FediSecfeeds

CVE	CVSS	EPSS	Posts	Repos	Nuclei	Updated	Description
CVE-2026-6574	7.3	0.00%	2	0		2026-04-19T14:16:11.593000	A vulnerability has been found in osuuu LightPicture up to 1.2.2. This issue aff
CVE-2026-6573	6.3	0.00%	2	0		2026-04-19T13:16:46.187000	A vulnerability was detected in PHPEMS 11.0. This affects the function temppage
CVE-2026-6572	5.6	0.00%	2	0		2026-04-19T13:16:45.650000	A security vulnerability has been detected in Collabora KodExplorer up to 4.52.
CVE-2026-6570	2.7	0.02%	2	0		2026-04-19T12:31:16	A security flaw has been discovered in kodcloud KodExplorer up to 4.52. Affected
CVE-2026-6568	7.3	0.09%	2	0		2026-04-19T12:31:16	A vulnerability was determined in kodcloud KodExplorer up to 4.52. This affects
CVE-2026-6563	8.8	0.04%	4	0		2026-04-19T09:30:21	A vulnerability has been found in H3C Magic B1 up to 100R004. The affected eleme
CVE-2026-6560	8.8	0.04%	4	0		2026-04-19T09:30:21	A security vulnerability has been detected in H3C Magic B0 up to 100R002. This v
CVE-2026-0868	6.4	0.01%	2	0		2026-04-19T06:31:30	The EMC – Easily Embed Calendly Scheduling Features plugin for WordPress is vuln
CVE-2026-41113	8.1	0.10%	1	0		2026-04-18T21:16:09.427000	sagredo qmail before 2026.04.07 allows tls_quit remote code execution because of
CVE-2026-41242	None	0.05%	4	0		2026-04-18T16:18:24	### Summary protobufjs compiles protobuf definitions into JS functions. Attacker
CVE-2026-2986	6.4	0.01%	2	1		2026-04-18T12:30:17	The Contextual Related Posts plugin for WordPress is vulnerable to Stored Cross-
CVE-2026-2505	5.4	0.03%	2	2		2026-04-18T10:16:12.823000	The Categories Images plugin for WordPress is vulnerable to Stored Cross-Site Sc
CVE-2026-5426	7.5	0.05%	2	0		2026-04-18T06:31:20	Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver de
CVE-2026-6518	8.8	0.07%	3	0		2026-04-18T06:30:19	The CMP – Coming Soon & Maintenance Plugin by NiteoThemes plugin for WordPress i
CVE-2026-31987	7.5	0.03%	1	0		2026-04-18T04:16:15.517000	JWT Tokens used by tasks were exposed in logs. This could allow UI users to act
CVE-2026-40493	9.8	0.04%	2	0		2026-04-18T03:16:13.440000	SAIL is a cross-platform library for loading and saving images with support for
CVE-2026-40487	8.9	0.02%	2	1		2026-04-18T02:16:11.670000	Postiz is an AI social media scheduling tool. Prior to version 2.21.6, a file up
CVE-2026-40350	8.8	0.04%	1	0		2026-04-18T01:16:19.527000	Movary is a self hosted web app to track and rate a user's watched movies. Prior
CVE-2026-5807	7.5	0.01%	1	0		2026-04-18T00:53:52	Vault is vulnerable to a denial-of-service condition where an unauthenticated at
CVE-2026-3605	8.1	0.01%	1	0		2026-04-18T00:51:52	An authenticated user with access to a kvv2 path through a policy containing a g
CVE-2026-2262	7.5	0.04%	1	0		2026-04-18T00:31:10	The Easy Appointments plugin for WordPress is vulnerable to Sensitive Informatio
CVE-2026-40581	8.1	0.01%	1	0		2026-04-18T00:16:39.683000	ChurchCRM is an open-source church management system. In versions prior to 7.2.0
CVE-2026-40474	7.6	0.03%	1	0		2026-04-17T22:16:33.213000	wger is a free, open-source workout and fitness manager. In versions 2.5 and bel
CVE-2026-40352	8.8	0.03%	2	0		2026-04-17T22:16:32.940000	FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the pas
CVE-2026-40321	8.0	0.04%	1	0		2026-04-17T22:16:32.653000	DNN (formerly DotNetNuke) is an open-source web content management platform (CMS
CVE-2026-32324	7.7	0.01%	1	0		2026-04-17T21:31:53	Anviz CX7 Firmware is vulnerable because the application embeds reusable certif
CVE-2026-32650	7.5	0.02%	1	0		2026-04-17T21:31:53	Anviz CrossChex Standard is vulnerable when an attacker manipulates the TDS7 Pre
CVE-2026-40066	8.8	0.03%	1	0		2026-04-17T21:31:53	Anviz CX2 Lite and CX7 are vulnerable to unverified update packages that can be
CVE-2026-35546	9.8	0.06%	2	0		2026-04-17T21:31:53	Anviz CX2 Lite and CX7 are vulnerable to unauthenticated firmware uploads. This
CVE-2026-40461	7.5	0.03%	1	0		2026-04-17T21:31:53	Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modi
CVE-2026-40525	9.1	0.11%	1	0		2026-04-17T21:31:53	OpenViking prior to commit c7bb167 contains an authentication bypass vulnerabili
CVE-2026-40527	7.8	0.03%	1	0		2026-04-17T21:16:35.373000	radare2 prior to commit bc5a890 contains a command injection vulnerability in th
CVE-2026-40434	8.1	0.02%	1	0		2026-04-17T20:16:36.083000	Anviz CrossChex Standard lacks source verification in the client/server channel,
CVE-2026-40342	9.9	0.08%	2	0		2026-04-17T20:16:35.930000	Firebird is an open-source relational database management system. In versions pr
CVE-2026-35682	8.8	0.26%	1	0		2026-04-17T20:16:35.510000	Anviz CX2 Lite is vulnerable to an authenticated command injection via a filena
CVE-2026-34232	7.5	0.04%	1	0		2026-04-17T20:16:34.977000	Firebird is an open-source relational database management system. In versions pr
CVE-2026-33337	7.5	0.04%	1	0		2026-04-17T19:16:36.223000	Firebird is an open-source relational database management system. In versions pr
CVE-2025-65104	7.9	0.01%	1	0		2026-04-17T19:01:56.030000	Firebird is an open-source relational database management system. In versions FB
CVE-2026-40516	8.3	0.04%	1	0		2026-04-17T19:01:56.030000	OpenHarness before commit bd4df81 contains a server-side request forgery vulnera
CVE-2026-37749	9.8	0.11%	2	1		2026-04-17T18:32:56	A SQL injection vulnerability in CodeAstro Simple Attendance Management System v
CVE-2026-6305	8.8	0.03%	1	0		2026-04-17T18:32:55	Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed
CVE-2026-5718	8.1	0.12%	1	0		2026-04-17T18:32:05	The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress i
CVE-2026-5710	7.5	0.11%	1	0		2026-04-17T18:31:54	The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress i
CVE-2026-3464	8.8	0.34%	1	0		2026-04-17T18:31:53	The WP Customer Area plugin for WordPress is vulnerable to arbitrary file read a
CVE-2026-40515	7.5	0.03%	1	0		2026-04-17T18:31:53	OpenHarness before commit bd4df81 contains a permission bypass vulnerability tha
CVE-2026-6284	9.1	0.03%	3	0		2026-04-17T18:31:52	An attacker with network access to the PLC is able to brute force discover passw
CVE-2026-6307	8.8	0.03%	1	0		2026-04-17T17:27:07.873000	Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a re
CVE-2026-33435	8.0	0.33%	1	0		2026-04-17T15:38:09.243000	Weblate is a web based localization tool. In versions prior to 5.17, the project
CVE-2026-34393	8.8	0.04%	1	0		2026-04-17T15:38:09.243000	Weblate is a web based localization tool. In versions prior to 5.17, the user pa
CVE-2026-40318	8.5	0.06%	1	0		2026-04-17T15:38:09.243000	SiYuan is an open-source personal knowledge management system. In versions 3.6.3
CVE-2026-6442	8.3	0.07%	1	0		2026-04-17T15:38:09.243000	Improper validation of bash commands in Snowflake Cortex Code CLI versions prior
CVE-2026-30656	7.5	0.06%	1	0		2026-04-17T15:38:09.243000	A NULL pointer dereference vulnerability exists in fio (Flexible I/O Tester) v3.
CVE-2026-6507	7.5	0.11%	1	0		2026-04-17T15:31:27	A flaw was found in dnsmasq. A remote attacker could exploit an out-of-bounds wr
CVE-2026-40262	8.7	0.03%	2	0		2026-04-17T15:29:25.583000	Note Mark is an open-source note-taking application. In versions 0.19.1 and prio
CVE-2026-30625	9.8	0.24%	1	0		2026-04-17T15:09:46.880000	Upsonic 0.71.6 contains a remote code execution vulnerability in its MCP server/
CVE-2026-30461	8.3	0.23%	1	0		2026-04-17T15:09:46.880000	Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote
CVE-2026-20180	9.9	0.21%	1	0		2026-04-17T15:09:46.880000	A vulnerability in Cisco Identity Services Engine (ISE) could allow an authentic
CVE-2026-4525	7.5	0.01%	1	0		2026-04-17T15:08:25.183000	If a Vault auth mount is configured to pass through the "Authorization" header,
CVE-2026-35569	8.7	0.03%	1	0		2026-04-17T15:08:01.337000	ApostropheCMS is an open-source Node.js content management system. Versions 4.28
CVE-2026-23775	7.6	0.01%	1	0		2026-04-17T15:07:18.050000	Dell PowerProtect Data Domain appliances with Data Domain Operating System (DD O
CVE-2026-23853	8.4	0.01%	1	0		2026-04-17T09:31:26	Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Featu
CVE-2025-36568	7.9	0.01%	1	0		2026-04-17T09:31:25	Dell PowerProtect Data Domain BoostFS for client of Feature Release versions 7.7
CVE-2026-33392	7.2	0.00%	1	0		2026-04-17T09:31:19	In JetBrains YouTrack before 2025.3.131383 high privileged user can achieve RCE
CVE-2026-6443	9.8	0.04%	3	0		2026-04-17T09:31:18	The Accordion and Accordion Slider plugin for WordPress is vulnerable to an inje
CVE-2026-4659	7.5	0.03%	1	0		2026-04-17T09:31:18	The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Arbit
CVE-2026-21719	7.2	0.18%	1	0		2026-04-17T06:31:14	An OS command injection vulnerability exists in CubeCart prior to 6.6.0, which m
CVE-2026-40324	9.1	0.09%	2	0		2026-04-17T06:23:30	### Impact Hot Chocolate's `Utf8GraphQLParser` is a recursive descent parser wi
CVE-2026-22734	8.6	0.01%	1	0		2026-04-17T03:30:52	Cloud Foundry UUA is vulnerable to a bypass that allows an attacker to obtain a
CVE-2026-31843	9.8	0.89%	1	0		2026-04-16T22:58:59	The goodoneuz/pay-uz Laravel package (<= 2.2.24) contains a critical vulnerabili
