedInfo` block to find one that matches the signed element's ID. In Go versions before 1.22, or when `go.mod` uses an older version, there is a loop variable capture issue. The code takes the address of the loop variable `_ref`

thehackerwire@mastodon.social at 2026-03-26T21:20:27.000Z ##

🟠 CVE-2026-33487 - High (7.5)

goxmlsig provides XML Digital Signatures implemented in Go. Prior to version 1.6.0, the `validateSignature` function in `validate.go` goes through the references in the `SignedInfo` block to find one that matches the signed element's ID. In Go ver...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4867
(7.5 HIGH)

EPSS: 0.04%

updated 2026-03-26T17:16:42.983000

1 posts

Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period (.). For example, /:a-:b-:c or /:a-:b-:c-:d. The backtrack protection added in path-to-regexp@0.1.12 only prevents ambiguity for two parameters. With three or more, the generated lookahead does not block single separator characters, so captu

thehackerwire@mastodon.social at 2026-03-26T22:00:26.000Z ##

🟠 CVE-2026-4867 - High (7.5)

Impact:

A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period (.). For example, /:a-:b-:c or /:a-:b-:c-:d. The backtrack protection added in path-to-r...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33468
(8.1 HIGH)

EPSS: 0.05%

updated 2026-03-26T17:16:41.007000

1 posts

Kysely is a type-safe TypeScript SQL query builder. Prior to version 0.28.14, Kysely's `DefaultQueryCompiler.sanitizeStringLiteral()` only escapes single quotes by doubling them (`'` → `''`) but does not escape backslashes. When used with the MySQL dialect (where `NO_BACKSLASH_ESCAPES` is OFF by default), an attacker can use a backslash to escape the trailing quote of a string literal, breaking ou

thehackerwire@mastodon.social at 2026-03-26T22:00:36.000Z ##

🟠 CVE-2026-33468 - High (8.1)

Kysely is a type-safe TypeScript SQL query builder. Prior to version 0.28.14, Kysely's `DefaultQueryCompiler.sanitizeStringLiteral()` only escapes single quotes by doubling them (`'` → `''`) but does not escape backslashes. When used with the My...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33442
(8.1 HIGH)

EPSS: 0.05%

updated 2026-03-26T17:16:40.850000

1 posts

Kysely is a type-safe TypeScript SQL query builder. In versions 0.28.12 and 0.28.13, the `sanitizeStringLiteral` method in Kysely's query compiler escapes single quotes (`'` → `''`) but does not escape backslashes. On MySQL with the default `BACKSLASH_ESCAPES` SQL mode, an attacker can inject a backslash before a single quote to neutralize the escaping, breaking out of the JSON path string literal

thehackerwire@mastodon.social at 2026-03-26T22:01:14.000Z ##

🟠 CVE-2026-33442 - High (8.1)

Kysely is a type-safe TypeScript SQL query builder. In versions 0.28.12 and 0.28.13, the `sanitizeStringLiteral` method in Kysely's query compiler escapes single quotes (`'` → `''`) but does not escape backslashes. On MySQL with the default `BAC...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33009
(8.2 HIGH)

EPSS: 0.04%

updated 2026-03-26T17:16:37.813000

1 posts

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to C++ UB (potential memory corruption). This is triggered by an MQTT `everest_external/nodered/{connector}/cmd/switch_three_phases_while_charging` message and results in `Charger::shared_context` / `internal_context` accessed concurrently without lock. Version 2026.02.0 contains a patch.

thehackerwire@mastodon.social at 2026-03-26T22:15:45.000Z ##

🟠 CVE-2026-33009 - High (8.2)

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to C++ UB (potential memory corruption). This is triggered by an MQTT `everest_external/nodered/{connector}/cmd/switch_three_phases_while_charging` mess...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-15101
(8.8 HIGH)

EPSS: 0.02%

updated 2026-03-26T16:43:20.300000

1 posts

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Web management interface of certain ASUS router models. This vulnerability potentially allows actions to be performed with the existing privileges of an authenticated user on the affected device, including the ability to execute system commands through unintended mechanisms. Refer to the 'Security Update for ASUS Router F

thehackerwire@mastodon.social at 2026-03-26T23:55:32.000Z ##

🟠 CVE-2025-15101 - High (8.8)

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Web management interface of certain ASUS router models. This vulnerability potentially allows actions to be performed with the existing privileges of an authenticated use...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33017
(9.8 CRITICAL)

EPSS: 5.65%

updated 2026-03-26T15:41:23

3 posts

## Summary The `POST /api/v1/build_public_tmp/{flow_id}/flow` endpoint allows building public flows without requiring authentication. When the optional `data` parameter is supplied, the endpoint uses **attacker-controlled flow data** (containing arbitrary Python code in node definitions) instead of the stored flow data from the database. This code is passed to `exec()` with zero sandboxing, resul

5 repos

https://github.com/MaxMnMl/langflow-CVE-2026-33017-poc

https://github.com/omer-efe-curkus/CVE-2026-33017-Langflow-RCE-PoC

https://github.com/SimoesCTT/Sovereign-Echo-33017

https://github.com/z4yd3/PoC-CVE-2026-33017

https://github.com/rootdirective-sec/CVE-2026-33017-Lab

steelefortress at 2026-03-28T11:00:13.491Z ##

CISA just added two critical vulnerabilities to its Known Exploited Vulnerabilities catalog and both deserve your immediate attention.

First up is CVE-2026-33017, a code injection flaw in Langflow, the open-source AI workflow builder that has exploded in popularity.

Read more: steelefortress.com/7448up

##
steelefortress@infosec.exchange at 2026-03-28T11:00:13.000Z ##

CISA just added two critical vulnerabilities to its Known Exploited Vulnerabilities catalog and both deserve your immediate attention.

First up is CVE-2026-33017, a code injection flaw in Langflow, the open-source AI workflow builder that has exploded in popularity.

