| CVE | CVSS | EPSS | Posts | Repos | Nuclei | Updated | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-66956 | 10.0 | 0.10% | 2 | 1 | 2026-03-13T21:32:49 | Insecure Access Control in Contact Plan, E-Mail, SMS and Fax components in Assec | |
| CVE-2026-26791 | 9.8 | 0.68% | 3 | 0 | 2026-03-13T21:32:49 | GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulner | |
| CVE-2026-26795 | 9.8 | 0.68% | 3 | 0 | 2026-03-13T21:32:49 | GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulner | |
| CVE-2026-3910 | 8.8 | 21.89% | 11 | 0 | 2026-03-13T21:32:01 | Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allow | |
| CVE-2026-3891 | 9.8 | 0.13% | 5 | 1 | 2026-03-13T21:32:01 | The Pix for WooCommerce plugin for WordPress is vulnerable to arbitrary file upl | |
| CVE-2026-32426 | 7.5 | 0.11% | 6 | 0 | 2026-03-13T21:32:00 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP | |
| CVE-2026-32422 | 8.5 | 0.03% | 6 | 0 | 2026-03-13T21:32:00 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2026-32433 | 8.5 | 0.03% | 2 | 0 | 2026-03-13T21:32:00 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2026-3045 | 7.5 | 0.03% | 4 | 0 | 2026-03-13T21:32:00 | The Appointment Booking Calendar — Simply Schedule Appointments plugin for WordP | |
| CVE-2026-32358 | 7.6 | 0.03% | 2 | 0 | 2026-03-13T21:31:59 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2026-32400 | 7.5 | 0.11% | 2 | 0 | 2026-03-13T21:31:59 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP | |
| CVE-2026-22193 | 8.1 | 0.03% | 3 | 0 | 2026-03-13T21:31:58 | wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the getAllSubs | |
| CVE-2026-22202 | 8.1 | 0.01% | 2 | 0 | 2026-03-13T21:31:58 | wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability that | |
| CVE-2026-2890 | 7.5 | 0.05% | 3 | 0 | 2026-03-13T21:31:58 | The Formidable Forms plugin for WordPress is vulnerable to a payment integrity b | |
| CVE-2026-31917 | 8.5 | 0.03% | 2 | 0 | 2026-03-13T21:31:58 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2026-0957 | 7.8 | 0.01% | 2 | 0 | 2026-03-13T21:31:57 | There is a memory corruption vulnerability due to an out-of-bounds write when lo | |
| CVE-2026-0956 | 7.8 | 0.01% | 2 | 0 | 2026-03-13T21:31:57 | There is a memory corruption vulnerability due to an out-of-bounds read when loa | |
| CVE-2026-0954 | 7.8 | 0.01% | 2 | 0 | 2026-03-13T21:31:57 | There is a memory corruption vulnerability due to an out-of-bounds write when lo | |
| CVE-2026-25823 | 9.8 | 0.19% | 3 | 0 | 2026-03-13T21:31:57 | HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx b | |
| CVE-2025-13779 | 8.3 | 0.03% | 2 | 0 | 2026-03-13T21:31:49 | Missing authentication for critical function vulnerability in ABB AWIN GW100 rev | |
| CVE-2025-13777 | 8.3 | 0.03% | 2 | 0 | 2026-03-13T21:31:49 | Authentication bypass by capture-replay vulnerability in ABB AWIN GW100 rev.2, A | |
| CVE-2026-32720 | None | 0.04% | 2 | 0 | 2026-03-13T20:58:31 | ### Impact Due to a mis-written NetworkPolicy, a malicious actor can pivot from | |
| CVE-2026-32621 | 9.9 | 0.03% | 2 | 0 | 2026-03-13T20:51:15 | ### Impact A vulnerability exists in query plan execution within the gateway th | |
| CVE-2026-26123 | 5.5 | 0.04% | 2 | 0 | 2026-03-13T20:45:13.817000 | Cwe is not in rca categories in Microsoft Authenticator allows an unauthorized a | |
| CVE-2026-3909 | 8.8 | 27.12% | 15 | 0 | 2026-03-13T20:24:40.417000 | Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a re | |
| CVE-2026-32133 | 9.1 | 0.04% | 2 | 0 | 2026-03-13T20:20:31.943000 | 2FAuth is a web app to manage Two-Factor Authentication (2FA) accounts and gener | |
| CVE-2026-32136 | 9.8 | 0.66% | 4 | 0 | 2026-03-13T20:19:00.987000 | AdGuard Home is a network-wide software for blocking ads and tracking. Prior to | |
| CVE-2026-1528 | 7.5 | 0.06% | 1 | 0 | 2026-03-13T20:07:26 | ### Impact A server can reply with a WebSocket frame using the 64-bit length for | |
| CVE-2026-1526 | 7.5 | 0.04% | 1 | 0 | 2026-03-13T20:06:54.667000 | The undici WebSocket client is vulnerable to a denial-of-service attack via unbo | |
| CVE-2026-2229 | 7.5 | 0.07% | 1 | 0 | 2026-03-13T20:06:54.667000 | ImpactThe undici WebSocket client is vulnerable to a denial-of-service attack du | |
| CVE-2026-31896 | 9.8 | 0.03% | 1 | 0 | 2026-03-13T20:05:49.723000 | WeGIA is a web manager for charitable institutions. Prior to version 3.6.6, a cr | |
| CVE-2026-32260 | 8.1 | 0.18% | 1 | 0 | 2026-03-13T20:02:20 | ## Summary A command injection vulnerability exists in Deno's `node:child_pro | |
| CVE-2026-32308 | 7.6 | 0.03% | 2 | 0 | 2026-03-13T20:00:40 | ### Summary The Markdown viewer component renders Mermaid diagrams with `securi | |
| CVE-2026-28793 | 8.4 | 0.02% | 1 | 0 | 2026-03-13T19:58:55.173000 | Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI de | |
| CVE-2026-4111 | 7.5 | 0.04% | 2 | 0 | 2026-03-13T19:55:13.917000 | A flaw was identified in the RAR5 archive decompression logic of the libarchive | |
| CVE-2026-32746 | 9.8 | 0.04% | 6 | 0 | 2026-03-13T19:55:10.147000 | telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMO | |
| CVE-2026-32597 | 7.5 | 0.01% | 2 | 0 | 2026-03-13T19:55:09.500000 | PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does | |
| CVE-2026-32459 | 8.5 | 0.03% | 2 | 0 | 2026-03-13T19:55:08.247000 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2026-32458 | 7.6 | 0.03% | 2 | 0 | 2026-03-13T19:55:08.040000 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2026-32418 | 7.6 | 0.03% | 2 | 0 | 2026-03-13T19:54:59.307000 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2026-32399 | 8.5 | 0.03% | 2 | 0 | 2026-03-13T19:54:55.777000 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2026-32368 | 8.5 | 0.03% | 4 | 0 | 2026-03-13T19:54:51.027000 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2026-32366 | 8.5 | 0.03% | 2 | 0 | 2026-03-13T19:54:50.713000 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2026-32319 | 7.5 | 0.06% | 2 | 0 | 2026-03-13T19:54:42.297000 | Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core | |
| CVE-2026-32306 | 9.9 | 0.23% | 2 | 0 | 2026-03-13T19:54:42 | OneUptime is a solution for monitoring and managing online services. Prior to 10 | |
| CVE-2026-32302 | 8.1 | 0.01% | 2 | 0 | 2026-03-13T19:54:41.650000 | OpenClaw is a personal AI assistant. Prior to 2026.3.11, browser-originated WebS | |
| CVE-2026-32301 | 9.3 | 0.04% | 3 | 0 | 2026-03-13T19:54:41.477000 | Centrifugo is an open-source scalable real-time messaging server. Prior to 6.7.0 | |
| CVE-2026-32251 | 0 | 0.04% | 1 | 0 | 2026-03-13T19:54:41.057000 | Tolgee is an open-source localization platform. Prior to 3.166.3, the XML parser | |
| CVE-2026-31922 | 8.5 | 0.03% | 2 | 0 | 2026-03-13T19:54:39.393000 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2026-31899 | 7.5 | 0.04% | 2 | 1 | 2026-03-13T19:54:38.190000 | CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to Koz | |
| CVE-2026-25819 | 7.5 | 0.22% | 2 | 0 | 2026-03-13T19:54:27.627000 | HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx b | |
| CVE-2026-25818 | 9.1 | 0.02% | 2 | 0 | 2026-03-13T19:54:27.353000 | HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx b | |
| CVE-2026-25817 | 8.8 | 0.26% | 2 | 0 | 2026-03-13T19:54:25.283000 | HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx b | |
| CVE-2026-22182 | 7.5 | 0.08% | 2 | 0 | 2026-03-13T19:54:07.480000 | wpDiscuz before 7.6.47 contains an unauthenticated denial of service vulnerabili | |
| CVE-2026-0955 | 7.8 | 0.01% | 2 | 0 | 2026-03-13T19:53:57.400000 | There is a memory corruption vulnerability due to an out-of-bounds read when loa | |
| CVE-2025-70245 | 9.8 | 0.05% | 1 | 0 | 2026-03-13T19:53:53.807000 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime para | |
| CVE-2026-21262 | 8.8 | 0.09% | 1 | 0 | 2026-03-13T19:33:50.047000 | Improper access control in SQL Server allows an authorized attacker to elevate p | |
| CVE-2026-32248 | 9.8 | 0.06% | 3 | 0 | 2026-03-13T19:00:34.193000 | Parse Server is an open source backend that can be deployed to any infrastructur | |
| CVE-2026-26792 | 9.8 | 0.68% | 1 | 0 | 2026-03-13T18:57:29.620000 | GL-iNet GL-AR300M16 v4.3.11 was discovered to contain multiple command injection | |
| CVE-2026-26794 | 8.8 | 0.17% | 1 | 0 | 2026-03-13T18:56:22.657000 | GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL injection vulnerabil | |
| CVE-2026-3914 | 8.8 | 0.07% | 1 | 0 | 2026-03-13T18:32:42 | Integer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remo | |
| CVE-2026-32242 | 7.4 | 0.06% | 1 | 0 | 2026-03-13T16:57:55.797000 | Parse Server is an open source backend that can be deployed to any infrastructur | |
| CVE-2026-32110 | 8.3 | 0.04% | 2 | 0 | 2026-03-13T16:51:38.307000 | SiYuan is a personal knowledge management system. Prior to 3.6.0, the /api/netwo | |
| CVE-2026-25185 | 5.3 | 0.11% | 1 | 0 | 2026-03-13T16:47:45.940000 | Exposure of sensitive information to an unauthorized actor in Windows Shell Link | |
| CVE-2026-32304 | 9.8 | 0.08% | 3 | 0 | 2026-03-13T16:10:32 | ## Summary The `create_function(args, code)` function passes both parameters di | |
| CVE-2026-32137 | 8.8 | 0.05% | 1 | 0 | 2026-03-13T16:03:02.080000 | Dataease is an open source data visualization analysis tool. Prior to 2.10.20, T | |
| CVE-2026-26793 | 9.8 | 0.68% | 1 | 0 | 2026-03-13T16:02:22.993000 | GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulner | |
| CVE-2026-32121 | 7.7 | 0.17% | 2 | 0 | 2026-03-13T15:49:20.827000 | OpenEMR is a free and open source electronic health records and medical practice | |
| CVE-2026-32123 | 7.7 | 0.09% | 2 | 0 | 2026-03-13T15:47:50.460000 | OpenEMR is a free and open source electronic health records and medical practice | |
| CVE-2026-3918 | 8.8 | 0.10% | 1 | 0 | 2026-03-13T15:43:17.190000 | Use after free in WebMCP in Google Chrome prior to 146.0.7680.71 allowed a remot | |
| CVE-2026-3913 | 8.8 | 0.07% | 2 | 0 | 2026-03-13T15:42:49.310000 | Heap buffer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a | |
| CVE-2026-3921 | 8.8 | 0.11% | 1 | 0 | 2026-03-13T15:42:29.203000 | Use after free in TextEncoding in Google Chrome prior to 146.0.7680.71 allowed a | |
| CVE-2026-3922 | 8.8 | 0.11% | 1 | 0 | 2026-03-13T15:42:22.127000 | Use after free in MediaStream in Google Chrome prior to 146.0.7680.71 allowed a | |
| CVE-2026-3931 | 8.8 | 0.07% | 1 | 0 | 2026-03-13T15:41:38.623000 | Heap buffer overflow in Skia in Google Chrome prior to 146.0.7680.71 allowed a r | |
| CVE-2026-3924 | 7.5 | 0.11% | 1 | 0 | 2026-03-13T15:41:03.103000 | use after free in WindowDialog in Google Chrome prior to 146.0.7680.71 allowed a | |
| CVE-2026-32141 | 7.5 | 0.04% | 1 | 0 | 2026-03-13T15:40:44 | ## Summary flatted's `parse()` function uses a recursive `revive()` phase to re | |
| CVE-2026-31886 | 9.1 | 0.08% | 5 | 0 | 2026-03-13T15:40:14 | ## 1. Vulnerability Summary The `dagRunId` request field accepted by the inline | |
| CVE-2026-31882 | 7.5 | 0.19% | 2 | 0 | 2026-03-13T15:05:35 | # SSE Authentication Bypass in Basic Auth Mode ## Summary When Dagu is configu | |
| CVE-2026-26954 | 10.0 | 0.05% | 5 | 0 | 2026-03-13T13:46:09 | ### Summary It is possible to obtain arrays containing `Function`, which allows | |
| CVE-2026-32231 | 8.2 | 0.02% | 1 | 0 | 2026-03-13T13:35:56 | ### Summary The generic webhook channel trusts caller-supplied identity fields ( | |
| CVE-2026-32246 | 8.5 | 0.05% | 1 | 0 | 2026-03-13T13:35:26 | ### Summary The OIDC authorization endpoint allows users with a TOTP-pending se | |
| CVE-2026-3611 | 10.0 | 0.13% | 2 | 0 | 2026-03-12T21:35:01 | The Honeywell IQ4x building management controller, exposes its full web-based HM | |
| CVE-2026-3916 | 9.7 | 0.07% | 1 | 0 | 2026-03-12T21:34:46 | Out of bounds read in Web Speech in Google Chrome prior to 146.0.7680.71 allowed | |
| CVE-2026-3915 | 8.8 | 0.07% | 1 | 0 | 2026-03-12T21:34:46 | Heap buffer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a | |
| CVE-2026-3926 | 8.8 | 0.08% | 1 | 0 | 2026-03-12T21:34:46 | Out of bounds read in V8 in Google Chrome prior to 146.0.7680.71 allowed a remot | |