CVE-2026-30778	7.5	0.03%	2	0		2026-04-16T22:57:33	The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configurat
CVE-2026-33032	9.8	4.97%	3	3	template	2026-04-16T22:16:37.433000	Nginx UI is a web user interface for the Nginx web server. In versions 2.3.5 and
CVE-2026-34197	8.8	46.64%	8	7	template	2026-04-16T21:49:17	Improper Input Validation, Improper Control of Generation of Code ('Code Injecti
CVE-2025-41118	9.1	0.03%	1	0		2026-04-16T21:41:16	Pyroscope is an open-source continuous profiling database. The database supports
CVE-2026-6290	8.1	0.03%	1	0		2026-04-16T21:33:30	Velociraptor versions prior to 0.76.3 contain a vulnerability in the query() plu
CVE-2026-40303	7.5	0.06%	1	0		2026-04-16T21:09:11	Summary endpoints.GetSessionCookie parses an attacker-supplied cookie chunk
CVE-2026-34242	7.7	0.01%	1	0		2026-04-16T20:43:12	### Impact The ZIP download feature didn't verify downloaded file and it could
CVE-2026-4424	7.5	0.20%	1	0		2026-04-16T20:16:39.123000	A flaw was found in libarchive. This heap out-of-bounds read vulnerability exist
CVE-2025-67841	7.5	0.04%	1	0		2026-04-16T15:32:35	Nordic Semiconductor IronSide SE for nRF54H20 before 23.0.2+17 has an Algorithmi
CVE-2026-30993	9.8	0.29%	1	0		2026-04-16T15:32:35	Slah CMS v1.5.0 and below was discovered to contain a remote code execution (RCE
CVE-2026-40744	8.5	0.03%	2	0		2026-04-16T15:17:39.990000	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
CVE-2026-6306	8.8	0.08%	1	0		2026-04-16T12:31:40	Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed
CVE-2026-33807	9.1	0.05%	2	0		2026-04-16T01:03:26	### Summary `@fastify/express` v4.0.4 contains a path handling bug in the `onRe
CVE-2026-30624	8.6	0.22%	1	0		2026-04-15T21:31:21	Agent Zero 0.9.8 contains a remote code execution vulnerability in its External
CVE-2026-30617	8.6	0.14%	1	0		2026-04-15T21:31:21	LangChain-ChatChat 0.3.1 contains a remote code execution vulnerability in its M
CVE-2026-30996	7.5	0.29%	1	0		2026-04-15T21:31:21	An issue in the file handling logic of the component download.php of SAC-NFe v2.
CVE-2026-30994	7.5	0.04%	1	0		2026-04-15T21:31:21	Incorrect access control in the config.php component of Slah v1.5.0 and below al
CVE-2026-4857	8.5	0.03%	1	0		2026-04-15T21:30:26	IdentityIQ 8.5, all IdentityIQ 8.5 patch levels prior to 8.5p2, IdentityIQ 8.4,
CVE-2026-34632	8.3	0.01%	1	0		2026-04-15T21:30:25	Adobe Photoshop Installer was affected by an Uncontrolled Search Path Element vu
CVE-2026-6300	8.8	0.04%	1	0		2026-04-15T21:30:25	Use after free in CSS in Google Chrome prior to 147.0.7727.101 allowed a remote
CVE-2026-6299	8.8	0.04%	1	0		2026-04-15T21:30:25	Use after free in Prerender in Google Chrome prior to 147.0.7727.101 allowed a r
CVE-2026-6297	8.4	0.01%	1	0		2026-04-15T21:30:25	Use after free in Proxy in Google Chrome prior to 147.0.7727.101 allowed an atta
CVE-2026-6296	9.7	0.03%	1	0		2026-04-15T21:30:25	Heap buffer overflow in ANGLE in Google Chrome prior to 147.0.7727.101 allowed a
CVE-2026-6304	8.4	0.04%	1	0		2026-04-15T21:30:19	Use after free in Graphite in Google Chrome prior to 147.0.7727.101 allowed a re
CVE-2026-40478	9.1	0.13%	1	0		2026-04-15T19:46:25	### Impact A security bypass vulnerability exists in the expression execution me
CVE-2026-40477	9.1	0.13%	2	0		2026-04-15T19:46:06	### Impact A security bypass vulnerability exists in the expression execution me
CVE-2026-30364	7.5	0.04%	1	0		2026-04-15T18:33:00	CentSDR commit e40795 was discovered to contain a stack overflow in the "Thread1
CVE-2026-30615	8.0	0.04%	1	0		2026-04-15T18:32:04	A prompt injection vulnerability in Windsurf 1.9544.26 allows remote attackers t
CVE-2026-20147	10.0	0.23%	1	0		2026-04-15T18:32:04	A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, rem
CVE-2026-20186	10.0	0.23%	1	0		2026-04-15T18:32:04	A vulnerability in Cisco Identity Services Engine (ISE) could allow an authentic
CVE-2026-20184	9.8	0.05%	1	0		2026-04-15T18:32:04	A vulnerability in the integration of single sign-on (SSO) with Control Hub in C
CVE-2026-30995	8.6	0.03%	1	0		2026-04-15T18:32:04	Slah CMS v1.5.0 and below was discovered to contain a SQL injection vulnerabilit
CVE-2025-63029	7.6	0.03%	1	0		2026-04-15T18:32:03	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
CVE-2026-40784	8.1	0.04%	2	0		2026-04-15T18:31:56	Authorization Bypass Through User-Controlled Key vulnerability in Mahmudul Hasan
CVE-2026-40764	8.1	0.02%	2	0		2026-04-15T18:31:55	Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi Contact Form by W
CVE-2026-40745	7.6	0.03%	2	0		2026-04-15T18:31:55	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
CVE-2026-6372	7.5	0.03%	1	0		2026-04-15T17:17:06.547000	Missing Authorization vulnerability in Plisio Accept Cryptocurrencies with Plisi
CVE-2026-4145	7.8	0.01%	2	0		2026-04-15T15:31:50	During an internal security assessment, a potential vulnerability was discovered
CVE-2024-3721	6.3	83.86%	1	1		2026-04-15T00:35:42.020000	A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classi
CVE-2026-33155	None	0.05%	1	0		2026-04-14T21:59:48	### Summary The pickle unpickler `_RestrictedUnpickler` validates which classes
CVE-2026-33825	7.8	0.04%	1	1		2026-04-14T18:30:52	Insufficient granularity of access control in Microsoft Defender allows an autho
CVE-2026-33829	4.3	0.07%	3	0		2026-04-14T18:30:51	Exposure of sensitive information to an unauthorized actor in Windows Snipping T
CVE-2026-34621	8.6	4.56%	1	5		2026-04-13T21:23:27	Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by a
CVE-2026-33555	4.0	0.01%	1	1		2026-04-13T18:30:42	An issue was discovered in HAProxy before 3.3.6. The HTTP/3 parser does not chec
CVE-2026-35582	8.8	0.05%	1	0		2026-04-13T16:38:27	### Summary `Executrix.getCommand()` constructs shell commands by substituting
CVE-2026-40259	8.1	0.08%	1	0		2026-04-10T21:32:47	## Summary An authenticated publish-service reader can invoke `/api/av/removeUn
CVE-2026-40258	9.1	0.05%	2	0		2026-04-10T21:32:42	## Summary A path traversal vulnerability (Zip Slip) exists in the media archiv
CVE-2026-40200	8.2	0.02%	1	0		2026-04-10T18:31:28	An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory co
CVE-2026-6042	3.3	0.01%	1	1		2026-04-10T12:31:44	A security flaw has been discovered in musl libc up to 1.2.6. Affected is the fu
CVE-2026-39987	None	3.20%	3	5	template	2026-04-09T19:06:18	## Summary Marimo (19.6k stars) has a Pre-Auth RCE vulnerability. The terminal
CVE-2026-22729	8.6	0.08%	1	0		2026-04-01T16:53:35.810000	A JSONPath injection vulnerability in Spring AI's AbstractFilterExpressionConver
CVE-2026-3055	9.8	55.71%	2	5	template	2026-03-31T13:18:14.213000	Insufficient input validation in NetScaler ADC and NetScaler Gateway when config
CVE-2026-4368	0	0.02%	2	0		2026-03-24T15:54:09.400000	Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configur
CVE-2026-32746	9.8	0.03%	2	5		2026-03-23T15:31:40	telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMO
CVE-2026-4440	8.8	0.07%	2	0		2026-03-20T15:32:13	Out of bounds read and write in WebGL in Google Chrome prior to 146.0.7680.153 a
CVE-2026-22730	8.8	0.02%	1	1		2026-03-18T20:20:40	A critical SQL injection vulnerability in Spring AI's MariaDBFilterExpressionCon
CVE-2026-3888	7.8	0.01%	1	6		2026-03-18T04:17:30.720000	Local privilege escalation in snapd on Linux allows local attackers to get root
CVE-2026-25554	6.5	0.09%	1	0		2026-02-27T21:31:20	OpenSIPS versions 3.1 before 3.6.4 containing the auth_jwt module (prior to comm
CVE-2026-24061	9.8	88.02%	1	69	template	2026-02-10T18:30:34	telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "
CVE-2025-0520	None	2.03%	2	0		2025-11-05T19:58:03	An unrestricted file upload vulnerability in ShowDoc caused by improper validati
CVE-2019-1367	7.5	89.25%	2	1		2025-10-29T14:34:22.990000	A remote code execution vulnerability exists in the way that the scripting engin
CVE-2023-33538	8.8	91.13%	1	2		2025-10-22T00:33:51	TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to
CVE-2025-59284	3.3	0.03%	1	1		2025-10-14T18:30:47	Exposure of sensitive information to an unauthorized actor in Windows NTLM allow
CVE-2024-32114	8.5	2.02%	1	0		2025-02-11T16:31:00.073000	In Apache ActiveMQ 6.x, the default configuration doesn't secure the API web con
CVE-2026-39973	0	0.00%	2	0			N/A
CVE-2026-5617	0	0.04%	2	0			N/A
CVE-2026-40582	0	0.11%	1	0			N/A
CVE-2026-40317	0	0.02%	2	0			N/A
CVE-2026-32107	0	0.01%	1	0			N/A
CVE-2026-35215	0	0.04%	1	0			N/A
CVE-2026-40196	0	0.03%	1	0			N/A
CVE-2026-40286	0	0.03%	1	0			N/A
CVE-2026-40285	0	0.03%	1	0			N/A
CVE-2026-40351	0	0.05%	1	0			N/A
CVE-2026-40492	0	0.04%	2	0			N/A
CVE-2026-40349	0	0.01%	1	0			N/A
CVE-2026-40348	0	0.01%	1	0			N/A
CVE-2026-40484	0	0.05%	2	0			N/A
CVE-2026-35465	0	0.05%	1	0			N/A
CVE-2026-40572	0	0.01%	2	0			N/A
CVE-2026-40494	0	0.04%	2	0			N/A
CVE-2026-32105	0	0.04%	1	0			N/A
CVE-2026-27890	0	0.09%	1	0			N/A
CVE-2026-28224	0	0.09%	1	0			N/A
CVE-2026-28212	0	0.04%	1	0			N/A
CVE-2026-33058	0	0.03%	1	0			N/A
CVE-2026-40170	0	0.04%	1	0			N/A
CVE-2026-40322	0	0.05%	1	0			N/A

