| CVE | CVSS | EPSS | Posts | Repos | Nuclei | Updated | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-3544 | 8.8 | 0.03% | 2 | 0 | 2026-03-06T00:32:36 | Heap buffer overflow in WebCodecs in Google Chrome prior to 145.0.7632.159 allow | |
| CVE-2026-3437 | 7.8 | 0.01% | 1 | 0 | 2026-03-06T00:32:32 | An Improper Restriction of Operations within the Bounds of a Memory Buffer vulne | |
| CVE-2026-22552 | 9.4 | 0.00% | 3 | 0 | 2026-03-06T00:16:10.347000 | WebSocket endpoints lack proper authentication mechanisms, enabling attackers to | |
| CVE-2026-21536 | 9.8 | 0.00% | 2 | 0 | 2026-03-05T23:16:18.447000 | Microsoft Devices Pricing Program Remote Code Execution Vulnerability | |
| CVE-2026-29054 | 7.5 | 0.00% | 2 | 0 | 2026-03-05T22:37:27 | ## Impact There is a potential vulnerability in Traefik managing the `Connectio | |
| CVE-2026-26999 | 7.5 | 0.00% | 4 | 0 | 2026-03-05T22:29:01 | ## Impact There is a potential vulnerability in Traefik managing TLS handshake | |
| CVE-2026-26022 | 8.7 | 0.00% | 2 | 0 | 2026-03-05T22:28:36 | ### Summary A Stored Cross-site Scripting (XSS) vulnerability exists in the comm | |
| CVE-2026-28474 | 9.8 | 0.00% | 2 | 0 | 2026-03-05T22:16:21.423000 | OpenClaw's Nextcloud Talk plugin versions prior to 2026.2.6 accept equality matc | |
| CVE-2026-28289 | 10.0 | 0.04% | 2 | 1 | 2026-03-05T22:16:15.213000 | FreeScout is a free help desk and shared inbox built with PHP's Laravel framewor | |
| CVE-2026-3545 | 9.6 | 0.03% | 2 | 0 | 2026-03-05T21:57:27.147000 | Insufficient data validation in Navigation in Google Chrome prior to 145.0.7632. | |
| CVE-2026-3540 | 8.8 | 0.03% | 2 | 0 | 2026-03-05T21:56:46.790000 | Inappropriate implementation in WebAudio in Google Chrome prior to 145.0.7632.15 | |
| CVE-2026-28115 | 9.3 | 0.02% | 2 | 0 | 2026-03-05T21:31:51 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2026-24457 | 9.1 | 0.00% | 2 | 0 | 2026-03-05T21:30:57 | An unsafe parsing of OpenMQ's configuration, allows a remote attacker to read ar | |
| CVE-2026-3009 | 8.1 | 0.00% | 2 | 0 | 2026-03-05T21:30:57 | A security flaw in the IdentityBrokerService.performLogin endpoint of Keycloak a | |
| CVE-2026-3459 | 8.1 | 0.00% | 2 | 0 | 2026-03-05T21:30:54 | The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is | |
| CVE-2025-40931 | 9.1 | 0.02% | 2 | 0 | 2026-03-05T21:30:39 | Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure se | |
| CVE-2026-1605 | 7.5 | 0.04% | 1 | 0 | 2026-03-05T21:28:00 | ### Description (as reported) There is a memory leak when using `GzipHandler` i | |
| CVE-2026-2835 | None | 0.05% | 1 | 0 | 2026-03-05T20:56:22 | ### Impact Pingora versions prior to 0.8.0 improperly allowed HTTP/1.0 request b | |
| CVE-2026-2833 | None | 0.05% | 1 | 0 | 2026-03-05T20:55:30 | ### Impact Pingora versions prior to 0.8.0 would immediately forward bytes follo | |
| CVE-2026-25673 | 7.5 | 0.10% | 1 | 0 | 2026-03-05T20:31:31 | An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4 | |
| CVE-2026-3047 | 8.8 | 0.00% | 2 | 0 | 2026-03-05T20:16:17.137000 | A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion | |
| CVE-2023-43000 | 8.8 | 0.05% | 8 | 0 | 2026-03-05T20:16:09.657000 | A use-after-free issue was addressed with improved memory management. This issue | |
| CVE-2023-41974 | 7.8 | 0.31% | 8 | 0 | 2026-03-05T20:16:09.293000 | A use-after-free issue was addressed with improved memory management. This issue | |
| CVE-2021-30952 | 7.8 | 0.33% | 8 | 0 | 2026-03-05T20:16:08.867000 | An integer overflow was addressed with improved input validation. This issue is | |
| CVE-2021-22681 | 9.8 | 0.18% | 6 | 0 | 2026-03-05T20:16:08.583000 | Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogi | |
| CVE-2017-7921 | 9.8 | 94.10% | 6 | 25 | template | 2026-03-05T20:16:08.180000 | An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Serie |
| CVE-2026-20101 | 8.6 | 0.10% | 2 | 0 | 2026-03-05T19:39:11.967000 | A vulnerability in the SAML 2.0 single sign-on (SSO) feature of Cisco Secure Fir | |
| CVE-2025-70219 | 9.8 | 0.02% | 2 | 0 | 2026-03-05T19:39:11.967000 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the goform/formD | |
| CVE-2026-20103 | 8.6 | 0.05% | 2 | 0 | 2026-03-05T19:39:11.967000 | A vulnerability in the Remote Access SSL VPN functionality of Cisco Secure Firew | |
| CVE-2026-20131 | 10.0 | 0.44% | 6 | 0 | 2026-03-05T19:39:11.967000 | A vulnerability in the web-based management interface of Cisco Secure Firewall M | |
| CVE-2026-0847 | 8.6 | 0.19% | 1 | 0 | 2026-03-05T19:39:11.967000 | A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file | |
| CVE-2025-70223 | 9.8 | 0.04% | 1 | 0 | 2026-03-05T19:39:11.967000 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime para | |
| CVE-2026-20100 | 7.7 | 0.15% | 2 | 0 | 2026-03-05T19:39:11.967000 | A vulnerability in the LUA interperter of the Remote Access SSL VPN feature of C | |
| CVE-2025-40926 | 9.8 | 0.02% | 2 | 0 | 2026-03-05T19:38:53.383000 | Plack::Middleware::Session::Simple versions through 0.04 for Perl generates sess | |
| CVE-2025-70222 | 9.8 | 0.02% | 2 | 0 | 2026-03-05T19:38:53.383000 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime para | |
| CVE-2025-68553 | 9.9 | 0.02% | 2 | 0 | 2026-03-05T19:38:53.383000 | Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Lend | |
| CVE-2025-54001 | 9.8 | 0.02% | 2 | 0 | 2026-03-05T19:38:53.383000 | Deserialization of Untrusted Data vulnerability in ThemeREX Classter classter al | |
| CVE-2025-69340 | 7.5 | 0.02% | 2 | 0 | 2026-03-05T19:38:53.383000 | Missing Authorization vulnerability in BuddhaThemes WeDesignTech Ultimate Bookin | |
| CVE-2026-27803 | 8.3 | 0.04% | 2 | 0 | 2026-03-05T19:38:53.383000 | Vaultwarden is an unofficial Bitwarden compatible server written in Rust, former | |
| CVE-2026-27802 | 8.3 | 0.04% | 1 | 0 | 2026-03-05T19:38:53.383000 | Vaultwarden is an unofficial Bitwarden compatible server written in Rust, former | |
| CVE-2026-25921 | 9.3 | 0.00% | 2 | 0 | 2026-03-05T19:38:33.877000 | Gogs is an open source self-hosted Git service. Prior to version 0.14.2, overwri | |
| CVE-2026-27944 | 9.8 | 0.00% | 4 | 0 | 2026-03-05T19:38:33.877000 | Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3. | |
| CVE-2026-28119 | 8.1 | 0.05% | 2 | 0 | 2026-03-05T19:38:33.877000 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP | |
| CVE-2026-28124 | 8.1 | 0.05% | 2 | 0 | 2026-03-05T19:38:33.877000 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP | |
| CVE-2026-28129 | 8.1 | 0.05% | 2 | 0 | 2026-03-05T19:38:33.877000 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP | |
| CVE-2026-28128 | 8.1 | 0.05% | 2 | 0 | 2026-03-05T19:38:33.877000 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP | |
| CVE-2026-28125 | 8.1 | 0.05% | 2 | 0 | 2026-03-05T19:38:33.877000 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP | |
| CVE-2026-28134 | 8.5 | 0.03% | 2 | 0 | 2026-03-05T19:38:33.877000 | Improper Control of Generation of Code ('Code Injection') vulnerability in Croco | |
| CVE-2026-1720 | 8.8 | 0.00% | 2 | 0 | 2026-03-05T19:38:33.877000 | The WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead | |
| CVE-2026-2599 | 9.8 | 0.00% | 2 | 1 | 2026-03-05T19:38:33.877000 | The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress i | |
| CVE-2026-29053 | 7.6 | 0.05% | 1 | 0 | 2026-03-05T19:38:33.877000 | Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, spec | |
| CVE-2026-1678 | 9.4 | 0.04% | 1 | 0 | 2026-03-05T19:38:33.877000 | dns_unpack_name() caches the buffer tailroom once and reuses it while appending | |
| CVE-2025-70226 | 9.8 | 0.02% | 2 | 0 | 2026-03-05T18:32:44 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime para | |
| CVE-2025-70225 | 9.8 | 0.02% | 2 | 0 | 2026-03-05T18:32:44 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curtime para | |
| CVE-2025-66944 | 9.8 | 0.04% | 2 | 0 | 2026-03-05T18:32:43 | SQL Injection vulnerability in vran-dev databaseir v.1.0.7 and before allows a r | |
| CVE-2025-70218 | 9.8 | 0.02% | 2 | 0 | 2026-03-05T18:32:43 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via POST to the gofo | |
| CVE-2025-46108 | 9.8 | 0.02% | 2 | 0 | 2026-03-05T18:32:43 | D-link Dir-513 A1FW110 is vulnerable to Buffer Overflow in the function formTcpi | |
| CVE-2025-70221 | 9.8 | 0.02% | 2 | 0 | 2026-03-05T18:32:43 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime para | |
| CVE-2025-69338 | 9.3 | 0.02% | 2 | 0 | 2026-03-05T18:32:43 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2025-68555 | 10.0 | 0.02% | 2 | 0 | 2026-03-05T18:32:43 | Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Nutr | |
| CVE-2026-28117 | 8.1 | 0.05% | 2 | 0 | 2026-03-05T18:32:43 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP | |
| CVE-2026-22891 | 9.8 | 0.10% | 1 | 0 | 2026-03-05T18:15:20.593000 | A heap-based buffer overflow vulnerability exists in the Intan CLP parsing funct | |
| CVE-2026-26478 | 9.8 | 0.39% | 1 | 0 | 2026-03-05T18:13:33.993000 | A shell command injection vulnerability in Mobvoi Tichome Mini smart speaker 012 | |
| CVE-2026-26673 | 7.5 | 0.11% | 2 | 0 | 2026-03-05T18:05:02.300000 | An issue in DJI Mavic Mini, Spark, Mavic Air, Mini, Mini SE 0.1.00.0500 and belo | |
| CVE-2026-27971 | 9.8 | 0.06% | 1 | 0 | 2026-03-05T17:57:37.233000 | Qwik is a performance focused javascript framework. qwik <=1.19.0 is vulnerable | |
| CVE-2026-24113 | 9.8 | 0.04% | 1 | 0 | 2026-03-05T16:16:15.673000 | An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit t | |
| CVE-2025-59786 | 9.8 | 0.04% | 2 | 0 | 2026-03-05T15:31:38 | 2N Access Commander version 3.4.2 and prior improperly invalidates session token | |
| CVE-2025-69411 | 7.5 | 0.02% | 2 | 0 | 2026-03-05T15:30:36 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') v | |
| CVE-2026-28121 | 8.1 | 0.05% | 2 | 0 | 2026-03-05T15:30:36 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP | |
| CVE-2026-28123 | 8.1 | 0.05% | 2 | 0 | 2026-03-05T15:30:36 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP | |
| CVE-2026-29045 | 7.5 | 0.03% | 1 | 0 | 2026-03-05T15:26:34 | ## Summary When using `serveStatic` together with route-based middleware protec | |
| CVE-2025-66678 | 9.8 | 0.02% | 2 | 1 | 2026-03-05T15:16:10.817000 | An issue in the HwRwDrv.sys component of Nil Hardware Editor Hardware Read & Wri | |
| CVE-2026-3204 | 9.8 | 0.04% | 1 | 0 | 2026-03-05T15:04:34.670000 | Improper input validation in the error message page in Devolutions Server 2025. | |
| CVE-2026-2590 | 9.8 | 0.01% | 2 | 0 | 2026-03-05T15:01:54.737000 | Improper enforcement of the Disable password saving in vaults setting in the c | |
| CVE-2026-21628 | None | 0.21% | 1 | 0 | 2026-03-05T12:30:36 | A improperly secured file management feature allows uploads of dangerous data ty | |
| CVE-2026-1321 | 8.1 | 0.07% | 1 | 0 | 2026-03-05T09:30:40 | The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to P | |
| CVE-2026-28536 | 9.7 | 0.01% | 2 | 0 | 2026-03-05T09:30:40 | Authentication bypass vulnerability in the device authentication module. Impact: | |
| CVE-2026-29127 | None | 0.01% | 1 | 0 | 2026-03-05T06:31:28 | The IDC SFX2100 Satellite Receiver sets overly permissive file system permission | |
| CVE-2026-29128 | None | 0.01% | 1 | 0 | 2026-03-05T06:30:38 | IDC SFX2100 Satellite Receiver firmware ships with multiple daemon configuration | |
| CVE-2026-29120 | 0 | 0.01% | 1 | 0 | 2026-03-05T06:16:50.720000 | The /root/anaconda-ks.cfg installation configuration file in International Datac | |
| CVE-2026-26034 | 7.8 | 0.02% | 1 | 0 | 2026-03-05T03:31:34 | UPS Multi-UPS Management Console (MUMC) version 01.06.0001 (A03) contains an Inc | |
| CVE-2026-29000 | 10.0 | 0.24% | 5 | 1 | 2026-03-05T00:31:17 | pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an authentication by | |
| CVE-2026-24848 | 9.9 | 0.21% | 1 | 0 | 2026-03-04T21:58:33.060000 | OpenEMR is a free and open source electronic health records and medical practice | |
| CVE-2026-24898 | 10.0 | 0.19% | 1 | 0 | 2026-03-04T21:57:13.603000 | OpenEMR is a free and open source electronic health records and medical practice | |
| CVE-2026-25146 | 9.6 | 0.04% | 1 | 0 | 2026-03-04T21:56:00.543000 | OpenEMR is a free and open source electronic health records and medical practice | |
| CVE-2025-70236 | 9.8 | 0.05% | 1 | 0 | 2026-03-04T21:33:52 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime para | |
| CVE-2026-3539 | 8.8 | 0.01% | 1 | 0 | 2026-03-04T21:32:57 | Object lifecycle issue in DevTools in Google Chrome prior to 145.0.7632.159 allo | |
| CVE-2025-70220 | 9.8 | 0.04% | 1 | 0 | 2026-03-04T21:32:45 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime para | |
| CVE-2026-20122 | 5.4 | 0.04% | 2 | 0 | 2026-03-04T21:25:22.193000 | A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authe | |
| CVE-2025-70241 | 9.8 | 0.06% | 1 | 0 | 2026-03-04T21:16:03.260000 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime para | |
| CVE-2025-70239 | 9.8 | 0.06% | 1 | 0 | 2026-03-04T21:16:03.077000 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime para | |
| CVE-2026-2256 | 6.5 | 1.80% | 1 | 1 | 2026-03-04T21:14:09 | A Command Injection vulnerability in ModelScope's MS-Agent versions v1.6.0rc1 an | |
| CVE-2026-3130 | 9.8 | 0.02% | 1 | 0 | 2026-03-04T20:36:33.843000 | Improper Enforcement of Behavioral Controls in Devolutions Server 2025.3.15 and | |
| CVE-2026-28518 | 7.8 | 0.01% | 1 | 0 | 2026-03-04T20:25:41 | OpenViking versions 0.2.1 and prior, fixed in commit 46b3e76, contain a path tra | |
| CVE-2025-59059 | 9.8 | 0.29% | 2 | 0 | 2026-03-04T20:17:03 | Remote Code Execution Vulnerability in NashornScriptEngineCreator is reported in | |
| CVE-2026-28697 | None | 0.28% | 2 | 0 | 2026-03-04T18:39:04 | ## Summary An authenticated administrator can achieve Remote Code Execution (RC | |
| CVE-2026-2025 | 7.5 | 0.02% | 1 | 9 | 2026-03-04T18:32:57 | The Mail Mint WordPress plugin before 1.19.5 does not have authorization in one | |
| CVE-2025-70341 | 7.8 | 0.02% | 2 | 1 | 2026-03-04T18:32:57 | Insecure permissions in App-Auto-Patch v3.4.2 create a race condition which allo | |
| CVE-2026-20079 | 10.0 | 0.18% | 6 | 1 | 2026-03-04T18:32:03 | A vulnerability in the web interface of Cisco Secure Firewall Management Center | |
| CVE-2026-20049 | 7.7 | 0.14% | 2 | 0 | 2026-03-04T18:32:03 | A vulnerability in the processing of Galois/Counter Mode (GCM)-encrypted Interne | |
| CVE-2026-20105 | 7.7 | 0.08% | 1 | 0 | 2026-03-04T18:32:03 | A vulnerability in the Remote Access SSL VPN functionality of Cisco Secure Firew | |
| CVE-2026-20082 | 8.6 | 0.11% | 2 | 0 | 2026-03-04T18:32:02 | A vulnerability in the handling of the embryonic connection limits in Cisco Secu | |
| CVE-2026-20002 | 8.1 | 0.03% | 2 | 0 | 2026-03-04T18:32:02 | A vulnerability in the web-based management interface of Cisco Secure FMC Softwa | |
| CVE-2026-20039 | 8.6 | 0.12% | 2 | 0 | 2026-03-04T18:32:02 | A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security | |
| CVE-2026-20014 | 7.7 | 0.14% | 1 | 0 | 2026-03-04T18:32:02 | A vulnerability in the IKEv2 feature of Cisco Secure Firewall ASA Software and C | |
| CVE-2026-26514 | 7.5 | 0.12% | 2 | 0 | 2026-03-04T18:32:02 | An Argument Injection vulnerability exists in bird-lg-go before commit 6187a4e. | |
| CVE-2025-70237 | 9.8 | 0.06% | 1 | 0 | 2026-03-04T18:31:51 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime para | |
| CVE-2025-70240 | 9.8 | 0.06% | 1 | 0 | 2026-03-04T18:31:51 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime para | |
| CVE-2025-70234 | 9.8 | 0.06% | 1 | 0 | 2026-03-04T18:31:51 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime para | |
| CVE-2026-21385 | 7.8 | 0.34% | 6 | 1 | 2026-03-04T18:13:00.207000 | Memory corruption while using alignments for memory allocation. | |
| CVE-2025-66945 | 9.1 | 0.12% | 1 | 0 | 2026-03-04T17:50:01.217000 | A path traversal vulnerability exists in the ZIP extraction API of Zdir Pro 4.x. | |
| CVE-2025-62814 | 7.5 | 0.04% | 1 | 0 | 2026-03-04T17:40:21.317000 | An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 148 | |
| CVE-2026-3224 | 9.8 | 0.05% | 3 | 1 | 2026-03-04T15:31:42 | Authentication bypass in the Microsoft Entra ID (Azure AD) authentication mode i | |
| CVE-2025-66363 | 7.5 | 0.04% | 1 | 0 | 2026-03-04T15:31:37 | An issue was discovered in LBS in Samsung Mobile Processor Exynos 2200. There wa | |
| CVE-2026-22719 | 8.1 | 7.35% | 6 | 0 | 2026-03-04T15:08:13.743000 | VMware Aria Operations contains a command injection vulnerability. A malicious u | |
| CVE-2026-3485 | 9.8 | 0.33% | 2 | 0 | 2026-03-04T14:07:42.520000 | A flaw has been found in D-Link DIR-868L 110b03. This affects the function sub_1 | |
| CVE-2026-3094 | 7.8 | 0.01% | 1 | 0 | 2026-03-04T09:31:14 | Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. | |
| CVE-2026-27932 | 7.5 | 0.03% | 1 | 0 | 2026-03-04T02:00:50 | # Summary A resource exhaustion vulnerability in joserfc allows an unauthentic | |
| CVE-2026-26279 | 9.1 | 0.23% | 1 | 0 | 2026-03-04T02:00:01 | ## Summary A typo in Froxlor's input validation code (`==` instead of `=`) comp | |
| CVE-2025-52365 | 7.8 | 0.09% | 1 | 0 | 2026-03-03T21:52:29.877000 | A command injection vulnerability in the szc script of the ccurtsinger/stabilize | |
| CVE-2025-69765 | 7.5 | 0.25% | 1 | 0 | 2026-03-03T21:32:19 | Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formGetIptv functio | |
| CVE-2026-0032 | 7.8 | 0.01% | 2 | 0 | 2026-03-03T21:32:19 | In multiple functions of mem_protect.c, there is a possible out-of-bounds write | |
| CVE-2026-24502 | 8.8 | 0.01% | 1 | 0 | 2026-03-03T21:31:24 | Dell Command | Intel vPro Out of Band, versions prior to 4.7.0, contain an Uncon | |
| CVE-2025-70252 | 7.5 | 0.04% | 1 | 0 | 2026-03-03T20:16:44.803000 | An issue was discovered in /goform/WifiWpsStart in Tenda AC6V2.0 V15.03.06.23_mu | |
