CVE	CVSS	EPSS	Posts	Repos	Nuclei	Updated	Description
CVE-2026-20182	10.0	0.00%	6	0		2026-05-14T17:19:57.600000	May 2026: This security advisory provides the details and fix information for a
CVE-2026-20210	5.4	0.00%	2	0		2026-05-14T17:19:57.600000	A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN
CVE-2026-42457	9.0	0.00%	2	0		2026-05-14T17:19:49.973000	vCluster Platform provides a Kubernetes platform for managing virtual clusters,
CVE-2026-43284	8.8	0.01%	2	22		2026-05-14T17:16:22.130000	In the Linux kernel, the following vulnerability has been resolved: xfrm: esp:
CVE-2026-8468	0	0.28%	1	0		2026-05-14T17:07:07.030000	Allocation of Resources Without Limits or Throttling vulnerability in plug_proje
CVE-2026-44478	7.5	0.04%	2	0		2026-05-14T16:49:18.583000	hoppscotch is an open source API development ecosystem. The fix for CVE-2026-282
CVE-2026-29206	8.1	0.03%	2	0		2026-05-14T16:49:18.583000	Insufficient sanitization of SQL queries in the `sqloptimizer` utility script al
CVE-2026-40893	8.2	0.00%	2	0		2026-05-14T16:28:04.847000	Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gote
CVE-2026-42589	9.8	0.00%	2	0		2026-05-14T16:28:04.847000	Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gote
CVE-2026-42596	9.4	0.00%	2	0		2026-05-14T16:28:04.847000	Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, the
CVE-2026-42594	7.5	0.00%	2	0		2026-05-14T16:28:04.847000	Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the
CVE-2026-42590	8.2	0.00%	2	0		2026-05-14T16:28:04.847000	Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.30.0, The
CVE-2026-6637	8.8	0.00%	2	0		2026-05-14T16:21:23.190000	Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged datab
CVE-2026-6477	8.8	0.00%	2	0		2026-05-14T16:21:23.190000	Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreS
CVE-2026-7481	8.7	0.02%	2	0		2026-05-14T16:20:43.240000	GitLab has remediated an issue in GitLab EE affecting all versions from 16.4 bef
CVE-2025-12008	8.8	0.00%	2	0		2026-05-14T16:20:13.477000	Authorization bypass through User-Controlled key vulnerability in APPYAP Technol
CVE-2026-44005	10.0	0.04%	3	0		2026-05-14T16:16:23.313000	vm2 is an open source vm/sandbox for Node.js. From 3.9.6 to 3.10.5, vm2's bridge
CVE-2026-42283	7.7	0.00%	2	0		2026-05-14T16:16:21.347000	DevSpace is a client-only developer tool for cloud-native development with Kuber
CVE-2026-43998	8.5	0.20%	2	0		2026-05-14T15:36:55.493000	vm2 is an open source vm/sandbox for Node.js. In 3.10.5, NodeVM's require.root p
CVE-2025-15025	8.8	0.00%	2	0		2026-05-14T15:32:05	Authorization bypass through User-Controlled key vulnerability in Yordam Informa
CVE-2026-6473	8.8	0.00%	2	0		2026-05-14T15:32:05	Integer wraparound in multiple PostgreSQL server features allows an unprivileged
CVE-2026-6479	7.5	0.00%	2	0		2026-05-14T15:32:05	Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker
CVE-2026-6475	8.8	0.00%	2	0		2026-05-14T15:32:05	Symlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allo
CVE-2026-4029	7.5	0.00%	2	0		2026-05-14T15:32:05	The Database Backup for WordPress plugin for WordPress is vulnerable to unauthor
CVE-2026-43500	7.8	0.01%	2	13		2026-05-14T15:31:52	In the Linux kernel, the following vulnerability has been resolved: rxrpc: Also
CVE-2026-44004	7.5	0.04%	2	0		2026-05-14T15:22:06.020000	vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, sandboxed code ca
CVE-2026-44009	9.8	0.04%	2	0		2026-05-14T15:17:22.300000	vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.2, This vulnerabili
CVE-2026-8181	9.8	0.26%	4	1		2026-05-14T14:28:41.283000	The Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Al
CVE-2026-6271	9.8	0.14%	4	0		2026-05-14T14:28:41.283000	The Career Section plugin for WordPress is vulnerable to Arbitrary File Upload i
CVE-2026-4031	7.5	0.00%	2	0		2026-05-14T14:28:41.283000	The Database Backup for WordPress plugin for WordPress is vulnerable to authoriz
CVE-2026-4030	8.1	0.00%	2	0		2026-05-14T14:28:41.283000	The Database Backup for WordPress plugin for WordPress is vulnerable to unauthor
CVE-2026-6512	9.1	0.07%	4	0		2026-05-14T14:28:41.283000	The InfusedWoo Pro plugin for WordPress is vulnerable to authorization bypass in
CVE-2026-44258	0	0.05%	1	0		2026-05-14T13:16:19.357000	efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the elfinder_check
CVE-2026-44575	7.5	0.03%	4	1		2026-05-14T12:38:11.500000	Next.js is a React framework for building full-stack web applications. From 15.2
CVE-2025-11024	9.8	0.03%	2	0		2026-05-14T12:30:33	Improper neutralization of special elements used in an SQL command ('SQL injecti
CVE-2026-2347	9.8	0.04%	4	1		2026-05-14T12:30:28	Authorization bypass through User-Controlled key vulnerability in Akilli Commerc
CVE-2026-44573	7.5	0.04%	2	1		2026-05-14T12:24:22.910000	Next.js is a React framework for building full-stack web applications. From 12.2
CVE-2026-44290	7.5	0.04%	2	0		2026-05-14T12:23:20.007000	protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior t
CVE-2026-44291	8.1	0.05%	2	0		2026-05-14T12:22:14.937000	protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior t
CVE-2026-3892	8.1	0.05%	2	0		2026-05-14T09:31:35	The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is
CVE-2026-6506	8.8	0.04%	2	0		2026-05-14T09:31:35	The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation in
CVE-2026-5395	8.2	0.03%	2	0		2026-05-14T09:31:35	The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Fo
CVE-2026-6510	9.8	0.19%	6	0		2026-05-14T09:31:35	The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation vi
CVE-2026-6514	7.5	0.06%	2	0		2026-05-14T09:31:35	The InfusedWoo Pro plugin for WordPress is vulnerable to Arbitrary File Read in
CVE-2025-14870	7.5	0.04%	4	0		2026-05-14T06:31:40	GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5
CVE-2026-1659	7.5	0.04%	2	0		2026-05-14T06:31:40	GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.0 b
CVE-2026-6073	8.7	0.02%	2	0		2026-05-14T06:31:40	GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 bef
CVE-2026-5396	8.2	0.03%	2	0		2026-05-14T06:31:40	The Fluent Forms plugin for WordPress is vulnerable to Authorization Bypass Thro
CVE-2026-7377	8.7	0.02%	2	0		2026-05-14T06:31:40	GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 bef
CVE-2025-14869	7.5	0.03%	2	0		2026-05-14T06:31:39	GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5
CVE-2026-46419	7.5	0.01%	2	0		2026-05-14T06:31:32	Yubico webauthn-server-core (aka java-webauthn-server) 2.8.0 before 2.8.2 incorr
CVE-2026-42945	8.1	0.17%	24	10		2026-05-14T03:32:08	NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_mo
CVE-2026-32993	8.3	0.07%	2	0		2026-05-14T00:32:05	Improper sanitization of the `status` query parameter of the `/unprotected/nova_
CVE-2026-32992	8.2	0.03%	2	0		2026-05-13T22:16:43.010000	SSL verification is disabled in the DNS Cluster system. This could allow for a m
CVE-2026-8466	None	0.02%	1	0		2026-05-13T21:32:13	Allocation of Resources Without Limits or Throttling vulnerability in ninenines
CVE-2026-0263	None	0.06%	4	0		2026-05-13T18:31:07	A buffer overflow vulnerability in the IKEv2 processing of Palo Alto Networks PA
CVE-2026-0265	None	0.08%	2	0		2026-05-13T18:31:07	An authentication bypass vulnerability in Palo Alto Networks PAN-OS® software en
CVE-2026-40631	8.7	0.05%	2	0		2026-05-13T18:31:06	An authenticated attacker with the Resource Administrator or Administrator role
CVE-2026-41225	9.1	0.07%	2	0		2026-05-13T18:31:06	A vulnerability exists in iControl REST where a highly privileged, authenticated
CVE-2026-42924	8.7	0.05%	4	0		2026-05-13T18:31:06	An authenticated attacker with the Resource Administrator or Administrator role
CVE-2026-6282	8.1	0.06%	2	0		2026-05-13T18:31:06	A potential improper file path validation vulnerability was reported in some Len
CVE-2026-39458	7.5	0.07%	2	0		2026-05-13T18:31:05	When a BIG-IP DNS profile enabled with DNS cache is configured on a virtual serv
CVE-2026-39455	7.5	0.08%	2	0		2026-05-13T18:31:05	When the BIG-IP Configuration utility is configured to use Lightweight Directory
CVE-2026-40067	7.5	0.07%	2	0		2026-05-13T18:31:05	When a BIG-IP APM access policy is configured on a virtual server, undisclosed t
CVE-2026-40061	8.7	0.05%	2	0		2026-05-13T18:31:05	When BIG-IP DNS is provisioned, a vulnerability exists in an undisclosed iContro
CVE-2026-40060	7.5	0.07%	2	0		2026-05-13T18:31:05	When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual ser
CVE-2026-40629	7.5	0.07%	2	0		2026-05-13T18:31:05	When SSL profiles are configured on a virtual server, undisclosed traffic can ca
CVE-2026-41218	7.5	0.07%	2	0		2026-05-13T18:31:05	When BIG-IP PEM iRules are configured on a virtual server (iRules using commands
CVE-2026-41957	8.8	0.55%	2	0		2026-05-13T18:31:05	An authenticated remote code execution vulnerability through undisclosed vectors
CVE-2026-41956	7.5	0.07%	2	0		2026-05-13T18:31:05	When a classification profile is configured on a UDP virtual server, undisclosed
CVE-2026-32661	9.8	0.14%	1	0		2026-05-13T18:30:57	Stack-based buffer overflow vulnerability exists in GUARDIANWALL MailSuite and G
CVE-2026-45185	9.8	0.06%	17	2		2026-05-13T18:30:50	Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable u
CVE-2026-44167	7.5	0.02%	1	0		2026-05-13T18:24:31.310000	phpseclib is a PHP secure communications library. Prior to 1.0.29, 2.0.54, and 3
CVE-2026-0264	0	0.07%	2	0		2026-05-13T18:17:47.830000	A buffer overflow vulnerability in the DNS proxy and DNS Server features of Palo
CVE-2026-42290	7.8	0.02%	2	0		2026-05-13T16:32:31.457000	protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.
CVE-2026-40423	7.5	0.07%	2	0		2026-05-13T16:27:11.127000	When a SIP profile is configured on a virtual server, undisclosed traffic can ca
CVE-2026-40698	8.7	0.05%	2	0		2026-05-13T16:27:11.127000	A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, a
CVE-2026-40618	7.5	0.07%	2	0		2026-05-13T16:27:11.127000	When an SSL profile is configured on a virtual server on BIG-IP Virtual Edition
CVE-2026-41227	7.5	0.07%	2	0		2026-05-13T16:27:11.127000	On an HTTP/2 virtual server with Layer 7 DoS Protection configured, undisclosed
CVE-2026-41217	7.9	0.02%	2	0		2026-05-13T16:27:11.127000	A vulnerability exists in an undisclosed BIG-IP TMOS Shell (tmsh) command that m
CVE-2026-41953	8.7	0.05%	2	0		2026-05-13T16:27:11.127000	A vulnerability exists in BIG-IP systems where a highly privileged, authenticate
CVE-2026-42409	7.5	0.08%	2	0		2026-05-13T16:27:11.127000	When an HTTP/2 profile and an iRule containing the HTTP::redirect or HTTP::respo
CVE-2026-42406	8.7	0.03%	2	0		2026-05-13T16:27:11.127000	A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, a
CVE-2026-42930	8.7	0.03%	2	0		2026-05-13T16:27:11.127000	When running in Appliance mode, an authenticated attacker assigned the 'Administ
CVE-2026-42920	7.5	0.07%	2	0		2026-05-13T16:27:11.127000	When a Client SSL profile is configured with Allow Dynamic Record Sizing on a UD
CVE-2026-6281	8.8	0.19%	2	0		2026-05-13T16:27:11.127000	A potential vulnerability was reported in some Lenovo Personal Cloud Storage dev
CVE-2026-44548	8.1	0.01%	2	0		2026-05-13T16:16:58.690000	ChurchCRM is an open-source church management system. Prior to 7.3.2, top-level
CVE-2026-42854	9.8	0.20%	1	0		2026-05-13T16:16:48.700000	arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ES
CVE-2026-7790	0	0.08%	1	0		2026-05-13T15:57:03.607000	Uncontrolled Resource Consumption vulnerability in ninenines cowlib (cow_http_te
CVE-2026-29204	9.1	0.04%	2	1		2026-05-13T15:54:09.420000	Insufficient ownership check in `clientarea.php` allows an authenticated client
CVE-2026-40621	9.8	0.07%	2	0		2026-05-13T15:47:10.327000	ELECOM wireless LAN access point devices do not require authentication to access
CVE-2026-42062	9.8	0.33%	2	0		2026-05-13T15:47:10.327000	ELECOM wireless LAN access point devices contain an OS command injection in proc
CVE-2026-40361	8.4	0.06%	2	0		2026-05-13T15:34:52.573000	Use after free in Microsoft Office Word allows an unauthorized attacker to execu
CVE-2026-43898	10.0	0.00%	2	0		2026-05-13T15:26:02	### Summary Sandbox-defined functions expose `Function.caller`, allowing sandbox
CVE-2026-43989	8.5	0.01%	1	0		2026-05-13T14:54:50.290000	JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-securit
CVE-2026-4798	7.5	0.06%	3	0		2026-05-13T14:43:46.717000	The Avada Builder plugin for WordPress is vulnerable to time-based SQL Injection
CVE-2026-3425	8.8	0.08%	2	0		2026-05-13T14:43:46.717000	The RTMKit Addons for Elementor plugin for WordPress is vulnerable to Local File
CVE-2026-2291	7.3	0.06%	2	0		2026-05-13T14:17:14.120000	dnsmasqs extract_name() function can be abused to cause a heap buffer overflow,
CVE-2026-28910	3.3	0.01%	2	0		2026-05-13T14:02:20.380000	This issue was addressed with improved permissions checking. This issue is fixed
CVE-2026-8108	7.8	0.01%	2	0		2026-05-13T00:48:25	The installation of Fuji Tellus adds a driver to the kernel which grants all use
CVE-2026-26083	9.8	0.04%	2	0		2026-05-12T18:57:02.307000	A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0
CVE-2026-0300	9.8	14.43%	2	8		2026-05-12T18:47:21.360000	A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Capti
CVE-2026-41096	9.8	0.07%	6	0		2026-05-12T18:30:54	Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attac
CVE-2026-41089	9.8	0.09%	4	0		2026-05-12T18:30:54	Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker
CVE-2026-44277	9.8	0.04%	3	1		2026-05-12T18:30:54	A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, Fo
CVE-2026-32185	5.5	0.04%	1	0		2026-05-12T18:30:48	Files or directories accessible to external parties in Microsoft Teams allows an
CVE-2025-35979	None	0.01%	1	0		2026-05-12T18:30:44	Exposure of sensitive information caused by shared microarchitectural predictor
CVE-2026-7261	9.8	0.04%	1	0		2026-05-12T17:40:03.410000	In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, a
CVE-2026-7287	7.5	0.26%	1	0		2026-05-12T15:11:29.503000	UNSUPPORTED WHEN ASSIGNED A buffer overflow vulnerability in the formWep()
CVE-2026-44295	8.7	0.03%	2	0		2026-05-12T15:06:24	## Summary `pbjs` static code generation could emit unsafe JavaScript identifie
CVE-2026-44289	7.5	0.04%	2	0		2026-05-12T15:01:05	## Summary protobufjs could recurse without a depth limit while decoding nested
CVE-2026-25787	9.1	0.04%	1	0		2026-05-12T14:19:41.400000	Affected devices do not properly validate and sanitize Technology Object (TO) na
CVE-2026-39432	8.2	0.03%	1	0		2026-05-12T14:03:52.757000	Missing Authorization vulnerability in Arraytics Timetics allows Exploiting Inco
CVE-2019-14192	9.8	0.38%	4	0		2026-05-12T12:32:32	An issue was discovered in Das U-Boot through 2019.07. There is an unbounded mem
CVE-2026-25786	9.1	0.04%	1	0		2026-05-12T12:32:22	Affected devices do not properly validate and sanitize PLC/station name rendered
CVE-2025-40833	7.5	0.04%	1	0		2026-05-12T12:32:21	The affected devices contain a null pointer dereference vulnerability while proc
CVE-2025-40946	8.3	0.02%	1	0		2026-05-12T12:32:14	A vulnerability has been identified in blueplanet 100 NX3 M8 (All versions), blu
CVE-2026-2993	7.5	0.10%	1	0		2026-05-12T09:31:33	The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable
CVE-2026-7256	8.8	0.83%	1	0		2026-05-12T06:31:46	UNSUPPORTED WHEN ASSIGNED A command injection vulnerability in the CGI pro
CVE-2026-34259	8.2	0.01%	1	0		2026-05-12T03:31:33	Due to an OS Command Execution vulnerability in SAP Forecasting & Replenishment,
CVE-2026-34260	9.6	0.01%	2	0		2026-05-12T03:31:32	SAP S/4HANA (SAP Enterprise Search for ABAP) contains a SQL injection vulnerabil
CVE-2026-34263	9.6	0.02%	2	0		2026-05-12T03:31:32	Due to improper Spring Security configuration, SAP Commerce cloud allows an unau
CVE-2026-28517	9.8	31.37%	2	0		2026-05-12T01:16:45.947000	openDCIM version 23.04, through commit 4467e9c4, contains an OS command injectio
CVE-2026-43968	None	0.04%	1	0		2026-05-11T21:31:46	Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in ni
CVE-2026-43969	None	0.02%	1	0		2026-05-11T21:31:46	Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in ni
CVE-2026-25244	9.8	0.00%	1	0		2026-05-11T17:53:48	### Summary A command injection vulnerability exists in `@wdio/browserstack-serv
CVE-2026-45109	7.5	0.03%	2	0		2026-05-11T16:21:19	### Impact It was found that the fix addressing [CVE-2026-44575](https://githu
CVE-2026-44579	7.5	0.04%	2	3		2026-05-11T15:56:24	### Impact Applications using Partial Prerendering through the Cache Components
CVE-2026-44578	8.6	0.03%	2	2		2026-05-11T15:55:29	### Impact Self-hosted applications using the built-in Node.js server can be vu
CVE-2026-44574	8.1	0.03%	2	1		2026-05-11T15:55:28	### Impact Applications that rely on middleware to protect dynamic routes can b
CVE-2026-42595	8.6	0.00%	2	0		2026-05-11T13:51:10	A review of 4 published Gotenberg security advisories exposed an SSRF issue. GHS
CVE-2026-7482	9.1	0.10%	1	4		2026-05-11T12:27:11.917000	Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGU
CVE-2026-44338	7.3	0.07%	4	0		2026-05-08T19:06:32.713000	PraisonAI is a multi-agent teams system. From version 2.5.6 to before version 4.
CVE-2024-27355	7.5	0.34%	1	0		2026-05-08T18:24:30	### Impact Any application using that loads untrusted ASN1 files (eg. X509 certi
CVE-2026-44008	9.8	0.07%	2	0		2026-05-08T15:58:50	### Summary VM2 suffers from a sandbox breakout vulnerability. This allows atta
CVE-2026-44007	9.1	0.04%	2	0		2026-05-07T05:13:23	### Summary When a `NodeVM` is created with `nesting: true`, sandbox code can u
CVE-2026-43997	10.0	0.05%	2	0		2026-05-07T04:00:19	### Summary It is possible to obtain the host `Object`, https://github.com/patr
CVE-2026-44006	10.0	0.05%	2	0		2026-05-07T03:55:02	### Summary It is possible to reach `BaseHandler.getPrototypeOf`, which can be
CVE-2026-41050	9.9	0.04%	4	0		2026-05-07T01:26:07	### Impact Fleet's Helm deployer did not fully apply ServiceAccount impersonati
CVE-2026-25705	8.4	0.04%	2	0		2026-05-07T01:23:59	### Impact A vulnerability has been identified in [Rancher's Extensions](https:
CVE-2026-42591	8.2	0.00%	2	0		2026-05-07T00:57:03	### Summary The SSRF hardening shipped in v8.31.0 only covers outbound URLs tha
CVE-2026-44471	7.8	0.01%	2	0		2026-05-07T00:01:30	### Summary A malicious tree can be constructed that will, when checked out wit
CVE-2026-44375	7.5	0.00%	2	0		2026-05-06T23:05:54	### Summary Nerdbank.MessagePack contains an uncontrolled stack allocation vuln
CVE-2026-42559	8.8	0.00%	2	0		2026-05-06T21:55:58	## Summary Prior to version 1.4.0, the `rmcp` crate's Streamable HTTP server tr
CVE-2026-42281	None	0.00%	2	1	template	2026-05-05T20:54:01	### Summary An unauthenticated Server-Side Request Forgery (SSRF) vulnerability
CVE-2026-42266	8.8	0.06%	4	0		2026-05-05T20:53:21	The allow-list of extensions that can be installed from PyPI Extension Manager (
CVE-2026-41940	9.8	74.24%	4	67	template	2026-05-04T18:31:33	cPanel and WHM versions prior to 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0
CVE-2026-30893	9.0	0.08%	2	0		2026-04-30T20:30:05.967000	Wazuh is a free and open source platform used for threat prevention, detection,
CVE-2025-24965	0	0.22%	2	0		2026-04-15T00:35:42.020000	crun is an open source OCI Container Runtime fully written in C. In affected ver
CVE-2025-27421	7.5	0.19%	1	0		2026-04-15T00:35:42.020000	Abacus is a highly scalable and stateless counting API. A critical goroutine lea
CVE-2026-34486	7.5	0.01%	2	5	template	2026-04-14T12:45:40.433000	Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the f
CVE-2026-28515	8.8	44.25%	2	0		2026-03-10T15:03:39.680000	openDCIM version 23.04, through commit 4467e9c4, contains a missing authorizatio
CVE-2026-21535	8.2	0.09%	2	0		2026-02-20T00:31:59	Improper access control in Microsoft Teams allows an unauthorized attacker to di
CVE-2026-1777	7.2	0.02%	2	0		2026-02-03T19:01:12	### Summary SageMaker Python SDK is an open source library for training and dep
CVE-2025-31161	9.8	88.94%	2	19	template	2025-10-22T00:33:17	CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and
CVE-2026-44542	0	0.00%	2	0			N/A
CVE-2026-20224	0	0.00%	2	0			N/A
CVE-2026-20209	0	0.00%	2	0			N/A
CVE-2026-44193	0	0.23%	4	0			N/A
CVE-2026-44447	0	0.04%	2	0			N/A
CVE-2026-44446	0	0.04%	2	0			N/A
CVE-2026-44442	0	0.04%	4	0			N/A
CVE-2026-45158	0	0.23%	4	0			N/A
CVE-2026-28215	0	0.30%	2	0			N/A
CVE-2026-44482	0	0.00%	2	0			N/A
CVE-2026-45793	0	0.00%	1	0			N/A
CVE-2026-46300	0	0.00%	14	3			N/A
CVE-2026-44194	0	0.13%	2	0			N/A
CVE-2026-45714	0	0.04%	2	0			N/A
CVE-2026-4782	0	0.04%	1	0			N/A
CVE-2026-45411	0	0.05%	2	0			N/A
CVE-2026-25243	0	0.09%	2	1			N/A
CVE-2026-23479	0	0.10%	2	1			N/A
CVE-2026-44547	0	0.03%	3	0			N/A
CVE-2026-4058	0	0.00%	2	0			N/A
CVE-2026-6722	0	0.23%	1	0			N/A
CVE-2026-44257	0	0.21%	1	0			N/A
CVE-2026-42288	0	0.27%	1	0			N/A
CVE-2026-44183	0	0.04%	1	0			N/A
CVE-2026-43992	0	0.03%	1	0			N/A

CVE-2026-20182
(10.0 CRITICAL)

EPSS: 0.00%

updated 2026-05-14T17:19:57.600000

6 posts

May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the was disclosed in February 2026. This new advisory is for a new vulnerability in the control connection handshaking. The section of this advisory includes Show Control Connections guidance to help with system checks.  A vulnerability in the peering authenti

cisakevtracker@mastodon.social at 2026-05-14T18:00:46.000Z ##

CVE ID: CVE-2026-20182
Vendor: Cisco
Product: Catalyst SD-WAN
Date Added: 2026-05-14
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-20182

##

AAKL at 2026-05-14T16:45:08.046Z ##

This Cisco vulnerability has been fixed.

Rapid7: CVE-2026-20182: Critical authentication bypass in Cisco Catalyst SD-WAN Controller (FIXED) https://www.rapid7.com/blog/post/ve-cve-2026-20182-critical-authentication-bypass-cisco-catalyst-sd-wan-controller-fixed/ @Rapid7Official #infosec #Cisco #vulnerability

##

AAKL at 2026-05-14T16:24:09.513Z ##

I'm almost inclined to gloat after the 4000 (mere change) layoffs because "look, we're drowning in money. Who needs people?"

- CRITICAL: CVE-2026-20182: Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa2-v69WY2SW

- CRITICAL: CVE-2026-20209, CVE-2026-20210 CVE-2026-20224: Cisco Catalyst SD-WAN Manager Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-mltvnps2-JxpWm7R @TalosSecurity #infosec #Cisco #vulnerability

@cR0w

##

cisakevtracker@mastodon.social at 2026-05-14T18:00:46.000Z ##

CVE ID: CVE-2026-20182
Vendor: Cisco
Product: Catalyst SD-WAN
Date Added: 2026-05-14
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-20182

##

AAKL@infosec.exchange at 2026-05-14T16:45:08.000Z ##

This Cisco vulnerability has been fixed.

Rapid7: CVE-2026-20182: Critical authentication bypass in Cisco Catalyst SD-WAN Controller (FIXED) https://www.rapid7.com/blog/post/ve-cve-2026-20182-critical-authentication-bypass-cisco-catalyst-sd-wan-controller-fixed/ @Rapid7Official #infosec #Cisco #vulnerability

##

AAKL@infosec.exchange at 2026-05-14T16:24:09.000Z ##

I'm almost inclined to gloat after the 4000 (mere change) layoffs because "look, we're drowning in money. Who needs people?"

- CRITICAL: CVE-2026-20182: Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa2-v69WY2SW

- CRITICAL: CVE-2026-20209, CVE-2026-20210 CVE-2026-20224: Cisco Catalyst SD-WAN Manager Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-mltvnps2-JxpWm7R @TalosSecurity #infosec #Cisco #vulnerability

@cR0w

##

CVE-2026-20210
(5.4 MEDIUM)

EPSS: 0.00%

updated 2026-05-14T17:19:57.600000

2 posts

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to modify configurations and perform unauthorized actions on an affected system. This vulnerability exists because of a failure to redact sensitive information within device configurations and templates. An attacker could exploit this

AAKL at 2026-05-14T16:24:09.513Z ##

I'm almost inclined to gloat after the 4000 (mere change) layoffs because "look, we're drowning in money. Who needs people?"

- CRITICAL: CVE-2026-20182: Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa2-v69WY2SW

- CRITICAL: CVE-2026-20209, CVE-2026-20210 CVE-2026-20224: Cisco Catalyst SD-WAN Manager Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-mltvnps2-JxpWm7R @TalosSecurity #infosec #Cisco #vulnerability

@cR0w

##

AAKL@infosec.exchange at 2026-05-14T16:24:09.000Z ##

I'm almost inclined to gloat after the 4000 (mere change) layoffs because "look, we're drowning in money. Who needs people?"