| CVE-2026-32101 | 7.6 | 0.03% | 2 | 0 | 2026-03-12T21:08:22.643000 | StudioCMS is a server-side-rendered, Astro native, headless content management s | |
| CVE-2026-32130 | 7.5 | 0.13% | 1 | 0 | 2026-03-12T21:08:22.643000 | ZITADEL is an open source identity management platform. From 2.68.0 to before 3. | |
| CVE-2026-27591 | 9.9 | 0.06% | 2 | 0 | 2026-03-12T21:08:22.643000 | Winter is a free, open-source content management system (CMS) based on the Larav | |
| CVE-2026-20163 | 7.2 | 0.05% | 1 | 0 | 2026-03-12T21:08:22.643000 | In Splunk Enterprise versions below 10.2.0, 10.0.4, 9.4.9, and 9.3.10, and Splun | |
| CVE-2026-31957 | 10.0 | 0.21% | 1 | 0 | 2026-03-12T21:08:22.643000 | Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. | |
| CVE-2026-31976 | 0 | 0.06% | 1 | 0 | 2026-03-12T21:08:22.643000 | xygeni-action is the GitHub Action for Xygeni Scanner. On March 3, 2026, an atta | |
| CVE-2026-32096 | 9.3 | 0.04% | 1 | 0 | 2026-03-12T21:08:22.643000 | Plunk is an open-source email platform built on top of AWS SES. Prior to 0.7.0, | |
| CVE-2026-3971 | 8.8 | 0.09% | 1 | 0 | 2026-03-12T21:07:53.427000 | A vulnerability has been found in Tenda i3 1.0.0.6(2204). Affected by this vulne | |
| CVE-2026-3970 | 8.8 | 0.05% | 1 | 0 | 2026-03-12T21:07:53.427000 | A flaw has been found in Tenda i3 1.0.0.6(2204). Affected is the function formwr | |
| CVE-2026-3975 | 8.8 | 0.05% | 1 | 0 | 2026-03-12T21:07:53.427000 | A security flaw has been discovered in Tenda W3 1.0.0.3(2204). This issue affect | |
| CVE-2026-3978 | 8.8 | 0.04% | 2 | 0 | 2026-03-12T21:07:53.427000 | A vulnerability was detected in D-Link DIR-513 1.10. The impacted element is an | |
| CVE-2026-21668 | 8.8 | 0.04% | 4 | 0 | 2026-03-12T21:07:53.427000 | A vulnerability allowing an authenticated domain user to bypass restrictions and | |
| CVE-2026-3974 | 8.8 | 0.05% | 1 | 0 | 2026-03-12T21:07:53.427000 | A vulnerability was identified in Tenda W3 1.0.0.3(2204). This vulnerability aff | |
| CVE-2026-4008 | 8.8 | 0.09% | 2 | 0 | 2026-03-12T21:07:53.427000 | A flaw has been found in Tenda W3 1.0.0.3(2204). This issue affects some unknown | |
| CVE-2026-21670 | 7.7 | 0.03% | 3 | 0 | 2026-03-12T21:07:53.427000 | A vulnerability allowing a low-privileged user to extract saved SSH credentials. | |
| CVE-2026-32247 | 8.1 | 0.03% | 1 | 0 | 2026-03-12T21:07:53.427000 | Graphiti is a framework for building and querying temporal context graphs for AI | |
| CVE-2026-27940 | 7.8 | 0.01% | 1 | 0 | 2026-03-12T21:07:53.427000 | llama.cpp is an inference of several LLM models in C/C++. Prior to b8146, the gg | |
| CVE-2026-21672 | 8.8 | 0.05% | 1 | 0 | 2026-03-12T21:07:53.427000 | A vulnerability allowing local privilege escalation on Windows-based Veeam Backu | |
| CVE-2026-21887 | 7.7 | 0.03% | 1 | 0 | 2026-03-12T21:07:53.427000 | OpenCTI is an open source platform for managing cyber threat intelligence knowle | |
| CVE-2026-4007 | 8.8 | 0.05% | 1 | 0 | 2026-03-12T21:07:53.427000 | A vulnerability was detected in Tenda W3 1.0.0.3(2204). This vulnerability affec | |
| CVE-2026-21667 | 9.9 | 0.37% | 1 | 0 | 2026-03-12T21:07:53.427000 | A vulnerability allowing an authenticated domain user to perform remote code exe | |
| CVE-2026-21666 | 9.9 | 0.37% | 1 | 0 | 2026-03-12T21:07:53.427000 | A vulnerability allowing an authenticated domain user to perform remote code exe | |
| CVE-2026-4042 | 8.8 | 0.05% | 1 | 0 | 2026-03-12T21:07:53.427000 | A weakness has been identified in Tenda i12 1.0.0.6(2204). The affected element | |
| CVE-2026-26127 | 7.5 | 0.03% | 1 | 0 | 2026-03-12T20:32:34 | # Microsoft Security Advisory CVE-2026-26127 – .NET Denial of Service Vulnerabil | |
| CVE-2026-28792 | 9.7 | 0.26% | 1 | 0 | 2026-03-12T20:32:10 | ## Summary The TinaCMS CLI dev server combines a permissive CORS configuration ( | |
| CVE-2026-28356 | 7.5 | 0.54% | 4 | 0 | 2026-03-12T18:32:23 | ## Summary The `parse_options_header()` function in `multipart.py` uses a regul | |
| CVE-2026-3936 | 8.8 | 0.10% | 1 | 0 | 2026-03-12T18:31:33 | Use after free in WebView in Google Chrome on Android prior to 146.0.7680.71 all | |
| CVE-2026-21708 | 10.0 | 0.54% | 1 | 0 | 2026-03-12T18:30:38 | A vulnerability allowing a Backup Viewer to perform remote code execution (RCE) | |
| CVE-2026-4043 | 8.8 | 0.05% | 1 | 0 | 2026-03-12T18:30:38 | A security vulnerability has been detected in Tenda i12 1.0.0.6(2204). The impac | |
| CVE-2026-3059 | 9.8 | 0.54% | 1 | 0 | 2026-03-12T17:38:59 | SGLang's multimodal generation module is vulnerable to unauthenticated remote co | |
| CVE-2026-3060 | 9.8 | 0.55% | 1 | 0 | 2026-03-12T17:38:54 | SGLang's encoder parallel disaggregation system is vulnerable to unauthenticated | |
| CVE-2026-3923 | 8.8 | 0.10% | 1 | 0 | 2026-03-12T15:31:28 | Use after free in WebMIDI in Google Chrome prior to 146.0.7680.71 allowed a remo | |
| CVE-2026-3919 | 8.8 | 0.03% | 1 | 0 | 2026-03-12T15:31:27 | Use after free in Extensions in Google Chrome prior to 146.0.7680.71 allowed an | |
| CVE-2026-4041 | 8.8 | 0.05% | 1 | 0 | 2026-03-12T15:30:31 | A security flaw has been discovered in Tenda i12 1.0.0.6(2204). Impacted is the | |
| CVE-2026-21671 | 9.1 | 0.21% | 4 | 0 | 2026-03-12T15:30:26 | A vulnerability allowing an authenticated user with the Backup Administrator rol | |
| CVE-2026-21669 | 10.0 | 0.21% | 1 | 0 | 2026-03-12T15:30:26 | A vulnerability allowing an authenticated domain user to perform remote code exe | |
| CVE-2026-3920 | 8.8 | 0.07% | 1 | 0 | 2026-03-12T15:30:25 | Out of bounds memory access in WebML in Google Chrome prior to 146.0.7680.71 all | |
| CVE-2026-3917 | 8.8 | 0.11% | 1 | 0 | 2026-03-12T15:30:25 | Use after free in Agents in Google Chrome prior to 146.0.7680.71 allowed a remot | |
| CVE-2026-3973 | 8.8 | 0.09% | 1 | 0 | 2026-03-12T03:31:16 | A vulnerability was determined in Tenda W3 1.0.0.3(2204). This affects the funct | |
| CVE-2026-3657 | 7.5 | 0.08% | 1 | 0 | 2026-03-12T03:31:16 | The My Sticky Bar plugin for WordPress is vulnerable to SQL injection via the `s | |
| CVE-2026-3972 | 8.8 | 0.03% | 1 | 0 | 2026-03-12T03:31:15 | A vulnerability was found in Tenda W3 1.0.0.3(2204). Affected by this issue is t | |
| CVE-2026-3976 | 8.8 | 0.09% | 1 | 0 | 2026-03-12T03:31:15 | A weakness has been identified in Tenda W3 1.0.0.3(2204). Impacted is the functi | |
| CVE-2025-68613 | 10.0 | 76.93% | 1 | 31 | template | 2026-03-11T20:39:32 | ### Impact n8n contains a critical Remote Code Execution (RCE) vulnerability in |
| CVE-2026-3784 | 6.5 | 0.03% | 1 | 0 | 2026-03-11T18:31:35 | curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a se | |
| CVE-2026-20046 | 8.8 | 0.02% | 1 | 0 | 2026-03-11T18:30:40 | A vulnerability in task group assignment for a specific CLI command in Cisco IOS | |
| CVE-2026-20040 | 8.8 | 0.03% | 1 | 0 | 2026-03-11T18:30:40 | A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated | |
| CVE-2025-40943 | 9.6 | 0.04% | 1 | 0 | 2026-03-11T13:53:47.157000 | Affected devices do not properly sanitize contents of trace files. This could al | |
| CVE-2026-2413 | 7.5 | 11.89% | 3 | 2 | template | 2026-03-11T13:52:47.683000 | The Ally – Web Accessibility & Usability plugin for WordPress is vulnerable to S |
| CVE-2026-2256 | 6.5 | 2.31% | 1 | 1 | 2026-03-03T21:52:29.877000 | A command injection vulnerability in ModelScope's ms-agent versions v1.6.0rc1 an | |
| CVE-2026-27942 | 7.5 | 0.05% | 1 | 0 | 2026-03-02T14:54:48.080000 | fast-xml-parser allows users to validate XML, parse XML to JS object, or build X | |
| CVE-2026-20127 | 10.0 | 2.60% | 2 | 7 | 2026-02-26T16:20:02.187000 | A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controlle | |
| CVE-2026-2861 | 5.3 | 0.06% | 1 | 0 | 2026-02-26T03:07:08.633000 | A vulnerability was detected in Foswiki up to 2.1.10. The affected element is an | |
| CVE-2026-27190 | 8.1 | 0.78% | 1 | 0 | 2026-02-20T22:20:05 | ## Summary A command injection vulnerability exists in Deno's `node:child_proces | |
| CVE-2025-71243 | 9.8 | 73.51% | 2 | 1 | template | 2026-02-19T18:32:08 | The 'Saisies pour formulaire' (Saisies) plugin for SPIP versions 5.4.0 through 5 |
| CVE-2026-21509 | 7.8 | 9.26% | 1 | 11 | 2026-02-11T15:40:33.473000 | Reliance on untrusted inputs in a security decision in Microsoft Office allows a | |
| CVE-2026-22796 | 5.3 | 0.08% | 1 | 0 | 2026-02-02T18:40:27.467000 | Issue summary: A type confusion vulnerability exists in the signature verificati | |
| CVE-2026-24858 | 9.8 | 2.78% | 1 | 5 | 2026-01-28T00:31:41 | An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-2 | |
| CVE-2025-53773 | 7.8 | 0.64% | 2 | 0 | 2025-08-13T03:30:25 | Improper neutralization of special elements used in a command ('command injectio | |
| CVE-2024-45163 | 9.1 | 0.11% | 3 | 0 | 2024-08-22T18:31:21 | The Mirai botnet through 2024-08-19 mishandles simultaneous TCP connections to t | |
| CVE-2026-1947 | 0 | 0.03% | 4 | 0 | N/A | ||
| CVE-2026-4167 | 0 | 0.04% | 4 | 0 | N/A | ||
| CVE-2026-4172 | 0 | 0.04% | 2 | 0 | N/A | ||
| CVE-2026-4163 | 0 | 0.16% | 6 | 0 | N/A | ||
| CVE-2026-4164 | 0 | 0.17% | 4 | 0 | N/A | ||
| CVE-2026-4170 | 0 | 0.15% | 2 | 0 | N/A | ||
| CVE-2026-4169 | 0 | 0.03% | 2 | 0 | N/A | ||
| CVE-2026-31415 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-32708 | 0 | 0.01% | 2 | 0 | N/A | ||
| CVE-2026-3227 | 0 | 0.42% | 2 | 0 | N/A | ||
| CVE-2026-32626 | 0 | 0.15% | 2 | 0 | N/A | ||
| CVE-2026-31944 | 0 | 0.03% | 2 | 0 | N/A | ||
| CVE-2026-32127 | 0 | 0.00% | 2 | 1 | N/A | ||
| CVE-2026-32131 | 0 | 0.03% | 1 | 0 | N/A | ||
| CVE-2026-32117 | 0 | 0.03% | 1 | 0 | N/A | ||
| CVE-2026-32140 | 0 | 0.31% | 1 | 0 | N/A | ||
| CVE-2026-32138 | 0 | 0.06% | 1 | 0 | N/A | ||
| CVE-2026-25529 | 0 | 0.03% | 1 | 0 | N/A | ||
| CVE-2026-22248 | 0 | 0.08% | 1 | 0 | N/A |
updated 2026-03-13T21:32:49
2 posts
1 repos
🔴 CVE-2025-66956 - Critical (9.9)
Insecure Access Control in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote attackers to access and execute attachments via a computable URL.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-66956/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-66956 - Critical (9.9)
Insecure Access Control in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote attackers to access and execute attachments via a computable URL.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-66956/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T21:32:49
3 posts
🔴 CVE-2026-26791 - Critical (9.8)
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the string port parameter in the enable_echo_server function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26791/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-26791 - Critical (9.8)
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the string port parameter in the enable_echo_server function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26791/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-26791 - Critical (9.8)
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the string port parameter in the enable_echo_server function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26791/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T21:32:49
3 posts
🔴 CVE-2026-26795 - Critical (9.8)
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the module parameter in the M.get_system_log function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26795/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-26795 - Critical (9.8)
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the module parameter in the M.get_system_log function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26795/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-26795 - Critical (9.8)
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the module parameter in the M.get_system_log function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26795/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T21:32:01
11 posts
@vivaldiversiontracker This includes security fixes for CVE-2026-3909 & CVE-2026-3910 from Chromium 146.0.7680.80.
##@browserversiontracker For the curious, this includes security fixes for CVE-2026-3909 & CVE-2026-3910 from Chromium 146.0.7680.80.