| CVE-2026-0029 | 8.4 | 0.01% | 1 | 0 | 2026-03-03T19:39:28.533000 | In __pkvm_init_vm of pkvm.c, there is a possible memory corruption due to a logi | |
| CVE-2025-48645 | 7.8 | 0.01% | 1 | 0 | 2026-03-03T19:23:29.340000 | In loadDescription of DeviceAdminInfo.java, there is a possible persistent packa | |
| CVE-2026-28399 | 8.8 | 0.05% | 1 | 0 | 2026-03-03T19:02:04.290000 | NocoDB is software for building databases as spreadsheets. Prior to version 0.30 | |
| CVE-2025-50199 | 9.1 | 0.05% | 1 | 0 | 2026-03-03T18:47:26.910000 | Chamilo is a learning management system. Prior to version 1.11.30, there is a bl | |
| CVE-2026-0017 | 7.7 | 0.01% | 1 | 0 | 2026-03-03T18:40:59.027000 | In onChange of BiometricService.java, there is a possible way to enable fingerpr | |
| CVE-2026-24112 | 9.8 | 0.04% | 1 | 0 | 2026-03-03T18:32:36 | An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit t | |
| CVE-2025-48605 | 8.4 | 0.01% | 1 | 0 | 2026-03-03T18:32:35 | In multiple functions of KeyguardViewMediator.java, there is a possible lockscre | |
| CVE-2025-48654 | 7.8 | 0.01% | 1 | 0 | 2026-03-03T18:32:35 | In onStart of CompanionDeviceManagerService.java, there is a possible confused d | |
| CVE-2025-48635 | 7.7 | 0.01% | 1 | 0 | 2026-03-03T18:32:34 | In multiple functions of TaskFragmentOrganizerController.java, there is a possib | |
| CVE-2026-20777 | 8.1 | 0.10% | 1 | 0 | 2026-03-03T18:31:33 | A heap-based buffer overflow vulnerability exists in the Nicolet WFT parsing fun | |
| CVE-2025-48613 | 7.8 | 0.01% | 1 | 0 | 2026-03-03T18:31:32 | In VBMeta, there is a possible way to modify and resign VBMeta using a test key, | |
| CVE-2026-0011 | 8.4 | 0.01% | 1 | 0 | 2026-03-03T18:31:32 | In enableSystemPackageLPw of Settings.java, there is a possible way to prevent l | |
| CVE-2025-48653 | 7.8 | 0.01% | 1 | 0 | 2026-03-03T18:31:32 | In loadDataAndPostValue of multiple files, there is a possible way to obscure pe | |
| CVE-2026-24115 | 9.8 | 0.04% | 1 | 0 | 2026-03-03T18:31:31 | An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the | |
| CVE-2025-48602 | 8.4 | 0.01% | 1 | 0 | 2026-03-03T18:31:31 | In exitKeyguardAndFinishSurfaceBehindRemoteAnimation of KeyguardViewMediator.jav | |
| CVE-2026-24114 | 9.8 | 0.04% | 1 | 0 | 2026-03-03T18:31:30 | An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate `pP | |
| CVE-2026-24111 | 9.8 | 0.04% | 1 | 0 | 2026-03-03T18:31:29 | An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit t | |
| CVE-2026-24109 | 9.8 | 0.04% | 1 | 0 | 2026-03-03T18:31:29 | An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit t | |
| CVE-2025-48609 | 9.1 | 0.04% | 1 | 0 | 2026-03-03T18:13:43.183000 | In multiple functions of MmsProvider.java, there is a possible way to arbitraril | |
| CVE-2025-48619 | 8.4 | 0.01% | 1 | 0 | 2026-03-03T18:13:02.407000 | In multiple functions of ContentProvider.java, there is a possible way for an ap | |
| CVE-2026-27012 | 9.8 | 0.03% | 2 | 0 | 2026-03-03T17:43:50 | ### Summary A privilege escalation and authentication bypass vulnerability in Op | |
| CVE-2026-0010 | 8.4 | 0.01% | 1 | 0 | 2026-03-03T16:16:19.067000 | In onTransact of IDrmManagerService.cpp, there is a possible out of bounds write | |
| CVE-2026-0025 | 7.8 | 0.01% | 2 | 0 | 2026-03-03T15:31:40 | In hasImage of Notification.java, there is a possible way to reveal information | |
| CVE-2026-21902 | 9.8 | 0.28% | 5 | 1 | 2026-03-03T15:31:37 | An Incorrect Permission Assignment for Critical Resource vulnerability in the On | |
| CVE-2026-20423 | 7.1 | 0.01% | 1 | 0 | 2026-03-03T15:31:36 | In wlan STA driver, there is a possible out of bounds write due to a missing bou | |
| CVE-2026-24105 | 9.8 | 0.29% | 1 | 0 | 2026-03-03T15:16:18.907000 | An issue was discovered in goform/formsetUsbUnload in Tenda AC15V1.0 V15.03.05.1 | |
| CVE-2026-1492 | 9.8 | 0.07% | 3 | 0 | 2026-03-03T06:31:14 | The User Registration & Membership – Custom Registration Form Builder, Custom Lo | |
| CVE-2026-23600 | None | 0.20% | 1 | 0 | 2026-03-02T15:31:31 | A remote authentication bypass vulnerability exists in HPE AutoPass License S | |
| CVE-2026-27884 | 5.3 | 0.03% | 2 | 0 | 2026-02-27T14:06:59.787000 | NetExec is a network execution tool. Prior to version 1.5.1, the module spider_p | |
| CVE-2026-3102 | 6.3 | 0.20% | 2 | 0 | 2026-02-26T21:32:34 | A vulnerability was determined in exiftool up to 13.49 on macOS. This issue affe | |
| CVE-2026-2781 | 9.8 | 0.04% | 1 | 0 | 2026-02-26T21:28:58.090000 | Integer overflow in the Libraries component in NSS. This vulnerability affects F | |
| CVE-2026-20127 | 10.0 | 2.60% | 3 | 4 | 2026-02-26T16:20:02.187000 | A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controlle | |
| CVE-2026-27636 | 8.8 | 0.34% | 1 | 1 | 2026-02-26T16:07:11.047000 | FreeScout is a free help desk and shared inbox built with PHP's Laravel framewor | |
| CVE-2026-20128 | 7.6 | 0.02% | 2 | 0 | 2026-02-25T18:31:45 | A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD- | |
| CVE-2026-20126 | 8.8 | 0.04% | 2 | 0 | 2026-02-25T18:31:44 | A vulnerability in Cisco Catalyst SD-WAN Manager could allow an authenticated, l | |
| CVE-2026-24061 | 9.8 | 81.03% | 1 | 63 | template | 2026-02-11T15:40:42.937000 | telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a " |
| CVE-2026-21524 | 7.4 | 0.06% | 1 | 0 | 2026-01-23T00:31:24 | Exposure of sensitive information to an unauthorized actor in Azure Data Explore | |
| CVE-2025-38617 | 4.7 | 0.00% | 2 | 0 | 2026-01-07T18:30:21 | In the Linux kernel, the following vulnerability has been resolved: net/packet: | |
| CVE-2025-14500 | 9.8 | 1.29% | 2 | 0 | 2025-12-29T15:58:56.260000 | IceWarp14 X-File-Operation Command Injection Remote Code Execution Vulnerability | |
| CVE-2025-59718 | 9.8 | 1.97% | 1 | 2 | 2025-12-16T21:30:51 | A improper verification of cryptographic signature vulnerability in Fortinet For | |
| CVE-2025-23299 | 6.7 | 0.02% | 1 | 0 | 2025-10-22T18:30:45 | NVIDIA Bluefield and ConnectX contain a vulnerability in the management interfac | |
| CVE-2025-0282 | 9.1 | 94.19% | 2 | 10 | template | 2025-10-22T00:34:17 | A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, |
| CVE-2025-55315 | 9.9 | 0.36% | 1 | 7 | 2025-10-21T21:04:55 | # Microsoft Security Advisory CVE-2025-55315: .NET Security Feature Bypass Vulne | |
| CVE-2025-59536 | None | 0.04% | 2 | 0 | 2025-10-03T14:16:36 | Due to a bug in the startup trust dialog implementation, Claude Code could be tr | |
| CVE-2026-28435 | 0 | 0.04% | 1 | 0 | N/A | ||
| CVE-2025-69969 | 0 | 0.03% | 1 | 0 | N/A | ||
| CVE-2025-50192 | 0 | 0.03% | 1 | 0 | N/A | ||
| CVE-2025-50190 | 0 | 0.03% | 1 | 0 | N/A | ||
| CVE-2025-50189 | 0 | 0.06% | 1 | 0 | N/A | ||
| CVE-2026-26266 | 0 | 0.03% | 1 | 0 | N/A | ||
| CVE-2025-52998 | 0 | 0.10% | 1 | 0 | N/A | ||
| CVE-2026-27826 | 0 | 0.00% | 1 | 1 | N/A | ||
| CVE-2026-27825 | 0 | 0.00% | 1 | 1 | N/A |
updated 2026-03-06T00:32:36
2 posts
🟠 CVE-2026-3544 - High (8.8)
Heap buffer overflow in WebCodecs in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3544/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-3544 - High (8.8)
Heap buffer overflow in WebCodecs in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3544/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-06T00:32:32
1 posts
🚨 CVE-2026-3437 (CRITICAL, CVSS 9.3): Portwell Engineering Toolkits 4.8.2 lets local users escalate privileges or trigger DoS via memory access in driver. No patch yet — restrict local access, audit users, monitor! https://radar.offseq.com/threat/cve-2026-3437-cwe-119-improper-restriction-of-oper-291f400a #OffSeq #Vulnerability #ICS #InfoSec
##updated 2026-03-06T00:16:10.347000
3 posts
⚠️ CRITICAL vuln in ePower epower.ie (all versions): Unauthenticated OCPP WebSocket endpoints allow station impersonation & backend manipulation. Privilege escalation risk is HIGH — patch or mitigate now! CVE-2026-22552 https://radar.offseq.com/threat/cve-2026-22552-cwe-306-in-epower-epowerie-1e2e527e #OffSeq #Vulnerability #EVCharging
##⚠️ CRITICAL vuln in ePower epower.ie (all versions): Unauthenticated OCPP WebSocket endpoints allow station impersonation & backend manipulation. Privilege escalation risk is HIGH — patch or mitigate now! CVE-2026-22552 https://radar.offseq.com/threat/cve-2026-22552-cwe-306-in-epower-epowerie-1e2e527e #OffSeq #Vulnerability #EVCharging
##CISA warns of multiple vulnerabilities in ePower EV charging stations
CISA warns of multiple vulnerabilities in ePower charging stations, including a critical authentication bypass (CVE-2026-22552), that allow unauthenticated attackers to hijack EV infrastructure and disrupt services.
**Make sure your ePower charging station is isolated from the internet and behind a firewall or VPN. Since the vendor has not released a patch that's your only defense until the vendor does something or you replace these systems.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/cisa-warns-of-multiple-vulnerabilities-in-epower-ev-charging-stations-f-j-9-6-s/gD2P6Ple2L
updated 2026-03-05T23:16:18.447000
2 posts
⚠️ CVE-2026-21536 (CRITICAL, CVSS 9.8): RCE in Microsoft Devices Pricing Program via unrestricted file upload (CWE-434). No patch — restrict uploads, monitor endpoints. High risk for enterprise. https://radar.offseq.com/threat/cve-2026-21536-cwe-434-unrestricted-upload-of-file-3dbf1775 #OffSeq #Microsoft #Vuln #RCE
##⚠️ CVE-2026-21536 (CRITICAL, CVSS 9.8): RCE in Microsoft Devices Pricing Program via unrestricted file upload (CWE-434). No patch — restrict uploads, monitor endpoints. High risk for enterprise. https://radar.offseq.com/threat/cve-2026-21536-cwe-434-unrestricted-upload-of-file-3dbf1775 #OffSeq #Microsoft #Vuln #RCE
##updated 2026-03-05T22:37:27
2 posts
🟠 CVE-2026-29054 - High (7.5)
Traefik is an HTTP reverse proxy and load balancer. From version 2.11.9 to 2.11.37 and from version 3.1.3 to 3.6.8, there is a potential vulnerability in Traefik managing the Connection header with X-Forwarded headers. When Traefik processes HTTP/...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-29054/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-29054 - High (7.5)
Traefik is an HTTP reverse proxy and load balancer. From version 2.11.9 to 2.11.37 and from version 3.1.3 to 3.6.8, there is a potential vulnerability in Traefik managing the Connection header with X-Forwarded headers. When Traefik processes HTTP/...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-29054/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-05T22:29:01
4 posts
🟠 CVE-2026-26999 - High (7.5)
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.38 and 3.6.9, there is a potential vulnerability in Traefik managing TLS handshake on TCP routers. When Traefik processes a TLS connection on a TCP router, the read deadlin...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26999/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26999 - High (7.5)
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.38 and 3.6.9, there is a potential vulnerability in Traefik managing TLS handshake on TCP routers. When Traefik processes a TLS connection on a TCP router, the read deadlin...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26999/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26999 - High (7.5)
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.38 and 3.6.9, there is a potential vulnerability in Traefik managing TLS handshake on TCP routers. When Traefik processes a TLS connection on a TCP router, the read deadlin...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26999/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26999 - High (7.5)
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.38 and 3.6.9, there is a potential vulnerability in Traefik managing TLS handshake on TCP routers. When Traefik processes a TLS connection on a TCP router, the read deadlin...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26999/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-05T22:28:36
2 posts
🟠 CVE-2026-26022 - High (8.7)
Gogs is an open source self-hosted Git service. Prior to version 0.14.2, a stored cross-site scripting (XSS) vulnerability exists in the comment and issue description functionality. The application's HTML sanitizer explicitly allows data: URI sche...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26022/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26022 - High (8.7)
Gogs is an open source self-hosted Git service. Prior to version 0.14.2, a stored cross-site scripting (XSS) vulnerability exists in the comment and issue description functionality. The application's HTML sanitizer explicitly allows data: URI sche...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26022/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-05T22:16:21.423000
2 posts
⚠️ CRITICAL: CVE-2026-28474 in OpenClaw nextcloud-talk (pre-2026.2.6) lets attackers bypass allowlists by matching display names. No auth needed — patch now! Details: https://radar.offseq.com/threat/cve-2026-28474-incorrect-authorization-in-openclaw-da9baab9 #OffSeq #Vulnerability #Nextcloud #Security
##⚠️ CRITICAL: CVE-2026-28474 in OpenClaw nextcloud-talk (pre-2026.2.6) lets attackers bypass allowlists by matching display names. No auth needed — patch now! Details: https://radar.offseq.com/threat/cve-2026-28474-incorrect-authorization-in-openclaw-da9baab9 #OffSeq #Vulnerability #Nextcloud #Security
##updated 2026-03-05T22:16:15.213000
2 posts
1 repos
🔴 CVE-2026-28289 - Critical (10)
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. A patch bypass vulnerability for CVE-2026-27636 in FreeScout 1.8.206 and earlier allows any authenticated user with file upload permissions to achieve Remote Code E...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28289/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CRITICAL: CVE-2026-28289 in FreeScout <1.8.207 allows RCE via file upload bypass (zero-width space in .htaccess). Authenticated users can compromise servers. Patch to 1.8.207+ ASAP! https://radar.offseq.com/threat/cve-2026-28289-cwe-434-unrestricted-upload-of-file-e2a6fd58 #OffSeq #FreeScout #Vuln #RCE
##updated 2026-03-05T21:57:27.147000
2 posts
🔴 CVE-2026-3545 - Critical (9.6)
Insufficient data validation in Navigation in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3545/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-3545 - Critical (9.6)
Insufficient data validation in Navigation in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3545/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-05T21:56:46.790000
2 posts
🟠 CVE-2026-3540 - High (8.8)
Inappropriate implementation in WebAudio in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3540/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-3540 - High (8.8)
Inappropriate implementation in WebAudio in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3540/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-05T21:31:51
2 posts
🔴 CVE-2026-28115 - Critical (9.3)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in loopus WP Attractive Donations System - Easy Stripe & Paypal donations WP_AttractiveDonationsSystem allows Blind SQL Injection.This issue affects...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28115/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-28115 - Critical (9.3)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in loopus WP Attractive Donations System - Easy Stripe & Paypal donations WP_AttractiveDonationsSystem allows Blind SQL Injection.This issue affects...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28115/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-05T21:30:57
2 posts
🔴 CVE-2026-24457 - Critical (9.1)
An unsafe parsing of OpenMQ's configuration, allows a remote attacker to read arbitrary files from a MQ Broker's server. A full exploitation could read unauthorized files of the OpenMQ’s host OS. In some scenarios RCE could be achieved.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24457/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-24457 - Critical (9.1)
An unsafe parsing of OpenMQ's configuration, allows a remote attacker to read arbitrary files from a MQ Broker's server. A full exploitation could read unauthorized files of the OpenMQ’s host OS. In some scenarios RCE could be achieved.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24457/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-05T21:30:57
2 posts
🟠 CVE-2026-3009 - High (8.1)
A security flaw in the IdentityBrokerService.performLogin endpoint of Keycloak allows authentication to proceed using an Identity Provider (IdP) even after it has been disabled by an administrator. An attacker who knows the IdP alias can reuse a p...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3009/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-3009 - High (8.1)
A security flaw in the IdentityBrokerService.performLogin endpoint of Keycloak allows authentication to proceed using an Identity Provider (IdP) even after it has been disabled by an administrator. An attacker who knows the IdP alias can reuse a p...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3009/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-05T21:30:54
2 posts
🟠 CVE-2026-3459 - High (8.1)
The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'dnd_upload_cf7_upload' function in versions up to, and including, 1.3.7.3. This m...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3459/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-3459 - High (8.1)
The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'dnd_upload_cf7_upload' function in versions up to, and including, 1.3.7.3. This m...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3459/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-05T21:30:39
2 posts
🔴 CVE-2025-40931 - Critical (9.1)
Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id.