- CRITICAL: CVE-2026-20182: Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa2-v69WY2SW

- CRITICAL: CVE-2026-20209, CVE-2026-20210 CVE-2026-20224: Cisco Catalyst SD-WAN Manager Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-mltvnps2-JxpWm7R @TalosSecurity #infosec #Cisco #vulnerability

@cR0w

##

CVE-2026-42457
(9.0 CRITICAL)

EPSS: 0.00%

updated 2026-05-14T17:19:49.973000

2 posts

vCluster Platform provides a Kubernetes platform for managing virtual clusters, multi-tenancy, and cluster sharing. Prior to 4.4.3, 4.5.5, 4.6.2, 4.7.1, and 4.8.0, there is a Stored XSS attack vulnerability via the name field of a templateRef. This can lead to the execution of arbitrary external scripts within the platform's browser context. In the worst case, a malicious user could potentially cr

thehackerwire@mastodon.social at 2026-05-14T15:51:09.000Z ##

🔴 CVE-2026-42457 - Critical (9)

vCluster Platform provides a Kubernetes platform for managing virtual clusters, multi-tenancy, and cluster sharing. Prior to 4.4.3, 4.5.5, 4.6.2, 4.7.1, and 4.8.0, there is a Stored XSS attack vulnerability via the name field of a templateRef. Thi...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42457/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-14T15:51:09.000Z ##

🔴 CVE-2026-42457 - Critical (9)

vCluster Platform provides a Kubernetes platform for managing virtual clusters, multi-tenancy, and cluster sharing. Prior to 4.4.3, 4.5.5, 4.6.2, 4.7.1, and 4.8.0, there is a Stored XSS attack vulnerability via the name field of a templateRef. Thi...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42457/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-43284
(8.8 HIGH)

EPSS: 0.01%

updated 2026-05-14T17:16:22.130000

2 posts

In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSG_SPLICE_PAGES can attach pages from a pipe directly to an skb. TCP marks such skbs with SKBFL_SHARED_FRAG after skb_splice_from_iter(), so later paths that may modify packet data can first make a private copy. The IPv4/IPv6 datagram append paths did not set this flag when

22 repos

https://github.com/haydenjames/dirty-frag-check

https://github.com/0xlane/pagecache-guard

https://github.com/0xBlackash/CVE-2026-43284

https://github.com/dixyes/dirtypatch

https://github.com/FrosterDL/CVE-2026-43284

https://github.com/gagaltotal/CVE-2026-43284-CVE-2026-43500-scan

https://github.com/scriptzteam/Paranoid-Dirty-Frag-CVE-2026-43284

https://github.com/liamromanis101/DirtyFrag-Detector

https://github.com/metalx1993/dirtyfrag-patches

https://github.com/KaraZajac/DIRTYFAIL

https://github.com/linnemanlabs/dirtyfrag-arm64

https://github.com/ryan2929/CVE-2026-43284-

https://github.com/ChernStepanov/DirtyFrag-for-dummies

https://github.com/XRSecCD/202605_dirty_frag

https://github.com/AK777177/Dirty-Frag-Analysis

https://github.com/krisiasty/vcheck

https://github.com/suominen/CVE-2026-43284

https://github.com/6abc/Copy-Fail-CVE-2026-31431-dirty-frag-CVE-2026-43284

https://github.com/attaattaatta/CVE-2026-43500

https://github.com/mym0us3r/DIRTY-FRAG-Detection-with-Wazuh-4.14.4

https://github.com/infiniroot/ansible-mitigate-copyfail-dirtyfrag

https://github.com/Percivalll/Dirty-Frag-Kubernetes-PoC

redsakana at 2026-05-14T12:20:00.168Z ##

World's most useless distro's take on CVE-2026-43284 ("Dirty Frag")

None of the others in the same series are doing any better. I'm lucky to be only dealing with a few residual installs, but if I was paying for this level of "support" I would be looking at cancellation options.

##

redsakana@infosec.exchange at 2026-05-14T12:20:00.000Z ##

World's most useless distro's take on CVE-2026-43284 ("Dirty Frag")

None of the others in the same series are doing any better. I'm lucky to be only dealing with a few residual installs, but if I was paying for this level of "support" I would be looking at cancellation options.

##

CVE-2026-8468
(0 None)

EPSS: 0.28%

updated 2026-05-14T17:07:07.030000

1 posts

Allocation of Resources Without Limits or Throttling vulnerability in plug_project plug allows denial of service via unbounded buffer accumulation in multipart header parsing. 'Elixir.Plug.Conn':read_part_headers/2 in lib/plug/conn.ex does not obey its :length parameter. There is no upper bound on the size of the accumulated buffer. By contrast, the sibling function read_part_body has an explicit

tylerayoung@fosstodon.org at 2026-05-14T13:45:25.000Z ##

There have been a heap of CVEs published against the typical #ElixirLang + Phoenix web stack in the last few days. If your mix.lock has any of:

- cowboy < 2.15.0
- cowlib < 2.16.1
- plug < 1.19.2
- bandit < 1.11.1

...you may be vulnerable!

CVEs:

- https://cna.erlef.org/cves/CVE-2026-8466.html
- https://cna.erlef.org/cves/CVE-2026-43968.html
- https://cna.erlef.org/cves/CVE-2026-7790.html
- https://cna.erlef.org/cves/CVE-2026-43969.html
- https://cna.erlef.org/cves/CVE-2026-8468.html

##

CVE-2026-44478
(7.5 HIGH)

EPSS: 0.04%

updated 2026-05-14T16:49:18.583000

2 posts

hoppscotch is an open source API development ecosystem. The fix for CVE-2026-28215 in version 2026.2.0 addresses the unauthenticated POST /v1/onboarding/config endpoint by checking onboardingCompleted and canReRunOnboarding before allowing config overwrites. However, GET /v1/onboarding/config still leaks all infrastructure secrets in plaintext to unauthenticated users when the ONBOARDING_RECOVERY_

thehackerwire@mastodon.social at 2026-05-14T15:55:54.000Z ##

🟠 CVE-2026-44478 - High (7.5)

hoppscotch is an open source API development ecosystem. The fix for CVE-2026-28215 in version 2026.2.0 addresses the unauthenticated POST /v1/onboarding/config endpoint by checking onboardingCompleted and canReRunOnboarding before allowing config ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44478/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-14T15:55:54.000Z ##

🟠 CVE-2026-44478 - High (7.5)

hoppscotch is an open source API development ecosystem. The fix for CVE-2026-28215 in version 2026.2.0 addresses the unauthenticated POST /v1/onboarding/config endpoint by checking onboardingCompleted and canReRunOnboarding before allowing config ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44478/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-29206
(8.1 HIGH)

EPSS: 0.03%

updated 2026-05-14T16:49:18.583000

2 posts

Insufficient sanitization of SQL queries in the `sqloptimizer` utility script allows SQL Injections on behalf of the root user if Slow Query logging is enabled.

thehackerwire@mastodon.social at 2026-05-14T15:54:00.000Z ##

🟠 CVE-2026-29206 - High (8.1)

Insufficient sanitization of SQL queries in the `sqloptimizer` utility script allows SQL Injections on behalf of the root user if Slow Query logging is enabled.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-29206/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-14T15:54:00.000Z ##

🟠 CVE-2026-29206 - High (8.1)

Insufficient sanitization of SQL queries in the `sqloptimizer` utility script allows SQL Injections on behalf of the root user if Slow Query logging is enabled.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-29206/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40893
(8.2 HIGH)

EPSS: 0.00%

updated 2026-05-14T16:28:04.847000

2 posts

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg only checks if the tag is exactly FileName, so System:FileName slips right through and ExifTool happily renames the file. This allows remote attackers to move, rename, and change permissions for arbitrary files. This vulnerability is fixed in 8.31.0.

thehackerwire@mastodon.social at 2026-05-14T17:02:17.000Z ##

🟠 CVE-2026-40893 - High (8.2)

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg only checks if the tag is exactly FileName, so System:FileName slips right through and ExifTool happily renames the file. This allows remote attackers to move, r...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40893/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-14T17:02:17.000Z ##

🟠 CVE-2026-40893 - High (8.2)

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg only checks if the tag is exactly FileName, so System:FileName slips right through and ExifTool happily renames the file. This allows remote attackers to move, r...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40893/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-42589
(9.8 CRITICAL)

EPSS: 0.00%

updated 2026-05-14T16:28:04.847000

2 posts

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg's /forms/pdfengines/metadata/write HTTP endpoint accepts a JSON metadata object and passes its keys directly to ExifTool via the go-exiftool library. No validation is performed on key characters. A \n embedded in a JSON key splits the ExifTool stdin stream into a new argument line, allowing an attacker to inject

thehackerwire@mastodon.social at 2026-05-14T17:00:19.000Z ##

🔴 CVE-2026-42589 - Critical (9.8)

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg's /forms/pdfengines/metadata/write HTTP endpoint accepts a JSON metadata object and passes its keys directly to ExifTool via the go-exiftool library. No validati...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42589/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-14T17:00:19.000Z ##

🔴 CVE-2026-42589 - Critical (9.8)

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg's /forms/pdfengines/metadata/write HTTP endpoint accepts a JSON metadata object and passes its keys directly to ExifTool via the go-exiftool library. No validati...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42589/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-42596
(9.4 CRITICAL)

EPSS: 0.00%

updated 2026-05-14T16:28:04.847000

2 posts

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, the default deny-lists used by Gotenberg's downloadFrom feature and webhook feature are bypassable. Because the filter is regex-based and case-sensitive, an unauthenticated attacker can supply URLs such as http://[::ffff:127.0.0.1]:... and reach loopback or private HTTP services that the default deny-list is intended to bl

thehackerwire@mastodon.social at 2026-05-14T16:59:58.000Z ##

🔴 CVE-2026-42596 - Critical (9.4)

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, the default deny-lists used by Gotenberg's downloadFrom feature and webhook feature are bypassable. Because the filter is regex-based and case-sensitive, an unauthenticate...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42596/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-14T16:59:58.000Z ##

🔴 CVE-2026-42596 - Critical (9.4)

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, the default deny-lists used by Gotenberg's downloadFrom feature and webhook feature are bypassable. Because the filter is regex-based and case-sensitive, an unauthenticate...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42596/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-42594
(7.5 HIGH)

EPSS: 0.00%

updated 2026-05-14T16:28:04.847000

2 posts

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the webhook middleware spawns a goroutine that holds a reference to the request's echo.Context after the synchronous handler returns ErrAsyncProcess and Echo recycles the context back to its sync.Pool. When a concurrent request claims the recycled context, c.Reset() clears the store. If the webhook goroutine reaches hardTi

thehackerwire@mastodon.social at 2026-05-14T16:58:41.000Z ##

🟠 CVE-2026-42594 - High (7.5)

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the webhook middleware spawns a goroutine that holds a reference to the request's echo.Context after the synchronous handler returns ErrAsyncProcess and Echo recycles the ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42594/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-14T16:58:41.000Z ##

🟠 CVE-2026-42594 - High (7.5)

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the webhook middleware spawns a goroutine that holds a reference to the request's echo.Context after the synchronous handler returns ErrAsyncProcess and Echo recycles the ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42594/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-42590
(8.2 HIGH)

EPSS: 0.00%

updated 2026-05-14T16:28:04.847000

2 posts

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.30.0, The ExifTool metadata write blocklist in Gotenberg can be bypassed using ExifTool's group-prefix syntax, enabling arbitrary file rename, move, hardlink, and symlink creation on the server. ExifTool supports group-prefix syntax where File:FileName is processed identically to FileName -- the prefix is stripped by SetNewValue

thehackerwire@mastodon.social at 2026-05-14T16:23:24.000Z ##

🟠 CVE-2026-42590 - High (8.2)

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.30.0, The ExifTool metadata write blocklist in Gotenberg can be bypassed using ExifTool's group-prefix syntax, enabling arbitrary file rename, move, hardlink, and symlink creati...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42590/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-14T16:23:24.000Z ##

🟠 CVE-2026-42590 - High (8.2)

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.30.0, The ExifTool metadata write blocklist in Gotenberg can be bypassed using ExifTool's group-prefix syntax, enabling arbitrary file rename, move, hardlink, and symlink creati...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42590/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6637
(8.8 HIGH)

EPSS: 0.00%

updated 2026-05-14T16:21:23.190000

2 posts

Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if the application declares a user-controlled column as a "refint" cascade primary key and facilitates user-controlled updates to that column. In that case, a SQL injection allows a primary key update v

thehackerwire@mastodon.social at 2026-05-14T14:43:23.000Z ##

🟠 CVE-2026-6637 - High (8.8)

Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if the application declares a user-controlled colu...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6637/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-14T14:43:23.000Z ##

🟠 CVE-2026-6637 - High (8.8)

Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if the application declares a user-controlled colu...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6637/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6477
(8.8 HIGH)

EPSS: 0.00%

updated 2026-05-14T16:21:23.190000

2 posts

Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(), lo_read(), lo_lseek64(), and lo_tell64() functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets(), PQfn(..., result_is_int=0, ...) stores arbitrary-length, server-determined data into a buffer of unspecified size. Because both the \

thehackerwire@mastodon.social at 2026-05-14T14:40:58.000Z ##

🟠 CVE-2026-6477 - High (8.8)

Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(), lo_read(), lo_lseek64(), and lo_tell64() functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large respo...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6477/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-14T14:40:58.000Z ##

🟠 CVE-2026-6477 - High (8.8)

Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(), lo_read(), lo_lseek64(), and lo_tell64() functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large respo...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6477/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-7481
(8.7 HIGH)

EPSS: 0.02%

updated 2026-05-14T16:20:43.240000

2 posts

GitLab has remediated an issue in GitLab EE affecting all versions from 16.4 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with developer-role permissions to execute arbitrary JavaScript in other users' browsers due to improper input sanitization.

thehackerwire@mastodon.social at 2026-05-14T14:51:22.000Z ##

🟠 CVE-2026-7481 - High (8.7)

GitLab has remediated an issue in GitLab EE affecting all versions from 16.4 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with developer-role permissions to execute arbitrary JavaScrip...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7481/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-14T14:51:22.000Z ##

🟠 CVE-2026-7481 - High (8.7)

GitLab has remediated an issue in GitLab EE affecting all versions from 16.4 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with developer-role permissions to execute arbitrary JavaScrip...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7481/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-12008
(8.8 HIGH)

EPSS: 0.00%

updated 2026-05-14T16:20:13.477000

2 posts

Authorization bypass through User-Controlled key vulnerability in APPYAP Technology and Information Inc. Yaay Social Media App allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Yaay Social Media App: from 3.8.0 through 24102025.

thehackerwire@mastodon.social at 2026-05-14T13:56:22.000Z ##

🟠 CVE-2025-12008 - High (8.8)

Authorization bypass through User-Controlled key vulnerability in APPYAP Technology and Information Inc. Yaay Social Media App allows Accessing Functionality Not Properly Constrained by ACLs.

This issue affects Yaay Social Media App: from 3.8.0 t...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-12008/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-14T13:56:22.000Z ##

🟠 CVE-2025-12008 - High (8.8)

Authorization bypass through User-Controlled key vulnerability in APPYAP Technology and Information Inc. Yaay Social Media App allows Accessing Functionality Not Properly Constrained by ACLs.

This issue affects Yaay Social Media App: from 3.8.0 t...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-12008/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-44005
(10.0 CRITICAL)

EPSS: 0.04%

updated 2026-05-14T16:16:23.313000

3 posts

vm2 is an open source vm/sandbox for Node.js. From 3.9.6 to 3.10.5, vm2's bridge exposes mutable proxies for real host-realm intrinsic prototypes and then forwards sandbox writes into the underlying host objects with otherReflectSet() and otherReflectDefineProperty(), which lets attacker-controlled JavaScript running in a default VM or inherited NodeVM mutate shared host Object.prototype, Array.pr

infosecbot@mastodon.hofud.com at 2026-05-14T03:46:19.000Z ##

[1/5]

Executive Summary – Key Threat‑Intelligence Highlights (13 May – 14 May 2026)

Below is a concise, prioritized briefing of the most impactful security events that are directly relevant to our IoT‑focused subsidiary (Linux/Ubuntu workstations, Azure Container Apps, Kubernetes, and the typical development toolchain). Each bullet includes a full‑length source link as required.

---

1. Critical Vulnerabilities that Touch Our Stack :

VM2 sandbox‑escape (CVE‑2026‑44005) – Remote code execution in the popular Node.js sandbox library used by many npm packages.
• Our container images (Wolfi, Alpine, Debian, Ubuntu) often run Node‑based build tools and CI/CD scripts; a compromised VM2 could break isolation and lead to host compromise.
• https://cveawg.mitre.org/api/cve/CVE-2026-44005

WebdriverIO CI/CD command‑injection (CVE‑2026‑25244) – Malicious Git branch names can trigger code execution on CI runners.
• Directly affects our Azure Pipelines / GitHub Actions workflows that use WebdriverIO for UI testing.
• https://mastodon.social/@netsecio/116567593278695651

Firefox high‑severity bugs discovered by Anthropic’s Mythos AI (CVE‑2026‑33824, CVE‑2026‑33827) – Remote‑code‑execution paths in the browser.
• Developers and QA staff use Firefox on Ubuntu workstations; a compromised browser can be a foothold for credential theft.
• https://www.cyberhub.blog/article/25855-anthropics-mythos-ai-discovers-multiple-high-severity-vulnerabilities-in-firefox

Windows BitLocker zero‑day (public PoC) – Bypass of drive encryption on Windows 11.
• Some engineering laptops still run Windows 11 with BitLocker; the flaw could expose source code or design data.
• https://www.bleepingcomputer.com/news/security/windows-bitlocker-zero-day-gives-access-to-protected-drives-poc-released/

Microsoft Patch Tuesday (May 2026) – 120 CVEs fixed, 29 are critical RCE bugs affecting Windows, Azure services, and core libraries.
• Our Azure Container Apps and any Windows‑based build agents must be patched immediately to stay protected.
• https://securebulletin.com/microsoft-patch-tuesday-may-2026-120-vulnerabilities-fixed-including-29-critical-rce-flaws/

#infosecnews

##

thehackerwire@mastodon.social at 2026-05-13T19:02:31.000Z ##

🔴 CVE-2026-44005 - Critical (10)

vm2 is an open source vm/sandbox for Node.js. From 3.9.6 to 3.10.5, vm2's bridge exposes mutable proxies for real host-realm intrinsic prototypes and then forwards sandbox writes into the underlying host objects with otherReflectSet() and otherRef...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44005/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-13T19:02:31.000Z ##

🔴 CVE-2026-44005 - Critical (10)

vm2 is an open source vm/sandbox for Node.js. From 3.9.6 to 3.10.5, vm2's bridge exposes mutable proxies for real host-realm intrinsic prototypes and then forwards sandbox writes into the underlying host objects with otherReflectSet() and otherRef...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44005/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-42283
(7.7 HIGH)

EPSS: 0.00%

updated 2026-05-14T16:16:21.347000

2 posts

DevSpace is a client-only developer tool for cloud-native development with Kubernetes. Prior to 6.3.21, DevSpace's UI server WebSocket accepts connections from all origins by default, and therefore several endpoints are exposed via this WebSocket. When a developer runs the DevSpace UI and at the same time uses a browser to access the internet, a malicious website they visit can use their browser t

thehackerwire@mastodon.social at 2026-05-14T17:00:08.000Z ##

🟠 CVE-2026-42283 - High (7.7)

DevSpace is a client-only developer tool for cloud-native development with Kubernetes. Prior to 6.3.21, DevSpace's UI server WebSocket accepts connections from all origins by default, and therefore several endpoints are exposed via this WebSocket....

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42283/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-14T17:00:08.000Z ##

🟠 CVE-2026-42283 - High (7.7)

DevSpace is a client-only developer tool for cloud-native development with Kubernetes. Prior to 6.3.21, DevSpace's UI server WebSocket accepts connections from all origins by default, and therefore several endpoints are exposed via this WebSocket....

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42283/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-43998
(8.5 HIGH)

EPSS: 0.20%

updated 2026-05-14T15:36:55.493000

2 posts

vm2 is an open source vm/sandbox for Node.js. In 3.10.5, NodeVM's require.root path restriction can be bypassed using filesystem symlinks, allowing sandboxed code to load modules from outside the allowed root directory in host context. Because path validation uses path.resolve() (which does not dereference symlinks) but module loading uses Node's native require() (which does), an attacker can load

thehackerwire@mastodon.social at 2026-05-13T19:08:15.000Z ##

🟠 CVE-2026-43998 - High (8.5)

vm2 is an open source vm/sandbox for Node.js. In 3.10.5, NodeVM's require.root path restriction can be bypassed using filesystem symlinks, allowing sandboxed code to load modules from outside the allowed root directory in host context. Because pat...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-43998/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-13T19:08:15.000Z ##

🟠 CVE-2026-43998 - High (8.5)

vm2 is an open source vm/sandbox for Node.js. In 3.10.5, NodeVM's require.root path restriction can be bypassed using filesystem symlinks, allowing sandboxed code to load modules from outside the allowed root directory in host context. Because pat...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-43998/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-15025
(8.8 HIGH)

EPSS: 0.00%

updated 2026-05-14T15:32:05

2 posts

Authorization bypass through User-Controlled key vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Exploitation of Trusted Identifiers. This issue affects Library Automation System: from v.21.6 before v.22.1.

thehackerwire@mastodon.social at 2026-05-14T14:43:54.000Z ##

🟠 CVE-2025-15025 - High (8.8)

Authorization bypass through User-Controlled key vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Exploitation of Trusted Identifiers.

This issue a...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-15025/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-14T14:43:54.000Z ##

🟠 CVE-2025-15025 - High (8.8)

Authorization bypass through User-Controlled key vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Exploitation of Trusted Identifiers.

This issue a...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-15025/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6473
(8.8 HIGH)

EPSS: 0.00%

updated 2026-05-14T15:32:05

2 posts

Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an allocation and write out-of-bounds. This may execute arbitrary code as the operating system user running the database. In applications that pass gigabyte-scale user inputs to the relevant database functions, the application input provider may achieve a segmentation f

thehackerwire@mastodon.social at 2026-05-14T14:43:38.000Z ##

🟠 CVE-2026-6473 - High (8.8)

Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an allocation and write out-of-bounds. This may execute arbitrary code as the operating system user running the databa...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6473/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-14T14:43:38.000Z ##

🟠 CVE-2026-6473 - High (8.8)

Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an allocation and write out-of-bounds. This may execute arbitrary code as the operating system user running the databa...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6473/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6479
(7.5 HIGH)

EPSS: 0.00%

updated 2026-05-14T15:32:05

2 posts

Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AF_UNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.

thehackerwire@mastodon.social at 2026-05-14T14:41:08.000Z ##

🟠 CVE-2026-6479 - High (7.5)

Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AF_UNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a P...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6479/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-14T14:41:08.000Z ##

🟠 CVE-2026-6479 - High (7.5)

Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AF_UNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a P...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6479/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6475
(8.8 HIGH)

EPSS: 0.00%

updated 2026-05-14T15:32:05

2 posts

Symlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc, that hijack the operating system account. It will remain the case that starting the server after these commands implicitly trusts the origin superuser, due to features like shared_preload_libraries. Hence, the attack has practical implic

thehackerwire@mastodon.social at 2026-05-14T14:40:49.000Z ##

🟠 CVE-2026-6475 - High (8.8)

Symlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc, that hijack the operating system account. It will remain the case that starting the s...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6475/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-14T14:40:49.000Z ##

🟠 CVE-2026-6475 - High (8.8)

Symlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc, that hijack the operating system account. It will remain the case that starting the s...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6475/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4029
(7.5 HIGH)

EPSS: 0.00%

updated 2026-05-14T15:32:05

2 posts

The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized database export in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check. This makes it possible for unauthenticated attackers to export database tables, leading to Sensitive Information Exposure. Note: This vulnerability is only expl

thehackerwire@mastodon.social at 2026-05-14T13:17:42.000Z ##

🟠 CVE-2026-4029 - High (7.5)

The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized database export in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check. This ma...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4029/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-14T13:17:42.000Z ##

🟠 CVE-2026-4029 - High (7.5)

The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized database export in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check. This ma...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4029/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-43500
(7.8 HIGH)

EPSS: 0.01%

updated 2026-05-14T15:31:52

2 posts

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present The DATA-packet handler in rxrpc_input_call_event() and the RESPONSE handler in rxrpc_verify_response() copy the skb to a linear one before calling into the security ops only when skb_cloned() is true. An skb that is not cloned but still carries externally-o

13 repos

https://github.com/haydenjames/dirty-frag-check

https://github.com/0xlane/pagecache-guard

https://github.com/XRSecCD/202605_dirty_frag

https://github.com/metalx1993/dirtyfrag-patches

https://github.com/AK777177/Dirty-Frag-Analysis

https://github.com/krisiasty/vcheck

https://github.com/attaattaatta/CVE-2026-43500

https://github.com/mym0us3r/DIRTY-FRAG-Detection-with-Wazuh-4.14.4

https://github.com/KaraZajac/DIRTYFAIL

https://github.com/vorkampfer/dirty_frag_mitigation

https://github.com/linnemanlabs/dirtyfrag-arm64

https://github.com/gagaltotal/CVE-2026-43284-CVE-2026-43500-scan

https://github.com/liamromanis101/DirtyFrag-Detector

lobsters@mastodon.social at 2026-05-12T21:15:09.000Z ##

Load-Bearing Assumptions: the rxrpc case (CVE-2026-43500) and the constraint that was never there https://lobste.rs/s/tuiapt #linux #security
https://www.linkedin.com/pulse/load-bearing-assumptions-rxrpc-case-cve-2026-43500-never-oldani-uzyae

##

knoppix95@mastodon.social at 2026-05-12T20:52:59.000Z ##

Linux 7.0.6 and 6.18.29 LTS patch the Dirty Frag local privilege flaw, fixing unsafe rxrpc decryption paths tied to CVE-2026-43500.
Fedora and Pop!_OS shipped fixes before release, reflecting rapid open-source patching and the need for timely user-controlled updates. 🔧

🔗 https://itsfoss.com/news/linux-fully-patches-dirty-frag-exploit/

#TechNews #Linux #DirtyFrag #Kernel #Fedora #PopOS #OpenSource #Cybersecurity #Privacy #Security #FOSS #SysAdmin #LTS #LinuxKernel #DirtyFrag #CopyFail #CVE #Fedora #PopOS #Ubuntu #Tech

##

CVE-2026-44004
(7.5 HIGH)

EPSS: 0.04%

updated 2026-05-14T15:22:06.020000

2 posts

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, sandboxed code can call Buffer.alloc() with an arbitrary size to allocate memory directly on the host heap. Because Buffer.alloc is a synchronous C++ native call, vm2's timeout option cannot interrupt it. A single request can exhaust host memory and crash the process with a FATAL ERROR: Reached heap limit. This vulnerability is fixed i

thehackerwire@mastodon.social at 2026-05-13T19:02:19.000Z ##

🟠 CVE-2026-44004 - High (7.5)

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, sandboxed code can call Buffer.alloc() with an arbitrary size to allocate memory directly on the host heap. Because Buffer.alloc is a synchronous C++ native call, vm2's timeout option ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44004/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-13T19:02:19.000Z ##

🟠 CVE-2026-44004 - High (7.5)

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, sandboxed code can call Buffer.alloc() with an arbitrary size to allocate memory directly on the host heap. Because Buffer.alloc is a synchronous C++ native call, vm2's timeout option ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44004/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-44009
(9.8 CRITICAL)

EPSS: 0.04%

updated 2026-05-14T15:17:22.300000

2 posts

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.2, This vulnerability is fixed in 3.11.2.

thehackerwire@mastodon.social at 2026-05-13T19:03:39.000Z ##

🔴 CVE-2026-44009 - Critical (9.8)

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.2, This vulnerability is fixed in 3.11.2.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44009/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-13T19:03:39.000Z ##

🔴 CVE-2026-44009 - Critical (9.8)

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.2, This vulnerability is fixed in 3.11.2.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44009/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-8181
(9.8 CRITICAL)

EPSS: 0.26%

updated 2026-05-14T14:28:41.283000

4 posts

The Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Alternative) plugin for WordPress is vulnerable to Authentication Bypass in versions 3.4.0 to 3.4.1.1. This is due to incorrect return-value handling in the `is_mainwp_authenticated()` function when validating application passwords from the Authorization header. This makes it possible for unauthenticated attackers, with

1 repos

https://github.com/zycoder0day/CVE-2026-8181

offseq at 2026-05-14T15:00:20.262Z ##

🔴 CVE-2026-8181: Burst Statistics WP plugin (v3.4.0 – 3.4.1.1) suffers CRITICAL auth bypass. Attackers can impersonate admins using any password — immediate removal advised until a fix is released. Details: https://radar.offseq.com/threat/cve-2026-8181-cwe-287-improper-authentication-in-b-c577a44d #OffSeq #WordPress #Vuln

##

thehackerwire@mastodon.social at 2026-05-14T14:51:37.000Z ##

🔴 CVE-2026-8181 - Critical (9.8)

The Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Alternative) plugin for WordPress is vulnerable to Authentication Bypass in versions 3.4.0 to 3.4.1.1. This is due to incorrect return-value handling in the `is_mainwp...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-8181/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-05-14T15:00:20.000Z ##

🔴 CVE-2026-8181: Burst Statistics WP plugin (v3.4.0 – 3.4.1.1) suffers CRITICAL auth bypass. Attackers can impersonate admins using any password — immediate removal advised until a fix is released. Details: https://radar.offseq.com/threat/cve-2026-8181-cwe-287-improper-authentication-in-b-c577a44d #OffSeq #WordPress #Vuln

##

thehackerwire@mastodon.social at 2026-05-14T14:51:37.000Z ##

🔴 CVE-2026-8181 - Critical (9.8)

The Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Alternative) plugin for WordPress is vulnerable to Authentication Bypass in versions 3.4.0 to 3.4.1.1. This is due to incorrect return-value handling in the `is_mainwp...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-8181/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6271
(9.8 CRITICAL)

EPSS: 0.14%

updated 2026-05-14T14:28:41.283000

4 posts

The Career Section plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7 via the CV upload handler. This is due to missing file type validation. This makes it possible for unauthenticated attackers to upload files that may be executable, which makes remote code execution possible.

thehackerwire@mastodon.social at 2026-05-14T14:48:54.000Z ##

🔴 CVE-2026-6271 - Critical (9.8)