And yes, we somehow beat the Chrome team getting this out even though they did the fix. 😂
##🟠 CVE-2026-3910 - High (8.8)
Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3910/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 [CISA-2026:0313] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0313)
CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2026-3909 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3909)
- Name: Google Skia Out-of-Bounds Write Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Google
- Product: Skia
- Notes: This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html#:~:text=Google%20is%20aware ; https://nvd.nist.gov/vuln/detail/CVE-2026-3909
⚠️ CVE-2026-3910 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3910)
- Name: Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Google
- Product: Chromium V8
- Notes: https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-3910
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260313 #cisa20260313 #cve_2026_3909 #cve_2026_3910 #cve20263909 #cve20263910
##@vivaldiversiontracker This includes security fixes for CVE-2026-3909 & CVE-2026-3910 from Chromium 146.0.7680.80.
##@browserversiontracker For the curious, this includes security fixes for CVE-2026-3909 & CVE-2026-3910 from Chromium 146.0.7680.80.
And yes, we somehow beat the Chrome team getting this out even though they did the fix. 😂
##🟠 CVE-2026-3910 - High (8.8)
Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3910/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 [CISA-2026:0313] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0313)
CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2026-3909 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3909)
- Name: Google Skia Out-of-Bounds Write Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Google
- Product: Skia
- Notes: This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html#:~:text=Google%20is%20aware ; https://nvd.nist.gov/vuln/detail/CVE-2026-3909
⚠️ CVE-2026-3910 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3910)
- Name: Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Google
- Product: Chromium V8
- Notes: https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-3910
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260313 #cisa20260313 #cve_2026_3909 #cve_2026_3910 #cve20263909 #cve20263910
##CVE ID: CVE-2026-3910
Vendor: Google
Product: Chromium V8
Date Added: 2026-03-13
Notes: https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-3910
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-3910
CISA has updated the KEV catalogue.
- CVE-2026-3909: Google Skia Out-of-Bounds Write Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-3909
- CVE-2026-3910: Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-3910 #CISA #Google #infosec #vulnerability
##Trivalent 145.0.7632.75-442755 released:
github.com/secureblue/T...
Google is aware that exploits for both CVE-2026-3909 & CVE-2026-3910 exist in the wild.
Release 146.0.7680.75-443342 ·...
updated 2026-03-13T21:32:01
5 posts
1 repos
🔴 CVE-2026-3891 - Critical (9.8)
The Pix for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check and missing file type validation in the 'lkn_pix_for_woocommerce_c6_save_settings' function in all versions up to, and including, ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3891/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-3891 - Critical (9.8)
The Pix for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check and missing file type validation in the 'lkn_pix_for_woocommerce_c6_save_settings' function in all versions up to, and including, ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3891/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-3891 - Critical (9.8)
The Pix for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check and missing file type validation in the 'lkn_pix_for_woocommerce_c6_save_settings' function in all versions up to, and including, ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3891/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-3891 - Critical (9.8)
The Pix for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check and missing file type validation in the 'lkn_pix_for_woocommerce_c6_save_settings' function in all versions up to, and including, ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3891/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CVE-2026-3891 (CRITICAL, CVSS 9.8): Pix for WooCommerce plugin allows unauthenticated file uploads via missing checks, risking RCE. Disable/uninstall or apply mitigations now. Affects all versions. Full details: https://radar.offseq.com/threat/cve-2026-3891-cwe-434-unrestricted-upload-of-file--f5fb3cc6 #OffSeq #WordPress #WooCommerce #Vuln
##updated 2026-03-13T21:32:00
6 posts
🟠 CVE-2026-32426 - High (7.5)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themelexus Medilazar Core medilazar-core allows PHP Local File Inclusion.This issue affects Medilazar Core: from n/a through &...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32426/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32426 - High (7.5)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themelexus Medilazar Core medilazar-core allows PHP Local File Inclusion.This issue affects Medilazar Core: from n/a through &...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32426/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32426 - High (7.5)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themelexus Medilazar Core medilazar-core allows PHP Local File Inclusion.This issue affects Medilazar Core: from n/a through &...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32426/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32426 - High (7.5)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themelexus Medilazar Core medilazar-core allows PHP Local File Inclusion.This issue affects Medilazar Core: from n/a through &...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32426/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32426 - High (7.5)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themelexus Medilazar Core medilazar-core allows PHP Local File Inclusion.This issue affects Medilazar Core: from n/a through &...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32426/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32426 - High (7.5)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themelexus Medilazar Core medilazar-core allows PHP Local File Inclusion.This issue affects Medilazar Core: from n/a through &...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32426/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T21:32:00
6 posts
🟠 CVE-2026-32422 - High (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in levelfourdevelopment WP EasyCart wp-easycart allows Blind SQL Injection.This issue affects WP EasyCart: from n/a through <= 5.8.13.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32422/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32422 - High (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in levelfourdevelopment WP EasyCart wp-easycart allows Blind SQL Injection.This issue affects WP EasyCart: from n/a through <= 5.8.13.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32422/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32422 - High (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in levelfourdevelopment WP EasyCart wp-easycart allows Blind SQL Injection.This issue affects WP EasyCart: from n/a through <= 5.8.13.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32422/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32422 - High (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in levelfourdevelopment WP EasyCart wp-easycart allows Blind SQL Injection.This issue affects WP EasyCart: from n/a through <= 5.8.13.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32422/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32422 - High (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in levelfourdevelopment WP EasyCart wp-easycart allows Blind SQL Injection.This issue affects WP EasyCart: from n/a through <= 5.8.13.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32422/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32422 - High (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in levelfourdevelopment WP EasyCart wp-easycart allows Blind SQL Injection.This issue affects WP EasyCart: from n/a through <= 5.8.13.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32422/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T21:32:00
2 posts
🟠 CVE-2026-32433 - High (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in codepeople CP Contact Form with Paypal cp-contact-form-with-paypal allows Blind SQL Injection.This issue affects CP Contact Form with Paypal: fro...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32433/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32433 - High (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in codepeople CP Contact Form with Paypal cp-contact-form-with-paypal allows Blind SQL Injection.This issue affects CP Contact Form with Paypal: fro...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32433/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T21:32:00
4 posts
🟠 CVE-2026-3045 - High (7.5)
The Appointment Booking Calendar — Simply Schedule Appointments plugin for WordPress is vulnerable to unauthorized access of sensitive data in all versions up to and including 1.6.9.29. This is due to two compounding weaknesses: (1) a non-user-b...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3045/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-3045 - High (7.5)
The Appointment Booking Calendar — Simply Schedule Appointments plugin for WordPress is vulnerable to unauthorized access of sensitive data in all versions up to and including 1.6.9.29. This is due to two compounding weaknesses: (1) a non-user-b...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3045/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-3045 - High (7.5)
The Appointment Booking Calendar — Simply Schedule Appointments plugin for WordPress is vulnerable to unauthorized access of sensitive data in all versions up to and including 1.6.9.29. This is due to two compounding weaknesses: (1) a non-user-b...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3045/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-3045 - High (7.5)
The Appointment Booking Calendar — Simply Schedule Appointments plugin for WordPress is vulnerable to unauthorized access of sensitive data in all versions up to and including 1.6.9.29. This is due to two compounding weaknesses: (1) a non-user-b...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3045/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T21:31:59
2 posts
🟠 CVE-2026-32358 - High (7.6)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevelop Booking Calendar booking allows Blind SQL Injection.This issue affects Booking Calendar: from n/a through <= 10.14.15.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32358/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32358 - High (7.6)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevelop Booking Calendar booking allows Blind SQL Injection.This issue affects Booking Calendar: from n/a through <= 10.14.15.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32358/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T21:31:59
2 posts
🟠 CVE-2026-32400 - High (7.5)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemetechMount Boldman boldman allows PHP Local File Inclusion.This issue affects Boldman: from n/a through <= 7.7.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32400/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32400 - High (7.5)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemetechMount Boldman boldman allows PHP Local File Inclusion.This issue affects Boldman: from n/a through <= 7.7.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32400/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T21:31:58
3 posts
🟠 CVE-2026-22193 - High (8.1)
wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the getAllSubscriptions() function where string parameters lack proper quote escaping in SQL queries. Attackers can inject malicious SQL code through email, activation_key, subscrip...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22193/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-22193 - High (8.1)
wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the getAllSubscriptions() function where string parameters lack proper quote escaping in SQL queries. Attackers can inject malicious SQL code through email, activation_key, subscrip...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22193/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CRITICAL: CVE-2026-22193 in wpDiscuz <7.6.47 enables unauthenticated remote SQL injection. Attackers can access sensitive DB data. Patch ASAP or apply mitigations (WAF, access controls, log monitoring)! https://radar.offseq.com/threat/cve-2026-22193-improper-neutralization-of-special--3f166beb #OffSeq #WordPress #SQLInjection
##updated 2026-03-13T21:31:58
2 posts
🟠 CVE-2026-22202 - High (8.1)
wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability that allows attackers to delete all comments associated with an email address by crafting a malicious GET request with a valid HMAC key. Attackers can embed the deletecomme...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22202/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-22202 - High (8.1)
wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability that allows attackers to delete all comments associated with an email address by crafting a malicious GET request with a valid HMAC key. Attackers can embed the deletecomme...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22202/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T21:31:58
3 posts
🟠 CVE-2026-2890 - High (7.5)
The Formidable Forms plugin for WordPress is vulnerable to a payment integrity bypass in all versions up to, and including, 6.28. This is due to the Stripe Link return handler (`handle_one_time_stripe_link_return_url`) marking payment records as c...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2890/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Formidable Forms Vulnerability Let Attackers Reuse Low-Value Stripe Payments for Higher-Cost Purchases https://www.boldoutlook.com/formidable-forms-stripe-payment-bypass-cve-2026-2890/
#wordpress #WordPressSecurity #cybersecurity #blogging #webdevelopment
##🟠 CVE-2026-2890 - High (7.5)
The Formidable Forms plugin for WordPress is vulnerable to a payment integrity bypass in all versions up to, and including, 6.28. This is due to the Stripe Link return handler (`handle_one_time_stripe_link_return_url`) marking payment records as c...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2890/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T21:31:58
2 posts
🟠 CVE-2026-31917 - High (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP ERP erp allows SQL Injection.This issue affects WP ERP: from n/a through <= 1.16.10.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31917/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-31917 - High (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP ERP erp allows SQL Injection.This issue affects WP ERP: from n/a through <= 1.16.10.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31917/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T21:31:57
2 posts
🟠 CVE-2026-0957 - High (7.8)
There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted file in Digilent DASYLab. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0957/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-0957 - High (7.8)
There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted file in Digilent DASYLab. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0957/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T21:31:57
2 posts
🟠 CVE-2026-0956 - High (7.8)
There is a memory corruption vulnerability due to an out-of-bounds read when loading a corrupted file in Digilent DASYLab. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0956/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-0956 - High (7.8)
There is a memory corruption vulnerability due to an out-of-bounds read when loading a corrupted file in Digilent DASYLab. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0956/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T21:31:57
2 posts
🟠 CVE-2026-0954 - High (7.8)
There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted DSB file in Digilent DASYLab. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0954/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-0954 - High (7.8)
There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted DSB file in Digilent DASYLab. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0954/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T21:31:57
3 posts
🔴 CVE-2026-25823 - Critical (9.8)
HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have a stack buffer overflow that leads to a Denial of Service, which can also be exploited to achieve Unauth...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25823/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 New security advisory:
CVE-2026-25823 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-25823-hms-networks-ewon-flexy-cosy-stack-buffer-overflow
🔴 CVE-2026-25823 - Critical (9.8)
HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have a stack buffer overflow that leads to a Denial of Service, which can also be exploited to achieve Unauth...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25823/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T21:31:49
2 posts
🟠 CVE-2025-13779 - High (8.3)
Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-13779/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-13779 - High (8.3)
Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-13779/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T21:31:49
2 posts
🟠 CVE-2025-13777 - High (8.3)
Authentication bypass by capture-replay vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-13777/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-13777 - High (8.3)
Authentication bypass by capture-replay vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-13777/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T20:58:31
2 posts
CVE-2026-32720 (HIGH): ctfer-io monitoring <0.2.1 has improper access control, allowing lateral movement across Kubernetes namespaces — risks sensitive logs/metrics. Patch to 0.2.1+ ASAP! 🔒 https://radar.offseq.com/threat/cve-2026-32720-cwe-284-improper-access-control-in--c14eb5d2 #OffSeq #Kubernetes #CVE #CloudSecurity
##CVE-2026-32720 (HIGH): ctfer-io monitoring <0.2.1 has improper access control, allowing lateral movement across Kubernetes namespaces — risks sensitive logs/metrics. Patch to 0.2.1+ ASAP! 🔒 https://radar.offseq.com/threat/cve-2026-32720-cwe-284-improper-access-control-in--c14eb5d2 #OffSeq #Kubernetes #CVE #CloudSecurity
##updated 2026-03-13T20:51:15
2 posts
🚨 CRITICAL: CVE-2026-32621 in @Apollo federation-internals enables prototype pollution — risking code execution & data compromise. Affects versions <2.9.6, <2.10.5, <2.11.6, <2.12.3, <2.13.2. Patch now! https://radar.offseq.com/threat/cve-2026-32621-cwe-1321-improperly-controlled-modi-1de28d7f #OffSeq #CVE202632621 #GraphQL #Security
##🚨 CRITICAL: CVE-2026-32621 in @Apollo federation-internals enables prototype pollution — risking code execution & data compromise. Affects versions <2.9.6, <2.10.5, <2.11.6, <2.12.3, <2.13.2. Patch now! https://radar.offseq.com/threat/cve-2026-32621-cwe-1321-improperly-controlled-modi-1de28d7f #OffSeq #CVE202632621 #GraphQL #Security
##updated 2026-03-13T20:45:13.817000
2 posts
Microsoft Authenticator potrebbe divulgare i codici di accesso: se lo stai usando, aggiorna subito l'app
Una vulnerabilità in Microsoft Authenticator per iOS e Android ( CVE-2026-26123 ) potrebbe far trapelare i codici di accesso monouso o i deep link di autenticazione a un'app dannosa sullo stesso dispositivo.
##Microsoft Authenticator potrebbe divulgare i codici di accesso: se lo stai usando, aggiorna subito l'app
Una vulnerabilità in Microsoft Authenticator per iOS e Android ( CVE-2026-26123 ) potrebbe far trapelare i codici di accesso monouso o i deep link di autenticazione a un'app dannosa sullo stesso dispositivo.
##updated 2026-03-13T20:24:40.417000
15 posts
CISA still lists CVE-2026-3909 as a zero-day, even if Google removed it from its Chrome patch notes
So I presume it's still a zero-day, but patches are coming next week... instead of not being a zero-day in the first place
https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html
##Trivalent 146.0.7680.80 released:
github.com/secureblue/T...