Apache::Session::Generate::MD5 generates session ids insecurely. The default session id generator returns a MD5 hash seeded with the built-in rand() functio...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-40931/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-40931 - Critical (9.1)
Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id.
Apache::Session::Generate::MD5 generates session ids insecurely. The default session id generator returns a MD5 hash seeded with the built-in rand() functio...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-40931/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-05T21:28:00
1 posts
🟠 CVE-2026-1605 - High (7.5)
In Eclipse Jetty, versions 12.0.0-12.0.31 and 12.1.0-12.0.5, class GzipHandler exposes a vulnerability when a compressed HTTP request, with Content-Encoding: gzip, is processed and the corresponding response is not compressed.
This happens becau...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1605/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-05T20:56:22
1 posts
🚨 CRITICAL: CVE-2026-2835 in Cloudflare Pingora enables HTTP request smuggling via improper HTTP/1.0 and Transfer-Encoding handling. Impacts standalone Pingora. Upgrade to v0.8.0+ ASAP! https://radar.offseq.com/threat/cve-2026-2835-cwe-444-inconsistent-interpretation--a3f6db67 #OffSeq #Cloudflare #HTTPsmuggling #infosec
##updated 2026-03-05T20:55:30
1 posts
⚠️ CRITICAL: CVE-2026-2833 in Cloudflare Pingora enables HTTP request smuggling — attackers can bypass proxy ACLs/WAFs, poison caches, and hijack sessions. Upgrade to v0.8.0+ or filter Upgrade headers. More info: https://radar.offseq.com/threat/cve-2026-2833-cwe-444-inconsistent-interpretation--c3ebdcf0 #OffSeq #Pingora #Vuln
##updated 2026-03-05T20:31:31
1 posts
🟠 CVE-2026-25673 - High (7.5)
An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29.
`URLField.to_python()` in Django calls `urllib.parse.urlsplit()`, which performs NFKC normalization on Windows that is disproportionately slow for certain Unico...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25673/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-05T20:16:17.137000
2 posts
🟠 CVE-2026-3047 - High (8.8)
A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language (SAML) client is configured as an Identity Provider (IdP)-initiated broker landing target, it can still complete the login process and establish a Sin...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3047/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-3047 - High (8.8)
A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language (SAML) client is configured as an Identity Provider (IdP)-initiated broker landing target, it can still complete the login process and establish a Sin...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3047/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-05T20:16:09.657000
8 posts
🚨 [CISA-2026:0305] CISA Adds 5 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0305)
CISA has added 5 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2017-7921 (https://secdb.nttzen.cloud/cve/detail/CVE-2017-7921)
- Name: Hikvision Multiple Products Improper Authentication Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Hikvision
- Product: Multiple Products
- Notes: https://www.hikvision.com/us-en/support/document-center/special-notices/privilege-escalating-vulnerability-in-certain-hikvision-ip-cameras/ ; https://nvd.nist.gov/vuln/detail/CVE-2017-7921
⚠️ CVE-2021-22681 (https://secdb.nttzen.cloud/cve/detail/CVE-2021-22681)
- Name: Rockwell Multiple Products Insufficient Protected Credentials Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Rockwell
- Product: Multiple Products
- Notes: https://support.rockwellautomation.com/app/answers/answer_view/a_id/1130301/~/cve-2021-22681%3A-authentication-bypass-vulnerability-found-in-logix-controllers- ; https://www.cisa.gov/news-events/ics-advisories/icsa-21-056-03 ; https://nvd.nist.gov/vuln/detail/CVE-2021-22681
⚠️ CVE-2021-30952 (https://secdb.nttzen.cloud/cve/detail/CVE-2021-30952)
- Name: Apple Multiple Products Integer Overflow or Wraparound Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: Multiple Products
- Notes: https://support.apple.com/en-us/HT212975 ; https://support.apple.com/en-us/HT212976 ; https://support.apple.com/en-us/HT212978 ; https://support.apple.com/en-us/HT212980 ; https://support.apple.com/en-us/HT212982 ; https://nvd.nist.gov/vuln/detail/CVE-2021-30952
⚠️ CVE-2023-41974 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-41974)
- Name: Apple iOS and iPadOS Use-After-Free Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: iOS and iPadOS
- Notes: https://support.apple.com/en-us/HT213938 ; https://support.apple.com/kb/HT213938 ; https://nvd.nist.gov/vuln/detail/CVE-2023-41974
⚠️ CVE-2023-43000 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-43000)
- Name: Apple Multiple products Use-After-Free Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: Multiple Products
- Notes: https://support.apple.com/en-us/120324 ; https://support.apple.com/en-us/120331 ; https://support.apple.com/en-us/120338 ; https://nvd.nist.gov/vuln/detail/CVE-2023-43000
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260305 #cisa20260305 #cve_2017_7921 #cve_2021_22681 #cve_2021_30952 #cve_2023_41974 #cve_2023_43000 #cve20177921 #cve202122681 #cve202130952 #cve202341974 #cve202343000
##CVE ID: CVE-2023-43000
Vendor: Apple
Product: Multiple Products
Date Added: 2026-03-05
Notes: https://support.apple.com/en-us/120324 ; https://support.apple.com/en-us/120331 ; https://support.apple.com/en-us/120338 ; https://nvd.nist.gov/vuln/detail/CVE-2023-43000
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2023-43000
CISA Adds Five Known Exploited Vulnerabilities to Catalog
03/05/2026 02:30 PM ESTCISA has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
- CVE-2017-7921 Hikvision Multiple Products Improper Authentication Vulnerability
- CVE-2021-22681 Rockwell Multiple Products Insufficient Protected Credentials Vulnerability
- CVE-2021-30952 Apple Multiple Products Integer Overflow or Wraparound Vulnerability
- CVE-2023-41974 Apple iOS and iPadOS Use-After-Free Vulnerability
- CVE-2023-43000 Apple Multiple products Use-After-Free Vulnerability
THREE Apple CVE's added to CISA KEV.
Patch your shit, people.
##CISA has updated the KEV catalogue. Apple posted its security advisories yesterday: https://support.apple.com/en-us/100100
- CVE-2023-41974L Apple iOS and iPadOS Use-After-Free Vulnerability https://www.cve.org/CVERecord?id=CVE-2023-41974
- CVE-2021-30952L Apple Multiple Products Integer Overflow or Wraparound Vulnerability https://www.cve.org/CVERecord?id=CVE-2021-30952
- CVE-2023-43000: Apple Multiple products Use-After-Free Vulnerability https://www.cve.org/CVERecord?id=CVE-2023-43000
Several industrial advisories: https://www.cisa.gov/ #CISA #vulnerability #infosec #Apple
##🚨 [CISA-2026:0305] CISA Adds 5 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0305)
CISA has added 5 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2017-7921 (https://secdb.nttzen.cloud/cve/detail/CVE-2017-7921)
- Name: Hikvision Multiple Products Improper Authentication Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Hikvision
- Product: Multiple Products
- Notes: https://www.hikvision.com/us-en/support/document-center/special-notices/privilege-escalating-vulnerability-in-certain-hikvision-ip-cameras/ ; https://nvd.nist.gov/vuln/detail/CVE-2017-7921
⚠️ CVE-2021-22681 (https://secdb.nttzen.cloud/cve/detail/CVE-2021-22681)
- Name: Rockwell Multiple Products Insufficient Protected Credentials Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Rockwell
- Product: Multiple Products
- Notes: https://support.rockwellautomation.com/app/answers/answer_view/a_id/1130301/~/cve-2021-22681%3A-authentication-bypass-vulnerability-found-in-logix-controllers- ; https://www.cisa.gov/news-events/ics-advisories/icsa-21-056-03 ; https://nvd.nist.gov/vuln/detail/CVE-2021-22681
⚠️ CVE-2021-30952 (https://secdb.nttzen.cloud/cve/detail/CVE-2021-30952)
- Name: Apple Multiple Products Integer Overflow or Wraparound Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: Multiple Products
- Notes: https://support.apple.com/en-us/HT212975 ; https://support.apple.com/en-us/HT212976 ; https://support.apple.com/en-us/HT212978 ; https://support.apple.com/en-us/HT212980 ; https://support.apple.com/en-us/HT212982 ; https://nvd.nist.gov/vuln/detail/CVE-2021-30952
⚠️ CVE-2023-41974 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-41974)
- Name: Apple iOS and iPadOS Use-After-Free Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: iOS and iPadOS
- Notes: https://support.apple.com/en-us/HT213938 ; https://support.apple.com/kb/HT213938 ; https://nvd.nist.gov/vuln/detail/CVE-2023-41974
⚠️ CVE-2023-43000 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-43000)
- Name: Apple Multiple products Use-After-Free Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: Multiple Products
- Notes: https://support.apple.com/en-us/120324 ; https://support.apple.com/en-us/120331 ; https://support.apple.com/en-us/120338 ; https://nvd.nist.gov/vuln/detail/CVE-2023-43000
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260305 #cisa20260305 #cve_2017_7921 #cve_2021_22681 #cve_2021_30952 #cve_2023_41974 #cve_2023_43000 #cve20177921 #cve202122681 #cve202130952 #cve202341974 #cve202343000
##CVE ID: CVE-2023-43000
Vendor: Apple
Product: Multiple Products
Date Added: 2026-03-05
Notes: https://support.apple.com/en-us/120324 ; https://support.apple.com/en-us/120331 ; https://support.apple.com/en-us/120338 ; https://nvd.nist.gov/vuln/detail/CVE-2023-43000
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2023-43000
CISA Adds Five Known Exploited Vulnerabilities to Catalog
03/05/2026 02:30 PM ESTCISA has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
- CVE-2017-7921 Hikvision Multiple Products Improper Authentication Vulnerability
- CVE-2021-22681 Rockwell Multiple Products Insufficient Protected Credentials Vulnerability
- CVE-2021-30952 Apple Multiple Products Integer Overflow or Wraparound Vulnerability
- CVE-2023-41974 Apple iOS and iPadOS Use-After-Free Vulnerability
- CVE-2023-43000 Apple Multiple products Use-After-Free Vulnerability
THREE Apple CVE's added to CISA KEV.
Patch your shit, people.
##CISA has updated the KEV catalogue. Apple posted its security advisories yesterday: https://support.apple.com/en-us/100100
- CVE-2023-41974L Apple iOS and iPadOS Use-After-Free Vulnerability https://www.cve.org/CVERecord?id=CVE-2023-41974
- CVE-2021-30952L Apple Multiple Products Integer Overflow or Wraparound Vulnerability https://www.cve.org/CVERecord?id=CVE-2021-30952
- CVE-2023-43000: Apple Multiple products Use-After-Free Vulnerability https://www.cve.org/CVERecord?id=CVE-2023-43000
Several industrial advisories: https://www.cisa.gov/ #CISA #vulnerability #infosec #Apple
##updated 2026-03-05T20:16:09.293000
8 posts
🚨 [CISA-2026:0305] CISA Adds 5 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0305)
CISA has added 5 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2017-7921 (https://secdb.nttzen.cloud/cve/detail/CVE-2017-7921)
- Name: Hikvision Multiple Products Improper Authentication Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Hikvision
- Product: Multiple Products
- Notes: https://www.hikvision.com/us-en/support/document-center/special-notices/privilege-escalating-vulnerability-in-certain-hikvision-ip-cameras/ ; https://nvd.nist.gov/vuln/detail/CVE-2017-7921
⚠️ CVE-2021-22681 (https://secdb.nttzen.cloud/cve/detail/CVE-2021-22681)
- Name: Rockwell Multiple Products Insufficient Protected Credentials Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Rockwell
- Product: Multiple Products
- Notes: https://support.rockwellautomation.com/app/answers/answer_view/a_id/1130301/~/cve-2021-22681%3A-authentication-bypass-vulnerability-found-in-logix-controllers- ; https://www.cisa.gov/news-events/ics-advisories/icsa-21-056-03 ; https://nvd.nist.gov/vuln/detail/CVE-2021-22681
⚠️ CVE-2021-30952 (https://secdb.nttzen.cloud/cve/detail/CVE-2021-30952)
- Name: Apple Multiple Products Integer Overflow or Wraparound Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: Multiple Products
- Notes: https://support.apple.com/en-us/HT212975 ; https://support.apple.com/en-us/HT212976 ; https://support.apple.com/en-us/HT212978 ; https://support.apple.com/en-us/HT212980 ; https://support.apple.com/en-us/HT212982 ; https://nvd.nist.gov/vuln/detail/CVE-2021-30952
⚠️ CVE-2023-41974 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-41974)
- Name: Apple iOS and iPadOS Use-After-Free Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: iOS and iPadOS
- Notes: https://support.apple.com/en-us/HT213938 ; https://support.apple.com/kb/HT213938 ; https://nvd.nist.gov/vuln/detail/CVE-2023-41974
⚠️ CVE-2023-43000 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-43000)
- Name: Apple Multiple products Use-After-Free Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: Multiple Products
- Notes: https://support.apple.com/en-us/120324 ; https://support.apple.com/en-us/120331 ; https://support.apple.com/en-us/120338 ; https://nvd.nist.gov/vuln/detail/CVE-2023-43000
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260305 #cisa20260305 #cve_2017_7921 #cve_2021_22681 #cve_2021_30952 #cve_2023_41974 #cve_2023_43000 #cve20177921 #cve202122681 #cve202130952 #cve202341974 #cve202343000
##CVE ID: CVE-2023-41974
Vendor: Apple
Product: iOS and iPadOS
Date Added: 2026-03-05
Notes: https://support.apple.com/en-us/HT213938 ; https://support.apple.com/kb/HT213938 ; https://nvd.nist.gov/vuln/detail/CVE-2023-41974
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2023-41974
CISA Adds Five Known Exploited Vulnerabilities to Catalog
03/05/2026 02:30 PM ESTCISA has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
- CVE-2017-7921 Hikvision Multiple Products Improper Authentication Vulnerability
- CVE-2021-22681 Rockwell Multiple Products Insufficient Protected Credentials Vulnerability
- CVE-2021-30952 Apple Multiple Products Integer Overflow or Wraparound Vulnerability
- CVE-2023-41974 Apple iOS and iPadOS Use-After-Free Vulnerability
- CVE-2023-43000 Apple Multiple products Use-After-Free Vulnerability
THREE Apple CVE's added to CISA KEV.
Patch your shit, people.
##CISA has updated the KEV catalogue. Apple posted its security advisories yesterday: https://support.apple.com/en-us/100100
- CVE-2023-41974L Apple iOS and iPadOS Use-After-Free Vulnerability https://www.cve.org/CVERecord?id=CVE-2023-41974
- CVE-2021-30952L Apple Multiple Products Integer Overflow or Wraparound Vulnerability https://www.cve.org/CVERecord?id=CVE-2021-30952
- CVE-2023-43000: Apple Multiple products Use-After-Free Vulnerability https://www.cve.org/CVERecord?id=CVE-2023-43000
Several industrial advisories: https://www.cisa.gov/ #CISA #vulnerability #infosec #Apple
##🚨 [CISA-2026:0305] CISA Adds 5 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0305)
CISA has added 5 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2017-7921 (https://secdb.nttzen.cloud/cve/detail/CVE-2017-7921)
- Name: Hikvision Multiple Products Improper Authentication Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Hikvision
- Product: Multiple Products
- Notes: https://www.hikvision.com/us-en/support/document-center/special-notices/privilege-escalating-vulnerability-in-certain-hikvision-ip-cameras/ ; https://nvd.nist.gov/vuln/detail/CVE-2017-7921
⚠️ CVE-2021-22681 (https://secdb.nttzen.cloud/cve/detail/CVE-2021-22681)
- Name: Rockwell Multiple Products Insufficient Protected Credentials Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Rockwell
- Product: Multiple Products
- Notes: https://support.rockwellautomation.com/app/answers/answer_view/a_id/1130301/~/cve-2021-22681%3A-authentication-bypass-vulnerability-found-in-logix-controllers- ; https://www.cisa.gov/news-events/ics-advisories/icsa-21-056-03 ; https://nvd.nist.gov/vuln/detail/CVE-2021-22681
⚠️ CVE-2021-30952 (https://secdb.nttzen.cloud/cve/detail/CVE-2021-30952)
- Name: Apple Multiple Products Integer Overflow or Wraparound Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: Multiple Products
- Notes: https://support.apple.com/en-us/HT212975 ; https://support.apple.com/en-us/HT212976 ; https://support.apple.com/en-us/HT212978 ; https://support.apple.com/en-us/HT212980 ; https://support.apple.com/en-us/HT212982 ; https://nvd.nist.gov/vuln/detail/CVE-2021-30952
⚠️ CVE-2023-41974 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-41974)
- Name: Apple iOS and iPadOS Use-After-Free Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: iOS and iPadOS
- Notes: https://support.apple.com/en-us/HT213938 ; https://support.apple.com/kb/HT213938 ; https://nvd.nist.gov/vuln/detail/CVE-2023-41974
⚠️ CVE-2023-43000 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-43000)
- Name: Apple Multiple products Use-After-Free Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: Multiple Products
- Notes: https://support.apple.com/en-us/120324 ; https://support.apple.com/en-us/120331 ; https://support.apple.com/en-us/120338 ; https://nvd.nist.gov/vuln/detail/CVE-2023-43000
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260305 #cisa20260305 #cve_2017_7921 #cve_2021_22681 #cve_2021_30952 #cve_2023_41974 #cve_2023_43000 #cve20177921 #cve202122681 #cve202130952 #cve202341974 #cve202343000
##CVE ID: CVE-2023-41974
Vendor: Apple
Product: iOS and iPadOS
Date Added: 2026-03-05
Notes: https://support.apple.com/en-us/HT213938 ; https://support.apple.com/kb/HT213938 ; https://nvd.nist.gov/vuln/detail/CVE-2023-41974
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2023-41974
CISA Adds Five Known Exploited Vulnerabilities to Catalog
03/05/2026 02:30 PM ESTCISA has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
- CVE-2017-7921 Hikvision Multiple Products Improper Authentication Vulnerability
- CVE-2021-22681 Rockwell Multiple Products Insufficient Protected Credentials Vulnerability
- CVE-2021-30952 Apple Multiple Products Integer Overflow or Wraparound Vulnerability
- CVE-2023-41974 Apple iOS and iPadOS Use-After-Free Vulnerability
- CVE-2023-43000 Apple Multiple products Use-After-Free Vulnerability
THREE Apple CVE's added to CISA KEV.