The Career Section plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7 via the CV upload handler. This is due to missing file type validation. This makes it possible for unauthenticated attackers t...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6271/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq at 2026-05-14T13:30:29.291Z ##

⚠️ CRITICAL: CVE-2026-6271 in shahinurislam Career Section plugin (≤1.7) lets unauthenticated attackers upload dangerous files — risk of remote code execution. Disable plugin immediately & monitor uploads. https://radar.offseq.com/threat/cve-2026-6271-cwe-434-unrestricted-upload-of-file--9fe22087 #OffSeq #WordPress #RCE #Vulnerability

##

thehackerwire@mastodon.social at 2026-05-14T14:48:54.000Z ##

🔴 CVE-2026-6271 - Critical (9.8)

The Career Section plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7 via the CV upload handler. This is due to missing file type validation. This makes it possible for unauthenticated attackers t...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6271/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-05-14T13:30:29.000Z ##

⚠️ CRITICAL: CVE-2026-6271 in shahinurislam Career Section plugin (≤1.7) lets unauthenticated attackers upload dangerous files — risk of remote code execution. Disable plugin immediately & monitor uploads. https://radar.offseq.com/threat/cve-2026-6271-cwe-434-unrestricted-upload-of-file--9fe22087 #OffSeq #WordPress #RCE #Vulnerability

##

CVE-2026-4031
(7.5 HIGH)

EPSS: 0.00%

updated 2026-05-14T14:28:41.283000

2 posts

The Database Backup for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.5.2. This is due to the plugin not restricting access to the wp_db_temp_dir parameter, which controls where database backups are written. This makes it possible for unauthenticated attackers to send a request to wp-cron.php with a poisoned wp_db_temp_dir value pointi

thehackerwire@mastodon.social at 2026-05-14T13:18:01.000Z ##

🟠 CVE-2026-4031 - High (7.5)

The Database Backup for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.5.2. This is due to the plugin not restricting access to the wp_db_temp_dir parameter, which controls where databa...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4031/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-14T13:18:01.000Z ##

🟠 CVE-2026-4031 - High (7.5)

The Database Backup for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.5.2. This is due to the plugin not restricting access to the wp_db_temp_dir parameter, which controls where databa...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4031/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4030
(8.1 HIGH)

EPSS: 0.00%

updated 2026-05-14T14:28:41.283000

2 posts

The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized arbitrary file read and deletion in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check combined with a user-controlled backup directory parameter. This makes it possible for unauthenticated attackers to read and delete arbitrary fi

thehackerwire@mastodon.social at 2026-05-14T13:17:51.000Z ##

🟠 CVE-2026-4030 - High (8.1)

The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized arbitrary file read and deletion in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorizati...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4030/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-14T13:17:51.000Z ##

🟠 CVE-2026-4030 - High (8.1)

The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized arbitrary file read and deletion in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorizati...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4030/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6512
(9.1 CRITICAL)

EPSS: 0.07%

updated 2026-05-14T14:28:41.283000

4 posts

The InfusedWoo Pro plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.1.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to permanently delete arbitrary posts, pages, products, or orders, mass-delete all comments on any post, and change any post's

thehackerwire@mastodon.social at 2026-05-14T13:04:24.000Z ##

🔴 CVE-2026-6512 - Critical (9.1)

The InfusedWoo Pro plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.1.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6512/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq at 2026-05-14T12:00:26.424Z ##

🚨 CRITICAL: CVE-2026-6512 in InfusedWoo Pro (≤5.1.2) lets unauthenticated attackers delete posts, orders, and more on WordPress sites. No patch yet — restrict/disable plugin & monitor vendor advisories. https://radar.offseq.com/threat/cve-2026-6512-cwe-862-missing-authorization-in-inf-277015b0 #OffSeq #WordPress #Infosec #Vuln

##

thehackerwire@mastodon.social at 2026-05-14T13:04:24.000Z ##

🔴 CVE-2026-6512 - Critical (9.1)

The InfusedWoo Pro plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.1.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6512/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-05-14T12:00:26.000Z ##

🚨 CRITICAL: CVE-2026-6512 in InfusedWoo Pro (≤5.1.2) lets unauthenticated attackers delete posts, orders, and more on WordPress sites. No patch yet — restrict/disable plugin & monitor vendor advisories. https://radar.offseq.com/threat/cve-2026-6512-cwe-862-missing-authorization-in-inf-277015b0 #OffSeq #WordPress #Infosec #Vuln

##

CVE-2026-44258
(0 None)

EPSS: 0.05%

updated 2026-05-14T13:16:19.357000

1 posts

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the elfinder_checkRisk function validates target and targets for path traversal and home containment, but does not validate the dst (destination) parameter used by elfinder_paste. An attacker can copy or move files from within the home directory to any arbitrary destination by setting dst to a base64-encoded traversal path. This bypasse

offseq@infosec.exchange at 2026-05-13T06:00:25.000Z ##

🚨 CVE-2026-44258: CRITICAL OS command injection in efwGrp efw4.X (<4.08.010). Attackers can copy/move files outside home dir, bypassing controls. Upgrade to 4.08.010+ ASAP! https://radar.offseq.com/threat/cve-2026-44258-cwe-78-improper-neutralization-of-s-147a3557 #OffSeq #CVE202644258 #infosec #patchnow

##

CVE-2026-44575
(7.5 HIGH)

EPSS: 0.03%

updated 2026-05-14T12:38:11.500000

4 posts

Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.16 and 16.2.5, App Router applications that rely on middleware or proxy-based checks for authorization can allow unauthorized access through transport-specific route variants used for segment prefetching. In affected configurations, specially crafted .rsc and segment-prefetch URLs can resolve to the s

1 repos

https://github.com/dwisiswant0/next-16.2.4-pocs

thehackerwire@mastodon.social at 2026-05-13T19:00:17.000Z ##

🟠 CVE-2026-45109 - High (7.5)

Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.18 and 16.2.6, it was found that the fix addressing CVE-2026-44575 did not apply to middleware.ts with Turbopack. This vulnerability is fixed in 15.5...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45109/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-13T17:38:31.000Z ##

🟠 CVE-2026-44575 - High (7.5)

Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.16 and 16.2.5, App Router applications that rely on middleware or proxy-based checks for authorization can allow unauthorized access through transpor...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44575/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-13T19:00:17.000Z ##

🟠 CVE-2026-45109 - High (7.5)

Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.18 and 16.2.6, it was found that the fix addressing CVE-2026-44575 did not apply to middleware.ts with Turbopack. This vulnerability is fixed in 15.5...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45109/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-13T17:38:31.000Z ##

🟠 CVE-2026-44575 - High (7.5)

Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.16 and 16.2.5, App Router applications that rely on middleware or proxy-based checks for authorization can allow unauthorized access through transpor...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44575/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-11024
(9.8 CRITICAL)

EPSS: 0.03%

updated 2026-05-14T12:30:33

2 posts

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows Blind SQL Injection. This issue affects E-Commerce Website: before 4.5.001.

thehackerwire@mastodon.social at 2026-05-14T12:41:38.000Z ##

🔴 CVE-2025-11024 - Critical (9.8)

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows Blind SQL Injection.

This issue affects E-Commerce Website: before 4.5....

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-11024/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-14T12:41:38.000Z ##

🔴 CVE-2025-11024 - Critical (9.8)

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows Blind SQL Injection.

This issue affects E-Commerce Website: before 4.5....

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-11024/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-2347
(9.8 CRITICAL)

EPSS: 0.04%

updated 2026-05-14T12:30:28

4 posts

Authorization bypass through User-Controlled key vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows Session Hijacking. This issue affects E-Commerce Website: before 4.5.001.

1 repos

https://github.com/mgiay/CVE-2026-25589-25588-25243-23631-23479-REDIS

thehackerwire@mastodon.social at 2026-05-14T12:41:28.000Z ##

🔴 CVE-2026-2347 - Critical (9.8)

Authorization bypass through User-Controlled key vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows Session Hijacking.

This issue affects E-Commerce Website: before 4.5.001.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2347/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq at 2026-05-14T10:30:29.295Z ##

🚨 CVE-2026-2347 — CRITICAL auth bypass in Akilli Commerce E-Commerce Website <4.5.001 via user-controlled key. Session hijack risk. No patch yet — restrict access, monitor sessions. https://radar.offseq.com/threat/cve-2026-2347-cwe-639-authorization-bypass-through-fe0b7401 #OffSeq #CVE20262347 #infosec #websecurity

##

thehackerwire@mastodon.social at 2026-05-14T12:41:28.000Z ##

🔴 CVE-2026-2347 - Critical (9.8)

Authorization bypass through User-Controlled key vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows Session Hijacking.

This issue affects E-Commerce Website: before 4.5.001.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2347/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-05-14T10:30:29.000Z ##

🚨 CVE-2026-2347 — CRITICAL auth bypass in Akilli Commerce E-Commerce Website <4.5.001 via user-controlled key. Session hijack risk. No patch yet — restrict access, monitor sessions. https://radar.offseq.com/threat/cve-2026-2347-cwe-639-authorization-bypass-through-fe0b7401 #OffSeq #CVE20262347 #infosec #websecurity

##

CVE-2026-44573
(7.5 HIGH)

EPSS: 0.04%

updated 2026-05-14T12:24:22.910000

2 posts

Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, Applications using the Pages Router with i18n configured and middleware/proxy-based authorization can allow unauthorized access to protected page data through locale-less /_next/data/<buildId>/<page>.json requests. In affected configurations, middleware does not run for the unprefixed d

1 repos

https://github.com/dwisiswant0/next-16.2.4-pocs

thehackerwire@mastodon.social at 2026-05-13T17:38:10.000Z ##

🟠 CVE-2026-44573 - High (7.5)

Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, Applications using the Pages Router with i18n configured and middleware/proxy-based authorization can allow unauthorized access to pro...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44573/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-13T17:38:10.000Z ##

🟠 CVE-2026-44573 - High (7.5)

Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, Applications using the Pages Router with i18n configured and middleware/proxy-based authorization can allow unauthorized access to pro...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44573/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-44290
(7.5 HIGH)

EPSS: 0.04%

updated 2026-05-14T12:23:20.007000

2 posts

protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs allowed certain schema option paths to traverse through inherited object properties while applying options. A crafted protobuf schema or JSON descriptor could cause option handling to write to properties on global JavaScript constructors, corrupting process-wide built-in functionality. Thi

thehackerwire@mastodon.social at 2026-05-13T16:21:26.000Z ##

🟠 CVE-2026-44290 - High (7.5)

protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs allowed certain schema option paths to traverse through inherited object properties while applying options. A crafted protobuf schema or ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44290/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-13T16:21:26.000Z ##

🟠 CVE-2026-44290 - High (7.5)

protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs allowed certain schema option paths to traverse through inherited object properties while applying options. A crafted protobuf schema or ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44290/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-44291
(8.1 HIGH)

EPSS: 0.05%

updated 2026-05-14T12:22:14.937000

2 posts

protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs used plain objects with inherited prototypes for internal type lookup tables used by generated encode and decode functions. If Object.prototype had already been polluted, those lookup tables could resolve attacker-controlled inherited properties as valid protobuf type information. This cou

thehackerwire@mastodon.social at 2026-05-13T16:21:35.000Z ##

🟠 CVE-2026-44291 - High (8.1)

protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs used plain objects with inherited prototypes for internal type lookup tables used by generated encode and decode functions. If Object.pro...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44291/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-13T16:21:35.000Z ##

🟠 CVE-2026-44291 - High (8.1)

protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs used plain objects with inherited prototypes for internal type lookup tables used by generated encode and decode functions. If Object.pro...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44291/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-3892
(8.1 HIGH)

EPSS: 0.05%

updated 2026-05-14T09:31:35

2 posts

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.4.107. This is due to insufficient file path validation in the become-dealer logo upload flow. The plugin allows any authenticated user to set an arbitrary filesystem path via the profile update handler. This makes it possible for authentica

thehackerwire@mastodon.social at 2026-05-14T14:49:17.000Z ##

🟠 CVE-2026-3892 - High (8.1)

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.4.107. This is due to insufficient file path validation in the become-dealer logo uplo...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3892/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-14T14:49:17.000Z ##

🟠 CVE-2026-3892 - High (8.1)

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.4.107. This is due to insufficient file path validation in the become-dealer logo uplo...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3892/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6506
(8.8 HIGH)

EPSS: 0.04%

updated 2026-05-14T09:31:35

2 posts

The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.1.2. This is due to the infusedwoo_gdpr_upddata() function missing authorization and capability checks, as well as lacking restrictions on which user meta keys can be updated. This makes it possible for authenticated attackers, with subscriber-level access and above, to update thei

thehackerwire@mastodon.social at 2026-05-14T14:49:04.000Z ##

🟠 CVE-2026-6506 - High (8.8)

The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.1.2. This is due to the infusedwoo_gdpr_upddata() function missing authorization and capability checks, as well as lacking restri...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6506/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-14T14:49:04.000Z ##

🟠 CVE-2026-6506 - High (8.8)

The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.1.2. This is due to the infusedwoo_gdpr_upddata() function missing authorization and capability checks, as well as lacking restri...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6506/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5395
(8.2 HIGH)

EPSS: 0.03%

updated 2026-05-14T09:31:35

2 posts

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.2.0 via the exportEntries function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Fluent Forms manager-level access and above, to bypass

thehackerwire@mastodon.social at 2026-05-14T13:04:47.000Z ##

🟠 CVE-2026-5395 - High (8.2)

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.2.0 via the exportEntries function due to m...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5395/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-14T13:04:47.000Z ##

🟠 CVE-2026-5395 - High (8.2)

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.2.0 via the exportEntries function due to m...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5395/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6510
(9.8 CRITICAL)

EPSS: 0.19%

updated 2026-05-14T09:31:35

6 posts

The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation via missing authorization in all versions up to, and including, 5.1.2. This is due to missing nonce verification and capability checks in the iwar_save_recipe() AJAX handler. This makes it possible for unauthenticated attackers to create a malicious automation recipe that pairs an HTTP post trigger with an auto-login act

thehackerwire@mastodon.social at 2026-05-14T13:04:33.000Z ##

🔴 CVE-2026-6510 - Critical (9.8)

The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation via missing authorization in all versions up to, and including, 5.1.2. This is due to missing nonce verification and capability checks in the iwar_save_recipe() AJAX han...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6510/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq at 2026-05-14T09:00:28.123Z ##

🚨 CVE-2026-6510 (CRITICAL, CVSS 9.8) in InfusedWoo Pro ≤5.1.2: Missing authorization in iwar_save_recipe() lets attackers escalate privileges & gain admin access via crafted URLs. No patch yet — restrict/disable plugin. https://radar.offseq.com/threat/cve-2026-6510-cwe-862-missing-authorization-in-inf-3dc63846 #OffSeq #WordPress #Vuln

##

offseq at 2026-05-14T07:30:27.159Z ##

🚨 CVE-2026-6510: InfusedWoo Pro ≤5.1.2 has a CRITICAL vuln (CVSS 9.8). Missing auth checks in iwar_save_recipe() lets attackers bypass auth & escalate to admin. No patch yet — disable plugin or restrict access now! https://radar.offseq.com/threat/cve-2026-6510-cwe-862-missing-authorization-in-inf-3dc63846 #OffSeq #WordPress #Vuln #CVE20266510

##

thehackerwire@mastodon.social at 2026-05-14T13:04:33.000Z ##

🔴 CVE-2026-6510 - Critical (9.8)

The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation via missing authorization in all versions up to, and including, 5.1.2. This is due to missing nonce verification and capability checks in the iwar_save_recipe() AJAX han...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6510/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-05-14T09:00:28.000Z ##

🚨 CVE-2026-6510 (CRITICAL, CVSS 9.8) in InfusedWoo Pro ≤5.1.2: Missing authorization in iwar_save_recipe() lets attackers escalate privileges & gain admin access via crafted URLs. No patch yet — restrict/disable plugin. https://radar.offseq.com/threat/cve-2026-6510-cwe-862-missing-authorization-in-inf-3dc63846 #OffSeq #WordPress #Vuln

##

offseq@infosec.exchange at 2026-05-14T07:30:27.000Z ##

🚨 CVE-2026-6510: InfusedWoo Pro ≤5.1.2 has a CRITICAL vuln (CVSS 9.8). Missing auth checks in iwar_save_recipe() lets attackers bypass auth & escalate to admin. No patch yet — disable plugin or restrict access now! https://radar.offseq.com/threat/cve-2026-6510-cwe-862-missing-authorization-in-inf-3dc63846 #OffSeq #WordPress #Vuln #CVE20266510

##

CVE-2026-6514
(7.5 HIGH)

EPSS: 0.06%

updated 2026-05-14T09:31:35

2 posts

The InfusedWoo Pro plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.1.2 via the popup_submit. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

thehackerwire@mastodon.social at 2026-05-14T12:41:51.000Z ##

🟠 CVE-2026-6514 - High (7.5)

The InfusedWoo Pro plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.1.2 via the popup_submit. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations origina...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6514/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-14T12:41:51.000Z ##

🟠 CVE-2026-6514 - High (7.5)

The InfusedWoo Pro plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.1.2 via the popup_submit. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations origina...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6514/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-14870
(7.5 HIGH)

EPSS: 0.04%

updated 2026-05-14T06:31:40

4 posts

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted JSON payloads due to insufficient input validation.

thehackerwire@mastodon.social at 2026-05-14T15:55:41.000Z ##

🟠 CVE-2025-14870 - High (7.5)

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted J...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-14870/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-14T15:53:50.000Z ##

🟠 CVE-2025-14870 - High (7.5)

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted J...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-14870/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-14T15:55:41.000Z ##

🟠 CVE-2025-14870 - High (7.5)

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted J...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-14870/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-14T15:53:50.000Z ##

🟠 CVE-2025-14870 - High (7.5)

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted J...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-14870/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-1659
(7.5 HIGH)

EPSS: 0.04%

updated 2026-05-14T06:31:40

2 posts

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.0 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted requests due to insufficient input validation.

thehackerwire@mastodon.social at 2026-05-14T14:58:49.000Z ##

🟠 CVE-2026-1659 - High (7.5)

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.0 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted re...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1659/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-14T14:58:49.000Z ##

🟠 CVE-2026-1659 - High (7.5)

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.0 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted re...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1659/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6073
(8.7 HIGH)

EPSS: 0.02%

updated 2026-05-14T06:31:40

2 posts

GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to execute arbitrary JavaScript in other users' browsers due to improper input sanitization.

thehackerwire@mastodon.social at 2026-05-14T14:58:35.000Z ##

🟠 CVE-2026-6073 - High (8.7)

GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to execute arbitrary JavaScript in other users' browsers due t...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6073/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-14T14:58:35.000Z ##

🟠 CVE-2026-6073 - High (8.7)

GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to execute arbitrary JavaScript in other users' browsers due t...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6073/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5396
(8.2 HIGH)

EPSS: 0.03%

updated 2026-05-14T06:31:40

2 posts

The Fluent Forms plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 6.1.21. This is due to the SubmissionPolicy class authorizing submission-level actions (read, modify, delete, add notes) based on a user-supplied `form_id` query parameter. This makes it possible for authenticated attackers, with Fluent Forms Manager access

thehackerwire@mastodon.social at 2026-05-14T14:58:22.000Z ##

🟠 CVE-2026-5396 - High (8.2)

The Fluent Forms plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 6.1.21. This is due to the SubmissionPolicy class authorizing submission-level actions (read, modify, del...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5396/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-14T14:58:22.000Z ##

🟠 CVE-2026-5396 - High (8.2)

The Fluent Forms plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 6.1.21. This is due to the SubmissionPolicy class authorizing submission-level actions (read, modify, del...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5396/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-7377
(8.7 HIGH)

EPSS: 0.02%

updated 2026-05-14T06:31:40

2 posts

GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that, in customizable analytics dashboards, could have allowed an authenticated user to execute arbitrary JavaScript in the context of other users' browsers due to improper input sanitization.

thehackerwire@mastodon.social at 2026-05-14T14:51:09.000Z ##

🟠 CVE-2026-7377 - High (8.7)

GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that, in customizable analytics dashboards, could have allowed an authenticated user to execute arbitrary Ja...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7377/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-14T14:51:09.000Z ##

🟠 CVE-2026-7377 - High (8.7)

GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that, in customizable analytics dashboards, could have allowed an authenticated user to execute arbitrary Ja...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7377/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-14869
(7.5 HIGH)

EPSS: 0.03%

updated 2026-05-14T06:31:39

2 posts

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted payloads on certain API endpoints.

thehackerwire@mastodon.social at 2026-05-14T15:53:35.000Z ##

🟠 CVE-2025-14869 - High (7.5)

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted p...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-14869/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-14T15:53:35.000Z ##

🟠 CVE-2025-14869 - High (7.5)

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted p...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-14869/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-46419
(7.5 HIGH)

EPSS: 0.01%

updated 2026-05-14T06:31:32

2 posts

Yubico webauthn-server-core (aka java-webauthn-server) 2.8.0 before 2.8.2 incorrectly checks a function's return value in the second factor flow, leading to impersonation.

thehackerwire@mastodon.social at 2026-05-14T15:53:50.000Z ##

🟠 CVE-2026-46419 - High (7.5)

Yubico webauthn-server-core (aka java-webauthn-server) 2.8.0 before 2.8.2 incorrectly checks a function's return value in the second factor flow, leading to impersonation.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-46419/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-14T15:53:50.000Z ##

🟠 CVE-2026-46419 - High (7.5)

Yubico webauthn-server-core (aka java-webauthn-server) 2.8.0 before 2.8.2 incorrectly checks a function's return value in the second factor flow, leading to impersonation.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-46419/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-42945
(8.1 HIGH)

EPSS: 0.17%

updated 2026-05-14T03:32:08

24 posts

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond it

10 repos

https://github.com/0xBlackash/CVE-2026-42945

https://github.com/rheodev/CVE-2026-42945

https://github.com/realityone/cve-2026-42945-scan

https://github.com/RyosukeDTomita/CVE-2026-42945

https://github.com/nanwinata/nginxrift-CVE-2026-42945

https://github.com/DepthFirstDisclosures/Nginx-Rift

https://github.com/p3Nt3st3r-sTAr/CVE-2026-42945-POC

https://github.com/opdc-oseas/cve_2026-42945

https://github.com/friparia/NGINX_RIFT_SCAN_CVE_2026_42945

https://github.com/cipherspy/CVE-2026-42945-POC

undercodenews@mastodon.social at 2026-05-14T16:09:12.000Z ##

Critical NGINX Zero-Day CVE-2026-42945 Exposes 18-Year-Old Heap Overflow Leading to DoS and Possible RCE

Introduction A newly disclosed vulnerability in the widely used NGINX web server has raised serious security concerns across the global internet infrastructure. The flaw, tracked as CVE-2026-42945, has reportedly existed in the codebase for nearly 18 years before being discovered through autonomous AI-driven scanning systems. Rated at a critical CVSS score of 9.2,…

https://undercodenews.com/critical-nginx-zero-day-cve-2026-42945-exposes-18-year-old-heap-overflow-leading-to-dos-and-possible-rce/?utm_source=mastodon&utm_medium=jetpack_social

##

Analyst207@mastodon.social at 2026-05-14T16:07:30.000Z ##

NGINX Vulnerability Exposes Servers to DoS, Potential Code Execution

A critical vulnerability, CVE-2026-42945, has been lurking in NGINX's code for 18 years, exposing servers to potential DoS attacks and code execution - and affecting a staggering third of the top-ranked websites. This heap buffer overflow flaw, rated 9.2 in severity, is a wake-up call for NGINX users to take immediate action.

https://osintsights.com/nginx-vulnerability-exposes-servers-to-dos-potential-code-execution?utm_source=mastodon&utm_medium=social

#Cve202642945 #Nginx #WebServer #HeapBufferOverflow #DenialOfService

##

commanderred@chaos.social at 2026-05-14T15:16:24.000Z ##

yay, seems like nginx has a CVE... thanks AI

https://nvd.nist.gov/vuln/detail/CVE-2026-42945

##

hrbrmstr@mastodon.social at 2026-05-14T14:07:07.000Z ##

@me @krypt3ia fixed and also here: https://git.sr.ht/~hrbrmstr/cve-2026-42945-scanner

##

hrbrmstr@mastodon.social at 2026-05-14T12:08:10.000Z ##

The EasyEngine tutorial, StackPointer, WPMU DEV, Stack Overflow, and the WordPress.org forums all reference this same pattern.

This can easily be chained with one (or both) of two recent and trivial-to-exploit local privilege escalation Linux vulns.

In the words of @krypt3ia :

we doomed.

HOWEVER: I threw together a small Bash script that tries to detect whether a given conf file or directory of nginx configs has vulnerable directives. You can find it at:

https://git.sr.ht/~hrbrmstr/cve-2026-42945-scanner (2/3)

##

GossiTheDog@cyberplace.social at 2026-05-14T11:16:24.000Z ##

CVE-2026-42945 - Nginx (otherwise branded Nginx Rift)

It relies on a specific Nginx config to be vulnerable, and for attacker to know or discover the config to exploit it. To reach RCE, also ASLR needs to have been disabled on the box.

The PoC they've built specifically disabled ASLR, deploys a specifically vulnerable config and the exploit knows about the vulnerable config endpoint.

##

undercodenews@mastodon.social at 2026-05-14T11:11:54.000Z ##

NGINX Rift: 18-Year-Old Hidden Vulnerability Exposes Critical Remote Code Execution Risk

A long-hidden security flaw in NGINX has finally surfaced after remaining unnoticed for nearly two decades, raising serious concerns across the global web infrastructure landscape. The vulnerability, now tracked as CVE-2026-42945 and dubbed “NGINX Rift,” allows unauthenticated remote code execution (RCE), making it one of the most severe discoveries in recent web server security…

https://undercodenews.com/nginx-rift-18-year-old-hidden-vulnerability-exposes-critical-remote-code-execution-risk/?utm_source=mastodon&utm_medium=jetpack_social

##

_r_netsec at 2026-05-14T10:28:05.500Z ##

CVE-2026-42945 : NGINX Heap Buffer Overflow in rewrite module - Writeup and PoC https://depthfirst.com/research/nginx-rift-achieving-nginx-rce-via-an-18-year-old-vulnerability

##

benzogaga33@mamot.fr at 2026-05-14T09:40:04.000Z ##

NGINX Rift – CVE-2026-42945 : cette faille critique vieille de 18 ans menace vos serveurs Web https://www.it-connect.fr/nginx-rift-cve-2026-42945-cette-faille-critique-de-18-ans-menace-vos-serveurs-web/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Nginx

##

Matchbook3469@mastodon.social at 2026-05-14T09:16:48.000Z ##

🔴 New security advisory:

CVE-2026-42945 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-42945-nginx-plus-heap-overflow-unauth-poc

#InfoSec #PatchNow #InfoSecCommunity

##

appinn@pullopen.xyz at 2026-05-14T07:17:03.000Z ##

『Nginx rewrite 模块爆高危漏洞：可能已经存在十几年｜CVE-2026-42945』
Nginx 是一款被广泛使用的 HTTP 服务器软件。2026 年 5 月 13 日官方披露常用模组 rewrite 存在安全漏洞。攻击者可通过构造特殊 HTTP 请求触发该漏洞，导致 Nginx 工
……
阅读全文： :sys_link: https://www.appinn.com/nginx-rewrite-rce-cve-2026-42945/

#小众软件

##

jschauma@mstdn.social at 2026-05-14T03:56:19.000Z ##

CVE-2026-42945: Possible RCE in NGINX:

https://depthfirst.com/nginx-rift

Requires a specific regex based rewrite directive like

rewrite ^/users/([0-9]+)/profile/(.*)$ /profile.php?id=$1&tab=$2 last;

https://my.f5.com/manage/s/article/K000161019

(Of course also found & published by some AI platform. At least they told F5 first.)

And there's a bunch of other vulns in nginx that just dropped, but good luck keeping track if the list of security advisories contains no dates:

https://nginx.org/en/security_advisories.html

##

harrysintonen at 2026-05-13T21:34:28.337Z ##

CVE-2026-42945 Heap-based Buffer Overflow in #nginx combined with the linux kernel LPEs is "not great" as we say in the industry.

https://depthfirst.com/nginx-rift

#CVE_2026_42945

##

cR0w at 2026-05-13T19:14:51.554Z ##

RE: https://infosec.exchange/@cR0w/116568840324508660

Plenty of prerequisites but worth looking into.

https://my.f5.com/manage/s/article/K000161019

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, for systems with Address Space Layout Randomization (ASLR ) disabled, code execution is possible. (CVE-2026-42945)

##

thehackerwire@mastodon.social at 2026-05-13T17:49:48.000Z ##

🟠 CVE-2026-42945 - High (8.1)

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42945/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

hrbrmstr@mastodon.social at 2026-05-14T14:07:07.000Z ##

@me @krypt3ia fixed and also here: https://git.sr.ht/~hrbrmstr/cve-2026-42945-scanner

##

hrbrmstr@mastodon.social at 2026-05-14T12:08:10.000Z ##

The EasyEngine tutorial, StackPointer, WPMU DEV, Stack Overflow, and the WordPress.org forums all reference this same pattern.

This can easily be chained with one (or both) of two recent and trivial-to-exploit local privilege escalation Linux vulns.