CVE-2026-6574
(7.3 HIGH)

EPSS: 0.00%

updated 2026-04-19T14:16:11.593000

2 posts

A vulnerability has been found in osuuu LightPicture up to 1.2.2. This issue affects some unknown processing of the file /public/install/lp.sql of the component API Upload Endpoint. Such manipulation of the argument key leads to hard-coded credentials. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this di

offseq at 2026-04-19T15:00:11.177Z ##

📢 CVE-2026-6574 (MEDIUM): osuuu LightPicture 1.2.0 – 1.2.2 has hard-coded credentials in API Upload Endpoint (/public/install/lp.sql). No vendor patch yet. Restrict endpoint access & monitor for misuse. More info: https://radar.offseq.com/threat/cve-2026-6574-hard-coded-credentials-in-osuuu-ligh-b66f67a8 #OffSeq #Vulnerability #AppSec

##

offseq@infosec.exchange at 2026-04-19T15:00:11.000Z ##

📢 CVE-2026-6574 (MEDIUM): osuuu LightPicture 1.2.0 – 1.2.2 has hard-coded credentials in API Upload Endpoint (/public/install/lp.sql). No vendor patch yet. Restrict endpoint access & monitor for misuse. More info: https://radar.offseq.com/threat/cve-2026-6574-hard-coded-credentials-in-osuuu-ligh-b66f67a8 #OffSeq #Vulnerability #AppSec

##

CVE-2026-6573
(6.3 MEDIUM)

EPSS: 0.00%

updated 2026-04-19T13:16:46.187000

updated 2026-04-19T09:30:21

4 posts

A vulnerability has been found in H3C Magic B1 up to 100R004. The affected element is the function SetAPWifiorLedInfoById of the file /goform/aspForm. The manipulation of the argument param leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond i

thehackerwire@mastodon.social at 2026-04-19T10:00:11.000Z ##

🟠 CVE-2026-6563 - High (8.8)

A vulnerability has been found in H3C Magic B1 up to 100R004. The affected element is the function SetAPWifiorLedInfoById of the file /goform/aspForm. The manipulation of the argument param leads to buffer overflow. It is possible to initiate the ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6563/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq at 2026-04-19T09:00:29.387Z ##

🚨 CVE-2026-6563: HIGH severity buffer overflow in H3C Magic B1 ≤100R004 (SetAPWifiorLedInfoById, /goform/aspForm). Public exploit out, vendor silent. Audit exposure, restrict access! https://radar.offseq.com/threat/cve-2026-6563-buffer-overflow-in-h3c-magic-b1-2ad2f98e #OffSeq #vuln #infosec #routers

##

thehackerwire@mastodon.social at 2026-04-19T10:00:11.000Z ##

🟠 CVE-2026-6563 - High (8.8)

A vulnerability has been found in H3C Magic B1 up to 100R004. The affected element is the function SetAPWifiorLedInfoById of the file /goform/aspForm. The manipulation of the argument param leads to buffer overflow. It is possible to initiate the ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6563/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-04-19T09:00:29.000Z ##

🚨 CVE-2026-6563: HIGH severity buffer overflow in H3C Magic B1 ≤100R004 (SetAPWifiorLedInfoById, /goform/aspForm). Public exploit out, vendor silent. Audit exposure, restrict access! https://radar.offseq.com/threat/cve-2026-6563-buffer-overflow-in-h3c-magic-b1-2ad2f98e #OffSeq #vuln #infosec #routers

##

CVE-2026-6560
(8.8 HIGH)

EPSS: 0.04%

updated 2026-04-19T09:30:21

4 posts

A security vulnerability has been detected in H3C Magic B0 up to 100R002. This vulnerability affects the function Edit_BasicSSID of the file /goform/aspForm. Such manipulation of the argument param leads to buffer overflow. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any wa

thehackerwire@mastodon.social at 2026-04-19T08:00:14.000Z ##

🟠 CVE-2026-6560 - High (8.8)

A security vulnerability has been detected in H3C Magic B0 up to 100R002. This vulnerability affects the function Edit_BasicSSID of the file /goform/aspForm. Such manipulation of the argument param leads to buffer overflow. The attack can be execu...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6560/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq at 2026-04-19T07:30:28.018Z ##

⚠️ HIGH-severity buffer overflow (CVE-2026-6560) in H3C Magic B0 (100R002) allows remote code execution or DoS via Edit_BasicSSID in /goform/aspForm. No patch yet; restrict access & monitor updates. https://radar.offseq.com/threat/cve-2026-6560-buffer-overflow-in-h3c-magic-b0-f38a59da #OffSeq #H3C #Vuln #BufferOverflow

##

updated 2026-04-18T16:18:24

4 posts

### Summary protobufjs compiles protobuf definitions into JS functions. Attackers can manipulate these definitions to execute arbitrary JS code. ### Details Attackers can inject arbitrary code in the "type" fields of protobuf definitions, which will then execute during object decoding using that definition. ### PoC ```js const protobuf = require('protobufjs'); maliciousDescriptor = JSON.parse(`{

beyondmachines1 at 2026-04-19T10:01:10.361Z ##

Critical Remote Code Execution Vulnerability Discovered in Protobuf.js Library

Protobuf.js patched a critical remote code execution vulnerability (CVE-2026-41242) caused by unsafe dynamic code generation when processing malicious protobuf schemas. The flaw allows attackers to execute arbitrary JavaScript code on servers or developer machines, potentially exposing sensitive credentials and enabling lateral movement.

**If your applications use protobuf.js (or libraries like gRPC, Firebase, or Google Cloud SDKs), update protobuf.js to version 8.0.1 or 7.5.5 ASAP. Run npm audit to catch hidden dependencies. Going forward, only load schemas you control and prefer precompiled static schemas in production to avoid this class of attack entirely.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-remote-code-execution-vulnerability-discovered-in-protobuf-js-library-o-k-k-y-h/gD2P6Ple2L

##

EPSS: 0.05%

updated 2026-04-18T06:31:20

2 posts

Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remote code execution via malicious ViewState deserialization attacks

thehackerwire@mastodon.social at 2026-04-18T07:09:50.000Z ##

🟠 CVE-2026-5426 - High (7.5)

Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remote code execution via malicious ViewState deseria...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5426/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-04-17T00:00:39.000Z ##

🚨 CRITICAL: CVE-2026-5426 in Digital Knowledge KnowledgeDeliver (pre-Feb 2026) allows RCE via hard-coded ASP.NET machineKey & ViewState. No patch yet. Restrict access & monitor for ViewState abuse. https://radar.offseq.com/threat/cve-2026-5426-cwe-321-use-of-hard-coded-cryptograp-c04eb03f #OffSeq #Vuln #AppSec #InfoSec

##

CVE-2026-6518
(8.8 HIGH)

EPSS: 0.07%

updated 2026-04-18T06:30:19

3 posts

The CMP – Coming Soon & Maintenance Plugin by NiteoThemes plugin for WordPress is vulnerable to arbitrary file upload and remote code execution in all versions up to, and including, 4.1.16 via the `cmp_theme_update_install` AJAX action. This is due to the function only checking for the `publish_pages` capability (available to Editors and above) instead of `manage_options` (Administrators only), co

offseq at 2026-04-19T00:00:38.508Z ##

🔥 HIGH severity: CVE-2026-6518 affects niteo CMP – Coming Soon & Maintenance Plugin (≤4.1.16). Authenticated Admins can trigger RCE via malicious ZIP uploads. No patch yet — restrict admin access & monitor logs. More: https://radar.offseq.com/threat/cve-2026-6518-cwe-434-unrestricted-upload-of-file--f3d41796 #OffSeq #WordPress #RCE #Vuln

##

offseq@infosec.exchange at 2026-04-19T00:00:38.000Z ##

🔥 HIGH severity: CVE-2026-6518 affects niteo CMP – Coming Soon & Maintenance Plugin (≤4.1.16). Authenticated Admins can trigger RCE via malicious ZIP uploads. No patch yet — restrict admin access & monitor logs. More: https://radar.offseq.com/threat/cve-2026-6518-cwe-434-unrestricted-upload-of-file--f3d41796 #OffSeq #WordPress #RCE #Vuln

##

thehackerwire@mastodon.social at 2026-04-18T05:49:59.000Z ##

🟠 CVE-2026-6518 - High (8.8)

The CMP – Coming Soon & Maintenance Plugin by NiteoThemes plugin for WordPress is vulnerable to arbitrary file upload and remote code execution in all versions up to, and including, 4.1.16 via the `cmp_theme_update_install` AJAX action. This is ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6518/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-31987
(7.5 HIGH)

EPSS: 0.03%

updated 2026-04-18T04:16:15.517000

1 posts

JWT Tokens used by tasks were exposed in logs. This could allow UI users to act as Dag Authors. Users are advised to upgrade to Airflow version that contains fix. Users are recommended to upgrade to version 3.2.0, which fixes this issue.

thehackerwire@mastodon.social at 2026-04-18T07:10:00.000Z ##

🟠 CVE-2026-31987 - High (7.5)

JWT Tokens used by tasks were exposed in logs. This could allow UI users to act as Dag Authors.
Users are advised to upgrade to Airflow version that contains fix.

Users are recommended to upgrade to version 3.2.0, which fixes this issue.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31987/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40493
(9.8 CRITICAL)

EPSS: 0.04%

updated 2026-04-18T03:16:13.440000

2 posts

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit c930284445ea3ff94451ccd7a57c999eca3bc979, the PSD codec computes bytes-per-pixel (`bpp`) from raw header fields `channels * depth`, but the pixel buffer is allocated based on the resolved pixel format. For LAB mode with `channels=3, depth=16`, `bpp = (3*16+7)/8 = 6

thehackerwire@mastodon.social at 2026-04-18T05:00:06.000Z ##

🔴 CVE-2026-40493 - Critical (9.8)

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit c930284445ea3ff94451ccd7a57c999eca3bc979, the PSD codec computes bytes-per-pixel (`bpp`) from raw header fields ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40493/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-04-18T04:30:27.000Z ##

🚨 CVE-2026-40493: CRITICAL out-of-bounds write in HappySeaFox sail (<c930284445ea3ff94451ccd7a57c999eca3bc979) — Heap buffer overflow in PSD codec risks RCE & data loss. Patch ASAP: commit c930284445ea3ff94451ccd7a57c999eca3bc979. https://radar.offseq.com/threat/cve-2026-40493-cwe-787-out-of-bounds-write-in-happ-da0d28a1 #OffSeq #infosec #CVE202640493

##

CVE-2026-40487
(8.9 HIGH)

EPSS: 0.02%

updated 2026-04-18T02:16:11.670000

2 posts

Postiz is an AI social media scheduling tool. Prior to version 2.21.6, a file upload validation bypass allows any authenticated user to upload arbitrary HTML, SVG, or other executable file types to the server by spoofing the `Content-Type` header. The uploaded files are then served by nginx with a Content-Type derived from their original extension (`text/html`, `image/svg+xml`), enabling Stored Cr

1 repos

https://github.com/Astaruf/CVE-2026-40487

Matchbook3469@mastodon.social at 2026-04-19T14:02:00.000Z ##

🔶 New security advisory:

CVE-2026-40487 affects multiple systems.