Patch your shit, people.
##CISA has updated the KEV catalogue. Apple posted its security advisories yesterday: https://support.apple.com/en-us/100100
- CVE-2023-41974L Apple iOS and iPadOS Use-After-Free Vulnerability https://www.cve.org/CVERecord?id=CVE-2023-41974
- CVE-2021-30952L Apple Multiple Products Integer Overflow or Wraparound Vulnerability https://www.cve.org/CVERecord?id=CVE-2021-30952
- CVE-2023-43000: Apple Multiple products Use-After-Free Vulnerability https://www.cve.org/CVERecord?id=CVE-2023-43000
Several industrial advisories: https://www.cisa.gov/ #CISA #vulnerability #infosec #Apple
##updated 2026-03-05T20:16:08.867000
8 posts
🚨 [CISA-2026:0305] CISA Adds 5 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0305)
CISA has added 5 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2017-7921 (https://secdb.nttzen.cloud/cve/detail/CVE-2017-7921)
- Name: Hikvision Multiple Products Improper Authentication Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Hikvision
- Product: Multiple Products
- Notes: https://www.hikvision.com/us-en/support/document-center/special-notices/privilege-escalating-vulnerability-in-certain-hikvision-ip-cameras/ ; https://nvd.nist.gov/vuln/detail/CVE-2017-7921
⚠️ CVE-2021-22681 (https://secdb.nttzen.cloud/cve/detail/CVE-2021-22681)
- Name: Rockwell Multiple Products Insufficient Protected Credentials Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Rockwell
- Product: Multiple Products
- Notes: https://support.rockwellautomation.com/app/answers/answer_view/a_id/1130301/~/cve-2021-22681%3A-authentication-bypass-vulnerability-found-in-logix-controllers- ; https://www.cisa.gov/news-events/ics-advisories/icsa-21-056-03 ; https://nvd.nist.gov/vuln/detail/CVE-2021-22681
⚠️ CVE-2021-30952 (https://secdb.nttzen.cloud/cve/detail/CVE-2021-30952)
- Name: Apple Multiple Products Integer Overflow or Wraparound Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: Multiple Products
- Notes: https://support.apple.com/en-us/HT212975 ; https://support.apple.com/en-us/HT212976 ; https://support.apple.com/en-us/HT212978 ; https://support.apple.com/en-us/HT212980 ; https://support.apple.com/en-us/HT212982 ; https://nvd.nist.gov/vuln/detail/CVE-2021-30952
⚠️ CVE-2023-41974 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-41974)
- Name: Apple iOS and iPadOS Use-After-Free Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: iOS and iPadOS
- Notes: https://support.apple.com/en-us/HT213938 ; https://support.apple.com/kb/HT213938 ; https://nvd.nist.gov/vuln/detail/CVE-2023-41974
⚠️ CVE-2023-43000 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-43000)
- Name: Apple Multiple products Use-After-Free Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: Multiple Products
- Notes: https://support.apple.com/en-us/120324 ; https://support.apple.com/en-us/120331 ; https://support.apple.com/en-us/120338 ; https://nvd.nist.gov/vuln/detail/CVE-2023-43000
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260305 #cisa20260305 #cve_2017_7921 #cve_2021_22681 #cve_2021_30952 #cve_2023_41974 #cve_2023_43000 #cve20177921 #cve202122681 #cve202130952 #cve202341974 #cve202343000
##CVE ID: CVE-2021-30952
Vendor: Apple
Product: Multiple Products
Date Added: 2026-03-05
Notes: https://support.apple.com/en-us/HT212975 ; https://support.apple.com/en-us/HT212976 ; https://support.apple.com/en-us/HT212978 ; https://support.apple.com/en-us/HT212980 ; https://support.apple.com/en-us/HT212982 ; https://nvd.nist.gov/vuln/detail/CVE-2021-30952
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2021-30952
CISA Adds Five Known Exploited Vulnerabilities to Catalog
03/05/2026 02:30 PM ESTCISA has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
- CVE-2017-7921 Hikvision Multiple Products Improper Authentication Vulnerability
- CVE-2021-22681 Rockwell Multiple Products Insufficient Protected Credentials Vulnerability
- CVE-2021-30952 Apple Multiple Products Integer Overflow or Wraparound Vulnerability
- CVE-2023-41974 Apple iOS and iPadOS Use-After-Free Vulnerability
- CVE-2023-43000 Apple Multiple products Use-After-Free Vulnerability
THREE Apple CVE's added to CISA KEV.
Patch your shit, people.
##CISA has updated the KEV catalogue. Apple posted its security advisories yesterday: https://support.apple.com/en-us/100100
- CVE-2023-41974L Apple iOS and iPadOS Use-After-Free Vulnerability https://www.cve.org/CVERecord?id=CVE-2023-41974
- CVE-2021-30952L Apple Multiple Products Integer Overflow or Wraparound Vulnerability https://www.cve.org/CVERecord?id=CVE-2021-30952
- CVE-2023-43000: Apple Multiple products Use-After-Free Vulnerability https://www.cve.org/CVERecord?id=CVE-2023-43000
Several industrial advisories: https://www.cisa.gov/ #CISA #vulnerability #infosec #Apple
##🚨 [CISA-2026:0305] CISA Adds 5 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0305)
CISA has added 5 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2017-7921 (https://secdb.nttzen.cloud/cve/detail/CVE-2017-7921)
- Name: Hikvision Multiple Products Improper Authentication Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Hikvision
- Product: Multiple Products
- Notes: https://www.hikvision.com/us-en/support/document-center/special-notices/privilege-escalating-vulnerability-in-certain-hikvision-ip-cameras/ ; https://nvd.nist.gov/vuln/detail/CVE-2017-7921
⚠️ CVE-2021-22681 (https://secdb.nttzen.cloud/cve/detail/CVE-2021-22681)
- Name: Rockwell Multiple Products Insufficient Protected Credentials Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Rockwell
- Product: Multiple Products
- Notes: https://support.rockwellautomation.com/app/answers/answer_view/a_id/1130301/~/cve-2021-22681%3A-authentication-bypass-vulnerability-found-in-logix-controllers- ; https://www.cisa.gov/news-events/ics-advisories/icsa-21-056-03 ; https://nvd.nist.gov/vuln/detail/CVE-2021-22681
⚠️ CVE-2021-30952 (https://secdb.nttzen.cloud/cve/detail/CVE-2021-30952)
- Name: Apple Multiple Products Integer Overflow or Wraparound Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: Multiple Products
- Notes: https://support.apple.com/en-us/HT212975 ; https://support.apple.com/en-us/HT212976 ; https://support.apple.com/en-us/HT212978 ; https://support.apple.com/en-us/HT212980 ; https://support.apple.com/en-us/HT212982 ; https://nvd.nist.gov/vuln/detail/CVE-2021-30952
⚠️ CVE-2023-41974 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-41974)
- Name: Apple iOS and iPadOS Use-After-Free Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: iOS and iPadOS
- Notes: https://support.apple.com/en-us/HT213938 ; https://support.apple.com/kb/HT213938 ; https://nvd.nist.gov/vuln/detail/CVE-2023-41974
⚠️ CVE-2023-43000 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-43000)
- Name: Apple Multiple products Use-After-Free Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: Multiple Products
- Notes: https://support.apple.com/en-us/120324 ; https://support.apple.com/en-us/120331 ; https://support.apple.com/en-us/120338 ; https://nvd.nist.gov/vuln/detail/CVE-2023-43000
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260305 #cisa20260305 #cve_2017_7921 #cve_2021_22681 #cve_2021_30952 #cve_2023_41974 #cve_2023_43000 #cve20177921 #cve202122681 #cve202130952 #cve202341974 #cve202343000
##CVE ID: CVE-2021-30952
Vendor: Apple
Product: Multiple Products
Date Added: 2026-03-05
Notes: https://support.apple.com/en-us/HT212975 ; https://support.apple.com/en-us/HT212976 ; https://support.apple.com/en-us/HT212978 ; https://support.apple.com/en-us/HT212980 ; https://support.apple.com/en-us/HT212982 ; https://nvd.nist.gov/vuln/detail/CVE-2021-30952
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2021-30952
CISA Adds Five Known Exploited Vulnerabilities to Catalog
03/05/2026 02:30 PM ESTCISA has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
- CVE-2017-7921 Hikvision Multiple Products Improper Authentication Vulnerability
- CVE-2021-22681 Rockwell Multiple Products Insufficient Protected Credentials Vulnerability
- CVE-2021-30952 Apple Multiple Products Integer Overflow or Wraparound Vulnerability
- CVE-2023-41974 Apple iOS and iPadOS Use-After-Free Vulnerability
- CVE-2023-43000 Apple Multiple products Use-After-Free Vulnerability
THREE Apple CVE's added to CISA KEV.
Patch your shit, people.
##CISA has updated the KEV catalogue. Apple posted its security advisories yesterday: https://support.apple.com/en-us/100100
- CVE-2023-41974L Apple iOS and iPadOS Use-After-Free Vulnerability https://www.cve.org/CVERecord?id=CVE-2023-41974
- CVE-2021-30952L Apple Multiple Products Integer Overflow or Wraparound Vulnerability https://www.cve.org/CVERecord?id=CVE-2021-30952
- CVE-2023-43000: Apple Multiple products Use-After-Free Vulnerability https://www.cve.org/CVERecord?id=CVE-2023-43000
Several industrial advisories: https://www.cisa.gov/ #CISA #vulnerability #infosec #Apple
##updated 2026-03-05T20:16:08.583000
6 posts
🚨 [CISA-2026:0305] CISA Adds 5 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0305)
CISA has added 5 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2017-7921 (https://secdb.nttzen.cloud/cve/detail/CVE-2017-7921)
- Name: Hikvision Multiple Products Improper Authentication Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Hikvision
- Product: Multiple Products
- Notes: https://www.hikvision.com/us-en/support/document-center/special-notices/privilege-escalating-vulnerability-in-certain-hikvision-ip-cameras/ ; https://nvd.nist.gov/vuln/detail/CVE-2017-7921
⚠️ CVE-2021-22681 (https://secdb.nttzen.cloud/cve/detail/CVE-2021-22681)
- Name: Rockwell Multiple Products Insufficient Protected Credentials Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Rockwell
- Product: Multiple Products
- Notes: https://support.rockwellautomation.com/app/answers/answer_view/a_id/1130301/~/cve-2021-22681%3A-authentication-bypass-vulnerability-found-in-logix-controllers- ; https://www.cisa.gov/news-events/ics-advisories/icsa-21-056-03 ; https://nvd.nist.gov/vuln/detail/CVE-2021-22681
⚠️ CVE-2021-30952 (https://secdb.nttzen.cloud/cve/detail/CVE-2021-30952)
- Name: Apple Multiple Products Integer Overflow or Wraparound Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: Multiple Products
- Notes: https://support.apple.com/en-us/HT212975 ; https://support.apple.com/en-us/HT212976 ; https://support.apple.com/en-us/HT212978 ; https://support.apple.com/en-us/HT212980 ; https://support.apple.com/en-us/HT212982 ; https://nvd.nist.gov/vuln/detail/CVE-2021-30952
⚠️ CVE-2023-41974 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-41974)
- Name: Apple iOS and iPadOS Use-After-Free Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: iOS and iPadOS
- Notes: https://support.apple.com/en-us/HT213938 ; https://support.apple.com/kb/HT213938 ; https://nvd.nist.gov/vuln/detail/CVE-2023-41974
⚠️ CVE-2023-43000 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-43000)
- Name: Apple Multiple products Use-After-Free Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: Multiple Products
- Notes: https://support.apple.com/en-us/120324 ; https://support.apple.com/en-us/120331 ; https://support.apple.com/en-us/120338 ; https://nvd.nist.gov/vuln/detail/CVE-2023-43000
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260305 #cisa20260305 #cve_2017_7921 #cve_2021_22681 #cve_2021_30952 #cve_2023_41974 #cve_2023_43000 #cve20177921 #cve202122681 #cve202130952 #cve202341974 #cve202343000
##CVE ID: CVE-2021-22681
Vendor: Rockwell
Product: Multiple Products
Date Added: 2026-03-05
Notes: https://support.rockwellautomation.com/app/answers/answer_view/a_id/1130301/~/cve-2021-22681%3A-authentication-bypass-vulnerability-found-in-logix-controllers- ; https://www.cisa.gov/news-events/ics-advisories/icsa-21-056-03 ; https://nvd.nist.gov/vuln/detail/CVE-2021-22681
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2021-22681
CISA Adds Five Known Exploited Vulnerabilities to Catalog
03/05/2026 02:30 PM ESTCISA has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
- CVE-2017-7921 Hikvision Multiple Products Improper Authentication Vulnerability
- CVE-2021-22681 Rockwell Multiple Products Insufficient Protected Credentials Vulnerability
- CVE-2021-30952 Apple Multiple Products Integer Overflow or Wraparound Vulnerability
- CVE-2023-41974 Apple iOS and iPadOS Use-After-Free Vulnerability
- CVE-2023-43000 Apple Multiple products Use-After-Free Vulnerability
THREE Apple CVE's added to CISA KEV.
Patch your shit, people.
##🚨 [CISA-2026:0305] CISA Adds 5 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0305)
CISA has added 5 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2017-7921 (https://secdb.nttzen.cloud/cve/detail/CVE-2017-7921)
- Name: Hikvision Multiple Products Improper Authentication Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Hikvision
- Product: Multiple Products
- Notes: https://www.hikvision.com/us-en/support/document-center/special-notices/privilege-escalating-vulnerability-in-certain-hikvision-ip-cameras/ ; https://nvd.nist.gov/vuln/detail/CVE-2017-7921
⚠️ CVE-2021-22681 (https://secdb.nttzen.cloud/cve/detail/CVE-2021-22681)
- Name: Rockwell Multiple Products Insufficient Protected Credentials Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Rockwell
- Product: Multiple Products
- Notes: https://support.rockwellautomation.com/app/answers/answer_view/a_id/1130301/~/cve-2021-22681%3A-authentication-bypass-vulnerability-found-in-logix-controllers- ; https://www.cisa.gov/news-events/ics-advisories/icsa-21-056-03 ; https://nvd.nist.gov/vuln/detail/CVE-2021-22681
⚠️ CVE-2021-30952 (https://secdb.nttzen.cloud/cve/detail/CVE-2021-30952)
- Name: Apple Multiple Products Integer Overflow or Wraparound Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: Multiple Products
- Notes: https://support.apple.com/en-us/HT212975 ; https://support.apple.com/en-us/HT212976 ; https://support.apple.com/en-us/HT212978 ; https://support.apple.com/en-us/HT212980 ; https://support.apple.com/en-us/HT212982 ; https://nvd.nist.gov/vuln/detail/CVE-2021-30952
⚠️ CVE-2023-41974 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-41974)
- Name: Apple iOS and iPadOS Use-After-Free Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: iOS and iPadOS
- Notes: https://support.apple.com/en-us/HT213938 ; https://support.apple.com/kb/HT213938 ; https://nvd.nist.gov/vuln/detail/CVE-2023-41974
⚠️ CVE-2023-43000 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-43000)
- Name: Apple Multiple products Use-After-Free Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: Multiple Products
- Notes: https://support.apple.com/en-us/120324 ; https://support.apple.com/en-us/120331 ; https://support.apple.com/en-us/120338 ; https://nvd.nist.gov/vuln/detail/CVE-2023-43000
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260305 #cisa20260305 #cve_2017_7921 #cve_2021_22681 #cve_2021_30952 #cve_2023_41974 #cve_2023_43000 #cve20177921 #cve202122681 #cve202130952 #cve202341974 #cve202343000
##CVE ID: CVE-2021-22681
Vendor: Rockwell
Product: Multiple Products
Date Added: 2026-03-05
Notes: https://support.rockwellautomation.com/app/answers/answer_view/a_id/1130301/~/cve-2021-22681%3A-authentication-bypass-vulnerability-found-in-logix-controllers- ; https://www.cisa.gov/news-events/ics-advisories/icsa-21-056-03 ; https://nvd.nist.gov/vuln/detail/CVE-2021-22681
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2021-22681
CISA Adds Five Known Exploited Vulnerabilities to Catalog
03/05/2026 02:30 PM ESTCISA has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
- CVE-2017-7921 Hikvision Multiple Products Improper Authentication Vulnerability
- CVE-2021-22681 Rockwell Multiple Products Insufficient Protected Credentials Vulnerability
- CVE-2021-30952 Apple Multiple Products Integer Overflow or Wraparound Vulnerability
- CVE-2023-41974 Apple iOS and iPadOS Use-After-Free Vulnerability
- CVE-2023-43000 Apple Multiple products Use-After-Free Vulnerability
THREE Apple CVE's added to CISA KEV.
Patch your shit, people.