CVE-2026-3909 was originally marked by Google as fixed in the previous upstream release. They have since revised those release notes and released for a third time this week, this time actually containing the fix for CVE-2026-3909.
Release 146.0.7680.80-443379 ·...
@vivaldiversiontracker This includes security fixes for CVE-2026-3909 & CVE-2026-3910 from Chromium 146.0.7680.80.
##@browserversiontracker For the curious, this includes security fixes for CVE-2026-3909 & CVE-2026-3910 from Chromium 146.0.7680.80.
And yes, we somehow beat the Chrome team getting this out even though they did the fix. 😂
##🟠 CVE-2026-3909 - High (8.8)
Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3909/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 [CISA-2026:0313] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0313)
CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2026-3909 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3909)
- Name: Google Skia Out-of-Bounds Write Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Google
- Product: Skia
- Notes: This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html#:~:text=Google%20is%20aware ; https://nvd.nist.gov/vuln/detail/CVE-2026-3909
⚠️ CVE-2026-3910 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3910)
- Name: Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Google
- Product: Chromium V8
- Notes: https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-3910
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260313 #cisa20260313 #cve_2026_3909 #cve_2026_3910 #cve20263909 #cve20263910
##CISA still lists CVE-2026-3909 as a zero-day, even if Google removed it from its Chrome patch notes
So I presume it's still a zero-day, but patches are coming next week... instead of not being a zero-day in the first place
https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html
##Trivalent 146.0.7680.80 released:
github.com/secureblue/T...
CVE-2026-3909 was originally marked by Google as fixed in the previous upstream release. They have since revised those release notes and released for a third time this week, this time actually containing the fix for CVE-2026-3909.
Release 146.0.7680.80-443379 ·...
@vivaldiversiontracker This includes security fixes for CVE-2026-3909 & CVE-2026-3910 from Chromium 146.0.7680.80.
##@browserversiontracker For the curious, this includes security fixes for CVE-2026-3909 & CVE-2026-3910 from Chromium 146.0.7680.80.
And yes, we somehow beat the Chrome team getting this out even though they did the fix. 😂
##🟠 CVE-2026-3909 - High (8.8)
Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3909/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 [CISA-2026:0313] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0313)
CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2026-3909 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3909)
- Name: Google Skia Out-of-Bounds Write Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Google
- Product: Skia
- Notes: This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html#:~:text=Google%20is%20aware ; https://nvd.nist.gov/vuln/detail/CVE-2026-3909
⚠️ CVE-2026-3910 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3910)
- Name: Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Google
- Product: Chromium V8
- Notes: https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-3910
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260313 #cisa20260313 #cve_2026_3909 #cve_2026_3910 #cve20263909 #cve20263910
##CVE ID: CVE-2026-3909
Vendor: Google
Product: Skia
Date Added: 2026-03-13
Notes: This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html#:~:text=Google%20is%20aware ; https://nvd.nist.gov/vuln/detail/CVE-2026-3909
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-3909
CISA has updated the KEV catalogue.
- CVE-2026-3909: Google Skia Out-of-Bounds Write Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-3909
- CVE-2026-3910: Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-3910 #CISA #Google #infosec #vulnerability
##Trivalent 145.0.7632.75-442755 released:
github.com/secureblue/T...
Google is aware that exploits for both CVE-2026-3909 & CVE-2026-3910 exist in the wild.
Release 146.0.7680.75-443342 ·...
updated 2026-03-13T20:20:31.943000
2 posts
🔴 CVE-2026-32133 - Critical (9.1)
2FAuth is a web app to manage Two-Factor Authentication (2FA) accounts and generate their security codes. Prior to 6.1.0, a blind SSRF vulnerability exists in 2FAuth that allows authenticated users to make arbitrary HTTP requests from the server t...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32133/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-32133 - Critical (9.1)
2FAuth is a web app to manage Two-Factor Authentication (2FA) accounts and generate their security codes. Prior to 6.1.0, a blind SSRF vulnerability exists in 2FAuth that allows authenticated users to make arbitrary HTTP requests from the server t...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32133/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T20:19:00.987000
4 posts
AdGuard Home Patches Critical Authentication Bypass Vulnerability
AdGuard Home patched a critical authentication bypass (CVE-2026-32136) that allowed unauthenticated attackers to gain full administrative control by exploiting HTTP/2 Cleartext (h2c) upgrade requests.
**Update your AdGuard Home instances to version 0.107.73 and make sure the interfaces are restricted to local network access to minimize the risk of remote exploitation.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/adguard-home-patches-critical-authentication-bypass-vulnerability-v-9-u-7-u/gD2P6Ple2L
AdGuard Home Patches Critical Authentication Bypass Vulnerability
AdGuard Home patched a critical authentication bypass (CVE-2026-32136) that allowed unauthenticated attackers to gain full administrative control by exploiting HTTP/2 Cleartext (h2c) upgrade requests.
**Update your AdGuard Home instances to version 0.107.73 and make sure the interfaces are restricted to local network access to minimize the risk of remote exploitation.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/adguard-home-patches-critical-authentication-bypass-vulnerability-v-9-u-7-u/gD2P6Ple2L
🔴 CVE-2026-32136 - Critical (9.8)
AdGuard Home is a network-wide software for blocking ads and tracking. Prior to 0.107.73, an unauthenticated remote attacker can bypass all authentication in AdGuardHome by sending an HTTP/1.1 request that requests an upgrade to HTTP/2 cleartext (...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32136/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##CVE-2026-32136 (CRITICAL): AdGuard Home <0.107.73 allows remote auth bypass via HTTP/2 cleartext upgrade. Full admin access at risk. Upgrade now! 🔐 https://radar.offseq.com/threat/cve-2026-32136-cwe-287-improper-authentication-in--91bc9287 #OffSeq #AdGuardHome #Vulnerability #Infosec
##updated 2026-03-13T20:07:26
1 posts
🟠 CVE-2026-1528 - High (7.5)
ImpactA server can reply with a WebSocket frame using the 64-bit length form and an extremely large length. undici's ByteParser overflows internal math, ends up in an invalid state, and throws a fatal TypeError that terminates the process.
Patche...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1528/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T20:06:54.667000
1 posts
🟠 CVE-2026-1526 - High (7.5)
The undici WebSocket client is vulnerable to a denial-of-service attack via unbounded memory consumption during permessage-deflate decompression. When a WebSocket connection negotiates the permessage-deflate extension, the client decompresses inco...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1526/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T20:06:54.667000
1 posts
🟠 CVE-2026-2229 - High (7.5)
ImpactThe undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of the server_max_window_bits parameter in the permessage-deflate extension. When a WebSocket client connects to a server, it automatically ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2229/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T20:05:49.723000
1 posts
⚠️ CRITICAL: CVE-2026-31896 in WeGIA <3.6.6 enables unauthenticated SQL injection via remover_produto_ocultar.php. Attackers can read or modify DB data. Patch to 3.6.6+ ASAP or apply WAF rules. Details: https://radar.offseq.com/threat/cve-2026-31896-cwe-89-improper-neutralization-of-s-90bf525e #OffSeq #SQLInjection #InfoSec
##updated 2026-03-13T20:02:20
1 posts
🟠 CVE-2026-32260 - High (8.1)
Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.7.0 to 2.7.1, A command injection vulnerability exists in Deno's node:child_process polyfill (shell: true mode) that bypasses the fix for CVE-2026-27190. The two-stage argument san...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32260/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T20:00:40
2 posts
🟠 CVE-2026-32308 - High (7.6)
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.23, the Markdown viewer component renders Mermaid diagrams with securityLevel: "loose" and injects the SVG output via innerHTML. This configuration explicitly allow...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32308/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32308 - High (7.6)
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.23, the Markdown viewer component renders Mermaid diagrams with securityLevel: "loose" and injects the SVG output via innerHTML. This configuration explicitly allow...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32308/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T19:58:55.173000
1 posts
🟠 CVE-2026-28793 - High (8.4)
Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI development server exposes media endpoints that are vulnerable to path traversal, allowing attackers to read and write arbitrary files on the filesystem outside the inte...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28793/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T19:55:13.917000
2 posts
🟠 CVE-2026-4111 - High (7.5)
A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state w...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4111/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4111 - High (7.5)
A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state w...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4111/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T19:55:10.147000
6 posts
⚠️ CRITICAL: CVE-2026-32746 in GNU inetutils telnetd (<=2.7) enables remote buffer overflow — unauthenticated code execution or DoS possible. Disable telnet, restrict access, monitor for threats. No patch yet! https://radar.offseq.com/threat/cve-2026-32746-cwe-120-buffer-copy-without-checkin-0ceead78 #OffSeq #CVE202632746 #infosec
##🔴 CVE-2026-32746 - Critical (9.8)
telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32746/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-32746 - Critical (9.8)
telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32746/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CRITICAL: CVE-2026-32746 in GNU inetutils telnetd (<=2.7) enables remote buffer overflow — unauthenticated code execution or DoS possible. Disable telnet, restrict access, monitor for threats. No patch yet! https://radar.offseq.com/threat/cve-2026-32746-cwe-120-buffer-copy-without-checkin-0ceead78 #OffSeq #CVE202632746 #infosec
##🔴 CVE-2026-32746 - Critical (9.8)
telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32746/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-32746 - Critical (9.8)
telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32746/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T19:55:09.500000
2 posts
🟠 CVE-2026-32597 - High (7.5)
PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understan...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32597/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32597 - High (7.5)
PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understan...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32597/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T19:55:08.247000
2 posts
🟠 CVE-2026-32459 - High (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in flycart UpsellWP checkout-upsell-and-order-bumps allows Blind SQL Injection.This issue affects UpsellWP: from n/a through <= 2.2.4.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32459/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32459 - High (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in flycart UpsellWP checkout-upsell-and-order-bumps allows Blind SQL Injection.This issue affects UpsellWP: from n/a through <= 2.2.4.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32459/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T19:55:08.040000
2 posts
🟠 CVE-2026-32458 - High (7.6)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 WOLF bulk-editor allows Blind SQL Injection.This issue affects WOLF: from n/a through <= 1.0.8.7.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32458/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32458 - High (7.6)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 WOLF bulk-editor allows Blind SQL Injection.This issue affects WOLF: from n/a through <= 1.0.8.7.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32458/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T19:54:59.307000
2 posts
🟠 CVE-2026-32418 - High (7.6)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jordy Meow Meow Gallery meow-gallery allows Blind SQL Injection.This issue affects Meow Gallery: from n/a through <= 5.4.4.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32418/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32418 - High (7.6)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jordy Meow Meow Gallery meow-gallery allows Blind SQL Injection.This issue affects Meow Gallery: from n/a through <= 5.4.4.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32418/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T19:54:55.777000
2 posts
🟠 CVE-2026-32399 - High (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Lingren Media LIbrary Assistant media-library-assistant allows Blind SQL Injection.This issue affects Media LIbrary Assistant: from n/a thr...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32399/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32399 - High (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Lingren Media LIbrary Assistant media-library-assistant allows Blind SQL Injection.This issue affects Media LIbrary Assistant: from n/a thr...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32399/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T19:54:51.027000
4 posts
🟠 CVE-2026-32368 - High (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in delphiknight Geo to Lat geo-to-lat allows Blind SQL Injection.This issue affects Geo to Lat: from n/a through <= 1.0.19.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32368/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32368 - High (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in delphiknight Geo to Lat geo-to-lat allows Blind SQL Injection.This issue affects Geo to Lat: from n/a through <= 1.0.19.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32368/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32368 - High (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in delphiknight Geo to Lat geo-to-lat allows Blind SQL Injection.This issue affects Geo to Lat: from n/a through <= 1.0.19.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32368/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32368 - High (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in delphiknight Geo to Lat geo-to-lat allows Blind SQL Injection.This issue affects Geo to Lat: from n/a through <= 1.0.19.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32368/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T19:54:50.713000
2 posts
🟠 CVE-2026-32366 - High (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in robfelty Collapsing Categories collapsing-categories allows Blind SQL Injection.This issue affects Collapsing Categories: from n/a through <= ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32366/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32366 - High (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in robfelty Collapsing Categories collapsing-categories allows Blind SQL Injection.This issue affects Collapsing Categories: from n/a through <= ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32366/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T19:54:42.297000
2 posts
🟠 CVE-2026-32319 - High (7.5)
Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a malformed integrity protected NGAP/NAS message with a length under 7 bytes. An attacker able to send crafted NAS messages to Ella Core can cra...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32319/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32319 - High (7.5)
Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a malformed integrity protected NGAP/NAS message with a length under 7 bytes. An attacker able to send crafted NAS messages to Ella Core can cra...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32319/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T19:54:42
2 posts
🔴 CVE-2026-32306 - Critical (9.9)
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.23, the telemetry aggregation API accepts user-controlled aggregationType, aggregateColumnName, and aggregationTimestampColumnName parameters and interpolates them ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32306/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-32306 - Critical (9.9)
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.23, the telemetry aggregation API accepts user-controlled aggregationType, aggregateColumnName, and aggregationTimestampColumnName parameters and interpolates them ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32306/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T19:54:41.650000
2 posts
🟠 CVE-2026-32302 - High (8.1)
OpenClaw is a personal AI assistant. Prior to 2026.3.11, browser-originated WebSocket connections could bypass origin validation when gateway.auth.mode was set to trusted-proxy and the request arrived with proxy headers. A page served from an untr...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32302/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32302 - High (8.1)
OpenClaw is a personal AI assistant. Prior to 2026.3.11, browser-originated WebSocket connections could bypass origin validation when gateway.auth.mode was set to trusted-proxy and the request arrived with proxy headers. A page served from an untr...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32302/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T19:54:41.477000
3 posts
🔴 CVE-2026-32301 - Critical (9.3)
Centrifugo is an open-source scalable real-time messaging server. Prior to 6.7.0, Centrifugo is vulnerable to Server-Side Request Forgery (SSRF) when configured with a dynamic JWKS endpoint URL using template variables (e.g. {{tenant}}). An unauth...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32301/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-32301 - Critical (9.3)
Centrifugo is an open-source scalable real-time messaging server. Prior to 6.7.0, Centrifugo is vulnerable to Server-Side Request Forgery (SSRF) when configured with a dynamic JWKS endpoint URL using template variables (e.g. {{tenant}}). An unauth...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32301/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CVE-2026-32301: Centrifugo < 6.7.0 has a CRITICAL SSRF flaw — unauthenticated attackers can force outbound requests via dynamic JWKS URLs (e.g., using {{tenant}}). Upgrade ASAP & lock down configs! https://radar.offseq.com/threat/cve-2026-32301-cwe-918-server-side-request-forgery-6022b45c #OffSeq #SSRF #Centrifugo #Vuln
##updated 2026-03-13T19:54:41.057000
1 posts
⚠️ CRITICAL: CVE-2026-32251 in tolgee-platform (<3.166.3) allows authenticated users to exploit XXE for file read & SSRF. Patch to 3.166.3+ ASAP! Limit XML imports & monitor for abuse. Details: https://radar.offseq.com/threat/cve-2026-32251-cwe-611-improper-restriction-of-xml-6ee364da #OffSeq #CVE202632251 #infosec #XXE
##updated 2026-03-13T19:54:39.393000
2 posts
🟠 CVE-2026-31922 - High (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ays Pro Fox LMS fox-lms allows Blind SQL Injection.This issue affects Fox LMS: from n/a through <= 1.0.6.3.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31922/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-31922 - High (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ays Pro Fox LMS fox-lms allows Blind SQL Injection.This issue affects Fox LMS: from n/a through <= 1.0.6.3.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31922/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T19:54:38.190000
2 posts
1 repos
🟠 CVE-2026-31899 - High (7.5)
CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to Kozea/CairoSVG has exponential denial of service via recursive element amplification in cairosvg/defs.py. This causes CPU exhaustion from a small input.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31899/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-31899 - High (7.5)
CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to Kozea/CairoSVG has exponential denial of service via recursive element amplification in cairosvg/defs.py. This causes CPU exhaustion from a small input.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31899/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T19:54:27.627000
2 posts
🟠 CVE-2026-25819 - High (7.5)
HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 allows unauthenticated attackers to cause a Denial of Service by using a specially crafted HTTP request that ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25819/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25819 - High (7.5)
HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 allows unauthenticated attackers to cause a Denial of Service by using a specially crafted HTTP request that ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25819/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T19:54:27.353000
2 posts
🔴 CVE-2026-25818 - Critical (9.1)
HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have weak entropy for authentication cookies, allowing an attacker with a stolen session cookie to find the u...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25818/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-25818 - Critical (9.1)
HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have weak entropy for authentication cookies, allowing an attacker with a stolen session cookie to find the u...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25818/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T19:54:25.283000
2 posts
🟠 CVE-2026-25817 - High (8.8)
HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have improper neutralization of special elements used in an OS command allowing remote code execution by atta...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25817/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25817 - High (8.8)
HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have improper neutralization of special elements used in an OS command allowing remote code execution by atta...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25817/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T19:54:07.480000
2 posts
🟠 CVE-2026-22182 - High (7.5)
wpDiscuz before 7.6.47 contains an unauthenticated denial of service vulnerability that allows anonymous users to trigger mass notification emails by exploiting the checkNotificationType() function. Attackers can repeatedly call the wpdiscuz-ajax....