Read more: steelefortress.com/7448up

#Cybersecurity #InfoSec #Privacy #ThreatIntel

##
secdb@infosec.exchange at 2026-03-26T22:21:34.000Z ##

🚨 [CISA-2026:0325] CISA Adds One Known Exploited Vulnerability to Catalog (secdb.nttzen.cloud/security-ad)

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2026-33017 (secdb.nttzen.cloud/cve/detail/)
- Name: Langflow Code Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Langflow
- Product: Langflow
- Notes: github.com/langflow-ai/langflo ; nvd.nist.gov/vuln/detail/CVE-2

#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260325 #cisa20260325 #cve_2026_33017 #cve202633017

##

CVE-2026-32530
(8.8 HIGH)

EPSS: 0.04%

updated 2026-03-26T15:31:39

1 posts

Incorrect Privilege Assignment vulnerability in WPFunnels Creator LMS creatorlms allows Privilege Escalation.This issue affects Creator LMS: from n/a through <= 1.1.18.

thehackerwire@mastodon.social at 2026-03-27T00:00:25.000Z ##

🟠 CVE-2026-32530 - High (8.8)

Incorrect Privilege Assignment vulnerability in WPFunnels Creator LMS creatorlms allows Privilege Escalation.This issue affects Creator LMS: from n/a through &lt;= 1.1.18.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4247
(7.5 HIGH)

EPSS: 0.02%

updated 2026-03-26T15:31:39

1 posts

When a challenge ACK is to be sent tcp_respond() constructs and sends the challenge ACK and consumes the mbuf that is passed in. When no challenge ACK should be sent the function returns and leaks the mbuf. If an attacker is either on path with an established TCP connection, or can themselves establish a TCP connection, to an affected FreeBSD machine, they can easily craft and send packets which

thehackerwire@mastodon.social at 2026-03-26T23:21:29.000Z ##

🟠 CVE-2026-4247 - High (7.5)

When a challenge ACK is to be sent tcp_respond() constructs and sends the challenge ACK and consumes the mbuf that is passed in. When no challenge ACK should be sent the function returns and leaks the mbuf.

If an attacker is either on path with ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4652
(7.5 HIGH)

EPSS: 0.05%

updated 2026-03-26T15:31:38

1 posts

On a system exposing an NVMe/TCP target, a remote client can trigger a kernel panic by sending a CONNECT command for an I/O queue with a bogus or stale CNTLID. An attacker with network access to the NVMe/TCP target can trigger an unauthenticated Denial of Service condition on the affected machine.

thehackerwire@mastodon.social at 2026-03-26T23:55:15.000Z ##

🟠 CVE-2026-4652 - High (7.5)

On a system exposing an NVMe/TCP target, a remote client can trigger a kernel panic by sending a CONNECT command for an I/O queue with a bogus or stale CNTLID.

An attacker with network access to the NVMe/TCP target can trigger an unauthenticated ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-2511
(7.5 HIGH)

EPSS: 0.07%

updated 2026-03-26T15:30:47

1 posts

The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL Injection via the `multiformid` parameter in the `storeTickets()` function in all versions up to, and including, 3.0.4. This is due to the user-supplied `multiformid` value being passed to `esc_sql()` without enclosing the result in quotes in the SQL query, rendering the escaping ineffective against

thehackerwire@mastodon.social at 2026-03-26T23:00:47.000Z ##

🟠 CVE-2026-2511 - High (7.5)

The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL Injection via the `multiformid` parameter in the `storeTickets()` function in all versions up to, and including, 3.0.4. This is due to the user-su...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-27664
(7.5 HIGH)

EPSS: 0.04%

updated 2026-03-26T15:16:34.340000

1 posts

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.10), SICORE Base system (All versions < V26.10.0). The affected application contains an out-of-bounds write vulnerability while parsing specially crafted XML inputs. This could allow an unauthenticated attacker to exploit this issue by sending a malicious XML request, which may cause the service to c

thehackerwire@mastodon.social at 2026-03-26T22:15:54.000Z ##

🟠 CVE-2026-27664 - High (7.5)

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions &lt; V26.10), SICORE Base system (All versions &lt; V26.10.0). The affected application contains an out-of-bounds write vulnerability while parsing specia...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-26008
(7.5 HIGH)

EPSS: 0.04%

updated 2026-03-26T15:16:32.510000

1 posts

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have an out-of-bounds access (std::vector) that leads to possible remote crash/memory corruption. This is because the CSMS sends UpdateAllowedEnergyTransferModes over the network. Version 2026.2.0 contains a patch.

thehackerwire@mastodon.social at 2026-03-26T22:21:27.000Z ##

🟠 CVE-2026-26008 - High (7.5)

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have an out-of-bounds access (std::vector) that leads to possible remote crash/memory corruption. This is because the CSMS sends UpdateAllowedEnergyTransferModes over the networ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-24068
(8.8 HIGH)

EPSS: 0.04%

updated 2026-03-26T15:16:32.303000

1 posts

The VSL privileged helper does utilize NSXPC for IPC. The implementation of the "shouldAcceptNewConnection" function, which is used by the NSXPC framework to validate if a client should be allowed to connect to the XPC listener, does not validate clients at all. This means that any process can connect to this service using the configured protocol. A malicious process is able to call all the functi

thehackerwire@mastodon.social at 2026-03-26T23:21:00.000Z ##

🟠 CVE-2026-24068 - High (8.8)

The VSL privileged helper does utilize NSXPC for IPC. The implementation of the "shouldAcceptNewConnection" function, which is used by the NSXPC framework to validate if a client should be allowed to connect to the XPC listener, does not validate ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-23995
(8.4 HIGH)

EPSS: 0.01%

updated 2026-03-26T15:16:32.137000

2 posts

EVerest is an EV charging software stack. Prior to version 2026.02.0, stack-based buffer overflow in CAN interface initialization: passing an interface name longer than IFNAMSIZ (16) to CAN open routines overflows `ifreq.ifr_name`, corrupting adjacent stack data and enabling potential code execution. A malicious or misconfigured interface name can trigger this before any privilege checks. Version

thehackerwire@mastodon.social at 2026-03-26T22:22:17.000Z ##

🟠 CVE-2026-23995 - High (8.4)

EVerest is an EV charging software stack. Prior to version 2026.02.0, stack-based buffer overflow in CAN interface initialization: passing an interface name longer than IFNAMSIZ (16) to CAN open routines overflows `ifreq.ifr_name`, corrupting adja...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-26T22:21:15.000Z ##

🟠 CVE-2026-23995 - High (8.4)

EVerest is an EV charging software stack. Prior to version 2026.02.0, stack-based buffer overflow in CAN interface initialization: passing an interface name longer than IFNAMSIZ (16) to CAN open routines overflows `ifreq.ifr_name`, corrupting adja...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33660
(0 None)

EPSS: 0.11%

updated 2026-03-26T15:13:15.790000

1 posts

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could use the Merge node's "Combine by SQL" mode to read local files on the n8n host and achieve remote code execution. The AlaSQL sandbox did not sufficiently restrict certain SQL statements, allowing an attacker to access sensitiv

beyondmachines1@infosec.exchange at 2026-03-27T11:01:47.000Z ##

n8n Patches Critical Remote Code Execution and Credential Theft Vulnerabilities

n8n patched multiple vulnerabilities, including two critical RCE flaws (CVE-2026-33660 and CVE-2026-33696) and a credential theft issue that allow authenticated users to take over host systems or steal plaintext secrets.