In the words of @krypt3ia :

we doomed.

HOWEVER: I threw together a small Bash script that tries to detect whether a given conf file or directory of nginx configs has vulnerable directives. You can find it at:

https://git.sr.ht/~hrbrmstr/cve-2026-42945-scanner (2/3)

##

GossiTheDog@cyberplace.social at 2026-05-14T11:16:24.000Z ##

CVE-2026-42945 - Nginx (otherwise branded Nginx Rift)

It relies on a specific Nginx config to be vulnerable, and for attacker to know or discover the config to exploit it. To reach RCE, also ASLR needs to have been disabled on the box.

The PoC they've built specifically disabled ASLR, deploys a specifically vulnerable config and the exploit knows about the vulnerable config endpoint.

##

_r_netsec@infosec.exchange at 2026-05-14T10:28:05.000Z ##

CVE-2026-42945 : NGINX Heap Buffer Overflow in rewrite module - Writeup and PoC https://depthfirst.com/research/nginx-rift-achieving-nginx-rce-via-an-18-year-old-vulnerability

##

benzogaga33@mamot.fr at 2026-05-14T09:40:04.000Z ##

NGINX Rift – CVE-2026-42945 : cette faille critique vieille de 18 ans menace vos serveurs Web https://www.it-connect.fr/nginx-rift-cve-2026-42945-cette-faille-critique-de-18-ans-menace-vos-serveurs-web/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Nginx

##

jschauma@mstdn.social at 2026-05-14T03:56:19.000Z ##

CVE-2026-42945: Possible RCE in NGINX:

https://depthfirst.com/nginx-rift

Requires a specific regex based rewrite directive like

rewrite ^/users/([0-9]+)/profile/(.*)$ /profile.php?id=$1&tab=$2 last;

https://my.f5.com/manage/s/article/K000161019

(Of course also found & published by some AI platform. At least they told F5 first.)

And there's a bunch of other vulns in nginx that just dropped, but good luck keeping track if the list of security advisories contains no dates:

https://nginx.org/en/security_advisories.html

##

harrysintonen@infosec.exchange at 2026-05-13T21:34:28.000Z ##

CVE-2026-42945 Heap-based Buffer Overflow in #nginx combined with the linux kernel LPEs is "not great" as we say in the industry.

https://depthfirst.com/nginx-rift

#CVE_2026_42945

##

cR0w@infosec.exchange at 2026-05-13T19:14:51.000Z ##

RE: https://infosec.exchange/@cR0w/116568840324508660

Plenty of prerequisites but worth looking into.

https://my.f5.com/manage/s/article/K000161019

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, for systems with Address Space Layout Randomization (ASLR ) disabled, code execution is possible. (CVE-2026-42945)

##

thehackerwire@mastodon.social at 2026-05-13T17:49:48.000Z ##

🟠 CVE-2026-42945 - High (8.1)

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42945/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32993
(8.3 HIGH)

EPSS: 0.07%

updated 2026-05-14T00:32:05

2 posts

Improper sanitization of the `status` query parameter of the `/unprotected/nova_error` endpoint allows unauthenticated attacker to inject arbitrary HTTP header to the response.

thehackerwire@mastodon.social at 2026-05-14T16:03:17.000Z ##

🟠 CVE-2026-32993 - High (8.3)

Improper sanitization of the `status` query parameter of the `/unprotected/nova_error` endpoint allows unauthenticated attacker to inject arbitrary HTTP header to the response.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32993/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-14T16:03:17.000Z ##

🟠 CVE-2026-32993 - High (8.3)

Improper sanitization of the `status` query parameter of the `/unprotected/nova_error` endpoint allows unauthenticated attacker to inject arbitrary HTTP header to the response.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32993/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32992
(8.2 HIGH)

EPSS: 0.03%

updated 2026-05-13T22:16:43.010000

2 posts

SSL verification is disabled in the DNS Cluster system. This could allow for a malicious server to man-in-the-middle the request and capture credentials.

thehackerwire@mastodon.social at 2026-05-14T16:03:03.000Z ##

🟠 CVE-2026-32992 - High (8.2)

SSL verification is disabled in the DNS Cluster system. This could allow for a malicious server to man-in-the-middle the request and capture credentials.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32992/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-14T16:03:03.000Z ##

🟠 CVE-2026-32992 - High (8.2)

SSL verification is disabled in the DNS Cluster system. This could allow for a malicious server to man-in-the-middle the request and capture credentials.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32992/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-8466(CVSS UNKNOWN)

EPSS: 0.02%

updated 2026-05-13T21:32:13

1 posts

Allocation of Resources Without Limits or Throttling vulnerability in ninenines cowboy allows denial of service via unbounded buffer accumulation in multipart header parsing. cowboy_req:read_part/3 in src/cowboy_req.erl accumulates incoming request bytes into a Buffer binary with no upper-bound check. When cow_multipart:parse_headers/2 returns more or {more, Buffer2}, the function reads up to Len

tylerayoung@fosstodon.org at 2026-05-14T13:45:25.000Z ##

There have been a heap of CVEs published against the typical #ElixirLang + Phoenix web stack in the last few days. If your mix.lock has any of:

- cowboy < 2.15.0
- cowlib < 2.16.1
- plug < 1.19.2
- bandit < 1.11.1

...you may be vulnerable!

CVEs:

- https://cna.erlef.org/cves/CVE-2026-8466.html
- https://cna.erlef.org/cves/CVE-2026-43968.html
- https://cna.erlef.org/cves/CVE-2026-7790.html
- https://cna.erlef.org/cves/CVE-2026-43969.html
- https://cna.erlef.org/cves/CVE-2026-8468.html

##

CVE-2026-0263(CVSS UNKNOWN)

EPSS: 0.06%

updated 2026-05-13T18:31:07

4 posts

A buffer overflow vulnerability in the IKEv2 processing of Palo Alto Networks PAN-OS® software allows an unauthenticated network-based attacker to execute arbitrary code with elevated privileges on the firewall, or cause a denial of service (DoS) condition. Panorama, Cloud NGFW, and Prisma® Access are not impacted by these vulnerabilities.

cR0w at 2026-05-13T17:48:13.389Z ##

RE: https://infosec.exchange/@cR0w/116561921535290325

https://security.paloaltonetworks.com/CVE-2026-0263

This issue requires IKEv2 VPN tunnels that is configured with Post Quantum Cryptography (PQC).

##

AAKL at 2026-05-13T16:42:22.747Z ##

New. These are only the top three:

Palo Alto: CVE-2026-0265 PAN-OS: Authentication Bypass with Cloud Authentication Service (CAS) enabled https://security.paloaltonetworks.com/CVE-2026-0265

CVE-2026-0264 PAN-OS: Heap-Based Buffer Overflow in DNS Proxy and DNS Server Allows Unauthenticated Remote Code Execution https://security.paloaltonetworks.com/CVE-2026-0264

CVE-2026-0263 PAN-OS: Remote Code Execution (RCE) in IKEv2 Processing https://security.paloaltonetworks.com/CVE-2026-0263

More https://security.paloaltonetworks.com/ #PaloAlto #infosec #vilnerability

##

cR0w@infosec.exchange at 2026-05-13T17:48:13.000Z ##

RE: https://infosec.exchange/@cR0w/116561921535290325

https://security.paloaltonetworks.com/CVE-2026-0263

This issue requires IKEv2 VPN tunnels that is configured with Post Quantum Cryptography (PQC).

##

AAKL@infosec.exchange at 2026-05-13T16:42:22.000Z ##

New. These are only the top three:

Palo Alto: CVE-2026-0265 PAN-OS: Authentication Bypass with Cloud Authentication Service (CAS) enabled https://security.paloaltonetworks.com/CVE-2026-0265

CVE-2026-0264 PAN-OS: Heap-Based Buffer Overflow in DNS Proxy and DNS Server Allows Unauthenticated Remote Code Execution https://security.paloaltonetworks.com/CVE-2026-0264

CVE-2026-0263 PAN-OS: Remote Code Execution (RCE) in IKEv2 Processing https://security.paloaltonetworks.com/CVE-2026-0263

More https://security.paloaltonetworks.com/ #PaloAlto #infosec #vilnerability

##

CVE-2026-0265(CVSS UNKNOWN)

EPSS: 0.08%

updated 2026-05-13T18:31:07

2 posts

An authentication bypass vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to bypass authentication controls when Cloud Authentication Service (CAS) is enabled. The risk is higher if CAS is enabled on the management interface and lower when any other login interfaces are used. The risk of this issue is greatly reduced if you secure acc

AAKL at 2026-05-13T16:42:22.747Z ##

New. These are only the top three:

Palo Alto: CVE-2026-0265 PAN-OS: Authentication Bypass with Cloud Authentication Service (CAS) enabled https://security.paloaltonetworks.com/CVE-2026-0265

CVE-2026-0264 PAN-OS: Heap-Based Buffer Overflow in DNS Proxy and DNS Server Allows Unauthenticated Remote Code Execution https://security.paloaltonetworks.com/CVE-2026-0264

CVE-2026-0263 PAN-OS: Remote Code Execution (RCE) in IKEv2 Processing https://security.paloaltonetworks.com/CVE-2026-0263

More https://security.paloaltonetworks.com/ #PaloAlto #infosec #vilnerability

##

AAKL@infosec.exchange at 2026-05-13T16:42:22.000Z ##

New. These are only the top three:

Palo Alto: CVE-2026-0265 PAN-OS: Authentication Bypass with Cloud Authentication Service (CAS) enabled https://security.paloaltonetworks.com/CVE-2026-0265

CVE-2026-0264 PAN-OS: Heap-Based Buffer Overflow in DNS Proxy and DNS Server Allows Unauthenticated Remote Code Execution https://security.paloaltonetworks.com/CVE-2026-0264

CVE-2026-0263 PAN-OS: Remote Code Execution (RCE) in IKEv2 Processing https://security.paloaltonetworks.com/CVE-2026-0263

More https://security.paloaltonetworks.com/ #PaloAlto #infosec #vilnerability

##

CVE-2026-40631
(8.7 HIGH)

EPSS: 0.05%

updated 2026-05-13T18:31:06

2 posts

An authenticated attacker with the Resource Administrator or Administrator role can modify configuration objects through iControl SOAP resulting in privilege escalation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

thehackerwire@mastodon.social at 2026-05-13T18:05:01.000Z ##

🟠 CVE-2026-40631 - High (8.7)

An authenticated attacker with the Resource Administrator or Administrator role can modify configuration objects through iControl SOAP resulting in privilege escalation. Note: Software versions which have reached End of Technical Support (EoTS) ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40631/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-13T18:05:01.000Z ##

🟠 CVE-2026-40631 - High (8.7)

An authenticated attacker with the Resource Administrator or Administrator role can modify configuration objects through iControl SOAP resulting in privilege escalation. Note: Software versions which have reached End of Technical Support (EoTS) ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40631/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41225
(9.1 CRITICAL)

EPSS: 0.07%

updated 2026-05-13T18:31:06

2 posts

A vulnerability exists in iControl REST where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

thehackerwire@mastodon.social at 2026-05-13T18:02:17.000Z ##

🔴 CVE-2026-41225 - Critical (9.1)

A vulnerability exists in iControl REST where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands.

Note: Software versions which have reached End of T...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41225/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-13T18:02:17.000Z ##

🔴 CVE-2026-41225 - Critical (9.1)

A vulnerability exists in iControl REST where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands.

Note: Software versions which have reached End of T...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41225/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-42924
(8.7 HIGH)

EPSS: 0.05%

updated 2026-05-13T18:31:06

4 posts

An authenticated attacker with the Resource Administrator or Administrator role can create SNMP configuration objects through iControl SOAP resulting in privilege escalation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

thehackerwire@mastodon.social at 2026-05-13T17:53:30.000Z ##

🟠 CVE-2026-42924 - High (8.7)

An authenticated attacker with the Resource Administrator or Administrator role can create SNMP configuration objects through iControl SOAP resulting in privilege escalation. Note: Software versions which have reached End of Technical Support (E...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42924/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-13T17:50:13.000Z ##

🟠 CVE-2026-42924 - High (8.7)

An authenticated attacker with the Resource Administrator or Administrator role can create SNMP configuration objects through iControl SOAP resulting in privilege escalation. Note: Software versions which have reached End of Technical Support (E...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42924/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-13T17:53:30.000Z ##

🟠 CVE-2026-42924 - High (8.7)

An authenticated attacker with the Resource Administrator or Administrator role can create SNMP configuration objects through iControl SOAP resulting in privilege escalation. Note: Software versions which have reached End of Technical Support (E...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42924/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-13T17:50:13.000Z ##

🟠 CVE-2026-42924 - High (8.7)

An authenticated attacker with the Resource Administrator or Administrator role can create SNMP configuration objects through iControl SOAP resulting in privilege escalation. Note: Software versions which have reached End of Technical Support (E...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42924/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6282
(8.1 HIGH)

EPSS: 0.06%

updated 2026-05-13T18:31:06

2 posts

A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user to move or access files belonging to other users on the same device.

thehackerwire@mastodon.social at 2026-05-13T16:19:41.000Z ##

🟠 CVE-2026-6282 - High (8.1)

A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user to move or access files belonging to other users on the same device.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6282/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-13T16:19:41.000Z ##

🟠 CVE-2026-6282 - High (8.1)

A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user to move or access files belonging to other users on the same device.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6282/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-39458
(7.5 HIGH)

EPSS: 0.07%

updated 2026-05-13T18:31:05

2 posts

When a BIG-IP DNS profile enabled with DNS cache is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

thehackerwire@mastodon.social at 2026-05-13T18:08:52.000Z ##

🟠 CVE-2026-39458 - High (7.5)

When a BIG-IP DNS profile enabled with DNS cache is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) a...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-39458/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-13T18:08:52.000Z ##

🟠 CVE-2026-39458 - High (7.5)

When a BIG-IP DNS profile enabled with DNS cache is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) a...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-39458/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-39455
(7.5 HIGH)

EPSS: 0.08%

updated 2026-05-13T18:31:05

2 posts

When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol (LDAP) authentication, undisclosed traffic can cause the httpd process to exhaust the available file descriptors. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

thehackerwire@mastodon.social at 2026-05-13T18:08:37.000Z ##

🟠 CVE-2026-39455 - High (7.5)

When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol (LDAP) authentication, undisclosed traffic can cause the httpd process to exhaust the available file descriptors. Note: Software versions which ha...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-39455/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-13T18:08:37.000Z ##

🟠 CVE-2026-39455 - High (7.5)

When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol (LDAP) authentication, undisclosed traffic can cause the httpd process to exhaust the available file descriptors. Note: Software versions which ha...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-39455/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40067
(7.5 HIGH)

EPSS: 0.07%

updated 2026-05-13T18:31:05

2 posts

When a BIG-IP APM access policy is configured on a virtual server, undisclosed traffic can cause the apmd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

thehackerwire@mastodon.social at 2026-05-13T18:07:41.000Z ##

🟠 CVE-2026-40067 - High (7.5)

When a BIG-IP APM access policy is configured on a virtual server, undisclosed traffic can cause the apmd process to terminate.

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40067/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-13T18:07:41.000Z ##

🟠 CVE-2026-40067 - High (7.5)

When a BIG-IP APM access policy is configured on a virtual server, undisclosed traffic can cause the apmd process to terminate.

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40067/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40061
(8.7 HIGH)

EPSS: 0.05%

updated 2026-05-13T18:31:05

2 posts

When BIG-IP DNS is provisioned, a vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command that may allow an authenticated attacker with the Resource Administrator or Administrator role to execute arbitrary system commands with higher privileges. In Appliance mode deployments, a successful exploit can allow the attacker to cross a security boundary. Note: Software

thehackerwire@mastodon.social at 2026-05-13T18:07:32.000Z ##

🟠 CVE-2026-40061 - High (8.7)

When BIG-IP DNS is provisioned, a vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command that may allow an authenticated attacker with the Resource Administrator or Administrator role to execute arbitrary system ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40061/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-13T18:07:32.000Z ##

🟠 CVE-2026-40061 - High (8.7)

When BIG-IP DNS is provisioned, a vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command that may allow an authenticated attacker with the Resource Administrator or Administrator role to execute arbitrary system ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40061/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40060
(7.5 HIGH)

EPSS: 0.07%

updated 2026-05-13T18:31:05

2 posts

When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

thehackerwire@mastodon.social at 2026-05-13T18:07:20.000Z ##

🟠 CVE-2026-40060 - High (7.5)

When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate.

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40060/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-13T18:07:20.000Z ##

🟠 CVE-2026-40060 - High (7.5)

When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate.

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40060/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40629
(7.5 HIGH)

EPSS: 0.07%

updated 2026-05-13T18:31:05

2 posts

When SSL profiles are configured on a virtual server, undisclosed traffic can cause the virtual server to stop processing new client connections. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

thehackerwire@mastodon.social at 2026-05-13T18:04:52.000Z ##

🟠 CVE-2026-40629 - High (7.5)

When SSL profiles are configured on a virtual server, undisclosed traffic can cause the virtual server to stop processing new client connections. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40629/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-13T18:04:52.000Z ##

🟠 CVE-2026-40629 - High (7.5)

When SSL profiles are configured on a virtual server, undisclosed traffic can cause the virtual server to stop processing new client connections. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40629/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41218
(7.5 HIGH)

EPSS: 0.07%

updated 2026-05-13T18:31:05

2 posts

When BIG-IP PEM iRules are configured on a virtual server (iRules using commands starting with CLASSIFICATION::, CLASSIFY::, PEM::, PSC::, and the urlcatquery command), undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

thehackerwire@mastodon.social at 2026-05-13T17:58:59.000Z ##

🟠 CVE-2026-41218 - High (7.5)

When BIG-IP PEM iRules are configured on a virtual server (iRules using commands starting with CLASSIFICATION::, CLASSIFY::, PEM::, PSC::, and the urlcatquery command), undisclosed traffic can cause the Traffic Management Microkernel (TMM) to term...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41218/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-13T17:58:59.000Z ##

🟠 CVE-2026-41218 - High (7.5)

When BIG-IP PEM iRules are configured on a virtual server (iRules using commands starting with CLASSIFICATION::, CLASSIFY::, PEM::, PSC::, and the urlcatquery command), undisclosed traffic can cause the Traffic Management Microkernel (TMM) to term...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41218/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41957
(8.8 HIGH)

EPSS: 0.55%

updated 2026-05-13T18:31:05

2 posts

An authenticated remote code execution vulnerability through undisclosed vectors exists in the BIG-IP and BIG-IQ Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

thehackerwire@mastodon.social at 2026-05-13T17:58:33.000Z ##

🟠 CVE-2026-41957 - High (8.8)

An authenticated remote code execution vulnerability through undisclosed vectors exists in the BIG-IP and BIG-IQ Configuration utility.

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41957/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-13T17:58:33.000Z ##

🟠 CVE-2026-41957 - High (8.8)

An authenticated remote code execution vulnerability through undisclosed vectors exists in the BIG-IP and BIG-IQ Configuration utility.

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41957/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41956
(7.5 HIGH)

EPSS: 0.07%

updated 2026-05-13T18:31:05

2 posts

When a classification profile is configured on a UDP virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

thehackerwire@mastodon.social at 2026-05-13T17:55:51.000Z ##

🟠 CVE-2026-41956 - High (7.5)

When a classification profile is configured on a UDP virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evalua...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41956/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-13T17:55:51.000Z ##

🟠 CVE-2026-41956 - High (7.5)

When a classification profile is configured on a UDP virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evalua...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41956/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32661
(9.8 CRITICAL)

EPSS: 0.14%

updated 2026-05-13T18:30:57

1 posts

Stack-based buffer overflow vulnerability exists in GUARDIANWALL MailSuite and GUARDIANWALL Mail Security Cloud (SaaS version). If a remote attacker sends a specially crafted request to the product's web service, arbitrary code may be executed when the product is configured to run pop3wallpasswd with grdnwww user privilege.

offseq@infosec.exchange at 2026-05-13T07:30:27.000Z ##

🚨 CRITICAL: CVE-2026-32661 stack buffer overflow in Canon GUARDIANWALL MailSuite (v1.4.00 – 2.4.26). Remote code execution possible. Restrict network access & monitor pop3wallpasswd. Patch pending. https://radar.offseq.com/threat/cve-2026-32661-stack-based-buffer-overflow-in-cano-fe8551b1 #OffSeq #CVE202632661 #infosec #vuln

##

CVE-2026-45185
(9.8 CRITICAL)

EPSS: 0.06%

updated 2026-05-13T18:30:50

17 posts

Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS close_notify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection. This can lead to heap corruption. An unauthenticated network attacker exploiting this vulnerability could execute arbitr

2 repos

https://github.com/materaj2/cve-2026-45185-detection-script

https://github.com/liamromanis101/Dead.Letter-CVE-2026-45185

tomshw@mastodon.social at 2026-05-14T11:25:10.000Z ##

🛡️ Exim corregge una falla critica che esponeva i server email a RCE: aggiornare subito riduce il rischio di compromissioni e downtime. #Cybersecurity #Exim

🔗 https://www.tomshw.it/hardware/exim-cve-2026-45185-rce-gnutls

##

beyondmachines1 at 2026-05-14T08:01:07.330Z ##

Critical 'Dead.Letter' Vulnerability in Exim Mailer Allows Unauthenticated Remote Code Execution

Exim patched a critical use-after-free vulnerability (CVE-2026-45185) in its GnuTLS implementation that allows unauthenticated remote attackers to execute arbitrary code via specially crafted BDAT SMTP traffic.

**If you are running Exim mail servers (versions 4.97 through 4.99.2) built with GnuTLS, update to version 4.99.3 ASAP. Email servers are designed to be exposed to the internet so you can't hide this issue behind a firewall. Until you update, temporarily disable the CHUNKING (BDAT) extension or switch to an OpenSSL-based build until the patch can be applied.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-dead-letter-vulnerability-in-exim-mailer-allows-unauthenticated-remote-code-execution-0-8-m-i-c/gD2P6Ple2L

##

undercodenews@mastodon.social at 2026-05-13T23:45:48.000Z ##

Critical Exim Vulnerability Exposes Servers to Full Remote Takeover — CVE-2026-45185 Sparks Global Cybersecurity Alarm

⚠️ Massive Security Risk Discovered in Exim Mail Servers Using GnuTLS Introduction: A Dangerous Flaw That Turns Email Infrastructure Into an Open Door A newly discovered critical vulnerability in Exim mail transfer software, tracked as CVE-2026-45185, has triggered serious concern across the cybersecurity community. The flaw affects systems using…

https://undercodenews.com/critical-exim-vulnerability-exposes-servers-to-full-remote-takeover-cve-2026-45185-sparks-global-cybersecurity-alarm/?utm_source=mastodon&utm_medium=jetpack_social

##

undercodenews@mastodon.social at 2026-05-13T20:54:07.000Z ##

Critical Exim Vulnerability Opens Door to Remote Code Execution on Linux Mail Servers

Introduction A newly disclosed security flaw in the widely used Exim mail transfer agent has raised serious concerns across the Linux server ecosystem. The vulnerability, tracked as CVE-2026-45185, allows unauthenticated remote attackers to potentially execute arbitrary code on affected systems under specific configurations. Because Exim remains one of the most deployed mail servers…

https://undercodenews.com/critical-exim-vulnerability-opens-door-to-remote-code-execution-on-linux-mail-servers/?utm_source=mastodon&utm_medium=jetpack_social

##

Analyst207@mastodon.social at 2026-05-13T20:37:08.000Z ##

Exim Flaw Exposes Servers to Remote Code Execution

A critical flaw in Exim, tracked as CVE-2026-45185, leaves servers vulnerable to remote code execution if they're running specific builds, but thankfully, a remediation was published in Exim version 4.99.3. This vulnerability is triggered during TLS shutdown while handling certain SMTP traffic, allowing attackers to exploit it.

https://osintsights.com/exim-flaw-exposes-servers-to-remote-code-execution?utm_source=mastodon&utm_medium=social

#RemoteCodeExecution #Exim #Cve202645185 #GnuTransportLayerSecurity #Starttls

##

secdb at 2026-05-13T12:27:34.938Z ##

🚨 CVE-2026-45185 (Dead.Letter)

Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS close_notify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection. This can lead to heap corruption. An unauthenticated network attacker exploiting this vulnerability could execute arbitrary code.

ℹ️ Additional info on ZEN SecDB https://secdb.nttzen.cloud/cve/detail/CVE-2026-45185

#nttdata #zen #secdb #infosec
#deadletter #cve202645185 #exim #gnutls

##

sekurakbot@mastodon.com.pl at 2026-05-13T08:25:00.000Z ##

Krytyczna podatność w Eximie – serwerze pocztowym obsługującym pół Internetu. Znaleziona ze wsparciem AI.

W 2023 roku około 59% publicznych serwerów pocztowych to właśnie Exim. Właśnie załatano oraz opublikowano szczegóły podatności o ksywce Dead Letter, dzięki której atakujący mogą wykonywać kod na serwerze (RCE), bez uwierzytelnienia, w pełni zdalnie. Luka CVE-2026-45185 otrzymała “wycenę” 9.8/10 w skali CVSS. Podatne są Eximy w wersjach od 4.97...

#WBiegu #Ai #Exim #Podatność #Rce

https://sekurak.pl/krytyczna-podatnosc-w-eximie-serwerze-pocztowym-obslugujacym-pol-internetu-znaleziona-ze-wsparciem-ai/

##

tomshw@mastodon.social at 2026-05-14T11:25:10.000Z ##

🛡️ Exim corregge una falla critica che esponeva i server email a RCE: aggiornare subito riduce il rischio di compromissioni e downtime. #Cybersecurity #Exim

🔗 https://www.tomshw.it/hardware/exim-cve-2026-45185-rce-gnutls

##

beyondmachines1@infosec.exchange at 2026-05-14T08:01:07.000Z ##

Critical 'Dead.Letter' Vulnerability in Exim Mailer Allows Unauthenticated Remote Code Execution

Exim patched a critical use-after-free vulnerability (CVE-2026-45185) in its GnuTLS implementation that allows unauthenticated remote attackers to execute arbitrary code via specially crafted BDAT SMTP traffic.

**If you are running Exim mail servers (versions 4.97 through 4.99.2) built with GnuTLS, update to version 4.99.3 ASAP. Email servers are designed to be exposed to the internet so you can't hide this issue behind a firewall. Until you update, temporarily disable the CHUNKING (BDAT) extension or switch to an OpenSSL-based build until the patch can be applied.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-dead-letter-vulnerability-in-exim-mailer-allows-unauthenticated-remote-code-execution-0-8-m-i-c/gD2P6Ple2L

##

secdb@infosec.exchange at 2026-05-13T12:27:34.000Z ##

🚨 CVE-2026-45185 (Dead.Letter)

Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS close_notify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection. This can lead to heap corruption. An unauthenticated network attacker exploiting this vulnerability could execute arbitrary code.