• Impact: Significant security breach potential
• Risk: Unauthorized access or data exposure
• Mitigation: Apply patches within 24-48 hours

updated 2026-04-17T22:16:32.940000

2 posts

FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password change endpoint is vulnerable to NoSQL injection. An authenticated attacker can bypass the "old password" verification by injecting MongoDB query operators. This allows an attacker who has gained a low-privileged session to change the password of their account (or others if combined with ID manipulation) without

Matchbook3469@mastodon.social at 2026-04-19T15:07:20.000Z ##

🟠 New security advisory:

CVE-2026-40352 affects multiple systems.

• Impact: Significant security breach potential
• Risk: Unauthorized access or data exposure
• Mitigation: Apply patches within 24-48 hours

updated 2026-04-17T21:31:53

2 posts

Anviz CX2 Lite and CX7 are vulnerable to unauthenticated firmware uploads. This causes crafted archives to be accepted, enabling attackers to plant and execute code and obtain a reverse shell.

updated 2026-04-17T20:16:35.930000

2 posts

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the external engine plugin loader concatenates a user-supplied engine name into a filesystem path without filtering path separators or .. components. An authenticated user with CREATE FUNCTION privileges can use a crafted ENGINE name to load an arbitrary shared library from anywhere on t

updated 2026-04-17T18:32:56

2 posts

A SQL injection vulnerability in CodeAstro Simple Attendance Management System v1.0 allows remote unauthenticated attackers to bypass authentication via the username parameter in index.php.

1 repos

https://github.com/menevarad007/CVE-2026-37749

updated 2026-04-17T18:31:52

3 posts

An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity and no password input limiters makes brute force password enumeration possible.

threatnoir@infosec.exchange at 2026-04-18T17:08:30.000Z ##

⚠️ CRITICAL: Horner Automation Cscape and XL4, XL7 PLC

Horner Automation Cscape v10.0, XL4 PLC v16.32.0, and XL7 PLC v15.60 contain a critical password brute-force vulnerability (CVE-2026-6284, CVSS 9.1) with no rate limiting. This affects manufacturing environments globally and allows unauthenticated network attackers to compromise PLCs controlling cr…

https://threatnoir.com/focus

#infosec #cybersecurity

##

updated 2026-04-17T15:29:25.583000

2 posts

Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the asset delivery handler serves uploaded files inline and relies on magic-byte detection for content type, which does not identify text-based formats such as HTML, SVG, or XHTML. These files are served with an empty Content-Type, no X-Content-Type-Options: nosniff header, and inline disposition, allowing browsers

Matchbook3469@mastodon.social at 2026-04-19T16:52:37.000Z ##

⚠️ New security advisory:

CVE-2026-40262 affects multiple systems.

• Impact: Significant security breach potential
• Risk: Unauthorized access or data exposure
• Mitigation: Apply patches within 24-48 hours

updated 2026-04-17T09:31:19

1 posts

In JetBrains YouTrack before 2025.3.131383 high privileged user can achieve RCE via sandbox bypass

offseq@infosec.exchange at 2026-04-17T09:00:32.000Z ##

🚨 CVE-2026-33392: HIGH severity RCE in JetBrains YouTrack < 2025.3.131383. High privileged users can bypass sandbox for remote code execution. No patch yet — restrict admin rights & monitor advisories. https://radar.offseq.com/threat/cve-2026-33392-cwe-1336-in-jetbrains-youtrack-3a31f8ef #OffSeq #YouTrack #Infosec #Vuln

##

CVE-2026-6443
(9.8 CRITICAL)

EPSS: 0.04%

updated 2026-04-17T09:31:18

3 posts

The Accordion and Accordion Slider plugin for WordPress is vulnerable to an injected backdoor in version 1.4.6. This is due to the plugin being sold to a malicious threat actor that embedded a backdoor in all of the plugin's they acquired. This makes it possible for the threat actor to maintain a persistent backdoor and inject spam into the affected sites.

offseq@infosec.exchange at 2026-04-17T15:30:29.000Z ##

⚠️ CRITICAL: CVE-2026-6443 in WordPress Accordion & Accordion Slider v1.4.6 — embedded backdoor enables persistent access & spam injection. Remove/disable the plugin ASAP. No patch yet. https://radar.offseq.com/threat/cve-2026-6443-cwe-506-embedded-malicious-code-in-e-b2b69859 #OffSeq #WordPress #CVE20266443 #Infosec

##

offseq@infosec.exchange at 2026-04-17T07:30:32.000Z ##

🚨 CVE-2026-6443 (CRITICAL): WordPress Accordion & Accordion Slider v1.4.6 embeds a backdoor (CWE-506), enabling persistent unauthorized access & spam. No patch — remove or disable plugin now! https://radar.offseq.com/threat/cve-2026-6443-cwe-506-embedded-malicious-code-in-e-b2b69859 #OffSeq #WordPress #Infosec #Vuln

##

thehackerwire@mastodon.social at 2026-04-17T07:16:36.000Z ##

🔴 CVE-2026-6443 - Critical (9.8)

The Accordion and Accordion Slider plugin for WordPress is vulnerable to an injected backdoor in version 1.4.6. This is due to the plugin being sold to a malicious threat actor that embedded a backdoor in all of the plugin's they acquired. This ma...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6443/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4659
(7.5 HIGH)

EPSS: 0.03%

updated 2026-04-17T09:31:18

1 posts

The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Arbitrary File Read via the Repeater JSON/CSV URL parameter in versions up to, and including, 2.0.6. This is due to insufficient path traversal sanitization in the URLtoRelative() and urlToPath() functions, combined with the ability to enable debug output in widget settings. The URLtoRelative() function only performs a simp

thehackerwire@mastodon.social at 2026-04-17T07:16:46.000Z ##

🟠 CVE-2026-4659 - High (7.5)

The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Arbitrary File Read via the Repeater JSON/CSV URL parameter in versions up to, and including, 2.0.6. This is due to insufficient path traversal sanitization in the URLtoRel...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4659/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-21719
(7.2 HIGH)

EPSS: 0.18%

updated 2026-04-17T06:31:14

1 posts

An OS command injection vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to execute an arbitrary OS command.

offseq@infosec.exchange at 2026-04-17T06:00:28.000Z ##

CVE-2026-21719: HIGH severity OS command injection in CubeCart <6.6.0. Authenticated admins can run arbitrary OS commands. No patch yet — restrict admin access & monitor logs. https://radar.offseq.com/threat/cve-2026-21719-improper-neutralization-of-special--543f1327 #OffSeq #CubeCart #Vuln #Infosec

##

CVE-2026-40324
(9.1 CRITICAL)

EPSS: 0.09%

updated 2026-04-17T06:23:30

2 posts

### Impact Hot Chocolate's `Utf8GraphQLParser` is a recursive descent parser with no recursion depth limit. A crafted GraphQL document with deeply nested selection sets, object values, list values, or list types can trigger a `StackOverflowException` on payloads as small as **40 KB**. Because `StackOverflowException` is **uncatchable in .NET** (since .NET 2.0), the entire worker process is termi

offseq@infosec.exchange at 2026-04-18T10:30:29.000Z ##

🚨 CRITICAL: CVE-2026-40324 in ChilliCream Hot Chocolate allows attackers to crash GraphQL workers via deeply nested queries (StackOverflowException). Denial of service risk. Patch to 12.22.7, 13.9.16, 14.3.1, 15.1.14. Details: https://radar.offseq.com/threat/cve-2026-40324-cwe-674-uncontrolled-recursion-in-c-0796aaf1 #OffSeq #CVE202640324 #GraphQL #DoS

##

thehackerwire@mastodon.social at 2026-04-18T05:54:41.000Z ##

🔴 CVE-2026-40324 - Critical (9.1)

Hot Chocolate is an open-source GraphQL server. Prior to versions 12.22.7, 13.9.16, 14.3.1, and 15.1.14, Hot Chocolate's recursive descent parser `Utf8GraphQLParser` has no recursion depth limit. A crafted GraphQL document with deeply nested selec...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40324/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-22734
(8.6 HIGH)

EPSS: 0.01%

updated 2026-04-17T03:30:52

1 posts

Cloud Foundry UUA is vulnerable to a bypass that allows an attacker to obtain a token for any user and gain access to UAA-protected systems. This vulnerability exists when SAML 2.0 bearer assertions are enabled for a client, as the UAA accepts SAML 2.0 bearer assertions that are neither signed nor encrypted. This issue affects UUA from v77.30.0 to v78.7.0 (inclusive) and it affects CF Deployment f

thehackerwire@mastodon.social at 2026-04-17T04:59:57.000Z ##

🟠 CVE-2026-22734 - High (8.6)

Cloud Foundry UUA is vulnerable to a bypass that allows an attacker to obtain a token for any user and gain access to UAA-protected systems. This vulnerability exists when SAML 2.0 bearer assertions are enabled for a client, as the UAA accepts SA...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22734/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-31843
(9.8 CRITICAL)

EPSS: 0.89%

updated 2026-04-16T22:58:59

1 posts

The goodoneuz/pay-uz Laravel package (<= 2.2.24) contains a critical vulnerability in the /payment/api/editable/update endpoint that allows unauthenticated attackers to overwrite existing PHP payment hook files. The endpoint is exposed via Route::any() without authentication middleware, enabling remote access without credentials. User-controlled input is directly written into executable PHP files

offseq@infosec.exchange at 2026-04-17T01:30:29.000Z ##

⚠️ CVE-2026-31843: CRITICAL improper access control in goodoneuz/pay-uz <=2.2.24 allows unauthenticated PHP file overwrite & RCE via /payment/api/editable/update. No patch yet — restrict endpoint access! https://radar.offseq.com/threat/cve-2026-31843-cwe-284-improper-access-control-lea-f84d8bc9 #OffSeq #CVE202631843 #Laravel #RCE

##

CVE-2026-30778
(7.5 HIGH)

EPSS: 0.03%

updated 2026-04-16T22:57:33

2 posts

The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL. This issue affects Apache SkyWalking: from 9.7.0 through 10.3.0. Users are recommended to upgrade to version 10.4.0, which fixes the issue.

thehackerwire@mastodon.social at 2026-04-19T08:00:57.000Z ##

🟠 CVE-2026-30778 - High (7.5)

The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL.

This issue affects Apache SkyWalking: from 9.7.0 through 10.3.0.