**If you use n8n, update immediately to version 1.123.27, 2.13.3, or 2.14.1. These patches fix critical flaws that let anyone with workflow permissions take over your server and steal all stored credentials. If you can't update right away, restrict workflow creation permissions to only fully trusted users and disable the Merge and XML nodes via the NODES_EXCLUDE environment variable until you can patch.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

CVE-2026-4747
(8.8 HIGH)

EPSS: 0.15%

updated 2026-03-26T15:13:15.790000

1 posts

Each RPCSEC_GSS data packet is validated by a routine which checks a signature in the packet. This routine copies a portion of the packet into a stack buffer, but fails to ensure that the buffer is sufficiently large, and a malicious client can trigger a stack overflow. Notably, this does not require the client to authenticate itself first. As kgssapi.ko's RPCSEC_GSS implementation is vulnerabl

thehackerwire@mastodon.social at 2026-03-26T23:55:23.000Z ##

🟠 CVE-2026-4747 - High (8.8)

Each RPCSEC_GSS data packet is validated by a routine which checks a signature in the packet. This routine copies a portion of the packet into a stack buffer, but fails to ensure that the buffer is sufficiently large, and a malicious client can t...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32523
(9.9 CRITICAL)

EPSS: 0.04%

updated 2026-03-26T14:16:11.417000

1 posts

Unrestricted Upload of File with Dangerous Type vulnerability in denishua WPJAM Basic wpjam-basic allows Using Malicious Files.This issue affects WPJAM Basic: from n/a through <= 6.9.2.

thehackerwire@mastodon.social at 2026-03-27T00:01:19.000Z ##

🔴 CVE-2026-32523 - Critical (9.9)

Unrestricted Upload of File with Dangerous Type vulnerability in denishua WPJAM Basic wpjam-basic allows Using Malicious Files.This issue affects WPJAM Basic: from n/a through &lt;= 6.9.2.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4809
(9.8 CRITICAL)

EPSS: 0.39%

updated 2026-03-26T12:30:35

1 posts

plank/laravel-mediable through version 6.4.0 can allow upload of a dangerous file type when an application using the package accepts or prefers a client-supplied MIME type during file upload handling. In that configuration, a remote attacker can submit a file containing executable PHP code while declaring a benign image MIME type, resulting in arbitrary file upload. If the uploaded file is stored

thehackerwire@mastodon.social at 2026-03-26T23:20:52.000Z ##

🔴 CVE-2026-4809 - Critical (9.8)

plank/laravel-mediable through version 6.4.0 can allow upload of a dangerous file type when an application using the package accepts or prefers a client-supplied MIME type during file upload handling. In that configuration, a remote attacker can s...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4862
(8.8 HIGH)

EPSS: 0.04%

updated 2026-03-26T10:16:26.850000

1 posts

A security vulnerability has been detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file /goform/formConfigDnsFilterGlobal of the component Parameter Handler. Such manipulation of the argument GroupName leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.

thehackerwire@mastodon.social at 2026-03-26T23:21:12.000Z ##

🟠 CVE-2026-4862 - High (8.8)

A security vulnerability has been detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file /goform/formConfigDnsFilterGlobal of the component Parameter Handler. Such manipulation of the argument Gr...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4861
(8.8 HIGH)

EPSS: 0.04%

updated 2026-03-26T09:30:34

1 posts

A weakness has been identified in Wavlink WL-NU516U1 260227. This vulnerability affects the function ftext of the file /cgi-bin/nas.cgi. This manipulation of the argument Content-Length causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but di

thehackerwire@mastodon.social at 2026-03-26T23:21:20.000Z ##

🟠 CVE-2026-4861 - High (8.8)

A weakness has been identified in Wavlink WL-NU516U1 260227. This vulnerability affects the function ftext of the file /cgi-bin/nas.cgi. This manipulation of the argument Content-Length causes stack-based buffer overflow. The attack can be initiat...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33167(CVSS UNKNOWN)

EPSS: 0.02%

updated 2026-03-25T20:46:52

1 posts

### Impact The debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page, leading to XSS. This affects applications with detailed exception pages enabled (`config.consider_all_requests_local = true`), which is the default in development. ### Releases The fixed releases are available at the norm

vitobotta@mastodon.social at 2026-03-27T12:55:29.000Z ##

Rails released security patches for versions 7.2, 8.0, and 8.1 this week, addressing 10 vulnerabilities. The list includes XSS vulnerabilities in Action Pack debug exceptions and Action View tag helpers, DoS vulnerabilities in Active Storage (range requests) and Active Support (number formatting), plus path traversal and glob injection issues in Active Storage DiskService

The most interesting one for me is CVE-2026-33167 - XSS via debug exceptions in development mode. Interesting attack vector!

##

CVE-2025-33244
(9.0 CRITICAL)

EPSS: 0.03%

updated 2026-03-25T15:41:58.280000

1 posts

NVIDIA APEX for Linux contains a vulnerability where an unauthorized attacker could cause a deserialization of untrusted data. This vulnerability affects environments that use PyTorch versions earlier than 2.6. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, data tampering, and information disclosure.

beyondmachines1@infosec.exchange at 2026-03-27T10:01:47.000Z ##

NVIDIA Patches Multiple Flaws Including Critical RCE Vulnerability in Apex AI Optimization Library

NVIDIA's March 2026 security bulletins address multiple vulnerabilities across its AI and infrastructure products including CVE-2025-33244, a critical deserialization flaw in NVIDIA Apex that could allow remote code execution, privilege escalation, and full compromise of AI training pipelines.

**If you're running NVIDIA AI tools like Apex, Triton, NeMo, or Megatron, check the March 2026 security bulletins and apply all available patches immediately — several of these flaws are high-severity and could let attackers take over your AI pipelines. Subscribe to NVIDIA's security advisories so you don't miss future updates, and prioritize patching any internet-facing or shared infrastructure components first.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

CVE-2026-3055
(0 None)

EPSS: 0.03%

updated 2026-03-24T15:54:09.400000

8 posts

Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread

2 repos

https://github.com/0xBlackash/CVE-2026-3055

https://github.com/RootAid/CVE-2026-3055

undercodenews@mastodon.social at 2026-03-29T14:51:56.000Z ##

Critical Citrix NetScaler Vulnerability CVE-2026-3055 Triggers Urgent Security Concerns Across Enterprise Networks

Introduction: A Silent Threat Emerging in Enterprise Infrastructure A newly disclosed critical vulnerability in Citrix NetScaler ADC and Gateway has rapidly captured the attention of cybersecurity professionals worldwide. Identified as CVE-2026-3055 and assigned a severe CVSS score of 9.3, this flaw exposes a dangerous weakness capable of leaking sensitive…

undercodenews.com/critical-cit

##
nyanbinary at 2026-03-29T07:12:00.186Z ##

Anyone got a CVE-2026-3055-vulnerable box I can throw my attempted detection script against? I mean, it's trivial, but still would like to have more certainty about our boxes NOT being impacted than "I think I understood the watchtowr blog & didn't fuck up" when we get asked if we need to emergency patch tomorrow :neobot_giggle:

