| CVE | CVSS | EPSS | Posts | Repos | Nuclei | Updated | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-2909 | 8.8 | 0.00% | 4 | 0 | 2026-02-22T02:16:58.100000 | A vulnerability was detected in Tenda HG9 300001138. This affects an unknown par | |
| CVE-2026-2908 | 8.8 | 0.00% | 2 | 0 | 2026-02-22T02:16:57.890000 | A security vulnerability has been detected in Tenda HG9 300001138. Affected by t | |
| CVE-2026-2907 | 8.8 | 0.00% | 2 | 0 | 2026-02-22T02:16:57.703000 | A weakness has been identified in Tenda HG9 300001138. Affected by this vulnerab | |
| CVE-2026-2906 | 8.8 | 0.00% | 2 | 0 | 2026-02-22T02:16:57.493000 | A security flaw has been discovered in Tenda HG9 300001138. Affected is an unkno | |
| CVE-2026-2905 | 8.8 | 0.00% | 2 | 0 | 2026-02-22T02:16:56.380000 | A vulnerability was identified in Tenda HG9 300001138. This impacts an unknown f | |
| CVE-2026-2904 | 8.8 | 0.00% | 4 | 0 | 2026-02-22T01:16:00.797000 | A vulnerability was determined in UTT HiPER 810G 1.7.7-171114. This affects the | |
| CVE-2026-2881 | 8.8 | 0.00% | 2 | 0 | 2026-02-21T21:30:28 | A vulnerability has been found in D-Link DWR-M960 1.01.07. This vulnerability af | |
| CVE-2026-2883 | 8.8 | 0.00% | 2 | 0 | 2026-02-21T21:30:28 | A vulnerability was determined in D-Link DWR-M960 1.01.07. Impacted is the funct | |
| CVE-2026-2882 | 8.8 | 0.00% | 2 | 0 | 2026-02-21T21:30:27 | A vulnerability was found in D-Link DWR-M960 1.01.07. This issue affects the fun | |
| CVE-2026-2877 | 8.8 | 0.00% | 2 | 0 | 2026-02-21T21:30:27 | A vulnerability has been found in Tenda A18 15.13.07.13. This affects the functi | |
| CVE-2026-2886 | 8.8 | 0.00% | 4 | 0 | 2026-02-21T21:16:11.217000 | A weakness has been identified in Tenda A21 1.0.0.0. This affects the function s | |
| CVE-2026-2885 | 8.8 | 0.00% | 4 | 0 | 2026-02-21T21:16:10.907000 | A security flaw has been discovered in D-Link DWR-M960 1.01.07. The impacted ele | |
| CVE-2026-2884 | 8.8 | 0.00% | 2 | 0 | 2026-02-21T21:16:10.680000 | A vulnerability was identified in D-Link DWR-M960 1.01.07. The affected element | |
| CVE-2026-2874 | 8.8 | 0.00% | 2 | 0 | 2026-02-21T18:31:23 | A flaw has been found in Tenda A21 1.0.0.0. Impacted is the function form_fast_s | |
| CVE-2026-2876 | 8.8 | 0.00% | 2 | 0 | 2026-02-21T18:31:23 | A vulnerability was determined in Tenda A18 15.13.07.13. This affects the functi | |
| CVE-2026-2871 | 8.8 | 0.00% | 2 | 0 | 2026-02-21T18:31:23 | A weakness has been identified in Tenda A21 1.0.0.0. This affects the function f | |
| CVE-2026-2873 | 8.8 | 0.00% | 2 | 0 | 2026-02-21T18:31:22 | A vulnerability was detected in Tenda A21 1.0.0.0. This issue affects the functi | |
| CVE-2026-2872 | 8.8 | 0.00% | 2 | 0 | 2026-02-21T18:31:22 | A security vulnerability has been detected in Tenda A21 1.0.0.0. This vulnerabil | |
| CVE-2026-2870 | 8.8 | 0.00% | 2 | 0 | 2026-02-21T15:31:37 | A security flaw has been discovered in Tenda A21 1.0.0.0. Affected by this issue | |
| CVE-2026-27464 | 7.7 | 0.03% | 2 | 0 | 2026-02-21T08:16:10.553000 | Metabase is an open-source data analytics platform. In versions prior to 0.57.13 | |
| CVE-2026-27198 | 8.8 | 0.04% | 2 | 0 | 2026-02-21T06:17:00.543000 | Formwork is a flat file-based Content Management System (CMS). In versions 2.0.0 | |
| CVE-2026-24708 | 8.2 | 0.04% | 1 | 0 | 2026-02-21T05:17:17.817000 | An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 3 | |
| CVE-2026-2635 | 9.8 | 1.17% | 3 | 0 | 2026-02-21T00:31:55 | MLflow Use of Default Password Authentication Bypass Vulnerability. This vulnera | |