ℹ️ Additional info on ZEN SecDB https://secdb.nttzen.cloud/cve/detail/CVE-2026-45185

#nttdata #zen #secdb #infosec
#deadletter #cve202645185 #exim #gnutls

##

hn50@social.lansky.name at 2026-05-12T23:20:08.000Z ##

Dead.Letter (CVE-2026-45185) – How XBOW found an unauthenticated RCE on Exim

Link: https://xbow.com/blog/dead-letter-cve-2026-45185-xbow-found-rce-exim
Discussion: https://news.ycombinator.com/item?id=48111748

##

campuscodi@mastodon.social at 2026-05-12T21:44:54.000Z ##

XBOW's AI found an unauth RCE in Exim, bug is being called Dead.Letter

https://xbow.com/blog/dead-letter-cve-2026-45185-xbow-found-rce-exim

Patches are out: https://www.exim.org/static/doc/security/EXIM-Security-2026-05-01.1/EXIM-Security-2026-05-01.1.txt

##

newsycombinator@framapiaf.org at 2026-05-12T19:00:29.000Z ##

Dead.Letter (CVE-2026-45185) – How XBOW found an unauthenticated RCE on Exim
Link: https://xbow.com/blog/dead-letter-cve-2026-45185-xbow-found-rce-exim
Comments: https://news.ycombinator.com/item?id=48111748

##

ngate@mastodon.social at 2026-05-12T18:01:21.000Z ##

🚀 Ah, another day, another #CVE nobody asked for. Humans vs. #AI in a race to exploit #Exim, because *obviously* that's what we need—Skynet learning to hack email servers. 😂 But hey, at least the buzzwords and pentest pitches are here to save us from the tedium of actual #security work. 📉
https://xbow.com/blog/dead-letter-cve-2026-45185-xbow-found-rce-exim #Skynet #Hacking #HackerNews #ngated

##

h4ckernews@mastodon.social at 2026-05-12T18:01:15.000Z ##

Dead.letter (CVE-2026-45185) Humans vs. LLM for Unauthenticated RCE Race on Exim

https://xbow.com/blog/dead-letter-cve-2026-45185-xbow-found-rce-exim

#HackerNews #DeadLetter #CVE202645185 #UnauthenticatedRCE #Exim #LLMVsHumans

##

CuratedHackerNews@mastodon.social at 2026-05-12T17:58:07.000Z ##

Dead.Letter (CVE-2026-45185) – How XBOW found an unauthenticated RCE on Exim

https://xbow.com/blog/dead-letter-cve-2026-45185-xbow-found-rce-exim

##

_r_netsec@infosec.exchange at 2026-05-12T17:43:05.000Z ##

Dead.Letter (CVE-2026-45185) How XBOW found an unauthenticated RCE on Exim https://xbow.com/blog/dead-letter-cve-2026-45185-xbow-found-rce-exim

##

CVE-2026-44167
(7.5 HIGH)

EPSS: 0.02%

updated 2026-05-13T18:24:31.310000

1 posts

phpseclib is a PHP secure communications library. Prior to 1.0.29, 2.0.54, and 3.0.52, anyone loading untrusted ASN1 files (eg. X509 certificates, RSA PKCS8 private or public keys, etc). This is a bypass of CVE-2024-27355. This vulnerability is fixed in 1.0.29, 2.0.54, and 3.0.52.

thehackerwire@mastodon.social at 2026-05-12T18:24:16.000Z ##

🟠 CVE-2026-44167 - High (7.5)

phpseclib is a PHP secure communications library. Prior to 1.0.29, 2.0.54, and 3.0.52, anyone loading untrusted ASN1 files (eg. X509 certificates, RSA PKCS8 private or public keys, etc). This is a bypass of CVE-2024-27355. This vulnerability is fi...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44167/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-0264
(0 None)

EPSS: 0.07%

updated 2026-05-13T18:17:47.830000

2 posts

A buffer overflow vulnerability in the DNS proxy and DNS Server features of Palo Alto Networks PAN-OS® Software allows an unauthenticated attacker with network access to cause a denial of service (DoS) condition (all PAN-OS platforms except Cloud NGFW and Prisma Access) or potentially execute arbitrary code by sending specially crafted network traffic (PA-Series hardware only). Panorama, Cloud

AAKL at 2026-05-13T16:42:22.747Z ##

New. These are only the top three:

Palo Alto: CVE-2026-0265 PAN-OS: Authentication Bypass with Cloud Authentication Service (CAS) enabled https://security.paloaltonetworks.com/CVE-2026-0265

CVE-2026-0264 PAN-OS: Heap-Based Buffer Overflow in DNS Proxy and DNS Server Allows Unauthenticated Remote Code Execution https://security.paloaltonetworks.com/CVE-2026-0264

CVE-2026-0263 PAN-OS: Remote Code Execution (RCE) in IKEv2 Processing https://security.paloaltonetworks.com/CVE-2026-0263

More https://security.paloaltonetworks.com/ #PaloAlto #infosec #vilnerability

##

AAKL@infosec.exchange at 2026-05-13T16:42:22.000Z ##

New. These are only the top three:

Palo Alto: CVE-2026-0265 PAN-OS: Authentication Bypass with Cloud Authentication Service (CAS) enabled https://security.paloaltonetworks.com/CVE-2026-0265

CVE-2026-0264 PAN-OS: Heap-Based Buffer Overflow in DNS Proxy and DNS Server Allows Unauthenticated Remote Code Execution https://security.paloaltonetworks.com/CVE-2026-0264

CVE-2026-0263 PAN-OS: Remote Code Execution (RCE) in IKEv2 Processing https://security.paloaltonetworks.com/CVE-2026-0263

More https://security.paloaltonetworks.com/ #PaloAlto #infosec #vilnerability

##

CVE-2026-42290
(7.8 HIGH)

EPSS: 0.02%

updated 2026-05-13T16:32:31.457000

2 posts

protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbts invoked JSDoc by building a shell command string from input file paths and executing it through child_process.exec. File paths containing shell metacharacters could therefore be interpreted by the shell instead of being passed to JSDoc as plain arguments. This vulnerability is fixed in 1.2.1 and 2.0.2.

thehackerwire@mastodon.social at 2026-05-13T17:50:32.000Z ##

🟠 CVE-2026-42290 - High (7.8)

protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbts invoked JSDoc by building a shell command string from input file paths and executing it through child_process.exec. File paths containing shell metacharacter...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42290/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-13T17:50:32.000Z ##

🟠 CVE-2026-42290 - High (7.8)

protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbts invoked JSDoc by building a shell command string from input file paths and executing it through child_process.exec. File paths containing shell metacharacter...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42290/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40423
(7.5 HIGH)

EPSS: 0.07%

updated 2026-05-13T16:27:11.127000

2 posts

When a SIP profile is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

thehackerwire@mastodon.social at 2026-05-13T18:08:24.000Z ##

🟠 CVE-2026-40423 - High (7.5)

When a SIP profile is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40423/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-13T18:08:24.000Z ##

🟠 CVE-2026-40423 - High (7.5)

When a SIP profile is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40423/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40698
(8.7 HIGH)

EPSS: 0.05%

updated 2026-05-13T16:27:11.127000

2 posts

A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Resource Administrator role can create SNMP configuration objects through iControl REST or the TMOS shell (tmsh) resulting in privilege escalation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

thehackerwire@mastodon.social at 2026-05-13T18:05:12.000Z ##

🟠 CVE-2026-40698 - High (8.7)

A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Resource Administrator role can create SNMP configuration objects through iControl REST or the TMOS shell (tmsh) resulting in p...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40698/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-13T18:05:12.000Z ##

🟠 CVE-2026-40698 - High (8.7)

A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Resource Administrator role can create SNMP configuration objects through iControl REST or the TMOS shell (tmsh) resulting in p...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40698/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40618
(7.5 HIGH)

EPSS: 0.07%

updated 2026-05-13T16:27:11.127000

2 posts

When an SSL profile is configured on a virtual server on BIG-IP Virtual Edition (VE) without Intel QuickAssist Technology (QAT) or on BIG-IP hardware platforms with the database variable crypto.hwacceleration set to disabled, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not eva

thehackerwire@mastodon.social at 2026-05-13T18:02:42.000Z ##

🟠 CVE-2026-40618 - High (7.5)

When an SSL profile is configured on a virtual server on BIG-IP Virtual Edition (VE) without Intel QuickAssist Technology (QAT) or on BIG-IP hardware platforms with the database variable crypto.hwacceleration set to disabled, undisclosed traffic ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40618/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-13T18:02:42.000Z ##

🟠 CVE-2026-40618 - High (7.5)

When an SSL profile is configured on a virtual server on BIG-IP Virtual Edition (VE) without Intel QuickAssist Technology (QAT) or on BIG-IP hardware platforms with the database variable crypto.hwacceleration set to disabled, undisclosed traffic ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40618/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41227
(7.5 HIGH)

EPSS: 0.07%

updated 2026-05-13T16:27:11.127000

2 posts

On an HTTP/2 virtual server with Layer 7 DoS Protection configured, undisclosed traffic can result in an increase in memory consumption causing the Traffic Management Microkernel (TMM) process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

thehackerwire@mastodon.social at 2026-05-13T18:02:30.000Z ##

🟠 CVE-2026-41227 - High (7.5)

On an HTTP/2 virtual server with Layer 7 DoS Protection configured, undisclosed traffic can result in an increase in memory consumption causing the Traffic Management Microkernel (TMM) process to terminate. Note: Software versions which have re...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41227/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-13T18:02:30.000Z ##

🟠 CVE-2026-41227 - High (7.5)

On an HTTP/2 virtual server with Layer 7 DoS Protection configured, undisclosed traffic can result in an increase in memory consumption causing the Traffic Management Microkernel (TMM) process to terminate. Note: Software versions which have re...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41227/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41217
(7.9 HIGH)

EPSS: 0.02%

updated 2026-05-13T16:27:11.127000

2 posts

A vulnerability exists in an undisclosed BIG-IP TMOS Shell (tmsh) command that may allow an authenticated attacker with resource administrator or administrator role to execute arbitrary system commands with higher privileges. In Appliance mode deployments, a successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support

thehackerwire@mastodon.social at 2026-05-13T17:58:46.000Z ##

🟠 CVE-2026-41217 - High (7.9)

A vulnerability exists in an undisclosed BIG-IP TMOS Shell (tmsh) command that may allow an authenticated attacker with resource administrator or administrator role to execute arbitrary system commands with higher privileges. In Appliance mode dep...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41217/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-13T17:58:46.000Z ##

🟠 CVE-2026-41217 - High (7.9)

A vulnerability exists in an undisclosed BIG-IP TMOS Shell (tmsh) command that may allow an authenticated attacker with resource administrator or administrator role to execute arbitrary system commands with higher privileges. In Appliance mode dep...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41217/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41953
(8.7 HIGH)

EPSS: 0.05%

updated 2026-05-13T16:27:11.127000

2 posts

A vulnerability exists in BIG-IP systems where a highly privileged, authenticated attacker with at least the Resource Administrator role can modify configuration objects resulting in privilege escalation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

thehackerwire@mastodon.social at 2026-05-13T17:55:35.000Z ##

🟠 CVE-2026-41953 - High (8.7)

A vulnerability exists in BIG-IP systems where a highly privileged, authenticated attacker with at least the Resource Administrator role can modify configuration objects resulting in privilege escalation. Note: Software versions which have reac...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41953/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-13T17:55:35.000Z ##

🟠 CVE-2026-41953 - High (8.7)

A vulnerability exists in BIG-IP systems where a highly privileged, authenticated attacker with at least the Resource Administrator role can modify configuration objects resulting in privilege escalation. Note: Software versions which have reac...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41953/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-42409
(7.5 HIGH)

EPSS: 0.08%

updated 2026-05-13T16:27:11.127000

2 posts

When an HTTP/2 profile and an iRule containing the HTTP::redirect or HTTP::respond command are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

thehackerwire@mastodon.social at 2026-05-13T17:55:22.000Z ##

🟠 CVE-2026-42409 - High (7.5)

When an HTTP/2 profile and an iRule containing the HTTP::redirect or HTTP::respond command are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) process to terminate. Note: Software versio...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42409/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-13T17:55:22.000Z ##

🟠 CVE-2026-42409 - High (7.5)

When an HTTP/2 profile and an iRule containing the HTTP::redirect or HTTP::respond command are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) process to terminate. Note: Software versio...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42409/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-42406
(8.7 HIGH)

EPSS: 0.03%

updated 2026-05-13T16:27:11.127000

2 posts

A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

thehackerwire@mastodon.social at 2026-05-13T17:53:51.000Z ##

🟠 CVE-2026-42406 - High (8.7)

A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Note: Software versions...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42406/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-13T17:53:51.000Z ##

🟠 CVE-2026-42406 - High (8.7)

A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Note: Software versions...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42406/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-42930
(8.7 HIGH)

EPSS: 0.03%

updated 2026-05-13T16:27:11.127000

2 posts

When running in Appliance mode, an authenticated attacker assigned the 'Administrator' role may be able to bypass Appliance mode restrictions on a BIG-IP system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

thehackerwire@mastodon.social at 2026-05-13T17:50:21.000Z ##

🟠 CVE-2026-42930 - High (8.7)

When running in Appliance mode, an authenticated attacker assigned the 'Administrator' role may be able to bypass Appliance mode restrictions on a BIG-IP system.

Note: Software versions which have reached End of Technical Support (EoTS) are not...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42930/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-13T17:50:21.000Z ##

🟠 CVE-2026-42930 - High (8.7)

When running in Appliance mode, an authenticated attacker assigned the 'Administrator' role may be able to bypass Appliance mode restrictions on a BIG-IP system.

Note: Software versions which have reached End of Technical Support (EoTS) are not...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42930/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-42920
(7.5 HIGH)

EPSS: 0.07%

updated 2026-05-13T16:27:11.127000

2 posts

When a Client SSL profile is configured with Allow Dynamic Record Sizing on a UDP virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

thehackerwire@mastodon.social at 2026-05-13T17:50:07.000Z ##

🟠 CVE-2026-42920 - High (7.5)

When a Client SSL profile is configured with Allow Dynamic Record Sizing on a UDP virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.
Note: Software versions which have reached End of Technical Su...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42920/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-13T17:50:07.000Z ##

🟠 CVE-2026-42920 - High (7.5)

When a Client SSL profile is configured with Allow Dynamic Record Sizing on a UDP virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.
Note: Software versions which have reached End of Technical Su...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42920/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6281
(8.8 HIGH)

EPSS: 0.19%

updated 2026-05-13T16:27:11.127000

2 posts

A potential vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user on the local network to execute arbitrary commands on the device.

thehackerwire@mastodon.social at 2026-05-13T16:19:32.000Z ##

🟠 CVE-2026-6281 - High (8.8)

A potential vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user on the local network to execute arbitrary commands on the device.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6281/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-13T16:19:32.000Z ##

🟠 CVE-2026-6281 - High (8.8)

A potential vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user on the local network to execute arbitrary commands on the device.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6281/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-44548
(8.1 HIGH)

EPSS: 0.01%

updated 2026-05-13T16:16:58.690000

2 posts

ChurchCRM is an open-source church management system. Prior to 7.3.2, top-level cross-site GET navigation from an attacker-controlled page to FundRaiserDelete.php, PropertyTypeDelete.php, or NoteDelete.php causes a logged-in ChurchCRM user with the relevant role to silently delete records, including cascaded property and record-to-property assignments. This vulnerability is fixed in 7.3.2.

thehackerwire@mastodon.social at 2026-05-13T12:25:27.000Z ##

🟠 CVE-2026-44548 - High (8.1)

ChurchCRM is an open-source church management system. Prior to 7.3.2, top-level cross-site GET navigation from an attacker-controlled page to FundRaiserDelete.php, PropertyTypeDelete.php, or NoteDelete.php causes a logged-in ChurchCRM user with th...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44548/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-13T12:25:27.000Z ##

🟠 CVE-2026-44548 - High (8.1)

ChurchCRM is an open-source church management system. Prior to 7.3.2, top-level cross-site GET navigation from an attacker-controlled page to FundRaiserDelete.php, PropertyTypeDelete.php, or NoteDelete.php causes a logged-in ChurchCRM user with th...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44548/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-42854
(9.8 CRITICAL)

EPSS: 0.20%

updated 2026-05-13T16:16:48.700000

1 posts

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer multipart form parser in arduino-esp32 allocates a Variable Length Array (VLA) on the stack whose size is derived from an attacker-controlled HTTP header field (Content-Type: multipart/form-data; boundary=...) without enforcing any length limit. Sendin

offseq@infosec.exchange at 2026-05-13T03:00:27.000Z ##

🔥 CRITICAL: CVE-2026-42854 in arduino-esp32 (<3.3.8) enables stack buffer overflow via HTTP multipart boundary — can crash device or allow RCE. Patch ASAP by upgrading to 3.3.8! https://radar.offseq.com/threat/cve-2026-42854-cwe-121-stack-based-buffer-overflow-caa5555e #OffSeq #CVE202642854 #IoTSecurity #Espressif

##

CVE-2026-7790
(0 None)

EPSS: 0.08%

updated 2026-05-13T15:57:03.607000

1 posts

Uncontrolled Resource Consumption vulnerability in ninenines cowlib (cow_http_te module) allows Excessive Allocation. The chunked transfer-encoding parser in cow_http_te accepts an unbounded number of hex digits in the chunk-size field. Each digit causes a bignum multiplication (Len * 16 + digit), so parsing N hex digits requires O(N²) CPU work and O(N) memory. Additionally, when input is drip-fe

tylerayoung@fosstodon.org at 2026-05-14T13:45:25.000Z ##

There have been a heap of CVEs published against the typical #ElixirLang + Phoenix web stack in the last few days. If your mix.lock has any of:

- cowboy < 2.15.0
- cowlib < 2.16.1
- plug < 1.19.2
- bandit < 1.11.1

...you may be vulnerable!

CVEs:

- https://cna.erlef.org/cves/CVE-2026-8466.html
- https://cna.erlef.org/cves/CVE-2026-43968.html
- https://cna.erlef.org/cves/CVE-2026-7790.html
- https://cna.erlef.org/cves/CVE-2026-43969.html
- https://cna.erlef.org/cves/CVE-2026-8468.html

##

CVE-2026-29204
(9.1 CRITICAL)

EPSS: 0.04%

updated 2026-05-13T15:54:09.420000

2 posts

Insufficient ownership check in `clientarea.php` allows an authenticated client area user to submit requests using another user’s `addonId` without any ownership validation leading to unauthorized access to the victim's account.

1 repos

https://github.com/bogdanrotariu/cve-2026-29204-whmcs-clientarea-addonid

radwebhosting@mastodon.social at 2026-05-14T17:10:43.000Z ##

Security Advisory: CVE-2026-29204 – Critical #WHMCS Authorization Bypass Vulnerability #Security Advisory: CVE-2026-29204 – Critical WHMCS Authorization Bypass Vulnerability
Severity: Critical
CVSS Score: 9.1–10.0 (Critical)
Affected Software: WHMCS
Affected Versions:

WHMCS 7.4.0 through 8.12.2
WHMCS 8.13.x prior to 8.13.3
WHMCS 9.0.x prior to 9.0.4

Overview
A critical authorization bypass vulnerability identified as CVE-2026-29204 ...
Continued 👉 https://blog.radwebhosting.com/security-advisory-cve-2026-29204-critical-whmcs-authorization-bypass-vulnerability/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.social

##

radwebhosting@mastodon.social at 2026-05-14T16:47:25.000Z ##

Security Advisory: CVE-2026-29204 – Critical #WHMCS Authorization Bypass Vulnerability #Security Advisory: CVE-2026-29204 – Critical WHMCS Authorization Bypass Vulnerability
Severity: Critical
CVSS Score: 9.1–10.0 (Critical)
Affected Software: WHMCS
Affected Versions:

WHMCS 7.4.0 through 8.12.2
WHMCS 8.13.x prior to 8.13.3
WHMCS 9.0.x prior to 9.0.4

Overview
A critical authorization bypass vulnerability identified as CVE-2026-29204 ...
Continued 👉 https://blog.radwebhosting.com/security-advisory-cve-2026-29204-critical-whmcs-authorization-bypass-vulnerability/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.social

##

CVE-2026-40621
(9.8 CRITICAL)

EPSS: 0.07%

updated 2026-05-13T15:47:10.327000

2 posts

ELECOM wireless LAN access point devices do not require authentication to access some specific URLs. The affected product may be operated without authentication.

thehackerwire@mastodon.social at 2026-05-13T15:56:09.000Z ##

🔴 CVE-2026-40621 - Critical (9.8)

ELECOM wireless LAN access point devices do not require authentication to access some specific URLs. The affected product may be operated without authentication.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40621/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-13T15:56:09.000Z ##

🔴 CVE-2026-40621 - Critical (9.8)

ELECOM wireless LAN access point devices do not require authentication to access some specific URLs. The affected product may be operated without authentication.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40621/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-42062
(9.8 CRITICAL)

EPSS: 0.33%

updated 2026-05-13T15:47:10.327000

2 posts

ELECOM wireless LAN access point devices contain an OS command injection in processing of username parameter. If processing a crafted request, an arbitrary OS command may be executed. No authentication is required.

thehackerwire@mastodon.social at 2026-05-13T15:56:00.000Z ##

🔴 CVE-2026-42062 - Critical (9.8)

ELECOM wireless LAN access point devices contain an OS command injection in processing of username parameter. If processing a crafted request, an arbitrary OS command may be executed. No authentication is required.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42062/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-13T15:56:00.000Z ##

🔴 CVE-2026-42062 - Critical (9.8)

ELECOM wireless LAN access point devices contain an OS command injection in processing of username parameter. If processing a crafted request, an arbitrary OS command may be executed. No authentication is required.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42062/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40361
(8.4 HIGH)

EPSS: 0.06%

updated 2026-05-13T15:34:52.573000

2 posts

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

bontchev at 2026-05-13T08:27:06.230Z ##

CVE-2026-40361 - Microsoft Word Remote Code Execution Vulnerability:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40361

What's next - and RCE in Notepad?

##

bontchev@infosec.exchange at 2026-05-13T08:27:06.000Z ##

CVE-2026-40361 - Microsoft Word Remote Code Execution Vulnerability:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40361

What's next - and RCE in Notepad?

##

CVE-2026-43898
(10.0 CRITICAL)

EPSS: 0.00%

updated 2026-05-13T15:26:02

2 posts

### Summary Sandbox-defined functions expose `Function.caller`, allowing sandboxed code to recover the internal `LispType.Call` runtime callback. That callback can then be invoked with attacker-controlled fake context and obj values to extract blocked host statics, recover the real host Function constructor, and execute arbitrary host JavaScript. ### Details The vulnerability is in the property a

beyondmachines1 at 2026-05-14T09:01:07.557Z ##

Critical SandboxJS Escape Vulnerability Enables Host Takeover

Nyariv's SandboxJS library contains a critical vulnerability (CVE-2026-43898) that allows unauthenticated attackers to escape the sandbox and execute arbitrary code on the host system.

**If you use the @nyariv/sandboxjs library in your applications, update immediately to version 0.9.6. If you can't update right away, stop processing any untrusted JavaScript through the library until the patch is applied.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-sandboxjs-escape-vulnerability-enables-host-takeover-o-l-2-g-u/gD2P6Ple2L

##

beyondmachines1@infosec.exchange at 2026-05-14T09:01:07.000Z ##

Critical SandboxJS Escape Vulnerability Enables Host Takeover

Nyariv's SandboxJS library contains a critical vulnerability (CVE-2026-43898) that allows unauthenticated attackers to escape the sandbox and execute arbitrary code on the host system.

**If you use the @nyariv/sandboxjs library in your applications, update immediately to version 0.9.6. If you can't update right away, stop processing any untrusted JavaScript through the library until the patch is applied.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-sandboxjs-escape-vulnerability-enables-host-takeover-o-l-2-g-u/gD2P6Ple2L

##

CVE-2026-43989
(8.5 HIGH)

EPSS: 0.01%

updated 2026-05-13T14:54:50.290000

1 posts

JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the upload_wasm MCP tool accepted a filesystem path from the agent and uploaded whatever bytes the path resolved to, with no validation of location, symlink target, file size, or file format. This vulnerability is fixed in 0.x.y-security-1.

thehackerwire@mastodon.social at 2026-05-12T17:26:58.000Z ##

🟠 CVE-2026-43989 - High (8.5)

JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the upload_wasm MCP tool accepted a filesystem path from the agent and uploaded whatever bytes the path resolved to, with no validation of location, symlink targe...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-43989/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4798
(7.5 HIGH)

EPSS: 0.06%

updated 2026-05-13T14:43:46.717000

3 posts

The Avada Builder plugin for WordPress is vulnerable to time-based SQL Injection via the ‘product_order’ parameter in all versions up to, and including, 3.15.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries t

wordfence@mastodon.social at 2026-05-13T21:30:01.000Z ##

1,000,000 WordPress sites are affected by Arbitrary File Read and SQL Injection vulnerabilities in the Avada Builder plugin.

The Arbitrary File Read (CVE-2026-4782) allows subscriber+ attackers to read sensitive files, while the SQL Injection (CVE-2026-4798) allows unauthenticated attackers to extract data from the database.

Patched in 3.15.3. Review the report to ensure your site is not affected.

https://www.wordfence.com/blog/2026/05/1000000-wordpress-sites-affected-by-arbitrary-file-read-and-sql-injection-vulnerabilities-in-avada-builder-wordpress-plugin

#WordPress #CyberSecurity #Wordfence

##

thehackerwire@mastodon.social at 2026-05-13T16:17:07.000Z ##

🟠 CVE-2026-4798 - High (7.5)

The Avada Builder plugin for WordPress is vulnerable to time-based SQL Injection via the ‘product_order’ parameter in all versions up to, and including, 3.15.1 due to insufficient escaping on the user supplied parameter and lack of sufficient ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4798/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-13T16:17:07.000Z ##

🟠 CVE-2026-4798 - High (7.5)

The Avada Builder plugin for WordPress is vulnerable to time-based SQL Injection via the ‘product_order’ parameter in all versions up to, and including, 3.15.1 due to insufficient escaping on the user supplied parameter and lack of sufficient ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4798/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-3425
(8.8 HIGH)

EPSS: 0.08%

updated 2026-05-13T14:43:46.717000

2 posts

The RTMKit Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.2 via the 'path' parameter of the 'get_content' AJAX action. This makes it possible for authenticated attackers, with Author-level access and above, to include and execute arbitrary PHP files on the server, allowing the execution of any PHP code in those files. This

thehackerwire@mastodon.social at 2026-05-13T15:56:19.000Z ##

🟠 CVE-2026-3425 - High (8.8)

The RTMKit Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.2 via the 'path' parameter of the 'get_content' AJAX action. This makes it possible for authenticated attackers, w...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3425/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-13T15:56:19.000Z ##

🟠 CVE-2026-3425 - High (8.8)

The RTMKit Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.2 via the 'path' parameter of the 'get_content' AJAX action. This makes it possible for authenticated attackers, w...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3425/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-2291
(7.3 HIGH)

EPSS: 0.06%

updated 2026-05-13T14:17:14.120000

2 posts

dnsmasqs extract_name() function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-controlled IP address, or to cause a DoS.

michelin@hachyderm.io at 2026-05-13T19:23:12.000Z ##

If you use #dnsmasq on @fedora or @centos Stream - be aware that there are recently disclosed CVEs - https://www.kb.cert.org/vuls/id/471747

@SUSE at least rates one of them a 9.2 on the CVSS 4.0 scale

https://www.suse.com/security/cve/CVE-2026-2291.html

Fedora updates for stable releases are about to hit testing: https://bodhi.fedoraproject.org/updates/?search=dnsmasq-2.92rel2

and if you have the #CentOSHyperscale repo enabled you can `sudo dnf install centos-release-hyperscale-testing && sudo dnf update 'dnsmasq*'`

Please give feedback for the Fedora builds and for the Hyperscale ones if you give them a spin!

https://gitlab.com/CentOS/Hyperscale/rpms/dnsmasq/-/work_items/1

As of the time of posting there is no advisory from #RedHat yet

#Fedora
#CentOS
#CentOS_Stream

##

michelin@hachyderm.io at 2026-05-13T19:23:12.000Z ##

If you use #dnsmasq on @fedora or @centos Stream - be aware that there are recently disclosed CVEs - https://www.kb.cert.org/vuls/id/471747

@SUSE at least rates one of them a 9.2 on the CVSS 4.0 scale

https://www.suse.com/security/cve/CVE-2026-2291.html

Fedora updates for stable releases are about to hit testing: https://bodhi.fedoraproject.org/updates/?search=dnsmasq-2.92rel2

and if you have the #CentOSHyperscale repo enabled you can `sudo dnf install centos-release-hyperscale-testing && sudo dnf update 'dnsmasq*'`

Please give feedback for the Fedora builds and for the Hyperscale ones if you give them a spin!

https://gitlab.com/CentOS/Hyperscale/rpms/dnsmasq/-/work_items/1

As of the time of posting there is no advisory from #RedHat yet

#Fedora
#CentOS
#CentOS_Stream

##

CVE-2026-28910
(3.3 LOW)

EPSS: 0.01%

updated 2026-05-13T14:02:20.380000

2 posts

This issue was addressed with improved permissions checking. This issue is fixed in macOS Tahoe 26.4. A malicious app may be able to access arbitrary files.

mysk@mastodon.social at 2026-05-13T15:35:14.000Z ##

@winterknight1337 It seems to be rubbish. The vector doesn't reflect the attack at all. For example, the attack needs user interaction, but the vector doesn't include it. Anyhow, we will publish the blog and videos soon (targeting Friday).

https://www.tenable.com/cve/CVE-2026-28910

##

mysk@mastodon.social at 2026-05-13T15:35:14.000Z ##

@winterknight1337 It seems to be rubbish. The vector doesn't reflect the attack at all. For example, the attack needs user interaction, but the vector doesn't include it. Anyhow, we will publish the blog and videos soon (targeting Friday).

https://www.tenable.com/cve/CVE-2026-28910

##

CVE-2026-8108
(7.8 HIGH)

EPSS: 0.01%

updated 2026-05-13T00:48:25

2 posts

The installation of Fuji Tellus adds a driver to the kernel which grants all users read and write permissions.

thehackerwire@mastodon.social at 2026-05-13T12:25:06.000Z ##

🟠 CVE-2026-8108 - High (7.8)

The installation of Fuji Tellus adds a driver to the kernel which grants all users read and write permissions.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-8108/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-13T12:25:06.000Z ##

🟠 CVE-2026-8108 - High (7.8)

The installation of Fuji Tellus adds a driver to the kernel which grants all users read and write permissions.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-8108/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-26083
(9.8 CRITICAL)

EPSS: 0.04%

updated 2026-05-12T18:57:02.307000

2 posts

A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox Cloud 5.0.2 through 5.0.5, FortiSandbox PaaS 23.4 all versions, FortiSandbox PaaS 23.3 all versions, FortiSandbox PaaS 23.1 all versions, FortiSandbox PaaS 22.2 all versions, FortiSandbox PaaS 22.1 all versions, FortiSandbox PaaS 21.4 all versions, FortiSandbox PaaS 21

beyondmachines1 at 2026-05-13T11:01:07.371Z ##

Fortinet Patches Critical Remote Code Execution Flaws in FortiAuthenticator and FortiSandbox

Fortinet patched two critical vulnerabilities, CVE-2026-44277 and CVE-2026-26083, which allow unauthenticated attackers to execute remote code on FortiAuthenticator and FortiSandbox systems.