##updated 2026-03-05T20:16:08.180000
6 posts
25 repos
https://github.com/saaydmr/hikvision-exploiter
https://github.com/BurnyMcDull/CVE-2017-7921
https://github.com/voidsshadows/Hikvision-City-Hunter
https://github.com/JrDw0/CVE-2017-7921-EXP
https://github.com/aengussong/hikvision_probe
https://github.com/MartinxMax/BloodCat
https://github.com/GabrielAvls/CVE-2017-7921
https://github.com/chrisjd20/hikvision_CVE-2017-7921_auth_bypass_config_decryptor
https://github.com/0xf3d0rq/CVE-2017-7921
https://github.com/201646613/CVE-2017-7921
https://github.com/KelvinWin10/CVE-2017-7921-rewrite
https://github.com/mverschu/CVE-2017-7921
https://github.com/MisakaMikato/cve-2017-7921-golang
https://github.com/AnonkiGroup/AnonHik
https://github.com/jorhelp/Ingram
https://github.com/K3ysTr0K3R/CVE-2017-7921-EXPLOIT
https://github.com/lastvocher/Hikvision-CVE-2017-7921-decryptor
https://github.com/b3pwn3d/CVE-2017-7921
https://github.com/krypton612/hikivision
https://github.com/kooroshsanaei/HikVision-CVE-2017-7921
https://github.com/p4tq/hikvision_CVE-2017-7921_auth_bypass_config_decryptor
https://github.com/Wyl-cmd/CVE-2017-7921-Research-Toolkit
https://github.com/yousouf-Tasfin/cve-2017-7921-Mass-Exploit
🚨 [CISA-2026:0305] CISA Adds 5 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0305)
CISA has added 5 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2017-7921 (https://secdb.nttzen.cloud/cve/detail/CVE-2017-7921)
- Name: Hikvision Multiple Products Improper Authentication Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Hikvision
- Product: Multiple Products
- Notes: https://www.hikvision.com/us-en/support/document-center/special-notices/privilege-escalating-vulnerability-in-certain-hikvision-ip-cameras/ ; https://nvd.nist.gov/vuln/detail/CVE-2017-7921
⚠️ CVE-2021-22681 (https://secdb.nttzen.cloud/cve/detail/CVE-2021-22681)
- Name: Rockwell Multiple Products Insufficient Protected Credentials Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Rockwell
- Product: Multiple Products
- Notes: https://support.rockwellautomation.com/app/answers/answer_view/a_id/1130301/~/cve-2021-22681%3A-authentication-bypass-vulnerability-found-in-logix-controllers- ; https://www.cisa.gov/news-events/ics-advisories/icsa-21-056-03 ; https://nvd.nist.gov/vuln/detail/CVE-2021-22681
⚠️ CVE-2021-30952 (https://secdb.nttzen.cloud/cve/detail/CVE-2021-30952)
- Name: Apple Multiple Products Integer Overflow or Wraparound Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: Multiple Products
- Notes: https://support.apple.com/en-us/HT212975 ; https://support.apple.com/en-us/HT212976 ; https://support.apple.com/en-us/HT212978 ; https://support.apple.com/en-us/HT212980 ; https://support.apple.com/en-us/HT212982 ; https://nvd.nist.gov/vuln/detail/CVE-2021-30952
⚠️ CVE-2023-41974 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-41974)
- Name: Apple iOS and iPadOS Use-After-Free Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: iOS and iPadOS
- Notes: https://support.apple.com/en-us/HT213938 ; https://support.apple.com/kb/HT213938 ; https://nvd.nist.gov/vuln/detail/CVE-2023-41974
⚠️ CVE-2023-43000 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-43000)
- Name: Apple Multiple products Use-After-Free Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: Multiple Products
- Notes: https://support.apple.com/en-us/120324 ; https://support.apple.com/en-us/120331 ; https://support.apple.com/en-us/120338 ; https://nvd.nist.gov/vuln/detail/CVE-2023-43000
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260305 #cisa20260305 #cve_2017_7921 #cve_2021_22681 #cve_2021_30952 #cve_2023_41974 #cve_2023_43000 #cve20177921 #cve202122681 #cve202130952 #cve202341974 #cve202343000
##CVE ID: CVE-2017-7921
Vendor: Hikvision
Product: Multiple Products
Date Added: 2026-03-05
Notes: https://www.hikvision.com/us-en/support/document-center/special-notices/privilege-escalating-vulnerability-in-certain-hikvision-ip-cameras/ ; https://nvd.nist.gov/vuln/detail/CVE-2017-7921
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2017-7921
CISA Adds Five Known Exploited Vulnerabilities to Catalog
03/05/2026 02:30 PM ESTCISA has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
- CVE-2017-7921 Hikvision Multiple Products Improper Authentication Vulnerability
- CVE-2021-22681 Rockwell Multiple Products Insufficient Protected Credentials Vulnerability
- CVE-2021-30952 Apple Multiple Products Integer Overflow or Wraparound Vulnerability
- CVE-2023-41974 Apple iOS and iPadOS Use-After-Free Vulnerability
- CVE-2023-43000 Apple Multiple products Use-After-Free Vulnerability
THREE Apple CVE's added to CISA KEV.
Patch your shit, people.
##🚨 [CISA-2026:0305] CISA Adds 5 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0305)
CISA has added 5 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2017-7921 (https://secdb.nttzen.cloud/cve/detail/CVE-2017-7921)
- Name: Hikvision Multiple Products Improper Authentication Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Hikvision
- Product: Multiple Products
- Notes: https://www.hikvision.com/us-en/support/document-center/special-notices/privilege-escalating-vulnerability-in-certain-hikvision-ip-cameras/ ; https://nvd.nist.gov/vuln/detail/CVE-2017-7921
⚠️ CVE-2021-22681 (https://secdb.nttzen.cloud/cve/detail/CVE-2021-22681)
- Name: Rockwell Multiple Products Insufficient Protected Credentials Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Rockwell
- Product: Multiple Products
- Notes: https://support.rockwellautomation.com/app/answers/answer_view/a_id/1130301/~/cve-2021-22681%3A-authentication-bypass-vulnerability-found-in-logix-controllers- ; https://www.cisa.gov/news-events/ics-advisories/icsa-21-056-03 ; https://nvd.nist.gov/vuln/detail/CVE-2021-22681
⚠️ CVE-2021-30952 (https://secdb.nttzen.cloud/cve/detail/CVE-2021-30952)
- Name: Apple Multiple Products Integer Overflow or Wraparound Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: Multiple Products
- Notes: https://support.apple.com/en-us/HT212975 ; https://support.apple.com/en-us/HT212976 ; https://support.apple.com/en-us/HT212978 ; https://support.apple.com/en-us/HT212980 ; https://support.apple.com/en-us/HT212982 ; https://nvd.nist.gov/vuln/detail/CVE-2021-30952
⚠️ CVE-2023-41974 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-41974)
- Name: Apple iOS and iPadOS Use-After-Free Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: iOS and iPadOS
- Notes: https://support.apple.com/en-us/HT213938 ; https://support.apple.com/kb/HT213938 ; https://nvd.nist.gov/vuln/detail/CVE-2023-41974
⚠️ CVE-2023-43000 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-43000)
- Name: Apple Multiple products Use-After-Free Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: Multiple Products
- Notes: https://support.apple.com/en-us/120324 ; https://support.apple.com/en-us/120331 ; https://support.apple.com/en-us/120338 ; https://nvd.nist.gov/vuln/detail/CVE-2023-43000
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260305 #cisa20260305 #cve_2017_7921 #cve_2021_22681 #cve_2021_30952 #cve_2023_41974 #cve_2023_43000 #cve20177921 #cve202122681 #cve202130952 #cve202341974 #cve202343000
##CVE ID: CVE-2017-7921
Vendor: Hikvision
Product: Multiple Products
Date Added: 2026-03-05
Notes: https://www.hikvision.com/us-en/support/document-center/special-notices/privilege-escalating-vulnerability-in-certain-hikvision-ip-cameras/ ; https://nvd.nist.gov/vuln/detail/CVE-2017-7921
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2017-7921
CISA Adds Five Known Exploited Vulnerabilities to Catalog
03/05/2026 02:30 PM ESTCISA has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
- CVE-2017-7921 Hikvision Multiple Products Improper Authentication Vulnerability
- CVE-2021-22681 Rockwell Multiple Products Insufficient Protected Credentials Vulnerability
- CVE-2021-30952 Apple Multiple Products Integer Overflow or Wraparound Vulnerability
- CVE-2023-41974 Apple iOS and iPadOS Use-After-Free Vulnerability
- CVE-2023-43000 Apple Multiple products Use-After-Free Vulnerability
THREE Apple CVE's added to CISA KEV.
Patch your shit, people.
##updated 2026-03-05T19:39:11.967000
2 posts
🟠 New security advisory:
CVE-2026-20101 affects multiple systems.
• Impact: Significant security breach potential
• Risk: Unauthorized access or data exposure
• Mitigation: Apply patches within 24-48 hours
Full breakdown:
https://yazoul.net/advisory/cve/cve-2026-20101
🟠 CVE-2026-20101 - High (8.6)
A vulnerability in the SAML 2.0 single sign-on (SSO) feature of Cisco Secure Firewall ASA Software and Secure FTD Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a DoS condition.
...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20101/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-05T19:39:11.967000
2 posts
🔴 CVE-2025-70219 - Critical (9.8)
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the goform/formDeviceReboot.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70219/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-70219 - Critical (9.8)
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the goform/formDeviceReboot.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70219/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-05T19:39:11.967000
2 posts
🟠 New security advisory:
CVE-2026-20103 affects multiple systems.
• Impact: Significant security breach potential
• Risk: Unauthorized access or data exposure
• Mitigation: Apply patches within 24-48 hours
Full breakdown:
https://yazoul.net/advisory/cve/cve-2026-20103
🟠 CVE-2026-20103 - High (8.6)
A vulnerability in the Remote Access SSL VPN functionality of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust device memo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20103/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-05T19:39:11.967000
6 posts
Cisco Issues Emergency Patches for Critical Root-Level Firewall Management Flaws
Cisco patched two critical vulnerabilities (CVE-2026-20079 and CVE-2026-20131) in its Secure Firewall Management Center that allow unauthenticated remote attackers to gain root access and execute arbitrary code.
**If you are using Cisco FMC on premise, this is urgent and important. Make sure the web interface of the FMC is isolated and accessible only from trusted networks. Then apply a very quick patch, since even if isolated, a lot of attackers will be building tools to attack it after they do a successful phishing or endpoint compromise.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/cisco-issues-emergency-patches-for-critical-root-level-firewall-management-flaws-i-7-p-d-v/gD2P6Ple2L
💥 Cisco warns of max severity Secure FMC flaws giving root access
「 Both vulnerabilities can be exploited remotely by unauthenticated attackers: the authentication bypass flaw (CVE-2026-20079) allows attackers to gain root access to the underlying operating system, while the remote code execution (RCE) vulnerability (CVE-2026-20131) lets them execute arbitrary Java code as root on unpatched devices 」
#cisco #rce #cybersecurity
https://www.bleepingcomputer.com/news/security/cisco-warns-of-max-severity-secure-fmc-flaws-giving-root-access/
yikes.. 50 CVEs for Cisco today incl. two max severity CVE-2026-20131 & CVE-2026-20079 with auth bypass 🫡
🚬
##🔴 CVE-2026-20131 - Critical (10)
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device.
This vulnerability is ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20131/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Second is CVE-2026-20131: remote code execution in the same product by way of, aww yiss, Java deserialization.
##Oops.
A long list of Cisco vulnerabilities, two critical, several high-severity.
- Critical: CVE-2026-20079-CWE-288: Cisco Secure Firewall Management Center Software Authentication Bypass Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-onprem-fmc-authbypass-5JPp45V2
- Critical: CVE-2026-20131-CWE-502: Cisco Secure Firewall Management Center Software Remote Code Execution Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-rce-NKhnULJh
More. Grab a coffee https://sec.cloudapps.cisco.com/security/center/publicationListing.x @TalosSecurity #infosec #vulnerability #Cisco
##updated 2026-03-05T19:39:11.967000
1 posts
🟠 CVE-2026-0847 - High (8.6)
A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. These classes fail to prop...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0847/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-05T19:39:11.967000
1 posts
🔴 CVE-2025-70223 - Critical (9.8)
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAdvNetwork.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70223/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-05T19:39:11.967000
2 posts
🟠 CVE-2026-20100 - High (7.7)
A vulnerability in the LUA interperter of the Remote Access SSL VPN feature of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker with a ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20100/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-20100 - High (7.7)
A vulnerability in the LUA interperter of the Remote Access SSL VPN feature of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker with a ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20100/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-05T19:38:53.383000
2 posts
🔴 CVE-2025-40926 - Critical (9.8)
Plack::Middleware::Session::Simple versions through 0.04 for Perl generates session ids insecurely.
The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-40926/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-40926 - Critical (9.8)
Plack::Middleware::Session::Simple versions through 0.04 for Perl generates session ids insecurely.
The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-40926/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-05T19:38:53.383000
2 posts
🔴 CVE-2025-70222 - Critical (9.8)
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formLogin,goform/getAuthCode.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70222/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-70222 - Critical (9.8)
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formLogin,goform/getAuthCode.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70222/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-05T19:38:53.383000
2 posts
🔴 CVE-2025-68553 - Critical (9.9)
Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Lendiz lendiz allows Upload a Web Shell to a Web Server.This issue affects Lendiz: from n/a through < 2.0.1.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-68553/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-68553 - Critical (9.9)
Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Lendiz lendiz allows Upload a Web Shell to a Web Server.This issue affects Lendiz: from n/a through < 2.0.1.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-68553/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-05T19:38:53.383000
2 posts
🔴 CVE-2025-54001 - Critical (9.8)
Deserialization of Untrusted Data vulnerability in ThemeREX Classter classter allows Object Injection.This issue affects Classter: from n/a through <= 2.5.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-54001/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-54001 - Critical (9.8)
Deserialization of Untrusted Data vulnerability in ThemeREX Classter classter allows Object Injection.This issue affects Classter: from n/a through <= 2.5.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-54001/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-05T19:38:53.383000
2 posts
🟠 CVE-2025-69340 - High (7.5)
Missing Authorization vulnerability in BuddhaThemes WeDesignTech Ultimate Booking Addon wedesigntech-ultimate-booking-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WeDesignTech Ultimate Booking Ad...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69340/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-69340 - High (7.5)
Missing Authorization vulnerability in BuddhaThemes WeDesignTech Ultimate Booking Addon wedesigntech-ultimate-booking-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WeDesignTech Ultimate Booking Ad...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69340/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-05T19:38:53.383000
2 posts
🟠 CVE-2026-27803 - High (8.3)
Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior to version 1.35.4, when a Manager has manage=false for a given collection, they can still perform several management operations as long...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27803/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27803 - High (8.3)
Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior to version 1.35.4, when a Manager has manage=false for a given collection, they can still perform several management operations as long...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27803/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-05T19:38:53.383000
1 posts
🟠 CVE-2026-27802 - High (8.3)
Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior to version 1.35.4, there is a privilege escalation vulnerability via bulk permission update to unauthorized collections by Manager. Thi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27802/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-05T19:38:33.877000
2 posts
🔴 CVE-2026-25921 - Critical (9.3)
Gogs is an open source self-hosted Git service. Prior to version 0.14.2, overwritable LFS object across different repos leads to supply-chain attack, all LFS objects are vulnerable to be maliciously overwritten by malicious attackers. This issue h...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25921/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-25921 - Critical (9.3)
Gogs is an open source self-hosted Git service. Prior to version 0.14.2, overwritable LFS object across different repos leads to supply-chain attack, all LFS objects are vulnerable to be maliciously overwritten by malicious attackers. This issue h...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25921/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-05T19:38:33.877000
4 posts
🔴 CVE-2026-27944 - Critical (9.8)
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response hea...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27944/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##New.
Tenable research advisories have added critical vulnerability CVE-2026-27944: Nginx UI - Unauthenticated Backup Download with Encryption Key Disclosure https://www.tenable.com/security/research/tra-2026-17 @tenable #infosec #vulnerability
##🔴 CVE-2026-27944 - Critical (9.8)
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response hea...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27944/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##New.
