## Updated at UTC 2026-04-12T04:20:27.446078

Access data as JSON

CVE CVSS EPSS Posts Repos Nuclei Updated Description
CVE-2026-1116 8.2 0.00% 4 0 2026-04-12T03:16:07.600000 A Cross-site Scripting (XSS) vulnerability was identified in the `from_dict` met
CVE-2026-6106 3.5 0.00% 2 0 2026-04-11T23:16:05.823000 A vulnerability was detected in 1Panel-dev MaxKB up to 2.2.1. This vulnerability
CVE-2026-31845 9.3 0.00% 4 0 2026-04-11T19:16:28.537000 A reflected cross-site scripting (XSS) vulnerability exists in Rukovoditel CRM v
CVE-2026-5809 7.1 0.03% 4 0 2026-04-11T08:16:05.503000 The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion i
CVE-2026-34621 9.6 0.24% 6 0 2026-04-11T07:16:03.633000 Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by a
CVE-2026-4149 10.0 1.27% 6 0 2026-04-11T03:30:41 Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution Vulnerabil
CVE-2026-4152 7.8 0.06% 2 0 2026-04-11T03:30:41 GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerabi
CVE-2026-5054 7.8 0.01% 2 0 2026-04-11T03:30:41 NoMachine External Control of File Path Local Privilege Escalation Vulnerability
CVE-2026-4157 7.5 0.19% 2 0 2026-04-11T03:30:41 ChargePoint Home Flex revssh Service Command Injection Remote Code Execution Vul
CVE-2026-4155 7.5 0.24% 2 0 2026-04-11T03:30:41 ChargePoint Home Flex Inclusion of Sensitive Information in Source Code Informat
CVE-2026-5496 7.8 0.05% 4 0 2026-04-11T03:30:41 Labcenter Electronics Proteus PDSPRJ File Parsing Type Confusion Remote Code Exe
CVE-2026-5494 7.8 0.05% 4 0 2026-04-11T03:30:41 Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Cod
CVE-2026-4154 7.8 0.06% 2 0 2026-04-11T03:30:41 GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability. This
CVE-2026-5495 7.8 0.05% 2 0 2026-04-11T03:30:41 Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Cod
CVE-2026-5058 9.8 1.01% 2 0 2026-04-11T03:30:41 aws-mcp-server Command Injection Remote Code Execution Vulnerability. This vulne
CVE-2026-5055 7.8 0.01% 2 0 2026-04-11T03:30:41 NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerabil
CVE-2026-4153 7.8 0.06% 2 0 2026-04-11T03:30:30 GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerabi
CVE-2026-5217 7.2 0.08% 2 0 2026-04-11T02:16:02.953000 The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image O
CVE-2026-5144 8.8 0.05% 4 0 2026-04-11T02:16:02.633000 The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalat
CVE-2026-5493 7.8 0.05% 2 0 2026-04-11T01:16:18.427000 Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Cod
CVE-2026-5059 9.8 1.01% 4 0 2026-04-11T01:16:18.293000 aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability. Th
CVE-2026-4156 7.5 0.07% 2 0 2026-04-11T01:16:17.360000 ChargePoint Home Flex OCPP getpreq Stack-based Buffer Overflow Remote Code Execu
CVE-2026-4151 7.8 0.06% 2 0 2026-04-11T01:16:16.697000 GIMP ANI File Parsing Integer Overflow Remote Code Execution Vulnerability. This
CVE-2026-4150 7.8 0.06% 2 0 2026-04-11T01:16:16.560000 GIMP PSD File Parsing Integer Overflow Remote Code Execution Vulnerability. This
CVE-2026-1115 9.6 0.04% 1 0 2026-04-10T22:11:12 A Stored Cross-Site Scripting (XSS) vulnerability was identified in the social f
CVE-2026-40188 7.7 0.03% 2 0 2026-04-10T21:37:28 ### Summary The SFTP command rename sanitizes only the source path and not the d
CVE-2026-40175 10.0 0.24% 2 0 2026-04-10T21:37:08 # Vulnerability Disclosure: Unrestricted Cloud Metadata Exfiltration via Header
CVE-2026-5483 8.6 0.06% 2 0 2026-04-10T21:31:15 A flaw was found in odh-dashboard in Red Hat Openshift AI. This vulnerability in
CVE-2026-6057 9.8 0.13% 1 0 2026-04-10T21:16:28.800000 FalkorDB Browser 1.9.3 contains an unauthenticated path traversal vulnerability
CVE-2026-35639 None 0.20% 1 0 2026-04-10T20:20:14 ## Summary device.pair.approve allowed an operator.pairing approver to approve a
CVE-2026-40189 0 0.10% 4 0 2026-04-10T20:16:23.890000 goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.4, goshs enforces
CVE-2026-40168 8.2 0.04% 2 0 2026-04-10T20:16:22.643000 Postiz is an AI social media scheduling tool. Prior to 2.21.5, the /api/public/s
CVE-2026-40093 9.1 0.06% 1 0 2026-04-10T19:55:04 ### Impact Block timestamp validation enforces that `timestamp >= parent.timest
CVE-2026-35641 8.6 0.01% 2 0 2026-04-10T19:45:22 > Fixed in OpenClaw 2026.3.24, the current shipping release. ### Summary During
CVE-2026-35650 7.5 0.06% 2 0 2026-04-10T19:41:05 ## Summary Gateway host exec env override handling did not consistently apply th
CVE-2026-35643 8.8 0.04% 4 0 2026-04-10T19:38:05 ## Summary Android Canvas WebView pages from untrusted origins could invoke the
CVE-2026-40157 None 0.07% 2 0 2026-04-10T19:28:01 | Field | Value | |---|---| | Severity | Critical | | Type | Path traversal -- a
CVE-2026-40156 7.8 0.02% 2 0 2026-04-10T19:26:45 PraisonAI automatically loads a file named `tools.py` from the current working d
CVE-2026-40158 8.6 0.03% 4 0 2026-04-10T19:25:40 PraisonAI's AST-based Python sandbox can be bypassed using `type.__getattribute_
CVE-2026-40149 7.9 0.01% 1 0 2026-04-10T19:24:13 ## Summary The gateway's `/api/approval/allow-list` endpoint permits unauthenti
CVE-2026-40150 7.7 0.03% 1 0 2026-04-10T19:23:58 ## Summary The `web_crawl()` function in `praisonaiagents/tools/web_crawl_tools
CVE-2026-40113 8.4 0.02% 1 0 2026-04-10T19:22:37 **Summary** deploy.py constructs a single comma-delimited string for the gcloud
CVE-2026-34179 9.1 0.09% 1 0 2026-04-10T19:20:52 ### Summary A restricted TLS certificate user can escalate to cluster admin by
CVE-2026-33707 9.4 0.07% 6 0 2026-04-10T19:16:23.950000 Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, th
CVE-2026-33698 0 0.05% 4 0 2026-04-10T19:16:23.033000 Chamilo LMS is a learning management system. Prior to 1.11.38, a chained attack
CVE-2026-33618 8.8 0.05% 2 0 2026-04-10T19:16:22.853000 Chamilo LMS is a learning management system. Prior to .0.0-RC.3, the PlatformCon
CVE-2026-6067 7.5 0.06% 2 0 2026-04-10T18:32:22 A heap buffer overflow vulnerability exists in the Netwide Assembler (NASM) due
CVE-2026-40200 8.2 0.01% 3 0 2026-04-10T18:31:28 An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory co
CVE-2026-40163 8.2 0.08% 2 0 2026-04-10T18:16:46.233000 Saltcorn is an extensible, open source, no-code database application builder. Pr
CVE-2026-32892 9.1 0.19% 4 0 2026-04-10T18:16:41.797000 Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Ch
CVE-2026-31939 8.3 0.04% 2 0 2026-04-10T18:16:41.313000 Chamilo LMS is a learning management system. Prior to 1.11.38, there is a path t
CVE-2026-35669 None 0.04% 2 0 2026-04-10T17:29:55 ## Summary Gateway Plugin HTTP auth: "gateway" Mints operator.admin Runtime Sco
CVE-2026-35668 7.7 0.05% 4 0 2026-04-10T17:29:40 > Fixed in OpenClaw 2026.3.24, the current shipping release. ### Advisory Detai
CVE-2026-35663 None 0.04% 2 0 2026-04-10T17:28:09 ## Summary Gateway Backend Reconnect lets Non-Admin Operator Scopes Self-Claim
CVE-2026-35653 8.1 0.04% 2 0 2026-04-10T17:24:51 > Fixed in OpenClaw 2026.3.24, the current shipping release. # Title `browser.
CVE-2026-40036 7.5 0.10% 1 0 2026-04-10T17:18:38 ### Summary The compressed data parser uses `zlib.decompress()` without a maximu
CVE-2026-35666 8.8 0.04% 2 0 2026-04-10T17:17:08.680000 OpenClaw before 2026.3.22 contains an allowlist bypass vulnerability in system.r
CVE-2026-35660 8.1 0.04% 2 0 2026-04-10T17:17:07.493000 OpenClaw before 2026.3.23 contains an insufficient access control vulnerability
CVE-2026-35595 8.3 0.03% 2 0 2026-04-10T17:17:02.910000 Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0,
CVE-2026-23869 7.5 0.32% 1 2 2026-04-10T15:35:39 ## Impact A denial of service vulnerability exists in React Server Components,
CVE-2025-5804 7.5 0.07% 2 0 2026-04-10T15:32:07 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
CVE-2025-58913 8.1 0.11% 2 0 2026-04-10T15:32:07 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
CVE-2026-40217 8.8 0.19% 2 0 2026-04-10T15:32:07 LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via
CVE-2026-40088 9.7 0.05% 1 0 2026-04-10T14:41:51 The `execute_command` function and workflow shell execution are exposed to user-
CVE-2026-33092 7.8 0.01% 2 0 2026-04-10T14:16:34.880000 Local privilege escalation due to improper handling of environment variables. Th
CVE-2026-5412 9.9 0.04% 2 0 2026-04-10T13:16:45.780000 In Juju versions prior to 2.9.57 and 3.6.21, an authorization issue exists in th
CVE-2026-6029 9.8 0.89% 1 0 2026-04-10T07:16:22 A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The affec
CVE-2026-6025 9.8 0.89% 1 0 2026-04-10T06:31:49 A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This af
CVE-2026-6016 8.8 0.05% 1 0 2026-04-10T06:31:44 A vulnerability was found in Tenda AC9 15.03.02.13. The affected element is the
CVE-2026-6015 8.8 0.05% 1 0 2026-04-10T06:31:44 A vulnerability has been found in Tenda AC9 15.03.02.13. Impacted is the functio
CVE-2026-6013 8.8 0.04% 1 0 2026-04-10T06:31:44 A vulnerability was detected in D-Link DIR-513 1.10. This vulnerability affects
CVE-2026-6012 8.8 0.04% 1 0 2026-04-10T06:31:44 A security vulnerability has been detected in D-Link DIR-513 1.10. This affects
CVE-2026-6014 8.8 0.04% 1 0 2026-04-10T05:16:07.510000 A flaw has been found in D-Link DIR-513 1.10. This issue affects the function fo
CVE-2026-5996 9.8 0.89% 2 0 2026-04-10T03:31:16 A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191
CVE-2026-5993 9.8 0.89% 1 0 2026-04-10T03:31:16 A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This vu
CVE-2026-25203 7.8 0.01% 1 0 2026-04-10T03:31:16 Samsung MagicINFO 9 Server Incorrect Default Permissions Local Privilege Escalat
CVE-2026-4351 8.1 0.06% 1 0 2026-04-10T03:31:16 The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite v
CVE-2026-3360 7.5 0.10% 1 0 2026-04-10T03:31:16 The Tutor LMS – eLearning and online course solution plugin for WordPress is vul
CVE-2026-5997 9.8 0.89% 2 0 2026-04-10T02:16:04.247000 A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The impac
CVE-2026-33170 None 0.01% 2 0 2026-04-10T01:59:00 ### Impact `SafeBuffer#%` does not propagate the `@html_unsafe` flag to the newl
CVE-2026-5995 9.8 0.89% 2 0 2026-04-10T01:16:42.490000 A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Impacte
CVE-2026-5994 9.8 0.89% 2 0 2026-04-10T01:16:42.280000 A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. Th
CVE-2026-35638 8.8 0.04% 1 0 2026-04-10T00:30:38 OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the C
CVE-2026-5984 8.8 0.02% 1 0 2026-04-10T00:30:38 A vulnerability was identified in D-Link DIR-605L 2.13B01. Impacted is the funct
CVE-2026-5983 8.8 0.04% 1 0 2026-04-10T00:30:38 A vulnerability was determined in D-Link DIR-605L 2.13B01. This issue affects th
CVE-2026-5988 8.8 0.05% 1 0 2026-04-10T00:30:38 A vulnerability was detected in Tenda F451 1.0.0.7. This impacts the function fo
CVE-2026-5992 8.8 0.05% 1 0 2026-04-10T00:30:38 A vulnerability was determined in Tenda F451 1.0.0.7. This affects the function
CVE-2026-5991 8.8 0.05% 1 0 2026-04-10T00:30:38 A vulnerability was found in Tenda F451 1.0.0.7. Affected by this issue is the f
CVE-2026-5989 8.8 0.05% 1 0 2026-04-10T00:30:38 A flaw has been found in Tenda F451 1.0.0.7. Affected is the function fromRouteS
CVE-2025-13914 8.7 0.03% 1 0 2026-04-10T00:30:37 A Key Exchange without Entity Authentication vulnerability in the SSH implementa
CVE-2026-33785 8.8 0.01% 1 0 2026-04-10T00:30:37 A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on
CVE-2026-33784 9.8 0.04% 1 0 2026-04-10T00:30:37 A Use of Default Password vulnerability in the Juniper Networks Support Insigh
CVE-2026-33790 7.5 0.04% 1 0 2026-04-10T00:30:37 An Improper Check for Unusual or Exceptional Conditions vulnerability in the flo
CVE-2026-34512 8.1 0.03% 1 0 2026-04-10T00:30:37 OpenClaw before 2026.3.25 contains an improper access control vulnerability in t
CVE-2026-33793 7.8 0.01% 1 0 2026-04-10T00:30:37 An Execution with Unnecessary Privileges vulnerability in the User Interface (UI
CVE-2026-33788 7.8 0.02% 1 0 2026-04-10T00:30:30 A Missing Authentication for Critical Function vulnerability in the Flexible PIC
CVE-2026-5990 8.8 0.05% 1 0 2026-04-10T00:16:36.363000 A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this vulnerabi
CVE-2026-34424 9.8 0.15% 2 0 2026-04-09T23:17:00.540000 Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-st
CVE-2026-5982 8.8 0.04% 1 0 2026-04-09T22:16:37.467000 A vulnerability was found in D-Link DIR-605L 2.13B01. This vulnerability affects
CVE-2026-5981 8.8 0.04% 1 0 2026-04-09T22:16:37.233000 A vulnerability has been found in D-Link DIR-605L 2.13B01. This affects the func
CVE-2026-40154 9.3 0.03% 2 0 2026-04-09T22:16:36.503000 PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI treats remo
CVE-2026-40116 7.5 0.03% 1 0 2026-04-09T22:16:35.297000 PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /media-stream Web
CVE-2026-35645 8.1 0.03% 1 0 2026-04-09T22:16:34.050000 OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in the g
CVE-2026-35625 7.8 0.03% 1 0 2026-04-09T22:16:30.867000 OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where si
CVE-2026-33778 7.5 0.06% 1 0 2026-04-09T22:16:26.500000 An Improper Validation of Syntactic Correctness of Input vulnerability in the I
CVE-2026-5979 8.8 0.04% 1 0 2026-04-09T21:31:37 A vulnerability was detected in D-Link DIR-605L 2.13B01. Affected by this vulner
CVE-2026-5980 8.8 0.04% 1 0 2026-04-09T21:31:37 A flaw has been found in D-Link DIR-605L 2.13B01. Affected by this issue is the
CVE-2026-5976 9.8 0.89% 1 0 2026-04-09T21:31:36 A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. Th
CVE-2026-5978 9.8 0.89% 1 0 2026-04-09T21:16:13.727000 A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191
CVE-2026-5977 9.8 0.89% 1 0 2026-04-09T21:16:13.487000 A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. This im
CVE-2026-5975 9.8 0.89% 1 0 2026-04-09T20:16:29.547000 A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. The imp
CVE-2026-39987 None 2.70% 2 0 template 2026-04-09T19:06:18 ## Summary Marimo (19.6k stars) has a Pre-Auth RCE vulnerability. The terminal
CVE-2026-39885 7.5 0.03% 1 0 2026-04-09T14:29:54 ## Summary The `mcp-from-openapi` library uses `@apidevtools/json-schema-ref-pa
CVE-2026-39891 8.8 0.05% 2 0 2026-04-09T14:29:51 ## Summary Direct insertion of unescaped user input into template-rendering tool
CVE-2026-39890 9.8 0.29% 1 0 2026-04-09T14:29:47 ## Summary The `AgentService.loadAgentFromFile` method uses the `js-yaml` librar
CVE-2026-39889 7.5 0.04% 2 0 2026-04-09T14:29:17 The A2U (Agent-to-User) event stream server in PraisonAI exposes all agent activ
CVE-2026-39888 10.0 0.08% 1 0 2026-04-09T14:29:06 ## Summary `execute_code()` in `praisonaiagents.tools.python_tools` defaults to
CVE-2026-39429 8.2 0.07% 1 0 2026-04-09T14:28:53 ### Summary The cache server is directly exposed by the root shard and has no a
CVE-2026-40035 9.1 0.10% 1 0 2026-04-09T14:16:32.387000 Unfurl through 2025.08 contains an improper input validation vulnerability in co
CVE-2024-1490 7.2 0.08% 1 0 2026-04-09T11:16:19.657000 An authenticated remote attacker with high privileges can exploit the OpenVPN co
CVE-2026-5853 9.8 0.89% 1 0 2026-04-09T09:31:57 A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191
CVE-2026-5854 9.8 0.23% 1 0 2026-04-09T09:31:56 A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected
CVE-2026-5852 9.8 0.89% 1 0 2026-04-09T07:16:04.130000 A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Affecte
CVE-2026-5850 9.8 0.89% 2 0 2026-04-09T06:30:36 A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This af
CVE-2026-5844 7.2 0.19% 1 0 2026-04-09T06:30:36 A vulnerability was found in D-Link DIR-882 1.01B02. Impacted is the function sp
CVE-2026-5851 9.8 0.89% 2 0 2026-04-09T06:30:35 A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. Th
CVE-2026-1830 9.8 0.18% 2 0 2026-04-09T06:30:35 The Quick Playground plugin for WordPress is vulnerable to Remote Code Execution
CVE-2026-40032 7.8 0.02% 1 0 2026-04-09T00:32:07 UAC (Unix-like Artifacts Collector) before 3.3.0-rc1 contains a command injectio
CVE-2026-40029 7.8 0.02% 1 0 2026-04-09T00:32:07 parseusbs before 1.9 contains an OS command injection vulnerability in parseUSBs
CVE-2026-1092 7.5 0.02% 1 0 2026-04-09T00:32:01 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10
CVE-2026-5173 8.5 0.02% 1 1 2026-04-08T23:17:00.220000 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9.
CVE-2025-12664 7.5 0.02% 1 0 2026-04-08T23:16:56.200000 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.0
CVE-2026-40031 7.8 0.01% 2 0 2026-04-08T22:16:23.650000 MemProcFS before 5.17 contains multiple unsafe library-loading patterns that ena
CVE-2026-40030 7.8 0.02% 1 0 2026-04-08T22:16:23.483000 parseusbs before 1.9 contains an OS command injection vulnerability where the vo
CVE-2026-1340 9.8 67.82% 2 2 2026-04-08T21:34:17 A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve
CVE-2026-5436 8.1 0.18% 1 0 2026-04-08T21:33:45 The MW WP Form plugin for WordPress is vulnerable to Arbitrary File Move/Read in
CVE-2026-2942 9.8 0.13% 1 0 2026-04-08T21:33:41 The ProSolution WP Client plugin for WordPress is vulnerable to arbitrary file u
CVE-2026-25776 9.8 0.05% 1 0 2026-04-08T21:26:35.910000 Movable Type provided by Six Apart Ltd. contains a code injection vulnerability
CVE-2026-3396 7.5 0.08% 1 0 2026-04-08T21:26:13.410000 WCAPF – WooCommerce Ajax Product Filter plugin is vulnerable to time-based SQL I
CVE-2026-3243 8.8 0.20% 1 0 2026-04-08T21:26:13.410000 The Advanced Members for ACF plugin for WordPress is vulnerable to arbitrary fil
CVE-2026-5301 7.6 0.02% 1 0 2026-04-08T21:26:13.410000 Stored XSS in log viewer in CoolerControl/coolercontrol-ui <4.0.0 allows unauthe
CVE-2026-39393 8.1 0.01% 1 0 2026-04-08T21:26:13.410000 CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, mo
CVE-2026-4498 7.7 0.05% 1 0 2026-04-08T21:26:13.410000 Execution with Unnecessary Privileges (CWE-250) in Kibana’s Fleet plugin debug r
CVE-2026-33756 7.5 0.08% 1 0 2026-04-08T21:26:13.410000 Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.5
CVE-2026-33466 8.1 0.28% 1 0 2026-04-08T21:26:13.410000 Improper Limitation of a Pathname to a Restricted Directory (CWE-22) in Logstash
CVE-2026-34392 7.5 0.03% 1 0 2026-04-08T21:26:13.410000 LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web app
CVE-2026-35401 7.5 0.04% 1 0 2026-04-08T21:26:13.410000 Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.5
CVE-2026-35446 7.7 0.03% 1 0 2026-04-08T21:26:13.410000 LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web app
CVE-2026-39863 7.5 0.11% 1 0 2026-04-08T21:26:13.410000 Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.
CVE-2026-39860 9.0 0.02% 1 0 2026-04-08T21:26:13.410000 Nix is a package manager for Linux and other Unix systems. A bug in the fix for
CVE-2026-39394 8.1 0.02% 1 0 2026-04-08T19:16:14 ## Summary The `Install::index()` controller reads the `host` POST parameter wi
CVE-2026-4338 7.5 0.04% 1 0 2026-04-08T18:35:58 The ActivityPub WordPress plugin before 8.0.2 does not properly filter posts to
CVE-2026-33461 7.7 0.06% 1 0 2026-04-08T18:34:08 Incorrect Authorization (CWE-863) in Kibana can lead to information disclosure v
CVE-2026-27806 7.8 0.01% 1 0 2026-04-08T18:03:54 ## Summary The Orbit agent's FileVault disk encryption key rotation flow on col
CVE-2026-28261 7.8 0.01% 1 0 2026-04-08T15:31:50 Dell Elastic Cloud Storage, version 3.8.1.7 and prior, and Dell ObjectScale, ver
CVE-2026-5208 8.3 0.05% 1 0 2026-04-08T12:31:36 Command injection in alerts in CoolerControl/coolercontrold <4.0.0 allows authen
CVE-2026-3535 9.8 0.28% 1 0 2026-04-08T09:31:42 The DSGVO Google Web Fonts GDPR plugin for WordPress is vulnerable to arbitrary
CVE-2026-34197 8.8 5.60% 1 6 template 2026-04-07T15:30:49 Improper Input Validation, Improper Control of Generation of Code ('Code Injecti
CVE-2026-35616 9.8 25.25% 1 5 template 2026-04-06T18:33:04 A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through
CVE-2026-34040 8.8 0.01% 1 0 2026-04-03T16:51:28.670000 Moby is an open source container framework. Prior to version 29.3.1, a security
CVE-2026-34504 8.3 0.05% 2 0 2026-04-02T12:20:31.950000 OpenClaw before 2026.3.28 contains a server-side request forgery vulnerability i
CVE-2026-21643 9.8 13.70% 1 2 template 2026-03-30T13:16:22.063000 An improper neutralization of special elements used in an sql command ('sql inje
CVE-2026-27654 8.2 0.03% 2 1 2026-03-24T15:30:36 NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_dav_module
CVE-2026-32011 7.5 0.06% 1 0 2026-03-20T21:13:05 ## Impact OpenClaw webhook handlers for BlueBubbles and Google Chat accepted an
CVE-2026-3497 0 0.03% 1 0 2026-03-18T19:16:07.923000 Vulnerability in the OpenSSH GSSAPI delta included in various Linux distribution
CVE-2026-23060 5.5 0.01% 1 0 2026-03-13T21:32:48 In the Linux kernel, the following vulnerability has been resolved: crypto: aut
CVE-2026-20127 10.0 39.66% 2 6 2026-02-25T18:31:45 A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controlle
CVE-2026-27486 None 0.04% 1 0 2026-02-23T22:28:51 ## Summary OpenClaw CLI process cleanup used system-wide process enumeration an
CVE-2026-22200 7.5 74.45% 2 2 template 2026-01-27T21:31:40 Enhancesoft osTicket versions up to and including 1.18.2 contain an arbitrary fi
CVE-2025-55182 10.0 84.89% 3 100 template 2025-12-10T02:00:02.557000 A pre-authentication remote code execution vulnerability exists in React Server
CVE-2025-6218 7.8 4.76% 1 6 2025-12-09T21:31:29 RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vuln
CVE-2025-8088 8.8 7.05% 1 32 2025-10-22T00:34:26 A path traversal vulnerability affecting the Windows version of WinRAR allows th
CVE-2024-27297 6.3 0.05% 1 0 2025-06-27T13:15:23.240000 Nix is a package manager for Linux and other Unix systems. A fixed-output deriva
CVE-2020-8562 2.2 0.06% 1 0 2024-11-21T05:39:02.180000 As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to p
CVE-2026-31941 0 0.03% 2 0 N/A
CVE-2026-31940 0 0.04% 2 0 N/A
CVE-2026-32931 0 0.16% 2 0 N/A
CVE-2026-33710 0 0.03% 2 0 N/A
CVE-2026-32252 0 0.02% 2 0 N/A
CVE-2026-40089 0 0.04% 1 0 N/A
CVE-2026-0234 0 0.00% 1 0 N/A
CVE-2026-0233 0 0.00% 1 0 N/A
CVE-2026-30461 0 0.00% 1 0 N/A
CVE-2026-33350 0 0.03% 1 0 N/A
CVE-2026-35169 0 0.03% 1 0 N/A
CVE-2026-35478 0 0.07% 1 0 N/A