##
hackerworkspace at 2026-03-28T23:33:25.857Z ##

The Sequels Are Never As Good, But We're Still In Pain (Citrix NetScaler CVE-2026-3055 Memory Overread)

labs.watchtowr.com/the-sequels

Short summary: hackerworkspace.com/article/th

##
glitterbean@wehavecookies.social at 2026-03-28T22:25:20.000Z ##

The Sequels Are Never As Good, But We're Still In Pain (Citrix NetScaler CVE-2026-3055 Memory Overread) labs.watchtowr.com/the-sequels

##
_r_netsec at 2026-03-28T20:43:05.562Z ##

The Sequels Are Never As Good, But We're Still In Pain (Citrix NetScaler CVE-2026-3055 Memory Overread) - watchTowr Labs labs.watchtowr.com/the-sequels

##
nyanbinary@infosec.exchange at 2026-03-29T07:12:00.000Z ##

Anyone got a CVE-2026-3055-vulnerable box I can throw my attempted detection script against? I mean, it's trivial, but still would like to have more certainty about our boxes NOT being impacted than "I think I understood the watchtowr blog & didn't fuck up" when we get asked if we need to emergency patch tomorrow :neobot_giggle:

##
hackerworkspace@infosec.exchange at 2026-03-28T23:33:25.000Z ##

The Sequels Are Never As Good, But We're Still In Pain (Citrix NetScaler CVE-2026-3055 Memory Overread)

labs.watchtowr.com/the-sequels

Short summary: hackerworkspace.com/article/th

#cybersecurity #vulnerability #exploit

##
_r_netsec@infosec.exchange at 2026-03-28T20:43:05.000Z ##

The Sequels Are Never As Good, But We're Still In Pain (Citrix NetScaler CVE-2026-3055 Memory Overread) - watchTowr Labs labs.watchtowr.com/the-sequels

##

CVE-2026-3587
(10.0 CRITICAL)

EPSS: 0.12%

updated 2026-03-24T08:16:01.910000

1 posts

An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface, leading to full compromise of the device.

1 repos

https://github.com/z3r0h3ro/cve-2026-3587-poc

beyondmachines1@infosec.exchange at 2026-03-27T08:01:46.000Z ##

Critical Hidden Functionality Vulnerability in WAGO Industrial Managed Switches

WAGO reports a critical CVSS 10.0 vulnerability (CVE-2026-3587) in its industrial managed switches that allows unauthenticated remote attackers to escape the CLI and gain full device control. The flaw affects numerous models used in critical infrastructure.

**Make sure all WAGO managed switches (Lean and Industrial series) are isolated from the internet and accessible from trusted networks only. Then update the firmware to the latest "S1" patched versions if you can't patch immediately, disable SSH and Telnet so the command line is only reachable through a physical connection on the device itself.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

CVE-2026-4681(CVSS UNKNOWN)

EPSS: 0.50%

updated 2026-03-24T00:30:28

1 posts

A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data. This issue affects Windchill PDMLink: 11.0 M030, 11.1 M020, 11.2.1.0, 12.0.2.0, 12.1.2.0, 13.0.2.0, 13.1.0.0, 13.1.1.0, 13.1.2.0, 13.1.3.0; FlexPLM: 11.0 M030, 11.1 M020, 11.2.1.0, 12.0.0.0, 12.0.2.0, 12.0.3.0, 1

offseq@infosec.exchange at 2026-03-27T10:30:29.000Z ##

🚨 CRITICAL: CISA flags CVE-2026-4681 in PTC Windchill PLM. German police issued physical warnings — high urgency! No active exploits, but risk to manufacturing & engineering data is severe. Audit & secure now. radar.offseq.com/threat/cisa-f #OffSeq #Vulnerability #PLM #InfoSec

##

CVE-2026-3584
(9.8 CRITICAL)

EPSS: 0.29%

updated 2026-03-21T00:32:48

1 posts

The Kali Forms plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.4.9 via the 'form_process' function. This is due to the 'prepare_post_data' function mapping user-supplied keys directly into internal placeholder storage, combined with the use of 'call_user_func' on these placeholder values. This makes it possible for unauthenticated attackers to ex

1 repos

https://github.com/Yucaerin/CVE-2026-3584

fbinin@mastodon.fbin.in at 2026-03-28T15:07:56.000Z ##

Also @beyondmachines1

Hackers Actively Exploiting 9.8 Critical RCE Flaw in Kali Forms WordPress Plugin

securityonline.info/kali-forms

#wordpress #plugins #kaliforms #vulnerability #critical

##

CVE-2006-10003
(9.8 CRITICAL)

EPSS: 0.07%

updated 2026-03-19T18:41:18.180000

1 posts

XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack. In the case (stackptr == stacksize - 1), the stack will NOT be expanded. Then the new value will be written at location (++stackptr), which equals stacksize and therefore falls just outside the allocated buffer. The bug can be observed when parsing an XML file with very deep element nesting

linux@activitypub.awakari.com at 2026-03-28T21:13:48.000Z ## Debian Libxml-Parser-Perl Heap Overflow Issue DSA-6182-1 CVE-2006-10003 Joris van Rantwijk discovered that libxml-parser-perl, a Perl module for parsing XML files, is prone to a heap-based buffer o...

#Debian #Linux #Distribution #- #Security #Advisories

Origin | Interest | Match ##

CVE-2026-1678
(9.4 CRITICAL)

EPSS: 0.05%

updated 2026-03-09T18:33:42.917000

1 posts

dns_unpack_name() caches the buffer tailroom once and reuses it while appending DNS labels. As the buffer grows, the cached size becomes incorrect, and the final null terminator can be written past the buffer. With assertions disabled (default), a malicious DNS response can trigger an out-of-bounds write when CONFIG_DNS_RESOLVER is enabled.

jtk@infosec.exchange at 2026-03-27T19:30:21.000Z ##

Weekend Reads

* DNS parser overflow in Zephyr
0xkato.xyz/CVE-2026-1678-DNS-P
* Telegram bots measurement survey
arxiv.org/abs/2603.24302
* AS-path prepending for anycast optimization
arxiv.org/abs/2603.21082
* Building the largest data center
spectrum.ieee.org/5gw-data-cen
* OpenBSD init system and boot process
overeducated-redneck.net/blurg

#DNS #Telegram #BGP #AI #OpenBSD

##

CVE-2026-20079
(10.0 CRITICAL)

EPSS: 0.05%

updated 2026-03-04T18:32:03

1 posts

A vulnerability in the web interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authentication and execute script files on an affected device to obtain root access to the underlying operating system. This vulnerability is due to an improper system process that is created at boot time. An attacker could exploit this vulnerab

2 repos

https://github.com/Sushilsin/CVE-2026-20079

https://github.com/0xBlackash/CVE-2026-20079

catc0n@infosec.exchange at 2026-03-26T22:49:46.000Z ##

After 2+ weeks of semi-painful exploit development, @yeslikethefood and team have a full RCA out for Cisco Secure Firewall Management Center (FMC) CVE-2026-20079.