Tenable research advisories have added critical vulnerability CVE-2026-27944: Nginx UI - Unauthenticated Backup Download with Encryption Key Disclosure https://www.tenable.com/security/research/tra-2026-17 @tenable #infosec #vulnerability
##updated 2026-03-05T19:38:33.877000
2 posts
🟠 CVE-2026-28119 - High (8.1)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Nirvana nirvana allows PHP Local File Inclusion.This issue affects Nirvana: from n/a through <= 2.6.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28119/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-28119 - High (8.1)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Nirvana nirvana allows PHP Local File Inclusion.This issue affects Nirvana: from n/a through <= 2.6.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28119/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-05T19:38:33.877000
2 posts
🟠 CVE-2026-28124 - High (8.1)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Notarius notarius allows PHP Local File Inclusion.This issue affects Notarius: from n/a through <= 1.9.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28124/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-28124 - High (8.1)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Notarius notarius allows PHP Local File Inclusion.This issue affects Notarius: from n/a through <= 1.9.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28124/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-05T19:38:33.877000
2 posts
🟠 CVE-2026-28129 - High (8.1)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Little Birdies little-birdies allows PHP Local File Inclusion.This issue affects Little Birdies: from n/a through ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28129/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-28129 - High (8.1)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Little Birdies little-birdies allows PHP Local File Inclusion.This issue affects Little Birdies: from n/a through ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28129/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-05T19:38:33.877000
2 posts
🟠 CVE-2026-28128 - High (8.1)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Verse verse allows PHP Local File Inclusion.This issue affects Verse: from n/a through <= 1.7.0.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28128/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-28128 - High (8.1)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Verse verse allows PHP Local File Inclusion.This issue affects Verse: from n/a through <= 1.7.0.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28128/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-05T19:38:33.877000
2 posts
🟠 CVE-2026-28125 - High (8.1)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Midi midi allows PHP Local File Inclusion.This issue affects Midi: from n/a through <= 1.14.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28125/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-28125 - High (8.1)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Midi midi allows PHP Local File Inclusion.This issue affects Midi: from n/a through <= 1.14.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28125/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-05T19:38:33.877000
2 posts
🟠 CVE-2026-28134 - High (8.5)
Improper Control of Generation of Code ('Code Injection') vulnerability in Crocoblock JetEngine jet-engine allows Remote Code Inclusion.This issue affects JetEngine: from n/a through <= 3.7.2.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28134/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-28134 - High (8.5)
Improper Control of Generation of Code ('Code Injection') vulnerability in Crocoblock JetEngine jet-engine allows Remote Code Inclusion.This issue affects JetEngine: from n/a through <= 3.7.2.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28134/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-05T19:38:33.877000
2 posts
🟠 CVE-2026-1720 - High (8.8)
The WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the 'install_and_active_plugin' func...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1720/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-1720 - High (8.8)
The WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the 'install_and_active_plugin' func...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1720/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-05T19:38:33.877000
2 posts
1 repos
🔴 CVE-2026-2599 - Critical (9.8)
The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.7 via deserialization of untrusted input in the 'download_csv' function. This makes it p...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2599/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-2599 - Critical (9.8)
The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.7 via deserialization of untrusted input in the 'download_csv' function. This makes it p...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2599/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-05T19:38:33.877000
1 posts
🟠 CVE-2026-29053 - High (7.6)
Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched in version 6.19.1.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-29053/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-05T19:38:33.877000
1 posts
🔴 CVE-2026-1678 - Critical (9.4)
dns_unpack_name() caches the buffer tailroom once and reuses it while appending DNS labels. As the buffer grows, the cached size becomes incorrect, and the final null terminator can be written past the buffer. With assertions disabled (default), a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1678/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-05T18:32:44
2 posts
🔴 CVE-2025-70226 - Critical (9.8)
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formEasySetupWizard.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70226/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-70226 - Critical (9.8)
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formEasySetupWizard.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70226/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-05T18:32:44
2 posts
🔴 CVE-2025-70225 - Critical (9.8)
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curtime parameter to the goform/formEasySetupWWConfig component
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70225/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-70225 - Critical (9.8)
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curtime parameter to the goform/formEasySetupWWConfig component
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70225/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-05T18:32:43
2 posts
🔴 CVE-2025-66944 - Critical (9.8)
SQL Injection vulnerability in vran-dev databaseir v.1.0.7 and before allows a remote attacker to execute arbitrary code via the query parameter in the search API endpoint
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-66944/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-66944 - Critical (9.8)
SQL Injection vulnerability in vran-dev databaseir v.1.0.7 and before allows a remote attacker to execute arbitrary code via the query parameter in the search API endpoint
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-66944/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-05T18:32:43
2 posts
🔴 CVE-2025-70218 - Critical (9.8)
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via POST to the goform/formAdvFirewall component.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70218/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-70218 - Critical (9.8)
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via POST to the goform/formAdvFirewall component.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70218/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-05T18:32:43
2 posts
🔴 CVE-2025-46108 - Critical (9.8)
D-link Dir-513 A1FW110 is vulnerable to Buffer Overflow in the function formTcpipSetup.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-46108/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-46108 - Critical (9.8)
D-link Dir-513 A1FW110 is vulnerable to Buffer Overflow in the function formTcpipSetup.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-46108/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-05T18:32:43
2 posts
🔴 CVE-2025-70221 - Critical (9.8)
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formLogin.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70221/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-70221 - Critical (9.8)
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formLogin.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70221/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-05T18:32:43
2 posts
🔴 CVE-2025-69338 - Critical (9.3)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in don-themes Riode Core riode-core allows Blind SQL Injection.This issue affects Riode Core: from n/a through <= 1.6.26.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69338/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-69338 - Critical (9.3)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in don-themes Riode Core riode-core allows Blind SQL Injection.This issue affects Riode Core: from n/a through <= 1.6.26.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69338/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-05T18:32:43
2 posts
🔴 CVE-2025-68555 - Critical (9.9)
Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Nutrie nutrie allows Upload a Web Shell to a Web Server.This issue affects Nutrie: from n/a through < 2.0.1.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-68555/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-68555 - Critical (9.9)
Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Nutrie nutrie allows Upload a Web Shell to a Web Server.This issue affects Nutrie: from n/a through < 2.0.1.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-68555/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-05T18:32:43
2 posts
🟠 CVE-2026-28117 - High (8.1)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes smart SEO smartSEO allows PHP Local File Inclusion.This issue affects smart SEO: from n/a through <= 2.9.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28117/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-28117 - High (8.1)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes smart SEO smartSEO allows PHP Local File Inclusion.This issue affects smart SEO: from n/a through <= 2.9.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28117/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-05T18:15:20.593000
1 posts
🔴 CVE-2026-22891 - Critical (9.8)
A heap-based buffer overflow vulnerability exists in the Intan CLP parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (db9a9a63). A specially crafted Intan CLP file can lead to arbitrary code execution. An attacker can p...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22891/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-05T18:13:33.993000
1 posts
🔴 CVE-2026-26478 - Critical (9.8)
A shell command injection vulnerability in Mobvoi Tichome Mini smart speaker 012-18853 and 027-58389 allows remote attackers to send a specially crafted UDP datagram and execute arbitrary shell code as the root account.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26478/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-05T18:05:02.300000
2 posts
🟠 CVE-2026-26673 - High (7.5)
An issue in DJI Mavic Mini, Spark, Mavic Air, Mini, Mini SE 0.1.00.0500 and below allows a remote attacker to cause a denial of service via the DJI Enhanced-WiFi transmission subsystem
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26673/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26673 - High (7.5)
An issue in DJI Mavic Mini, Spark, Mavic Air, Mini, Mini SE 0.1.00.0500 and below allows a remote attacker to cause a denial of service via the DJI Enhanced-WiFi transmission subsystem
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26673/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-05T17:57:37.233000
1 posts
⚠️ CVE-2026-27971: QwikDev qwik <1.19.1 has a CRITICAL RCE flaw via unsafe deserialization in server-side RPC. No auth needed — patch to 1.19.1+ now! Exploits are trivial if require() is exposed. https://radar.offseq.com/threat/cve-2026-27971-cwe-502-deserialization-of-untruste-b59de789 #OffSeq #CVE202627971 #RCE #JavaScript #InfoSec
##updated 2026-03-05T16:16:15.673000
1 posts
🔴 CVE-2026-24113 - Critical (9.8)
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `nptr`. When this value is passed into the `getMibPrefix` function and concatenated using `sprintf` without proper size va...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24113/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-05T15:31:38
2 posts
🔴 CVE-2025-59786 - Critical (9.8)
2N Access Commander version 3.4.2 and prior improperly invalidates session tokens, allowing multiple session cookies to remain active after logout in web application.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-59786/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-59786 - Critical (9.8)
2N Access Commander version 3.4.2 and prior improperly invalidates session tokens, allowing multiple session cookies to remain active after logout in web application.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-59786/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-05T15:30:36
2 posts
🟠 CVE-2025-69411 - High (7.5)
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Robert Seyfriedsberger ionCube tester plus ioncube-tester-plus allows Path Traversal.This issue affects ionCube tester plus: from n/a through <= 1.3.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69411/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-69411 - High (7.5)
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Robert Seyfriedsberger ionCube tester plus ioncube-tester-plus allows Path Traversal.This issue affects ionCube tester plus: from n/a through <= 1.3.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69411/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-05T15:30:36
2 posts
🟠 CVE-2026-28121 - High (8.1)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Anderson andersonclinic allows PHP Local File Inclusion.This issue affects Anderson: from n/a through <= 1.4.2.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28121/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-28121 - High (8.1)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Anderson andersonclinic allows PHP Local File Inclusion.This issue affects Anderson: from n/a through <= 1.4.2.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28121/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-05T15:30:36
2 posts
🟠 CVE-2026-28123 - High (8.1)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Veil veil allows PHP Local File Inclusion.This issue affects Veil: from n/a through <= 1.9.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28123/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-28123 - High (8.1)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Veil veil allows PHP Local File Inclusion.This issue affects Veil: from n/a through <= 1.9.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28123/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-05T15:26:34
1 posts
🟠 CVE-2026-29045 - High (7.5)
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, when using serveStatic together with route-based middleware protections (e.g. app.use('/admin/*', ...)), inconsistent URL decoding allow...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-29045/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-05T15:16:10.817000
2 posts
1 repos
🔴 CVE-2025-66678 - Critical (9.8)
An issue in the HwRwDrv.sys component of Nil Hardware Editor Hardware Read & Write Utility v1.25.11.26 and earlier allows attackers to execute arbitrary read and write operations via a crafted request.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-66678/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-66678 - Critical (9.8)
An issue in the HwRwDrv.sys component of Nil Hardware Editor Hardware Read & Write Utility v1.25.11.26 and earlier allows attackers to execute arbitrary read and write operations via a crafted request.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-66678/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-05T15:04:34.670000
1 posts
🔴 CVE-2026-3204 - Critical (9.8)
Improper
input validation in the error message page in Devolutions Server 2025.3.15 and earlier allows remote attackers to spoof the displayed error message via a specially crafted URL.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3204/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-05T15:01:54.737000
2 posts
🔴 CVE-2026-2590 - Critical (9.8)
Improper
enforcement of the Disable password saving in vaults setting in the
connection entry component in Devolutions Remote Desktop Manager 2025.3.30 and earlier allows an authenticated user to persist credentials in vault entries,
potentiall...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2590/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-2590 - Critical (9.8)
Improper
enforcement of the Disable password saving in vaults setting in the
connection entry component in Devolutions Remote Desktop Manager 2025.3.30 and earlier allows an authenticated user to persist credentials in vault entries,
potentiall...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2590/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-05T12:30:36
1 posts
🚨 CVE-2026-21628: CRITICAL RCE in Astroid Template Framework (2.0.0 – 3.3.10) for Joomla. Unauthenticated file uploads allow remote code execution. No patch yet — restrict uploads and monitor systems! https://radar.offseq.com/threat/cve-2026-21628-cwe-434-unrestricted-upload-of-file-fb005d26 #OffSeq #Joomla #CVE202621628 #RCE
##updated 2026-03-05T09:30:40
1 posts
🟠 CVE-2026-1321 - High (8.1)
The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.2.20. This is due to the `rcp_setup_registration_init()` function accepting any membership level ID via t...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1321/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-05T09:30:40
2 posts
🔴 CVE-2026-28536 - Critical (9.6)
Authentication bypass vulnerability in the device authentication module. Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28536/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CRITICAL auth bypass (CVE-2026-28536) impacts Huawei HarmonyOS 6.0.0 & 5.1.0. Exploitation risks device integrity & confidentiality. No mitigation yet — monitor for updates! https://radar.offseq.com/threat/cve-2026-28536-cwe-305-authentication-bypass-by-pr-3e5ae728 #OffSeq #Huawei #Vuln #InfoSec
##updated 2026-03-05T06:31:28
1 posts
🚨 CVE-2026-29127 (CRITICAL, CVSS 9.2): SFX2100 Satellite Receiver allows local privilege escalation via 0777 monitor user directory. Audit & restrict permissions to 0700. No exploits yet, but high risk! https://radar.offseq.com/threat/cve-2026-29127-cwe-269-improper-privilege-manageme-e5c7745e #OffSeq #CVE #Infosec #PrivilegeEscalation
##updated 2026-03-05T06:30:38
1 posts
🛰️ CVE-2026-29128: HIGH-severity vuln in IDC SFX2100 Satellite Receiver. World-readable config files leak root creds — risking unauthorized access. Audit & secure files, update creds, monitor for abuse. https://radar.offseq.com/threat/cve-2026-29128-cwe-522-insufficiently-protected-cr-67a32621 #OffSeq #Vulnerability #Infosec #Satellite
##updated 2026-03-05T06:16:50.720000
1 posts
🛰️ CRITICAL: CVE-2026-29120 in IDC SFX2100 Satellite Receiver — hardcoded root hash in /root/anaconda-ks.cfg. Local attackers can escalate to root via offline cracking. Restrict access & monitor for abuse. Details: https://radar.offseq.com/threat/cve-2026-29120-cwe-798-use-of-hard-coded-credentia-587f7886 #OffSeq #CVE202629120 #IoTSecurity
##updated 2026-03-05T03:31:34
1 posts
🟠 CVE-2026-26034 - High (7.8)
UPS Multi-UPS Management Console (MUMC) version 01.06.0001 (A03) contains an Incorrect Default Permissions (CWE-276) vulnerability that allows an attacker to execute arbitrary code with SYSTEM privileges by causing the application to load a specia...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26034/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-05T00:31:17
5 posts
1 repos
Every day is like a loot box drop in software supply chain security
##Every day is like a loot box drop in software supply chain security
##🔴 CVE-2026-29000 - Critical (10)
pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an authentication bypass vulnerability in JwtAuthenticator when processing encrypted JWTs that allows remote attackers to forge authentication tokens. Attackers who possess the server's R...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-29000/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-29000 - Critical (10)
pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an authentication bypass vulnerability in JwtAuthenticator when processing encrypted JWTs that allows remote attackers to forge authentication tokens. Attackers who possess the server's R...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-29000/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CRITICAL: pac4j-jwt (pre-4.5.9/5.7.9/6.3.3) vulnerable to auth bypass (CVE-2026-29000). Attackers w/ RSA public key can forge JWTs, impersonate any user. Patch now & audit JWT usage! https://radar.offseq.com/threat/cve-2026-29000-cwe-347-improper-verification-of-cr-c33a53b1 #OffSeq #CVE202629000 #JWT #Security
##updated 2026-03-04T21:58:33.060000
1 posts
🔴 CVE-2026-24848 - Critical (9.9)
OpenEMR is a free and open source electronic health records and medical practice management application. In 7.0.4 and earlier, the disposeDocument() method in EtherFaxActions.php allows authenticated users to write arbitrary content to arbitrary l...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24848/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T21:57:13.603000
1 posts
🔴 CVE-2026-24898 - Critical (10)
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0, an unauthenticated token disclosure vulnerability in the MedEx callback endpoint allows any unauthenticated visitor to obtain ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24898/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T21:56:00.543000
1 posts
🔴 CVE-2026-25146 - Critical (9.6)
OpenEMR is a free and open source electronic health records and medical practice management application. From 5.0.2 to before 8.0.0, there are (at least) two paths where the gateway_api_key secret value is rendered to the client in plaintext. Thes...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25146/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T21:33:52
1 posts
🔴 CVE-2025-70236 - Critical (9.8)
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetDomainFilter.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70236/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T21:32:57
1 posts
🟠 CVE-2026-3539 - High (8.8)
Object lifecycle issue in DevTools in Google Chrome prior to 145.0.7632.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severit...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3539/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T21:32:45
1 posts
🔴 CVE-2025-70220 - Critical (9.8)
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAutoDetecWAN_wizard4.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70220/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T21:25:22.193000
2 posts
Important. Patch, patch, patch.
New.
Critical: CVE-2026-20122; CVE-2026-20126; and CVE-2026-20128: Cisco Catalyst SD-WAN Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v @TalosSecurity #Cisco #infosec #patchNOW
##Important. Patch, patch, patch.
New.
Critical: CVE-2026-20122; CVE-2026-20126; and CVE-2026-20128: Cisco Catalyst SD-WAN Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v @TalosSecurity #Cisco #infosec #patchNOW
##updated 2026-03-04T21:16:03.260000
1 posts
🔴 CVE-2025-70241 - Critical (9.8)
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWANType_Wizard5.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70241/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T21:16:03.077000
1 posts
🔴 CVE-2025-70239 - Critical (9.8)
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard55.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70239/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T21:14:09
1 posts
1 repos
Critical MS-Agent Vulnerability Allows Full System Takeover via AI Prompt Injection
ModelScope's MS-Agent framework contains a critical command injection vulnerability (CVE-2026-2256) that allows attackers to execute arbitrary system commands via malicious AI prompts.
**If you are using ModelScope's MS-Agent, this is important and urgent. There's a critical command injection flaw, a public PoC and no patch. Isolate the system as much as possible and until a patch is released, disable the Shell tool or implement strict command allowlists to prevent remote code execution. Treat AI agents with shell access as high-risk assets and isolate them in sandboxed environments.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-ms-agent-vulnerability-allows-full-system-takeover-via-ai-prompt-injection-r-f-r-o-w/gD2P6Ple2L
updated 2026-03-04T20:36:33.843000
1 posts
🔴 CVE-2026-3130 - Critical (9.8)
Improper Enforcement of Behavioral Controls in Devolutions Server 2025.3.15 and earlier allows an authenticated attacker with the delete permission to delete a PAM account that is currently checked out by selecting it alongside at least one non-c...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3130/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T20:25:41
1 posts
🟠 CVE-2026-28518 - High (7.8)
OpenViking versions 0.2.1 and prior, fixed in commit 46b3e76, contain a path traversal vulnerability in the .ovpack import handling that allows attackers to write files outside the intended import directory. Attackers can craft malicious ZIP arch...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28518/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T20:17:03
2 posts
🔴 CVE-2025-59059 - Critical (9.8)
Remote Code Execution Vulnerability in NashornScriptEngineCreator is reported in Apache Ranger versions <= 2.7.0.
Users are recommended to upgrade to version 2.8.0, which fixes this issue.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-59059/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-59059 - Critical (9.8)
Remote Code Execution Vulnerability in NashornScriptEngineCreator is reported in Apache Ranger versions <= 2.7.0.
Users are recommended to upgrade to version 2.8.0, which fixes this issue.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-59059/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T18:39:04
2 posts
🔴 CVE-2026-28697 - Critical (9.1)
Craft is a content management system (CMS). Prior to 4.17.0-beta.1 and 5.9.0-beta.1, an authenticated administrator can achieve Remote Code Execution (RCE) by injecting a Server-Side Template Injection (SSTI) payload into Twig template fields (e.g...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28697/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-28697 - Critical (9.1)
Craft is a content management system (CMS). Prior to 4.17.0-beta.1 and 5.9.0-beta.1, an authenticated administrator can achieve Remote Code Execution (RCE) by injecting a Server-Side Template Injection (SSTI) payload into Twig template fields (e.g...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28697/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T18:32:57
1 posts
9 repos
https://github.com/saruman9/cve_2025_20265
https://github.com/ANYLNK/STProcessMonitorBYOVD
https://github.com/wutang700/STProcessMonitorBYOVD
https://github.com/jordan922/cve2025-20265
https://github.com/R3lva/CVE-2025-54100-BYPASS-
https://github.com/keyuraghao/CVE-2025-20260
https://github.com/DeathShotXD/0xKern3lCrush-Foreverday-BYOVD-CVE-2026-0828
🟠 CVE-2026-2025 - High (7.5)
The Mail Mint WordPress plugin before 1.19.5 does not have authorization in one of its REST API endpoint, allowing unauthenticated users to call it and retrieve the email addresses of users on the blog
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2025/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T18:32:57
2 posts
1 repos
🟠 CVE-2025-70341 - High (7.8)
Insecure permissions in App-Auto-Patch v3.4.2 create a race condition which allows attackers to write arbitrary files.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70341/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-70341 - High (7.8)
Insecure permissions in App-Auto-Patch v3.4.2 create a race condition which allows attackers to write arbitrary files.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70341/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T18:32:03
6 posts
1 repos
Cisco Issues Emergency Patches for Critical Root-Level Firewall Management Flaws
Cisco patched two critical vulnerabilities (CVE-2026-20079 and CVE-2026-20131) in its Secure Firewall Management Center that allow unauthenticated remote attackers to gain root access and execute arbitrary code.
**If you are using Cisco FMC on premise, this is urgent and important. Make sure the web interface of the FMC is isolated and accessible only from trusted networks. Then apply a very quick patch, since even if isolated, a lot of attackers will be building tools to attack it after they do a successful phishing or endpoint compromise.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/cisco-issues-emergency-patches-for-critical-root-level-firewall-management-flaws-i-7-p-d-v/gD2P6Ple2L
💥 Cisco warns of max severity Secure FMC flaws giving root access
「 Both vulnerabilities can be exploited remotely by unauthenticated attackers: the authentication bypass flaw (CVE-2026-20079) allows attackers to gain root access to the underlying operating system, while the remote code execution (RCE) vulnerability (CVE-2026-20131) lets them execute arbitrary Java code as root on unpatched devices 」
#cisco #rce #cybersecurity
https://www.bleepingcomputer.com/news/security/cisco-warns-of-max-severity-secure-fmc-flaws-giving-root-access/
yikes.. 50 CVEs for Cisco today incl. two max severity CVE-2026-20131 & CVE-2026-20079 with auth bypass 🫡
🚬
##🔴 CVE-2026-20079 - Critical (10)
A vulnerability in the web interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authentication and execute script files on an affected device to obtain root access to the und...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20079/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##2 perfect 10s from Cisco today! First up, CVE-2026-20079, auth bypass in Cisco Secure Firewall Management, by way of a...rogue process launched at boot?