CVE-2026-1116
(8.2 HIGH)

EPSS: 0.00%

updated 2026-04-12T03:16:07.600000

4 posts

A Cross-site Scripting (XSS) vulnerability was identified in the `from_dict` method of the `AppLollmsMessage` class in parisneo/lollms prior to version 2.2.0. The vulnerability arises from the lack of sanitization or HTML encoding of the `content` field when deserializing user-provided data. This allows an attacker to inject malicious HTML or JavaScript payloads, which can be executed in the conte

thehackerwire@mastodon.social at 2026-04-12T03:27:34.000Z ##

🟠 CVE-2026-1116 - High (8.2)

A Cross-site Scripting (XSS) vulnerability was identified in the `from_dict` method of the `AppLollmsMessage` class in parisneo/lollms prior to version 2.2.0. The vulnerability arises from the lack of sanitization or HTML encoding of the `content`...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
offseq at 2026-04-12T03:00:32.875Z ##

🚨 HIGH severity XSS (CVE-2026-1116) in parisneo/lollms pre-2.2.0: Improper input sanitization in from_dict allows attackers to inject malicious scripts. Update ASAP! radar.offseq.com/threat/cve-20

##
thehackerwire@mastodon.social at 2026-04-12T03:27:34.000Z ##

🟠 CVE-2026-1116 - High (8.2)

A Cross-site Scripting (XSS) vulnerability was identified in the `from_dict` method of the `AppLollmsMessage` class in parisneo/lollms prior to version 2.2.0. The vulnerability arises from the lack of sanitization or HTML encoding of the `content`...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
offseq@infosec.exchange at 2026-04-12T03:00:32.000Z ##

🚨 HIGH severity XSS (CVE-2026-1116) in parisneo/lollms pre-2.2.0: Improper input sanitization in from_dict allows attackers to inject malicious scripts. Update ASAP! radar.offseq.com/threat/cve-20 #OffSeq #XSS #Vuln #InfoSec

##

CVE-2026-6106
(3.5 LOW)

EPSS: 0.00%

updated 2026-04-11T23:16:05.823000

2 posts

A vulnerability was detected in 1Panel-dev MaxKB up to 2.2.1. This vulnerability affects the function StaticHeadersMiddleware of the file apps/common/middleware/static_headers_middleware.py of the component Public Chat Interface. The manipulation of the argument Name results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used. Upgrading to versio

offseq at 2026-04-12T01:30:30.050Z ##

🔎 CVE-2026-6106: 1Panel-dev MaxKB v2.2.0/2.2.1 impacted by MEDIUM XSS via Public Chat Interface (Name arg). Patch to v2.8.0 to mitigate. No in-the-wild exploits yet. Full details: radar.offseq.com/threat/cve-20

##
offseq@infosec.exchange at 2026-04-12T01:30:30.000Z ##

🔎 CVE-2026-6106: 1Panel-dev MaxKB v2.2.0/2.2.1 impacted by MEDIUM XSS via Public Chat Interface (Name arg). Patch to v2.8.0 to mitigate. No in-the-wild exploits yet. Full details: radar.offseq.com/threat/cve-20 #OffSeq #XSS #Vuln

##

CVE-2026-31845
(9.3 CRITICAL)

EPSS: 0.00%

updated 2026-04-11T19:16:28.537000

4 posts

A reflected cross-site scripting (XSS) vulnerability exists in Rukovoditel CRM version 3.6.4 and earlier in the Zadarma telephony API endpoint (/api/tel/zadarma.php). The application directly reflects user-supplied input from the 'zd_echo' GET parameter into the HTTP response without proper sanitization, output encoding, or content-type restrictions. The vulnerable code is: if (isset($_GET['zd_e

thehackerwire@mastodon.social at 2026-04-12T03:27:43.000Z ##

🔴 CVE-2026-31845 - Critical (9.3)

A reflected cross-site scripting (XSS) vulnerability exists in Rukovoditel CRM version 3.6.4 and earlier in the Zadarma telephony API endpoint (/api/tel/zadarma.php). The application directly reflects user-supplied input from the 'zd_echo' GET par...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
offseq at 2026-04-11T19:00:12.415Z ##

🚨 CRITICAL XSS in Rukovoditel CRM 3.6.4 (CVE-2026-31845): Pre-auth reflected XSS in the Zadarma API (/api/tel/zadarma.php) lets attackers inject JS via 'zd_echo'. Patch or restrict access! radar.offseq.com/threat/cve-20

##
thehackerwire@mastodon.social at 2026-04-12T03:27:43.000Z ##

🔴 CVE-2026-31845 - Critical (9.3)

A reflected cross-site scripting (XSS) vulnerability exists in Rukovoditel CRM version 3.6.4 and earlier in the Zadarma telephony API endpoint (/api/tel/zadarma.php). The application directly reflects user-supplied input from the 'zd_echo' GET par...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
offseq@infosec.exchange at 2026-04-11T19:00:12.000Z ##

🚨 CRITICAL XSS in Rukovoditel CRM 3.6.4 (CVE-2026-31845): Pre-auth reflected XSS in the Zadarma API (/api/tel/zadarma.php) lets attackers inject JS via 'zd_echo'. Patch or restrict access! radar.offseq.com/threat/cve-20 #OffSeq #XSS #Rukovoditel #Infosec

##

CVE-2026-5809
(7.1 HIGH)

EPSS: 0.03%

updated 2026-04-11T08:16:05.503000

4 posts

The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.2. This is due to a two-step logic flaw: the topic_add() and topic_edit() action handlers accept arbitrary user-supplied data[*] arrays from $_REQUEST and store them as postmeta without restricting which fields may contain array values. Because 'body' is included in the allowed topic

offseq at 2026-04-11T20:30:12.520Z ##

📢 CVE-2026-5809 (HIGH): wpForo Forum ≤3.0.2 lets authenticated users delete arbitrary files like wp-config.php, risking site availability. Restrict permissions & monitor edits until a fix. Details: radar.offseq.com/threat/cve-20

##
offseq at 2026-04-11T09:00:29.177Z ##

🛡️ CVE-2026-5809: HIGH severity vuln in wpForo Forum plugin ≤3.0.2 lets subscriber+ users delete arbitrary files (e.g., wp-config.php). No patch yet — restrict permissions & monitor topic edits for abuse. radar.offseq.com/threat/cve-20

##
offseq@infosec.exchange at 2026-04-11T20:30:12.000Z ##

📢 CVE-2026-5809 (HIGH): wpForo Forum ≤3.0.2 lets authenticated users delete arbitrary files like wp-config.php, risking site availability. Restrict permissions & monitor edits until a fix. Details: radar.offseq.com/threat/cve-20 #OffSeq #WordPress #Vuln #WebSec

##
offseq@infosec.exchange at 2026-04-11T09:00:29.000Z ##

🛡️ CVE-2026-5809: HIGH severity vuln in wpForo Forum plugin ≤3.0.2 lets subscriber+ users delete arbitrary files (e.g., wp-config.php). No patch yet — restrict permissions & monitor topic edits for abuse. radar.offseq.com/threat/cve-20 #OffSeq #WordPress #Vuln #InfoSec

##

CVE-2026-34621
(9.6 CRITICAL)

EPSS: 0.24%

updated 2026-04-11T07:16:03.633000

6 posts

Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

thehackerwire@mastodon.social at 2026-04-12T03:27:53.000Z ##

🔴 CVE-2026-34621 - Critical (9.6)

Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
offseq at 2026-04-11T11:30:30.340Z ##

🚨 CRITICAL: CVE-2026-34621 in Adobe Acrobat Reader (≤26.001.21367) enables arbitrary code execution via prototype pollution if a user opens a malicious file. No patch yet — exercise caution! radar.offseq.com/threat/cve-20

##
offseq at 2026-04-11T10:30:28.434Z ##

🚨 CRITICAL: CVE-2026-34621 in Adobe Acrobat Reader (≤26.001.21367) enables prototype pollution & arbitrary code execution via malicious files. No patch yet — avoid opening untrusted PDFs. Monitor advisories. radar.offseq.com/threat/cve-20

##
thehackerwire@mastodon.social at 2026-04-12T03:27:53.000Z ##

🔴 CVE-2026-34621 - Critical (9.6)

Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
offseq@infosec.exchange at 2026-04-11T11:30:30.000Z ##

🚨 CRITICAL: CVE-2026-34621 in Adobe Acrobat Reader (≤26.001.21367) enables arbitrary code execution via prototype pollution if a user opens a malicious file. No patch yet — exercise caution! radar.offseq.com/threat/cve-20 #OffSeq #Adobe #Security

##
offseq@infosec.exchange at 2026-04-11T10:30:28.000Z ##

🚨 CRITICAL: CVE-2026-34621 in Adobe Acrobat Reader (≤26.001.21367) enables prototype pollution & arbitrary code execution via malicious files. No patch yet — avoid opening untrusted PDFs. Monitor advisories. radar.offseq.com/threat/cve-20 #OffSeq #Adobe #Vuln #Infosec

##

CVE-2026-4149
(10.0 CRITICAL)

EPSS: 1.27%

updated 2026-04-11T03:30:41

6 posts

Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sonos Era 300. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the DataOffset field within SMB responses. The issue results from the lack of proper valida

offseq at 2026-04-11T13:00:26.648Z ##

⚠️ CVE-2026-4149: Sonos Era 300 (v17.5) has a CRITICAL remote code execution vulnerability via SMB, allowing kernel-level compromise without auth. No patch yet — restrict SMB access! radar.offseq.com/threat/cve-20

##
thehackerwire@mastodon.social at 2026-04-11T03:55:26.000Z ##

🔴 CVE-2026-4149 - Critical (10)

Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sonos Era 300. Authentication is not required to exploit this vu...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
offseq at 2026-04-11T01:30:29.280Z ##

🚨 CRITICAL: CVE-2026-4149 in Sonos Era 300 (v17.5) allows unauth RCE via SMB out-of-bounds flaw (CVSS 10.0). No patch yet — restrict SMB access, monitor advisories. radar.offseq.com/threat/cve-20

##
offseq@infosec.exchange at 2026-04-11T13:00:26.000Z ##

⚠️ CVE-2026-4149: Sonos Era 300 (v17.5) has a CRITICAL remote code execution vulnerability via SMB, allowing kernel-level compromise without auth. No patch yet — restrict SMB access! radar.offseq.com/threat/cve-20 #OffSeq #Sonos #Infosec #RCE

##
thehackerwire@mastodon.social at 2026-04-11T03:55:26.000Z ##

🔴 CVE-2026-4149 - Critical (10)

Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sonos Era 300. Authentication is not required to exploit this vu...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
offseq@infosec.exchange at 2026-04-11T01:30:29.000Z ##

🚨 CRITICAL: CVE-2026-4149 in Sonos Era 300 (v17.5) allows unauth RCE via SMB out-of-bounds flaw (CVSS 10.0). No patch yet — restrict SMB access, monitor advisories. radar.offseq.com/threat/cve-20 #OffSeq #Sonos #Vuln #RCE

##

CVE-2026-4152
(7.8 HIGH)

EPSS: 0.06%

updated 2026-04-11T03:30:41

2 posts

GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results f

thehackerwire@mastodon.social at 2026-04-11T04:00:10.000Z ##

🟠 CVE-2026-4152 - High (7.8)

GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerabilit...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T04:00:10.000Z ##

🟠 CVE-2026-4152 - High (7.8)

GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerabilit...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5054
(7.8 HIGH)

EPSS: 0.01%

updated 2026-04-11T03:30:41

2 posts

NoMachine External Control of File Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of command line parameters. The i

thehackerwire@mastodon.social at 2026-04-11T03:55:17.000Z ##

🟠 CVE-2026-5054 - High (7.8)

NoMachine External Control of File Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-pri...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T03:55:17.000Z ##

🟠 CVE-2026-5054 - High (7.8)

NoMachine External Control of File Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-pri...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4157
(7.5 HIGH)

EPSS: 0.19%

updated 2026-04-11T03:30:41

2 posts

ChargePoint Home Flex revssh Service Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of OCPP messages. The issue results from the lack of proper v

thehackerwire@mastodon.social at 2026-04-11T03:28:26.000Z ##

🟠 CVE-2026-4157 - High (7.5)

ChargePoint Home Flex revssh Service Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex devices. Authentication i...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T03:28:26.000Z ##

🟠 CVE-2026-4157 - High (7.5)

ChargePoint Home Flex revssh Service Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex devices. Authentication i...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4155
(7.5 HIGH)

EPSS: 0.24%

updated 2026-04-11T03:30:41

2 posts

ChargePoint Home Flex Inclusion of Sensitive Information in Source Code Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the genpw script. The issue results from the inc

thehackerwire@mastodon.social at 2026-04-11T03:28:07.000Z ##

🟠 CVE-2026-4155 - High (7.5)

ChargePoint Home Flex Inclusion of Sensitive Information in Source Code Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of ChargePoint Home Flex charging ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T03:28:07.000Z ##

🟠 CVE-2026-4155 - High (7.5)

ChargePoint Home Flex Inclusion of Sensitive Information in Source Code Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of ChargePoint Home Flex charging ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5496
(7.8 HIGH)

EPSS: 0.05%

updated 2026-04-11T03:30:41

4 posts

Labcenter Electronics Proteus PDSPRJ File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the

thehackerwire@mastodon.social at 2026-04-11T03:23:00.000Z ##

🟠 CVE-2026-5496 - High (7.8)

Labcenter Electronics Proteus PDSPRJ File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T03:22:15.000Z ##

🟠 CVE-2026-5496 - High (7.8)

Labcenter Electronics Proteus PDSPRJ File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T03:23:00.000Z ##

🟠 CVE-2026-5496 - High (7.8)

Labcenter Electronics Proteus PDSPRJ File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T03:22:15.000Z ##

🟠 CVE-2026-5496 - High (7.8)

Labcenter Electronics Proteus PDSPRJ File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5494
(7.8 HIGH)

EPSS: 0.05%

updated 2026-04-11T03:30:41

4 posts

Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within

thehackerwire@mastodon.social at 2026-04-11T03:22:50.000Z ##

🟠 CVE-2026-5494 - High (7.8)

Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User intera...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T03:22:05.000Z ##

🟠 CVE-2026-5494 - High (7.8)

Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User intera...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T03:22:50.000Z ##

🟠 CVE-2026-5494 - High (7.8)

Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User intera...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T03:22:05.000Z ##

🟠 CVE-2026-5494 - High (7.8)

Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User intera...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4154
(7.8 HIGH)

EPSS: 0.06%

updated 2026-04-11T03:30:41

2 posts

GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XPM files. The issue results from the la

thehackerwire@mastodon.social at 2026-04-11T03:22:20.000Z ##

🟠 CVE-2026-4154 - High (7.8)

GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T03:22:20.000Z ##

🟠 CVE-2026-4154 - High (7.8)

GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5495
(7.8 HIGH)

EPSS: 0.05%

updated 2026-04-11T03:30:41

2 posts

Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within

thehackerwire@mastodon.social at 2026-04-11T03:22:08.000Z ##

🟠 CVE-2026-5495 - High (7.8)

Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User intera...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T03:22:08.000Z ##

🟠 CVE-2026-5495 - High (7.8)

Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User intera...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5058
(9.8 CRITICAL)

EPSS: 1.01%

updated 2026-04-11T03:30:41

2 posts

aws-mcp-server Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the allowed commands list. The issue results from the lack of proper validation of a user-supplied string

thehackerwire@mastodon.social at 2026-04-11T03:02:16.000Z ##

🔴 CVE-2026-5058 - Critical (9.8)

aws-mcp-server Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit this vulnerability.

...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T03:02:16.000Z ##

🔴 CVE-2026-5058 - Critical (9.8)

aws-mcp-server Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit this vulnerability.

...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5055
(7.8 HIGH)

EPSS: 0.01%

updated 2026-04-11T03:30:41

2 posts

NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the NoMachine Device Server. The product l

thehackerwire@mastodon.social at 2026-04-11T03:02:06.000Z ##

🟠 CVE-2026-5055 - High (7.8)

NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T03:02:06.000Z ##

🟠 CVE-2026-5055 - High (7.8)

NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4153
(7.8 HIGH)

EPSS: 0.06%

updated 2026-04-11T03:30:30

2 posts

GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSP files. The issue results f

thehackerwire@mastodon.social at 2026-04-11T04:00:25.000Z ##

🟠 CVE-2026-4153 - High (7.8)

GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerabilit...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T04:00:25.000Z ##

🟠 CVE-2026-4153 - High (7.8)

GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerabilit...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5217
(7.2 HIGH)

EPSS: 0.08%

updated 2026-04-11T02:16:02.953000

2 posts

The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.2.2. This is due to insufficient input sanitization and output escaping on the user-supplied 's' parameter (srcset descriptor) in the unauthenticated /wp-json/optimole/v1/optimizations REST endpoint. Th

offseq at 2026-04-12T00:00:40.123Z ##

🚨 HIGH risk: Optimole WordPress plugin (≤4.2.2) vulnerable to unauthenticated stored XSS via /wp-json/optimole/v1/optimizations. HMAC bypassed. Disable plugin until patch. CVE-2026-5217 radar.offseq.com/threat/cve-20

##
offseq@infosec.exchange at 2026-04-12T00:00:40.000Z ##

🚨 HIGH risk: Optimole WordPress plugin (≤4.2.2) vulnerable to unauthenticated stored XSS via /wp-json/optimole/v1/optimizations. HMAC bypassed. Disable plugin until patch. CVE-2026-5217 radar.offseq.com/threat/cve-20 #OffSeq #WordPress #XSS #infosec

##

CVE-2026-5144
(8.8 HIGH)

EPSS: 0.05%

updated 2026-04-11T02:16:02.633000

4 posts

The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.3. This is due to the group blog settings handler accepting the `groupblog-blogid`, `default-member`, and `groupblog-silent-add` parameters from user input without proper authorization checks. The `groupblog-blogid` parameter allows any group admin (including Subscribers wh

offseq at 2026-04-11T22:00:11.571Z ##

🚩 HIGH severity: CVE-2026-5144 impacts BuddyPress Groupblog ≤1.9.3. Authenticated users (even Subscribers) can escalate to Admin on WordPress Multisite. No patch yet — disable or restrict plugin for now. radar.offseq.com/threat/cve-20

##
thehackerwire@mastodon.social at 2026-04-11T03:01:57.000Z ##

🟠 CVE-2026-5144 - High (8.8)

The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.3. This is due to the group blog settings handler accepting the `groupblog-blogid`, `default-member`, and `groupblog-sile...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
offseq@infosec.exchange at 2026-04-11T22:00:11.000Z ##

🚩 HIGH severity: CVE-2026-5144 impacts BuddyPress Groupblog ≤1.9.3. Authenticated users (even Subscribers) can escalate to Admin on WordPress Multisite. No patch yet — disable or restrict plugin for now. radar.offseq.com/threat/cve-20 #OffSeq #WordPress #CVE20265144 #infosec

##
thehackerwire@mastodon.social at 2026-04-11T03:01:57.000Z ##

🟠 CVE-2026-5144 - High (8.8)

The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.3. This is due to the group blog settings handler accepting the `groupblog-blogid`, `default-member`, and `groupblog-sile...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5493
(7.8 HIGH)

EPSS: 0.05%

updated 2026-04-11T01:16:18.427000

2 posts

Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within

thehackerwire@mastodon.social at 2026-04-11T03:21:59.000Z ##

🟠 CVE-2026-5493 - High (7.8)

Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User intera...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T03:21:59.000Z ##

🟠 CVE-2026-5493 - High (7.8)

Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User intera...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5059
(9.8 CRITICAL)

EPSS: 1.01%

updated 2026-04-11T01:16:18.293000

4 posts

aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the allowed commands list. The issue results from the lack of proper validation of a user-supplie

thehackerwire@mastodon.social at 2026-04-11T03:22:41.000Z ##

🔴 CVE-2026-5059 - Critical (9.8)

aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit this vulnerab...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T03:21:55.000Z ##

🔴 CVE-2026-5059 - Critical (9.8)

aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit this vulnerab...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T03:22:41.000Z ##

🔴 CVE-2026-5059 - Critical (9.8)

aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit this vulnerab...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T03:21:55.000Z ##

🔴 CVE-2026-5059 - Critical (9.8)

aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit this vulnerab...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4156
(7.5 HIGH)

EPSS: 0.07%

updated 2026-04-11T01:16:17.360000

2 posts

ChargePoint Home Flex OCPP getpreq Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex EV chargers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of OCPP messages. The issue results from the lack

thehackerwire@mastodon.social at 2026-04-11T03:28:16.000Z ##

🟠 CVE-2026-4156 - High (7.5)

ChargePoint Home Flex OCPP getpreq Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex EV chargers. Auth...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T03:28:16.000Z ##

🟠 CVE-2026-4156 - High (7.5)

ChargePoint Home Flex OCPP getpreq Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex EV chargers. Auth...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4151
(7.8 HIGH)

EPSS: 0.06%

updated 2026-04-11T01:16:16.697000

2 posts

GIMP ANI File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ANI files. The issue results from the la

thehackerwire@mastodon.social at 2026-04-11T03:59:58.000Z ##

🟠 CVE-2026-4151 - High (7.8)