The bug is a CVSS 10, but there are significant prerequisites that may limit exploitability in real-world scenarios. There are between 300 and 700 FMC systems on the public internet as of today.

vulncheck.com/blog/cisco-fmc-a

##

CVE-2026-21962
(10.0 CRITICAL)

EPSS: 0.02%

updated 2026-02-03T00:16:10.653000

1 posts

Vulnerability in the Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in product of Oracle Fusion Middleware (component: Weblogic Server Proxy Plug-in for Apache HTTP Server, Weblogic Server Proxy Plug-in for IIS). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to c

8 repos

https://github.com/gregk4sec/cve-2026-21962

https://github.com/boroeurnprach/Ashwesker-CVE-2026-21962

https://github.com/gglessner/cve_2026_21962_scanner

https://github.com/samael0x4/CVE-2026-21962

https://github.com/ThumpBo/CVE-2026-21962

https://github.com/gregk4sec/CVE-2026-21962-o

https://github.com/naozibuhao/CVE-2026-21962_Java_GUI_Exploit_Tool

https://github.com/George0Papasotiriou/CVE-2026-21962-Oracle-HTTP-Server-WebLogic-Proxy-Plug-in-Critical-

beyondmachines1@infosec.exchange at 2026-03-27T09:01:47.000Z ##

Oracle WebLogic Servers Face Immediate Exploitation of Critical RCE Vulnerabilities

Oracle WebLogic Server is under active attack following the rapid weaponization of CVE-2026-21962, a critical RCE flaw exploited the same day its exploit code was released. Attackers are using automated tools and VPS infrastructure to target both new and legacy vulnerabilities.

**If you're running Oracle WebLogic Server, patch immediately. CVE-2026-21962 is being exploited in the wild on the same day exploit code dropped, and attackers are also chaining older flaws like CVE-2020-14882 and CVE-2017-10271 that still work on unpatched systems. Restrict WebLogic admin console access to internal networks or VPN only, disable protocols you don't need (IIOP, T3), and prioritize getting those patches applied today. These attacks are fully automated, require no login, and give attackers complete control of your server.**
#cybersecurity #infosec #attack #activeexploit
beyondmachines.net/event_detai

##

CVE-2025-12548
(9.0 CRITICAL)

EPSS: 44.19%

updated 2026-01-14T16:26:00.933000

1 posts

A flaw was found in Eclipse Che che-machine-exec. This vulnerability allows unauthenticated remote arbitrary command execution and secret exfiltration (SSH keys, tokens, etc.) from other users' Developer Workspace containers, via an unauthenticated JSON-RPC / websocket API exposed on TCP port 3333.

metasploit@infosec.exchange at 2026-03-27T21:24:25.000Z ##

The latest #Metasploit Wrapup is here! 🎉 This week brings enhanced SMB NTLM relaying for better client compatibility (including smbclient), plus new modules for RCE in Eclipse Che (CVE-2025-12548), Barracuda ESG command injection (CVE-2023-2868), and an ESC/POS printer injector.

Check it out at rapid7.com/blog/post/pt-metasp

##

CVE-2024-54492
(9.8 CRITICAL)

EPSS: 0.27%

updated 2025-11-04T00:32:14

2 posts

This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, visionOS 2.2. An attacker in a privileged network position may be able to alter network traffic.

mysk@mastodon.social at 2026-03-27T23:48:02.000Z ##

Good to know but every vulnerability we discovered and reported to Apple also affected the Lockdown Mode. This includes CVE-2024-54492 that impacted the Passwords app. An option to "Allow Contacting Websites" was added starting iOS 26

#privacy #security #iOS #Apple #infosec
--------
Apple Says No iPhone in Lockdown Mode Has Ever Been Hacked

macrumors.com/2026/03/27/no-ip

##
mysk@mastodon.social at 2026-03-27T23:48:02.000Z ##

Good to know but every vulnerability we discovered and reported to Apple also affected the Lockdown Mode. This includes CVE-2024-54492 that impacted the Passwords app. An option to "Allow Contacting Websites" was added starting iOS 26

#privacy #security #iOS #Apple #infosec
--------
Apple Says No iPhone in Lockdown Mode Has Ever Been Hacked

macrumors.com/2026/03/27/no-ip

##

CVE-2025-33073
(8.8 HIGH)

EPSS: 41.04%

updated 2025-10-22T00:34:22

1 posts

Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.

7 repos

https://github.com/mverschu/CVE-2025-33073

https://github.com/IyarGross/SMB-CVE-2025-33073

https://github.com/cve-2025-33073/cve-2025-33073

https://github.com/irjfifndn-prog/Blackash-CVE-2025-33073

https://github.com/matejsmycka/CVE-2025-33073-checker

https://github.com/obscura-cert/CVE-2025-33073

https://github.com/uziii2208/CVE-2025-33073

cyberveille@mastobot.ping.moi at 2026-03-29T04:00:11.000Z ##

📢 CVE-2025-33073 : élévation de privilèges SYSTEM via délégation Kerberos non contrainte
📝 ## 🔍 Contexte

Article publié le 27 mars 2026 par Praetorian (blog technique).
📖 cyberveille : cyberveille.ch/posts/2026-03-2
🌐 source : praetorian.com/blog/cve-2025-3
#Active_Directory #CVE_2025_33073 #Cyberveille

##

CVE-2023-2868
(9.4 CRITICAL)

EPSS: 90.02%

updated 2025-10-22T00:33:51

1 posts

A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives). The vulnerability stems from incomplete input validation of a user-supplied .tar file as it pertains to the names of the

4 repos

https://github.com/cfielding-r7/poc-cve-2023-2868

https://github.com/getdrive/PoC

https://github.com/cashapp323232/CVE-2023-2868CVE-2023-2868

https://github.com/krmxd/CVE-2023-2868

metasploit@infosec.exchange at 2026-03-27T21:24:25.000Z ##

The latest #Metasploit Wrapup is here! 🎉 This week brings enhanced SMB NTLM relaying for better client compatibility (including smbclient), plus new modules for RCE in Eclipse Che (CVE-2025-12548), Barracuda ESG command injection (CVE-2023-2868), and an ESC/POS printer injector.