Users are recommended to upgrade to version 10.4.0, which fixes...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30778/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-19T08:00:57.000Z ##

🟠 CVE-2026-30778 - High (7.5)

The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL.

This issue affects Apache SkyWalking: from 9.7.0 through 10.3.0.

Users are recommended to upgrade to version 10.4.0, which fixes...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30778/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33032
(9.8 CRITICAL)

EPSS: 4.97%

updated 2026-04-16T22:16:37.433000

3 posts

Nginx UI is a web user interface for the Nginx web server. In versions 2.3.5 and prior, the nginx-ui MCP (Model Context Protocol) integration exposes two HTTP endpoints: /mcp and /mcp_message. While /mcp requires both IP whitelisting and authentication (AuthRequired() middleware), the /mcp_message endpoint only applies IP whitelisting - and the default IP whitelist is empty, which the middleware t

Nuclei template

3 repos

https://github.com/Shreda/CVE-2026-33032-nginx-ui-vuln-lab

https://github.com/keraattin/CVE-2026-33032

https://github.com/Twinson333/cve-2026-33032-scanner

oversecurity@mastodon.social at 2026-04-17T08:50:36.000Z ##

Critical nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover

A critical vulnerability identified as CVE-2026-33032 is drawing urgent attention from the cybersecurity community due to its role in enabling a...

🔗️ [Thecyberexpress] https://link.is.it/wkIJDC

##

vitobotta@mastodon.social at 2026-04-17T08:17:00.000Z ##

nginx-ui CVE-2026-33032: the /mcp endpoint had auth, /mcp_message didn't. One missing check = full server takeover. As tools rush to add MCP support, expect more of these gaps. - https://thehackernews.com/2026/04/critical-nginx-ui-vulnerability-cve.html

##

cyberveille@mastobot.ping.moi at 2026-04-17T02:30:24.000Z ##

📢 CVE-2026-33032 : Authentification manquante dans Nginx UI exploitée in the wild
📝 ## 🔍 Contexte

Rapid7 a publié le 16 avril 2026 une alerte de sécurité concernant **CVE-2026-33032**, une vulnérabilité crit...
📖 cyberveille : https://cyberveille.ch/posts/2026-04-16-cve-2026-33032-authentification-manquante-dans-nginx-ui-exploitee-in-the-wild/
🌐 source : https://www.rapid7.com/blog/post/etr-cve-2026-33032-nginx-ui-missing-mcp-authentication/
#CVE_2026_33032 #IOC #Cyberveille

##

CVE-2026-34197
(8.8 HIGH)

EPSS: 46.64%

updated 2026-04-16T21:49:17

8 posts

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations on all ActiveMQ MBeans (org.apache.activemq:*), including BrokerService.addNetworkConnector(String) a

Nuclei template

7 repos

https://github.com/dinosn/CVE-2026-34197

https://github.com/0xBlackash/CVE-2026-34197

https://github.com/hg0434hongzh0/CVE-2026-34197

https://github.com/DEVSECURITYSPRO/CVE-2026-34197

https://github.com/KONDORDEVSECURITYCORP/CVE-2026-34197

https://github.com/AtoposX-J/CVE-2026-34197-Apache-ActiveMQ-RCE

https://github.com/keraattin/CVE-2026-34197

canartuc@mastodon.social at 2026-04-19T08:50:45.000Z ##

CISA added Apache ActiveMQ CVE-2026-34197 to the Known Exploited Vulnerabilities list on April 17 with a federal deadline of April 30. Horizon3's Naveen Sunkavally found the bug by running Claude over the Jolokia code. The flaw has sat in the codebase for 13 years. 8,000+ brokers on the open internet, admin:admin still the common credential. I have watched every real incident start with an unrotated credential, not a zero-day.

#InfoSec #OpenSource #CyberSecurity

##

beyondmachines1@infosec.exchange at 2026-04-17T18:01:09.000Z ##

CISA Warns of Active Exploitation in Apache ActiveMQ Jolokia API Vulnerability

CISA added a high-severity Apache ActiveMQ vulnerability (CVE-2026-34197) to its KEV catalog due to active exploitation that allows attackers to run arbitrary OS commands via the Jolokia API. The flaw is particularly dangerous when chained with CVE-2024-32114, which enables unauthenticated remote code execution in certain versions.

**If you're running Apache ActiveMQ, upgrade to version 5.19.4 or 6.2.3 ASAP. Atackers are actively exploiting this right now. While you're at it, make sure your ActiveMQ console is not exposed to the internet, change any default admin:admin credentials, and disable the Jolokia endpoint entirely if you don't need it.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/cisa-warns-of-active-exploitation-in-apache-activemq-jolokia-api-vulnerability-i-v-s-d-e/gD2P6Ple2L

##

offseq@infosec.exchange at 2026-04-17T14:00:30.000Z ##

CRITICAL: Apache ActiveMQ RCE vuln (CVE-2026-34197) disclosed. No patch yet — review your security posture & monitor vendor channels for updates. Remote attackers could fully compromise systems. https://radar.offseq.com/threat/recent-apache-activemq-vulnerability-exploited-in--98176e07 #OffSeq #ActiveMQ #Vuln #InfoSec

##

canartuc@mastodon.social at 2026-04-17T13:03:28.000Z ##

An Anthropic researcher used Claude to find Apache ActiveMQ flaw CVE-2026-34197. Maintainers shipped the fix in seven days. CISA added the CVE to its federal exploited-vulnerability list. The same week, Cal.com closed source citing AI scanners as the reason. I have run defender-side tooling rollouts for 20 years. Every wave gets framed as attacker-only for six months first. One team shipped the patch. The other shipped the excuse.

#InfoSec #OpenSource #AI #CyberSecurity

##

technadu@infosec.exchange at 2026-04-17T10:52:12.000Z ##

New KEV added 🚨
CVE-2026-34197 (Apache ActiveMQ)
• Active exploitation confirmed
• High-risk entry point
KEV = patch now, not later

Source: https://www.cisa.gov/news-events/alerts/2026/04/16/cisa-adds-one-known-exploited-vulnerability-catalog

💬 How fast is your patch cycle?
Follow @technadu

#InfoSec #CyberSecurity #KEV

##

offseq@infosec.exchange at 2026-04-17T10:30:27.000Z ##

⚠️ CRITICAL: CVE-2026-34197 is a remote code execution vuln in Apache ActiveMQ. No patch or confirmed exploitation yet. Monitor vendor advisories & apply security best practices. Details: https://radar.offseq.com/threat/recent-apache-activemq-vulnerability-exploited-in--98176e07 #OffSeq #ApacheActiveMQ #Vuln #Infosec

##

hackerworkspace@infosec.exchange at 2026-04-17T04:58:11.000Z ##

Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation

https://thehackernews.com/2026/04/apache-activemq-cve-2026-34197-added-to.html

Read on HackerWorkspace: https://hackerworkspace.com/article/apache-activemq-cve-2026-34197-added-to-cisa-kev-amid-active-exploitation

#cybersecurity #vulnerability #exploit

##

secdb@infosec.exchange at 2026-04-16T20:00:13.000Z ##

🚨 [CISA-2026:0416] CISA Adds One Known Exploited Vulnerability to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0416)

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2026-34197 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34197)
- Name: Apache ActiveMQ Improper Input Validation Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apache
- Product: ActiveMQ
- Notes: https://activemq.apache.org/security-advisories.data/CVE-2026-34197-announcement.txt ; https://nvd.nist.gov/vuln/detail/CVE-2026-34197

#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260416 #cisa20260416 #cve_2026_34197 #cve202634197

##

CVE-2025-41118
(9.1 CRITICAL)

EPSS: 0.03%

updated 2026-04-16T21:41:16

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Beaver Builder Beaver Builder beaver-builder-lite-version allows Blind SQL Injection.This issue affects Beaver Builder: from n/a through <= 2....

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40744/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-19T07:00:12.000Z ##

🟠 CVE-2026-40744 - High (8.5)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Beaver Builder Beaver Builder beaver-builder-lite-version allows Blind SQL Injection.This issue affects Beaver Builder: from n/a through <= 2....

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40744/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6306
(8.8 HIGH)

EPSS: 0.08%

updated 2026-04-16T12:31:40

1 posts

Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)

thehackerwire@mastodon.social at 2026-04-16T20:44:59.000Z ##

🟠 CVE-2026-6306 - High (8.8)

Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6306/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33807
(9.1 CRITICAL)

EPSS: 0.05%

updated 2026-04-16T01:03:26

2 posts

### Summary `@fastify/express` v4.0.4 contains a path handling bug in the `onRegister` function that causes middleware paths to be doubled when inherited by child plugins. This results in complete bypass of Express middleware security controls for all routes defined within child plugin scopes that share a prefix with parent-scoped middleware. No special configuration is required — this affects th

thehackerwire@mastodon.social at 2026-04-19T08:02:14.000Z ##

🔴 CVE-2026-33807 - Critical (9.1)

@fastify/express v4.0.4 and earlier contains a path handling bug in the onRegister function that causes middleware paths to be doubled when inherited by child plugins. When a child plugin is registered with a prefix that matches a middleware path,...

updated 2026-04-15T19:46:06

2 posts

### Impact A security bypass vulnerability exists in the expression execution mechanisms of Thymeleaf up to and including 3.1.3.RELEASE. Although the library provides mechanisms to prevent expression injection, it fails to properly restrict the scope of accessible objects, allowing specific potentially sensitive objects to be reached from within a template. If an application developer passes unval

Matchbook3469@mastodon.social at 2026-04-19T07:54:36.000Z ##

🔴 New security advisory:

CVE-2026-40477 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

🟠 CVE-2026-40784 - High (8.1)

Authorization Bypass Through User-Controlled Key vulnerability in Mahmudul Hasan Arif FluentBoards fluent-boards allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentBoards: from n/a through <= 1.91.2.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40784/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40764
(8.1 HIGH)

EPSS: 0.02%

updated 2026-04-15T18:31:55

2 posts

Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Cross Site Request Forgery.This issue affects Contact Form by WPForms: from n/a through <= 1.10.0.2.

thehackerwire@mastodon.social at 2026-04-19T08:00:47.000Z ##

🟠 CVE-2026-40764 - High (8.1)

Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Cross Site Request Forgery.This issue affects Contact Form by WPForms: from n/a through <= 1.10.0.2.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40764/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-19T08:00:47.000Z ##

🟠 CVE-2026-40764 - High (8.1)

Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Cross Site Request Forgery.This issue affects Contact Form by WPForms: from n/a through <= 1.10.0.2.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40764/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40745
(7.6 HIGH)

EPSS: 0.03%

updated 2026-04-15T18:31:55

2 posts

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Blind SQL Injection.This issue affects Element Pack Elementor Addons: from n/a through <= 8.4.2.

thehackerwire@mastodon.social at 2026-04-19T08:00:37.000Z ##

🟠 CVE-2026-40745 - High (7.6)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Blind SQL Injection.This issue affects Element Pack Elementor Addons: fr...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40745/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-19T08:00:37.000Z ##