GIMP ANI File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T03:59:58.000Z ##

🟠 CVE-2026-4151 - High (7.8)

GIMP ANI File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4150
(7.8 HIGH)

EPSS: 0.06%

updated 2026-04-11T01:16:16.560000

2 posts

GIMP PSD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSD files. The issue results from the la

thehackerwire@mastodon.social at 2026-04-11T03:55:36.000Z ##

🟠 CVE-2026-4150 - High (7.8)

GIMP PSD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T03:55:36.000Z ##

🟠 CVE-2026-4150 - High (7.8)

GIMP PSD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-1115
(9.6 CRITICAL)

EPSS: 0.04%

updated 2026-04-10T22:11:12

1 posts

A Stored Cross-Site Scripting (XSS) vulnerability was identified in the social feature of parisneo/lollms, affecting the latest version prior to 2.2.0. The vulnerability exists in the `create_post` function within `backend/routers/social/__init__.py`, where user-provided content is directly assigned to the `DBPost` model without sanitization. This allows attackers to inject and store malicious Jav

offseq@infosec.exchange at 2026-04-10T09:00:31.000Z ##

⚠️ CVE-2026-1115: CRITICAL stored XSS in parisneo/lollms <2.2.0. Unsanitized input in create_post lets attackers run JS in user browsers via Home Feed. Upgrade to 2.2.0+ now! radar.offseq.com/threat/cve-20 #OffSeq #XSS #Vuln #Security

##

CVE-2026-40188
(7.7 HIGH)

EPSS: 0.03%

updated 2026-04-10T21:37:28

2 posts

### Summary The SFTP command rename sanitizes only the source path and not the destination, so it is possible to write outside of the root directory of the SFTP. ### Details Here is the issue: ```go // helper.go:155-215 func cmdFile(root string, r *sftp.Request, ip string, sftpServer *SFTPServer) error { fullPath, err := sanitizePath(r.Filepath, root) // Source: SANITIZED if err != nil

thehackerwire@mastodon.social at 2026-04-11T04:01:16.000Z ##

🟠 CVE-2026-40188 - High (7.7)

goshs is a SimpleHTTPServer written in Go. From 1.0.7 to before 2.0.0-beta.4, the SFTP command rename sanitizes only the source path and not the destination, so it is possible to write outside of the root directory of the SFTP. This vulnerability ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T04:01:16.000Z ##

🟠 CVE-2026-40188 - High (7.7)

goshs is a SimpleHTTPServer written in Go. From 1.0.7 to before 2.0.0-beta.4, the SFTP command rename sanitizes only the source path and not the destination, so it is possible to write outside of the root directory of the SFTP. This vulnerability ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40175
(10.0 CRITICAL)

EPSS: 0.24%

updated 2026-04-10T21:37:08

2 posts

# Vulnerability Disclosure: Unrestricted Cloud Metadata Exfiltration via Header Injection Chain ## Summary The Axios library is vulnerable to a specific "Gadget" attack chain that allows **Prototype Pollution** in any third-party dependency to be escalated into **Remote Code Execution (RCE)** or **Full Cloud Compromise** (via AWS IMDSv2 bypass). While Axios patches exist for *preventing check* p

thehackerwire@mastodon.social at 2026-04-11T04:01:55.000Z ##

🔴 CVE-2026-40175 - Critical (10)

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0, the Axios library is vulnerable to a specific "Gadget" attack chain that allows Prototype Pollution in any third-party dependency to be escalated into Remote Code E...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T04:01:55.000Z ##

🔴 CVE-2026-40175 - Critical (10)

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0, the Axios library is vulnerable to a specific "Gadget" attack chain that allows Prototype Pollution in any third-party dependency to be escalated into Remote Code E...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5483
(8.6 HIGH)

EPSS: 0.06%

updated 2026-04-10T21:31:15

2 posts

A flaw was found in odh-dashboard in Red Hat Openshift AI. This vulnerability in the `odh-dashboard` component of Red Hat OpenShift AI (RHOAI) allows for the disclosure of Kubernetes Service Account tokens through a NodeJS endpoint. This could enable an attacker to gain unauthorized access to Kubernetes resources.

thehackerwire@mastodon.social at 2026-04-11T05:00:38.000Z ##

🟠 CVE-2026-5483 - High (8.5)

A flaw was found in odh-dashboard in Red Hat Openshift AI. This vulnerability in the `odh-dashboard` component of Red Hat OpenShift AI (RHOAI) allows for the disclosure of Kubernetes Service Account tokens through a NodeJS endpoint. This could ena...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T05:00:38.000Z ##

🟠 CVE-2026-5483 - High (8.5)

A flaw was found in odh-dashboard in Red Hat Openshift AI. This vulnerability in the `odh-dashboard` component of Red Hat OpenShift AI (RHOAI) allows for the disclosure of Kubernetes Service Account tokens through a NodeJS endpoint. This could ena...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6057
(9.8 CRITICAL)

EPSS: 0.13%

updated 2026-04-10T21:16:28.800000

1 posts

FalkorDB Browser 1.9.3 contains an unauthenticated path traversal vulnerability in the file upload API that allows remote attackers to write arbitrary files and achieve remote code execution.

offseq@infosec.exchange at 2026-04-10T10:30:30.000Z ##

CVE-2026-6057: CRITICAL path traversal in FalkorDB Browser 1.9.3 (file upload API). Unauthenticated attackers can write arbitrary files, risking RCE. No patch yet — restrict access and monitor logs. radar.offseq.com/threat/cve-20 #OffSeq #Vulnerability #FalkorDB #InfoSec

##

CVE-2026-35639(CVSS UNKNOWN)

EPSS: 0.20%

updated 2026-04-10T20:20:14

1 posts

## Summary device.pair.approve allowed an operator.pairing approver to approve a pending device request for broader operator scopes than the approver actually held. ## Affected Packages / Versions - Package: `openclaw` (npm) - Affected: < 2026.3.22 - Fixed: >= 2026.3.22 - Latest released tag checked: `v2026.3.23-2` (`630f1479c44f78484dfa21bb407cbe6f171dac87`) - Latest published npm version checke

thehackerwire@mastodon.social at 2026-04-10T05:53:55.000Z ##

🟠 CVE-2026-35639 - High (8.8)

OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve method that allows an operator.pairing approver to approve pending device requests with broader operator scopes than the approver actually holds. At...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40189
(0 None)

EPSS: 0.10%

updated 2026-04-10T20:16:23.890000

4 posts

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.4, goshs enforces the documented per-folder .goshs ACL/basic-auth mechanism for directory listings and file reads, but it does not enforce the same authorization checks for state-changing routes. An unauthenticated attacker can upload files with PUT, upload files with multipart POST /upload, create directories with ?mkdir, and delete f

offseq at 2026-04-11T14:30:12.404Z ##

CVE-2026-40189 (CRITICAL): patrickhener goshs <2.0.0-beta.4 has a missing auth bug — attackers can upload, delete, or remove auth files, exposing protected dirs. Upgrade to 2.0.0-beta.4 ASAP. radar.offseq.com/threat/cve-20

##
offseq at 2026-04-11T00:00:40.142Z ##

🚨 CVE-2026-40189: goshs <2.0.0-beta.4 has a CRITICAL auth bypass. Attackers can upload, delete, and remove folder auth to access protected files. Mitigate by upgrading now! radar.offseq.com/threat/cve-20

##
offseq@infosec.exchange at 2026-04-11T14:30:12.000Z ##

CVE-2026-40189 (CRITICAL): patrickhener goshs <2.0.0-beta.4 has a missing auth bug — attackers can upload, delete, or remove auth files, exposing protected dirs. Upgrade to 2.0.0-beta.4 ASAP. radar.offseq.com/threat/cve-20 #OffSeq #CVE202640189 #GoLang #infosec

##
offseq@infosec.exchange at 2026-04-11T00:00:40.000Z ##

🚨 CVE-2026-40189: goshs <2.0.0-beta.4 has a CRITICAL auth bypass. Attackers can upload, delete, and remove folder auth to access protected files. Mitigate by upgrading now! radar.offseq.com/threat/cve-20 #OffSeq #CVE202640189 #infosec #GoLang

##

CVE-2026-40168
(8.2 HIGH)

EPSS: 0.04%

updated 2026-04-10T20:16:22.643000

2 posts

Postiz is an AI social media scheduling tool. Prior to 2.21.5, the /api/public/stream endpoint is vulnerable to SSRF. Although the application validates the initially supplied URL and blocks direct private/internal hosts, it does not re-validate the final destination after HTTP redirects. As a result, an attacker can supply a public HTTPS URL that passes validation and then redirects the server-si

thehackerwire@mastodon.social at 2026-04-11T04:01:41.000Z ##

🟠 CVE-2026-40168 - High (8.2)

Postiz is an AI social media scheduling tool. Prior to 2.21.5, the /api/public/stream endpoint is vulnerable to SSRF. Although the application validates the initially supplied URL and blocks direct private/internal hosts, it does not re-validate t...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T04:01:41.000Z ##

🟠 CVE-2026-40168 - High (8.2)

Postiz is an AI social media scheduling tool. Prior to 2.21.5, the /api/public/stream endpoint is vulnerable to SSRF. Although the application validates the initially supplied URL and blocks direct private/internal hosts, it does not re-validate t...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40093
(9.1 CRITICAL)

EPSS: 0.06%

updated 2026-04-10T19:55:04

1 posts

### Impact Block timestamp validation enforces that `timestamp >= parent.timestamp` for non-skip blocks and `timestamp == parent.timestamp + MIN_PRODUCER_TIMEOUT` for skip blocks, but there is no visible upper bound check against the wall clock. A malicious block-producing validator can set block timestamps arbitrarily far in the future. This directly affects reward calculations via `Policy::supp

thehackerwire@mastodon.social at 2026-04-10T07:08:16.000Z ##

🟠 CVE-2026-40093 - High (8.1)

nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In 1.3.0 and earlier, block timestamp validation enforces that timestamp >= parent.timestamp for non-skip blocks and timestamp == parent.timestamp + MIN_PRODUCER_T...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-35641
(8.6 HIGH)

EPSS: 0.01%

updated 2026-04-10T19:45:22

2 posts

> Fixed in OpenClaw 2026.3.24, the current shipping release. ### Summary During the installation phase of OpenClaw local plugins/hooks, the Git executable can be hijacked by a project-level .npmrc file, leading to arbitrary code execution during installation. ### Details Please note that the source code locations mentioned below are based on version openclaw-2026.3.13-1, but the issue has been c

thehackerwire@mastodon.social at 2026-04-11T07:00:48.000Z ##

🟠 CVE-2026-35641 - High (7.8)

OpenClaw before 2026.3.24 contains an arbitrary code execution vulnerability in local plugin and hook installation that allows attackers to execute malicious code by crafting a .npmrc file with a git executable override. During npm install executi...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T07:00:48.000Z ##

🟠 CVE-2026-35641 - High (7.8)

OpenClaw before 2026.3.24 contains an arbitrary code execution vulnerability in local plugin and hook installation that allows attackers to execute malicious code by crafting a .npmrc file with a git executable override. During npm install executi...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-35650
(7.5 HIGH)

EPSS: 0.06%

updated 2026-04-10T19:41:05

2 posts

## Summary Gateway host exec env override handling did not consistently apply the shared host environment policy, so blocked or malformed override keys could slip through inconsistent sanitization paths. ## Affected Packages / Versions - Package: `openclaw` (npm) - Affected: < 2026.3.22 - Fixed: >= 2026.3.22 - Latest released tag checked: `v2026.3.23-2` (`630f1479c44f78484dfa21bb407cbe6f171dac87`

thehackerwire@mastodon.social at 2026-04-11T07:00:35.000Z ##

🟠 CVE-2026-35650 - High (7.5)

OpenClaw before 2026.3.22 contains an environment variable override handling vulnerability that allows attackers to bypass the shared host environment policy through inconsistent sanitization paths. Attackers can supply blocked or malformed overri...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T07:00:35.000Z ##

🟠 CVE-2026-35650 - High (7.5)

OpenClaw before 2026.3.22 contains an environment variable override handling vulnerability that allows attackers to bypass the shared host environment policy through inconsistent sanitization paths. Attackers can supply blocked or malformed overri...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-35643
(8.8 HIGH)

EPSS: 0.04%

updated 2026-04-10T19:38:05

4 posts

## Summary Android Canvas WebView pages from untrusted origins could invoke the JavascriptInterface bridge and inject instructions into the app. ## Affected Packages / Versions - Package: `openclaw` (npm) - Affected: < 2026.3.22 - Fixed: >= 2026.3.22 - Latest released tag checked: `v2026.3.23-2` (`630f1479c44f78484dfa21bb407cbe6f171dac87`) - Latest published npm version checked: `2026.3.23-2` ##

thehackerwire@mastodon.social at 2026-04-11T07:03:17.000Z ##

🟠 CVE-2026-35643 - High (8.8)

OpenClaw before 2026.3.22 contains an unvalidated WebView JavascriptInterface vulnerability allowing attackers to inject arbitrary instructions. Untrusted pages can invoke the canvas bridge to execute malicious code within the Android application ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T07:02:07.000Z ##

🟠 CVE-2026-35643 - High (8.8)

OpenClaw before 2026.3.22 contains an unvalidated WebView JavascriptInterface vulnerability allowing attackers to inject arbitrary instructions. Untrusted pages can invoke the canvas bridge to execute malicious code within the Android application ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T07:03:17.000Z ##

🟠 CVE-2026-35643 - High (8.8)

OpenClaw before 2026.3.22 contains an unvalidated WebView JavascriptInterface vulnerability allowing attackers to inject arbitrary instructions. Untrusted pages can invoke the canvas bridge to execute malicious code within the Android application ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T07:02:07.000Z ##

🟠 CVE-2026-35643 - High (8.8)

OpenClaw before 2026.3.22 contains an unvalidated WebView JavascriptInterface vulnerability allowing attackers to inject arbitrary instructions. Untrusted pages can invoke the canvas bridge to execute malicious code within the Android application ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40157(CVSS UNKNOWN)

EPSS: 0.07%

updated 2026-04-10T19:28:01

2 posts

| Field | Value | |---|---| | Severity | Critical | | Type | Path traversal -- arbitrary file write via `tar.extract()` without member validation | | Affected | `src/praisonai/praisonai/cli/features/recipe.py:1170-1172` | ## Summary `cmd_unpack` in the recipe CLI extracts `.praison` tar archives using raw `tar.extract()` without validating archive member paths. A `.praison` bundle containing `..

offseq at 2026-04-11T07:30:28.249Z ##

🚨 CRITICAL: CVE-2026-40157 in PraisonAI (<4.5.128) enables path traversal via malicious .praison bundles — risk: file overwrite & code execution. Patch to 4.5.128+ & avoid untrusted archives. Full details: radar.offseq.com/threat/cve-20

##
offseq@infosec.exchange at 2026-04-11T07:30:28.000Z ##

🚨 CRITICAL: CVE-2026-40157 in PraisonAI (<4.5.128) enables path traversal via malicious .praison bundles — risk: file overwrite & code execution. Patch to 4.5.128+ & avoid untrusted archives. Full details: radar.offseq.com/threat/cve-20 #OffSeq #PraisonAI #infosec #vuln

##

CVE-2026-40156
(7.8 HIGH)

EPSS: 0.02%

updated 2026-04-10T19:26:45

2 posts

PraisonAI automatically loads a file named `tools.py` from the current working directory to discover and register custom agent tools. This loading process uses `importlib.util.spec_from_file_location` and immediately executes module-level code via `spec.loader.exec_module()` **without explicit user consent, validation, or sandboxing**. The `tools.py` file is loaded **implicitly**, even when it is

thehackerwire@mastodon.social at 2026-04-11T06:10:40.000Z ##

🟠 CVE-2026-40156 - High (7.8)

PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI automatically loads a file named tools.py from the current working directory to discover and register custom agent tools. This loading process uses importlib.util.spec_from_file_...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T06:10:40.000Z ##

🟠 CVE-2026-40156 - High (7.8)

PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI automatically loads a file named tools.py from the current working directory to discover and register custom agent tools. This loading process uses importlib.util.spec_from_file_...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40158
(8.6 HIGH)

EPSS: 0.03%

updated 2026-04-10T19:25:40

4 posts

PraisonAI's AST-based Python sandbox can be bypassed using `type.__getattribute__` trampoline, allowing arbitrary code execution when running untrusted agent code. ## Description The `_execute_code_direct` function in `praisonaiagents/tools/python_tools.py` uses AST filtering to block dangerous Python attributes like `__subclasses__`, `__globals__`, and `__bases__`. However, the filter only chec

thehackerwire@mastodon.social at 2026-04-11T06:14:02.000Z ##

🟠 CVE-2026-40158 - High (8.6)

PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI's AST-based Python sandbox can be bypassed using type.__getattribute__ trampoline, allowing arbitrary code execution when running untrusted agent code. The _execute_code_direct f...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T06:10:50.000Z ##

🟠 CVE-2026-40158 - High (8.6)

PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI's AST-based Python sandbox can be bypassed using type.__getattribute__ trampoline, allowing arbitrary code execution when running untrusted agent code. The _execute_code_direct f...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T06:14:02.000Z ##

🟠 CVE-2026-40158 - High (8.6)

PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI's AST-based Python sandbox can be bypassed using type.__getattribute__ trampoline, allowing arbitrary code execution when running untrusted agent code. The _execute_code_direct f...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T06:10:50.000Z ##

🟠 CVE-2026-40158 - High (8.6)

PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI's AST-based Python sandbox can be bypassed using type.__getattribute__ trampoline, allowing arbitrary code execution when running untrusted agent code. The _execute_code_direct f...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40149
(7.9 HIGH)

EPSS: 0.01%

updated 2026-04-10T19:24:13

1 posts

## Summary The gateway's `/api/approval/allow-list` endpoint permits unauthenticated modification of the tool approval allowlist when no `auth_token` is configured (the default). By adding dangerous tool names (e.g., `shell_exec`, `file_write`) to the allowlist, an attacker can cause the `ExecApprovalManager` to auto-approve all future agent invocations of those tools, bypassing the human-in-the-

thehackerwire@mastodon.social at 2026-04-10T04:32:53.000Z ##

🟠 CVE-2026-40149 - High (7.9)

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the gateway's /api/approval/allow-list endpoint permits unauthenticated modification of the tool approval allowlist when no auth_token is configured (the default). By adding dangerous tool...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40150
(7.7 HIGH)

EPSS: 0.03%

updated 2026-04-10T19:23:58

1 posts

## Summary The `web_crawl()` function in `praisonaiagents/tools/web_crawl_tools.py` accepts arbitrary URLs from AI agents with zero validation. No scheme allowlisting, hostname/IP blocklisting, or private network checks are applied before fetching. This allows an attacker (or prompt injection in crawled content) to force the agent to fetch cloud metadata endpoints, internal services, or local fil

thehackerwire@mastodon.social at 2026-04-10T05:00:16.000Z ##

🟠 CVE-2026-40150 - High (7.7)

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the web_crawl() function in praisonaiagents/tools/web_crawl_tools.py accepts arbitrary URLs from AI agents with zero validation. No scheme allowlisting, hostname/IP blocklisting, or ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40113
(8.4 HIGH)

EPSS: 0.02%

updated 2026-04-10T19:22:37

1 posts

**Summary** deploy.py constructs a single comma-delimited string for the gcloud run deploy --set-env-vars argument by directly interpolating openai_model, openai_key, and openai_base without validating that these values do not contain commas. gcloud uses a comma as the key-value pair separator for --set-env-vars. A comma in any of the three values causes gcloud to parse the trailing text as addit

thehackerwire@mastodon.social at 2026-04-10T05:00:37.000Z ##

🟠 CVE-2026-40113 - High (8.4)

PraisonAI is a multi-agent teams system. Prior to 4.5.128, deploy.py constructs a single comma-delimited string for the gcloud run
deploy --set-env-vars argument by directly interpolating openai_model, openai_key, and openai_base without validatin...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-34179
(9.1 CRITICAL)

EPSS: 0.09%

updated 2026-04-10T19:20:52

1 posts

### Summary A restricted TLS certificate user can escalate to cluster admin by changing their certificate type from `client` to `server` via PUT/PATCH to `/1.0/certificates/{fingerprint}`. The non-admin guard and reset block in `doCertificateUpdate` fail to validate or reset the `Type` field, allowing a caller-supplied value to persist to the database. The modified certificate is matched as a ser

offseq@infosec.exchange at 2026-04-09T10:30:26.000Z ##

🚨 CRITICAL: CVE-2026-34179 in Canonical LXD 4.12 – 6.7 enables privilege escalation from restricted TLS cert user to cluster admin (CVSS 9.1). No patch yet — restrict access & monitor API activity. radar.offseq.com/threat/cve-20 #OffSeq #LXD #PrivilegeEscalation #Vuln

##

CVE-2026-33707
(9.4 CRITICAL)

EPSS: 0.07%

updated 2026-04-10T19:16:23.950000

6 posts

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, the default password reset mechanism generates tokens using sha1($email) with no random component, no expiration, and no rate limiting. An attacker who knows a user's email can compute the reset token and change the victim's password without authentication. This vulnerability is fixed in 1.11.38 and 2.0.0-RC.3.

offseq at 2026-04-11T16:00:13.870Z ##

CVE-2026-33707: Chamilo LMS (CRITICAL) password reset flaw — reset tokens are sha1(email), no randomness or expiry. Attackers with an email can hijack accounts. Affected: <1.11.38, 2.0.0-alpha.1 – <2.0.0-RC.3. Patch now! radar.offseq.com/threat/cve-20

##
thehackerwire@mastodon.social at 2026-04-11T04:49:18.000Z ##

🔴 CVE-2026-33707 - Critical (9.4)

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, the default password reset mechanism generates tokens using sha1($email) with no random component, no expiration, and no rate limiting. An attacker who knows a user's em...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
offseq at 2026-04-11T03:00:27.899Z ##

🔒 CRITICAL vuln in Chamilo LMS (CVE-2026-33707): Weak password reset lets attackers hijack accounts using only the victim’s email. Affected: <1.11.38, 2.0.0-alpha.1 to <2.0.0-RC.3. Upgrade ASAP! radar.offseq.com/threat/cve-20

##
offseq@infosec.exchange at 2026-04-11T16:00:13.000Z ##

CVE-2026-33707: Chamilo LMS (CRITICAL) password reset flaw — reset tokens are sha1(email), no randomness or expiry. Attackers with an email can hijack accounts. Affected: <1.11.38, 2.0.0-alpha.1 – <2.0.0-RC.3. Patch now! radar.offseq.com/threat/cve-20 #OffSeq #infosec #CVE #LMS

##
thehackerwire@mastodon.social at 2026-04-11T04:49:18.000Z ##

🔴 CVE-2026-33707 - Critical (9.4)

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, the default password reset mechanism generates tokens using sha1($email) with no random component, no expiration, and no rate limiting. An attacker who knows a user's em...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
offseq@infosec.exchange at 2026-04-11T03:00:27.000Z ##

🔒 CRITICAL vuln in Chamilo LMS (CVE-2026-33707): Weak password reset lets attackers hijack accounts using only the victim’s email. Affected: <1.11.38, 2.0.0-alpha.1 to <2.0.0-RC.3. Upgrade ASAP! radar.offseq.com/threat/cve-20 #OffSeq #infosec #vuln #Chamilo

##

CVE-2026-33698
(0 None)