**Plan a very quick patch to these products, Fortinet products are constant targets of hackers. Upgrade FortiAuthenticator to 8.0.3, 6.6.9, or 6.5.7, and FortiSandbox to 5.0.2 or 4.4.9.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/fortinet-patches-critical-remote-code-execution-flaws-in-fortiauthenticator-and-fortisandbox-e-d-3-q-c/gD2P6Ple2L

##

beyondmachines1@infosec.exchange at 2026-05-13T11:01:07.000Z ##

Fortinet Patches Critical Remote Code Execution Flaws in FortiAuthenticator and FortiSandbox

Fortinet patched two critical vulnerabilities, CVE-2026-44277 and CVE-2026-26083, which allow unauthenticated attackers to execute remote code on FortiAuthenticator and FortiSandbox systems.

**Plan a very quick patch to these products, Fortinet products are constant targets of hackers. Upgrade FortiAuthenticator to 8.0.3, 6.6.9, or 6.5.7, and FortiSandbox to 5.0.2 or 4.4.9.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/fortinet-patches-critical-remote-code-execution-flaws-in-fortiauthenticator-and-fortisandbox-e-d-3-q-c/gD2P6Ple2L

##

CVE-2026-0300
(9.8 CRITICAL)

EPSS: 14.43%

updated 2026-05-12T18:47:21.360000

2 posts

A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. The risk of this issue is greatly reduced if you secure access to the User-ID™ Authentication Portal

8 repos

https://github.com/p3Nt3st3r-sTAr/CVE-2026-0300-POC

https://github.com/ByteWraith1/CVE-2026-0300

https://github.com/TailwindRG/cve-2026-0300-audit

https://github.com/mr-r3b00t/CVE-2026-0300

https://github.com/shizuku198411/CVE-2026-0300

https://github.com/qassam-315/PAN-OS-User-ID-Buffer-Overflow-PoC

https://github.com/0xBlackash/CVE-2026-0300

https://github.com/bannned-bit/CVE-2026-0300-PANOS

Analyst207@mastodon.social at 2026-05-14T17:37:07.000Z ##

Palo Alto Networks Exploits Critical PAN-OS Flaw in Limited Attacks

Palo Alto Networks has patched a critical flaw in its PAN-OS software, CVE-2026-0300, which allowed hackers to execute malicious code with root privileges - and the company says it's already been exploited in targeted attacks. The vulnerability, a buffer overflow in the User-ID Authentication Portal service, could be triggered by…

https://osintsights.com/palo-alto-networks-exploits-critical-pan-os-flaw-in-limited-attacks?utm_source=mastodon&utm_medium=social

#Panos #Cve20260300 #PaloAltoNetworks #BufferOverflow #Exploitation

##

PC_Fluesterer@social.tchncs.de at 2026-05-14T06:46:42.000Z ##

Wieder Zero-Day Angriffe gegen Palo Alto Firewall

Und täglich grüßt das Murmeltier. Wieder ein amerikanischer Hersteller von proprietärer Netzwerktechnik, dessen Zero-Day "Sicherheitslücke" (Hintertür) von wahrscheinlich staatlich unterstützten Hackern angegriffen wird. Der Netzwerk-Ausrüster Palo Alto ist und ja schon öfter begegnet. Die CISA hat die Lücke CVE-2026-0300 bereits in den KEV Katalog aufgenommen. Normalerweise bedeutet das eine Anweisung an die Behörden, Updates gegen die betreffende Lücke innerhalb kürzester Frist einzuspielen. Nur dass im vorliegenden

https://www.pc-fluesterer.info/wordpress/2026/05/14/wieder-zero-day-angriffe-gegen-palo-alto-firewall/

#Allgemein #Empfehlung #Hintergrund #Warnung #0day #closedsource #cybercrime #exploits #firewall #foss #hersteller #hintertr #opensource #router #sicherheit #spionage #UnplugTrump #usa #vorbeugen

##

CVE-2026-41096
(9.8 CRITICAL)

EPSS: 0.07%

updated 2026-05-12T18:30:54

6 posts

Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network.

netsecio@mastodon.social at 2026-05-14T14:19:23.000Z ##

📰 Microsoft's May Patch Tuesday: 137 Flaws Fixed, Including Critical Netlogon RCE

Microsoft's May Patch Tuesday is huge: 137 vulnerabilities fixed, 30 critical. No zero-days for the first time in 22 months! 🚨 Key patches for critical RCEs in Netlogon (CVE-2026-41089) and DNS Client (CVE-2026-41096). Patch now! ✅ #PatchTuesday

🔗 https://cyber.netsecops.io/articles/microsofts-may-2026-patch-tuesday-fixes-137-vulnerabilities/?utm_source=mastodon&utm_medium=social&utm_campaign=daily

##

obivan at 2026-05-14T06:57:55.619Z ##

Windows DNS client RCE (CVE-2026-41096) https://hackingpassion.com/windows-dns-rce-2026/

##

netsecio@mastodon.social at 2026-05-13T13:51:40.000Z ##

📰 Microsoft's May Patch Tuesday: 137 Flaws Fixed, Including Critical Netlogon RCE

Microsoft's May Patch Tuesday is huge: 137 vulnerabilities fixed, 30 critical. No zero-days for the first time in 22 months! 🚨 Key patches for critical RCEs in Netlogon (CVE-2026-41089) and DNS Client (CVE-2026-41096). Patch now! ✅ #PatchTuesday

🔗 https://cyber.netsecops.io

##

CapTechGroup@mastodon.social at 2026-05-13T12:48:36.000Z ##

May 2026 Patch Tuesday: 137 vulnerabilities across Windows, Office, Exchange, Azure. CVE-2026-41089 (Netlogon buffer overflow) grants SYSTEM on domain controllers with no auth required. CVE-2026-41096 (DNS Client) exploitable...

https://captechgroup.com/about-us/threat-intelligence-center/may-2026-patch-tuesday-fixes-51-cves-across-window-36b2ed?utm_source=mastodon&utm_medium=social&utm_campaign=threat_intel&utm_content=may-2026-patch-tuesday-fixes-51-cves-across-windows-exchange-office

##

obivan@infosec.exchange at 2026-05-14T06:57:55.000Z ##

Windows DNS client RCE (CVE-2026-41096) https://hackingpassion.com/windows-dns-rce-2026/

##

nyanbinary@infosec.exchange at 2026-05-12T19:03:17.000Z ##

checks notes ...

Windows Netlogon Remote Code Execution
Windows DNS Client Remote Code Execution

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41096
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41089

##

CVE-2026-41089
(9.8 CRITICAL)

EPSS: 0.09%

updated 2026-05-12T18:30:54

4 posts

Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.

netsecio@mastodon.social at 2026-05-14T14:19:23.000Z ##

📰 Microsoft's May Patch Tuesday: 137 Flaws Fixed, Including Critical Netlogon RCE

Microsoft's May Patch Tuesday is huge: 137 vulnerabilities fixed, 30 critical. No zero-days for the first time in 22 months! 🚨 Key patches for critical RCEs in Netlogon (CVE-2026-41089) and DNS Client (CVE-2026-41096). Patch now! ✅ #PatchTuesday

🔗 https://cyber.netsecops.io/articles/microsofts-may-2026-patch-tuesday-fixes-137-vulnerabilities/?utm_source=mastodon&utm_medium=social&utm_campaign=daily

##

netsecio@mastodon.social at 2026-05-13T13:51:40.000Z ##

📰 Microsoft's May Patch Tuesday: 137 Flaws Fixed, Including Critical Netlogon RCE

Microsoft's May Patch Tuesday is huge: 137 vulnerabilities fixed, 30 critical. No zero-days for the first time in 22 months! 🚨 Key patches for critical RCEs in Netlogon (CVE-2026-41089) and DNS Client (CVE-2026-41096). Patch now! ✅ #PatchTuesday

🔗 https://cyber.netsecops.io

##

CapTechGroup@mastodon.social at 2026-05-13T12:48:36.000Z ##

May 2026 Patch Tuesday: 137 vulnerabilities across Windows, Office, Exchange, Azure. CVE-2026-41089 (Netlogon buffer overflow) grants SYSTEM on domain controllers with no auth required. CVE-2026-41096 (DNS Client) exploitable...

https://captechgroup.com/about-us/threat-intelligence-center/may-2026-patch-tuesday-fixes-51-cves-across-window-36b2ed?utm_source=mastodon&utm_medium=social&utm_campaign=threat_intel&utm_content=may-2026-patch-tuesday-fixes-51-cves-across-windows-exchange-office

##

nyanbinary@infosec.exchange at 2026-05-12T19:03:17.000Z ##

checks notes ...

Windows Netlogon Remote Code Execution
Windows DNS Client Remote Code Execution

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41096
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41089

##

CVE-2026-44277
(9.8 CRITICAL)

EPSS: 0.04%

updated 2026-05-12T18:30:54

3 posts

A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8, FortiAuthenticator 6.5.0 through 6.5.6 may allow attacker to execute unauthorized code or commands via <insert attack vector here>

1 repos

https://github.com/0xBlackash/CVE-2026-44277

beyondmachines1 at 2026-05-13T11:01:07.371Z ##

Fortinet Patches Critical Remote Code Execution Flaws in FortiAuthenticator and FortiSandbox

Fortinet patched two critical vulnerabilities, CVE-2026-44277 and CVE-2026-26083, which allow unauthenticated attackers to execute remote code on FortiAuthenticator and FortiSandbox systems.

**Plan a very quick patch to these products, Fortinet products are constant targets of hackers. Upgrade FortiAuthenticator to 8.0.3, 6.6.9, or 6.5.7, and FortiSandbox to 5.0.2 or 4.4.9.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/fortinet-patches-critical-remote-code-execution-flaws-in-fortiauthenticator-and-fortisandbox-e-d-3-q-c/gD2P6Ple2L

##

beyondmachines1@infosec.exchange at 2026-05-13T11:01:07.000Z ##

Fortinet Patches Critical Remote Code Execution Flaws in FortiAuthenticator and FortiSandbox

Fortinet patched two critical vulnerabilities, CVE-2026-44277 and CVE-2026-26083, which allow unauthenticated attackers to execute remote code on FortiAuthenticator and FortiSandbox systems.

**Plan a very quick patch to these products, Fortinet products are constant targets of hackers. Upgrade FortiAuthenticator to 8.0.3, 6.6.9, or 6.5.7, and FortiSandbox to 5.0.2 or 4.4.9.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/fortinet-patches-critical-remote-code-execution-flaws-in-fortiauthenticator-and-fortisandbox-e-d-3-q-c/gD2P6Ple2L

EPSS: 0.26%

updated 2026-05-12T15:11:29.503000

1 posts

** UNSUPPORTED WHEN ASSIGNED ** A buffer overflow vulnerability in the formWep(), formWlAc(), formPasswordSetup(), formUpgradeCert(), and formDelcert() functions of the “webs” binary in Zyxel NWA1100-N customized firmware version 1.00(AACE.1)C0 could allow an attacker to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request to a vulnerable device.

thehackerwire@mastodon.social at 2026-05-12T17:30:21.000Z ##

🟠 CVE-2026-7287 - High (7.5)

** UNSUPPORTED WHEN ASSIGNED ** A buffer overflow vulnerability in the formWep(), formWlAc(), formPasswordSetup(), formUpgradeCert(), and formDelcert() functions of the “webs” binary in Zyxel NWA1100-N customized firmware version 1.00(AACE.1)C...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7287/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-44295
(8.7 HIGH)

EPSS: 0.03%

updated 2026-05-12T15:06:24

2 posts

## Summary `pbjs` static code generation could emit unsafe JavaScript identifiers derived from schema-controlled names. When generating static JavaScript from a crafted schema or JSON descriptor, certain namespace, enum, service, or derived full names could be written into the generated output without sufficient sanitization. ## Impact An attacker who can provide or influence schemas passed to

thehackerwire@mastodon.social at 2026-05-13T16:19:51.000Z ##

🟠 CVE-2026-44295 - High (8.7)

protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbjs static code generation could emit unsafe JavaScript identifiers derived from schema-controlled names. When generating static JavaScript from a crafted schema...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44295/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-13T16:19:51.000Z ##

🟠 CVE-2026-44295 - High (8.7)

protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbjs static code generation could emit unsafe JavaScript identifiers derived from schema-controlled names. When generating static JavaScript from a crafted schema...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44295/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-44289
(7.5 HIGH)

EPSS: 0.04%

updated 2026-05-12T15:01:05

2 posts

## Summary protobufjs could recurse without a depth limit while decoding nested protobuf data. This affected both skipping unknown group fields and generated decoding of nested message fields. A crafted protobuf binary payload could cause the JavaScript call stack to be exhausted during decoding. ## Impact An attacker who can provide protobuf binary data decoded by an application may be able t

thehackerwire@mastodon.social at 2026-05-13T16:21:17.000Z ##

🟠 CVE-2026-44289 - High (7.5)

protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs could recurse without a depth limit while decoding nested protobuf data. This affected both skipping unknown group fields and generated d...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44289/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-13T16:21:17.000Z ##

🟠 CVE-2026-44289 - High (7.5)

protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs could recurse without a depth limit while decoding nested protobuf data. This affected both skipping unknown group fields and generated d...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44289/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-25787
(9.1 CRITICAL)

EPSS: 0.04%

updated 2026-05-12T14:19:41.400000

1 posts

Affected devices do not properly validate and sanitize Technology Object (TO) name rendered on the "Motion Control Diagnostics" page of the web interface. This could allow an authenticated attacker who is authorized to download a TIA project into the product, to inject malicious scripts into the page. If a benign user with appropriate rights accesses the "Motion Control Diagnostics" parameters pa

netsecio@mastodon.social at 2026-05-13T13:51:54.000Z ##

📰 Siemens Patches Critical Flaws in SIMATIC S7 PLCs, RUGGEDCOM Devices

Siemens drops 18 security advisories for ICS Patch Tuesday, fixing critical flaws in SIMATIC S7 PLCs and RUGGEDCOM devices. Key bugs (CVE-2026-25786, CVE-2026-25787) could lead to device takeover. 🏭 #ICSsecurity #OTsecurity #Siemens #PLC

🔗 https://cyber.netsecops.io

##

CVE-2026-39432
(8.2 HIGH)

EPSS: 0.03%

updated 2026-05-12T14:03:52.757000

1 posts

Missing Authorization vulnerability in Arraytics Timetics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Timetics: from n/a through 1.0.53.

thehackerwire@mastodon.social at 2026-05-12T17:29:58.000Z ##

🟠 CVE-2026-39432 - High (8.2)

Missing Authorization vulnerability in Arraytics Timetics allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects Timetics: from n/a through 1.0.53.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-39432/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2019-14192
(9.8 CRITICAL)

EPSS: 0.38%

updated 2026-05-12T12:32:32

4 posts

An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an nc_input_packet call.

allainyann@piaille.fr at 2026-05-13T13:25:12.000Z ##

@eshard Very clever write-up from @eshard team on adding a missing USB-Ethernet peripheral to QEMU (SMSC LAN9514) to enable Time Travel Analysis of CVE-2019-14192 on unmodified RPi 3B+ U-Boot firmware.

Using the U-Boot driver as the hardware spec is such an elegant trick. Sparked some ideas for things I'm working on. Thanks for sharing it !

https://www.eshard.com/blog/u-boot-cve-tta-qemu-part-2

##

eshard at 2026-05-13T11:44:35.273Z ##

Missing peripheral in QEMU? Adding it yourself is easier than you think.

We hit a wall analyzing CVE-2019-14192 on real Raspberry Pi 3B+ firmware, so we added the missing driver to #QEMU. Register by register, using U-Boot's own source as the spec.

🔗 http://www.eshard.com/blog/u-boot-cve-tta-qemu-part-2

#QEMU #Cybersecurity #firmware #uboot

##

allainyann@piaille.fr at 2026-05-13T13:25:12.000Z ##

@eshard Very clever write-up from @eshard team on adding a missing USB-Ethernet peripheral to QEMU (SMSC LAN9514) to enable Time Travel Analysis of CVE-2019-14192 on unmodified RPi 3B+ U-Boot firmware.

Using the U-Boot driver as the hardware spec is such an elegant trick. Sparked some ideas for things I'm working on. Thanks for sharing it !

https://www.eshard.com/blog/u-boot-cve-tta-qemu-part-2

##

eshard@infosec.exchange at 2026-05-13T11:44:35.000Z ##

Missing peripheral in QEMU? Adding it yourself is easier than you think.

We hit a wall analyzing CVE-2019-14192 on real Raspberry Pi 3B+ firmware, so we added the missing driver to #QEMU. Register by register, using U-Boot's own source as the spec.

🔗 http://www.eshard.com/blog/u-boot-cve-tta-qemu-part-2

#QEMU #Cybersecurity #firmware #uboot

##

EPSS: 0.01%

updated 2026-05-12T03:31:32

2 posts

SAP S/4HANA (SAP Enterprise Search for ABAP) contains a SQL injection vulnerability that allows an authenticated attacker to inject malicious SQL statements through user-controlled input. The application directly concatenates this malicious user input into SQL queries, which are then passed to the underlying database without proper validation or sanitization. Upon successful exploitation, an attac

netsecio@mastodon.social at 2026-05-14T14:19:12.000Z ##

📰 SAP Patches Critical Flaws in Commerce Cloud and S/4HANA with 9.6 CVSS Score

🚨 SAP has released critical patches for Commerce Cloud (CVE-2026-34263) and S/4HANA (CVE-2026-34260). Both flaws are rated 9.6 CVSS and could lead to system takeover. Patch immediately! #SAP #CyberSecurity #Vulnerability #PatchTuesday

🔗 https://cyber.netsecops.io/articles/sap-patches-critical-vulnerabilities-in-commerce-cloud-and-s4hana/?utm_source=mastodon&utm_medium=social&utm_campaign=daily

##

thehackerwire@mastodon.social at 2026-05-12T18:05:16.000Z ##

🔴 CVE-2026-34260 - Critical (9.6)

SAP S/4HANA (SAP Enterprise Search for ABAP) contains a SQL injection vulnerability that allows an authenticated attacker to inject malicious SQL statements through user-controlled input. The application directly concatenates this malicious user i...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34260/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-34263
(9.6 CRITICAL)

EPSS: 0.02%

updated 2026-05-12T03:31:32

2 posts

Due to improper Spring Security configuration, SAP Commerce cloud allows an unauthenticated user to perform malicious configuration upload and code injection, resulting in arbitrary server-side code execution, leading to high impact on Confidentiality, Integrity, and Availability of the application.

netsecio@mastodon.social at 2026-05-14T14:19:12.000Z ##

📰 SAP Patches Critical Flaws in Commerce Cloud and S/4HANA with 9.6 CVSS Score

🚨 SAP has released critical patches for Commerce Cloud (CVE-2026-34263) and S/4HANA (CVE-2026-34260). Both flaws are rated 9.6 CVSS and could lead to system takeover. Patch immediately! #SAP #CyberSecurity #Vulnerability #PatchTuesday

🔗 https://cyber.netsecops.io/articles/sap-patches-critical-vulnerabilities-in-commerce-cloud-and-s4hana/?utm_source=mastodon&utm_medium=social&utm_campaign=daily

##

thehackerwire@mastodon.social at 2026-05-12T18:05:27.000Z ##

🔴 CVE-2026-34263 - Critical (9.6)

Due to improper Spring Security configuration, SAP Commerce cloud allows an unauthenticated user to perform malicious configuration upload and code injection, resulting in arbitrary server-side code execution, leading to high impact on Confidentia...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34263/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-28517
(9.8 CRITICAL)

EPSS: 31.37%

updated 2026-05-12T01:16:45.947000

2 posts

openDCIM version 23.04, through commit 4467e9c4, contains an OS command injection vulnerability in report_network_map.php. The application retrieves the 'dot' configuration parameter from the database and passes it directly to exec() without validation or sanitization. If an attacker can modify the fac_Config.dot value, arbitrary commands may be executed in the context of the web server process.

catc0n at 2026-05-14T17:59:57.349Z ##

❗Earlier today, VulnCheck Canaries detected first-time exploitation of CVE-2026-28515 and CVE-2026-28517 in openDCIM, an open-source code base used for data center infrastructure management.

🐚 The cluster of attacker activity we're observing so far originates from a single Chinese IP and uses what appears to be a customized implementation of AI vuln discovery tool Vulnhuntr to automatically check for vulnerable installations before dropping a PHP webshell.

🌐 The VulnCheck team's ASM queries for these vulnerabilities find fewer than 50 systems online, many of which belong to higher education institutions globally. Both CVEs were discovered by new VulnCheck research team member @chocapikk_.

Moar KEVs: https://www.vulncheck.com/kev

##

catc0n@infosec.exchange at 2026-05-14T17:59:57.000Z ##

❗Earlier today, VulnCheck Canaries detected first-time exploitation of CVE-2026-28515 and CVE-2026-28517 in openDCIM, an open-source code base used for data center infrastructure management.

🐚 The cluster of attacker activity we're observing so far originates from a single Chinese IP and uses what appears to be a customized implementation of AI vuln discovery tool Vulnhuntr to automatically check for vulnerable installations before dropping a PHP webshell.

🌐 The VulnCheck team's ASM queries for these vulnerabilities find fewer than 50 systems online, many of which belong to higher education institutions globally. Both CVEs were discovered by new VulnCheck research team member @chocapikk_.

Moar KEVs: https://www.vulncheck.com/kev

##

CVE-2026-43968(CVSS UNKNOWN)

EPSS: 0.04%

updated 2026-05-11T21:31:46

updated 2026-05-11T16:21:19

2 posts

### Impact It was found that the fix addressing [CVE-2026-44575](https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f) did not apply to `middleware.ts` with Turbopack. Refer to [CVE-2026-44575](https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f) for further details. ### References - [CVE CVE-2026-44575](https://github.com/vercel/next.js/security/ad

thehackerwire@mastodon.social at 2026-05-13T19:00:17.000Z ##

🟠 CVE-2026-45109 - High (7.5)

Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.18 and 16.2.6, it was found that the fix addressing CVE-2026-44575 did not apply to middleware.ts with Turbopack. This vulnerability is fixed in 15.5...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45109/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-13T19:00:17.000Z ##

🟠 CVE-2026-45109 - High (7.5)

Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.18 and 16.2.6, it was found that the fix addressing CVE-2026-44575 did not apply to middleware.ts with Turbopack. This vulnerability is fixed in 15.5...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45109/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-44579
(7.5 HIGH)

EPSS: 0.04%

updated 2026-05-11T15:56:24

2 posts

### Impact Applications using Partial Prerendering through the Cache Components feature can be vulnerable to connection exhaustion through crafted POST requests to a server action. In affected configurations, a malicious request can trigger a request-body handling deadlock that leaves connections open for an extended period, consuming file descriptors and server capacity until legitimate users ar

3 repos

https://github.com/iamfarzad/fbcounsulting_v2

https://github.com/iamfarzad/fbconsulting_v0_chat

https://github.com/dwisiswant0/next-16.2.4-pocs

thehackerwire@mastodon.social at 2026-05-13T19:00:39.000Z ##

🟠 CVE-2026-44579 - High (7.5)

Next.js is a React framework for building full-stack web applications. From to before 15.5.16 and 16.2.5, applications using Partial Prerendering through the Cache Components feature can be vulnerable to connection exhaustion through crafted POST...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44579/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-13T19:00:39.000Z ##

🟠 CVE-2026-44579 - High (7.5)

Next.js is a React framework for building full-stack web applications. From to before 15.5.16 and 16.2.5, applications using Partial Prerendering through the Cache Components feature can be vulnerable to connection exhaustion through crafted POST...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44579/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-44578
(8.6 HIGH)

EPSS: 0.03%

updated 2026-05-11T15:55:29

2 posts

### Impact Self-hosted applications using the built-in Node.js server can be vulnerable to server-side request forgery through crafted WebSocket upgrade requests. An attacker can cause the server to proxy requests to arbitrary internal or external destinations, which may expose internal services or cloud metadata endpoints. Vercel-hosted deployments are not affected. ### Fix We now apply the sa

2 repos

https://github.com/dwisiswant0/next-16.2.4-pocs

https://github.com/panchocosil/verify-ghsa-c4j6-fc7j-m34r

thehackerwire@mastodon.social at 2026-05-13T19:07:49.000Z ##

🟠 CVE-2026-44578 - High (8.6)

Next.js is a React framework for building full-stack web applications. From 13.4.13 to before 15.5.16 and 16.2.5, self-hosted applications using the built-in Node.js server can be vulnerable to server-side request forgery through crafted WebSocket...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44578/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-13T19:07:49.000Z ##

🟠 CVE-2026-44578 - High (8.6)

Next.js is a React framework for building full-stack web applications. From 13.4.13 to before 15.5.16 and 16.2.5, self-hosted applications using the built-in Node.js server can be vulnerable to server-side request forgery through crafted WebSocket...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44578/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-44574
(8.1 HIGH)

EPSS: 0.03%

updated 2026-05-11T15:55:28

2 posts

### Impact Applications that rely on middleware to protect dynamic routes can be vulnerable to authorization bypass. In affected deployments, specially crafted query parameters can alter the dynamic route value seen by the page while leaving the visible path unchanged, which can allow protected content to be rendered without passing the expected middleware check. ### Fix We now only honor inter

1 repos

https://github.com/dwisiswant0/next-16.2.4-pocs

thehackerwire@mastodon.social at 2026-05-13T17:38:19.000Z ##

🟠 CVE-2026-44574 - High (8.1)

Next.js is a React framework for building full-stack web applications. From 15.4.0 to before 15.5.16 and 16.2.5, applications that rely on middleware to protect dynamic routes can be vulnerable to authorization bypass. In affected deployments, spe...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44574/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-13T17:38:19.000Z ##

🟠 CVE-2026-44574 - High (8.1)

Next.js is a React framework for building full-stack web applications. From 15.4.0 to before 15.5.16 and 16.2.5, applications that rely on middleware to protect dynamic routes can be vulnerable to authorization bypass. In affected deployments, spe...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44574/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-42595
(8.6 HIGH)

EPSS: 0.00%

updated 2026-05-11T13:51:10

2 posts

A review of 4 published Gotenberg security advisories exposed an SSRF issue. GHSA-pjrr-jgp4-v2fm covers SSRF via the `downloadFrom` endpoint. GHSA-pcrp-7g9h-7qhp covers SSRF via the `webhook` endpoint. Neither advisory addresses SSRF through the primary Chromium URL-to-PDF conversion endpoint (`/forms/chromium/convert/url`), which has no default deny-list for HTTP/HTTPS targets. The redirect-based

thehackerwire@mastodon.social at 2026-05-14T16:58:50.000Z ##

🟠 CVE-2026-42595 - High (8.6)

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, Gotenberg's Chromium URL-to-PDF endpoint (/forms/chromium/convert/url) has no default protection against HTTP/HTTPS-based SSRF. The default deny-list regex only blocks fil...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42595/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-14T16:58:50.000Z ##

🟠 CVE-2026-42595 - High (8.6)

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, Gotenberg's Chromium URL-to-PDF endpoint (/forms/chromium/convert/url) has no default protection against HTTP/HTTPS-based SSRF. The default deny-list regex only blocks fil...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42595/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-7482
(9.1 CRITICAL)

EPSS: 0.10%

updated 2026-05-11T12:27:11.917000

1 posts

Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/create endpoint accepts an attacker-supplied GGUF file in which the declared tensor offset and size exceed the file's actual length; during quantization in fs/ggml/gguf.go and server/quantization.go (WriteTo()), the server reads past the allocated heap buffer. The leaked memory contents may inc

4 repos

https://github.com/msuiche/gguf_cve2026_7482

https://github.com/szybnev/CVE-2026-7482

https://github.com/0x0OZ/CVE-2026-7482-PoC

https://github.com/kaleth4/CVE-2026-7482

knoppix95@mastodon.social at 2026-05-13T07:04:45.000Z ##

Ollama fixed CVE-2026-7482 in v0.17.1, a critical out-of-bounds read flaw that could leak API keys, prompts, and chat data from exposed servers via crafted GGUF files. 🔓
Researchers also disclosed unpatched Windows update flaws enabling persistent code execution through unsigned updates and path traversal in Ollama 0.12.10–0.17.5. ⚠️

🔗 https://thehackernews.com/2026/05/ollama-out-of-bounds-read-vulnerability.html

#TechNews #Ollama #LLM #AI #Cybersecurity #OpenSource #FOSS #Privacy #Infosec #Windows #Linux #Security #Servers #DataBreach #Technology

##

CVE-2026-44338
(7.3 HIGH)

EPSS: 0.07%

updated 2026-05-08T19:06:32.713000

4 posts

PraisonAI is a multi-agent teams system. From version 2.5.6 to before version 4.6.34, PraisonAI ships a legacy Flask API server with authentication disabled by default. When that server is used, any caller that can reach it can access /agents and trigger the configured agents.yaml workflow through /chat without providing a token. This issue has been patched in version 4.6.34.

netsecio@mastodon.social at 2026-05-14T14:19:15.000Z ##

📰 PraisonAI Auth Bypass (CVE-2026-44338) Exploited Within Four Hours of Disclosure

The disclosure-to-exploit window has collapsed. ⏱️ A critical auth bypass in PraisonAI (CVE-2026-44338) was exploited by automated scanners in under 4 hours. A stark reminder to patch immediately. #CyberSecurity #Vulnerability #Automation #AI