🟠 CVE-2026-40745 - High (7.6)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Blind SQL Injection.This issue affects Element Pack Elementor Addons: fr...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40745/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6372
(7.5 HIGH)

EPSS: 0.03%

updated 2026-04-15T17:17:06.547000

1 posts

Missing Authorization vulnerability in Plisio Accept Cryptocurrencies with Plisio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accept Cryptocurrencies with Plisio: from n/a through 2.0.5.

thehackerwire@mastodon.social at 2026-04-17T17:01:30.000Z ##

🟠 CVE-2026-6372 - High (7.5)

Missing Authorization vulnerability in Plisio Accept Cryptocurrencies with Plisio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accept Cryptocurrencies with Plisio: from n/a through 2.0.5.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6372/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4145
(7.8 HIGH)

EPSS: 0.01%

updated 2026-04-15T15:31:50

2 posts

During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix that could allow a local authenticated user to perform arbitrary code execution with elevated privileges.

thehackerwire@mastodon.social at 2026-04-19T06:59:53.000Z ##

🟠 CVE-2026-4145 - High (7.8)

During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix that could allow a local authenticated user to perform arbitrary code execution with elevated privileges.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4145/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-19T06:59:53.000Z ##

🟠 CVE-2026-4145 - High (7.8)

During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix that could allow a local authenticated user to perform arbitrary code execution with elevated privileges.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4145/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2024-3721
(6.3 MEDIUM)

EPSS: 83.86%

updated 2026-04-15T00:35:42.020000

1 posts

A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing of the file /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___. The manipulation of the argument mdb/mdc leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260573

1 repos

https://github.com/bytecategory/homeip

hackerworkspace@infosec.exchange at 2026-04-18T08:49:10.000Z ##

Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet

https://thehackernews.com/2026/04/mirai-variant-nexcorium-exploits-cve.html

Read on HackerWorkspace: https://hackerworkspace.com/article/mirai-variant-nexcorium-exploits-cve-2024-3721-to-hijack-tbk-dvrs-for-ddos-botnet

#malware #cybersecurity #vulnerability

##

CVE-2026-33155(CVSS UNKNOWN)

EPSS: 0.05%

updated 2026-04-14T21:59:48

1 posts

### Summary The pickle unpickler `_RestrictedUnpickler` validates which classes can be loaded but does not limit their constructor arguments. A few of the types in `SAFE_TO_IMPORT` have constructors that allocate memory proportional to their input (`builtins.bytes`, `builtins.list`, `builtins.range`). A 40-byte pickle payload can force 10+ GB of memory, which crashes applications that load delta

_r_netsec@infosec.exchange at 2026-04-17T08:43:12.000Z ##

we found a memory exhaustion CVE in a library downloaded 29 million times a month. AWS, DataHub, and Lightning AI are in the blast radius. https://www.periphery.security/blog/cve-2026-33155---40-bytes-to-chaos

##

CVE-2026-33825
(7.8 HIGH)

EPSS: 0.08%

updated 2026-04-10T21:32:47

1 posts

## Summary An authenticated publish-service reader can invoke `/api/av/removeUnusedAttributeView` and cause persistent deletion of arbitrary attribute view (`AV`) definition files from the workspace. The route is protected only by generic `CheckAuth`, which accepts publish `RoleReader` requests. The handler forwards a caller-controlled `id` directly into a model function that deletes `data/stora

thehackerwire@mastodon.social at 2026-04-17T05:00:08.000Z ##

🟠 CVE-2026-40259 - High (8.1)

SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, the /api/av/removeUnusedAttributeView endpoint is protected only by generic authentication that accepts publish-service RoleReader tokens. The handler pass...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40259/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40258
(9.1 CRITICAL)

EPSS: 0.05%

updated 2026-04-10T21:32:42

2 posts

## Summary A path traversal vulnerability (Zip Slip) exists in the media archive import feature. An authenticated user with owner-level privileges can craft a malicious ZIP file with directory-traversal filenames to write arbitrary files outside the intended temporary extraction directory on the server's local filesystem. ## Details When importing media archives as ZIP file, `MediaImporter._che

thehackerwire@mastodon.social at 2026-04-18T06:07:16.000Z ##

🔴 CVE-2026-40258 - Critical (9.1)

The Gramps Web API is a Python REST API for the genealogical research software Gramps. Versions 1.6.0 through 3.11.0 have a path traversal vulnerability (Zip Slip) in the media archive import feature. An authenticated user with owner-level privile...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40258/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-04-17T23:00:11.000Z ##

🚨 CVE-2026-40258: CRITICAL path traversal in gramps-web-api (1.6.0-3.11.0). Owner-level users can write files outside intended dirs via crafted ZIPs. Upgrade to 3.11.1+ to mitigate! https://radar.offseq.com/threat/cve-2026-40258-cwe-22-improper-limitation-of-a-pat-00f841f8 #OffSeq #CVE202640258 #PathTraversal #Infosec

##

CVE-2026-40200
(8.2 HIGH)

EPSS: 0.02%

updated 2026-04-10T18:31:28

1 posts

An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical).

airtower@woem.men at 2026-04-19T12:21:44.882Z ##

Does anyone know how to report errors to https://db.gcve.eu/? Just their info@ mail? I looked up CVE-2026-6042 and CVE-2026-40200 there because I was annoyed that the NVD database (which #Buildroot uses for automated vulnerability checks) still didn't have them correctly labeled with the CPE (so automated tools can't identify the package is vulnerable).

Result: CVE-2026-40200 is correctly labeled (good!), while CVE-2026-6042 is not (different vendor/product). Mistakes happen, an organization that's trying to run as serious vulnerability DB really needs to provide an obvious "report errors here" mail address (or other means, but really… mail). :neocat_glare: #CVE #GCVE

##

CVE-2026-6042
(3.3 LOW)

EPSS: 0.01%

updated 2026-04-10T12:31:44

1 posts

A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix this issue, it is recommended to deploy a patch.

1 repos

https://github.com/jensnesten/CVE-2026-6042-PoC

airtower@woem.men at 2026-04-19T12:21:44.882Z ##

Does anyone know how to report errors to https://db.gcve.eu/? Just their info@ mail? I looked up CVE-2026-6042 and CVE-2026-40200 there because I was annoyed that the NVD database (which #Buildroot uses for automated vulnerability checks) still didn't have them correctly labeled with the CPE (so automated tools can't identify the package is vulnerable).

Result: CVE-2026-40200 is correctly labeled (good!), while CVE-2026-6042 is not (different vendor/product). Mistakes happen, an organization that's trying to run as serious vulnerability DB really needs to provide an obvious "report errors here" mail address (or other means, but really… mail). :neocat_glare: #CVE #GCVE

##

CVE-2026-39987(CVSS UNKNOWN)

EPSS: 3.20%

updated 2026-04-09T19:06:18

3 posts

## Summary Marimo (19.6k stars) has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint `/terminal/ws` lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSocket endpoints (e.g., `/ws`) that correctly call `validate_auth()` for authentication, the `/terminal/ws` endpoint only checks the

Nuclei template

5 repos

https://github.com/fevar54/marimo_CVE-2026-39987_RCE_PoC

https://github.com/Nxploited/CVE-2026-39987

https://github.com/0xBlackash/CVE-2026-39987

https://github.com/mki9/CVE-2026-39987_exploit

https://github.com/keraattin/CVE-2026-39987

threatnoir@infosec.exchange at 2026-04-18T17:08:28.000Z ##

⚠️ CRITICAL: Hackers exploit Marimo flaw to deploy NKAbuse malware from Hugging Face

Attackers are actively exploiting CVE-2026-39987, a critical RCE vulnerability in Marimo Python notebooks, to deploy NKAbuse malware hosted on Hugging Face. The malware acts as a RAT with credential theft and lateral movement capabilities. Exploitation started within 10 hours of disclosure across m…

https://threatnoir.com/focus

#infosec #cybersecurity

##

canartuc@mastodon.social at 2026-04-17T10:54:45.000Z ##

Marimo is a Python notebook used in AI toolchains. It was exploited 9 hours 41 minutes after CVE-2026-39987 disclosure. Sysdig published the telemetry. Full remote takeover, no login required. The patch shipped with the advisory. Most shops do not have weekend on-call for a Python notebook. By Sunday morning the command-and-control traffic was already 14 hours deep. Patch window is shorter than one night of sleep. On-call SLA is the new budget line.

#CyberSecurity #DevOps #Python #InfoSec

##

hackerworkspace@infosec.exchange at 2026-04-17T04:56:17.000Z ##

CVE-2026-39987 update: How attackers weaponized marimo to deploy a blockchain botnet via HuggingFace | Sysdig

https://www.sysdig.com/blog/cve-2026-39987-update-how-attackers-weaponized-marimo-to-deploy-a-blockchain-botnet-via-huggingface

Read on HackerWorkspace: https://hackerworkspace.com/article/cve-2026-39987-update-how-attackers-weaponized-marimo-to-deploy-a-blockchain-botnet-via-huggingface-sysdig

#malware #cybersecurity #vulnerability

##

CVE-2026-22729
(8.6 HIGH)

EPSS: 0.08%

updated 2026-04-01T16:53:35.810000

1 posts

A JSONPath injection vulnerability in Spring AI's AbstractFilterExpressionConverter allows authenticated users to bypass metadata-based access controls through crafted filter expressions. User-controlled input passed to FilterExpressionBuilder is concatenated into JSONPath queries without proper escaping, enabling attackers to inject arbitrary JSONPath logic and access unauthorized documents. Thi

_r_netsec@infosec.exchange at 2026-04-17T08:43:10.000Z ##

CVE-2026-22729: JSONPath Injection in Spring AI’s PgVectorStore https://blog.securelayer7.net/cve-2026-22729-jsonpath-injection-spring-ai-pgvectorstore/

##

CVE-2026-3055
(9.8 CRITICAL)

EPSS: 55.71%

updated 2026-03-31T13:18:14.213000

2 posts

Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread

Nuclei template

5 repos

https://github.com/l0lsec/check-cve-2026-3055-netscaler

https://github.com/0xBlackash/CVE-2026-3055

https://github.com/fevar54/CVE-2026-3055---Citrix-NetScaler-Memory-Overread-PoC

https://github.com/fevar54/CVE-2026-3055-Scanner---Herramienta-de-Detecci-n

https://github.com/NetVanguard-cmd/CVE-2026-3055

mttaggart at 2026-04-19T14:35:08.156Z ##

Useful explainer on the latest Citrix shenanigans, including verifying exposure and hunting/forensics recommendations

https://www.picussecurity.com/resource/blog/cve-2026-3055-cve-2026-4368-inside-the-netscaler-citrixbleed-3-memory-overread

##

mttaggart@infosec.exchange at 2026-04-19T14:35:08.000Z ##

Useful explainer on the latest Citrix shenanigans, including verifying exposure and hunting/forensics recommendations

https://www.picussecurity.com/resource/blog/cve-2026-3055-cve-2026-4368-inside-the-netscaler-citrixbleed-3-memory-overread

##

CVE-2026-4368
(0 None)

EPSS: 0.02%

updated 2026-03-24T15:54:09.400000

2 posts

Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configured as Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server leading to User Session Mixup

mttaggart at 2026-04-19T14:35:08.156Z ##

Useful explainer on the latest Citrix shenanigans, including verifying exposure and hunting/forensics recommendations

https://www.picussecurity.com/resource/blog/cve-2026-3055-cve-2026-4368-inside-the-netscaler-citrixbleed-3-memory-overread

##

mttaggart@infosec.exchange at 2026-04-19T14:35:08.000Z ##

Useful explainer on the latest Citrix shenanigans, including verifying exposure and hunting/forensics recommendations

https://www.picussecurity.com/resource/blog/cve-2026-3055-cve-2026-4368-inside-the-netscaler-citrixbleed-3-memory-overread

##

CVE-2026-32746
(9.8 CRITICAL)

EPSS: 0.03%

updated 2026-03-23T15:31:40

2 posts

telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full.