EPSS: 0.05%

updated 2026-04-10T19:16:23.033000

4 posts

Chamilo LMS is a learning management system. Prior to 1.11.38, a chained attack can enable otherwise-blocked PHP code from the main/install/ directory and allow an unauthenticated attacker to modify existing files or create new files where allowed by system permissions. This only affects portals with the main/install/ directory still present and read-accessible. This vulnerability is fixed in 1.11

offseq at 2026-04-11T17:30:11.997Z ##

Chamilo LMS <1.11.38 is vulnerable (CVE-2026-33698, CVSS 9.3, CRITICAL): unauth attackers can execute PHP & modify files if main/install/ is accessible. Upgrade to 1.11.38 + restrict dir access. More: radar.offseq.com/threat/cve-20

##
offseq at 2026-04-11T04:30:29.943Z ##

🔔 CVE-2026-33698: Chamilo LMS (<1.11.38) has a CRITICAL flaw — exposed install/ dir lets unauth attackers execute PHP & modify files. Upgrade to 1.11.38+ & restrict install/ directory access now! Details: radar.offseq.com/threat/cve-20

##
offseq@infosec.exchange at 2026-04-11T17:30:11.000Z ##

Chamilo LMS <1.11.38 is vulnerable (CVE-2026-33698, CVSS 9.3, CRITICAL): unauth attackers can execute PHP & modify files if main/install/ is accessible. Upgrade to 1.11.38 + restrict dir access. More: radar.offseq.com/threat/cve-20 #OffSeq #Chamilo #Vuln #LMS

##
offseq@infosec.exchange at 2026-04-11T04:30:29.000Z ##

🔔 CVE-2026-33698: Chamilo LMS (<1.11.38) has a CRITICAL flaw — exposed install/ dir lets unauth attackers execute PHP & modify files. Upgrade to 1.11.38+ & restrict install/ directory access now! Details: radar.offseq.com/threat/cve-20 #OffSeq #Chamilo #Vuln

##

CVE-2026-33618
(8.8 HIGH)

EPSS: 0.05%

updated 2026-04-10T19:16:22.853000

2 posts

Chamilo LMS is a learning management system. Prior to .0.0-RC.3, the PlatformConfigurationController::decodeSettingArray() method uses PHP's eval() to parse platform settings from the database. An attacker with admin access (obtainable via Advisory 1) can inject arbitrary PHP code into the settings, which is then executed when any user (including unauthenticated) requests /platform-config/list. Th

thehackerwire@mastodon.social at 2026-04-11T05:00:19.000Z ##

🟠 CVE-2026-33618 - High (8.8)

Chamilo LMS is a learning management system. Prior to .0.0-RC.3, the PlatformConfigurationController::decodeSettingArray() method uses PHP's eval() to parse platform settings from the database. An attacker with admin access (obtainable via Advisor...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T05:00:19.000Z ##

🟠 CVE-2026-33618 - High (8.8)

Chamilo LMS is a learning management system. Prior to .0.0-RC.3, the PlatformConfigurationController::decodeSettingArray() method uses PHP's eval() to parse platform settings from the database. An attacker with admin access (obtainable via Advisor...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6067
(7.5 HIGH)

EPSS: 0.06%

updated 2026-04-10T18:32:22

2 posts

A heap buffer overflow vulnerability exists in the Netwide Assembler (NASM) due to a lack of bounds checking in the obj_directive() function. This vulnerability can be exploited by a user assembling a malicious .asm file, potentially leading to heap memory corruption, denial of service (crash), and arbitrary code execution.

thehackerwire@mastodon.social at 2026-04-11T07:03:27.000Z ##

🟠 CVE-2026-6067 - High (7.5)

A heap buffer overflow vulnerability exists in the Netwide Assembler (NASM) due to a lack of bounds checking in the obj_directive() function. This vulnerability can be exploited by a user assembling a malicious .asm file, potentially leading to he...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T07:03:27.000Z ##

🟠 CVE-2026-6067 - High (7.5)

A heap buffer overflow vulnerability exists in the Netwide Assembler (NASM) due to a lack of bounds checking in the obj_directive() function. This vulnerability can be exploited by a user assembling a malicious .asm file, potentially leading to he...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40200
(8.2 HIGH)

EPSS: 0.01%

updated 2026-04-10T18:31:28

3 posts

An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical).

thehackerwire@mastodon.social at 2026-04-11T06:00:20.000Z ##

🟠 CVE-2026-40200 - High (8.1)

An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i....

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T06:00:20.000Z ##

🟠 CVE-2026-40200 - High (8.1)

An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i....

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
musl@treehouse.systems at 2026-04-10T15:25:41.000Z ##

SECURITY ADVISORY: musl libc up through 1.2.6 (present version) is affected by CVE-2026-40200 affecting qsort with large arrays.

Unless you have a setup with at least tens of terrabytes of virtual memory, this does not affect 64-bit systems, only 32-bit ones. But all users should patch.

openwall.com/lists/musl/2026/0

##

CVE-2026-40163
(8.2 HIGH)

EPSS: 0.08%

updated 2026-04-10T18:16:46.233000

2 posts

Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.5, 1.5.5, and 1.6.0-beta.4, the POST /sync/offline_changes endpoint allows an unauthenticated attacker to create arbitrary directories and write a changes.json file with attacker-controlled JSON content anywhere on the server filesystem. The GET /sync/upload_finished endpoint allows an unauthenticated attack

thehackerwire@mastodon.social at 2026-04-11T05:00:29.000Z ##

🟠 CVE-2026-40163 - High (8.2)

Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.5, 1.5.5, and 1.6.0-beta.4, the POST /sync/offline_changes endpoint allows an unauthenticated attacker to create arbitrary directories and write a changes.j...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T05:00:29.000Z ##

🟠 CVE-2026-40163 - High (8.2)

Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.5, 1.5.5, and 1.6.0-beta.4, the POST /sync/offline_changes endpoint allows an unauthenticated attacker to create arbitrary directories and write a changes.j...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32892
(9.1 CRITICAL)

EPSS: 0.19%

updated 2026-04-10T18:16:41.797000

4 posts

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains an OS Command Injection vulnerability in the file move function. The move() function in fileManage.lib.php passes user-controlled path values directly into exec() shell commands without using escapeshellarg(). When a user moves a document via document.php, the move_to POST parameter — which only pass

offseq at 2026-04-11T06:00:27.091Z ##

Chamilo LMS CRITICAL vuln (CVE-2026-32892): OS Command Injection via move_to POST param in fileManage.lib.php. Auth'd teachers can run arbitrary commands as www-data. Patch: 1.11.38/2.0.0-RC.3. Details: radar.offseq.com/threat/cve-20

##
thehackerwire@mastodon.social at 2026-04-11T06:00:07.000Z ##

🔴 CVE-2026-32892 - Critical (9.1)

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains an OS Command Injection vulnerability in the file move function. The move() function in fileManage.lib.php passes user-controlled path values direct...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
offseq@infosec.exchange at 2026-04-11T06:00:27.000Z ##

Chamilo LMS CRITICAL vuln (CVE-2026-32892): OS Command Injection via move_to POST param in fileManage.lib.php. Auth'd teachers can run arbitrary commands as www-data. Patch: 1.11.38/2.0.0-RC.3. Details: radar.offseq.com/threat/cve-20 #OffSeq #Chamilo #CVE202632892 #infosec

##
thehackerwire@mastodon.social at 2026-04-11T06:00:07.000Z ##

🔴 CVE-2026-32892 - Critical (9.1)

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains an OS Command Injection vulnerability in the file move function. The move() function in fileManage.lib.php passes user-controlled path values direct...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-31939
(8.3 HIGH)

EPSS: 0.04%

updated 2026-04-10T18:16:41.313000

2 posts

Chamilo LMS is a learning management system. Prior to 1.11.38, there is a path traversal in main/exercise/savescores.php leading to arbitrary file feletion. User input from $_REQUEST['test'] is concatenated directly into filesystem path without canonicalization or traversal checks. This vulnerability is fixed in 1.11.38.

thehackerwire@mastodon.social at 2026-04-11T05:03:30.000Z ##

🟠 CVE-2026-31939 - High (8.3)

Chamilo LMS is a learning management system. Prior to 1.11.38, there is a path traversal in main/exercise/savescores.php leading to arbitrary file feletion. User input from $_REQUEST['test'] is concatenated directly into filesystem path without ca...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T05:03:30.000Z ##

🟠 CVE-2026-31939 - High (8.3)

Chamilo LMS is a learning management system. Prior to 1.11.38, there is a path traversal in main/exercise/savescores.php leading to arbitrary file feletion. User input from $_REQUEST['test'] is concatenated directly into filesystem path without ca...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-35669(CVSS UNKNOWN)

EPSS: 0.04%

updated 2026-04-10T17:29:55

2 posts

## Summary Gateway Plugin HTTP auth: "gateway" Mints operator.admin Runtime Scope ## Affected Packages / Versions - Package: `openclaw` - Affected versions: `<= 2026.3.24` - First patched version: `2026.3.25` - Latest published npm version at verification time: `2026.3.24` ## Details Gateway-authenticated plugin HTTP routes previously created a runtime scope set that included `operator.admin`

thehackerwire@mastodon.social at 2026-04-11T06:11:00.000Z ##

🟠 CVE-2026-35669 - High (8.8)

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in gateway-authenticated plugin HTTP routes that incorrectly mint operator.admin runtime scope regardless of caller-granted scopes. Attackers can exploit this scope boundary b...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T06:11:00.000Z ##

🟠 CVE-2026-35669 - High (8.8)

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in gateway-authenticated plugin HTTP routes that incorrectly mint operator.admin runtime scope regardless of caller-granted scopes. Attackers can exploit this scope boundary b...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-35668
(7.7 HIGH)

EPSS: 0.05%

updated 2026-04-10T17:29:40

4 posts

> Fixed in OpenClaw 2026.3.24, the current shipping release. ### Advisory Details **Title**: Sandbox Media Root Bypass via Unnormalized `mediaUrl` / `fileUrl` Parameter Keys (CWE-22) **Description**: ### Summary A path traversal vulnerability in the agent sandbox enforcement allows a sandboxed agent to read arbitrary files from other agents' workspaces by using the `mediaUrl` or `fileUrl` parame

thehackerwire@mastodon.social at 2026-04-11T06:14:10.000Z ##

🟠 CVE-2026-35668 - High (7.7)

OpenClaw before 2026.3.24 contains a path traversal vulnerability in sandbox enforcement allowing sandboxed agents to read arbitrary files from other agents' workspaces via unnormalized mediaUrl or fileUrl parameter keys. Attackers can exploit inc...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T06:11:01.000Z ##

🟠 CVE-2026-35668 - High (7.7)

OpenClaw before 2026.3.24 contains a path traversal vulnerability in sandbox enforcement allowing sandboxed agents to read arbitrary files from other agents' workspaces via unnormalized mediaUrl or fileUrl parameter keys. Attackers can exploit inc...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T06:14:10.000Z ##

🟠 CVE-2026-35668 - High (7.7)

OpenClaw before 2026.3.24 contains a path traversal vulnerability in sandbox enforcement allowing sandboxed agents to read arbitrary files from other agents' workspaces via unnormalized mediaUrl or fileUrl parameter keys. Attackers can exploit inc...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T06:11:01.000Z ##

🟠 CVE-2026-35668 - High (7.7)

OpenClaw before 2026.3.24 contains a path traversal vulnerability in sandbox enforcement allowing sandboxed agents to read arbitrary files from other agents' workspaces via unnormalized mediaUrl or fileUrl parameter keys. Attackers can exploit inc...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-35663(CVSS UNKNOWN)

EPSS: 0.04%

updated 2026-04-10T17:28:09

2 posts

## Summary Gateway Backend Reconnect lets Non-Admin Operator Scopes Self-Claim operator.admin ## Affected Packages / Versions - Package: `openclaw` - Affected versions: `<= 2026.3.24` - First patched version: `2026.3.25` - Latest published npm version at verification time: `2026.3.24` ## Details Backend-labeled reconnects could previously self-request broader scopes and bypass pairing, allowi

thehackerwire@mastodon.social at 2026-04-11T06:11:10.000Z ##

🟠 CVE-2026-35663 - High (8.8)

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability allowing non-admin operators to self-request broader scopes during backend reconnect. Attackers can bypass pairing requirements to reconnect as operator.admin, gaining unautho...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T06:11:10.000Z ##

🟠 CVE-2026-35663 - High (8.8)

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability allowing non-admin operators to self-request broader scopes during backend reconnect. Attackers can bypass pairing requirements to reconnect as operator.admin, gaining unautho...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-35653
(8.1 HIGH)

EPSS: 0.04%

updated 2026-04-10T17:24:51

2 posts

> Fixed in OpenClaw 2026.3.24, the current shipping release. # Title `browser.request` still allows `POST /reset-profile` through the `operator.write` surface in OpenClaw `v2026.3.22` after `GHSA-vmhq-cqm9-6p7q` ## Severity Assessment High CWE: - `CWE-863: Incorrect Authorization` Proposed CVSS v3.1: - `8.1` (`CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H`) An authenticated caller who only

thehackerwire@mastodon.social at 2026-04-11T07:00:21.000Z ##

🟠 CVE-2026-35653 - High (8.1)

OpenClaw before 2026.3.24 contains an incorrect authorization vulnerability in the POST /reset-profile endpoint that allows authenticated callers with operator.write access to browser.request to bypass profile mutation restrictions. Attackers can ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T07:00:21.000Z ##

🟠 CVE-2026-35653 - High (8.1)

OpenClaw before 2026.3.24 contains an incorrect authorization vulnerability in the POST /reset-profile endpoint that allows authenticated callers with operator.write access to browser.request to bypass profile mutation restrictions. Attackers can ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40036
(7.5 HIGH)

EPSS: 0.10%

updated 2026-04-10T17:18:38

1 posts

### Summary The compressed data parser uses `zlib.decompress()` without a maximum output size. A small, highly compressed payload can expand to a very large output, causing memory exhaustion and denial of service. ### Details - `unfurl/parsers/parse_compressed.py` calls `zlib.decompress(decoded)` with no size limit. - Inputs are accepted from URL components that match base64 patterns. - Highly co

thehackerwire@mastodon.social at 2026-04-09T04:00:21.000Z ##

🟠 CVE-2026-40036 - High (7.5)

Unfurl before 2026.04 contains an unbounded zlib decompression vulnerability in parse_compressed.py that allows remote attackers to cause denial of service. Attackers can submit highly compressed payloads via URL parameters to the /json/visjs end...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-35666
(8.8 HIGH)

EPSS: 0.04%

updated 2026-04-10T17:17:08.680000

2 posts

OpenClaw before 2026.3.22 contains an allowlist bypass vulnerability in system.run approvals that fails to unwrap /usr/bin/time wrappers. Attackers can bypass executable binding restrictions by using an unregistered time wrapper to reuse approval state for inner commands.

thehackerwire@mastodon.social at 2026-04-11T06:11:20.000Z ##

🟠 CVE-2026-35666 - High (8.8)

OpenClaw before 2026.3.22 contains an allowlist bypass vulnerability in system.run approvals that fails to unwrap /usr/bin/time wrappers. Attackers can bypass executable binding restrictions by using an unregistered time wrapper to reuse approval ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T06:11:20.000Z ##

🟠 CVE-2026-35666 - High (8.8)

OpenClaw before 2026.3.22 contains an allowlist bypass vulnerability in system.run approvals that fails to unwrap /usr/bin/time wrappers. Attackers can bypass executable binding restrictions by using an unregistered time wrapper to reuse approval ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-35660
(8.1 HIGH)

EPSS: 0.04%

updated 2026-04-10T17:17:07.493000

2 posts

OpenClaw before 2026.3.23 contains an insufficient access control vulnerability in the Gateway agent /reset endpoint that allows callers with operator.write permission to reset admin sessions. Attackers with operator.write privileges can invoke /reset or /new messages with an explicit sessionKey to bypass operator.admin requirements and reset arbitrary sessions.

thehackerwire@mastodon.social at 2026-04-11T06:14:19.000Z ##

🟠 CVE-2026-35660 - High (8.1)

OpenClaw before 2026.3.23 contains an insufficient access control vulnerability in the Gateway agent /reset endpoint that allows callers with operator.write permission to reset admin sessions. Attackers with operator.write privileges can invoke /r...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T06:14:19.000Z ##

🟠 CVE-2026-35660 - High (8.1)

OpenClaw before 2026.3.23 contains an insufficient access control vulnerability in the Gateway agent /reset endpoint that allows callers with operator.write permission to reset admin sessions. Attackers with operator.write privileges can invoke /r...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-35595
(8.3 HIGH)

EPSS: 0.03%

updated 2026-04-10T17:17:02.910000

2 posts

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CanUpdate check at pkg/models/project_permissions.go:139-148 only requires CanWrite on the new parent project when changing parent_project_id. However, Vikunja's permission model uses a recursive CTE that walks up the project hierarchy to compute permissions. Moving a project under a different parent changes the pe

thehackerwire@mastodon.social at 2026-04-11T07:02:14.000Z ##

🟠 CVE-2026-35595 - High (8.3)

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CanUpdate check at pkg/models/project_permissions.go:139-148 only requires CanWrite on the new parent project when changing parent_project_id. However, Vikunja's p...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T07:02:14.000Z ##

🟠 CVE-2026-35595 - High (8.3)

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CanUpdate check at pkg/models/project_permissions.go:139-148 only requires CanWrite on the new parent project when changing parent_project_id. However, Vikunja's p...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-23869
(7.5 HIGH)

EPSS: 0.32%

updated 2026-04-10T15:35:39

1 posts

## Impact A denial of service vulnerability exists in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack versions 19.0.0, 19.1.0 and 19.2.0. The vulnerability is triggered by sending specially crafted HTTP requests to Server Function endpoints. The payload of the HTTP request causes excessive CPU usage for up t

2 repos

https://github.com/yohannslm/CVE-2026-23869

https://github.com/cybertechajju/CVE-2026-23869-Exploit

thehackerwire@mastodon.social at 2026-04-09T05:14:48.000Z ##

🟠 CVE-2026-23869 - High (7.5)

A denial of service vulnerability exists in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack and react-server-dom-webpack (versions 19.0.0 through 19.0.4, 19.1.0 through 19.1.5, and 19....

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-5804
(7.5 HIGH)

EPSS: 0.07%

updated 2026-04-10T15:32:07

2 posts

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Case Themes Case Theme User allows PHP Local File Inclusion.This issue affects Case Theme User: from n/a before 1.0.4.

thehackerwire@mastodon.social at 2026-04-11T07:05:02.000Z ##

🟠 CVE-2025-5804 - High (7.5)

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Case Themes Case Theme User allows PHP Local File Inclusion.This issue affects Case Theme User: from n/a before 1.0.4.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T07:05:02.000Z ##

🟠 CVE-2025-5804 - High (7.5)

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Case Themes Case Theme User allows PHP Local File Inclusion.This issue affects Case Theme User: from n/a before 1.0.4.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-58913
(8.1 HIGH)

EPSS: 0.11%

updated 2026-04-10T15:32:07

2 posts

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CactusThemes VideoPro allows PHP Local File Inclusion.This issue affects VideoPro: from n/a through 2.3.8.1.

thehackerwire@mastodon.social at 2026-04-11T07:04:51.000Z ##

🟠 CVE-2025-58913 - High (8.1)

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CactusThemes VideoPro allows PHP Local File Inclusion.This issue affects VideoPro: from n/a through 2.3.8.1.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T07:04:51.000Z ##

🟠 CVE-2025-58913 - High (8.1)

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CactusThemes VideoPro allows PHP Local File Inclusion.This issue affects VideoPro: from n/a through 2.3.8.1.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40217
(8.8 HIGH)

EPSS: 0.19%

updated 2026-04-10T15:32:07

2 posts

LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via bytecode rewriting at the /guardrails/test_custom_code URI.

thehackerwire@mastodon.social at 2026-04-11T07:03:37.000Z ##

🟠 CVE-2026-40217 - High (8.8)

LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via bytecode rewriting at the /guardrails/test_custom_code URI.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T07:03:37.000Z ##

🟠 CVE-2026-40217 - High (8.8)

LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via bytecode rewriting at the /guardrails/test_custom_code URI.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40088
(9.7 CRITICAL)

EPSS: 0.05%

updated 2026-04-10T14:41:51

1 posts

The `execute_command` function and workflow shell execution are exposed to user-controlled input via agent workflows, YAML definitions, and LLM-generated tool calls, allowing attackers to inject arbitrary shell commands through shell metacharacters. --- ## Description PraisonAI's workflow system and command execution tools pass user-controlled input directly to `subprocess.run()` with `shell=Tr

thehackerwire@mastodon.social at 2026-04-10T07:10:58.000Z ##

🔴 CVE-2026-40088 - Critical (9.6)

PraisonAI is a multi-agent teams system. Prior to 4.5.121, the execute_command function and workflow shell execution are exposed to user-controlled input via agent workflows, YAML definitions, and LLM-generated tool calls, allowing attackers to in...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33092
(7.8 HIGH)

EPSS: 0.01%

updated 2026-04-10T14:16:34.880000

2 posts

Local privilege escalation due to improper handling of environment variables. The following products are affected: Acronis True Image OEM (macOS) before build 42571, Acronis True Image (macOS) before build 42902.

thehackerwire@mastodon.social at 2026-04-11T07:04:41.000Z ##

🟠 CVE-2026-33092 - High (7.8)

Local privilege escalation due to improper handling of environment variables. The following products are affected: Acronis True Image OEM (macOS) before build 42571, Acronis True Image (macOS) before build 42902.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T07:04:41.000Z ##

🟠 CVE-2026-33092 - High (7.8)

Local privilege escalation due to improper handling of environment variables. The following products are affected: Acronis True Image OEM (macOS) before build 42571, Acronis True Image (macOS) before build 42902.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5412
(9.9 CRITICAL)

EPSS: 0.04%

updated 2026-04-10T13:16:45.780000

2 posts

In Juju versions prior to 2.9.57 and 3.6.21, an authorization issue exists in the Controller facade. An authenticated user can call the CloudSpec API method to extract the cloud credentials used to bootstrap the controller. This allows a low-privileged user to access sensitive credentials. This issue is resolved in Juju versions 2.9.57 and 3.6.21.

thehackerwire@mastodon.social at 2026-04-11T07:06:33.000Z ##

🔴 CVE-2026-5412 - Critical (9.9)

In Juju versions prior to 2.9.57 and 3.6.21, an authorization issue exists in the Controller facade. An authenticated user can call the CloudSpec API method to extract the cloud credentials used to bootstrap the controller. This allows a low-privi...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T07:06:33.000Z ##

🔴 CVE-2026-5412 - Critical (9.9)

In Juju versions prior to 2.9.57 and 3.6.21, an authorization issue exists in the Controller facade. An authenticated user can call the CloudSpec API method to extract the cloud credentials used to bootstrap the controller. This allows a low-privi...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6029
(9.8 CRITICAL)

EPSS: 0.89%

updated 2026-04-10T07:16:22

1 posts

A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setVpnAccountCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument User results in os command injection. The attack may be launched remotely. The exploit is now public and may be used.

offseq@infosec.exchange at 2026-04-10T07:30:30.000Z ##

⚠️ CVE-2026-6029 (CRITICAL, CVSS 9.3): Totolink A7100RU firmware 7.4cu.2313_b20191024 is vulnerable to unauthenticated OS command injection via setVpnAccountCfg. No patch yet — restrict access and monitor for updates. radar.offseq.com/threat/cve-20 #OffSeq #CVE20266029 #Infosec

##

CVE-2026-6025
(9.8 CRITICAL)

EPSS: 0.89%

updated 2026-04-10T06:31:49

1 posts

A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument enable leads to os command injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.

thehackerwire@mastodon.social at 2026-04-10T06:59:55.000Z ##

🔴 CVE-2026-6025 - Critical (9.8)

A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument enable leads to os command injection. ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6016
(8.8 HIGH)