🔗 https://cyber.netsecops.io/articles/praisonai-auth-bypass-cve-2026-44338-exploited-within-hours-of-disclosure/?utm_source=mastodon&utm_medium=social&utm_campaign=daily

##

_r_netsec at 2026-05-14T12:43:05.600Z ##

CVE-2026-44338: Scanners Target PraisonAI Within Four Hours of Disclosure https://deafnews.it/en/article/cve-2026-44338-scanner-su-praisonai-in-meno-di-4-ore

##

netsecio@mastodon.social at 2026-05-14T14:19:15.000Z ##

📰 PraisonAI Auth Bypass (CVE-2026-44338) Exploited Within Four Hours of Disclosure

The disclosure-to-exploit window has collapsed. ⏱️ A critical auth bypass in PraisonAI (CVE-2026-44338) was exploited by automated scanners in under 4 hours. A stark reminder to patch immediately. #CyberSecurity #Vulnerability #Automation #AI

🔗 https://cyber.netsecops.io/articles/praisonai-auth-bypass-cve-2026-44338-exploited-within-hours-of-disclosure/?utm_source=mastodon&utm_medium=social&utm_campaign=daily

##

_r_netsec@infosec.exchange at 2026-05-14T12:43:05.000Z ##

CVE-2026-44338: Scanners Target PraisonAI Within Four Hours of Disclosure https://deafnews.it/en/article/cve-2026-44338-scanner-su-praisonai-in-meno-di-4-ore

##

CVE-2024-27355
(7.5 HIGH)

EPSS: 0.34%

updated 2026-05-08T18:24:30

1 posts

### Impact Any application using that loads untrusted ASN1 files (eg. X509 certificates, RSA PKCS8 private or public keys, etc). ### Patches https://github.com/phpseclib/phpseclib/commit/e32531001b4d62c66c3d824ccef54ffad835eb59 ### Workarounds No. ### Resources https://github.com/phpseclib/phpseclib/commit/e32531001b4d62c66c3d824ccef54ffad835eb59 https://www.usenix.org/system/files/conference/u

thehackerwire@mastodon.social at 2026-05-12T18:24:16.000Z ##

🟠 CVE-2026-44167 - High (7.5)

phpseclib is a PHP secure communications library. Prior to 1.0.29, 2.0.54, and 3.0.52, anyone loading untrusted ASN1 files (eg. X509 certificates, RSA PKCS8 private or public keys, etc). This is a bypass of CVE-2024-27355. This vulnerability is fi...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44167/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-44008
(9.8 CRITICAL)

EPSS: 0.07%

updated 2026-05-08T15:58:50

2 posts

### Summary VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. ### Details The new method `neutralizeArraySpeciesBatch` works with objects from the other side but can call into this side via getter on the array prototype exposing objects of the wrong side into the sandbox

thehackerwire@mastodon.social at 2026-05-13T19:03:26.000Z ##

🔴 CVE-2026-44008 - Critical (9.8)

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.2, the new method neutralizeArraySpeciesBatch works with objects from the other side but can call into this side via getter on the array prototype exposing objects of the wrong side into ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44008/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-13T19:03:26.000Z ##

🔴 CVE-2026-44008 - Critical (9.8)

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.2, the new method neutralizeArraySpeciesBatch works with objects from the other side but can call into this side via getter on the array prototype exposing objects of the wrong side into ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44008/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-44007
(9.1 CRITICAL)

EPSS: 0.04%

updated 2026-05-07T05:13:23

2 posts

### Summary When a `NodeVM` is created with `nesting: true`, sandbox code can unconditionally `require('vm2')` regardless of the outer VM's `require` configuration — including `require: false`. With access to `vm2`, the sandbox constructs a new inner `NodeVM` with its own unrestricted `require` settings and executes arbitrary OS commands on the host. Any application that runs untrusted code insid

thehackerwire@mastodon.social at 2026-05-13T19:03:15.000Z ##

🔴 CVE-2026-44007 - Critical (9.1)

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.1, when a NodeVM is created with nesting: true, sandbox code can unconditionally require('vm2') regardless of the outer VM's require configuration — including require: false. With acces...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44007/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-13T19:03:15.000Z ##

🔴 CVE-2026-44007 - Critical (9.1)

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.1, when a NodeVM is created with nesting: true, sandbox code can unconditionally require('vm2') regardless of the outer VM's require configuration — including require: false. With acces...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44007/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-43997
(10.0 CRITICAL)

EPSS: 0.05%

updated 2026-05-07T04:00:19

2 posts

### Summary It is possible to obtain the host `Object`, https://github.com/patriksimek/vm2/commit/ebcfe94ad2f864f0bc35e78cff1d921107cfd160 added some protections, but the implementation is incomplete. ### Details There are various ways to use the host `Object`, to escape the sandbox, one example would be using `HostObject.getOwnPropertySymbols` to obtain `Symbol(nodejs.util.inspect.custom)` #

thehackerwire@mastodon.social at 2026-05-13T19:08:02.000Z ##

🔴 CVE-2026-43997 - Critical (10)

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, it is possible to obtain the host Object. There are various ways to use the host Object, to escape the sandbox, one example would be using HostObject.getOwnPropertySymbols to obtain Sy...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-43997/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-13T19:08:02.000Z ##

🔴 CVE-2026-43997 - Critical (10)

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, it is possible to obtain the host Object. There are various ways to use the host Object, to escape the sandbox, one example would be using HostObject.getOwnPropertySymbols to obtain Sy...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-43997/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-44006
(10.0 CRITICAL)

EPSS: 0.05%

updated 2026-05-07T03:55:02

2 posts

### Summary It is possible to reach `BaseHandler.getPrototypeOf`, which can be used to get arbitrary prototypes ### Details https://github.com/patriksimek/vm2/blob/408fc855f1cc1bbc2985b029465ee0e732ada433/lib/bridge.js#L655-L658 `BaseHandler` can be reached via `util.inspect` (same as https://github.com/patriksimek/vm2/commit/57971fa423abeb66f09e47e18102986549474ca8) ### PoC ```js let obj = {

thehackerwire@mastodon.social at 2026-05-13T19:02:43.000Z ##

🔴 CVE-2026-44006 - Critical (10)

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, It is possible to reach BaseHandler.getPrototypeOf, which can be used to get arbitrary prototypes. This vulnerability is fixed in 3.11.0.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44006/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-13T19:02:43.000Z ##

🔴 CVE-2026-44006 - Critical (10)

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, It is possible to reach BaseHandler.getPrototypeOf, which can be used to get arbitrary prototypes. This vulnerability is fixed in 3.11.0.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44006/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41050
(9.9 CRITICAL)

EPSS: 0.04%

updated 2026-05-07T01:26:07

4 posts

### Impact Fleet's Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their `GitRepo`. **Helm `lookup` bypass:** The Helm template engine ran Kubernetes API queries with the fleet-agent's cluster-admin credentials instead

thehackerwire@mastodon.social at 2026-05-13T16:17:25.000Z ##

🔴 CVE-2026-41050 - Critical (9.9)

Fleet's Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their `GitR...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41050/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq at 2026-05-13T09:00:30.108Z ##

🔥 CRITICAL: SUSE Rancher Fleet Helm deployer (0.11.0 – 0.15.0) has a major auth flaw (CVE-2026-41050). Tenants with git push access can read secrets from any namespace in downstream clusters. Restrict access & monitor closely! https://radar.offseq.com/threat/cve-2026-41050-cwe-863-incorrect-authorization-in--5c35f924 #OffSeq #SUSE #Kubernetes

##

thehackerwire@mastodon.social at 2026-05-13T16:17:25.000Z ##

🔴 CVE-2026-41050 - Critical (9.9)

Fleet's Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their `GitR...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41050/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-05-13T09:00:30.000Z ##

🔥 CRITICAL: SUSE Rancher Fleet Helm deployer (0.11.0 – 0.15.0) has a major auth flaw (CVE-2026-41050). Tenants with git push access can read secrets from any namespace in downstream clusters. Restrict access & monitor closely! https://radar.offseq.com/threat/cve-2026-41050-cwe-863-incorrect-authorization-in--5c35f924 #OffSeq #SUSE #Kubernetes

##

CVE-2026-25705
(8.4 HIGH)

EPSS: 0.04%

updated 2026-05-07T01:23:59

2 posts

### Impact A vulnerability has been identified in [Rancher's Extensions](https://ranchermanager.docs.rancher.com/integrations-in-rancher/rancher-extensions) where malicious code can be injected in Rancher through a path traversal in the `compressedEndpoint` field inside a `UIPlugin` deployment. A malicious UI extension could abuse that to: - Overwrite Rancher binaries or configuration to inject

thehackerwire@mastodon.social at 2026-05-13T16:17:16.000Z ##

🟠 CVE-2026-25705 - High (8.4)

A vulnerability has been identified in [Rancher's Extensions](https://ranchermanager.docs.rancher.com/integrations-in-rancher/rancher-extensions) where malicious code can be injected in Rancher through a path traversal in the `compressedEndpoint` ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25705/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-13T16:17:16.000Z ##

🟠 CVE-2026-25705 - High (8.4)

A vulnerability has been identified in [Rancher's Extensions](https://ranchermanager.docs.rancher.com/integrations-in-rancher/rancher-extensions) where malicious code can be injected in Rancher through a path traversal in the `compressedEndpoint` ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25705/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-42591
(8.2 HIGH)

EPSS: 0.00%

updated 2026-05-07T00:57:03

2 posts

### Summary The SSRF hardening shipped in v8.31.0 only covers outbound URLs that Gotenberg's Go code handles — Chromium asset fetches, webhook delivery, and download-from. The LibreOffice conversion endpoint (`/forms/libreoffice/convert`) passes uploaded documents directly to LibreOffice without inspecting their content. LibreOffice then fetches any embedded external URLs on its own, completely b

thehackerwire@mastodon.social at 2026-05-14T16:58:30.000Z ##

🟠 CVE-2026-42591 - High (8.2)

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the LibreOffice conversion endpoint (/forms/libreoffice/convert) passes uploaded documents directly to LibreOffice without inspecting their content. LibreOffice then fetch...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42591/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-14T16:58:30.000Z ##

🟠 CVE-2026-42591 - High (8.2)

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the LibreOffice conversion endpoint (/forms/libreoffice/convert) passes uploaded documents directly to LibreOffice without inspecting their content. LibreOffice then fetch...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42591/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-44471
(7.8 HIGH)

EPSS: 0.01%

updated 2026-05-07T00:01:30

2 posts

### Summary A malicious tree can be constructed that will, when checked out with gitoxide, permit writing an attacker-controlled symlink into any existing directory the user has write access to. ### Details During checkout, all symlink index entries are deferred and created after regular files using a single shared `gix_worktree::Stack`. Internally, this uses a `gix_fs::Stack`. `gix_fs::Stack:

thehackerwire@mastodon.social at 2026-05-14T15:54:11.000Z ##

🟠 CVE-2026-44471 - High (7.8)

gitoxide is an implementation of git written in Rust. Prior to 0.21.1, a malicious tree can be constructed that will, when checked out with gitoxide, permit writing an attacker-controlled symlink into any existing directory the user has write acce...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44471/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-14T15:54:11.000Z ##

🟠 CVE-2026-44471 - High (7.8)

gitoxide is an implementation of git written in Rust. Prior to 0.21.1, a malicious tree can be constructed that will, when checked out with gitoxide, permit writing an attacker-controlled symlink into any existing directory the user has write acce...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44471/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-44375
(7.5 HIGH)

EPSS: 0.00%

updated 2026-05-06T23:05:54

2 posts

### Summary Nerdbank.MessagePack contains an uncontrolled stack allocation vulnerability in DateTime decoding. A malicious MessagePack payload can declare an oversized timestamp extension length, causing the reader to allocate an attacker-controlled number of bytes on the stack. This can trigger a `StackOverflowException`, which is not catchable by user code and terminates the process. ### Impac

thehackerwire@mastodon.social at 2026-05-14T15:50:48.000Z ##

🟠 CVE-2026-44375 - High (7.5)

Nerdbank.MessagePack is a NativeAOT-compatible MessagePack serialization library. Prior to 1.1.62, Nerdbank.MessagePack contains an uncontrolled stack allocation vulnerability in DateTime decoding. A malicious MessagePack payload can declare an ov...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44375/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-14T15:50:48.000Z ##

🟠 CVE-2026-44375 - High (7.5)

Nerdbank.MessagePack is a NativeAOT-compatible MessagePack serialization library. Prior to 1.1.62, Nerdbank.MessagePack contains an uncontrolled stack allocation vulnerability in DateTime decoding. A malicious MessagePack payload can declare an ov...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44375/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-42559
(8.8 HIGH)

EPSS: 0.00%

updated 2026-05-06T21:55:58

2 posts

## Summary Prior to version 1.4.0, the `rmcp` crate's Streamable HTTP server transport (`crates/rmcp/src/transport/streamable_http_server/`) did not validate the incoming `Host` header. This allowed a malicious public website, via a DNS rebinding attack, to send authenticated requests to an MCP server running on the victim's loopback or private-network interface — violating the MCP specification'

thehackerwire@mastodon.social at 2026-05-14T15:53:20.000Z ##

🟠 CVE-2026-42559 - High (8.8)

RMCP is an official Rust SDK for the Model Context Protocol. Prior to version 1.4.0, the rmcp crate's Streamable HTTP server transport (crates/rmcp/src/transport/streamable_http_server/) did not validate the incoming Host header. This allowed a ma...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42559/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-14T15:53:20.000Z ##

🟠 CVE-2026-42559 - High (8.8)

RMCP is an official Rust SDK for the Model Context Protocol. Prior to version 1.4.0, the rmcp crate's Streamable HTTP server transport (crates/rmcp/src/transport/streamable_http_server/) did not validate the incoming Host header. This allowed a ma...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42559/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-42281(CVSS UNKNOWN)

EPSS: 0.00%

updated 2026-05-05T20:54:01

2 posts

### Summary An unauthenticated Server-Side Request Forgery (SSRF) vulnerability in the `/cors` endpoint allows any remote attacker to force the MagicMirror² server to perform arbitrary HTTP requests to internal networks, cloud metadata services, and localhost services. The endpoint also expands environment variable placeholders (`**VAR_NAME**`), enabling exfiltration of server-side secrets. ###

Nuclei template

1 repos

https://github.com/Astaruf/CVE-2026-42281

offseq at 2026-05-14T16:30:12.795Z ##

🚨 CVE-2026-42281: CRITICAL SSRF in MagicMirror² (<2.36.0)! /cors endpoint lets unauthenticated attackers scan internal networks & exfiltrate environment secrets. Upgrade to 2.36.0+ now! https://radar.offseq.com/threat/cve-2026-42281-cwe-918-server-side-request-forgery-3c9e7191 #OffSeq #SSRF #MagicMirror #Vuln

##

offseq@infosec.exchange at 2026-05-14T16:30:12.000Z ##

🚨 CVE-2026-42281: CRITICAL SSRF in MagicMirror² (<2.36.0)! /cors endpoint lets unauthenticated attackers scan internal networks & exfiltrate environment secrets. Upgrade to 2.36.0+ now! https://radar.offseq.com/threat/cve-2026-42281-cwe-918-server-side-request-forgery-3c9e7191 #OffSeq #SSRF #MagicMirror #Vuln

##

CVE-2026-42266
(8.8 HIGH)

EPSS: 0.06%

updated 2026-05-05T20:53:21

4 posts

The allow-list of extensions that can be installed from PyPI Extension Manager (`allowed_extensions_uris`) is not correctly enforced by JupyterLab prior to 4.5.X. The PyPI Extension Manager was not contained to packages listed on the default PyPI index. This has security implications for deployments that: - have allow-listed specific extensions with aim to prevent users from installing packages -

thehackerwire@mastodon.social at 2026-05-13T17:53:41.000Z ##

🟠 CVE-2026-42266 - High (8.8)

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the allow-list of extensions that can be installed from PyPI Extension Manager (allowed_extensions...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42266/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-13T17:50:24.000Z ##

🟠 CVE-2026-42266 - High (8.8)

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the allow-list of extensions that can be installed from PyPI Extension Manager (allowed_extensions...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42266/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-13T17:53:41.000Z ##

🟠 CVE-2026-42266 - High (8.8)

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the allow-list of extensions that can be installed from PyPI Extension Manager (allowed_extensions...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42266/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-13T17:50:24.000Z ##

🟠 CVE-2026-42266 - High (8.8)

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the allow-list of extensions that can be installed from PyPI Extension Manager (allowed_extensions...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42266/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41940
(9.8 CRITICAL)

EPSS: 74.24%

updated 2026-05-04T18:31:33

4 posts

cPanel and WHM versions prior to 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.134.0.20, and 11.136.0.5 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.

Nuclei template

67 repos

https://github.com/Andrei-Dr/cpanel-cve-2026-41940-ioc

https://github.com/iSee857/cPanel-WHM-CVE-2026-41940-AuthBypass

https://github.com/merdw/cPanel-CVE-2026-41940-Scanner

https://github.com/mahfuzreham/cpanel-cve-2026-41940

https://github.com/MrOplus/CVE-2026-41940

https://github.com/MrAriaNet/cPanel-Fix

https://github.com/dennisec/CVE-2026-41940

https://github.com/OhmGun/whmxploit---CVE-2026-41940

https://github.com/Lutfifakee-Project/CVE-2026-41940

https://github.com/tfawnies/CVE-2026-41940-next

https://github.com/unteikyou/CVE-2026-41940-AuthBypass-Detector

https://github.com/murrez/CVE-2026-41940

https://github.com/NULL200OK/cve-2026-41940-tool

https://github.com/habibkaratas/sorry-ransomware-analysis

https://github.com/vineet7800/cpanel-malware-cleaner-cve-2026

https://github.com/0xF55/cve-2026-41940-exploit

https://github.com/sebinxavi/cve-checker-2026

https://github.com/ilmndwntr/CVE-2026-41940-MASS-EXPLOIT

https://github.com/senyx122/CVE-2026-41940

https://github.com/Richflexpix/cpanel-pwn

https://github.com/0xabdoulaye/CPANEL-CVE-2026-41940

https://github.com/AmirrezaMarzban/portscan-CVE-2026-41940

https://github.com/Christian93111/CVE-2026-41940

https://github.com/devtint/CVE-2026-41940

https://github.com/linko-iheb/cve-2026-41940-scanner

https://github.com/tahaXafous/CVE_2026_41940_scan_exploit

https://github.com/0xBlackash/CVE-2026-41940

https://github.com/kmaruthisrikar/CVE-2026-41940-cPanel-Auth-Bypass-Exploit

https://github.com/3tternp/CVE-2026-41940---cPanel-WHM-check

https://github.com/acuciureanu/cpanel2shell-honeypot

https://github.com/XsanFlip/poc-cpanel-cve-2026-41940

https://github.com/shahidmallaofficial/cpanel-cve-2026-41940-fix

https://github.com/rdyprtmx/poc-cve-2026-41940

https://github.com/cy3erm/CVE-2026-41940-POC

https://github.com/branixsolutions/Security-CVE-2026-41940-cPanel-WHM-WP2

https://github.com/ngksiva/cpanel-forensics

https://github.com/itsismarcos/CVE-2026-41940

https://github.com/sercanokur/CVE-2026-41940-cPanel-WHM-Verification-Tool

https://github.com/Underh0st/CPanel-Audit-Remediation-Tool

https://github.com/SreejaPuthan/cpanel-control-plane-exposure-check

https://github.com/zycoder0day/CVE-2026-41940

https://github.com/realawaisakbar/CVE-2026-41940-Exploit-PoC

https://github.com/Jenderal92/CVE-2026-41940

https://github.com/Ishanoshada/CVE-2026-41940-Exploit-PoC

https://github.com/Sachinart/CVE-2026-41940-cpanel-0day

https://github.com/adriyansyah-mf/cve-2026-41940-poc

https://github.com/imbas007/POC_CVE-2026-41940

https://github.com/44pie/cpsniper

https://github.com/Defacto-ridgepole254/CVE-2026-41940-Exploit-PoC

https://github.com/bughunt4me/cpanelCVE-2026-41940

https://github.com/Unfold-Security/CVE-2026-41940-Detection

https://github.com/ynsmroztas/cPanelSniper

https://github.com/nickpaulsec/2026-41940-poc

https://github.com/thekawix/CVE-2026-41940

https://github.com/assetnote/cpanel2shell-scanner

https://github.com/0dev1337/cpanelscanner

https://github.com/rfxn/cpanel-sessionscribe

https://github.com/george1-adel/CVE-2026-41940_exploit

https://github.com/Wesuiliye/CVE-2026-41940

https://github.com/zedxod/CVE-2026-41940-POC

https://github.com/Kagantua/cPanelWHM-AuthBypass

https://github.com/ZildanZ/CVE-2026-41940

https://github.com/anach-ai/CVE-2026-41940

https://github.com/debugactiveprocess/cPanel-WHM-AuthBypass-Session-Checker

https://github.com/tc4dy/CVE-2026-41940-POC-Exploit

https://github.com/Ap0dexMe0/CVE-2026-41940

https://github.com/YudaSamuel/cpanel-vuln-scanner

tugatech@masto.pt at 2026-05-13T14:02:50.000Z ##

Ataque a sistemas cPanel explora falha CVE-2026-41940 para instalar backdoor
🔗 https://tugatech.com.pt/t83414-ataque-a-sistemas-cpanel-explora-falha-cve-2026-41940-para-instalar-backdoor

#ataque #cve #falha

##

pentesttools at 2026-05-13T09:47:01.862Z ##

Seven FuelCMS CVEs documented. XSS callbacks now show IP and headers. Website Scanner detects exposed private keys passively. Scheduled scan exports. API risk filtering.

Also: free scanner for CVE-2026-41940, the cPanel auth bypass exploited for 64 days before a patch existed. No account needed.

https://pentest-tools.com/network-vulnerability-scanning/cve-2026-41940-scanner-cpanel-authentication-bypass

#infosec #pentesting #vulnerabilitymanagement

##

tugatech@masto.pt at 2026-05-13T14:02:50.000Z ##

updated 2026-04-15T00:35:42.020000

1 posts

Abacus is a highly scalable and stateless counting API. A critical goroutine leak vulnerability has been identified in the Abacus server's Server-Sent Events (SSE) implementation. The issue occurs when clients disconnect from the /stream endpoint, as the server fails to properly clean up resources and terminate associated goroutines. This leads to resource exhaustion where the server continues run

avery@furry.engineer at 2026-05-13T13:54:12.000Z ##

@pierogiburo they escaped their clutches for millenia up until 2025
https://www.cve.org/CVERecord?id=CVE-2025-27421

##

CVE-2026-34486
(7.5 HIGH)

EPSS: 0.01%

updated 2026-04-14T12:45:40.433000

2 posts

Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the issue.

Nuclei template

5 repos

https://github.com/404-src/CVE-2026-34486

https://github.com/striga-ai/CVE-2026-34486

https://github.com/helGayhub233/CVE-2026-34486-Tribes

https://github.com/punitdarji/tomcat-cve-2026-34486

https://github.com/AirSkye/CVE-2026-34486-poc

GossiTheDog@cyberplace.social at 2026-05-14T11:11:16.000Z ##

CVE-2026-34486 - Tomcat

- Only exploitable if a certain feature is used, if its endpoint is reachable and if port 4000 is available. It's pretty niche.

##

GossiTheDog@cyberplace.social at 2026-05-14T11:11:16.000Z ##

CVE-2026-34486 - Tomcat

- Only exploitable if a certain feature is used, if its endpoint is reachable and if port 4000 is available. It's pretty niche.

##

CVE-2026-28515
(8.8 HIGH)

EPSS: 44.25%

updated 2026-03-10T15:03:39.680000

2 posts

openDCIM version 23.04, through commit 4467e9c4, contains a missing authorization vulnerability in install.php and container-install.php. The installer and upgrade handler expose LDAP configuration functionality without enforcing application role checks. Any authenticated user can access this functionality regardless of assigned privileges. In deployments where REMOTE_USER is set without authentic

catc0n at 2026-05-14T17:59:57.349Z ##

❗Earlier today, VulnCheck Canaries detected first-time exploitation of CVE-2026-28515 and CVE-2026-28517 in openDCIM, an open-source code base used for data center infrastructure management.

🐚 The cluster of attacker activity we're observing so far originates from a single Chinese IP and uses what appears to be a customized implementation of AI vuln discovery tool Vulnhuntr to automatically check for vulnerable installations before dropping a PHP webshell.

🌐 The VulnCheck team's ASM queries for these vulnerabilities find fewer than 50 systems online, many of which belong to higher education institutions globally. Both CVEs were discovered by new VulnCheck research team member @chocapikk_.

Moar KEVs: https://www.vulncheck.com/kev

##

catc0n@infosec.exchange at 2026-05-14T17:59:57.000Z ##

❗Earlier today, VulnCheck Canaries detected first-time exploitation of CVE-2026-28515 and CVE-2026-28517 in openDCIM, an open-source code base used for data center infrastructure management.

🐚 The cluster of attacker activity we're observing so far originates from a single Chinese IP and uses what appears to be a customized implementation of AI vuln discovery tool Vulnhuntr to automatically check for vulnerable installations before dropping a PHP webshell.

🌐 The VulnCheck team's ASM queries for these vulnerabilities find fewer than 50 systems online, many of which belong to higher education institutions globally. Both CVEs were discovered by new VulnCheck research team member @chocapikk_.

Moar KEVs: https://www.vulncheck.com/kev

##

CVE-2026-21535
(8.2 HIGH)

EPSS: 0.09%

updated 2026-02-20T00:31:59

2 posts

Improper access control in Microsoft Teams allows an unauthorized attacker to disclose information over a network.

vitobotta@mastodon.social at 2026-05-13T11:00:38.000Z ##

CVE-2026-21535: unauthenticated info disclosure in Microsoft Teams. Network access is all an attacker needs, no credentials at all. The app sitting open on every corporate laptop right now. Go patch it. https://www.bleepingcomputer.com/news/microsoft/microsoft-may-2026-patch-tuesday-fixes-120-flaws-no-zero-days/

##

vitobotta@mastodon.social at 2026-05-13T11:00:38.000Z ##

CVE-2026-21535: unauthenticated info disclosure in Microsoft Teams. Network access is all an attacker needs, no credentials at all. The app sitting open on every corporate laptop right now. Go patch it. https://www.bleepingcomputer.com/news/microsoft/microsoft-may-2026-patch-tuesday-fixes-120-flaws-no-zero-days/

##

CVE-2026-1777
(7.2 HIGH)

EPSS: 0.02%

updated 2026-02-03T19:01:12

2 posts

### Summary SageMaker Python SDK is an open source library for training and deploying machine learning models on Amazon SageMaker. An issue where the HMAC secret key is stored in environment variables and disclosed via the DescribeTrainingJob API has been identified. ### Impact - Function and Payload Tampering: Attackers with DescribeTrainingJob permissions may extract HMAC secret keys and forg

awssecurityfeed at 2026-05-14T02:30:01.155Z ##

Security Findings in SageMaker Python SDK

Bulletin ID: 2026-004-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/02/02 14:30 PM PST
Description:
CVE-2026-1777 - Exposed HMAC in SageMaker Python SDK SageMaker Python SDK’s remote fu...

https://aws.amazon.com/security/security-bulletins/rss/2026-004-aws/

#aws #security

##

awssecurityfeed@infosec.exchange at 2026-05-14T02:30:01.000Z ##

Security Findings in SageMaker Python SDK

Bulletin ID: 2026-004-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/02/02 14:30 PM PST
Description:
CVE-2026-1777 - Exposed HMAC in SageMaker Python SDK SageMaker Python SDK’s remote fu...

https://aws.amazon.com/security/security-bulletins/rss/2026-004-aws/

#aws #security

##

CVE-2025-31161
(9.8 CRITICAL)

EPSS: 88.94%

updated 2025-10-22T00:33:17

2 posts

CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account (unless a DMZ proxy instance is used), as exploited in the wild in March and April 2025, aka "Unauthenticated HTTP(S) port access." A race condition exists in the AWS4-HMAC (compatible with S3) authorization method of the HTTP component of the FTP server. The server first verifies the

Nuclei template

19 repos

https://github.com/ghostsec420/ShatteredFTP

https://github.com/cesarbtakeda/CVE-2025-31161

https://github.com/SUPRAAA-1337/Nuclei_CVE-2025-31161_CVE-2025-2825

https://github.com/Immersive-Labs-Sec/CVE-2025-31161

https://github.com/0xgh057r3c0n/CVE-2025-31161

https://github.com/ibrahmsql/CVE-2025-31161

https://github.com/Dairrow/CVE-2025-31161

https://github.com/Shisones/CVE-2025-31161

https://github.com/Drelinss/Blackash-CVE-2025-31161

https://github.com/tdawg506/CVE-2025-31161

https://github.com/0xBlackash/CVE-2025-31161

https://github.com/acan0007/CVE-2025-31161

https://github.com/ch3m1cl/CVE-2025-31161

https://github.com/f4dee-backup/CVE-2025-31161

https://github.com/eserror/CVE-2025-31161

https://github.com/0xDTC/CrushFTP-auth-bypass-CVE-2025-31161

https://github.com/SUPRAAA-1337/CVE-2025-31161_exploit

https://github.com/TX-One/CVE-2025-31161

https://github.com/r0otk3r/CVE-2025-31161

_r_netsec at 2026-05-14T16:13:05.594Z ##

Detecting Exploitation of CrushFTP Vulnerability (CVE-2025-31161) With PacketSmith Yara Detection Module - Using track_state and flow_state https://blog.netomize.ca/detecting-exploitation-of-crushftp-vulnerability-cve-2025-31161-with-packetsmith-yara-detection-module-using-track-state-and-flow-state

##

_r_netsec@infosec.exchange at 2026-05-14T16:13:05.000Z ##

Detecting Exploitation of CrushFTP Vulnerability (CVE-2025-31161) With PacketSmith Yara Detection Module - Using track_state and flow_state https://blog.netomize.ca/detecting-exploitation-of-crushftp-vulnerability-cve-2025-31161-with-packetsmith-yara-detection-module-using-track-state-and-flow-state

##

CVE-2026-44542
(0 None)

EPSS: 0.00%

2 posts

N/A

offseq at 2026-05-14T18:00:10.497Z ##

🚨 CRITICAL: CVE-2026-44542 in gtsteffaniak FileBrowser Quantum (<1.3.1-stable, <1.3.9-beta) allows unauthenticated file deletion via path traversal. Upgrade to fixed versions ASAP for protection! https://radar.offseq.com/threat/cve-2026-44542-cwe-22-improper-limitation-of-a-pat-f7d1f33b #OffSeq #vulnerability #FileBrowser #cybersecurity

##

offseq@infosec.exchange at 2026-05-14T18:00:10.000Z ##

🚨 CRITICAL: CVE-2026-44542 in gtsteffaniak FileBrowser Quantum (<1.3.1-stable, <1.3.9-beta) allows unauthenticated file deletion via path traversal. Upgrade to fixed versions ASAP for protection! https://radar.offseq.com/threat/cve-2026-44542-cwe-22-improper-limitation-of-a-pat-f7d1f33b #OffSeq #vulnerability #FileBrowser #cybersecurity

##

CVE-2026-20224
(0 None)

EPSS: 0.00%

2 posts

N/A

AAKL at 2026-05-14T16:24:09.513Z ##

I'm almost inclined to gloat after the 4000 (mere change) layoffs because "look, we're drowning in money. Who needs people?"