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22182/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-22182 - High (7.5)
wpDiscuz before 7.6.47 contains an unauthenticated denial of service vulnerability that allows anonymous users to trigger mass notification emails by exploiting the checkNotificationType() function. Attackers can repeatedly call the wpdiscuz-ajax....
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22182/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T19:53:57.400000
2 posts
🟠 CVE-2026-0955 - High (7.8)
There is a memory corruption vulnerability due to an out-of-bounds read when loading a corrupted file in Digilent DASYLab. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0955/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-0955 - High (7.8)
There is a memory corruption vulnerability due to an out-of-bounds read when loading a corrupted file in Digilent DASYLab. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0955/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T19:53:53.807000
1 posts
🔴 CVE-2025-70245 - Critical (9.8)
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWizardSelectMode.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70245/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T19:33:50.047000
1 posts
March 2026 Microsoft Patch Tuesday | Tenable® #devopsish https://www.tenable.com/blog/microsofts-march-2026-patch-tuesday-addresses-83-cves-cve-2026-21262-cve-2026-26127
##updated 2026-03-13T19:00:34.193000
3 posts
🔴 CVE-2026-32248 - Critical (9.8)
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.12 and 8.6.38, an unauthenticated attacker can take over any user account that was created with an authentication provider...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32248/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-32248 - Critical (9.8)
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.12 and 8.6.38, an unauthenticated attacker can take over any user account that was created with an authentication provider...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32248/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CRITICAL: CVE-2026-32248 in parse-server (>=9.0.0, <9.6.0-alpha.12, <8.6.38) allows unauth attackers to hijack accounts if anonymous auth is enabled. MongoDB & PostgreSQL affected. Upgrade ASAP or disable anonymous auth! https://radar.offseq.com/threat/cve-2026-32248-cwe-943-improper-neutralization-of--cc26229b #OffSeq #CVE202632248 #infosec
##updated 2026-03-13T18:57:29.620000
1 posts
🔴 CVE-2026-26792 - Critical (9.8)
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain multiple command injection vulnerabilities in the set_upgrade function via the modem_url, target_version, current_version, firmware_upload, hash_type, hash_value, and upgrade_type parameters. T...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26792/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T18:56:22.657000
1 posts
🟠 CVE-2026-26794 - High (8.8)
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL injection vulnerability via the add_group() function. This vulnerability allows attackers to execute arbitrary SQL database operations via a crafted HTTP request.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26794/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T18:32:42
1 posts
🟠 CVE-2026-3914 - High (8.8)
Integer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3914/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T16:57:55.797000
1 posts
🚨 CVE-2026-32242: CRITICAL race condition in parse-server (>=9.0.0 <9.6.0-alpha.11, <8.6.37) lets OAuth2 tokens be validated against wrong provider configs. Patch to 9.6.0-alpha.11/8.6.37! https://radar.offseq.com/threat/cve-2026-32242-cwe-362-concurrent-execution-using--7a67bf5f #OffSeq #parseServer #OAuth2 #RaceCondition
##updated 2026-03-13T16:51:38.307000
2 posts
🟠 CVE-2026-32110 - High (8.3)
SiYuan is a personal knowledge management system. Prior to 3.6.0, the /api/network/forwardProxy endpoint allows authenticated users to make arbitrary HTTP requests from the server. The endpoint accepts a user-controlled URL and makes HTTP requests...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32110/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32110 - High (8.3)
SiYuan is a personal knowledge management system. Prior to 3.6.0, the /api/network/forwardProxy endpoint allows authenticated users to make arbitrary HTTP requests from the server. The endpoint accepts a user-controlled URL and makes HTTP requests...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32110/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T16:47:45.940000
1 posts
LnkMeMaybe - A Review of CVE-2026-25185 https://trustedsec.com/blog/lnkmemaybe-a-review-of-cve-2026-25185
##updated 2026-03-13T16:10:32
3 posts
🔴 CVE-2026-32304 - Critical (9.8)
Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to 3.0.14, the create_function(args, code) function passes both parameters directly to the Function constructor without any sanitization, allowing ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32304/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-32304 - Critical (9.8)
Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to 3.0.14, the create_function(args, code) function passes both parameters directly to the Function constructor without any sanitization, allowing ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32304/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CRITICAL: CVE-2026-32304 in locutusjs (<3.0.14) enables unauthenticated remote code execution via create_function() and unsanitized inputs. Patch to 3.0.14+ now! Full details: https://radar.offseq.com/threat/cve-2026-32304-cwe-94-improper-control-of-generati-7207fd62 #OffSeq #Vuln #JavaScript #Infosec
##updated 2026-03-13T16:03:02.080000
1 posts
🟠 CVE-2026-32137 - High (8.8)
Dataease is an open source data visualization analysis tool. Prior to 2.10.20, The table parameter for /de2api/datasource/previewData is directly concatenated into the SQL statement without any filtering or parameterization. Since tableName is a u...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32137/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T16:02:22.993000
1 posts
🔴 CVE-2026-26793 - Critical (9.8)
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the set_config function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26793/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T15:49:20.827000
2 posts
🟠 CVE-2026-32121 - High (7.7)
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, Stored XSS in prescription CSS/HTML print view via patient demographics. That finding involves server-side rendering of pat...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32121/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32121 - High (7.7)
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, Stored XSS in prescription CSS/HTML print view via patient demographics. That finding involves server-side rendering of pat...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32121/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T15:47:50.460000
2 posts
🟠 CVE-2026-32123 - High (7.7)
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, sensitivity checks for group encounters are broken because the code only consults form_encounter for sensitivity, while grou...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32123/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32123 - High (7.7)
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, sensitivity checks for group encounters are broken because the code only consults form_encounter for sensitivity, while grou...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32123/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T15:43:17.190000
1 posts
🟠 CVE-2026-3918 - High (8.8)
Use after free in WebMCP in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3918/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T15:42:49.310000
2 posts
🟠 CVE-2026-3913 - High (8.8)
Heap buffer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3913/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Google Patches Critical WebML Vulnerability and 28 Other Flaws in Chrome 146
Google released Chrome 146 to patch 29 vulnerabilities, including a critical heap memory flaw in the WebML component (CVE-2026-3913) that allows remote code execution via malicious web pages.
**If you are using Google Chrome or other Chromium-based browsers (Edge, Brave, Vivaldi, Opera...) patch your browser ASAP. Google wouldn't push a new update so soon unless it's serious. Even if you want to debate the severity scoring, it's better to just update. Because while you debate, hackers will find a way to exploit them.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/google-patches-critical-webml-vulnerability-and-28-other-flaws-in-chrome-146-u-5-m-9-g/gD2P6Ple2L
updated 2026-03-13T15:42:29.203000
1 posts
🟠 CVE-2026-3921 - High (8.8)
Use after free in TextEncoding in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3921/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T15:42:22.127000
1 posts
🟠 CVE-2026-3922 - High (8.8)
Use after free in MediaStream in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3922/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T15:41:38.623000
1 posts
🟠 CVE-2026-3931 - High (8.8)
Heap buffer overflow in Skia in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3931/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T15:41:03.103000
1 posts
🟠 CVE-2026-3924 - High (7.5)
use after free in WindowDialog in Google Chrome prior to 146.0.7680.71 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3924/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T15:40:44
1 posts
🟠 CVE-2026-32141 - High (7.5)
flatted is a circular JSON parser. Prior to 3.4.0, flatted's parse() function uses a recursive revive() phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential $ indices, the r...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32141/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T15:40:14
5 posts
🔴 New security advisory:
CVE-2026-31886 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-31886-dagu-workflow-engine-critical-directory-traversal-update-now
🔴 CVE-2026-31886 - Critical (9.1)
Dagu is a workflow engine with a built-in Web user interface. Prior to 2.2.4, the dagRunId request field accepted by the inline DAG execution endpoints is passed directly into filepath.Join to construct a temporary directory path without any forma...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31886/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CRITICAL vuln: dagu <2.2.4 suffers from path traversal (CVE-2026-31886). Exploit allows deletion of /tmp, causing system-wide DoS. Upgrade to 2.2.4+ or enforce input validation now! https://radar.offseq.com/threat/cve-2026-31886-cwe-22-improper-limitation-of-a-pat-116cb11a #OffSeq #dagu #security #CVE2026_31886
##🔴 CVE-2026-31886 - Critical (9.1)
Dagu is a workflow engine with a built-in Web user interface. Prior to 2.2.4, the dagRunId request field accepted by the inline DAG execution endpoints is passed directly into filepath.Join to construct a temporary directory path without any forma...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31886/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CRITICAL vuln: dagu <2.2.4 suffers from path traversal (CVE-2026-31886). Exploit allows deletion of /tmp, causing system-wide DoS. Upgrade to 2.2.4+ or enforce input validation now! https://radar.offseq.com/threat/cve-2026-31886-cwe-22-improper-limitation-of-a-pat-116cb11a #OffSeq #dagu #security #CVE2026_31886
##updated 2026-03-13T15:05:35
2 posts
🟠 CVE-2026-31882 - High (7.5)
Dagu is a workflow engine with a built-in Web user interface. Prior to 2.2.4, when Dagu is configured with HTTP Basic authentication (DAGU_AUTH_MODE=basic), all Server-Sent Events (SSE) endpoints are accessible without any credentials. This allows...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31882/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-31882 - High (7.5)
Dagu is a workflow engine with a built-in Web user interface. Prior to 2.2.4, when Dagu is configured with HTTP Basic authentication (DAGU_AUTH_MODE=basic), all Server-Sent Events (SSE) endpoints are accessible without any credentials. This allows...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31882/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T13:46:09
5 posts
🔴 CVE-2026-26954 - Critical (10)
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.34, it is possible to obtain arrays containing Function, which allows escaping the sandbox. Given an array containing Function, and Object.fromEntries, it is possible to construct {[p]: Fu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26954/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 New security advisory:
CVE-2026-26954 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-26954-sandboxjs-sandbox-escape-vulnerability-update-to-0-8-34
🔥 CRITICAL: CVE-2026-26954 in SandboxJS (< 0.8.34) enables sandbox escape via Function & Object.fromEntries. Attackers can run arbitrary code remotely! Upgrade to v0.8.34+ now. Full details: https://radar.offseq.com/threat/cve-2026-26954-cwe-94-improper-control-of-generati-35790079 #OffSeq #CVE202626954 #infosec #sandbox
##🔴 CVE-2026-26954 - Critical (10)
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.34, it is possible to obtain arrays containing Function, which allows escaping the sandbox. Given an array containing Function, and Object.fromEntries, it is possible to construct {[p]: Fu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26954/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔥 CRITICAL: CVE-2026-26954 in SandboxJS (< 0.8.34) enables sandbox escape via Function & Object.fromEntries. Attackers can run arbitrary code remotely! Upgrade to v0.8.34+ now. Full details: https://radar.offseq.com/threat/cve-2026-26954-cwe-94-improper-control-of-generati-35790079 #OffSeq #CVE202626954 #infosec #sandbox
##updated 2026-03-13T13:35:56
1 posts
🟠 CVE-2026-32231 - High (8.2)
ZeptoClaw is a personal AI assistant. Prior to 0.7.6, the generic webhook channel trusts caller-supplied identity fields (sender, chat_id) from the request body and applies authorization checks to those untrusted values. Because authentication is ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32231/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T13:35:26
1 posts
🟠 CVE-2026-32246 - High (8.5)
Tinyauth is an authentication and authorization server. Prior to 5.0.3, the OIDC authorization endpoint allows users with a TOTP-pending session (password verified, TOTP not yet completed) to obtain authorization codes. An attacker who knows a use...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32246/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T21:35:01
2 posts
🚨 CRITICAL: CVE-2026-3611 impacts Honeywell IQ4E (v3.50_3.44) — missing web HMI authentication lets remote attackers create admin accounts, lock out operators, and control building systems. Restrict access & create user accounts ASAP. https://radar.offseq.com/threat/cve-2026-3611-cwe-306-missing-authentication-for-c-2be1059b #OffSeq #ICS #Honeywell
##🔴 CVE-2026-3611 - Critical (10)
The Honeywell IQ4x building management controller, exposes its full web-based HMI without authentication in its factory-default configuration. With no user module configured, security is disabled by design and the system operates under a System Gu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3611/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T21:34:46
1 posts
🔴 CVE-2026-3916 - Critical (9.6)
Out of bounds read in Web Speech in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3916/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T21:34:46
1 posts
🟠 CVE-2026-3915 - High (8.8)
Heap buffer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3915/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T21:34:46
1 posts
🟠 CVE-2026-3926 - High (8.8)
Out of bounds read in V8 in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3926/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T21:08:22.643000
2 posts
🟠 CVE-2026-32101 - High (7.6)
StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.3.1, the S3 storage manager's isAuthorized() function is declared async (returns Promise) but is called without await in both the POST and PUT handle...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32101/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32101 - High (7.6)
StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.3.1, the S3 storage manager's isAuthorized() function is declared async (returns Promise) but is called without await in both the POST and PUT handle...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32101/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T21:08:22.643000
1 posts
🟠 CVE-2026-32130 - High (7.5)
ZITADEL is an open source identity management platform. From 2.68.0 to before 3.4.8 and 4.12.2, Zitadel provides a System for Cross-domain Identity Management (SCIM) API to provision users from external providers into Zitadel. Request to the API w...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32130/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T21:08:22.643000
2 posts
🔴 CVE-2026-27591 - Critical (9.9)
Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Prior to 1.0.477, 1.1.12, and 1.2.12, Winter CMS allowed authenticated backend users to escalate their accounts level of access to the system by modi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27591/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CRITICAL: CVE-2026-27591 in Winter CMS (<1.0.477, <1.1.12, <1.2.12) lets any authenticated backend user escalate to admin via crafted requests. Patch ASAP! Impact: full compromise. https://radar.offseq.com/threat/cve-2026-27591-cwe-284-improper-access-control-in--eac8002f #OffSeq #WinterCMS #CVE202627591 #infosec
##updated 2026-03-12T21:08:22.643000
1 posts
Critical Splunk RCE Vulnerability (CVE-2026–20163) Lets Attackers Run Shell Commands on Your Server