EPSS: 0.05%

updated 2026-04-10T06:31:44

1 posts

A vulnerability was found in Tenda AC9 15.03.02.13. The affected element is the function decodePwd of the file /goform/WizardHandle of the component POST Request Handler. Performing a manipulation of the argument WANS results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made public and could be used.

thehackerwire@mastodon.social at 2026-04-10T07:00:15.000Z ##

🟠 CVE-2026-6016 - High (8.8)

A vulnerability was found in Tenda AC9 15.03.02.13. The affected element is the function decodePwd of the file /goform/WizardHandle of the component POST Request Handler. Performing a manipulation of the argument WANS results in stack-based buffer...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6015
(8.8 HIGH)

EPSS: 0.05%

updated 2026-04-10T06:31:44

1 posts

A vulnerability has been found in Tenda AC9 15.03.02.13. Impacted is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. Such manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

thehackerwire@mastodon.social at 2026-04-10T07:00:05.000Z ##

🟠 CVE-2026-6015 - High (8.8)

A vulnerability has been found in Tenda AC9 15.03.02.13. Impacted is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. Such manipulation of the argument PPPOEPassword leads to stack-based buffer over...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6013
(8.8 HIGH)

EPSS: 0.04%

updated 2026-04-10T06:31:44

1 posts

A vulnerability was detected in D-Link DIR-513 1.10. This vulnerability affects the function formSetRoute of the file /goform/formSetRoute of the component POST Request Handler. The manipulation of the argument curTime results in buffer overflow. The attack may be performed from remote. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported

thehackerwire@mastodon.social at 2026-04-10T05:46:25.000Z ##

🟠 CVE-2026-6013 - High (8.8)

A vulnerability was detected in D-Link DIR-513 1.10. This vulnerability affects the function formSetRoute of the file /goform/formSetRoute of the component POST Request Handler. The manipulation of the argument curTime results in buffer overflow. ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6012
(8.8 HIGH)

EPSS: 0.04%

updated 2026-04-10T06:31:44

1 posts

A security vulnerability has been detected in D-Link DIR-513 1.10. This affects the function formSetPassword of the file /goform/formSetPassword of the component POST Request Handler. The manipulation of the argument curTime leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. This vulnerability only affects products

thehackerwire@mastodon.social at 2026-04-10T05:46:15.000Z ##

🟠 CVE-2026-6012 - High (8.8)

A security vulnerability has been detected in D-Link DIR-513 1.10. This affects the function formSetPassword of the file /goform/formSetPassword of the component POST Request Handler. The manipulation of the argument curTime leads to buffer overfl...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6014
(8.8 HIGH)

EPSS: 0.04%

updated 2026-04-10T05:16:07.510000

1 posts

A flaw has been found in D-Link DIR-513 1.10. This issue affects the function formAdvanceSetup of the file /goform/formAdvanceSetup of the component POST Request Handler. This manipulation of the argument webpage causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been published and may be used. This vulnerability only affects products that are no longer support

thehackerwire@mastodon.social at 2026-04-10T05:46:35.000Z ##

🟠 CVE-2026-6014 - High (8.8)

A flaw has been found in D-Link DIR-513 1.10. This issue affects the function formAdvanceSetup of the file /goform/formAdvanceSetup of the component POST Request Handler. This manipulation of the argument webpage causes buffer overflow. It is poss...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5996
(9.8 CRITICAL)

EPSS: 0.89%

updated 2026-04-10T03:31:16

2 posts

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setAdvancedInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument tty_server leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.

offseq@infosec.exchange at 2026-04-10T04:30:29.000Z ##

⚠️ CRITICAL: CVE-2026-5996 in Totolink A7100RU (7.4cu.2313_b20191024) enables unauthenticated OS command injection via /cgi-bin/cstecgi.cgi. No patch yet — restrict remote access & monitor devices. More: radar.offseq.com/threat/cve-20 #OffSeq #Vulnerability #IoTSecurity

##
thehackerwire@mastodon.social at 2026-04-10T03:01:02.000Z ##

🔴 CVE-2026-5996 - Critical (9.8)

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setAdvancedInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument tty_serve...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5993
(9.8 CRITICAL)

EPSS: 0.89%

updated 2026-04-10T03:31:16

1 posts

A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability affects the function setWiFiGuestCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument wifiOff leads to os command injection. The attack can be executed remotely. The exploit is publicly available and might be used.

thehackerwire@mastodon.social at 2026-04-10T03:27:55.000Z ##

🔴 CVE-2026-5993 - Critical (9.8)

A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability affects the function setWiFiGuestCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument wifiOff leads to os c...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-25203
(7.8 HIGH)

EPSS: 0.01%

updated 2026-04-10T03:31:16

1 posts

Samsung MagicINFO 9 Server Incorrect Default Permissions Local Privilege Escalation Vulnerability This issue affects MagicINFO 9 Server: less than 21.1091.1.

thehackerwire@mastodon.social at 2026-04-10T03:02:50.000Z ##

🟠 CVE-2026-25203 - High (7.8)

Samsung MagicINFO 9 Server Incorrect Default Permissions Local Privilege Escalation Vulnerability

This issue affects MagicINFO 9 Server: less than 21.1091.1.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4351
(8.1 HIGH)

EPSS: 0.06%

updated 2026-04-10T03:31:16

1 posts

The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to, and including, 2.5.9. This is due to the `PMCS::action_handler()` method processing the bulk action `activate`/`deactivate` handlers without any authorization check or nonce verification. The `$_GET['snippets'][]` values are passed unsanitized to `Snippet::activate()`/`Snippet::

thehackerwire@mastodon.social at 2026-04-10T03:02:39.000Z ##

🟠 CVE-2026-4351 - High (8.1)

The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to, and including, 2.5.9. This is due to the `PMCS::action_handler()` method processing the bulk action `activate`/`deactivate` ha...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-3360
(7.5 HIGH)

EPSS: 0.10%

updated 2026-04-10T03:31:16

1 posts

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to an Insecure Direct Object Reference in all versions up to, and including, 3.9.7. This is due to missing authentication and authorization checks in the `pay_incomplete_order()` function. The function accepts an attacker-controlled `order_id` parameter and uses it to look up order data, then writes billing fie

thehackerwire@mastodon.social at 2026-04-10T03:01:23.000Z ##

🟠 CVE-2026-3360 - High (7.5)

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to an Insecure Direct Object Reference in all versions up to, and including, 3.9.7. This is due to missing authentication and authorization checks in the `pa...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5997
(9.8 CRITICAL)

EPSS: 0.89%

updated 2026-04-10T02:16:04.247000

2 posts

A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setLoginPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument admpass results in os command injection. It is possible to launch the attack remotely. The exploit is now public and may be used.

thehackerwire@mastodon.social at 2026-04-10T03:01:14.000Z ##

🔴 CVE-2026-5997 - Critical (9.8)

A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setLoginPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument admpass results in os c...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
offseq@infosec.exchange at 2026-04-10T03:00:28.000Z ##

Totolink A7100RU (7.4cu.2313_b20191024) hit by CRITICAL OS command injection (CVE-2026-5997) — remote, unauthenticated code execution possible. No patch yet. Disable remote management & limit access! radar.offseq.com/threat/cve-20 #OffSeq #CVE20265997 #RouterSecurity #Vuln

##

CVE-2026-33170(CVSS UNKNOWN)

EPSS: 0.01%

updated 2026-04-10T01:59:00

2 posts

### Impact `SafeBuffer#%` does not propagate the `@html_unsafe` flag to the newly created buffer. If a `SafeBuffer` is mutated in place (e.g. via `gsub!`) and then formatted with `%` using untrusted arguments, the result incorrectly reports `html_safe? == true`, bypassing ERB auto-escaping and possibly leading to XSS. ### Releases The fixed releases are available at the normal locations. ### Cre

vitobotta@mastodon.social at 2026-04-10T21:54:37.000Z ##

CVE-2026-33170 is fascinating because it breaks Rails' own XSS protection system. SafeBuffer#% operator fails to propagate the html_unsafe flag when creating new buffers, so content that should be escaped gets marked as safe.

It's a flaw in the security mechanism itself, not just another injection point. Rails apps using SafeBuffer with the % operator for formatting could be exposing XSS vulnerabilities without realising their protection layer is compromised.

##
vitobotta@mastodon.social at 2026-04-10T21:54:37.000Z ##

CVE-2026-33170 is fascinating because it breaks Rails' own XSS protection system. SafeBuffer#% operator fails to propagate the html_unsafe flag when creating new buffers, so content that should be escaped gets marked as safe.

It's a flaw in the security mechanism itself, not just another injection point. Rails apps using SafeBuffer with the % operator for formatting could be exposing XSS vulnerabilities without realising their protection layer is compromised.

##

CVE-2026-5995
(9.8 CRITICAL)

EPSS: 0.89%

updated 2026-04-10T01:16:42.490000

2 posts

A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function setMiniuiHomeInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument lan_info can lead to os command injection. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.

thehackerwire@mastodon.social at 2026-04-10T03:27:46.000Z ##

🔴 CVE-2026-5995 - Critical (9.8)

A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function setMiniuiHomeInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument lan_info can lead to os...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
offseq@infosec.exchange at 2026-04-10T01:30:28.000Z ##

🛑 CRITICAL: CVE-2026-5995 in Totolink A7100RU (7.4cu.2313_b20191024) enables remote, unauthenticated OS command injection via /cgi-bin/cstecgi.cgi. No patch yet — disable remote mgmt & restrict access. radar.offseq.com/threat/cve-20 #OffSeq #Infosec #Vulnerability

##

CVE-2026-5994
(9.8 CRITICAL)

EPSS: 0.89%

updated 2026-04-10T01:16:42.280000

2 posts

A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This issue affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument telnet_enabled results in os command injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks.

offseq@infosec.exchange at 2026-04-10T06:00:28.000Z ##

⚠️ CVE-2026-5994: CRITICAL OS command injection in Totolink A7100RU (7.4cu.2313_b20191024). Remote attackers can run OS commands via setTelnetCfg. No patch yet; public exploit released. Restrict access & monitor traffic. radar.offseq.com/threat/cve-20 #OffSeq #Vuln #RouterSecurity

##
thehackerwire@mastodon.social at 2026-04-10T03:03:00.000Z ##

🔴 CVE-2026-5994 - Critical (9.8)

A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This issue affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument telnet_enabled resu...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-35638
(8.8 HIGH)

EPSS: 0.04%

updated 2026-04-10T00:30:38

1 posts

OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the Control UI that allows unauthenticated sessions to retain self-declared privileged scopes without device identity verification. Attackers can exploit the device-less allow path in the trusted-proxy mechanism to maintain elevated permissions by declaring arbitrary scopes, bypassing device identity requirements.

thehackerwire@mastodon.social at 2026-04-10T05:53:46.000Z ##

🟠 CVE-2026-35638 - High (8.8)

OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the Control UI that allows unauthenticated sessions to retain self-declared privileged scopes without device identity verification. Attackers can exploit the device-less al...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5984
(8.8 HIGH)

EPSS: 0.02%

updated 2026-04-10T00:30:38

1 posts

A vulnerability was identified in D-Link DIR-605L 2.13B01. Impacted is the function formSetLog of the file /goform/formSetLog of the component POST Request Handler. The manipulation of the argument curTime leads to buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supp

thehackerwire@mastodon.social at 2026-04-10T04:03:34.000Z ##

🟠 CVE-2026-5984 - High (8.8)

A vulnerability was identified in D-Link DIR-605L 2.13B01. Impacted is the function formSetLog of the file /goform/formSetLog of the component POST Request Handler. The manipulation of the argument curTime leads to buffer overflow. The attack is p...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5983
(8.8 HIGH)

EPSS: 0.04%

updated 2026-04-10T00:30:38

1 posts

A vulnerability was determined in D-Link DIR-605L 2.13B01. This issue affects the function formSetDDNS of the file /goform/formSetDDNS of the component POST Request Handler. Executing a manipulation of the argument curTime can lead to buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are

thehackerwire@mastodon.social at 2026-04-10T04:03:25.000Z ##

🟠 CVE-2026-5983 - High (8.8)

A vulnerability was determined in D-Link DIR-605L 2.13B01. This issue affects the function formSetDDNS of the file /goform/formSetDDNS of the component POST Request Handler. Executing a manipulation of the argument curTime can lead to buffer overf...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5988
(8.8 HIGH)

EPSS: 0.05%

updated 2026-04-10T00:30:38

1 posts

A vulnerability was detected in Tenda F451 1.0.0.7. This impacts the function formWrlsafeset of the file /goform/AdvSetWrlsafeset. Performing a manipulation of the argument mit_ssid results in stack-based buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used.

thehackerwire@mastodon.social at 2026-04-10T03:59:52.000Z ##

🟠 CVE-2026-5988 - High (8.8)

A vulnerability was detected in Tenda F451 1.0.0.7. This impacts the function formWrlsafeset of the file /goform/AdvSetWrlsafeset. Performing a manipulation of the argument mit_ssid results in stack-based buffer overflow. The attack can be initiat...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5992
(8.8 HIGH)

EPSS: 0.05%

updated 2026-04-10T00:30:38

1 posts

A vulnerability was determined in Tenda F451 1.0.0.7. This affects the function fromP2pListFilter of the file /goform/P2pListFilter. This manipulation of the argument page causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.

thehackerwire@mastodon.social at 2026-04-10T03:45:35.000Z ##

🟠 CVE-2026-5992 - High (8.8)

A vulnerability was determined in Tenda F451 1.0.0.7. This affects the function fromP2pListFilter of the file /goform/P2pListFilter. This manipulation of the argument page causes stack-based buffer overflow. Remote exploitation of the attack is po...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5991
(8.8 HIGH)

EPSS: 0.05%

updated 2026-04-10T00:30:38

1 posts

A vulnerability was found in Tenda F451 1.0.0.7. Affected by this issue is the function formWrlExtraSet of the file /goform/WrlExtraSet. The manipulation of the argument GO results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been made public and could be used.

thehackerwire@mastodon.social at 2026-04-10T03:45:25.000Z ##

🟠 CVE-2026-5991 - High (8.8)

A vulnerability was found in Tenda F451 1.0.0.7. Affected by this issue is the function formWrlExtraSet of the file /goform/WrlExtraSet. The manipulation of the argument GO results in stack-based buffer overflow. The attack may be launched remotel...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5989
(8.8 HIGH)

EPSS: 0.05%

updated 2026-04-10T00:30:38

1 posts

A flaw has been found in Tenda F451 1.0.0.7. Affected is the function fromRouteStatic of the file /goform/RouteStatic. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be used.

thehackerwire@mastodon.social at 2026-04-10T03:28:06.000Z ##

🟠 CVE-2026-5989 - High (8.8)

A flaw has been found in Tenda F451 1.0.0.7. Affected is the function fromRouteStatic of the file /goform/RouteStatic. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack can be launched remotely. The ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-13914
(8.7 HIGH)

EPSS: 0.03%

updated 2026-04-10T00:30:37

1 posts

A Key Exchange without Entity Authentication vulnerability in the SSH implementation of Juniper Networks Apstra allows a unauthenticated, MITM attacker to impersonate managed devices. Due to insufficient SSH host key validation an attacker can perform a machine-in-the-middle attack on the SSH connections from Apstra to managed devices, enabling an attacker to impersonate a managed device and ca

thehackerwire@mastodon.social at 2026-04-10T06:11:33.000Z ##

🟠 CVE-2025-13914 - High (8.7)

A Key Exchange without Entity Authentication vulnerability in the SSH implementation of Juniper Networks Apstra allows a unauthenticated, MITM

attacker to impersonate managed devices.

Due to insufficient SSH host key validation an attacker can ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33785
(8.8 HIGH)

EPSS: 0.01%

updated 2026-04-10T00:30:37

1 posts

A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on MX Series allows a local, authenticated user with low privileges to execute specific commands which will lead to a complete compromise of managed devices. Any user logged in, without requiring specific privileges, can issue 'request csds' CLI operational commands. These commands are only meant to be executed by high

thehackerwire@mastodon.social at 2026-04-10T06:08:19.000Z ##

🟠 CVE-2026-33785 - High (8.8)

A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on MX Series allows a local, authenticated user with low privileges to execute specific commands which will lead to a complete compromise of managed devices.

Any user l...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33784
(9.8 CRITICAL)

EPSS: 0.04%

updated 2026-04-10T00:30:37

1 posts

A Use of Default Password vulnerability in the Juniper Networks Support Insights (JSI) Virtual Lightweight Collector (vLWC) allows an unauthenticated, network-based attacker to take full control of the device. vLWC software images ship with an initial password for a high privileged account. A change of this password is not enforced during the provisioning of the software, which can make full

thehackerwire@mastodon.social at 2026-04-10T06:08:10.000Z ##

🔴 CVE-2026-33784 - Critical (9.8)

A Use of Default Password vulnerability in the Juniper Networks

Support Insights (JSI)

Virtual Lightweight Collector (vLWC) allows an unauthenticated, network-based attacker to take full control of the device.

vLWC software images ship with a...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33790
(7.5 HIGH)

EPSS: 0.04%

updated 2026-04-10T00:30:37

1 posts

An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an attacker sending a specific, malformed ICMPv6 packet to cause the srxpfe process to crash and restart. Continued receipt and processing of these packets will repeatedly crash the srxpfe process and sustain the Denial of Service (DoS) condition. Duri

thehackerwire@mastodon.social at 2026-04-10T06:08:01.000Z ##

🟠 CVE-2026-33790 - High (7.5)

An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an attacker sending a specific, malformed ICMPv6 packet to cause the srxpfe process to crash and res...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-34512
(8.1 HIGH)

EPSS: 0.03%

updated 2026-04-10T00:30:37

1 posts

OpenClaw before 2026.3.25 contains an improper access control vulnerability in the HTTP /sessions/:sessionKey/kill route that allows any bearer-authenticated user to invoke admin-level session termination functions without proper scope validation. Attackers can exploit this by sending authenticated requests to kill arbitrary subagent sessions via the killSubagentRunAdmin function, bypassing owners

thehackerwire@mastodon.social at 2026-04-10T06:00:05.000Z ##

🟠 CVE-2026-34512 - High (8.1)

OpenClaw before 2026.3.25 contains an improper access control vulnerability in the HTTP /sessions/:sessionKey/kill route that allows any bearer-authenticated user to invoke admin-level session termination functions without proper scope validation....

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33793
(7.8 HIGH)

EPSS: 0.01%

updated 2026-04-10T00:30:37

1 posts

An Execution with Unnecessary Privileges vulnerability in the User Interface (UI) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to gain root privileges, thus compromising the system. When a configuration that allows unsigned Python op scripts is present on the device, a non-root user is able to execute malicious op scripts as a root-equivalent user, lea

thehackerwire@mastodon.social at 2026-04-10T05:59:55.000Z ##

🟠 CVE-2026-33793 - High (7.8)

An Execution with Unnecessary Privileges vulnerability in the User Interface (UI) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to gain root privileges, thus compromising the system.

When a configurat...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33788
(7.8 HIGH)

EPSS: 0.02%

updated 2026-04-10T00:30:30

1 posts

A Missing Authentication for Critical Function vulnerability in the Flexible PIC Concentrators (FPCs) of Juniper Networks Junos OS Evolved on PTX Series allows a local, authenticated attacker with low privileges to gain direct access to FPCs installed in the device. A local user with low privileges can gain direct access to the installed FPCs as a high privileged user, which can potentially lead

thehackerwire@mastodon.social at 2026-04-10T06:00:17.000Z ##

🟠 CVE-2026-33788 - High (7.8)

A Missing Authentication for Critical Function vulnerability in the Flexible PIC Concentrators (FPCs) of Juniper Networks Junos OS Evolved on PTX Series allows a local, authenticated attacker with low privileges to gain direct access to FPCs insta...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5990
(8.8 HIGH)

EPSS: 0.05%

updated 2026-04-10T00:16:36.363000

1 posts

A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is the function fromSafeEmailFilter of the file /goform/SafeEmailFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

thehackerwire@mastodon.social at 2026-04-10T03:45:16.000Z ##

🟠 CVE-2026-5990 - High (8.8)

A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is the function fromSafeEmailFilter of the file /goform/SafeEmailFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack ma...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-34424
(9.8 CRITICAL)

EPSS: 0.15%

updated 2026-04-09T23:17:00.540000

2 posts

Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-stage remote access toolkit injected through a compromised update system that allows unauthenticated attackers to execute arbitrary code and commands. Attackers can trigger pre-authentication remote shell execution via HTTP headers, establish authenticated backdoors accepting arbitrary PHP code or OS commands, create hid

thehackerwire@mastodon.social at 2026-04-10T04:00:03.000Z ##

🔴 CVE-2026-34424 - Critical (9.8)

Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-stage remote access toolkit injected through a compromised update system that allows unauthenticated attackers to execute arbitrary code and commands. Attackers can trig...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
offseq@infosec.exchange at 2026-04-10T00:00:38.000Z ##

⚠️ CVE-2026-34424 (CRITICAL): Smart Slider 3 Pro 3.5.1.35 for WordPress/Joomla has embedded malicious code via a compromised update system. Unauth RCE, backdoors, hidden admins, data exfil possible. Remove plugin & monitor. No fix yet. radar.offseq.com/threat/cve-20 #OffSeq #WordPress #Infosec

##

CVE-2026-5982
(8.8 HIGH)

EPSS: 0.04%

updated 2026-04-09T22:16:37.467000

1 posts

A vulnerability was found in D-Link DIR-605L 2.13B01. This vulnerability affects the function formAdvNetwork of the file /goform/formAdvNetwork of the component POST Request Handler. Performing a manipulation of the argument curTime results in buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used. This vulnerability only affects products

thehackerwire@mastodon.social at 2026-04-10T04:03:15.000Z ##

🟠 CVE-2026-5982 - High (8.8)

A vulnerability was found in D-Link DIR-605L 2.13B01. This vulnerability affects the function formAdvNetwork of the file /goform/formAdvNetwork of the component POST Request Handler. Performing a manipulation of the argument curTime results in buf...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5981
(8.8 HIGH)

EPSS: 0.04%

updated 2026-04-09T22:16:37.233000

1 posts

A vulnerability has been found in D-Link DIR-605L 2.13B01. This affects the function formAdvFirewall of the file /goform/formAdvFirewall of the component POST Request Handler. Such manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no long

thehackerwire@mastodon.social at 2026-04-10T04:00:13.000Z ##

🟠 CVE-2026-5981 - High (8.8)

A vulnerability has been found in D-Link DIR-605L 2.13B01. This affects the function formAdvFirewall of the file /goform/formAdvFirewall of the component POST Request Handler. Such manipulation of the argument curTime leads to buffer overflow. The...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40154
(9.3 CRITICAL)

EPSS: 0.03%

updated 2026-04-09T22:16:36.503000

2 posts

PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI treats remotely fetched template files as trusted executable code without integrity verification, origin validation, or user confirmation, enabling supply chain attacks through malicious templates. This vulnerability is fixed in 4.5.128.