Check it out at rapid7.com/blog/post/pt-metasp

##

CVE-2020-14882
(9.8 CRITICAL)

EPSS: 94.45%

updated 2025-10-22T00:31:59

1 posts

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeove

Nuclei template

41 repos

https://github.com/xfiftyone/CVE-2020-14882

https://github.com/s1kr10s/CVE-2020-14882

https://github.com/BabyTeam1024/CVE-2020-14882

https://github.com/ludy-dev/Weblogic_Unauthorized-bypass-RCE

https://github.com/b1g-b33f/CVE-2020-14882

https://github.com/jas502n/CVE-2020-14882

https://github.com/0thm4n3/cve-2020-14882

https://github.com/ovProphet/CVE-2020-14882-checker

https://github.com/xMr110/CVE-2020-14882

https://github.com/1n7erface/PocList

https://github.com/mmioimm/cve-2020-14882

https://github.com/AleksaZatezalo/CVE-2020-14882

https://github.com/Ormicron/CVE-2020-14882-GUI-Test

https://github.com/zhzyker/vulmap

https://github.com/murataydemir/CVE-2020-14883

https://github.com/Root-Shells/CVE-2020-14882

https://github.com/GGyao/CVE-2020-14882_POC

https://github.com/qianniaoge/CVE-2020-14882_Exploit_Gui

https://github.com/alexfrancow/CVE-2020-14882

https://github.com/QmF0c3UK/CVE-2020-14882

https://github.com/tpdlshdmlrkfmcla/WebLogic_CVE_2020_14882

https://github.com/murataydemir/CVE-2020-14882

https://github.com/milo2012/CVE-2020-14882

https://github.com/zesnd/CVE-2020-14882-POC

https://github.com/wsfengfan/cve-2020-14882

https://github.com/N0Coriander/CVE-2020-14882-14883

https://github.com/pprietosanchez/CVE-2020-14750

https://github.com/corelight/CVE-2020-14882-weblogicRCE

https://github.com/adm1in/CodeTest

https://github.com/0xn0ne/weblogicScanner

https://github.com/KKC73/weblogic-cve-2020-14882

https://github.com/kk98kk0/CVE-2020-14882

https://github.com/GGyao/CVE-2020-14882_ALL

https://github.com/Danny-LLi/CVE-2020-14882

https://github.com/zhzyker/exphub

https://github.com/XTeam-Wing/CVE-2020-14882

https://github.com/nik0nz7/CVE-2020-14882

https://github.com/LucasPDiniz/CVE-2020-14882

https://github.com/pwn3z/CVE-2020-14882-WebLogic

https://github.com/exploitblizzard/CVE-2020-14882-WebLogic

https://github.com/NS-Sp4ce/CVE-2020-14882

beyondmachines1@infosec.exchange at 2026-03-27T09:01:47.000Z ##

Oracle WebLogic Servers Face Immediate Exploitation of Critical RCE Vulnerabilities

Oracle WebLogic Server is under active attack following the rapid weaponization of CVE-2026-21962, a critical RCE flaw exploited the same day its exploit code was released. Attackers are using automated tools and VPS infrastructure to target both new and legacy vulnerabilities.

**If you're running Oracle WebLogic Server, patch immediately. CVE-2026-21962 is being exploited in the wild on the same day exploit code dropped, and attackers are also chaining older flaws like CVE-2020-14882 and CVE-2017-10271 that still work on unpatched systems. Restrict WebLogic admin console access to internal networks or VPN only, disable protocols you don't need (IIOP, T3), and prioritize getting those patches applied today. These attacks are fully automated, require no login, and give attackers complete control of your server.**
#cybersecurity #infosec #attack #activeexploit
beyondmachines.net/event_detai

##

CVE-2017-10271
(7.5 HIGH)

EPSS: 94.44%

updated 2025-10-22T00:31:29

1 posts

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of

Nuclei template

31 repos

https://github.com/s3xy/CVE-2017-10271

https://github.com/Al1ex/CVE-2017-10271

https://github.com/SuperHacker-liuan/cve-2017-10271-poc

https://github.com/1337g/CVE-2017-10271

https://github.com/kkirsche/CVE-2017-10271

https://github.com/KKsdall/7kbstormq

https://github.com/bigsizeme/weblogic-XMLDecoder

https://github.com/pssss/CVE-2017-10271

https://github.com/seoyoung-kang/CVE-2017-10271

https://github.com/ianxtianxt/-CVE-2017-10271-

https://github.com/ETOCheney/JavaDeserialization

https://github.com/shack2/javaserializetools

https://github.com/XHSecurity/Oracle-WebLogic-CVE-2017-10271

https://github.com/r4b3rt/CVE-2017-10271

https://github.com/c0mmand3rOpSec/CVE-2017-10271

https://github.com/kbsec/Weblogic_Wsat_RCE

https://github.com/testwc/CVE-2017-10271

https://github.com/7kbstorm/WebLogic_CNVD_C2019_48814

https://github.com/peterpeter228/Oracle-WebLogic-CVE-2017-10271

https://github.com/Cymmetria/weblogic_honeypot

https://github.com/pizza-power/weblogic-CVE-2019-2729-POC

https://github.com/SkyBlueEternal/CNVD-C-2019-48814-CNNVD-201904-961

https://github.com/rambleZzz/weblogic_CVE_2017_10271

https://github.com/cjjduck/weblogic_wls_wsat_rce

https://github.com/ZH3FENG/PoCs-Weblogic_2017_10271

https://github.com/JackyTsuuuy/weblogic_wls_rce_poc-exp

https://github.com/0xn0ne/weblogicScanner

https://github.com/Yuusuke4/WebLogic_CNVD_C_2019_48814

https://github.com/lonehand/Oracle-WebLogic-CVE-2017-10271-master

https://github.com/cved-sources/cve-2017-10271

https://github.com/Luffin/CVE-2017-10271

beyondmachines1@infosec.exchange at 2026-03-27T09:01:47.000Z ##

Oracle WebLogic Servers Face Immediate Exploitation of Critical RCE Vulnerabilities

Oracle WebLogic Server is under active attack following the rapid weaponization of CVE-2026-21962, a critical RCE flaw exploited the same day its exploit code was released. Attackers are using automated tools and VPS infrastructure to target both new and legacy vulnerabilities.

**If you're running Oracle WebLogic Server, patch immediately. CVE-2026-21962 is being exploited in the wild on the same day exploit code dropped, and attackers are also chaining older flaws like CVE-2020-14882 and CVE-2017-10271 that still work on unpatched systems. Restrict WebLogic admin console access to internal networks or VPN only, disable protocols you don't need (IIOP, T3), and prioritize getting those patches applied today. These attacks are fully automated, require no login, and give attackers complete control of your server.**
#cybersecurity #infosec #attack #activeexploit
beyondmachines.net/event_detai

##

CVE-2025-5063
(8.8 HIGH)

EPSS: 0.46%

updated 2025-05-28T15:35:30

1 posts

Use after free in Compositing in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Mozilla@activitypub.awakari.com at 2026-03-27T14:57:12.000Z ## Google’s Latest Chrome Patch Exposes the Fragile Underbelly of the World’s Most Popular Browser Google's latest Chrome update patches eight security vulnerabilities affecting 3.5 billion us...