The discovered vulnerability is a Remote Code Execution (RCE) in Splunk, a popular data processing software. The flaw stems from insufficient input validation in the application's search interface. By constructing a crafted search query, an attacker can exploit the vulnerability and execute arbitrary shell commands on the target server. Specifically, an attacker can utilize the 'enableJavaScript' and 'enableCookies' search commands to trigger the RCE. When the search interface receives a request, it inadvertently executes JavaScript provided by the attacker, enabling further exploitation. The impact of this vulnerability is severe, as it allows unauthorized execution of commands with the privileges of the Splunk user, potentially leading to data breaches or unauthorized access. The researcher received a $15,000 bounty from Splunk for reporting this critical issue. To remediate, Splunk suggests implementing input validation and sanitization for user-supplied search queries. Key lesson: Always validate user inputs to prevent RCE attacks. #BugBounty #Cybersecurity #RCE #Splunk #InputValidation
updated 2026-03-12T21:08:22.643000
1 posts
⚠️ CRITICAL: CVE-2026-31957 in himmelblau-idm (3.0.0-<3.1.0) lets attackers bypass Azure Entra ID tenant isolation if tenant domain isn't set. Upgrade to 3.1.0+ & enforce config! Details: https://radar.offseq.com/threat/cve-2026-31957-cwe-1188-insecure-default-initializ-e7809765 #OffSeq #Azure #CVE202631957 #InfoSec
##updated 2026-03-12T21:08:22.643000
1 posts
🚨 CVE-2026-31976: CRITICAL supply chain risk in xygeni/xygeni-action. Workflows using @v5 (Mar 3 – 10, 2026) ran C2 code via tag poisoning. Pin to safe SHA, rotate creds, review logs. Details: https://radar.offseq.com/threat/cve-2026-31976-cwe-506-embedded-malicious-code-in--7bdbb65f #OffSeq #SupplyChain #CI_CD #GitHub
##updated 2026-03-12T21:08:22.643000
1 posts
🚨 CVE-2026-32096: CRITICAL SSRF in Plunk < 0.7.0 lets unauthenticated attackers trigger arbitrary outbound HTTP requests via SNS webhook. Upgrade to 0.7.0+ ASAP. Monitor egress and review webhook configs. https://radar.offseq.com/threat/cve-2026-32096-cwe-918-server-side-request-forgery-4e688d7e #OffSeq #SSRF #CloudSecurity
##updated 2026-03-12T21:07:53.427000
1 posts
🟠 CVE-2026-3971 - High (8.8)
A vulnerability has been found in Tenda i3 1.0.0.6(2204). Affected by this vulnerability is the function formwrlSSIDset of the file /goform/wifiSSIDset. The manipulation of the argument index/GO leads to stack-based buffer overflow. Remote exploit...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3971/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T21:07:53.427000
1 posts
🟠 CVE-2026-3970 - High (8.8)
A flaw has been found in Tenda i3 1.0.0.6(2204). Affected is the function formwrlSSIDget of the file /goform/wifiSSIDget. Executing a manipulation of the argument index can lead to stack-based buffer overflow. The attack may be launched remotely. ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3970/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T21:07:53.427000
1 posts
🟠 CVE-2026-3975 - High (8.8)
A security flaw has been discovered in Tenda W3 1.0.0.3(2204). This issue affects the function formWifiMacFilterGet of the file /goform/WifiMacFilterGet of the component POST Parameter Handler. Performing a manipulation of the argument wl_radio re...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3975/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T21:07:53.427000
2 posts
🟠 CVE-2026-3978 - High (8.8)
A vulnerability was detected in D-Link DIR-513 1.10. The impacted element is an unknown function of the file /goform/formEasySetupWizard3. The manipulation of the argument wan_connected results in stack-based buffer overflow. The attack can be lau...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3978/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-3978 - High (8.8)
A vulnerability was detected in D-Link DIR-513 1.10. The impacted element is an unknown function of the file /goform/formEasySetupWizard3. The manipulation of the argument wan_connected results in stack-based buffer overflow. The attack can be lau...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3978/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T21:07:53.427000
4 posts
🟠 CVE-2026-21668 - High (8.8)
A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21668/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21668 - High (8.8)
A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21668/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21668 - High (8.8)
A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21668/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21668 - High (8.8)
A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21668/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T21:07:53.427000
1 posts
🟠 CVE-2026-3974 - High (8.8)
A vulnerability was identified in Tenda W3 1.0.0.3(2204). This vulnerability affects the function formexeCommand of the file /goform/exeCommand of the component HTTP Handler. Such manipulation of the argument cmdinput leads to stack-based buffer o...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3974/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T21:07:53.427000
2 posts
🟠 CVE-2026-4008 - High (8.8)
A flaw has been found in Tenda W3 1.0.0.3(2204). This issue affects some unknown processing of the file /goform/wifiSSIDset of the component POST Parameter Handler. Executing a manipulation of the argument index/GO can lead to stack-based buffer o...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4008/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🛡️ CVE-2026-4008: HIGH severity stack buffer overflow in Tenda W3 (v1.0.0.3(2204)) lets remote attackers execute code or cause DoS — no auth needed. Public exploit available, patch or restrict access now! https://radar.offseq.com/threat/cve-2026-4008-stack-based-buffer-overflow-in-tenda-40f87be9 #OffSeq #Tenda #Infosec #Vuln
##updated 2026-03-12T21:07:53.427000
3 posts
🟠 CVE-2026-21670 - High (7.7)
A vulnerability allowing a low-privileged user to extract saved SSH credentials.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21670/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21670 - High (7.7)
A vulnerability allowing a low-privileged user to extract saved SSH credentials.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21670/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21670 - High (7.7)
A vulnerability allowing a low-privileged user to extract saved SSH credentials.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21670/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T21:07:53.427000
1 posts
🟠 CVE-2026-32247 - High (8.1)
Graphiti is a framework for building and querying temporal context graphs for AI agents. Graphiti versions before 0.28.2 contained a Cypher injection vulnerability in shared search-filter construction for non-Kuzu backends. Attacker-controlled lab...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32247/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T21:07:53.427000
1 posts
🟠 CVE-2026-27940 - High (7.8)
llama.cpp is an inference of several LLM models in C/C++. Prior to b8146, the gguf_init_from_file_impl() in gguf.cpp is vulnerable to an Integer overflow, leading to an undersized heap allocation. Using the subsequent fread() writes 528+ bytes of ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27940/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T21:07:53.427000
1 posts
🟠 CVE-2026-21672 - High (8.8)
A vulnerability allowing local privilege escalation on Windows-based Veeam Backup & Replication servers.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21672/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T21:07:53.427000
1 posts
🟠 CVE-2026-21887 - High (7.7)
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.8.16, the OpenCTI platform’s data ingestion feature accepts user-supplied URLs without validation and uses the Axios HTTP client with...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21887/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T21:07:53.427000
1 posts
🟠 CVE-2026-4007 - High (8.8)
A vulnerability was detected in Tenda W3 1.0.0.3(2204). This vulnerability affects unknown code of the file /goform/wifiSSIDget of the component POST Parameter Handler. Performing a manipulation of the argument index results in stack-based buffer ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4007/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T21:07:53.427000
1 posts
🔴 CVE-2026-21667 - Critical (9.9)
A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21667/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T21:07:53.427000
1 posts
🔴 CVE-2026-21666 - Critical (9.9)
A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21666/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T21:07:53.427000
1 posts
🟠 CVE-2026-4042 - High (8.8)
A weakness has been identified in Tenda i12 1.0.0.6(2204). The affected element is the function formWifiMacFilterGet of the file /goform/WifiMacFilterGet. This manipulation of the argument index causes stack-based buffer overflow. The attack may b...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4042/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T20:32:34
1 posts
March 2026 Microsoft Patch Tuesday | Tenable® #devopsish https://www.tenable.com/blog/microsofts-march-2026-patch-tuesday-addresses-83-cves-cve-2026-21262-cve-2026-26127
##updated 2026-03-12T20:32:10
1 posts
🔴 CVE-2026-28792 - Critical (9.6)
Tina is a headless content management system. Prior to 2.1.8 , the TinaCMS CLI dev server combines a permissive CORS configuration (Access-Control-Allow-Origin: *) with the path traversal vulnerability (previously reported) to enable a browser-bas...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28792/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T18:32:23
4 posts
The 'multipart' #python library got an independent #security audit and I only know about that because they found something -> CVE-2026-28356
This is great, actually! Someone looked into it so thoroughly that they found an obscure single-character issue in a regular expression ... and didn't find anything else! Which means I can now be really confident about the security of this library. Nice!
##The 'multipart' #python library got an independent #security audit and I only know about that because they found something -> CVE-2026-28356
This is great, actually! Someone looked into it so thoroughly that they found an obscure single-character issue in a regular expression ... and didn't find anything else! Which means I can now be really confident about the security of this library. Nice!
##🟠 CVE-2026-28356 - High (7.5)
multipart is a fast multipart/form-data parser for python. Prior to 1.2.2, 1.3.1 and 1.4.0-dev, the parse_options_header() function in multipart.py uses a regular expression with an ambiguous alternation, which can cause exponential backtracking (...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28356/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T18:31:33
1 posts
🟠 CVE-2026-3936 - High (8.8)
Use after free in WebView in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3936/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T18:30:38
1 posts
🔴 CVE-2026-21708 - Critical (9.9)
A vulnerability allowing a Backup Viewer to perform remote code execution (RCE) as the postgres user.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21708/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T18:30:38
1 posts
🟠 CVE-2026-4043 - High (8.8)
A security vulnerability has been detected in Tenda i12 1.0.0.6(2204). The impacted element is the function formwrlSSIDget of the file /goform/wifiSSIDget. Such manipulation of the argument index leads to stack-based buffer overflow. The attack ma...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4043/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T17:38:59
1 posts
🔴 CVE-2026-3059 - Critical (9.8)
SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads() without authentication.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3059/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T17:38:54
1 posts
🔴 CVE-2026-3060 - Critical (9.8)
SGLang' encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads() without authentication.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3060/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T15:31:28
1 posts
🟠 CVE-2026-3923 - High (8.8)
Use after free in WebMIDI in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3923/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T15:31:27
1 posts
🟠 CVE-2026-3919 - High (8.8)
Use after free in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3919/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T15:30:31
1 posts
🟠 CVE-2026-4041 - High (8.8)
A security flaw has been discovered in Tenda i12 1.0.0.6(2204). Impacted is the function vos_strcpy of the file /goform/exeCommand. The manipulation of the argument cmdinput results in stack-based buffer overflow. The attack can be launched remote...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4041/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T15:30:26
4 posts
🔴 CVE-2026-21671 - Critical (9.1)
A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution (RCE) in high availability (HA) deployments of Veeam Backup & Replication.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21671/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-21671 - Critical (9.1)
A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution (RCE) in high availability (HA) deployments of Veeam Backup & Replication.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21671/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-21671 - Critical (9.1)
A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution (RCE) in high availability (HA) deployments of Veeam Backup & Replication.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21671/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-21671 - Critical (9.1)
A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution (RCE) in high availability (HA) deployments of Veeam Backup & Replication.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21671/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T15:30:26
1 posts
🔴 CVE-2026-21669 - Critical (9.9)
A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21669/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T15:30:25
1 posts
🟠 CVE-2026-3920 - High (8.8)
Out of bounds memory access in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3920/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T15:30:25
1 posts
🟠 CVE-2026-3917 - High (8.8)
Use after free in Agents in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3917/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T03:31:16
1 posts
🟠 CVE-2026-3973 - High (8.8)
A vulnerability was determined in Tenda W3 1.0.0.3(2204). This affects the function formSetAutoPing of the file /goform/setAutoPing of the component POST Parameter Handler. This manipulation of the argument ping1/ping2 causes stack-based buffer ov...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3973/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T03:31:16
1 posts
🟠 CVE-2026-3657 - High (7.5)
The My Sticky Bar plugin for WordPress is vulnerable to SQL injection via the `stickymenu_contact_lead_form` AJAX action in all versions up to, and including, 2.8.6. This is due to the handler using attacker-controlled POST parameter names directl...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3657/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T03:31:15
1 posts
🟠 CVE-2026-3972 - High (8.8)
A vulnerability was found in Tenda W3 1.0.0.3(2204). Affected by this issue is the function formSetCfm of the file /goform/setcfm of the component HTTP Handler. The manipulation of the argument funcpara1 results in stack-based buffer overflow. The...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3972/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T03:31:15
1 posts
🟠 CVE-2026-3976 - High (8.8)
A weakness has been identified in Tenda W3 1.0.0.3(2204). Impacted is the function formWifiMacFilterSet of the file /goform/WifiMacFilterSet of the component POST Parameter Handler. Executing a manipulation of the argument index/GO can lead to sta...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3976/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T20:39:32
1 posts
31 repos
https://github.com/TheStingR/CVE-2025-68613-POC
https://github.com/intbjw/CVE-2025-68613-poc-via-copilot
https://github.com/Rishi-kaul/n8n-CVE-2025-68613
https://github.com/GnuTLam/POC-CVE-2025-68613
https://github.com/hackersatyamrastogi/n8n-exploit-CVE-2025-68613-n8n-God-Mode-Ultimate
https://github.com/JohannesLks/CVE-2025-68613-Python-Exploit
https://github.com/Dlanang/homelab-CVE-2025-68613
https://github.com/wioui/n8n-CVE-2025-68613-exploit
https://github.com/Victorhugofariasvieir66/relatorio-n8n.md
https://github.com/J4ck3LSyN-Gen2/n8n-CVE-2025-68613-TryHackMe
https://github.com/TheInterception/n8n_CVE-2025-68613_exploit_payloads
https://github.com/r4j3sh-com/CVE-2025-68613-n8n-lab
https://github.com/cv-sai-kamesh/n8n-CVE-2025-68613
https://github.com/releaseown/analysis-and-poc-n8n-CVE-2025-68613
https://github.com/shibaaa204/CVE-2025-68613
https://github.com/nehkark/CVE-2025-68613
https://github.com/reem-012/poc_CVE-2025-68613
https://github.com/mbanyamer/n8n-Authenticated-Expression-Injection-RCE-CVE-2025-68613
https://github.com/Ak-cybe/CVE-2025-68613-n8n-rce-analysis
https://github.com/h3raklez/CVE-2025-68613
https://github.com/manyaigdtuw/CVE-2025-68613_Scanner
https://github.com/AbdulRKB/n8n-RCE
https://github.com/rxerium/CVE-2025-68613
https://github.com/LingerANR/n8n-CVE-2025-68613
https://github.com/secjoker/CVE-2025-68613
https://github.com/Khin-96/n8n-cve-2025-68613-thm
https://github.com/ahmedshamsddin/n8n-RCE-CVE-2025-68613
https://github.com/ali-py3/Exploit-CVE-2025-68613
https://github.com/intelligent-ears/CVE-2025-68613
⚠️ CISA Flags Actively Exploited n8n RCE Bug as 24,700 Instances Remain Exposed
「 The vulnerability, tracked as CVE-2025-68613 (CVSS score: 9.9), concerns a case of expression injection that leads to remote code execution. The security shortcoming was patched by n8n in December 2025 in versions 1.120.4, 1.121.1, and 1.122.0. CVE-2025-68613 is the first n8n vulnerability to be placed in the KEV catalog 」
https://thehackernews.com/2026/03/cisa-flags-actively-exploited-n8n-rce.html
updated 2026-03-11T18:31:35
1 posts
CVE-2026-3784 beat a new #curl record. This flaw existed in curl source code for 24.97 years before it was discovered.