Matchbook3469@mastodon.social at 2026-04-10T23:04:20.000Z ##

🔴 New security advisory:

CVE-2026-40154 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
yazoul.net/advisory/cve/cve-20

#Cybersecurity #SecurityPatching #HackerNews

##
thehackerwire@mastodon.social at 2026-04-10T04:32:34.000Z ##

🔴 CVE-2026-40154 - Critical (9.3)

PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI treats remotely fetched template files as trusted executable code without integrity verification, origin validation, or user confirmation, enabling supply chain attacks through m...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40116
(7.5 HIGH)

EPSS: 0.03%

updated 2026-04-09T22:16:35.297000

1 posts

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /media-stream WebSocket endpoint in PraisonAI's call module accepts connections from any client without authentication or Twilio signature validation. Each connection opens an authenticated session to OpenAI's Realtime API using the server's API key. There are no limits on concurrent connections, message rate, or message size, allowing

thehackerwire@mastodon.social at 2026-04-10T04:32:44.000Z ##

🟠 CVE-2026-40116 - High (7.5)

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /media-stream WebSocket endpoint in PraisonAI's call module accepts connections from any client without authentication or Twilio signature validation. Each connection opens an authenti...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-35645
(8.1 HIGH)

EPSS: 0.03%

updated 2026-04-09T22:16:34.050000

1 posts

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in the gateway plugin subagent fallback deleteSession function that uses a synthetic operator.admin runtime scope. Attackers can exploit this by triggering session deletion without a request-scoped client to execute privileged operations with unintended administrative scope.

thehackerwire@mastodon.social at 2026-04-10T05:00:26.000Z ##

🟠 CVE-2026-35645 - High (8.1)

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in the gateway plugin subagent fallback deleteSession function that uses a synthetic operator.admin runtime scope. Attackers can exploit this by triggering session deletion wi...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-35625
(7.8 HIGH)

EPSS: 0.03%

updated 2026-04-09T22:16:30.867000

1 posts

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where silent local shared-auth reconnects auto-approve scope-upgrade requests, widening paired device permissions from operator.read to operator.admin. Attackers can exploit this by triggering local reconnection to silently escalate privileges and achieve remote code execution on the node.

thehackerwire@mastodon.social at 2026-04-10T05:54:06.000Z ##

🟠 CVE-2026-35625 - High (7.8)

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where silent local shared-auth reconnects auto-approve scope-upgrade requests, widening paired device permissions from operator.read to operator.admin. Attackers can exploit t...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33778
(7.5 HIGH)

EPSS: 0.06%

updated 2026-04-09T22:16:26.500000

1 posts

An Improper Validation of Syntactic Correctness of Input vulnerability in the IPsec library used by kmd and iked of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated, network-based attacker to cause a complete Denial-of-Service (DoS). If an affected device receives a specifically malformed first ISAKMP packet from the initiator, the kmd/iked process will crash and r

thehackerwire@mastodon.social at 2026-04-10T06:11:24.000Z ##

🟠 CVE-2026-33778 - High (7.5)

An Improper Validation of Syntactic Correctness of Input vulnerability in the IPsec library used by kmd and iked of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated, network-based attacker to cause a complete Denial...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5979
(8.8 HIGH)

EPSS: 0.04%

updated 2026-04-09T21:31:37

1 posts

A vulnerability was detected in D-Link DIR-605L 2.13B01. Affected by this vulnerability is the function formVirtualServ of the file /goform/formVirtualServ of the component POST Request Handler. The manipulation of the argument curTime results in buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. This vulnerability only affects products that are no lon

thehackerwire@mastodon.social at 2026-04-10T07:07:56.000Z ##

🟠 CVE-2026-5979 - High (8.8)

A vulnerability was detected in D-Link DIR-605L 2.13B01. Affected by this vulnerability is the function formVirtualServ of the file /goform/formVirtualServ of the component POST Request Handler. The manipulation of the argument curTime results in ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5980
(8.8 HIGH)

EPSS: 0.04%

updated 2026-04-09T21:31:37

1 posts

A flaw has been found in D-Link DIR-605L 2.13B01. Affected by this issue is the function formSetMACFilter of the file /goform/formSetMACFilter of the component POST Request Handler. This manipulation of the argument curTime causes buffer overflow. The attack may be initiated remotely. The exploit has been published and may be used. This vulnerability only affects products that are no longer suppor

thehackerwire@mastodon.social at 2026-04-10T06:11:43.000Z ##

🟠 CVE-2026-5980 - High (8.8)

A flaw has been found in D-Link DIR-605L 2.13B01. Affected by this issue is the function formSetMACFilter of the file /goform/formSetMACFilter of the component POST Request Handler. This manipulation of the argument curTime causes buffer overflow....

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5976
(9.8 CRITICAL)

EPSS: 0.89%

updated 2026-04-09T21:31:36

1 posts

A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setStorageCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument sambaEnabled results in os command injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.

thehackerwire@mastodon.social at 2026-04-10T07:08:35.000Z ##

🔴 CVE-2026-5976 - Critical (9.8)

A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setStorageCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument sambaEnabled results in ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5978
(9.8 CRITICAL)

EPSS: 0.89%

updated 2026-04-09T21:16:13.727000

1 posts

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument mode leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.

thehackerwire@mastodon.social at 2026-04-10T07:07:47.000Z ##

🔴 CVE-2026-5978 - Critical (9.8)

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument mode leads to os command ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5977
(9.8 CRITICAL)

EPSS: 0.89%

updated 2026-04-09T21:16:13.487000

1 posts

A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument wifiOff can lead to os command injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.

thehackerwire@mastodon.social at 2026-04-10T07:07:37.000Z ##

🔴 CVE-2026-5977 - Critical (9.8)

A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument wifiOff can lead to os comma...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5975
(9.8 CRITICAL)

EPSS: 0.89%

updated 2026-04-09T20:16:29.547000

1 posts

A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setDmzCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument wanIdx leads to os command injection. The attack may be performed from remote. The exploit is publicly available and might be used.

thehackerwire@mastodon.social at 2026-04-10T07:08:25.000Z ##

🔴 CVE-2026-5975 - Critical (9.8)

A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setDmzCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument wanIdx leads to os command inj...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-39987(CVSS UNKNOWN)

EPSS: 2.70%

updated 2026-04-09T19:06:18

2 posts

## Summary Marimo (19.6k stars) has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint `/terminal/ws` lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSocket endpoints (e.g., `/ws`) that correctly call `validate_auth()` for authentication, the `/terminal/ws` endpoint only checks the

Nuclei template

beyondmachines1 at 2026-04-11T08:01:09.743Z ##

Marimo Python Notebook RCE Exploited Hours After Disclosure

Marimo patched a critical RCE vulnerability (CVE-2026-39987) that was exploited within 10 hours of disclosure to steal cloud credentials and SSH keys. The flaw allows unauthenticated attackers to gain full interactive shell access via a WebSocket authentication bypass.

**If you're running Marimo notebooks, update to version 0.23.0 immediately and rotate any credentials (AWS keys, SSH keys, database passwords, API secrets) that were stored on or accessible from that system. If you can't update right away, block access to the /terminal/ws endpoint or put the notebook behind a reverse proxy with authentication and never expose notebook platforms directly to the internet.**

beyondmachines.net/event_detai

##
beyondmachines1@infosec.exchange at 2026-04-11T08:01:09.000Z ##

Marimo Python Notebook RCE Exploited Hours After Disclosure

Marimo patched a critical RCE vulnerability (CVE-2026-39987) that was exploited within 10 hours of disclosure to steal cloud credentials and SSH keys. The flaw allows unauthenticated attackers to gain full interactive shell access via a WebSocket authentication bypass.

**If you're running Marimo notebooks, update to version 0.23.0 immediately and rotate any credentials (AWS keys, SSH keys, database passwords, API secrets) that were stored on or accessible from that system. If you can't update right away, block access to the /terminal/ws endpoint or put the notebook behind a reverse proxy with authentication and never expose notebook platforms directly to the internet.**
#cybersecurity #infosec #attack #activeexploit
beyondmachines.net/event_detai

##

CVE-2026-39885
(7.5 HIGH)

EPSS: 0.03%

updated 2026-04-09T14:29:54

1 posts

## Summary The `mcp-from-openapi` library uses `@apidevtools/json-schema-ref-parser` to dereference `$ref` pointers in OpenAPI specifications without configuring any URL restrictions or custom resolvers. A malicious OpenAPI specification containing `$ref` values pointing to internal network addresses, cloud metadata endpoints, or local files will cause the library to fetch those resources during

thehackerwire@mastodon.social at 2026-04-09T05:00:17.000Z ##

🟠 CVE-2026-39885 - High (7.5)

FrontMCP is a TypeScript-first framework for the Model Context Protocol (MCP). Prior to 2.3.0, the mcp-from-openapi library uses @apidevtools/json-schema-ref-parser to dereference $ref pointers in OpenAPI specifications without configuring any URL...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-39891
(8.8 HIGH)

EPSS: 0.05%

updated 2026-04-09T14:29:51

2 posts

## Summary Direct insertion of unescaped user input into template-rendering tools allows arbitrary code execution via specially crafted agent instructions. ## Details The `create_agent_centric_tools()` function returns tools (like `acp_create_file`) that process file content using template rendering. When user input from `agent.start()` is passed directly into these tools without escaping (as show

thehackerwire@mastodon.social at 2026-04-09T04:35:53.000Z ##

🟠 CVE-2026-39891 - High (8.8)

PraisonAI is a multi-agent teams system. Prior to 4.5.115, the create_agent_centric_tools() function returns tools (like acp_create_file) that process file content using template rendering. When user input from agent.start() is passed directly int...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-09T04:19:59.000Z ##

🟠 CVE-2026-39891 - High (8.8)

PraisonAI is a multi-agent teams system. Prior to 4.5.115, the create_agent_centric_tools() function returns tools (like acp_create_file) that process file content using template rendering. When user input from agent.start() is passed directly int...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-39890
(9.8 CRITICAL)

EPSS: 0.29%

updated 2026-04-09T14:29:47

1 posts

## Summary The `AgentService.loadAgentFromFile` method uses the `js-yaml` library to parse YAML files without disabling dangerous tags (such as `!!js/function` and `!!js/undefined`). This allows an attacker to craft a malicious YAML file that, when parsed, executes arbitrary JavaScript code. An attacker can exploit this vulnerability by uploading a malicious agent definition file via the API endpo

thehackerwire@mastodon.social at 2026-04-09T04:19:54.000Z ##

🔴 CVE-2026-39890 - Critical (9.8)

PraisonAI is a multi-agent teams system. Prior to 4.5.115, the AgentService.loadAgentFromFile method uses the js-yaml library to parse YAML files without disabling dangerous tags (such as !!js/function and !!js/undefined). This allows an attacker ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-39889
(7.5 HIGH)

EPSS: 0.04%

updated 2026-04-09T14:29:17

2 posts

The A2U (Agent-to-User) event stream server in PraisonAI exposes all agent activity without authentication. This is a separate component from the gateway server fixed in CVE-2026-34952. The create_a2u_routes() function registers the following endpoints with NO authentication checks: - GET /a2u/info — exposes server info and stream names - POST /a2u/subscribe — creates event stream subscri

thehackerwire@mastodon.social at 2026-04-09T04:35:43.000Z ##

🟠 CVE-2026-39889 - High (7.5)

PraisonAI is a multi-agent teams system. Prior to 4.5.115, the A2U (Agent-to-User) event stream server in PraisonAI exposes all agent activity without authentication. The create_a2u_routes() function registers the following endpoints with NO authe...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-09T04:19:49.000Z ##

🟠 CVE-2026-39889 - High (7.5)

PraisonAI is a multi-agent teams system. Prior to 4.5.115, the A2U (Agent-to-User) event stream server in PraisonAI exposes all agent activity without authentication. The create_a2u_routes() function registers the following endpoints with NO authe...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-39888
(10.0 CRITICAL)

EPSS: 0.08%

updated 2026-04-09T14:29:06

1 posts

## Summary `execute_code()` in `praisonaiagents.tools.python_tools` defaults to `sandbox_mode="sandbox"`, which runs user code in a subprocess wrapped with a restricted `__builtins__` dict and an AST-based blocklist. The AST blocklist embedded inside the subprocess wrapper (`blocked_attrs`, line 143 of `python_tools.py`) contains only 11 attribute names — a strict subset of the 30+ names blocked

thehackerwire@mastodon.social at 2026-04-09T05:00:28.000Z ##

🔴 CVE-2026-39888 - Critical (9.9)

PraisonAI is a multi-agent teams system. Prior to 1.5.115, execute_code() in praisonaiagents.tools.python_tools defaults to sandbox_mode="sandbox", which runs user code in a subprocess wrapped with a restricted __builtins__ dict and an AST-based b...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-39429
(8.2 HIGH)

EPSS: 0.07%

updated 2026-04-09T14:28:53

1 posts

### Summary The cache server is directly exposed by the root shard and has no authentication or authorization in place. This allows anyone who can access the root shard to read and write to the cache server. ### Details The cache server is routed in the pre-mux chain in the shard code. The preHandlerChainMux is handled before any authn/authz in the cache server: https://github.com/kcp-dev/kcp

thehackerwire@mastodon.social at 2026-04-09T05:00:42.000Z ##

🟠 CVE-2026-39429 - High (8.2)

kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.30.3 and 0.29.3, the cache server is directly exposed by the root shard and has no authentication or authorization in place...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40035
(9.1 CRITICAL)

EPSS: 0.10%

updated 2026-04-09T14:16:32.387000

1 posts

Unfurl through 2025.08 contains an improper input validation vulnerability in config parsing that enables Flask debug mode by default. The debug configuration value is read as a string and passed directly to app.run(), causing any non-empty string to evaluate truthy, allowing attackers to access the Werkzeug debugger and disclose sensitive information or achieve remote code execution.

thehackerwire@mastodon.social at 2026-04-09T03:48:10.000Z ##

🔴 CVE-2026-40035 - Critical (9.1)

Unfurl through 2025.08 contains an improper input validation vulnerability in config parsing that enables Flask debug mode by default. The debug configuration value is read as a string and passed directly to app.run(), causing any non-empty string...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2024-1490
(7.2 HIGH)

EPSS: 0.08%

updated 2026-04-09T11:16:19.657000

1 posts

An authenticated remote attacker with high privileges can exploit the OpenVPN configuration via the web-based management interface of a WAGO PLC. If user-defined scripts are permitted, OpenVPN may allow the execution of arbitrary shell commands enabling the attacker to run arbitrary commands on the device.

certvde@infosec.exchange at 2026-04-09T10:58:20.000Z ##

#OT #Advisory VDE-2024-008
Wago: Vulnerability in WBM through Open VPN

A security vulnerability has been identified in the Web-Based Management (WBM) function when OpenVPN is enabled.
#CVE CVE-2024-1490

certvde.com/en/advisories/vde-
#oCSAF
#CSAF wago.csaf-tp.certvde.com/.well

##

CVE-2026-5853
(9.8 CRITICAL)

EPSS: 0.89%

updated 2026-04-09T09:31:57

1 posts

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setIpv6LanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument addrPrefixLen leads to os command injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.

thehackerwire@mastodon.social at 2026-04-09T07:38:51.000Z ##

🔴 CVE-2026-5853 - Critical (9.8)

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setIpv6LanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument addr...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5854
(9.8 CRITICAL)

EPSS: 0.23%

updated 2026-04-09T09:31:56

1 posts

A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument merge results in os command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.

thehackerwire@mastodon.social at 2026-04-09T07:39:00.000Z ##

🔴 CVE-2026-5854 - Critical (9.8)

A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument merge results in ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5852
(9.8 CRITICAL)

EPSS: 0.89%

updated 2026-04-09T07:16:04.130000

1 posts

A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument igmpVer causes os command injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks.

thehackerwire@mastodon.social at 2026-04-09T07:39:10.000Z ##

🔴 CVE-2026-5852 - Critical (9.8)

A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument igmpVer causes os command injection. The ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5850
(9.8 CRITICAL)

EPSS: 0.89%

updated 2026-04-09T06:30:36

2 posts

A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument pptpPassThru leads to os command injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.

offseq@infosec.exchange at 2026-04-09T09:00:51.000Z ##

🛑 CRITICAL: CVE-2026-5850 in Totolink A7100RU (fw 7.4cu.2313_b20191024) enables unauthenticated OS command injection via pptpPassThru. No patch yet — restrict access & monitor advisories. radar.offseq.com/threat/cve-20 #OffSeq #CVE20265850 #RouterSecurity #Infosec

##
thehackerwire@mastodon.social at 2026-04-09T06:37:44.000Z ##

🔴 CVE-2026-5850 - Critical (9.8)

A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument pptpPassThru leads to os command injec...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5844
(7.2 HIGH)

EPSS: 0.19%

updated 2026-04-09T06:30:36

1 posts

A vulnerability was found in D-Link DIR-882 1.01B02. Impacted is the function sprintf of the file prog.cgi of the component HNAP1 SetNetworkSettings Handler. The manipulation of the argument IPAddress results in os command injection. The attack may be performed from remote. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by

offseq@infosec.exchange at 2026-04-09T06:00:27.000Z ##

🔒 CVE-2026-5844: HIGH-severity OS command injection in D-Link DIR-882 (v1.01B02). Remote attackers can execute arbitrary OS commands. No official fix — upgrade or restrict remote access. Details: radar.offseq.com/threat/cve-20 #OffSeq #DLink #Vuln #RouterSecurity

##

CVE-2026-5851
(9.8 CRITICAL)

EPSS: 0.89%

updated 2026-04-09T06:30:35

2 posts

A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument enable results in os command injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.

offseq@infosec.exchange at 2026-04-09T07:30:28.000Z ##

🔒 CVE-2026-5851: CRITICAL OS command injection in Totolink A7100RU (7.4cu.2313_b20191024). Remote, unauthenticated RCE possible via /cgi-bin/cstecgi.cgi. Exploit public, no patch. Isolate device and check for updates! radar.offseq.com/threat/cve-20 #OffSeq #CVE20265851 #IoTSec

##
thehackerwire@mastodon.social at 2026-04-09T06:37:54.000Z ##

🔴 CVE-2026-5851 - Critical (9.8)

A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument enable results in os command injecti...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-1830
(9.8 CRITICAL)

EPSS: 0.18%

updated 2026-04-09T06:30:35

2 posts

The Quick Playground plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.1. This is due to insufficient authorization checks on REST API endpoints that expose a sync code and allow arbitrary file uploads. This makes it possible for unauthenticated attackers to retrieve the sync code, upload PHP files with path traversal, and achieve remote code exe

thehackerwire@mastodon.social at 2026-04-09T05:17:09.000Z ##

🔴 CVE-2026-1830 - Critical (9.8)

The Quick Playground plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.1. This is due to insufficient authorization checks on REST API endpoints that expose a sync code and allow arbitrary file u...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
offseq@infosec.exchange at 2026-04-09T04:30:27.000Z ##

🚨 CVE-2026-1830: CRITICAL RCE in davidfcarr Quick Playground (WordPress ≤1.3.1). Unauthenticated users can upload PHP files via REST API flaw — patch or disable plugin now! radar.offseq.com/threat/cve-20 #OffSeq #WordPress #Infosec #CVE20261830

##

CVE-2026-40032
(7.8 HIGH)

EPSS: 0.02%

updated 2026-04-09T00:32:07

1 posts

UAC (Unix-like Artifacts Collector) before 3.3.0-rc1 contains a command injection vulnerability in the placeholder substitution and command execution pipeline where the _run_command() function passes constructed command strings directly to eval without proper sanitization. Attackers can inject shell metacharacters or command substitutions through attacker-controlled inputs including %line% values

thehackerwire@mastodon.social at 2026-04-09T04:19:44.000Z ##

🟠 CVE-2026-40032 - High (7.8)

UAC (Unix-like Artifacts Collector) before 3.3.0-rc1 contains a command injection vulnerability in the placeholder substitution and command execution pipeline where the _run_command() function passes constructed command strings directly to eval wi...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40029
(7.8 HIGH)

EPSS: 0.02%

updated 2026-04-09T00:32:07

1 posts

parseusbs before 1.9 contains an OS command injection vulnerability in parseUSBs.py where LNK file paths are passed unsanitized into an os.popen() shell command, allowing arbitrary command execution via crafted .lnk filenames containing shell metacharacters. An attacker can craft a .lnk filename with embedded shell metacharacters that execute arbitrary commands on the forensic examiner's machine d

thehackerwire@mastodon.social at 2026-04-09T04:00:31.000Z ##

🟠 CVE-2026-40029 - High (7.8)

parseusbs before 1.9 contains an OS command injection vulnerability in parseUSBs.py where LNK file paths are passed unsanitized into an os.popen() shell command, allowing arbitrary command execution via crafted .lnk filenames containing shell meta...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-1092
(7.5 HIGH)

EPSS: 0.02%

updated 2026-04-09T00:32:01

1 posts

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an unauthenticated user to cause denial of service due to improper input validation of JSON payloads.

thehackerwire@mastodon.social at 2026-04-09T03:47:52.000Z ##

🟠 CVE-2026-1092 - High (7.5)

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an unauthenticated user to cause denial of service due to improper input validatio...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5173
(8.5 HIGH)

EPSS: 0.02%

updated 2026-04-08T23:17:00.220000

1 posts

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to invoke unintended server-side methods through websocket connections due to improper access control.

1 repos

https://github.com/0xBlackash/CVE-2026-5173

oversecurity@mastodon.social at 2026-04-10T06:50:26.000Z ##

GitLab Security Update Fixes High-Severity CVE-2026-5173, 11 Other Flaws

GitLab has rolled out a major security update to address a series of vulnerabilities impacting both its Community Edition (CE) and Enterprise

🔗️ [Thecyberexpress] link.is.it/Nf3eTg

##

CVE-2025-12664
(7.5 HIGH)

EPSS: 0.02%

updated 2026-04-08T23:16:56.200000

1 posts

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.0 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an unauthenticated user to cause denial of service by sending repeated GraphQL queries.

thehackerwire@mastodon.social at 2026-04-09T03:48:01.000Z ##

🟠 CVE-2025-12664 - High (7.5)

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.0 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an unauthenticated user to cause denial of service by sending repeated GraphQL quer...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40031
(7.8 HIGH)

EPSS: 0.01%

updated 2026-04-08T22:16:23.650000

2 posts

MemProcFS before 5.17 contains multiple unsafe library-loading patterns that enable DLL and shared-library hijacking across six attack surfaces, including bare-name LoadLibraryU and dlopen calls without path qualification for vmmpyc, libMSCompression, and plugin DLLs. An attacker who places a malicious DLL or shared library in the working directory or manipulates LD_LIBRARY_PATH can achieve arbitr

thehackerwire@mastodon.social at 2026-04-09T04:35:35.000Z ##

🟠 CVE-2026-40031 - High (7.8)

MemProcFS before 5.17 contains multiple unsafe library-loading patterns that enable DLL and shared-library hijacking across six attack surfaces, including bare-name LoadLibraryU and dlopen calls without path qualification for vmmpyc, libMSCompress...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-09T04:19:40.000Z ##

🟠 CVE-2026-40031 - High (7.8)

MemProcFS before 5.17 contains multiple unsafe library-loading patterns that enable DLL and shared-library hijacking across six attack surfaces, including bare-name LoadLibraryU and dlopen calls without path qualification for vmmpyc, libMSCompress...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40030
(7.8 HIGH)

EPSS: 0.02%

updated 2026-04-08T22:16:23.483000

1 posts

parseusbs before 1.9 contains an OS command injection vulnerability where the volume listing path argument (-v flag) is passed unsanitized into an os.popen() shell command with ls, allowing arbitrary command injection via crafted volume path arguments containing shell metacharacters. An attacker can provide a crafted volume path via the -v flag that injects arbitrary commands during volume content

thehackerwire@mastodon.social at 2026-04-09T04:00:44.000Z ##

🟠 CVE-2026-40030 - High (7.8)

parseusbs before 1.9 contains an OS command injection vulnerability where the volume listing path argument (-v flag) is passed unsanitized into an os.popen() shell command with ls, allowing arbitrary command injection via crafted volume path argum...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-1340
(9.8 CRITICAL)

EPSS: 67.82%

updated 2026-04-08T21:34:17

2 posts

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

2 repos

https://github.com/MehdiLeDeaut/CVE-2026-1281-Ivanti-EPMM-RCE

https://github.com/YunfeiGE18/CVE-2026-1281-CVE-2026-1340-Ivanti-EPMM-RCE

technadu@infosec.exchange at 2026-04-09T17:05:09.000Z ##

CISA adds CVE-2026-1340 (Ivanti EPMM) to KEV ⚠️

Active exploitation confirmed
Known vulns = real attack surface
Are KEVs in your patch priority?