#AppSecurityUpdate #browser #security #patch #Chrome #security #vulnerabilities #CVE-2025-5063 #Google #Chrome #update

Origin | Interest | Match ##

CVE-2020-8561
(4.1 MEDIUM)

EPSS: 0.18%

updated 2023-02-01T05:06:20

1 posts

A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs.

raesene@infosec.exchange at 2026-03-27T10:23:01.000Z ##

Just released another entry in my blog series looking at the unpatchable vulnerabilities of Kubernetes.

Whilst the CVEs are quite old, understanding them is useful, both to understand if you need to apply mitigations and also for some of the low-level Kubernetes implementation details they involve.

securitylabs.datadoghq.com/art

##

CVE-2026-5044
(0 None)

EPSS: 0.00%

4 posts

N/A

thehackerwire@mastodon.social at 2026-03-29T13:20:24.000Z ##

🟠 CVE-2026-5044 - High (8.8)

A security vulnerability has been detected in Belkin F9K1122 1.00.33. This affects the function formSetSystemSettings of the file /goform/formSetSystemSettings of the component Setting Handler. Such manipulation of the argument webpage leads to st...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-29T13:19:24.000Z ##

🟠 CVE-2026-5044 - High (8.8)

A security vulnerability has been detected in Belkin F9K1122 1.00.33. This affects the function formSetSystemSettings of the file /goform/formSetSystemSettings of the component Setting Handler. Such manipulation of the argument webpage leads to st...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-29T13:20:24.000Z ##

🟠 CVE-2026-5044 - High (8.8)

A security vulnerability has been detected in Belkin F9K1122 1.00.33. This affects the function formSetSystemSettings of the file /goform/formSetSystemSettings of the component Setting Handler. Such manipulation of the argument webpage leads to st...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-29T13:19:24.000Z ##

🟠 CVE-2026-5044 - High (8.8)

A security vulnerability has been detected in Belkin F9K1122 1.00.33. This affects the function formSetSystemSettings of the file /goform/formSetSystemSettings of the component Setting Handler. Such manipulation of the argument webpage leads to st...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33575
(0 None)

EPSS: 0.00%

4 posts

N/A

thehackerwire@mastodon.social at 2026-03-29T13:20:15.000Z ##

🟠 CVE-2026-33575 - High (7.5)

OpenClaw before 2026.3.12 embeds long-lived shared gateway credentials directly in pairing setup codes generated by /pair endpoint and OpenClaw qr command. Attackers with access to leaked setup codes from chat history, logs, or screenshots can rec...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-29T13:19:14.000Z ##

🟠 CVE-2026-33575 - High (7.5)

OpenClaw before 2026.3.12 embeds long-lived shared gateway credentials directly in pairing setup codes generated by /pair endpoint and OpenClaw qr command. Attackers with access to leaked setup codes from chat history, logs, or screenshots can rec...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-29T13:20:15.000Z ##

🟠 CVE-2026-33575 - High (7.5)

OpenClaw before 2026.3.12 embeds long-lived shared gateway credentials directly in pairing setup codes generated by /pair endpoint and OpenClaw qr command. Attackers with access to leaked setup codes from chat history, logs, or screenshots can rec...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-29T13:19:14.000Z ##

🟠 CVE-2026-33575 - High (7.5)

OpenClaw before 2026.3.12 embeds long-lived shared gateway credentials directly in pairing setup codes generated by /pair endpoint and OpenClaw qr command. Attackers with access to leaked setup codes from chat history, logs, or screenshots can rec...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33572
(0 None)

EPSS: 0.00%

2 posts

N/A

thehackerwire@mastodon.social at 2026-03-29T13:19:49.000Z ##

🟠 CVE-2026-33572 - High (8.4)

OpenClaw before 2026.2.17 creates session transcript JSONL files with overly broad default permissions, allowing local users to read transcript contents. Attackers with local access can read transcript files to extract sensitive information includ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-29T13:19:49.000Z ##

🟠 CVE-2026-33572 - High (8.4)

OpenClaw before 2026.2.17 creates session transcript JSONL files with overly broad default permissions, allowing local users to read transcript contents. Attackers with local access can read transcript files to extract sensitive information includ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33697
(0 None)

EPSS: 0.00%

2 posts

N/A

thehackerwire@mastodon.social at 2026-03-29T01:01:50.000Z ##

🟠 CVE-2026-33697 - High (7.5)

Cocos AI is a confidential computing system for AI. The current implementation of attested TLS (aTLS) in CoCoS is vulnerable to a relay attack affecting all versions from v0.4.0 through v0.8.2. This vulnerability is present in both the AMD SEV-SNP...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-29T01:01:50.000Z ##

🟠 CVE-2026-33697 - High (7.5)

Cocos AI is a confidential computing system for AI. The current implementation of attested TLS (aTLS) in CoCoS is vulnerable to a relay attack affecting all versions from v0.4.0 through v0.8.2. This vulnerability is present in both the AMD SEV-SNP...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33991
(0 None)

EPSS: 0.05%

4 posts

N/A

offseq at 2026-03-28T10:30:28.483Z ##

⚠️ CVE-2026-33991: HIGH severity SQL Injection in WeGIA < 3.6.7. Vulnerable PHP code in deletar_tag.php lets attackers inject SQL remotely — risking data theft & disruption for charities. Patch to 3.6.7 or mitigate ASAP. radar.offseq.com/threat/cve-20

##
thehackerwire@mastodon.social at 2026-03-27T23:18:57.000Z ##

🟠 CVE-2026-33991 - High (8.8)

WeGIA is a web manager for charitable institutions. Prior to version 3.6.7, the file `html/socio/sistema/deletar_tag.php` uses `extract($_REQUEST)` on line 14 and directly concatenates the `$id_tag` variable into SQL queries on lines 16-17 without...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
offseq@infosec.exchange at 2026-03-28T10:30:28.000Z ##

⚠️ CVE-2026-33991: HIGH severity SQL Injection in WeGIA < 3.6.7. Vulnerable PHP code in deletar_tag.php lets attackers inject SQL remotely — risking data theft & disruption for charities. Patch to 3.6.7 or mitigate ASAP. radar.offseq.com/threat/cve-20 #OffSeq #SQLInjection #Infosec

##
thehackerwire@mastodon.social at 2026-03-27T23:18:57.000Z ##

🟠 CVE-2026-33991 - High (8.8)

WeGIA is a web manager for charitable institutions. Prior to version 3.6.7, the file `html/socio/sistema/deletar_tag.php` uses `extract($_REQUEST)` on line 14 and directly concatenates the `$id_tag` variable into SQL queries on lines 16-17 without...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-1679
(0 None)

EPSS: 0.03%

2 posts

N/A

offseq at 2026-03-28T07:30:26.741Z ##

CVE-2026-1679: HIGH severity buffer overflow in Zephyr RTOS (all versions). Local attackers can trigger kernel memory corruption via eswifi socket offload driver. Patch ASAP, enforce access controls. Details: radar.offseq.com/threat/cve-20