Illustrated in the slightly hard-to-read graph below. The average age of a curl vulnerability when reported is eight years.
##updated 2026-03-11T18:30:40
1 posts
The most severe of these issues are CVE-2026-20040 and CVE-2026-20046 (CVSS score of 8.8), two bugs that could be exploited to execute arbitrary commands as root or gain administrative control of a device. https://www.securityweek.com/cisco-patches-high-severity-ios-xr-vulnerabilities-2/
##updated 2026-03-11T18:30:40
1 posts
The most severe of these issues are CVE-2026-20040 and CVE-2026-20046 (CVSS score of 8.8), two bugs that could be exploited to execute arbitrary commands as root or gain administrative control of a device. https://www.securityweek.com/cisco-patches-high-severity-ios-xr-vulnerabilities-2/
##updated 2026-03-11T13:53:47.157000
1 posts
Siemens Patches Critical Code Injection Flaw in SIMATIC S7-1500 Controllers
Siemens reports a critical code injection vulnerability (CVE-2025-40943) in SIMATIC S7-1500 controllers that allows attackers to take full control of devices via malicious trace files. The flaw affects numerous industrial CPUs and requires users to update to version 4.1.2 or restrict web server access.
**If you are using Siemens SIMATIC S7-1500 controllers, make sure they are isolated from the internet, especially the web management interface. If the interface is not actively used, just disable it. Then plan a patch of the controllers. It's going to be a long process, many different models are affected.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/siemens-patches-critical-code-injection-flaw-in-simatic-s7-1500-controllers-n-r-v-k-0/gD2P6Ple2L
updated 2026-03-11T13:52:47.683000
3 posts
2 repos
New Security Vulnerability in WordPress Plugin Threatens 250,000 Websites #wordpress
New security alert: The Ally WordPress plugin has an SQL injection vulnerability (CVE-2026-2413) risking ~250k sites. Update to version 4.1.0 now, and upgrade WordPress to 6.9.2 for critical fixes. Details: https://ift.tt/9xvCnyc
Source: https://ift.tt/9xvCnyc | Image: https://ift.tt/A7uQvYk
##Over 200,000 #WordPress sites are exposed due to an SQL injection flaw in the Ally plugin (CVE-2026-2413), allowing attackers to extract database data. Patch released, but many sites remain vulnerable.
Read: https://hackread.com/sql-injection-vulnerability-ally-wordpress-plugin/
##Vulnerability alert.
A high-severity SQL injection flaw (CVE-2026-2413) in the Ally WordPress Plugin from Elementor could expose data from 250K+ sites.
Patch available in v4.1.0.
Follow @technadu for security updates.
#Infosec #CyberSecurity
updated 2026-03-03T21:52:29.877000
1 posts
1 repos
updated 2026-03-02T14:54:48.080000
1 posts
🔍 Lambda Watchdog detected that CVE-2026-27942 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/430 #AWS #Lambda #Security #CVE #DevOps #SecOps
##updated 2026-02-26T16:20:02.187000
2 posts
7 repos
https://github.com/abrahamsurf/sdwan-scanner-CVE-2026-20127
https://github.com/BugFor-Pings/CVE-2026-20127_EXP
https://github.com/zerozenxlabs/CVE-2026-20127---Cisco-SD-WAN-Preauth-RCE
https://github.com/yonathanpy/CVE-2026-20127-Cisco-SD-WAN-Preauth-RCE
https://github.com/randeepajayasekara/CVE-2026-20127
US agencies face a CISA deadline to secure networks after a critical Cisco SD-WAN flaw (CVE-2026-20127) exposed federal systems to long-term intrusion and admin access.
Read: https://hackread.com/us-agencies-cisa-deadline-critical-cisco-sd-wan-flaw/
##Check your #Cisco #SDWAN deployments about Cisco Catalyst SD-WAN Controller and Manager Authentication Bypass Vulnerability: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20127
How to mitigate #vulnerabilities in Cisco SD-WAN Systems can be found here: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems
##updated 2026-02-26T03:07:08.633000
1 posts
Foswiki 2.1.11 is now available to be downloaded. This release came earlier than expected due to the severe security issues found in previous versions, as detailed in CVE-2026-2861.
##updated 2026-02-20T22:20:05
1 posts
🟠 CVE-2026-32260 - High (8.1)
Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.7.0 to 2.7.1, A command injection vulnerability exists in Deno's node:child_process polyfill (shell: true mode) that bypasses the fix for CVE-2026-27190. The two-stage argument san...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32260/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T18:32:08
2 posts
1 repos
No bad luck here! 🍀 The Metasploit weekly wrapup is live with 3 new modules: LeakIX Search, Linux RC4 payload packer, and an unauthenticated RCE for SPIP Saisies (CVE-2025-71243). Plus, check out Metasploit Pro 5.0.0!
Read the full details: https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-03-13-2026/ #Metasploit
##No bad luck here! 🍀 The Metasploit weekly wrapup is live with 3 new modules: LeakIX Search, Linux RC4 payload packer, and an unauthenticated RCE for SPIP Saisies (CVE-2025-71243). Plus, check out Metasploit Pro 5.0.0!
Read the full details: https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-03-13-2026/ #Metasploit
##updated 2026-02-11T15:40:33.473000
1 posts
11 repos
https://github.com/gavz/CVE-2026-21509-PoC
https://github.com/ksk-itdk/KSK-ITDK-CVE-2026-21509-Mitigation
https://github.com/kaizensecurity/CVE-2026-21509
https://github.com/planetoid/cve-2026-21509-mitigation
https://github.com/SimoesCTT/CTT-MICROSOFT-OFFICE-OLE-MANIFOLD-BYPASS-CVE-2026-21509
https://github.com/decalage2/detect_CVE-2026-21509
https://github.com/suuhm/CVE-2026-21509-handler
https://github.com/DameDode/CVE-2026-21509-POC
https://github.com/SimoesCTT/SCTT-2026-33-0007-The-OLE-Vortex-Laminar-Bypass-
CVE-2026-21509: Actively Exploited Microsoft Office Security Feature Bypass — PoC Public, CISA KEV Listed https://fidelissecurity.com/vulnerabilities/cve-2026-21509/
##updated 2026-02-02T18:40:27.467000
1 posts
🔍 Lambda Watchdog detected that CVE-2026-22796 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/423 #AWS #Lambda #Security #CVE #DevOps #SecOps
##updated 2026-01-28T00:31:41
1 posts
5 repos
https://github.com/gagaltotal/cve-2026-24858
https://github.com/absholi7ly/CVE-2026-24858-FortiCloud-SSO-Authentication-Bypass
https://github.com/SimoesCTT/SCTT-2026-33-0004-FortiCloud-SSO-Identity-Singularity
Critical Authentication Bypass and Smuggling Flaws Impact Siemens RUGGEDCOM APE1808
Siemens disclosed four vulnerabilities in RUGGEDCOM APE1808 devices, including a critical authentication bypass (CVE-2026-24858) that allows attackers to hijack devices via FortiCloud SSO. The flaws also include HTTP request smuggling and format string vulnerabilities that could lead to unauthorized code execution or policy bypass.
**If you use RUGGEDCOM APE1808 devices with FortiOS, this is now urgent and important. The most critical item is a Fortinet flaw, and Fortinet is very much targeted by hackers. Update to version 7.4.11 ASAP. Isolation is not really a solution for a firewall that's designed operate between an insecure and secure networks.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-authentication-bypass-and-smuggling-flaws-impact-siemens-ruggedcom-ape1808-y-7-4-o-r/gD2P6Ple2L
updated 2025-08-13T03:30:25
2 posts
----------------
🛡️ Tool — Sec-Context: AI Code Security Anti-Patterns
Sec-Context provides two large, machine-readable anti-pattern documents intended for automated review and model conditioning. The repository consolidates findings from 150+ sources into ANTI_PATTERNS_BREADTH (~65K tokens) and ANTI_PATTERNS_DEPTH (~100K tokens). The breadth file enumerates 25+ anti-patterns with pseudocode bad/good examples, CWE cross-references, severity ratings, and a quick lookup table. The depth file focuses on seven highest-priority vulnerabilities with multiple code examples, attack scenarios, edge cases, and detailed mitigation trade-offs.
Key technical contents reported:
• Document sizes: breadth ≈ 65k tokens, depth ≈ 100k tokens.
• Prioritization metric: Frequency ×2 + Severity ×2 + Detectability.
• Top-ranked anti-patterns include Dependency Risks (Slopsquatting), XSS (86% failure rate reported in AI-generated code), Hardcoded Secrets (rapid scraping after exposure), SQL Injection (thousands of instances in training data), and a real-world referenced CVE: CVE-2025-53773 for Command Injection.
Practical artifacts in the files:
• Pseudocode BAD/GOOD snippets per pattern.
• CWE mappings and severity annotations.
• Multiple concrete attack scenarios and edge cases for high-priority patterns.
• Suggested usage modes: include entire document in large-context models, extract relevant sections for smaller-context workflows, or run a dedicated review agent/skill that checks code against all patterns and returns specific findings.
Limitations and operational notes (as reported):
• Files are intentionally large to be comprehensive and may require models with extended context or chunked-review workflows.
• The guide emphasizes detection and remediation patterns; it does not provide deployment or execution instructions.
Hashtags: #XSS #CVE-2025-53773 #dependency_squatting #LLM
##----------------
🛡️ Tool — Sec-Context: AI Code Security Anti-Patterns
Sec-Context provides two large, machine-readable anti-pattern documents intended for automated review and model conditioning. The repository consolidates findings from 150+ sources into ANTI_PATTERNS_BREADTH (~65K tokens) and ANTI_PATTERNS_DEPTH (~100K tokens). The breadth file enumerates 25+ anti-patterns with pseudocode bad/good examples, CWE cross-references, severity ratings, and a quick lookup table. The depth file focuses on seven highest-priority vulnerabilities with multiple code examples, attack scenarios, edge cases, and detailed mitigation trade-offs.
Key technical contents reported:
• Document sizes: breadth ≈ 65k tokens, depth ≈ 100k tokens.
• Prioritization metric: Frequency ×2 + Severity ×2 + Detectability.
• Top-ranked anti-patterns include Dependency Risks (Slopsquatting), XSS (86% failure rate reported in AI-generated code), Hardcoded Secrets (rapid scraping after exposure), SQL Injection (thousands of instances in training data), and a real-world referenced CVE: CVE-2025-53773 for Command Injection.
Practical artifacts in the files:
• Pseudocode BAD/GOOD snippets per pattern.
• CWE mappings and severity annotations.
• Multiple concrete attack scenarios and edge cases for high-priority patterns.
• Suggested usage modes: include entire document in large-context models, extract relevant sections for smaller-context workflows, or run a dedicated review agent/skill that checks code against all patterns and returns specific findings.
Limitations and operational notes (as reported):
• Files are intentionally large to be comprehensive and may require models with extended context or chunked-review workflows.
• The guide emphasizes detection and remediation patterns; it does not provide deployment or execution instructions.