Source: cisa.gov/news-events/alerts/20

💬 Engage
🔔 Follow TechNadu

#InfoSec #KEV #CISA #VulnMgmt

##
AAKL@infosec.exchange at 2026-04-09T16:59:23.000Z ##

CISA has added two industrial advisories today: cisa.gov/

An Ivanti vulnerability was added yesterday:

CVE-2026-1340: Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability cve.org/CVERecord?id=CVE-2026- #infosec #CISA #Ivanti #vulenrability

##

CVE-2026-5436
(8.1 HIGH)

EPSS: 0.18%

updated 2026-04-08T21:33:45

1 posts

The MW WP Form plugin for WordPress is vulnerable to Arbitrary File Move/Read in all versions up to and including 5.1.1. This is due to insufficient validation of the $name parameter (upload field key) passed to the generate_user_file_dirpath() function, which uses WordPress's path_join() — a function that returns absolute paths unchanged, discarding the intended base directory. The attacker-contr

thehackerwire@mastodon.social at 2026-04-09T04:20:03.000Z ##

🟠 CVE-2026-5436 - High (8.1)

The MW WP Form plugin for WordPress is vulnerable to Arbitrary File Move/Read in all versions up to and including 5.1.1. This is due to insufficient validation of the $name parameter (upload field key) passed to the generate_user_file_dirpath() fu...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-2942
(9.8 CRITICAL)

EPSS: 0.13%

updated 2026-04-08T21:33:41

1 posts

The ProSolution WP Client plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'proSol_fileUploadProcess' function in all versions up to, and including, 1.9.9. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

thehackerwire@mastodon.social at 2026-04-09T06:11:12.000Z ##

🔴 CVE-2026-2942 - Critical (9.8)

The ProSolution WP Client plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'proSol_fileUploadProcess' function in all versions up to, and including, 1.9.9. This makes it possible for unauthent...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-25776
(9.8 CRITICAL)

EPSS: 0.05%

updated 2026-04-08T21:26:35.910000

1 posts

Movable Type provided by Six Apart Ltd. contains a code injection vulnerability which may allow an attacker to execute arbitrary Perl script.

thehackerwire@mastodon.social at 2026-04-09T09:00:12.000Z ##

🔴 CVE-2026-25776 - Critical (9.8)

Movable Type provided by Six Apart Ltd. contains a code injection vulnerability which may allow an attacker to execute arbitrary Perl script.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-3396
(7.5 HIGH)

EPSS: 0.08%

updated 2026-04-08T21:26:13.410000

1 posts

WCAPF – WooCommerce Ajax Product Filter plugin is vulnerable to time-based SQL Injection via the 'post-author' parameter in all versions up to, and including, 4.2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queri

thehackerwire@mastodon.social at 2026-04-09T09:00:02.000Z ##

🟠 CVE-2026-3396 - High (7.5)

WCAPF – WooCommerce Ajax Product Filter plugin is vulnerable to time-based SQL Injection via the 'post-author' parameter in all versions up to, and including, 4.2.3 due to insufficient escaping on the user supplied parameter and lack of sufficie...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-3243
(8.8 HIGH)

EPSS: 0.20%

updated 2026-04-08T21:26:13.410000

1 posts

The Advanced Members for ACF plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the create_crop function in all versions up to, and including, 1.2.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right

thehackerwire@mastodon.social at 2026-04-09T08:00:34.000Z ##

🟠 CVE-2026-3243 - High (8.8)

The Advanced Members for ACF plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the create_crop function in all versions up to, and including, 1.2.5. This makes it possible for authenticated a...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5301
(7.6 HIGH)

EPSS: 0.02%

updated 2026-04-08T21:26:13.410000

1 posts

Stored XSS in log viewer in CoolerControl/coolercontrol-ui <4.0.0 allows unauthenticated attackers to take over the service via malicious JavaScript in poisoned log entries

thehackerwire@mastodon.social at 2026-04-09T07:15:33.000Z ##

🟠 CVE-2026-5301 - High (7.6)

Stored XSS in log viewer in CoolerControl/coolercontrol-ui &lt;4.0.0 allows unauthenticated attackers to take over the service via malicious JavaScript in poisoned log entries

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-39393
(8.1 HIGH)

EPSS: 0.01%

updated 2026-04-08T21:26:13.410000

1 posts

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the install route guard in ci4ms relies solely on a volatile cache check (cache('settings')) combined with .env file existence to block post-installation access to the setup wizard. When the database is temporarily unreachable during a cac

thehackerwire@mastodon.social at 2026-04-09T07:15:14.000Z ##

🟠 CVE-2026-39393 - High (8.1)

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the install route guard in ci4ms relies solely on a volatile cache check (cache('setti...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4498
(7.7 HIGH)

EPSS: 0.05%

updated 2026-04-08T21:26:13.410000

1 posts

Execution with Unnecessary Privileges (CWE-250) in Kibana’s Fleet plugin debug route handlers can lead reading index data beyond their direct Elasticsearch RBAC scope via Privilege Abuse (CAPEC-122). This requires an authenticated Kibana user with Fleet sub-feature privileges (such as agents, agent policies, and settings management).

thehackerwire@mastodon.social at 2026-04-09T07:00:18.000Z ##

🟠 CVE-2026-4498 - High (7.7)

Execution with Unnecessary Privileges (CWE-250) in Kibana’s Fleet plugin debug route handlers can lead reading index data beyond their direct Elasticsearch RBAC scope via Privilege Abuse (CAPEC-122). This requires an authenticated Kibana user wi...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33756
(7.5 HIGH)

EPSS: 0.08%

updated 2026-04-08T21:26:13.410000

1 posts

Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, Saleor supports query batching by submitting multiple GraphQL operations in a single HTTP request as a JSON array but wasn't enforcing any upper limit on the number of operations. This allowed an unauthenticated attacker to send a single HTTP request many operations (bypassing the per query complexity

thehackerwire@mastodon.social at 2026-04-09T07:00:06.000Z ##

🟠 CVE-2026-33756 - High (7.5)

Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, Saleor supports query batching by submitting multiple GraphQL operations in a single HTTP request as a JSON array but wasn't enforcing any upper limit...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33466
(8.1 HIGH)

EPSS: 0.28%

updated 2026-04-08T21:26:13.410000

1 posts

Improper Limitation of a Pathname to a Restricted Directory (CWE-22) in Logstash can lead to arbitrary file write and potentially remote code execution via Relative Path Traversal (CAPEC-139). The archive extraction utilities used by Logstash do not properly validate file paths within compressed archives. An attacker who can serve a specially crafted archive to Logstash through a compromised or at

thehackerwire@mastodon.social at 2026-04-09T06:38:03.000Z ##

🟠 CVE-2026-33466 - High (8.1)

Improper Limitation of a Pathname to a Restricted Directory (CWE-22) in Logstash can lead to arbitrary file write and potentially remote code execution via Relative Path Traversal (CAPEC-139). The archive extraction utilities used by Logstash do n...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-34392
(7.5 HIGH)

EPSS: 0.03%

updated 2026-04-08T21:26:13.410000

1 posts

LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. From 20.0.0 to before 27.0.3 and 28.0.1, a bug in the static file router can allow an attacker to traverse outside of the intended directory, allowing unintended files to be downloaded through the static, css, and js endpoints. This vulnerab

thehackerwire@mastodon.social at 2026-04-09T06:00:13.000Z ##

🟠 CVE-2026-34392 - High (7.5)

LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. From 20.0.0 to before 27.0.3 and 28.0.1, a bug in the static file router can allow an at...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-35401
(7.5 HIGH)

EPSS: 0.04%

updated 2026-04-08T21:26:13.410000

1 posts

Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a malicious actor can include many GraphQL mutations or queries in a single API call using aliases or chaining multiple mutations, resulting in resource exhaustion. This vulnerability is fixed in 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118.

thehackerwire@mastodon.social at 2026-04-09T05:59:54.000Z ##

🟠 CVE-2026-35401 - High (7.5)

Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a malicious actor can include many GraphQL mutations or queries in a single API call using aliases or chaining multiple mutations, resulting in resour...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-35446
(7.7 HIGH)

EPSS: 0.03%

updated 2026-04-08T21:26:13.410000

1 posts

LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. From 24.0.0 to before 27.0.3 and 28.0.1, an incorrect order of operations in the FilesDownloadHandler could result in an attacker escaping the intended download directories. This vulnerability is fixed in 27.0.3 and 28.0.1.

thehackerwire@mastodon.social at 2026-04-09T05:14:57.000Z ##

🟠 CVE-2026-35446 - High (7.7)

LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. From 24.0.0 to before 27.0.3 and 28.0.1, an incorrect order of operations in the FilesDo...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-39863
(7.5 HIGH)

EPSS: 0.11%

updated 2026-04-08T21:26:13.410000

1 posts

Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.1.1, 6.0.6, and 5.8.8, an out-of-bounds access in the core of Kamailio (formerly OpenSER and SER) allows remote attackers to cause a denial of service (process crash) via a specially crafted data packet sent over TCP. The issue impacts Kamailio instances having TCP or TLS listeners. This vulnerability is fixed in 5.1.1

thehackerwire@mastodon.social at 2026-04-09T05:00:53.000Z ##

🟠 CVE-2026-39863 - High (7.5)

Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.1.1, 6.0.6, and 5.8.8, an out-of-bounds access in the core of Kamailio (formerly OpenSER and SER) allows remote attackers to cause a denial of service (process crash) ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-39860
(9.0 CRITICAL)

EPSS: 0.02%

updated 2026-04-08T21:26:13.410000

1 posts

Nix is a package manager for Linux and other Unix systems. A bug in the fix for CVE-2024-27297 allowed for arbitrary overwrites of files writable by the Nix process orchestrating the builds (typically the Nix daemon running as root in multi-user installations) by following symlinks during fixed-output derivation output registration. This affects sandboxed Linux builds - sandboxed macOS builds are

thehackerwire@mastodon.social at 2026-04-09T05:00:05.000Z ##

🔴 CVE-2026-39860 - Critical (9)

Nix is a package manager for Linux and other Unix systems. A bug in the fix for CVE-2024-27297 allowed for arbitrary overwrites of files writable by the Nix process orchestrating the builds (typically the Nix daemon running as root in multi-user i...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-39394
(8.1 HIGH)

EPSS: 0.02%

updated 2026-04-08T19:16:14

1 posts

## Summary The `Install::index()` controller reads the `host` POST parameter without any validation and passes it directly into `updateEnvSettings()`, which writes it into the `.env` file via `preg_replace()`. Because newline characters in the value are not stripped, an attacker can inject arbitrary configuration directives into the `.env` file. The install routes have CSRF protection explicitly

thehackerwire@mastodon.social at 2026-04-09T07:15:23.000Z ##

🟠 CVE-2026-39394 - High (8.1)

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the Install::index() controller reads the host POST parameter without any validation a...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4338
(7.5 HIGH)

EPSS: 0.04%

updated 2026-04-08T18:35:58

1 posts

The ActivityPub WordPress plugin before 8.0.2 does not properly filter posts to be displayed, allowed unauthenticated users to access drafts/scheduled/pending posts

thehackerwire@mastodon.social at 2026-04-09T09:00:24.000Z ##

🟠 CVE-2026-4338 - High (7.5)

The ActivityPub WordPress plugin before 8.0.2 does not properly filter posts to be displayed, allowed unauthenticated users to access drafts/scheduled/pending posts

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33461
(7.7 HIGH)

EPSS: 0.06%

updated 2026-04-08T18:34:08

1 posts

Incorrect Authorization (CWE-863) in Kibana can lead to information disclosure via Privilege Abuse (CAPEC-122). A user with limited Fleet privileges can exploit an internal API endpoint to retrieve sensitive configuration data, including private keys and authentication tokens, that should only be accessible to users with higher-level settings privileges. The endpoint composes its response by fetch

thehackerwire@mastodon.social at 2026-04-09T07:00:28.000Z ##

🟠 CVE-2026-33461 - High (7.7)

Incorrect Authorization (CWE-863) in Kibana can lead to information disclosure via Privilege Abuse (CAPEC-122). A user with limited Fleet privileges can exploit an internal API endpoint to retrieve sensitive configuration data, including private k...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-27806
(7.8 HIGH)

EPSS: 0.01%

updated 2026-04-08T18:03:54

1 posts

## Summary The Orbit agent's FileVault disk encryption key rotation flow on collects a local user's password via a GUI dialog and interpolates it directly into a Tcl/expect script executed via `exec.Command("expect", "-c", script)`. Because the password is inserted into Tcl brace-quoted `send {%s}`, a password containing `}` terminates the literal and injects arbitrary Tcl commands. Since Orbit r

thehackerwire@mastodon.social at 2026-04-09T06:11:22.000Z ##

🟠 CVE-2026-27806 - High (7.8)

Fleet is open source device management software. Prior to 4.81.1, the Orbit agent's FileVault disk encryption key rotation flow on collects a local user's password via a GUI dialog and interpolates it directly into a Tcl/expect script executed via...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-28261
(7.8 HIGH)

EPSS: 0.01%

updated 2026-04-08T15:31:50

1 posts

Dell Elastic Cloud Storage, version 3.8.1.7 and prior, and Dell ObjectScale, versions prior to 4.1.0.3 and version 4.2.0.0, contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to secret exposure. The attacker may be able to use the exposed secret to access the vulnerable system

thehackerwire@mastodon.social at 2026-04-09T08:00:11.000Z ##

🟠 CVE-2026-28261 - High (7.8)

Dell Elastic Cloud Storage, version 3.8.1.7 and prior, and Dell ObjectScale, versions prior to 4.1.0.3 and version 4.2.0.0, contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access co...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5208
(8.3 HIGH)

EPSS: 0.05%

updated 2026-04-08T12:31:36

1 posts

Command injection in alerts in CoolerControl/coolercontrold <4.0.0 allows authenticated attackers to execute arbitrary code as root via injected bash commands in alert names

thehackerwire@mastodon.social at 2026-04-09T08:00:21.000Z ##

🟠 CVE-2026-5208 - High (8.2)

Command injection in alerts in CoolerControl/coolercontrold &lt;4.0.0 allows authenticated attackers to execute arbitrary code as root via injected bash commands in alert names

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-3535
(9.8 CRITICAL)

EPSS: 0.28%

updated 2026-04-08T09:31:42

1 posts

The DSGVO Google Web Fonts GDPR plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the `DSGVOGWPdownloadGoogleFonts()` function in all versions up to, and including, 1.1. The function is exposed via a `wp_ajax_nopriv_` hook, requiring no authentication. It fetches a user-supplied URL as a CSS file, extracts URLs from its content, and downloads those

thehackerwire@mastodon.social at 2026-04-09T09:08:39.000Z ##

🔴 CVE-2026-3535 - Critical (9.8)

The DSGVO Google Web Fonts GDPR plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the `DSGVOGWPdownloadGoogleFonts()` function in all versions up to, and including, 1.1. The function is exposed via ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-34197
(8.8 HIGH)

EPSS: 5.60%

updated 2026-04-07T15:30:49

1 posts

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations on all ActiveMQ MBeans (org.apache.activemq:*), including BrokerService.addNetworkConnector(String) a

Nuclei template

6 repos

https://github.com/0xBlackash/CVE-2026-34197

https://github.com/AtoposX-J/CVE-2026-34197-Apache-ActiveMQ-RCE

https://github.com/dinosn/CVE-2026-34197

https://github.com/DEVSECURITYSPRO/CVE-2026-34197

https://github.com/hg0434hongzh0/CVE-2026-34197

https://github.com/KONDORDEVSECURITYCORP/CVE-2026-34197

obivan@infosec.exchange at 2026-04-09T10:23:42.000Z ##

PoC for the ActiveMQ RCE as per Horizon3 post github.com/dinosn/CVE-2026-341

##

CVE-2026-35616
(9.8 CRITICAL)

EPSS: 25.25%

updated 2026-04-06T18:33:04

1 posts

A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.

Nuclei template

5 repos

https://github.com/fevar54/CVE-2026-35616-detector.py

https://github.com/fevar54/forticlient_ems_cve_2026_35616_poc.py

https://github.com/BishopFox/CVE-2026-35616-check

https://github.com/0xBlackash/CVE-2026-35616

https://github.com/z3r0h3ro/CVE-2026-35616-poc

PC_Fluesterer@social.tchncs.de at 2026-04-11T10:47:43.000Z ##

Noch ein Notfall-Update bei Fortinet

Mal etwas ganz neues - ach nein, ist ja leider nicht neu, sondern fast normal. Der US-Hersteller von Geräten für den Netzwerk-Perimeter Fortinet musste schon wieder ein Notfall-Update veröffentlichen. Die damit geflickte Sicherheiitslücke CVE-2026-35616 wird mindestens seit Ende März bereits für Angriffe ausgenutzt (Zero-Day Exploit). Das ist schon der zweite Zero-Day innerhalb weniger Wochen. Bereits im März musste CVE-2026-21643 geflickt werden. Wiederholung: Wer das Intranet gegen das wilde wüste Internet schützen möchte, muss zu FOSS greifen.

pc-fluesterer.info/wordpress/2

#Allgemein #Empfehlung #Hintergrund #Warnung #0day #closedsource #cybercrime #exploits #hersteller #sicherheit #UnplugTrump #usa

##

CVE-2026-34040
(8.8 HIGH)

EPSS: 0.01%

updated 2026-04-03T16:51:28.670000

1 posts

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins (AuthZ). This issue has been patched in version 29.3.1.

benzogaga33@mamot.fr at 2026-04-09T09:40:03.000Z ##

Docker : la faille CVE-2026-34040 permet d’obtenir un accès root sur l’hôte ! it-connect.fr/docker-la-faille #ActuCybersécurité #Cybersécurité #Vulnérabilité #Docker

##

CVE-2026-34504
(8.3 HIGH)

EPSS: 0.05%

updated 2026-04-02T12:20:31.950000

2 posts

OpenClaw before 2026.3.28 contains a server-side request forgery vulnerability in the fal provider image-generation-provider.ts component that allows attackers to fetch internal URLs. A malicious or compromised fal relay can exploit unguarded image download fetches to expose internal service metadata and responses through the image pipeline.

vitobotta@mastodon.social at 2026-04-10T18:37:59.000Z ##

From over a week ago but anyway, CVE-2026-34504 in OpenClaw's image generation pipeline is a reminder that AI agent frameworks inherit all the classic web vulnerabilities plus their own unique attack surface.

An SSRF in the Fal provider means a malicious relay can have the agent fetch internal URLs and leak metadata through the generated output.

I switched from OpenClaw to Hermes Agent a couple of weeks ago, and I need to explore in detail how Hermes handles this stuff.

##
vitobotta@mastodon.social at 2026-04-10T18:37:59.000Z ##

From over a week ago but anyway, CVE-2026-34504 in OpenClaw's image generation pipeline is a reminder that AI agent frameworks inherit all the classic web vulnerabilities plus their own unique attack surface.

An SSRF in the Fal provider means a malicious relay can have the agent fetch internal URLs and leak metadata through the generated output.

I switched from OpenClaw to Hermes Agent a couple of weeks ago, and I need to explore in detail how Hermes handles this stuff.

##

CVE-2026-21643
(9.8 CRITICAL)

EPSS: 13.70%

updated 2026-03-30T13:16:22.063000

1 posts

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

Nuclei template

2 repos

https://github.com/0xBlackash/CVE-2026-21643

https://github.com/alirezac0/CVE-2026-21643

PC_Fluesterer@social.tchncs.de at 2026-04-11T10:47:43.000Z ##

Noch ein Notfall-Update bei Fortinet

Mal etwas ganz neues - ach nein, ist ja leider nicht neu, sondern fast normal. Der US-Hersteller von Geräten für den Netzwerk-Perimeter Fortinet musste schon wieder ein Notfall-Update veröffentlichen. Die damit geflickte Sicherheiitslücke CVE-2026-35616 wird mindestens seit Ende März bereits für Angriffe ausgenutzt (Zero-Day Exploit). Das ist schon der zweite Zero-Day innerhalb weniger Wochen. Bereits im März musste CVE-2026-21643 geflickt werden. Wiederholung: Wer das Intranet gegen das wilde wüste Internet schützen möchte, muss zu FOSS greifen.

pc-fluesterer.info/wordpress/2

#Allgemein #Empfehlung #Hintergrund #Warnung #0day #closedsource #cybercrime #exploits #hersteller #sicherheit #UnplugTrump #usa

##

CVE-2026-27654
(8.2 HIGH)

EPSS: 0.03%

updated 2026-03-24T15:30:36

2 posts

NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_dav_module module that might allow an attacker to trigger a buffer overflow to the NGINX worker process; this vulnerability may result in termination of the NGINX worker process or modification of source or destination file names outside the document root. This issue affects NGINX Open Source and NGINX Plus when the configuratio

1 repos

https://github.com/JohannesLks/CVE-2026-27654

_r_netsec at 2026-04-11T00:28:05.884Z ##

Claude + Humans vs nginx: CVE-2026-27654 blog.calif.io/p/claude-humans-

##
_r_netsec@infosec.exchange at 2026-04-11T00:28:05.000Z ##

Claude + Humans vs nginx: CVE-2026-27654 blog.calif.io/p/claude-humans-

##

CVE-2026-32011
(7.5 HIGH)

EPSS: 0.06%

updated 2026-03-20T21:13:05

1 posts

## Impact OpenClaw webhook handlers for BlueBubbles and Google Chat accepted and parsed request bodies before authentication and signature checks on vulnerable releases. This allowed unauthenticated clients to hold parser work open with slow/oversized request bodies and degrade availability (slow-request DoS). ## Affected Packages / Versions - Package: `openclaw` (npm) - Affected releases: `<=

EUVD_Bot@mastodon.social at 2026-04-10T17:03:11.000Z ##

🚨 EUVD-2026-21476

📊 Score: 6.9/10 (CVSS v3.1)
📦 Product: OpenClaw, OpenClaw
🏢 Vendor: OpenClaw
📅 Updated: 2026-04-10

📝 OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-32011 where the Feishu webhook handler accepts request bodies with permissive limits of 1MB and 30-second timeout before signature verification. An unauthenticated attacker can exh...

🔗 euvd.enisa.europa.eu/vulnerabi

#cybersecurity #infosec #euvd #cve #vulnerability

##

CVE-2026-3497
(0 None)

EPSS: 0.03%

updated 2026-03-18T19:16:07.923000

1 posts

Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpkt_disconnect() on an error, which does not terminate the process, allows an attacker to send an unexpected GSSAPI message type during the GSSAPI key exchange t

linux@activitypub.awakari.com at 2026-04-09T20:34:10.000Z ## Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution Jeremy Brown discovered a flaw in the GSSAPI Key Exchange patch applied in Debian to OpenSSH, an implementation of the SSH prot...

#Debian #Linux #Distribution #- #Security #Advisories

Origin | Interest | Match ##

CVE-2026-23060
(5.5 MEDIUM)

EPSS: 0.01%

updated 2026-03-13T21:32:48

1 posts

In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec authencesn assumes an ESP/ESN-formatted AAD. When assoclen is shorter than the minimum expected length, crypto_authenc_esn_decrypt() can advance past the end of the destination scatterlist and trigger a NULL pointer dereference in scatterwalk_map_and_co

linux@activitypub.awakari.com at 2026-04-08T21:07:12.000Z ## Ubuntu 25.10 Kernel Critical Flaws USN-8149-2 CVE-2026-23060 DoS Several security issues were fixed in the Linux kernel.