- CRITICAL: CVE-2026-20182: Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa2-v69WY2SW

- CRITICAL: CVE-2026-20209, CVE-2026-20210 CVE-2026-20224: Cisco Catalyst SD-WAN Manager Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-mltvnps2-JxpWm7R @TalosSecurity #infosec #Cisco #vulnerability

@cR0w

##

AAKL@infosec.exchange at 2026-05-14T16:24:09.000Z ##

I'm almost inclined to gloat after the 4000 (mere change) layoffs because "look, we're drowning in money. Who needs people?"

- CRITICAL: CVE-2026-20182: Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa2-v69WY2SW

- CRITICAL: CVE-2026-20209, CVE-2026-20210 CVE-2026-20224: Cisco Catalyst SD-WAN Manager Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-mltvnps2-JxpWm7R @TalosSecurity #infosec #Cisco #vulnerability

@cR0w

##

CVE-2026-20209
(0 None)

EPSS: 0.00%

2 posts

N/A

AAKL at 2026-05-14T16:24:09.513Z ##

I'm almost inclined to gloat after the 4000 (mere change) layoffs because "look, we're drowning in money. Who needs people?"

- CRITICAL: CVE-2026-20182: Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa2-v69WY2SW

- CRITICAL: CVE-2026-20209, CVE-2026-20210 CVE-2026-20224: Cisco Catalyst SD-WAN Manager Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-mltvnps2-JxpWm7R @TalosSecurity #infosec #Cisco #vulnerability

@cR0w

##

AAKL@infosec.exchange at 2026-05-14T16:24:09.000Z ##

I'm almost inclined to gloat after the 4000 (mere change) layoffs because "look, we're drowning in money. Who needs people?"

- CRITICAL: CVE-2026-20182: Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa2-v69WY2SW

- CRITICAL: CVE-2026-20209, CVE-2026-20210 CVE-2026-20224: Cisco Catalyst SD-WAN Manager Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-mltvnps2-JxpWm7R @TalosSecurity #infosec #Cisco #vulnerability

@cR0w

##

CVE-2026-44193
(0 None)

EPSS: 0.23%

4 posts

N/A

thehackerwire@mastodon.social at 2026-05-14T16:03:33.000Z ##

🔴 CVE-2026-44193 - Critical (9.1)

OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.7, the XMLRPC method opnsense.restore_config_section fails to sanitize user supplied input leading to Remote Code Execution. This vulnerability is fixed in 26.1.7.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44193/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq at 2026-05-14T06:00:26.177Z ##

⚠️ CRITICAL: OPNsense core < 26.1.7 vulnerable to argument injection (CVE-2026-44193). Remote code execution possible via XMLRPC method. Update to 26.1.7+ now! https://radar.offseq.com/threat/cve-2026-44193-cwe-88-improper-neutralization-of-a-d4d4bbb8 #OffSeq #OPNsense #Vuln #RCE

##

thehackerwire@mastodon.social at 2026-05-14T16:03:33.000Z ##

🔴 CVE-2026-44193 - Critical (9.1)

OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.7, the XMLRPC method opnsense.restore_config_section fails to sanitize user supplied input leading to Remote Code Execution. This vulnerability is fixed in 26.1.7.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44193/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-05-14T06:00:26.000Z ##

⚠️ CRITICAL: OPNsense core < 26.1.7 vulnerable to argument injection (CVE-2026-44193). Remote code execution possible via XMLRPC method. Update to 26.1.7+ now! https://radar.offseq.com/threat/cve-2026-44193-cwe-88-improper-neutralization-of-a-d4d4bbb8 #OffSeq #OPNsense #Vuln #RCE

##

CVE-2026-44447
(0 None)

EPSS: 0.04%

2 posts

N/A

thehackerwire@mastodon.social at 2026-05-14T16:00:25.000Z ##

🟠 CVE-2026-44447 - High (8.8)

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.0, some endpoints were vulnerable to SQL injection through specially crafted requests, which would allow a malicious actor to extract sensitive information. This vu...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44447/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-14T16:00:25.000Z ##

🟠 CVE-2026-44447 - High (8.8)

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.0, some endpoints were vulnerable to SQL injection through specially crafted requests, which would allow a malicious actor to extract sensitive information. This vu...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44447/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-44446
(0 None)

EPSS: 0.04%

2 posts

N/A

thehackerwire@mastodon.social at 2026-05-14T16:00:15.000Z ##

🟠 CVE-2026-44446 - High (8.8)

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.104.3 and 16.14.0, some endpoints were vulnerable to SQL injection through specially crafted requests, which would allow a malicious actor to extract sensitive inform...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44446/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-14T16:00:15.000Z ##

🟠 CVE-2026-44446 - High (8.8)

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.104.3 and 16.14.0, some endpoints were vulnerable to SQL injection through specially crafted requests, which would allow a malicious actor to extract sensitive inform...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44446/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-44442
(0 None)

EPSS: 0.04%

4 posts

N/A

thehackerwire@mastodon.social at 2026-05-14T16:00:06.000Z ##

🔴 CVE-2026-44442 - Critical (9.9)

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.1, certain endpoints failed to enforce proper authorization checks, allowing users to modify data beyond their permitted role. This vulnerability is fixed in 16.9.1.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44442/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq at 2026-05-14T00:00:39.389Z ##

🚨 CRITICAL vuln: ERPNext <16.9.1 (CVE-2026-44442) lets users with limited rights modify data due to missing authorization. Update ASAP to 16.9.1+ to fix. No known exploits yet. Details: https://radar.offseq.com/threat/cve-2026-44442-cwe-862-missing-authorization-in-fr-ebe7ec52 #OffSeq #ERPNext #Vuln #AppSec

##

thehackerwire@mastodon.social at 2026-05-14T16:00:06.000Z ##

🔴 CVE-2026-44442 - Critical (9.9)

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.1, certain endpoints failed to enforce proper authorization checks, allowing users to modify data beyond their permitted role. This vulnerability is fixed in 16.9.1.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44442/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-05-14T00:00:39.000Z ##

🚨 CRITICAL vuln: ERPNext <16.9.1 (CVE-2026-44442) lets users with limited rights modify data due to missing authorization. Update ASAP to 16.9.1+ to fix. No known exploits yet. Details: https://radar.offseq.com/threat/cve-2026-44442-cwe-862-missing-authorization-in-fr-ebe7ec52 #OffSeq #ERPNext #Vuln #AppSec

##

CVE-2026-45158
(0 None)

EPSS: 0.23%

4 posts

N/A

thehackerwire@mastodon.social at 2026-05-14T15:56:12.000Z ##

🔴 CVE-2026-45158 - Critical (9.1)

OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, unsanitized user input is passed to the DHCP configuration of the configured interface, which is processed by a shell script, allowing remote code execution as root on the...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45158/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq at 2026-05-14T03:00:29.235Z ##

🚨 CRITICAL: OPNsense core < 26.1.8 has CVE-2026-45158 — command injection in DHCP config allows root RCE. Upgrade to 26.1.8+ now to prevent full system compromise. Details: https://radar.offseq.com/threat/cve-2026-45158-cwe-88-improper-neutralization-of-a-59c85f26 #OffSeq #OPNsense #Vuln #Cybersecurity

##

thehackerwire@mastodon.social at 2026-05-14T15:56:12.000Z ##

🔴 CVE-2026-45158 - Critical (9.1)

OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, unsanitized user input is passed to the DHCP configuration of the configured interface, which is processed by a shell script, allowing remote code execution as root on the...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45158/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-05-14T03:00:29.000Z ##

🚨 CRITICAL: OPNsense core < 26.1.8 has CVE-2026-45158 — command injection in DHCP config allows root RCE. Upgrade to 26.1.8+ now to prevent full system compromise. Details: https://radar.offseq.com/threat/cve-2026-45158-cwe-88-improper-neutralization-of-a-59c85f26 #OffSeq #OPNsense #Vuln #Cybersecurity

##

CVE-2026-28215
(0 None)

EPSS: 0.30%

2 posts

N/A

thehackerwire@mastodon.social at 2026-05-14T15:55:54.000Z ##

🟠 CVE-2026-44478 - High (7.5)

hoppscotch is an open source API development ecosystem. The fix for CVE-2026-28215 in version 2026.2.0 addresses the unauthenticated POST /v1/onboarding/config endpoint by checking onboardingCompleted and canReRunOnboarding before allowing config ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44478/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-14T15:55:54.000Z ##

🟠 CVE-2026-44478 - High (7.5)

hoppscotch is an open source API development ecosystem. The fix for CVE-2026-28215 in version 2026.2.0 addresses the unauthenticated POST /v1/onboarding/config endpoint by checking onboardingCompleted and canReRunOnboarding before allowing config ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44478/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-44482
(0 None)

EPSS: 0.00%

2 posts

N/A

thehackerwire@mastodon.social at 2026-05-14T15:50:59.000Z ##

🔴 CVE-2026-44482 - Critical (9.6)

soundcloud-rpc is a SoundCloud Client with Discord Rich Presence, Dark Mode, Last.fm and AdBlock support. Prior to 0.1.8, a track title containing an HTML payload executed locally in the Electron app. This means attacker-controlled SoundCloud trac...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44482/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-14T15:50:59.000Z ##

🔴 CVE-2026-44482 - Critical (9.6)

soundcloud-rpc is a SoundCloud Client with Discord Rich Presence, Dark Mode, Last.fm and AdBlock support. Prior to 0.1.8, a track title containing an HTML payload executed locally in the Electron app. This means attacker-controlled SoundCloud trac...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44482/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-45793
(0 None)

EPSS: 0.00%

1 posts

N/A

graste@vivaldi.net at 2026-05-14T11:24:49.000Z ##

"CVE-2026-45793: Anatomy of a 14-Hour PHP Supply-Chain Near-Miss"
https://github.com/graycoreio/github-actions-magento2/discussions/261

#php #magento #composerphp #githubactions

##

CVE-2026-46300
(0 None)

EPSS: 0.00%

14 posts

N/A

3 repos

https://github.com/Sentebale/CVE-2026-46300

https://github.com/infiniroot/ansible-mitigate-copyfail-dirtyfrag

https://github.com/HORKimhab/CVE-2026-46300

beaufils@mastodon.social at 2026-05-14T10:27:14.000Z ##

Jour férié en fin de semaine en France, jour de #LPE (exploit Linux accessible aux utilisateurs) :

https://security-tracker.debian.org/tracker/CVE-2026-46300

😠

##

Analyst207@mastodon.social at 2026-05-14T08:37:02.000Z ##

Linux Kernel Vulnerability Exposes Root Access Risk via Page Cache Corruption

A newly discovered Linux Kernel vulnerability, dubbed Fragnesia, allows unprivileged local attackers to corrupt the kernel page cache and gain root access, posing a significant risk to system security. This critical flaw, tracked as CVE-2026-46300, is the third local privilege escalation…

https://osintsights.com/linux-kernel-vulnerability-exposes-root-access-risk-via-page-cache-corruption?utm_source=mastodon&utm_medium=social

#LinuxKernelVulnerability #Cve202646300 #LocalPrivilegeEscalation #PageCacheCorruption #XfrmEspintcp

##

nakira@mstdn.social at 2026-05-14T08:06:45.000Z ##

⚠️ New Linux kernel vulnerability Fragnasia (CVE-2026-46300) allows local attackers to escalate privileges to root via a logic bug in the XFRM ESP-in-TCP subsystem.

All kernels before May 13, 2026 are affected.

Open-source security relies on community vigilance. Stay safe, patch early, and share this widely.

🌐 further info: https://www.bleepingcomputer.com/news/security/new-fragnesia-linux-flaw-lets-attackers-gain-root-privileges/

#linux #security #exploit

##

gtronix at 2026-05-14T08:00:45.205Z ##

"New Fragnesia Linux flaw lets attackers gain root privileges"

"[...] Linux distros are rolling out patches for a new high-severity kernel privilege escalation vulnerability (known as Fragnasia and tracked as CVE-2026-46300) that allows attackers to run malicious code as root."

https://www.bleepingcomputer.com/news/security/new-fragnesia-linux-flaw-lets-attackers-gain-root-privileges/

#Linux

##

TheTomas@toot9.de at 2026-05-14T07:25:13.000Z ##

Ich möchte anmerken: Es ist noch nicht Freitag! #Fragnesia

https://security-tracker.debian.org/tracker/CVE-2026-46300

##

appinn@pullopen.xyz at 2026-05-14T07:17:03.000Z ##

『14天内三爆 Linux 提权漏洞 Fragnesia，一行代码，获得 root 权限｜CVE-2026-46300』
从4月30日至今，Linux 已经连爆三起提权漏洞，只需要一行代码，立即获得系统 root 权限。 Fragnesia 漏洞这次漏洞被叫做 Fragnesia（PoC 仓库代码），编号 CVE-20
……
阅读全文： :sys_link: https://www.appinn.com/linux-fragnesia-cve-2026-46300/

#小众软件

##

mastokukei@social.josko.org at 2026-05-13T18:02:04.000Z ##

(CVE-2026-46300)
- Malware in Hugging Face repositories and npm packages
- Foxconn ransomware attack impacting major tech companies [4/4]

##

decio at 2026-05-13T17:05:55.458Z ##

et voilà il a reçu son nom de code CVE-2026-46300

##

forst@mastodon.social at 2026-05-13T16:40:44.000Z ##

Apparently yet another one of those #DirtyFrag-like vulnerabilities in #Linux, this one called #Fragnesia

CVE-2026-46300

https://www.openwall.com/lists/oss-security/2026/05/13/3

#CopyFail

##

jschauma@mstdn.social at 2026-05-13T16:05:02.000Z ##

As I was saying, we're not done with page cache LPEs.

Looks like a third variant just dropped (CVE-2026-46300):
https://github.com/v12-security/pocs/tree/main/fragnesia
https://github.com/v12-security/pocs/blob/d4043edc2acbd75d093e3f5795751b678c66b259/fragnesia/fragnesia.c

https://www.openwall.com/lists/oss-security/2026/05/13/3

Initial reading is defense against #DirtyFrag mitigates this, too, so perhaps not a full round of updates needed here.

##

gtronix@infosec.exchange at 2026-05-14T08:00:45.000Z ##

"New Fragnesia Linux flaw lets attackers gain root privileges"

"[...] Linux distros are rolling out patches for a new high-severity kernel privilege escalation vulnerability (known as Fragnasia and tracked as CVE-2026-46300) that allows attackers to run malicious code as root."

https://www.bleepingcomputer.com/news/security/new-fragnesia-linux-flaw-lets-attackers-gain-root-privileges/

#Linux

##

TheTomas@toot9.de at 2026-05-14T07:25:13.000Z ##

Ich möchte anmerken: Es ist noch nicht Freitag! #Fragnesia

https://security-tracker.debian.org/tracker/CVE-2026-46300

##

decio@infosec.exchange at 2026-05-13T17:05:55.000Z ##

EPSS: 0.05%

2 posts

N/A

thehackerwire@mastodon.social at 2026-05-13T19:00:29.000Z ##

🔴 CVE-2026-45411 - Critical (9.8)

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.3, it is possible to catch a host exception using the yield* expression inside an async generator. When the generator is closed using the return function, the value is awaited on and exce...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45411/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-13T19:00:29.000Z ##

🔴 CVE-2026-45411 - Critical (9.8)

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.3, it is possible to catch a host exception using the yield* expression inside an async generator. When the generator is closed using the return function, the value is awaited on and exce...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45411/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-25243
(0 None)

EPSS: 0.09%

2 posts

N/A

1 repos

https://github.com/mgiay/CVE-2026-25589-25588-25243-23631-23479-REDIS

redis_release_watcher@kodesumber.com at 2026-05-13T12:50:36.000Z ##

8.6.3

Update urgency: SECURITY: There are security fixes in the release. Security fixes (CVE-2026-23479) Use-After-Free in unblock client flow may lead to Remote Code Execution (CVE-2026-25243) Invalid memory access in RESTORE may lead to Remote Code...

https://github.com/redis/redis/releases/tag/8.6.3

#redis #cacheserver #github

##

redis_release_watcher@kodesumber.com at 2026-05-13T12:50:36.000Z ##

8.6.3

Update urgency: SECURITY: There are security fixes in the release. Security fixes (CVE-2026-23479) Use-After-Free in unblock client flow may lead to Remote Code Execution (CVE-2026-25243) Invalid memory access in RESTORE may lead to Remote Code...

https://github.com/redis/redis/releases/tag/8.6.3

#redis #cacheserver #github

##

CVE-2026-23479
(0 None)

EPSS: 0.10%

2 posts

N/A

1 repos

https://github.com/mgiay/CVE-2026-25589-25588-25243-23631-23479-REDIS

redis_release_watcher@kodesumber.com at 2026-05-13T12:50:36.000Z ##

8.6.3

Update urgency: SECURITY: There are security fixes in the release. Security fixes (CVE-2026-23479) Use-After-Free in unblock client flow may lead to Remote Code Execution (CVE-2026-25243) Invalid memory access in RESTORE may lead to Remote Code...

https://github.com/redis/redis/releases/tag/8.6.3

#redis #cacheserver #github

##

redis_release_watcher@kodesumber.com at 2026-05-13T12:50:36.000Z ##

8.6.3

Update urgency: SECURITY: There are security fixes in the release. Security fixes (CVE-2026-23479) Use-After-Free in unblock client flow may lead to Remote Code Execution (CVE-2026-25243) Invalid memory access in RESTORE may lead to Remote Code...

https://github.com/redis/redis/releases/tag/8.6.3

#redis #cacheserver #github

##

CVE-2026-44547
(0 None)

EPSS: 0.03%

3 posts

N/A

thehackerwire@mastodon.social at 2026-05-13T12:25:17.000Z ##

🔴 CVE-2026-44547 - Critical (9.6)

ChurchCRM is an open-source church management system. From 7.2.0 to 7.2.2, The fix for CVE-2026-4058 is incomplete. The hardening commit was merged and then silently stripped from src/api/routes/public/public-user.php by an unrelated PR before any...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44547/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-13T12:25:17.000Z ##

🔴 CVE-2026-44547 - Critical (9.6)

ChurchCRM is an open-source church management system. From 7.2.0 to 7.2.2, The fix for CVE-2026-4058 is incomplete. The hardening commit was merged and then silently stripped from src/api/routes/public/public-user.php by an unrelated PR before any...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44547/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-05-13T00:00:35.000Z ##

🚨 CVE-2026-44547: CRITICAL improper authentication in ChurchCRM 7.2.0 – 7.3.0 (CVSS 9.6). Low-priv attackers can bypass auth and compromise data. Upgrade to 7.3.1 urgently! https://radar.offseq.com/threat/cve-2026-44547-cwe-287-improper-authentication-in--0654119a #OffSeq #ChurchCRM #Vuln #infosec

##

CVE-2026-4058
(0 None)

EPSS: 0.00%

2 posts

N/A

thehackerwire@mastodon.social at 2026-05-13T12:25:17.000Z ##

🔴 CVE-2026-44547 - Critical (9.6)

ChurchCRM is an open-source church management system. From 7.2.0 to 7.2.2, The fix for CVE-2026-4058 is incomplete. The hardening commit was merged and then silently stripped from src/api/routes/public/public-user.php by an unrelated PR before any...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44547/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-13T12:25:17.000Z ##

🔴 CVE-2026-44547 - Critical (9.6)

ChurchCRM is an open-source church management system. From 7.2.0 to 7.2.2, The fix for CVE-2026-4058 is incomplete. The hardening commit was merged and then silently stripped from src/api/routes/public/public-user.php by an unrelated PR before any...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44547/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6722
(0 None)

EPSS: 0.23%

1 posts

N/A

1 posts

N/A

thehackerwire@mastodon.social at 2026-05-12T18:24:26.000Z ##

🔴 CVE-2026-44183 - Critical (9.8)

Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. Prior to 2.9.10, TrustedNetworkAuthenticationHandler.ResolveClientIp parses the leftmost entry of the...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44183/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-43992
(0 None)

EPSS: 0.03%

1 posts

N/A

thehackerwire@mastodon.social at 2026-05-12T17:22:47.000Z ##

🔴 CVE-2026-43992 - Critical (9.8)

JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, every MCP write tool (send_tokens, execute_contract, instantiate_contract, upload_wasm, ibc_transfer, etc.) accepted 'mnemonic: string' as an explicit tool-call p...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-43992/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-20182(10.0 CRITICAL)

EPSS: 0.00%

CVE-2026-20210(5.4 MEDIUM)

EPSS: 0.00%

CVE-2026-42457(9.0 CRITICAL)

EPSS: 0.00%

CVE-2026-43284(8.8 HIGH)

EPSS: 0.01%

CVE-2026-8468(0 None)

EPSS: 0.28%

CVE-2026-44478(7.5 HIGH)

EPSS: 0.04%

CVE-2026-29206(8.1 HIGH)

EPSS: 0.03%

CVE-2026-40893(8.2 HIGH)

EPSS: 0.00%

CVE-2026-42589(9.8 CRITICAL)

EPSS: 0.00%

CVE-2026-42596(9.4 CRITICAL)

EPSS: 0.00%

CVE-2026-42594(7.5 HIGH)

EPSS: 0.00%

CVE-2026-42590(8.2 HIGH)

EPSS: 0.00%

CVE-2026-6637(8.8 HIGH)

EPSS: 0.00%

CVE-2026-6477(8.8 HIGH)

EPSS: 0.00%

CVE-2026-7481(8.7 HIGH)

EPSS: 0.02%

CVE-2025-12008(8.8 HIGH)

EPSS: 0.00%

CVE-2026-44005(10.0 CRITICAL)

EPSS: 0.04%

CVE-2026-42283(7.7 HIGH)

EPSS: 0.00%

CVE-2026-43998(8.5 HIGH)

EPSS: 0.20%

CVE-2025-15025(8.8 HIGH)

EPSS: 0.00%

CVE-2026-6473(8.8 HIGH)

EPSS: 0.00%

CVE-2026-6479(7.5 HIGH)

EPSS: 0.00%

CVE-2026-6475(8.8 HIGH)

EPSS: 0.00%

CVE-2026-4029(7.5 HIGH)

EPSS: 0.00%

CVE-2026-43500(7.8 HIGH)

EPSS: 0.01%

CVE-2026-44004(7.5 HIGH)

EPSS: 0.04%

CVE-2026-44009(9.8 CRITICAL)

EPSS: 0.04%

CVE-2026-8181(9.8 CRITICAL)

EPSS: 0.26%

CVE-2026-6271(9.8 CRITICAL)

EPSS: 0.14%

CVE-2026-4031(7.5 HIGH)

EPSS: 0.00%

CVE-2026-4030(8.1 HIGH)

EPSS: 0.00%

CVE-2026-6512(9.1 CRITICAL)

EPSS: 0.07%

CVE-2026-44258(0 None)

EPSS: 0.05%

CVE-2026-44575(7.5 HIGH)

EPSS: 0.03%

CVE-2025-11024(9.8 CRITICAL)

EPSS: 0.03%

CVE-2026-2347(9.8 CRITICAL)

EPSS: 0.04%

CVE-2026-44573(7.5 HIGH)

EPSS: 0.04%

CVE-2026-44290(7.5 HIGH)

EPSS: 0.04%

CVE-2026-44291(8.1 HIGH)

EPSS: 0.05%

CVE-2026-3892(8.1 HIGH)

EPSS: 0.05%

CVE-2026-20182
(10.0 CRITICAL)

CVE-2026-20210
(5.4 MEDIUM)

CVE-2026-42457
(9.0 CRITICAL)

CVE-2026-43284
(8.8 HIGH)

CVE-2026-8468
(0 None)

CVE-2026-44478
(7.5 HIGH)

CVE-2026-29206
(8.1 HIGH)

CVE-2026-40893
(8.2 HIGH)

CVE-2026-42589
(9.8 CRITICAL)

CVE-2026-42596
(9.4 CRITICAL)

CVE-2026-42594
(7.5 HIGH)

CVE-2026-42590
(8.2 HIGH)

CVE-2026-6637
(8.8 HIGH)

CVE-2026-6477
(8.8 HIGH)

CVE-2026-7481
(8.7 HIGH)

CVE-2025-12008
(8.8 HIGH)

CVE-2026-44005
(10.0 CRITICAL)

CVE-2026-42283
(7.7 HIGH)

CVE-2026-43998
(8.5 HIGH)

CVE-2025-15025
(8.8 HIGH)

CVE-2026-6473
(8.8 HIGH)

CVE-2026-6479
(7.5 HIGH)

CVE-2026-6475
(8.8 HIGH)

CVE-2026-4029
(7.5 HIGH)

CVE-2026-43500
(7.8 HIGH)

CVE-2026-44004
(7.5 HIGH)

CVE-2026-44009
(9.8 CRITICAL)

CVE-2026-8181
(9.8 CRITICAL)

CVE-2026-6271
(9.8 CRITICAL)

CVE-2026-4031
(7.5 HIGH)

CVE-2026-4030
(8.1 HIGH)

CVE-2026-6512
(9.1 CRITICAL)

CVE-2026-44258
(0 None)

CVE-2026-44575
(7.5 HIGH)

CVE-2025-11024
(9.8 CRITICAL)

CVE-2026-2347
(9.8 CRITICAL)

CVE-2026-44573
(7.5 HIGH)

CVE-2026-44290
(7.5 HIGH)

CVE-2026-44291
(8.1 HIGH)

CVE-2026-3892
(8.1 HIGH)

CVE-2026-6506
(8.8 HIGH)

CVE-2026-5395
(8.2 HIGH)

CVE-2026-6510
(9.8 CRITICAL)

CVE-2026-6514
(7.5 HIGH)

CVE-2025-14870
(7.5 HIGH)

CVE-2026-1659
(7.5 HIGH)

CVE-2026-6073
(8.7 HIGH)

CVE-2026-5396
(8.2 HIGH)

CVE-2026-7377
(8.7 HIGH)

CVE-2025-14869
(7.5 HIGH)

CVE-2026-46419
(7.5 HIGH)

CVE-2026-42945
(8.1 HIGH)

CVE-2026-32993
(8.3 HIGH)

CVE-2026-32992
(8.2 HIGH)

CVE-2026-40631
(8.7 HIGH)

CVE-2026-41225
(9.1 CRITICAL)

CVE-2026-42924
(8.7 HIGH)

CVE-2026-6282
(8.1 HIGH)

CVE-2026-39458
(7.5 HIGH)

CVE-2026-39455
(7.5 HIGH)

CVE-2026-40067
(7.5 HIGH)

CVE-2026-40061
(8.7 HIGH)

CVE-2026-40060
(7.5 HIGH)

CVE-2026-40629
(7.5 HIGH)

CVE-2026-41218
(7.5 HIGH)

CVE-2026-41957
(8.8 HIGH)

CVE-2026-41956
(7.5 HIGH)

CVE-2026-32661
(9.8 CRITICAL)

CVE-2026-45185
(9.8 CRITICAL)

CVE-2026-44167
(7.5 HIGH)

CVE-2026-0264
(0 None)

CVE-2026-42290
(7.8 HIGH)