##Oops.
A long list of Cisco vulnerabilities, two critical, several high-severity.
- Critical: CVE-2026-20079-CWE-288: Cisco Secure Firewall Management Center Software Authentication Bypass Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-onprem-fmc-authbypass-5JPp45V2
- Critical: CVE-2026-20131-CWE-502: Cisco Secure Firewall Management Center Software Remote Code Execution Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-rce-NKhnULJh
More. Grab a coffee https://sec.cloudapps.cisco.com/security/center/publicationListing.x @TalosSecurity #infosec #vulnerability #Cisco
##updated 2026-03-04T18:32:03
2 posts
🟠 CVE-2026-20049 - High (7.7)
A vulnerability in the processing of Galois/Counter Mode (GCM)-encrypted Internet Key Exchange version 2 (IKEv2) IPsec traffic of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Softw...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20049/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-20049 - High (7.7)
A vulnerability in the processing of Galois/Counter Mode (GCM)-encrypted Internet Key Exchange version 2 (IKEv2) IPsec traffic of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Softw...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20049/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T18:32:03
1 posts
🟠 CVE-2026-20105 - High (7.7)
A vulnerability in the Remote Access SSL VPN functionality of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker with a valid VPN connect...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20105/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T18:32:02
2 posts
🟠 New security advisory:
CVE-2026-20082 affects multiple systems.
• Impact: Significant security breach potential
• Risk: Unauthorized access or data exposure
• Mitigation: Apply patches within 24-48 hours
Full breakdown:
https://yazoul.net/advisory/cve/cve-2026-20082
🟠 CVE-2026-20082 - High (8.6)
A vulnerability in the handling of the embryonic connection limits in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause incoming TCP SYN packets to be dropped incorrectly.
...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20082/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T18:32:02
2 posts
🟠 CVE-2026-20002 - High (8.1)
A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.
This vulnerability is due to inadequate validation of user-...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20002/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-20002 - High (8.1)
A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.
This vulnerability is due to inadequate validation of user-...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20002/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T18:32:02
2 posts
🟠 CVE-2026-20039 - High (8.6)
A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) co...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20039/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-20039 - High (8.6)
A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) co...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20039/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T18:32:02
1 posts
🟠 CVE-2026-20014 - High (7.7)
A vulnerability in the IKEv2 feature of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an authenticated, remote attacker with valid VPN user credentials to cause a DoS condition on an affected device that may also imp...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20014/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T18:32:02
2 posts
🟠 CVE-2026-26514 - High (7.5)
An Argument Injection vulnerability exists in bird-lg-go before commit 6187a4e. The traceroute module uses shlex.Split to parse user input without validation, allowing remote attackers to inject arbitrary flags (e.g., -w, -q) via the q parameter. ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26514/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26514 - High (7.5)
An Argument Injection vulnerability exists in bird-lg-go before commit 6187a4e. The traceroute module uses shlex.Split to parse user input without validation, allowing remote attackers to inject arbitrary flags (e.g., -w, -q) via the q parameter. ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26514/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T18:31:51
1 posts
🔴 CVE-2025-70237 - Critical (9.8)
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetPortTr.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70237/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T18:31:51
1 posts
🔴 CVE-2025-70240 - Critical (9.8)
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard51.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70240/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T18:31:51
1 posts
🔴 CVE-2025-70234 - Critical (9.8)
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetQoS.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70234/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T18:13:00.207000
6 posts
1 repos
https://github.com/automate-it0/qualcomm-vulnerability-scanner
Google notifying Android user of high-severity vuln CVE-2026-21385 and March 2026 security update might work better if that link the "AI Mode" #slopgenerator did not link to December 2025 bulletin.
##The exploitation activity against CVE-2026-21385, a high-severity memory corruption flaw, could be tied to commercial spyware or nation-state threat groups. https://www.darkreading.com/threat-intelligence/qualcomm-zero-day-exploited-targeted-android-attacks
##🚨 [CISA-2026:0303] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0303)
CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2026-21385 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21385)
- Name: Qualcomm Multiple Chipsets Memory Corruption Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Qualcomm
- Product: Multiple Chipsets
- Notes: https://source.android.com/docs/security/bulletin/2026/2026-03-01 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21385
⚠️ CVE-2026-22719 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-22719)
- Name: Broadcom VMware Aria Operations Command Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Broadcom
- Product: VMware Aria Operations
- Notes: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ; https://knowledge.broadcom.com/external/article/430349 ; https://nvd.nist.gov/vuln/detail/CVE-2026-22719
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260303 #cisa20260303 #cve_2026_21385 #cve_2026_22719 #cve202621385 #cve202622719
##CVE ID: CVE-2026-21385
Vendor: Qualcomm
Product: Multiple Chipsets
Date Added: 2026-03-03
Notes: https://source.android.com/docs/security/bulletin/2026/2026-03-01 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21385
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-21385
Aggiornamenti Android marzo 2026, corretta una zero-day già sfruttata: cosa fare subito
Google ha rilasciato l’Android Security Bulletin di marzo 2026, il più corposo dell’anno: 129 vulnerabilità corrette di cui una, la CVE-2026-21385...
🔗️ [Cybersecurity360] https://link.is.it/AC1JZ9
##Google confirms that the Qualcomm Android vulnerability CVE-2026-21385 was exploited in real-world attacks.
#CVE_2026_21385
https://securityaffairs.com/188823/security/android-devices-hit-by-exploited-qualcomm-flaw-cve-2026-21385.html
updated 2026-03-04T17:50:01.217000
1 posts
🔴 CVE-2025-66945 - Critical (9.1)
A path traversal vulnerability exists in the ZIP extraction API of Zdir Pro 4.x. When a crafted ZIP archive is processed by the backend at /api/extract, files may be written outside the intended directory, leading to arbitrary file overwrite and p...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-66945/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T17:40:21.317000
1 posts
🟠 CVE-2025-62814 - High (7.5)
An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, and 2400. A NULL pointer dereference of ft_handle in load_fw_utc_vector() causes a denial of service.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-62814/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T15:31:42
3 posts
1 repos
🔴 CVE-2026-3224 - Critical (9.8)
Authentication bypass in the Microsoft Entra ID (Azure AD) authentication mode in Devolutions Server 2025.3.15.0 and earlier allows an unauthenticated user to authenticate as an arbitrary Entra ID user via a forged JSON Web Token (JWT).
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3224/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-3224 - Critical (9.8)
Authentication bypass in the Microsoft Entra ID (Azure AD) authentication mode in Devolutions Server 2025.3.15.0 and earlier allows an unauthenticated user to authenticate as an arbitrary Entra ID user via a forged JSON Web Token (JWT).
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3224/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CVE-2026-3224: CRITICAL auth bypass in Devolutions Server <=2025.3.15.0 using Microsoft Entra ID. Attackers can forge JWTs for full access. No known exploits, but patch ASAP & tighten token validation. https://radar.offseq.com/threat/cve-2026-3224-cwe-287-improper-authentication-cwe--6697497e #OffSeq #Vuln #CyberSecurity #JWT
##updated 2026-03-04T15:31:37
1 posts
🟠 CVE-2025-66363 - High (7.5)
An issue was discovered in LBS in Samsung Mobile Processor Exynos 2200. There was no check for memory initialization within DL NAS Transport messages.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-66363/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T15:08:13.743000
6 posts
CISA Reports Active Exploitation of VMware Aria Operations
CISA reports active exploitation a VMware Aria Operations command injection vulnerability (CVE-2026-22719).
**If you are using VMware Aria Operations, this is urgent. Your systems are under attack, so patch ASAP. If you can't patch, run the official workaround script to disable the migration service and block the primary attack path.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/cisa-reports-active-exploitation-of-vmware-aria-operations-7-q-1-u-p/gD2P6Ple2L
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a VMware Aria Operations vulnerability tracked as CVE-2026-22719 to its Known Exploited Vulnerabilities catalog, flagging the flaw as exploited in attacks.
##The recently patched CVE-2026-22719 can be exploited by an unauthenticated attacker for remote code execution. https://www.securityweek.com/vmware-aria-operations-vulnerability-exploited-in-the-wild/
##🚨 [CISA-2026:0303] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0303)
CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2026-21385 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21385)
- Name: Qualcomm Multiple Chipsets Memory Corruption Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Qualcomm
- Product: Multiple Chipsets
- Notes: https://source.android.com/docs/security/bulletin/2026/2026-03-01 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21385
⚠️ CVE-2026-22719 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-22719)
- Name: Broadcom VMware Aria Operations Command Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Broadcom
- Product: VMware Aria Operations
- Notes: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ; https://knowledge.broadcom.com/external/article/430349 ; https://nvd.nist.gov/vuln/detail/CVE-2026-22719
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260303 #cisa20260303 #cve_2026_21385 #cve_2026_22719 #cve202621385 #cve202622719
##CISA flags VMware Aria Operations RCE flaw as exploited in attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a VMware Aria Operations vulnerability tracked as CVE-2026-22719 to its...
🔗️ [Bleepingcomputer] https://link.is.it/bR3nUY
##CVE ID: CVE-2026-22719
Vendor: Broadcom
Product: VMware Aria Operations
Date Added: 2026-03-03
Notes: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ; https://knowledge.broadcom.com/external/article/430349 ; https://nvd.nist.gov/vuln/detail/CVE-2026-22719
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-22719
updated 2026-03-04T14:07:42.520000
2 posts
🔴 CVE-2026-3485 - Critical (9.8)
A flaw has been found in D-Link DIR-868L 110b03. This affects the function sub_1BF84 of the component SSDP Service. This manipulation of the argument ST causes os command injection. It is possible to initiate the attack remotely. The exploit has b...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3485/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CRITICAL: CVE-2026-3485 enables remote OS command injection in D-Link DIR-868L (110b03) via SSDP (UPnP). Exploit is public, no patch. Replace or isolate device ASAP — block SSDP, monitor traffic. https://radar.offseq.com/threat/cve-2026-3485-os-command-injection-in-d-link-dir-8-905d15ee #OffSeq #CVE20263485 #RouterSecurity #Vuln
##updated 2026-03-04T09:31:14
1 posts
🟠 CVE-2026-3094 - High (7.8)
Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3094/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T02:00:50
1 posts
🟠 CVE-2026-27932 - High (7.5)
joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption (JOSE) standards. In 1.6.2 and earlier, a resource exhaustion vulnerability in joserfc allows an unauthenticated attacker to cause a Denial o...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27932/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T02:00:01
1 posts
🔴 CVE-2026-26279 - Critical (9.1)
Froxlor is open source server administration software. Prior to 2.3.4, a typo in Froxlor's input validation code (== instead of =) completely disables email format checking for all settings fields declared as email type. This allows an authenticat...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26279/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T21:52:29.877000
1 posts
🟠 CVE-2025-52365 - High (7.8)
A command injection vulnerability in the szc script of the ccurtsinger/stabilizer repository allows remote attackers to execute arbitrary system commands via unsanitized user input passed to os.system(). The vulnerability arises from improper inpu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-52365/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T21:32:19
1 posts
🟠 CVE-2025-69765 - High (7.5)
Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formGetIptv function and the list parameter, which can cause memory corruption and enable remote code execution.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69765/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T21:32:19
2 posts
🟠 CVE-2026-0032 - High (7.8)
In multiple functions of mem_protect.c, there is a possible out-of-bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for e...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0032/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-0032 - High (7.8)
In multiple functions of mem_protect.c, there is a possible out-of-bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for e...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0032/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T21:31:24
1 posts
🟠 CVE-2026-24502 - High (8.8)
Dell Command | Intel vPro Out of Band, versions prior to 4.7.0, contain an Uncontrolled Search Path Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24502/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T20:16:44.803000
1 posts
🟠 CVE-2025-70252 - High (7.5)
An issue was discovered in /goform/WifiWpsStart in Tenda AC6V2.0 V15.03.06.23_multi. The index and mode are controllable. If the conditions are met to sprintf, they will be spliced into tmp. It is worth noting that there is no size check,which lea...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70252/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T19:39:28.533000
1 posts
🔴 CVE-2026-0029 - Critical (9.8)
In __pkvm_init_vm of pkvm.c, there is a possible memory corruption due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0029/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T19:23:29.340000
1 posts
🟠 CVE-2025-48645 - High (7.8)
In loadDescription of DeviceAdminInfo.java, there is a possible persistent package due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed fo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48645/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T19:02:04.290000
1 posts
🟠 CVE-2026-28399 - High (8.8)
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, an authenticated user with Creator role can inject arbitrary SQL via the DATEADD formula's unit parameter. This issue has been patched in version 0.301.3.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28399/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T18:47:26.910000
1 posts
🔴 CVE-2025-50199 - Critical (9.1)
Chamilo is a learning management system. Prior to version 1.11.30, there is a blind SSRF vulnerability in /index.php via the POST openid_url parameter. This issue has been patched in version 1.11.30.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-50199/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T18:40:59.027000
1 posts
🟠 CVE-2026-0017 - High (7.7)
In onChange of BiometricService.java, there is a possible way to enable fingerprint unlock due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not n...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0017/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T18:32:36
1 posts
🔴 CVE-2026-24112 - Critical (9.8)
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by specifying the value of `userInfo`. When `userInfo` is passed into the `addWewifiWhiteUser` function and processed by `sscanf` without size validat...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24112/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T18:32:35
1 posts
🟠 CVE-2025-48605 - High (8.4)
In multiple functions of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not ne...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48605/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T18:32:35
1 posts
🟠 CVE-2025-48654 - High (7.8)
In onStart of CompanionDeviceManagerService.java, there is a possible confused deputy due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48654/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T18:32:34
1 posts
🟠 CVE-2025-48635 - High (7.7)
In multiple functions of TaskFragmentOrganizerController.java, there is a possible activity token leak due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interact...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48635/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T18:31:33
1 posts
🟠 CVE-2026-20777 - High (8.1)
A heap-based buffer overflow vulnerability exists in the Nicolet WFT parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (db9a9a63). A specially crafted .wft file can lead to arbitrary code execution. An attacker can prov...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20777/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T18:31:32
1 posts
🟠 CVE-2025-48613 - High (7.8)
In VBMeta, there is a possible way to modify and resign VBMeta using a test key, assuming the original image was previously signed with the same key. This could lead to local escalation of privilege with no additional execution privileges needed. ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48613/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T18:31:32
1 posts
🟠 CVE-2026-0011 - High (8.4)
In enableSystemPackageLPw of Settings.java, there is a possible way to prevent location access from working due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User int...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0011/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T18:31:32
1 posts
🟠 CVE-2025-48653 - High (7.8)
In loadDataAndPostValue of multiple files, there is a possible way to obscure permission usage due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is n...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48653/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T18:31:31
1 posts
🔴 CVE-2026-24115 - Critical (9.8)
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the sizes of `gstup` and `gstdwn` before concatenating them into `gstruleQos` may lead to buffer overflow.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24115/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T18:31:31
1 posts
🟠 CVE-2025-48602 - High (8.4)
In exitKeyguardAndFinishSurfaceBehindRemoteAnimation of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges nee...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48602/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T18:31:30
1 posts
🔴 CVE-2026-24114 - Critical (9.8)
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate `pPortMapIndex` may lead to buffer overflows when using `strcpy`.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24114/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T18:31:29
1 posts
🔴 CVE-2026-24111 - Critical (9.8)
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by specifying the value of `userInfo`. When `userInfo` is passed into the `addAuthUser` function and processed by `sscanf` without size validation, it...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24111/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T18:31:29
1 posts
🔴 CVE-2026-24109 - Critical (9.8)
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `picName`. When this value is used in `sprintf` without validating variable sizes, it could lead to a buffer overflow vuln...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24109/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T18:13:43.183000
1 posts
🔴 CVE-2025-48609 - Critical (9.1)
In multiple functions of MmsProvider.java, there is a possible way to arbitrarily delete files which affect telephony, SMS, and MMS functionalities due to a path traversal error. This could lead to local denial of service with no additional execut...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48609/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T18:13:02.407000
1 posts
🟠 CVE-2025-48619 - High (8.4)
In multiple functions of ContentProvider.java, there is a possible way for an app with read-only access to truncate files due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges ne...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48619/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T17:43:50
2 posts
🔴 CVE-2026-27012 - Critical (9.8)
OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a privilege escalation and authentication bypass vulnerability in OpenSTAManager allows any attacker to arbitrarily change a user's ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27012/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CRITICAL: OpenSTAManager <=2.9.8 hit by CVE-2026-27012 (CVSS 9.8). Unauthenticated users can escalate privileges by altering user group IDs via modules/utenti/actions.php. Restrict access & monitor logs! Details: https://radar.offseq.com/threat/cve-2026-27012-cwe-306-missing-authentication-for--435d22b5 #OffSeq #infosec #CVE202627012
##updated 2026-03-03T16:16:19.067000
1 posts
🟠 CVE-2026-0010 - High (8.4)
In onTransact of IDrmManagerService.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exp...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0010/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T15:31:40
2 posts
🟠 CVE-2026-0025 - High (7.8)
In hasImage of Notification.java, there is a possible way to reveal information across users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not need...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0025/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-0025 - High (7.8)
In hasImage of Notification.java, there is a possible way to reveal information across users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not need...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0025/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T15:31:37
5 posts
1 repos
https://github.com/watchtowrlabs/watchTowr-vs-JunosEvolved-CVE-2026-21902
📢 CVE-2026-21902: exécution de code pré-auth sur Juniper Junos OS Evolved (PTX) via API d'anomalies
📝 Selon watchTowr Labs (labs.watchtowr.com), une vulnérabilit...
📖 cyberveille : https://cyberveille.ch/posts/2026-03-05-cve-2026-21902-execution-de-code-pre-auth-sur-juniper-junos-os-evolved-ptx-via-api-d-anomalies/
🌐 source : https://labs.watchtowr.com/sometimes-you-can-just-feel-the-security-in-the-design-junos-os-evolved-cve-2026-21902-rce/
#CVE_2026_21902 #IOC #Cyberveille
Sometimes, You Can Just Feel The Security In The Design (Juniper Junos Evolved CVE-2026-21902 Pre-Auth RCE)
##New.