#Ubuntu #Linux #Distribution #- #Security #Advisories

Origin | Interest | Match ##

CVE-2026-20127
(10.0 CRITICAL)

EPSS: 39.66%

updated 2026-02-25T18:31:45

2 posts

A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. This vulnerability exists because the peering authentication mechanism in an affected system is not

6 repos

https://github.com/sfewer-r7/CVE-2026-20127

https://github.com/abrahamsurf/sdwan-scanner-CVE-2026-20127

https://github.com/zerozenxlabs/CVE-2026-20127---Cisco-SD-WAN-Preauth-RCE

https://github.com/yonathanpy/CVE-2026-20127-Cisco-SD-WAN-Preauth-RCE

https://github.com/randeepajayasekara/CVE-2026-20127

https://github.com/BugFor-Pings/CVE-2026-20127_EXP

metasploit at 2026-04-10T21:23:33.820Z ##

This week's release features a 2x faster msfvenom bootup time and new modules, including exploits for the Cisco Catalyst SD-WAN Controller Authentication Bypass (CVE-2026-20127) and osTicket Arbitrary File Read (CVE-2026-22200). rapid7.com/blog/post/pt-metasp

##
metasploit@infosec.exchange at 2026-04-10T21:23:33.000Z ##

This week's release features a 2x faster msfvenom bootup time and new modules, including exploits for the Cisco Catalyst SD-WAN Controller Authentication Bypass (CVE-2026-20127) and osTicket Arbitrary File Read (CVE-2026-22200). rapid7.com/blog/post/pt-metasp

##

CVE-2026-27486(CVSS UNKNOWN)

EPSS: 0.04%

updated 2026-02-23T22:28:51

1 posts

## Summary OpenClaw CLI process cleanup used system-wide process enumeration and pattern matching to terminate processes without verifying they were owned by the current OpenClaw process. On shared hosts, unrelated processes could be terminated if they matched the pattern. ## Affected Packages / Versions - Package: `openclaw` (npm) - Affected: `< 2026.2.14` (including the latest published versi

EUVD_Bot@mastodon.social at 2026-04-10T17:03:10.000Z ##

🚨 EUVD-2026-21480

📊 Score: 6.9/10 (CVSS v3.1)
📦 Product: OpenClaw, OpenClaw
🏢 Vendor: OpenClaw
📅 Updated: 2026-04-10

📝 OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-27486 where the !stop chat command uses an unpatched killProcessTree function from shell-utils.ts that sends SIGKILL immediately without graceful SIGTERM shutdown. Attackers can tr...

🔗 euvd.enisa.europa.eu/vulnerabi

#cybersecurity #infosec #euvd #cve #vulnerability

##

CVE-2026-22200
(7.5 HIGH)

EPSS: 74.45%

updated 2026-01-27T21:31:40

2 posts

Enhancesoft osTicket versions up to and including 1.18.2 contain an arbitrary file read vulnerability in the ticket PDF export functionality. A remote attacker can submit a ticket containing crafted rich-text HTML that includes PHP filter expressions which are insufficiently sanitized before being processed by the mPDF PDF generator during export. When the attacker exports the ticket to PDF, the g

Nuclei template

2 repos

https://github.com/Remnant-DB/CVE-2026-22200

https://github.com/horizon3ai/CVE-2026-22200

metasploit at 2026-04-10T21:23:33.820Z ##

This week's release features a 2x faster msfvenom bootup time and new modules, including exploits for the Cisco Catalyst SD-WAN Controller Authentication Bypass (CVE-2026-20127) and osTicket Arbitrary File Read (CVE-2026-22200). rapid7.com/blog/post/pt-metasp

##
metasploit@infosec.exchange at 2026-04-10T21:23:33.000Z ##

This week's release features a 2x faster msfvenom bootup time and new modules, including exploits for the Cisco Catalyst SD-WAN Controller Authentication Bypass (CVE-2026-20127) and osTicket Arbitrary File Read (CVE-2026-22200). rapid7.com/blog/post/pt-metasp

##

CVE-2025-55182
(10.0 CRITICAL)

EPSS: 84.89%

updated 2025-12-10T02:00:02.557000

3 posts

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

Nuclei template

100 repos

https://github.com/pyroxenites/Nextjs_RCE_Exploit_Tool

https://github.com/ZihxS/check-react-rce-cve-2025-55182

https://github.com/Chocapikk/CVE-2025-55182

https://github.com/jctommasi/react2shellVulnApp

https://github.com/AdityaBhatt3010/React2Shell-CVE-2025-55182-The-Deserialization-Bug-That-Broke-the-Web

https://github.com/AdityaBhatt3010/React2Shell-CVE-2025-55182

https://github.com/AliHzSec/CVE-2025-55182

https://github.com/xcanwin/CVE-2025-55182-React-RCE

https://github.com/hackersatyamrastogi/react2shell-ultimate

https://github.com/momika233/CVE-2025-55182-bypass

https://github.com/lachlan2k/React2Shell-CVE-2025-55182-original-poc

https://github.com/hualy13/CVE-2025-55182

https://github.com/Tiger-Foxx/exploit-react-CVE-2025-55182

https://github.com/M4xSec/CVE-2025-55182-React2Shell-RCE-Shell

https://github.com/theman001/CVE-2025-55182

https://github.com/zr0n/react2shell

https://github.com/xkillbit/cve-2025-55182-scanner

https://github.com/Dh4v4l8/CVE-2025-55182-poc-tool

https://github.com/kavienanj/CVE-2025-55182

https://github.com/cybertechajju/R2C-CVE-2025-55182-66478

https://github.com/l4rm4nd/CVE-2025-55182

https://github.com/MemerGamer/CVE-2025-55182

https://github.com/Cillian-Collins/CVE-2025-55182

https://github.com/nehkark/CVE-2025-55182

https://github.com/VeilVulp/RscScan-cve-2025-55182

https://github.com/Cr4at0r/Next.js-RCE-Scanner-BurpSuite-Extension-

https://github.com/zack0x01/vuln-app-CVE-2025-55182

https://github.com/RavinduRathnayaka/CVE-2025-55182-PoC

https://github.com/RuoJi6/CVE-2025-55182-RCE-shell

https://github.com/subhdotsol/CVE-2025-55182

https://github.com/chrahman/react2shell-CVE-2025-55182-full-rce-script

https://github.com/snipevx/React2Shell-POC

https://github.com/Security-Phoenix-demo/react2shell-scanner-rce-react-next-CVE-2025-55182-CVE-2025-66478

https://github.com/jf0x3a/CVE-2025-55182-exploit

https://github.com/vulncheck-oss/cve-2025-55182

https://github.com/keklick1337/CVE-2025-55182-golang-PoC

https://github.com/alptexans/RSC-Detect-CVE-2025-55182

https://github.com/fatguru/CVE-2025-55182-scanner

https://github.com/mrknow001/RSC_Detector

https://github.com/c0rydoras/CVE-2025-55182

https://github.com/logesh-GIT001/CVE-2025-55182

https://github.com/santihabib/CVE-2025-55182-analysis

https://github.com/EynaExp/CVE-2025-55182-POC

https://github.com/anuththara2007-W/CVE-2025-55182-Exploit-extension

https://github.com/shamo0/react2shell-PoC

https://github.com/kondukto-io/vulnerable-next-js-poc

https://github.com/surajhacx/react2shellpoc

https://github.com/aliclub0x00/CVE-2025-55182-POC-NEXTJS

https://github.com/im-ezboy/CVE-2025-55182-zoomeye

https://github.com/kOaDT/poc-cve-2025-55182

https://github.com/zzhorc/CVE-2025-55182

https://github.com/acheong08/CVE-2025-55182-poc

https://github.com/Updatelap/CVE-2025-55182

https://github.com/rix4uni/CVE-2025-55182

https://github.com/freeqaz/react2shell

https://github.com/theori-io/reactguard

https://github.com/alfazhossain/CVE-2025-55182-Exploiter

https://github.com/BankkRoll/Quickcheck-CVE-2025-55182-React-and-CVE-2025-66478-Next.js

https://github.com/CirqueiraDev/MassExploit-CVE-2025-55182

https://github.com/ejpir/CVE-2025-55182-research

https://github.com/Archerkong/CVE-2025-55182

https://github.com/sickwell/CVE-2025-55182

https://github.com/GelukCrab/React-Server-Components-RCE

https://github.com/alsaut1/react2shell-lab

https://github.com/MoLeft/React2Shell-Toolbox

https://github.com/dwisiswant0/CVE-2025-55182

https://github.com/hoosin/CVE-2025-55182

https://github.com/zack0x01/CVE-2025-55182-advanced-scanner-

https://github.com/Spritualkb/CVE-2025-55182-exp

https://github.com/emredavut/CVE-2025-55182

https://github.com/gensecaihq/react2shell-scanner

https://github.com/ynsmroztas/NextRce

https://github.com/ThemeHackers/CVE-2025-55182

https://github.com/BeichenDream/CVE-2025-55182-GodzillaMemoryShell

https://github.com/MrR0b0t19/CVE-2025-55182-shellinteractive

https://github.com/ejpir/CVE-2025-55182-bypass

https://github.com/songsanggggg/CVE-2025-55182

https://github.com/shyambhanushali/React2Shell

https://github.com/StealthMoud/CVE-2025-55182-Scanner

https://github.com/sudo-Yangziran/CVE-2025-55182POC

https://github.com/whiteov3rflow/CVE-2025-55182-poc

https://github.com/CymulateResearch/React2Shell-Scanner

https://github.com/assetnote/react2shell-scanner

https://github.com/timsonner/React2Shell-CVE-2025-55182

https://github.com/hexsh1dow/CVE-2025-55182

https://github.com/yanoshercohen/React2Shell_CVE-2025-55182

https://github.com/tobiasGuta/Next.js-RSC-RCE-Scanner-Burp-Suite-Extension

https://github.com/heiheishushu/rsc_detect_CVE-2025-55182

https://github.com/hidden-investigations/react2shell-scanner

https://github.com/Pizz33/CVE-2025-55182-burpscanner

https://github.com/techgaun/cve-2025-55182-scanner

https://github.com/Rsatan/Next.js-Exploit-Tool

https://github.com/LemonTeatw1/CVE-2025-55182-exploit

https://github.com/msanft/CVE-2025-55182

https://github.com/vijay-shirhatti/RSC-Detect-CVE-2025-55182

https://github.com/sumanrox/rschunter

https://github.com/BlackTechX011/React2Shell

https://github.com/pax-k/react2shell-CVE-2025-55182-full-rce-script

https://github.com/websecuritylabs/React2Shell-Library

https://github.com/xalgord/React2Shell

cyberveille@mastobot.ping.moi at 2026-04-12T02:30:10.000Z ##

📢 Kubernetes : escalade de privilèges via vol de tokens et exploitation de CVE-2025-55182
📝 ...
📖 cyberveille : cyberveille.ch/posts/2026-04-1
🌐 source : unit42.paloaltonetworks.com/mo
#CVE_2025_55182 #DeadCatx3 #Cyberveille

##
hackmag@infosec.exchange at 2026-04-09T20:30:03.000Z ##

⚪️ React2Shell vulnerability used for automated credential theft

🗨️ Cisco Talos researchers have discovered a large-scale campaign for automated credential theft exploiting the React2Shell vulnerability (CVE-2025-55182). In just 24 hours, the attackers managed to compromise 766 hosts across various cloud providers worldwide and steal database passwords, AWS keys,…

🔗 hackmag.com/news/react2shell-i

#news

##
oversecurity@mastodon.social at 2026-04-09T14:42:42.000Z ##

CVE-2025-55182 Exploitation Hits the Smart Home

Shortly after details of CVE-2025-55182 became public, we began noticing large volumes of exploitation attempts across our endpoint and network...

🔗️ [Bitdefender] link.is.it/jU5kX8

##

CVE-2025-6218
(7.8 HIGH)

EPSS: 4.76%

updated 2025-12-09T21:31:29

1 posts

RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of file paths within archive files. A

6 repos

https://github.com/mulwareX/CVE-2025-6218-POC

https://github.com/absholi7ly/CVE-2025-6218-WinRAR-Directory-Traversal-RCE

https://github.com/skimask1690/CVE-2025-6218-POC

https://github.com/speinador/CVE-2025-6218_WinRAR

https://github.com/ignis-sec/CVE-2025-6218

https://github.com/Chrxstxqn/CVE-2025-6218-WinRAR-RCE-POC

VirusBulletin@infosec.exchange at 2026-04-10T09:27:13.000Z ##

Robin Dost analyses a fresh UAC-0226 sample from 9 April 2026 and identifies it as a GIFTEDCROOK stealer variant. The chain starts with CVE-2025-6218 and CVE-2025-8088, then uses a LNK to launch a payload that decodes another binary, uses chunked data exfiltration, and reconstructs its C2 at runtime. blog.synapticsystems.de/obfusc

##

CVE-2025-8088
(8.8 HIGH)

EPSS: 7.05%

updated 2025-10-22T00:34:26

1 posts

A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.

32 repos

https://github.com/sxyrxyy/CVE-2025-8088-WinRAR-Proof-of-Concept-PoC-Exploit-

https://github.com/walidpyh/CVE-2025-8088

https://github.com/undefined-name12/CVE-2025-8088-Winrar

https://github.com/nuky-alt/CVE-2025-8088

https://github.com/starfallreverie/winrar-exploit

https://github.com/Markusino488/cve-2025-8088

https://github.com/pexlexity/WinRAR-CVE-2025-8088-Path-Traversal-PoC

https://github.com/ilhamrzr/RAR-Anomaly-Inspector

https://github.com/travisbgreen/cve-2025-8088

https://github.com/Shinkirou789/Cve-2025-8088-WinRar-vulnerability

https://github.com/Jessica74016/CVE-2025-8088

https://github.com/IsmaelCosma/CVE-2025-8088

https://github.com/papcaii2004/CVE-2025-8088-WinRAR-builder

https://github.com/DeepBlue-dot/CVE-2025-8088-WinRAR-Startup-PoC

https://github.com/onlytoxi/CVE-2025-8088-Winrar-Tool

https://github.com/knight0x07/WinRAR-CVE-2025-8088-PoC-RAR

https://github.com/pescada-dev/-CVE-2025-8088

https://github.com/xi0onamdev/WinRAR-CVE-2025-8088-Exploitation-Toolkit

https://github.com/0xAbolfazl/CVE-2025-8088-WinRAR-PathTraversal-PoC

https://github.com/Syrins/CVE-2025-8088-Winrar-Tool-Gui

https://github.com/pentestfunctions/CVE-2025-8088-Multi-Document

https://github.com/jordan922/CVE-2025-8088

https://github.com/lennertdefauw/CVE-2025-8088

https://github.com/kitsuneshade/WinRAR-Exploit-Tool---Rust-Edition

https://github.com/shaheeryasirofficial/CVE-2025-8088

https://github.com/pentestfunctions/best-CVE-2025-8088

https://github.com/hexsecteam/CVE-2025-8088-Winrar-Tool

https://github.com/ghostn4444/CVE-2025-8088

https://github.com/nhattanhh/CVE-2025-8088

https://github.com/techcorp/CVE-2025-8088-Exploit

https://github.com/AdityaBhatt3010/CVE-2025-8088-WinRAR-Zero-Day-Path-Traversal

https://github.com/hbesljx/CVE-2025-8088-EXP

VirusBulletin@infosec.exchange at 2026-04-10T09:27:13.000Z ##

Robin Dost analyses a fresh UAC-0226 sample from 9 April 2026 and identifies it as a GIFTEDCROOK stealer variant. The chain starts with CVE-2025-6218 and CVE-2025-8088, then uses a LNK to launch a payload that decodes another binary, uses chunked data exfiltration, and reconstructs its C2 at runtime. blog.synapticsystems.de/obfusc

##

CVE-2024-27297
(6.3 MEDIUM)

EPSS: 0.05%

updated 2025-06-27T13:15:23.240000

1 posts

Nix is a package manager for Linux and other Unix systems. A fixed-output derivations on Linux can send file descriptors to files in the Nix store to another program running on the host (or another fixed-output derivation) via Unix domain sockets in the abstract namespace. This allows to modify the output of the derivation, after Nix has registered the path as "valid" and immutable in the Nix data

thehackerwire@mastodon.social at 2026-04-09T05:00:05.000Z ##

🔴 CVE-2026-39860 - Critical (9)

Nix is a package manager for Linux and other Unix systems. A bug in the fix for CVE-2024-27297 allowed for arbitrary overwrites of files writable by the Nix process orchestrating the builds (typically the Nix daemon running as root in multi-user i...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2020-8562
(2.2 LOW)

EPSS: 0.06%

updated 2024-11-21T05:39:02.180000

1 posts

As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Services, Pods, Nodes, or StorageClass service providers. As part of this mitigation Kubernetes does a DNS name resolution check and validates that response IPs are not in the link-local (169.254.0.0/16) or

raesene@infosec.exchange at 2026-04-09T10:57:06.000Z ##

Next in my series of blogs on unpatchable Kubernetes vulnerabilities is out. This time it's about TOCTOUs and SSRF

securitylabs.datadoghq.com/art

##

CVE-2026-31941
(0 None)

EPSS: 0.03%

2 posts

N/A

thehackerwire@mastodon.social at 2026-04-11T05:59:55.000Z ##

🟠 CVE-2026-31941 - High (7.7)

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains a Server-Side Request Forgery (SSRF) vulnerability in the Social Wall feature. The endpoint read_url_with_open_graph accepts a URL from the user via...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T05:59:55.000Z ##

🟠 CVE-2026-31941 - High (7.7)

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains a Server-Side Request Forgery (SSRF) vulnerability in the Social Wall feature. The endpoint read_url_with_open_graph accepts a URL from the user via...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-31940
(0 None)

EPSS: 0.04%

2 posts

N/A

thehackerwire@mastodon.social at 2026-04-11T05:03:39.000Z ##

🟠 CVE-2026-31940 - High (7.5)

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, in main/lp/aicc_hacp.php, user-controlled request parameters are directly used to set the PHP session ID before loading global bootstrap. This leads to session fixation....

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T05:03:39.000Z ##

🟠 CVE-2026-31940 - High (7.5)

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, in main/lp/aicc_hacp.php, user-controlled request parameters are directly used to set the PHP session ID before loading global bootstrap. This leads to session fixation....

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32931
(0 None)

EPSS: 0.16%

2 posts

N/A

thehackerwire@mastodon.social at 2026-04-11T05:03:21.000Z ##

🟠 CVE-2026-32931 - High (7.5)

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an unrestricted file upload vulnerability in the exercise sound upload function allows an authenticated teacher to upload a PHP webshell by spoofing the Content-Type hea...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T05:03:21.000Z ##

🟠 CVE-2026-32931 - High (7.5)

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an unrestricted file upload vulnerability in the exercise sound upload function allows an authenticated teacher to upload a PHP webshell by spoofing the Content-Type hea...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33710
(0 None)

EPSS: 0.03%

2 posts

N/A

thehackerwire@mastodon.social at 2026-04-11T04:49:08.000Z ##

🟠 CVE-2026-33710 - High (7.5)

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, REST API keys are generated using md5(time() + (user_id * 5) - rand(10000, 10000)). The rand(10000, 10000) call always returns exactly 10000 (min == max), making the for...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T04:49:08.000Z ##

🟠 CVE-2026-33710 - High (7.5)

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, REST API keys are generated using md5(time() + (user_id * 5) - rand(10000, 10000)). The rand(10000, 10000) call always returns exactly 10000 (min == max), making the for...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32252
(0 None)

EPSS: 0.02%

2 posts

N/A

thehackerwire@mastodon.social at 2026-04-11T04:48:59.000Z ##

🟠 CVE-2026-32252 - High (7.7)

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.9.0, a cross-tenant authorization bypass exists in Chartbrew in GET /team/:team_id/template/generate/:project...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T04:48:59.000Z ##

🟠 CVE-2026-32252 - High (7.7)

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.9.0, a cross-tenant authorization bypass exists in Chartbrew in GET /team/:team_id/template/generate/:project...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40089
(0 None)

EPSS: 0.04%

1 posts

N/A

thehackerwire@mastodon.social at 2026-04-10T07:11:09.000Z ##

🔴 CVE-2026-40089 - Critical (9.9)

Sonicverse is a Self-hosted Docker Compose stack for live radio streaming. The Sonicverse Radio Audio Streaming Stack dashboard contains a Server-Side Request Forgery (SSRF) vulnerability in its API client (apps/dashboard/lib/api.ts). Installation...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-0234
(0 None)

EPSS: 0.00%

1 posts

N/A

AAKL@infosec.exchange at 2026-04-09T17:14:18.000Z ##

Palo Alto posted several advisories yesterday, if you missed them:

- Critical: CVE-2026-0234 Cortex XSOAR: Improper Verification of Cryptographic Signature in Microsoft Teams integration security.paloaltonetworks.com/

- PAN-SA-2026-0004 Chromium: Monthly Vulnerability Update (April 2026) security.paloaltonetworks.com/

- CVE-2026-0233 Autonomous Digital Experience Manager: Improper validation of ADEM certificate security.paloaltonetworks.com/ #PaloAlto #infosec #vulnerability #Chromium

##

CVE-2026-0233
(0 None)

EPSS: 0.00%

1 posts

N/A

AAKL@infosec.exchange at 2026-04-09T17:14:18.000Z ##

Palo Alto posted several advisories yesterday, if you missed them:

- Critical: CVE-2026-0234 Cortex XSOAR: Improper Verification of Cryptographic Signature in Microsoft Teams integration security.paloaltonetworks.com/

- PAN-SA-2026-0004 Chromium: Monthly Vulnerability Update (April 2026) security.paloaltonetworks.com/

- CVE-2026-0233 Autonomous Digital Experience Manager: Improper validation of ADEM certificate security.paloaltonetworks.com/ #PaloAlto #infosec #vulnerability #Chromium

##

CVE-2026-30461
(0 None)

EPSS: 0.00%

1 posts

N/A

pentesttools@infosec.exchange at 2026-04-09T10:40:19.000Z ##

"It's just dev mode."

PTT-2025-028 / CVE-2026-30461 disagrees. Any authenticated user on a FuelCMS dev instance can drop a PHP shell via git submodule and call it from the browser. One HTTP request. Full RCE. CVSS 8.8 High.

No patch coming. Project's been dormant for almost 4 years.
Found by Raul Bledea and Matei "Mal" Bădănoiu.

Full PoC: pentest-tools.com/research

#offensivesecurity #vulnerabilityresearch

##

CVE-2026-33350
(0 None)

EPSS: 0.03%

1 posts

N/A

thehackerwire@mastodon.social at 2026-04-09T06:00:03.000Z ##

🟠 CVE-2026-33350 - High (7.5)

LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. Prior to 27.0.3 and 28.0.1, a SQL injection has been identified in some code sections fo...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-35169
(0 None)

EPSS: 0.03%

1 posts

N/A

thehackerwire@mastodon.social at 2026-04-09T05:15:07.000Z ##

🟠 CVE-2026-35169 - High (8.7)

LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. From to before 27.0.3 and 28.0.1, the help_editor module of LORIS did not properly sani...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-35478
(0 None)

EPSS: 0.07%

1 posts

N/A

thehackerwire@mastodon.social at 2026-04-09T05:01:03.000Z ##

🟠 CVE-2026-35478 - High (8.3)

InvenTree is an Open Source Inventory Management System. From 0.16.0 to before 1.2.7, any authenticated InvenTree user can create a valid API token attributed to any other user in the system — including administrators and superusers — by suppl...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
Visit counter For Websites