##
offseq@infosec.exchange at 2026-03-28T07:30:26.000Z ##

CVE-2026-1679: HIGH severity buffer overflow in Zephyr RTOS (all versions). Local attackers can trigger kernel memory corruption via eswifi socket offload driver. Patch ASAP, enforce access controls. Details: radar.offseq.com/threat/cve-20 #OffSeq #ZephyrRTOS #IoTSecurity #CVE

##

CVE-2026-34374
(0 None)

EPSS: 0.03%

3 posts

N/A

offseq at 2026-03-28T04:30:27.079Z ##

🚨 CRITICAL: CVE-2026-34374 in WWBN AVideo ≤26.0 allows unauthenticated SQL injection via stream key lookup during RTMP authentication. No patch out yet. Restrict access, use WAFs, & monitor logs. Details: radar.offseq.com/threat/cve-20

##
offseq@infosec.exchange at 2026-03-28T04:30:27.000Z ##

🚨 CRITICAL: CVE-2026-34374 in WWBN AVideo ≤26.0 allows unauthenticated SQL injection via stream key lookup during RTMP authentication. No patch out yet. Restrict access, use WAFs, & monitor logs. Details: radar.offseq.com/threat/cve-20 #OffSeq #SQLInjection #WWBN #VideoSecurity

##
thehackerwire@mastodon.social at 2026-03-27T21:01:13.000Z ##

🔴 CVE-2026-34374 - Critical (9.1)

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `Live_schedule::keyExists()` method constructs a SQL query by interpolating a stream key directly into the query string without parameterization. This method i...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-34205
(0 None)

EPSS: 0.02%

3 posts

N/A

offseq at 2026-03-28T03:00:26.822Z ##

🚨 CVE-2026-34205 (CRITICAL): Home Assistant OS ≤17.1 apps in host network mode expose unauthenticated endpoints to local networks. Upgrade to Supervisor 2026.03.02, segment networks, and review configs now! radar.offseq.com/threat/cve-20

##
offseq@infosec.exchange at 2026-03-28T03:00:26.000Z ##

🚨 CVE-2026-34205 (CRITICAL): Home Assistant OS ≤17.1 apps in host network mode expose unauthenticated endpoints to local networks. Upgrade to Supervisor 2026.03.02, segment networks, and review configs now! radar.offseq.com/threat/cve-20 #OffSeq #HomeAssistant #IoTSecurity

##
thehackerwire@mastodon.social at 2026-03-27T21:00:20.000Z ##

🔴 CVE-2026-34205 - Critical (9.6)

Home Assistant is open source home automation software that puts local control and privacy first. Home Assistant apps (formerly add-ons) configured with host network mode expose unauthenticated endpoints bound to the internal Docker bridge interfa...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33953
(0 None)

EPSS: 0.03%

2 posts

N/A

thehackerwire@mastodon.social at 2026-03-27T22:28:11.000Z ##

🟠 CVE-2026-33953 - High (8.5)

LinkAce is a self-hosted archive to collect website links. Versions prior to 2.5.3 block direct requests to private IP literals, but still performs server-side requests to internal-only resources when those resources are referenced through an inte...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T22:28:11.000Z ##

🟠 CVE-2026-33953 - High (8.5)

LinkAce is a self-hosted archive to collect website links. Versions prior to 2.5.3 block direct requests to private IP literals, but still performs server-side requests to internal-only resources when those resources are referenced through an inte...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33955
(0 None)

EPSS: 0.06%

2 posts

N/A

thehackerwire@mastodon.social at 2026-03-27T22:17:56.000Z ##

🟠 CVE-2026-33955 - High (8.6)

Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop, a cross-site scripting vulnerability stored in the note history comparison viewer can escalate to remote code execution in a desktop application. The issue is triggered when a...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T22:17:56.000Z ##

🟠 CVE-2026-33955 - High (8.6)

Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop, a cross-site scripting vulnerability stored in the note history comparison viewer can escalate to remote code execution in a desktop application. The issue is triggered when a...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-34226
(0 None)

EPSS: 0.03%

2 posts

N/A

thehackerwire@mastodon.social at 2026-03-27T22:17:47.000Z ##

🟠 CVE-2026-34226 - High (7.5)

Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Versions prior to 20.8.9 may attach cookies from the current page origin (`window.location`) instead of the request target URL when `fetch(..., { crede...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-27T22:17:47.000Z ##

🟠 CVE-2026-34226 - High (7.5)

Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Versions prior to 20.8.9 may attach cookies from the current page origin (`window.location`) instead of the request target URL when `fetch(..., { crede...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-31943
(0 None)

EPSS: 0.03%

1 posts

N/A

thehackerwire@mastodon.social at 2026-03-27T21:01:03.000Z ##

🟠 CVE-2026-31943 - High (8.5)

LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.3, `isPrivateIP()` in `packages/api/src/auth/domain.ts` fails to detect IPv4-mapped IPv6 addresses in their hex-normalized form, allowing any authenticated user to bypass ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32748
(0 None)

EPSS: 0.98%

1 posts

N/A

thehackerwire@mastodon.social at 2026-03-27T00:00:14.000Z ##

🟠 CVE-2026-32748 - High (7.5)

Squid is a caching proxy for the Web. Prior to version 7.5, due to premature release of resource during expected lifetime and heap Use-After-Free bugs, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remot...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-22790
(0 None)

EPSS: 0.05%

1 posts

N/A

thehackerwire@mastodon.social at 2026-03-26T22:21:46.000Z ##

🟠 CVE-2026-22790 - High (8.8)

EVerest is an EV charging software stack. Prior to version 2026.02.0, `HomeplugMessage::setup_payload` trusts `len` after an `assert`; in release builds the check is removed, so oversized SLAC payloads are `memcpy`'d into a ~1497-byte stack buffer...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-22593
(0 None)

EPSS: 0.01%

1 posts

N/A

thehackerwire@mastodon.social at 2026-03-26T22:21:36.000Z ##

🟠 CVE-2026-22593 - High (8.4)

EVerest is an EV charging software stack. Prior to version 2026.02.0, an off-by-one check in IsoMux certificate filename handling causes a stack-based buffer overflow when a filename length equals `MAX_FILE_NAME_LENGTH` (100). A crafted filename i...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33416
(0 None)

EPSS: 0.05%

1 posts

N/A

thehackerwire@mastodon.social at 2026-03-26T22:15:35.000Z ##

🟠 CVE-2026-33416 - High (7.5)

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.2.1 through 1.6.55, `png_set_tRNS` and `png_set_PLTE` each alias a heap-allocated buffer betw...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33636
(0 None)

EPSS: 0.03%

1 posts

N/A

thehackerwire@mastodon.social at 2026-03-26T22:00:53.000Z ##

🟠 CVE-2026-33636 - High (7.6)

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.6.36 through 1.6.55, an out-of-bounds read and write exists in libpng's ARM/AArch64 Neon-opti...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
Visit counter For Websites