5 repos

https://github.com/watchtowrlabs/watchtowr-vs-telnetd-CVE-2026-32746

https://github.com/danindiana/cve-2026-32746-mitigation

https://github.com/chosenonehacks/CVE-2026-32746

https://github.com/jeffaf/cve-2026-32746

https://github.com/ekomsSavior/telnet_scan

_r_netsec@infosec.exchange at 2026-04-17T08:43:12.000Z ##

A 32-Year-Old Bug Walks Into A Telnet Server (GNU inetutils Telnetd CVE-2026-32746) - watchTowr Labs https://labs.watchtowr.com/a-32-year-old-bug-walks-into-a-telnet-server-gnu-inetutils-telnetd-cve-2026-32746/

##

_r_netsec@infosec.exchange at 2026-04-17T08:43:08.000Z ##

CVE-2026-32746 GNU telnetd Buffer Overflow PoC - Critical (9.8) https://pwn.guide/free/other/cve-2026-32746

##

CVE-2026-4440
(8.8 HIGH)

EPSS: 0.07%

updated 2026-03-20T15:32:13

2 posts

Out of bounds read and write in WebGL in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Critical)

campuscodi@mastodon.social at 2026-04-19T10:46:24.000Z ##

Exploit code for a recently patched Chrome vulnerability has leaked online via a misconfigured server.

Security firm Breakglass believes the code is the work of a "professional exploit developer," and most intended for "sale or government use."

https://intel.breakglass.tech/post/cve-2026-4440-chrome-exploit-dev-server-open-directory

##

campuscodi@mastodon.social at 2026-04-19T10:46:24.000Z ##

Exploit code for a recently patched Chrome vulnerability has leaked online via a misconfigured server.

Security firm Breakglass believes the code is the work of a "professional exploit developer," and most intended for "sale or government use."

https://intel.breakglass.tech/post/cve-2026-4440-chrome-exploit-dev-server-open-directory

##

CVE-2026-22730
(8.8 HIGH)

EPSS: 0.02%

updated 2026-03-18T20:20:40

1 posts

A critical SQL injection vulnerability in Spring AI's MariaDBFilterExpressionConverter allows attackers to bypass metadata-based access controls and execute arbitrary SQL commands. The vulnerability exists due to missing input sanitization.

1 repos

https://github.com/NULL200OK/CVE-2026-22730-Scanner

_r_netsec@infosec.exchange at 2026-04-17T08:43:09.000Z ##

CVE-2026-22730: SQL Injection in Spring AI’s MariaDB Vector Store https://blog.securelayer7.net/cve-2026-22730-sql-injection-spring-ai-mariadb/

##

CVE-2026-3888
(7.8 HIGH)

EPSS: 0.01%

updated 2026-03-18T04:17:30.720000

1 posts

Local privilege escalation in snapd on Linux allows local attackers to get root privilege by re-creating snap's private /tmp directory when systemd-tmpfiles is configured to automatically clean up this directory. This issue affects Ubuntu 16.04 LTS, 18.04 LTS, 20.04 LTS, 22.04 LTS, and 24.04 LTS.

6 repos

https://github.com/fevar54/CVE-2026-3888-POC-all-from-the-Qualys-platform.

https://github.com/netw0rk7/CVE-2026-3888-PoC

https://github.com/nomaisthere/CVE-2026-3888

https://github.com/Many-Hat-Group/Ubuntu-CVE-2026-3888-patcher

https://github.com/TheCyberGeek/CVE-2026-3888-snap-confine-systemd-tmpfiles-LPE

https://github.com/DanielTangnes/CVE-2026-3888

_r_netsec@infosec.exchange at 2026-04-17T08:43:09.000Z ##

Ubtuntu 24.04+ Snapd Local Privilege Escalation (CVE-2026-3888) https://blog.qualys.com/vulnerabilities-threat-research/2026/03/17/cve-2026-3888-important-snap-flaw-enables-local-privilege-escalation-to-root

##

CVE-2026-25554
(6.5 MEDIUM)

EPSS: 0.09%

updated 2026-02-27T21:31:20

1 posts

OpenSIPS versions 3.1 before 3.6.4 containing the auth_jwt module (prior to commit 3822d33) contain a SQL injection vulnerability in the jwt_db_authorize() function in modules/auth_jwt/authorize.c when db_mode is enabled and a SQL database backend is used. The function extracts the tag claim from a JWT without prior signature verification and incorporates the unescaped value directly into a SQL qu

_r_netsec@infosec.exchange at 2026-04-17T08:43:11.000Z ##

OpenSIPS SQL Injection to Authentication Bypass (CVE-2026-25554) https://aisle.com/blog/opensips-sql-injection-aisle-deep-dive-sql-injection-authentication-bypass

##

CVE-2026-24061
(9.8 CRITICAL)

EPSS: 88.02%

updated 2026-02-10T18:30:34

1 posts

telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.

Nuclei template

69 repos

https://github.com/SafeBreach-Labs/CVE-2026-24061

https://github.com/hackingyseguridad/root

https://github.com/canpilayda/inetutils-telnetd-cve-2026-24061

https://github.com/XsanFlip/CVE-2026-24061-Scanner

https://github.com/BrainBob/CVE-2026-24061

https://github.com/Mefhika120/Ashwesker-CVE-2026-24061

https://github.com/Remnant-DB/CVE-2026-24061

https://github.com/Parad0x7e/CVE-2026-24061

https://github.com/shivam-bathla/CVE-2026-24061-setup

https://github.com/Gabs-hub/CVE-2026-24061_Lab

https://github.com/LucasPDiniz/CVE-2026-24061

https://github.com/0x7556/CVE-2026-24061

https://github.com/HD0x01/CVE-2026-24061-NSE

https://github.com/0p5cur/CVE-2026-24061-POC

https://github.com/midox008/CVE-2026-24061

https://github.com/X-croot/CVE-2026-24061_POC

https://github.com/setuju/telnetd

https://github.com/Mr-Zapi/CVE-2026-24061

https://github.com/obrunolima1910/CVE-2026-24061

https://github.com/Risma2025/CVE-2026-24061-GNU-InetUtils-telnetd-Authentication-Bypass-Vulnerability

https://github.com/SeptembersEND/CVE--2026-24061

https://github.com/Chocapikk/CVE-2026-24061

https://github.com/monstertsl/CVE-2026-24061

https://github.com/Alter-N0X/CVE-2026-24061-POC

https://github.com/Lingzesec/CVE-2026-24061-GUI

https://github.com/ilostmypassword/Melissae-Honeypot-Framework

https://github.com/buzz075/CVE-2026-24061

https://github.com/dotelpenguin/telnetd_CVE-2026-24061_tester

https://github.com/mbanyamer/CVE-2026-24061-GNU-Inetutils-telnetd-Remote-Authentication-Bypass-Root-Shell-

https://github.com/novitahk/Exploit-CVE-2026-24061

https://github.com/Ali-brarou/telnest

https://github.com/yanxinwu946/CVE-2026-24061--telnetd

https://github.com/duy-31/CVE-2026-24061---telnetd

https://github.com/ms0x08-dev/CVE-2026-24061-POC

https://github.com/cumakurt/tscan

https://github.com/athack-ctf/chall2026-telneted

https://github.com/MY0723/GNU-Inetutils-telnet-CVE-2026-24061-

https://github.com/z3n70/CVE-2026-24061

https://github.com/ekomsSavior/telnet_scan

https://github.com/parameciumzhang/Tell-Me-Root

https://github.com/tiborscholtz/CVE-2026-24061

https://github.com/punitdarji/telnetd-cve-2026-24061

https://github.com/androidteacher/CVE-2026-24061-PoC-Telnetd

https://github.com/0xXyc/telnet-inetutils-auth-bypass-CVE-2026-24061

https://github.com/franckferman/CVE_2026_24061

https://github.com/h3athen/CVE-2026-24061

https://github.com/lavabyte/telnet-CVE-2026-24061

https://github.com/nrnw/CVE-2026-24061-GNU-inetutils-Telnet-Detector

https://github.com/ibrahmsql/CVE-2026-24061-PoC

https://github.com/madfxr/Twenty-Three-Scanner

https://github.com/xuemian168/CVE-2026-24061

https://github.com/typeconfused/CVE-2026-24061

https://github.com/m3ngx1ng/cve_2026_24061_cli

https://github.com/ridpath/Terrminus-CVE-2026-2406

https://github.com/JayGLXR/CVE-2026-24061-POC

https://github.com/0xBlackash/CVE-2026-24061

https://github.com/infat0x/CVE-2026-24061

https://github.com/RStephanH/vuln-deb

https://github.com/TryA9ain/CVE-2026-24061

https://github.com/FurkanKAYAPINAR/CVE-2026-24061-telnet2root

https://github.com/SystemVll/CVE-2026-24061

https://github.com/balgan/CVE-2026-24061

https://github.com/BrainBob/Telnet-TestVuln-CVE-2026-24061

EPSS: 2.02%

updated 2025-02-11T16:31:00.073000

1 posts

In Apache ActiveMQ 6.x, the default configuration doesn't secure the API web context (where the Jolokia JMX REST API and the Message REST API are located). It means that anyone can use these layers without any required authentication. Potentially, anyone can interact with the broker (using Jolokia JMX REST API) and/or produce/consume messages or purge/delete destinations (using the Message REST AP

beyondmachines1@infosec.exchange at 2026-04-17T18:01:09.000Z ##

CISA Warns of Active Exploitation in Apache ActiveMQ Jolokia API Vulnerability

CISA added a high-severity Apache ActiveMQ vulnerability (CVE-2026-34197) to its KEV catalog due to active exploitation that allows attackers to run arbitrary OS commands via the Jolokia API. The flaw is particularly dangerous when chained with CVE-2024-32114, which enables unauthenticated remote code execution in certain versions.