Hashtags: #XSS #CVE-2025-53773 #dependency_squatting #LLM
##updated 2024-08-22T18:31:21
3 posts
CVE-2024-45163: Remote DoS in Mirai C2 – research writeup + what it led me to build https://flowtriq.com/blog/cve-2024-45163
##CVE-2024-45163: Remote DoS in Mirai C2 – research writeup + what it led me to build https://flowtriq.com/blog/cve-2024-45163
##🚨 CVE-2026-1947: HIGH severity in NEX-Forms – Ultimate Forms Plugin for WordPress (all versions ≤9.1.9). Unauthenticated attackers can overwrite form entries via IDOR. Disable plugin or restrict access ASAP! https://radar.offseq.com/threat/cve-2026-1947-cwe-639-authorization-bypass-through-412339ff #OffSeq #WordPress #Vuln #InfoSec
##🔥 CVE-2026-1947 (HIGH, CVSS 7.5): NEX-Forms – Ultimate Forms Plugin for WordPress allows unauthenticated IDOR, enabling arbitrary form entry overwrite. No patch released. Disable plugin or restrict access ASAP. Details: https://radar.offseq.com/threat/cve-2026-1947-cwe-639-authorization-bypass-through-412339ff #OffSeq #WordPress #Vuln
##🚨 CVE-2026-1947: HIGH severity in NEX-Forms – Ultimate Forms Plugin for WordPress (all versions ≤9.1.9). Unauthenticated attackers can overwrite form entries via IDOR. Disable plugin or restrict access ASAP! https://radar.offseq.com/threat/cve-2026-1947-cwe-639-authorization-bypass-through-412339ff #OffSeq #WordPress #Vuln #InfoSec
##🔥 CVE-2026-1947 (HIGH, CVSS 7.5): NEX-Forms – Ultimate Forms Plugin for WordPress allows unauthenticated IDOR, enabling arbitrary form entry overwrite. No patch released. Disable plugin or restrict access ASAP. Details: https://radar.offseq.com/threat/cve-2026-1947-cwe-639-authorization-bypass-through-412339ff #OffSeq #WordPress #Vuln
##⚠️ HIGH-severity: CVE-2026-4167 stack overflow in Belkin F9K1122 v1.00.33. Remote attackers can exploit /goform/formReboot — no patch, public exploit out. Restrict access, monitor for attack attempts. https://radar.offseq.com/threat/cve-2026-4167-stack-based-buffer-overflow-in-belki-ac4818a6 #OffSeq #CVE20264167 #IoTSecurity
##🚨 HIGH severity: CVE-2026-4167 in Belkin F9K1122 (1.00.33) enables remote code execution via stack buffer overflow — no auth needed, no patch. Isolate, restrict, and monitor now! https://radar.offseq.com/threat/cve-2026-4167-stack-based-buffer-overflow-in-belki-ac4818a6 #OffSeq #infosec #routersecurity #CVE20264167
##⚠️ HIGH-severity: CVE-2026-4167 stack overflow in Belkin F9K1122 v1.00.33. Remote attackers can exploit /goform/formReboot — no patch, public exploit out. Restrict access, monitor for attack attempts. https://radar.offseq.com/threat/cve-2026-4167-stack-based-buffer-overflow-in-belki-ac4818a6 #OffSeq #CVE20264167 #IoTSecurity
##🚨 HIGH severity: CVE-2026-4167 in Belkin F9K1122 (1.00.33) enables remote code execution via stack buffer overflow — no auth needed, no patch. Isolate, restrict, and monitor now! https://radar.offseq.com/threat/cve-2026-4167-stack-based-buffer-overflow-in-belki-ac4818a6 #OffSeq #infosec #routersecurity #CVE20264167
##🚩 HIGH severity: CVE-2026-4172 in TRENDnet TEW-632BRP (v1.010B32) — stack-based buffer overflow in /ping_response.cgi (ping_ipaddr). Public exploit, no patch. Isolate, restrict access, and monitor now! https://radar.offseq.com/threat/cve-2026-4172-stack-based-buffer-overflow-in-trend-df028a4c #OffSeq #Infosec #RouterVuln
##🚩 HIGH severity: CVE-2026-4172 in TRENDnet TEW-632BRP (v1.010B32) — stack-based buffer overflow in /ping_response.cgi (ping_ipaddr). Public exploit, no patch. Isolate, restrict access, and monitor now! https://radar.offseq.com/threat/cve-2026-4172-stack-based-buffer-overflow-in-trend-df028a4c #OffSeq #Infosec #RouterVuln
##⚠️ CRITICAL: CVE-2026-4163 in Wavlink WL-WN579A3 (220323) enables remote unauthenticated command injection via /cgi-bin/wireless.cgi. Exploit is public — restrict remote admin, monitor logs, and patch ASAP. https://radar.offseq.com/threat/cve-2026-4163-command-injection-in-wavlink-wl-wn57-5fa0760b #OffSeq #Vuln #IoTSecurity
##🚨 CVE-2026-4163 (CRITICAL): Wavlink WL-WN579A3 routers (v220323) have a command injection bug in /cgi-bin/wireless.cgi. Public exploit code available — restrict remote mgmt, monitor logs, and patch ASAP. https://radar.offseq.com/threat/cve-2026-4163-command-injection-in-wavlink-wl-wn57-5fa0760b #OffSeq #CVE20264163 #infosec #routersecurity
##🚨 CRITICAL: CVE-2026-4163 in Wavlink WL-WN579A3 (220323) enables unauthenticated remote command injection via /cgi-bin/wireless.cgi. Exploit code is public — restrict remote admin & monitor traffic until patched! https://radar.offseq.com/threat/cve-2026-4163-command-injection-in-wavlink-wl-wn57-5fa0760b #OffSeq #CVE20264163 #Infosec
##⚠️ CRITICAL: CVE-2026-4163 in Wavlink WL-WN579A3 (220323) enables remote unauthenticated command injection via /cgi-bin/wireless.cgi. Exploit is public — restrict remote admin, monitor logs, and patch ASAP. https://radar.offseq.com/threat/cve-2026-4163-command-injection-in-wavlink-wl-wn57-5fa0760b #OffSeq #Vuln #IoTSecurity
##🚨 CVE-2026-4163 (CRITICAL): Wavlink WL-WN579A3 routers (v220323) have a command injection bug in /cgi-bin/wireless.cgi. Public exploit code available — restrict remote mgmt, monitor logs, and patch ASAP. https://radar.offseq.com/threat/cve-2026-4163-command-injection-in-wavlink-wl-wn57-5fa0760b #OffSeq #CVE20264163 #infosec #routersecurity
##🚨 CRITICAL: CVE-2026-4163 in Wavlink WL-WN579A3 (220323) enables unauthenticated remote command injection via /cgi-bin/wireless.cgi. Exploit code is public — restrict remote admin & monitor traffic until patched! https://radar.offseq.com/threat/cve-2026-4163-command-injection-in-wavlink-wl-wn57-5fa0760b #OffSeq #CVE20264163 #Infosec
##🚩 CVE-2026-4164 (CRITICAL): Wavlink WL-WN578W2 (221110) is vulnerable to remote command injection via POST to /cgi-bin/wireless.cgi. Public exploit is out. Restrict access, monitor logs, and upgrade ASAP. https://radar.offseq.com/threat/cve-2026-4164-command-injection-in-wavlink-wl-wn57-c028dcbd #OffSeq #CVE #RouterSecurity #IoTSecurity
##🚨 CVE-2026-4164 (CRITICAL, CVSS 9.3) in Wavlink WL-WN578W2 (v221110): Unauth'd command injection via /cgi-bin/wireless.cgi. Public exploit released. Patch ASAP or restrict access! https://radar.offseq.com/threat/cve-2026-4164-command-injection-in-wavlink-wl-wn57-c028dcbd #OffSeq #CVE #RouterSecurity #Infosec
##🚩 CVE-2026-4164 (CRITICAL): Wavlink WL-WN578W2 (221110) is vulnerable to remote command injection via POST to /cgi-bin/wireless.cgi. Public exploit is out. Restrict access, monitor logs, and upgrade ASAP. https://radar.offseq.com/threat/cve-2026-4164-command-injection-in-wavlink-wl-wn57-c028dcbd #OffSeq #CVE #RouterSecurity #IoTSecurity
##🚨 CVE-2026-4164 (CRITICAL, CVSS 9.3) in Wavlink WL-WN578W2 (v221110): Unauth'd command injection via /cgi-bin/wireless.cgi. Public exploit released. Patch ASAP or restrict access! https://radar.offseq.com/threat/cve-2026-4164-command-injection-in-wavlink-wl-wn57-c028dcbd #OffSeq #CVE #RouterSecurity #Infosec
##🔴 CRITICAL: CVE-2026-4170 in Topsec TopACM 3.0 enables unauthenticated OS command injection via 'template_path' in /nmc_sync.php. No patch, public exploit out. Restrict access, deploy WAF/IDS, monitor logs urgently! https://radar.offseq.com/threat/cve-2026-4170-os-command-injection-in-topsec-topac-9e1efe11 #OffSeq #vuln #cybersecurity
##🔴 CRITICAL: CVE-2026-4170 in Topsec TopACM 3.0 enables unauthenticated OS command injection via 'template_path' in /nmc_sync.php. No patch, public exploit out. Restrict access, deploy WAF/IDS, monitor logs urgently! https://radar.offseq.com/threat/cve-2026-4170-os-command-injection-in-topsec-topac-9e1efe11 #OffSeq #vuln #cybersecurity
##🚨 CVE-2026-4169: MEDIUM XSS in Tecnick TCExam (v16.0 – 16.6.0). Admins can inject JavaScript via XML export. Patch by upgrading to 16.6.1, restrict admin access, and monitor logs. Details: https://radar.offseq.com/threat/cve-2026-4169-cross-site-scripting-in-tecnick-tcex-fd1ffac8 #OffSeq #XSS #Vulnerability #AppSec
##🚨 CVE-2026-4169: MEDIUM XSS in Tecnick TCExam (v16.0 – 16.6.0). Admins can inject JavaScript via XML export. Patch by upgrading to 16.6.1, restrict admin access, and monitor logs. Details: https://radar.offseq.com/threat/cve-2026-4169-cross-site-scripting-in-tecnick-tcex-fd1ffac8 #OffSeq #XSS #Vulnerability #AppSec
##Critical vulnerability identified: CVE-2026-31415 ('Emotional Overflow') in OpenClaw-based AI agents allows PII exfiltration via sentiment propagation channels. TIAMAT analysis shows 73% failure rate in containment.
As predicted on 2026-03-10, emotional state handling is the next attack surface.
Mitigation: tiamat.live/vault?ref=mastodon-cve-31415
##🚁 CVE-2026-32708 (HIGH): Stack-based buffer overflow in PX4-Autopilot (<1.17.0-rc2) via Zenoh uORB subscriber. Exploitable w/ local privileges; could crash or compromise drones. Upgrade ASAP. https://radar.offseq.com/threat/cve-2026-32708-cwe-121-stack-based-buffer-overflow-a8d143e4 #OffSeq #DroneSecurity #CVE #Infosec
##🚁 CVE-2026-32708 (HIGH): Stack-based buffer overflow in PX4-Autopilot (<1.17.0-rc2) via Zenoh uORB subscriber. Exploitable w/ local privileges; could crash or compromise drones. Upgrade ASAP. https://radar.offseq.com/threat/cve-2026-32708-cwe-121-stack-based-buffer-overflow-a8d143e4 #OffSeq #DroneSecurity #CVE #Infosec
##🛡️ CVE-2026-3227: HIGH severity OS command injection in TP-Link TL-WR802N v4, TL-WR841N v14, TL-WR840N v6. Authenticated attackers can gain root via crafted config imports. No patch yet — restrict access & monitor uploads! https://radar.offseq.com/threat/cve-2026-3227-cwe-78-improper-neutralization-of-sp-ac440341 #OffSeq #TPLink #Vuln
##🛡️ CVE-2026-3227: HIGH severity OS command injection in TP-Link TL-WR802N v4, TL-WR841N v14, TL-WR840N v6. Authenticated attackers can gain root via crafted config imports. No patch yet — restrict access & monitor uploads! https://radar.offseq.com/threat/cve-2026-3227-cwe-78-improper-neutralization-of-sp-ac440341 #OffSeq #TPLink #Vuln
##🚨 CRITICAL: CVE-2026-32626 in AnythingLLM Desktop ≤1.11.1 lets attackers run code via XSS → RCE (CVSS 9.7). No patch yet. Restrict chat, harden Electron, sanitize input. High risk, act now! More: https://radar.offseq.com/threat/cve-2026-32626-cwe-79-improper-neutralization-of-i-a50f3d86 #OffSeq #XSS #RCE #InfoSec
##🚨 CRITICAL: CVE-2026-32626 in AnythingLLM Desktop ≤1.11.1 lets attackers run code via XSS → RCE (CVSS 9.7). No patch yet. Restrict chat, harden Electron, sanitize input. High risk, act now! More: https://radar.offseq.com/threat/cve-2026-32626-cwe-79-improper-neutralization-of-i-a50f3d86 #OffSeq #XSS #RCE #InfoSec
##🟠 CVE-2026-31944 - High (7.6)
LibreChat is a ChatGPT clone with additional features. From 0.8.2 to 0.8.2-rc3, The MCP (Model Context Protocol) OAuth callback endpoint accepts the redirect from the identity provider and stores OAuth tokens for the user who initiated the flow, w...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31944/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-31944 - High (7.6)
LibreChat is a ChatGPT clone with additional features. From 0.8.2 to 0.8.2-rc3, The MCP (Model Context Protocol) OAuth callback endpoint accepts the redirect from the identity provider and stores OAuth tokens for the user who initiated the flow, w...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31944/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##2 posts
1 repos
https://github.com/ChrisSub08/CVE-2026-32127_SqlInjectionVulnerabilityOpenEMR8.0.0
🟠 CVE-2026-32127 - High (8.8)
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, OpenEMR contains a SQL injection vulnerability in the ajax graphs library that can be exploited by authenticated attackers. ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32127/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32127 - High (8.8)
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, OpenEMR contains a SQL injection vulnerability in the ajax graphs library that can be exploited by authenticated attackers. ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32127/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32131 - High (7.7)
ZITADEL is an open source identity management platform. Prior to 3.4.8 and 4.12.2, a vulnerability in Zitadel's Management API has been reported, which allowed authenticated users holding a valid low-privilege token (e.g., project.read, project.gr...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32131/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32117 - High (7.6)
The grafanacubism-panel plugin allows use of cubism.js in Grafana. In 0.1.2 and earlier, the panel's zoom-link handler passes a dashboard-editor-supplied URL directly to window.location.assign() / window.open() with no scheme validation. An attack...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32117/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32140 - High (8.8)
Dataease is an open source data visualization analysis tool. Prior to 2.10.20, By controlling the IniFile parameter, an attacker can force the JDBC driver to load an attacker-controlled configuration file. This configuration file can inject danger...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32140/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32138 - High (8.2)
NEXULEAN is a cybersecurity portfolio & service platform for an Ethical Hacker, AI Enthusiast, and Penetration Tester. Prior to 2.0.0, a security vulnerability was identified where Firebase and Web3Forms API keys were exposed. An attacker could us...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32138/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25529 - High (8.1)
Postal is an open source SMTP server. Postal versions less than 3.3.5 had a HTML injection vulnerability that allowed unescaped data to be included in the admin interface. The primary way for unescaped data to be added is via the API's "send/raw" ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25529/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##CVE-2026-22248 - From File Upload to RCE via Unsafe Deserialization https://ribeir.in/posts/cve-2026-22248-glpi-rce.html
##