WatchTower: Sometimes, You Can Just Feel The Security In The Design (Juniper Junos Evolved CVE-2026-21902 Pre-Auth RCE) https://labs.watchtowr.com/sometimes-you-can-just-feel-the-security-in-the-design-junos-os-evolved-cve-2026-21902-rce/ #infosec #threatresearch
##Sometimes, You Can Just Feel The Security In The Design (Junos OS Evolved CVE-2026-21902 RCE)
#CVE_2026_21902
https://labs.watchtowr.com/sometimes-you-can-just-feel-the-security-in-the-design-junos-os-evolved-cve-2026-21902-rce/
Sometimes, You Can Just Feel The Security In The Design (Junos OS Evolved CVE-2026-21902 RCE) - watchTowr Labs https://labs.watchtowr.com/sometimes-you-can-just-feel-the-security-in-the-design-junos-os-evolved-cve-2026-21902-rce/
##updated 2026-03-03T15:31:36
1 posts
🟠 CVE-2026-20423 - High (7.8)
In wlan STA driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR0046...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20423/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T15:16:18.907000
1 posts
🔴 CVE-2026-24105 - Critical (9.8)
An issue was discovered in goform/formsetUsbUnload in Tenda AC15V1.0 V15.03.05.18_multi. The value of `v1` was not checked, potentially leading to a command injection vulnerability if injected into doSystemCmd.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24105/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T06:31:14
3 posts
⚠️ WordPress membership plugin bug exploited to create admin accounts
「 The security vulnerability is tracked as CVE-2026-1492 and received a critical severity rating of 9.8. Because the plugin accepts a user-supplied role during membership registration, hackers can create administrator accounts without authentication 」
##⚠️ WordPress membership plugin bug exploited to create admin accounts
「 The security vulnerability is tracked as CVE-2026-1492 and received a critical severity rating of 9.8. Because the plugin accepts a user-supplied role during membership registration, hackers can create administrator accounts without authentication 」
##Critical Privilege Escalation Vulnerability Reported in WordPress User Registration Plugin
A critical vulnerability (CVE-2026-1492) in the WordPress User Registration & Membership plugin allows unauthenticated attackers to create administrator accounts by exploiting a lack of server-side role validation. Active exploitation has already been detected.
**If you are using User Registration & Membership plugin, this is urgent. Update to version 5.1.3 immediately, because this is an actively exploited flaw. If you can't update, disable user registration.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/critical-privilege-escalation-vulnerability-reported-in-wordpress-user-registration-plugin-s-t-r-5-i/gD2P6Ple2L
updated 2026-03-02T15:31:31
1 posts
HPE Reports Flaw in AutoPass License Server Enabling Authentication Bypass
HPE reports an authentication bypass vulnerability (CVE-2026-23600) in its AutoPass License Server that allows remote attackers to gain full control over the system.
**Treat your license servers as part of high-priority infrastructure because they often hold the keys to your entire software environment. Immediately update HPE APLS to version 9.19 and ensure these servers are never exposed to the public internet.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/hpe-reports-flaw-in-autopass-license-server-enabling-authentication-bypass-k-f-a-n-b/gD2P6Ple2L
updated 2026-02-27T14:06:59.787000
2 posts
NetExec vulnerable to arbitrary file write via path traversal in spider_plus module https://nvd.nist.gov/vuln/detail/cve-2026-27884
##NetExec vulnerable to arbitrary file write via path traversal in spider_plus module https://nvd.nist.gov/vuln/detail/cve-2026-27884
##updated 2026-02-26T21:32:34
2 posts
Photographers, news orgs, researchers: If you’re using ExifTool on Macintosh update it to version 13.52 (current at this writing). A critical vulnerability in ExifTool is fixed. Maliciously crafted metadata embedded in an image file can run commands on the system. https://www.kaspersky.co.uk/blog/exiftool-macos-picture-vulnerability-mitigation-cve-2026-3102/30115/
##Photographers, news orgs, researchers: If you’re using ExifTool on Macintosh update it to version 13.52 (current at this writing). A critical vulnerability in ExifTool is fixed. Maliciously crafted metadata embedded in an image file can run commands on the system. https://www.kaspersky.co.uk/blog/exiftool-macos-picture-vulnerability-mitigation-cve-2026-3102/30115/
##updated 2026-02-26T21:28:58.090000
1 posts
updated 2026-02-26T16:20:02.187000
3 posts
4 repos
https://github.com/leemuun/CVE-2026-20127
https://github.com/BugFor-Pings/CVE-2026-20127_EXP
https://github.com/zerozenxlabs/CVE-2026-20127---Cisco-SD-WAN-Preauth-RCE
Cisco Catalyst SD-WAN CVSS 10.0 zero-day (CVE-2026-20127) has been actively exploited, with attackers gaining admin access.
Full technical breakdown: https://forum.hashpwn.net/post/10802
#cisco #sdwan #cvss10 #cve202620127 #exploit #cybersecurity #infosec #news #hashpwn
##Cisco Catalyst SD-WAN CVSS 10.0 zero-day (CVE-2026-20127) has been actively exploited, with attackers gaining admin access.
Full technical breakdown: https://forum.hashpwn.net/post/10802
#cisco #sdwan #cvss10 #cve202620127 #exploit #cybersecurity #infosec #news #hashpwn
##Broadcom has an updated advisory for a low-severity vulnerability: Datacom SQL Performance Analyzer 1.2 - Vulnerabilities in Third Party Dependencies https://support.broadcom.com/web/ecx/security-advisory
Updated advisory from Cisco:
Critical: CVE-2026-20127-CWE-287: Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk
Also from Cisco: VTK tagged for a zero-day report https://talosintelligence.com/vulnerability_info @TalosSecurity #Cisco #Broadcom #infosec #vulnerability #zeroday
##updated 2026-02-26T16:07:11.047000
1 posts
1 repos
🔴 CVE-2026-28289 - Critical (10)
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. A patch bypass vulnerability for CVE-2026-27636 in FreeScout 1.8.206 and earlier allows any authenticated user with file upload permissions to achieve Remote Code E...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28289/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-25T18:31:45
2 posts
Important. Patch, patch, patch.
New.
Critical: CVE-2026-20122; CVE-2026-20126; and CVE-2026-20128: Cisco Catalyst SD-WAN Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v @TalosSecurity #Cisco #infosec #patchNOW
##Important. Patch, patch, patch.
New.
Critical: CVE-2026-20122; CVE-2026-20126; and CVE-2026-20128: Cisco Catalyst SD-WAN Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v @TalosSecurity #Cisco #infosec #patchNOW
##updated 2026-02-25T18:31:44
2 posts
Important. Patch, patch, patch.
New.
Critical: CVE-2026-20122; CVE-2026-20126; and CVE-2026-20128: Cisco Catalyst SD-WAN Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v @TalosSecurity #Cisco #infosec #patchNOW
##Important. Patch, patch, patch.
New.
Critical: CVE-2026-20122; CVE-2026-20126; and CVE-2026-20128: Cisco Catalyst SD-WAN Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v @TalosSecurity #Cisco #infosec #patchNOW
##updated 2026-02-11T15:40:42.937000
1 posts
63 repos
https://github.com/SeptembersEND/CVE--2026-24061
https://github.com/duy-31/CVE-2026-24061---telnetd
https://github.com/BrainBob/Telnet-TestVuln-CVE-2026-24061
https://github.com/scumfrog/cve-2026-24061
https://github.com/0x7556/CVE-2026-24061
https://github.com/Gabs-hub/CVE-2026-24061_Lab
https://github.com/ridpath/Terrminus-CVE-2026-2406
https://github.com/MY0723/GNU-Inetutils-telnet-CVE-2026-24061-
https://github.com/0p5cur/CVE-2026-24061-POC
https://github.com/buzz075/CVE-2026-24061
https://github.com/Remnant-DB/CVE-2026-24061
https://github.com/Parad0x7e/CVE-2026-24061
https://github.com/BrainBob/CVE-2026-24061
https://github.com/typeconfused/CVE-2026-24061
https://github.com/tiborscholtz/CVE-2026-24061
https://github.com/punitdarji/telnetd-cve-2026-24061
https://github.com/JayGLXR/CVE-2026-24061-POC
https://github.com/m3ngx1ng/cve_2026_24061_cli
https://github.com/setuju/telnetd
https://github.com/hyu164/Terrminus-CVE-2026-2406
https://github.com/canpilayda/inetutils-telnetd-cve-2026-24061
https://github.com/hackingyseguridad/root
https://github.com/FurkanKAYAPINAR/CVE-2026-24061-telnet2root
https://github.com/xuemian168/CVE-2026-24061
https://github.com/r00tuser111/CVE-2026-24061
https://github.com/madfxr/Twenty-Three-Scanner
https://github.com/parameciumzhang/Tell-Me-Root
https://github.com/X-croot/CVE-2026-24061_POC
https://github.com/obrunolima1910/CVE-2026-24061
https://github.com/dotelpenguin/telnetd_CVE-2026-24061_tester
https://github.com/novitahk/Exploit-CVE-2026-24061
https://github.com/ibrahmsql/CVE-2026-24061-PoC
https://github.com/cumakurt/tscan
https://github.com/hilwa24/CVE-2026-24061
https://github.com/androidteacher/CVE-2026-24061-PoC-Telnetd
https://github.com/z3n70/CVE-2026-24061
https://github.com/lavabyte/telnet-CVE-2026-24061
https://github.com/monstertsl/CVE-2026-24061
https://github.com/yanxinwu946/CVE-2026-24061--telnetd
https://github.com/ms0x08-dev/CVE-2026-24061-POC
https://github.com/midox008/CVE-2026-24061
https://github.com/XsanFlip/CVE-2026-24061-Scanner
https://github.com/balgan/CVE-2026-24061
https://github.com/killsystema/scan-cve-2026-24061
https://github.com/infat0x/CVE-2026-24061
https://github.com/ilostmypassword/Melissae
https://github.com/leonjza/inetutils-telnetd-auth-bypass
https://github.com/franckferman/CVE_2026_24061_PoC
https://github.com/shivam-bathla/CVE-2026-24061-setup
https://github.com/Chocapikk/CVE-2026-24061
https://github.com/SystemVll/CVE-2026-24061
https://github.com/SafeBreach-Labs/CVE-2026-24061
https://github.com/LucasPDiniz/CVE-2026-24061
https://github.com/h3athen/CVE-2026-24061
https://github.com/Mefhika120/Ashwesker-CVE-2026-24061
https://github.com/Mr-Zapi/CVE-2026-24061
https://github.com/Alter-N0X/CVE-2026-24061-POC
https://github.com/TryA9ain/CVE-2026-24061
https://github.com/0xXyc/telnet-inetutils-auth-bypass-CVE-2026-24061
https://github.com/Lingzesec/CVE-2026-24061-GUI
https://github.com/Ali-brarou/telnest
https://github.com/nrnw/CVE-2026-24061-GNU-inetutils-Telnet-Detector
New.
Picus: CVE-2026-24061: Critical Telnetd Flaw Grants Root Access https://www.picussecurity.com/resource/blog/cve-2026-24061-critical-telnetd-flaw-grants-root-access #infosec #vulnerability #threatresearch
##updated 2026-01-23T00:31:24
1 posts
New.
Tenable has added this critical vulnerability to its research advisories:
Critical: CVE-2026-21524: Microsoft Azure Data Explorer Cross-Tenant Data Leak with Custom Dashboard https://www.tenable.com/security/research/tra-2026-14 @tenable #infosec #vulnerability #Microsoft #Azure
##updated 2026-01-07T18:30:21
2 posts
A Race Within a Race: Exploiting CVE-2025-38617 in Linux Packet Sockets https://blog.calif.io/p/a-race-within-a-race-exploiting-cve
##A Race Within A Race: Exploiting CVE-2025-38617 in Linux Packet Sockets https://lobste.rs/s/1mya3a #linux #security
https://blog.calif.io/p/a-race-within-a-race-exploiting-cve
updated 2025-12-29T15:58:56.260000
2 posts
Critical Unauthenticated RCE Vulnerability in IceWarp Leaves 1,200 Servers Exposed
IceWarp patched a critical unauthenticated remote code execution vulnerability (CVE-2025-14500) that allows attackers to run commands with system privileges via a malicious HTTP header. Over 1,200 servers remain exposed, posing a significant risk to corporate communication data and internal network security.
**If you are using IceWarp, this is important. Unauthenticated attackers can take full control of your entire mail server without needing a password. Apply the latest IceWarp security updates to close this vulnerability. If possible, isolate the platform from the internet.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-unauthenticated-rce-vulnerability-in-icewarp-leaves-1200-servers-exposed-0-e-s-v-l/gD2P6Ple2L
Critical Unauthenticated RCE Vulnerability in IceWarp Leaves 1,200 Servers Exposed
IceWarp patched a critical unauthenticated remote code execution vulnerability (CVE-2025-14500) that allows attackers to run commands with system privileges via a malicious HTTP header. Over 1,200 servers remain exposed, posing a significant risk to corporate communication data and internal network security.
**If you are using IceWarp, this is important. Unauthenticated attackers can take full control of your entire mail server without needing a password. Apply the latest IceWarp security updates to close this vulnerability. If possible, isolate the platform from the internet.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-unauthenticated-rce-vulnerability-in-icewarp-leaves-1200-servers-exposed-0-e-s-v-l/gD2P6Ple2L
updated 2025-12-16T21:30:51
1 posts
2 repos
New.
Picus: CVE-2025-59718: Critical FortiCloud SSO Authentication Bypass https://www.picussecurity.com/resource/blog/cve-2025-59718-critical-forticloud-sso-authentication-bypass #Fortinet #infosec #threatresearch #vulnerability
##updated 2025-10-22T18:30:45
1 posts
Dell has a new advisory:
CVE-2025-23299: Security Update for NVIDIA Bluefield and ConnectX Vulnerabilities https://www.dell.com/support/kbdoc/en-us/000435005/dsa-2026-121-security-update-for-nvidia-bluefield-and-connectx-vulnerabilities #Dell #infosec #vulnerability #Nvidia
##updated 2025-10-22T00:34:17
2 posts
10 repos
https://github.com/gmh5225/Blackash-CVE-2025-0282
https://github.com/rxwx/pulse-meter
https://github.com/AdaniKamal/CVE-2025-0282
https://github.com/almanatra/CVE-2025-0282
https://github.com/AnonStorks/CVE-2025-0282-Full-version
https://github.com/absholi7ly/CVE-2025-0282-Ivanti-exploit
https://github.com/Hexastrike/Ivanti-Connect-Secure-Logs-Parser
https://github.com/punitdarji/Ivanti-CVE-2025-0282
⚪️ “Dormant” RESURGE Malware Discovered on Ivanti Devices
🗨️ The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its information on the RESURGE malware, which was used in attacks against Ivanti Connect Secure devices via the zero-day vulnerability CVE-2025-0282. This malware was first documented back in March of…
##⚪️ “Dormant” RESURGE Malware Discovered on Ivanti Devices
🗨️ The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its information on the RESURGE malware, which was used in attacks against Ivanti Connect Secure devices via the zero-day vulnerability CVE-2025-0282. This malware was first documented back in March of…
##updated 2025-10-21T21:04:55
1 posts
7 repos
https://github.com/sirredbeard/CVE-2025-55315-repro
https://github.com/MartinFabianIonut/CVE-2025-55315
https://github.com/jlinebau/CVE-2025-55315-Scanner-Monitor
https://github.com/RootAid/CVE-2025-55315
https://github.com/nickcopi/CVE-2025-55315-detection-playground
#OT #Advisory VDE-2026-001
METTLER TOLEDO: ASP.NET core vulnerability in LabX
LabX 21.2.12 (formerly known as LabX Cloud 1.2.12) is affected by the ASP.NET core vulnerability CVE-2025-55315.
#CVE CVE-2025-55315
https://certvde.com/en/advisories/vde-2026-001/
#oCSAF
#CSAF https://mettler-toledo.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-001.json
updated 2025-10-03T14:16:36
2 posts
#CheckPoint Research has discovered critical #vulnerabilities in #Anthropic’s #Claude Code that allow attackers to achieve remote code execution and steal API credentials through malicious project configurations. Stolen keys can provide access to shared Workspaces for file access and tampering. Anthropic patched the issues, including CVE-2025-59536.
###CheckPoint Research has discovered critical #vulnerabilities in #Anthropic’s #Claude Code that allow attackers to achieve remote code execution and steal API credentials through malicious project configurations. Stolen keys can provide access to shared Workspaces for file access and tampering. Anthropic patched the issues, including CVE-2025-59536.
##🟠 CVE-2026-28435 - High (7.5)
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, cpp-httplib (httplib.h) does not enforce Server::set_payload_max_length() on the decompressed request body when using HandlerWithContentReader (stre...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28435/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-69969 - Critical (9.6)
A lack of authentication and authorization mechanisms in the Bluetooth Low Energy (BLE) communication protocol of SRK Powertech Pvt Ltd Pebble Prism Ultra v2.9.2 allows attackers to reverse engineer the protocol and execute arbitrary commands on t...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69969/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-50192 - Critical (9.8)
Chamilo is a learning management system. Prior to version 1.11.30, there is a time-based SQL Injection in found in /main/webservices/registration.soap.php. This issue has been patched in version 1.11.30.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-50192/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-50190 - Critical (9.8)
Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via the GET openid.assoc_handle parameter with the /index.php script. This issue has been patched in version 1.11.30.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-50190/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-50189 - High (8.8)
Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of data coming from the user from the POST resource[document][SQL_INJECTION_HERE] and POST login parameters found in /main/courseco...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-50189/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-26266 - Critical (9.3)
AliasVault is a privacy-first password manager with built-in email aliasing. A stored cross-site scripting (XSS) vulnerability was identified in the email rendering feature of AliasVault Web Client versions 0.25.3 and lower. When viewing received ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26266/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-52998 - Critical (9.8)
Chamilo is a learning management system. Prior to version 1.11.30, in the application, deserialization of data is performed, the data can be spoofed. An attacker can create objects of arbitrary classes, as well as fully control their properties, a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-52998/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Critical RCE and SSRF Vulnerabilities Discovered in Popular mcp-atlassian Server
mcp-atlassian versions before 0.17.0 contain vulnerabilities (CVE-2026-27825 and CVE-2026-27826) that allow unauthenticated attackers to execute remote code and perform SSRF attacks by exploiting missing path validation and insecure header handling.
**If you use mcp-atlassian, update to version 0.17.0 ASAP. Since these servers run with high privileges and no authentication by default, network isolation is your first defense against unauthorized access and lateral movement withing environments.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-rce-and-ssrf-vulnerabilities-discovered-in-popular-mcp-atlassian-server-m-l-c-6-g/gD2P6Ple2L
Critical RCE and SSRF Vulnerabilities Discovered in Popular mcp-atlassian Server
mcp-atlassian versions before 0.17.0 contain vulnerabilities (CVE-2026-27825 and CVE-2026-27826) that allow unauthenticated attackers to execute remote code and perform SSRF attacks by exploiting missing path validation and insecure header handling.
**If you use mcp-atlassian, update to version 0.17.0 ASAP. Since these servers run with high privileges and no authentication by default, network isolation is your first defense against unauthorized access and lateral movement withing environments.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-rce-and-ssrf-vulnerabilities-discovered-in-popular-mcp-atlassian-server-m-l-c-6-g/gD2P6Ple2L