**If you're running Apache ActiveMQ, upgrade to version 5.19.4 or 6.2.3 ASAP. Atackers are actively exploiting this right now. While you're at it, make sure your ActiveMQ console is not exposed to the internet, change any default admin:admin credentials, and disable the Jolokia endpoint entirely if you don't need it.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/cisa-warns-of-active-exploitation-in-apache-activemq-jolokia-api-vulnerability-i-v-s-d-e/gD2P6Ple2L

##

CVE-2026-39973
(0 None)

EPSS: 0.00%

2 posts

N/A

iBotPeaches at 2026-04-19T12:42:34.142Z ##

apktool 3.0.2 is out!

- performance boosts
- CVE-2026-39973 fix
- bug fixes for splits & Meta apks

https://apktool.org/blog/apktool-3.0.2

##

iBotPeaches@infosec.exchange at 2026-04-19T12:42:34.000Z ##

apktool 3.0.2 is out!

- performance boosts
- CVE-2026-39973 fix
- bug fixes for splits & Meta apks

https://apktool.org/blog/apktool-3.0.2

##

CVE-2026-5617
(0 None)

EPSS: 0.04%

2 posts

N/A

thehackerwire@mastodon.social at 2026-04-19T08:02:23.000Z ##

🟠 CVE-2026-5617 - High (8.8)

The Login as User plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the handle_return_to_admin() function trusting a client-controlled cookie (oclaup_original_admin) to determine...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5617/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-19T08:02:23.000Z ##

🟠 CVE-2026-5617 - High (8.8)

The Login as User plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the handle_return_to_admin() function trusting a client-controlled cookie (oclaup_original_admin) to determine...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5617/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40582
(0 None)

EPSS: 0.11%

1 posts

N/A

offseq@infosec.exchange at 2026-04-18T09:00:30.000Z ##

🚨 CVE-2026-40582: ChurchCRM < 7.2.0 has a CRITICAL auth bypass (CVSS 9.1). /api/public/user/login lets attackers with a password skip lockout & 2FA to get API access. Upgrade to 7.2.0+ ASAP. https://radar.offseq.com/threat/cve-2026-40582-cwe-288-authentication-bypass-using-58dc9576 #OffSeq #ChurchCRM #CVE202640582 #infosec

##

CVE-2026-40317
(0 None)

EPSS: 0.02%

2 posts

N/A

offseq@infosec.exchange at 2026-04-18T07:30:26.000Z ##

2 posts

N/A

offseq@infosec.exchange at 2026-04-18T06:00:27.000Z ##

2 posts

N/A

thehackerwire@mastodon.social at 2026-04-18T05:10:44.000Z ##

🔴 CVE-2026-40484 - Critical (9.1)

ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the database backup restore functionality extracts uploaded archive contents and copies files from the Images/ directory into the web-accessible document root using ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40484/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-04-18T00:00:42.000Z ##

⚠️ CRITICAL: ChurchCRM <7.2.0 vulnerable to RCE (CVE-2026-40484). Crafted backup restores allow webshell upload; CSRF flaw increases risk. Patch to 7.2.0+ now. Details: https://radar.offseq.com/threat/cve-2026-40484-cwe-269-improper-privilege-manageme-9bb4be14 #OffSeq #CVE202640484 #ChurchCRM #RCE

##

CVE-2026-35465
(0 None)

_r_netsec@infosec.exchange at 2026-04-17T08:43:10.000Z ##

Kanboard Authenticated SQL Injection CVE-2026-33058 Writeup https://0dave.ch/posts/cve-2026-33058/

##

CVE-2026-40170
(0 None)

EPSS: 0.04%

1 posts

N/A

thehackerwire@mastodon.social at 2026-04-17T05:23:02.000Z ##

🟠 CVE-2026-40170 - High (7.5)

ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2_qlog_parameters_set_transport_params() serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabl...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40170/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40322
(0 None)

EPSS: 0.05%

1 posts

N/A

thehackerwire@mastodon.social at 2026-04-17T05:13:55.000Z ##

🔴 CVE-2026-40322 - Critical (9)

SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, Mermaid diagrams are rendered with securityLevel set to "loose", and the resulting SVG is injected into the DOM via innerHTML. This allows attacker-control...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40322/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6574(7.3 HIGH)

EPSS: 0.00%

CVE-2026-6573(6.3 MEDIUM)

EPSS: 0.00%

CVE-2026-6572(5.6 MEDIUM)

EPSS: 0.00%

CVE-2026-6570(2.7 LOW)

EPSS: 0.02%

CVE-2026-6568(7.3 HIGH)

EPSS: 0.09%

CVE-2026-6563(8.8 HIGH)

EPSS: 0.04%

CVE-2026-6560(8.8 HIGH)

EPSS: 0.04%

CVE-2026-0868(6.4 MEDIUM)

EPSS: 0.01%

CVE-2026-41113(8.1 HIGH)

EPSS: 0.10%

CVE-2026-41242(CVSS UNKNOWN)

EPSS: 0.05%

CVE-2026-2986(6.4 MEDIUM)

EPSS: 0.01%

CVE-2026-2505(5.4 MEDIUM)

EPSS: 0.03%

CVE-2026-5426(7.5 HIGH)

EPSS: 0.05%

CVE-2026-6518(8.8 HIGH)

EPSS: 0.07%

CVE-2026-31987(7.5 HIGH)

EPSS: 0.03%

CVE-2026-40493(9.8 CRITICAL)

EPSS: 0.04%

CVE-2026-40487(8.9 HIGH)

EPSS: 0.02%

CVE-2026-40350(8.8 HIGH)

EPSS: 0.04%

CVE-2026-5807(7.5 HIGH)

EPSS: 0.01%

CVE-2026-3605(8.1 HIGH)

EPSS: 0.01%

CVE-2026-2262(7.5 HIGH)

EPSS: 0.04%

CVE-2026-40581(8.1 HIGH)

EPSS: 0.01%

CVE-2026-40474(7.6 HIGH)

EPSS: 0.03%

CVE-2026-40352(8.8 HIGH)

EPSS: 0.03%

CVE-2026-40321(8.0 HIGH)

EPSS: 0.04%

CVE-2026-32324(7.7 HIGH)

EPSS: 0.01%

CVE-2026-32650(7.5 HIGH)

EPSS: 0.02%

CVE-2026-40066(8.8 HIGH)

EPSS: 0.03%

CVE-2026-35546(9.8 CRITICAL)

EPSS: 0.06%

CVE-2026-40461(7.5 HIGH)

EPSS: 0.03%

CVE-2026-40525(9.1 CRITICAL)

EPSS: 0.11%

CVE-2026-40527(7.8 HIGH)

EPSS: 0.03%

CVE-2026-40434(8.1 HIGH)

EPSS: 0.02%

CVE-2026-40342(9.9 CRITICAL)

EPSS: 0.08%

CVE-2026-35682(8.8 HIGH)

EPSS: 0.26%

CVE-2026-34232(7.5 HIGH)

EPSS: 0.04%

CVE-2026-33337(7.5 HIGH)

EPSS: 0.04%

CVE-2025-65104(7.9 HIGH)

EPSS: 0.01%

CVE-2026-40516(8.3 HIGH)

EPSS: 0.04%

CVE-2026-37749(9.8 CRITICAL)

EPSS: 0.11%

CVE-2026-6574
(7.3 HIGH)

CVE-2026-6573
(6.3 MEDIUM)

CVE-2026-6572
(5.6 MEDIUM)

CVE-2026-6570
(2.7 LOW)

CVE-2026-6568
(7.3 HIGH)

CVE-2026-6563
(8.8 HIGH)

CVE-2026-6560
(8.8 HIGH)

CVE-2026-0868
(6.4 MEDIUM)

CVE-2026-41113
(8.1 HIGH)

CVE-2026-2986
(6.4 MEDIUM)

CVE-2026-2505
(5.4 MEDIUM)

CVE-2026-5426
(7.5 HIGH)

CVE-2026-6518
(8.8 HIGH)

CVE-2026-31987
(7.5 HIGH)

CVE-2026-40493
(9.8 CRITICAL)

CVE-2026-40487
(8.9 HIGH)

CVE-2026-40350
(8.8 HIGH)

CVE-2026-5807
(7.5 HIGH)

CVE-2026-3605
(8.1 HIGH)

CVE-2026-2262
(7.5 HIGH)

CVE-2026-40581
(8.1 HIGH)

CVE-2026-40474
(7.6 HIGH)

CVE-2026-40352
(8.8 HIGH)

CVE-2026-40321
(8.0 HIGH)

CVE-2026-32324
(7.7 HIGH)

CVE-2026-32650
(7.5 HIGH)

CVE-2026-40066
(8.8 HIGH)

CVE-2026-35546
(9.8 CRITICAL)

CVE-2026-40461
(7.5 HIGH)

CVE-2026-40525
(9.1 CRITICAL)

CVE-2026-40527
(7.8 HIGH)

CVE-2026-40434
(8.1 HIGH)

CVE-2026-40342
(9.9 CRITICAL)

CVE-2026-35682
(8.8 HIGH)

CVE-2026-34232
(7.5 HIGH)

CVE-2026-33337
(7.5 HIGH)

CVE-2025-65104
(7.9 HIGH)

CVE-2026-40516
(8.3 HIGH)

CVE-2026-37749
(9.8 CRITICAL)

CVE-2026-6305
(8.8 HIGH)

CVE-2026-5718
(8.1 HIGH)

CVE-2026-5710
(7.5 HIGH)

CVE-2026-3464
(8.8 HIGH)

CVE-2026-40515
(7.5 HIGH)

CVE-2026-6284
(9.1 CRITICAL)

CVE-2026-6307
(8.8 HIGH)

CVE-2026-33435
(8.0 HIGH)

CVE-2026-34393
(8.8 HIGH)

CVE-2026-40318
(8.5 HIGH)

CVE-2026-6442
(8.3 HIGH)

CVE-2026-30656
(7.5 HIGH)

CVE-2026-6507
(7.5 HIGH)

CVE-2026-40262
(8.7 HIGH)

CVE-2026-30625
(9.8 CRITICAL)

CVE-2026-30461
(8.3 HIGH)

CVE-2026-20180
(9.9 CRITICAL)

CVE-2026-4525
(7.5 HIGH)

CVE-2026-35569
(8.7 HIGH)

CVE-2026-23775
(7.6 HIGH)

CVE-2026-23853
(8.4 HIGH)

CVE-2025-36568
(7.9 HIGH)

CVE-2026-33392
(7.2 HIGH)

CVE-2026-6443
(9.8 CRITICAL)

CVE-2026-4659
(7.5 HIGH)

CVE-2026-21719
(7.2 HIGH)

CVE-2026-40324
(9.1 CRITICAL)

CVE-2026-22734
(8.6 HIGH)

CVE-2026-31843
(9.8 CRITICAL)

CVE-2026-30778
(7.5 HIGH)

CVE-2026-33032
(9.8 CRITICAL)

CVE-2026-34197
(8.8 HIGH)

CVE-2025-41118
(9.1 CRITICAL)

CVE-2026-6290
(8.1 HIGH)

CVE-2026-40303
(7.5 HIGH)