| CVE-2026-2037 | 8.8 | 0.79% | 2 | 0 | 2026-02-21T00:31:54 | GFI Archiver MArc.Core Deserialization of Untrusted Data Remote Code Execution V | |
| CVE-2026-2036 | 8.8 | 0.79% | 2 | 0 | 2026-02-21T00:31:54 | GFI Archiver MArc.Store Deserialization of Untrusted Data Remote Code Execution | |
| CVE-2026-2034 | 7.8 | 0.04% | 2 | 0 | 2026-02-21T00:31:54 | Sante DICOM Viewer Pro DCM File Parsing Buffer Overflow Remote Code Execution Vu | |
| CVE-2026-2045 | 7.8 | 0.06% | 2 | 0 | 2026-02-21T00:31:54 | GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. T | |
| CVE-2026-2047 | 7.8 | 0.06% | 2 | 0 | 2026-02-21T00:31:54 | GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerab | |
| CVE-2026-0777 | 7.8 | 0.06% | 4 | 0 | 2026-02-21T00:31:49 | Xmind Attachment Insufficient UI Warning Remote Code Execution Vulnerability. Th | |
| CVE-2026-2044 | 7.8 | 0.06% | 2 | 0 | 2026-02-21T00:31:43 | GIMP PGM File Parsing Uninitialized Memory Remote Code Execution Vulnerability. | |
| CVE-2026-27203 | 8.3 | 0.04% | 2 | 0 | 2026-02-21T00:16:17.463000 | eBay API MCP Server is an open source local MCP server providing AI assistants w | |
| CVE-2026-27168 | 8.8 | 0.02% | 6 | 0 | 2026-02-21T00:16:16.640000 | SAIL is a cross-platform library for loading and saving images with support for | |
| CVE-2026-2048 | 7.8 | 0.06% | 2 | 0 | 2026-02-20T23:16:05.167000 | GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. T | |
| CVE-2026-2033 | 8.1 | 10.53% | 2 | 0 | 2026-02-20T23:16:03.093000 | MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Executio | |
| CVE-2026-27190 | 8.1 | 0.16% | 2 | 0 | 2026-02-20T22:20:05 | ## Summary A command injection vulnerability exists in Deno's `node:child_proces | |
| CVE-2026-25896 | 9.3 | 0.03% | 6 | 0 | 2026-02-20T22:19:56 | # Entity encoding bypass via regex injection in DOCTYPE entity names ## Summary | |
| CVE-2026-0797 | 7.8 | 0.06% | 4 | 0 | 2026-02-20T22:16:19.280000 | GIMP ICO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerabi | |
| CVE-2026-22364 | 8.1 | 0.11% | 2 | 0 | 2026-02-20T21:32:27 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP | |
| CVE-2026-22378 | 8.1 | 0.11% | 2 | 0 | 2026-02-20T21:32:27 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP | |
| CVE-2026-24950 | 7.5 | 0.03% | 2 | 0 | 2026-02-20T21:32:27 | Authorization Bypass Through User-Controlled Key vulnerability in themeplugs Aut | |
| CVE-2026-2856 | 8.8 | 0.04% | 2 | 0 | 2026-02-20T21:31:32 | A vulnerability was found in D-Link DWR-M960 1.01.07. Affected by this vulnerabi | |
| CVE-2026-2855 | 8.8 | 0.04% | 2 | 0 | 2026-02-20T21:31:32 | A vulnerability has been found in D-Link DWR-M960 1.01.07. Affected is the funct | |
| CVE-2026-2854 | 8.8 | 0.04% | 2 | 0 | 2026-02-20T21:31:24 | A flaw has been found in D-Link DWR-M960 1.01.07. This impacts the function sub_ | |
| CVE-2026-2853 | 8.8 | 0.04% | 2 | 0 | 2026-02-20T21:31:24 | A vulnerability was detected in D-Link DWR-M960 1.01.07. This affects the functi | |
| CVE-2026-22383 | 7.5 | 0.04% | 2 | 0 | 2026-02-20T21:31:23 | Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes | |
| CVE-2026-22380 | 8.1 | 0.11% | 2 | 0 | 2026-02-20T21:31:23 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP | |
| CVE-2026-22368 | 8.1 | 0.11% | 2 | 0 | 2026-02-20T21:31:22 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP | |
| CVE-2026-22366 | 8.1 | 0.11% | 2 | 0 | 2026-02-20T21:31:22 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP | |
| CVE-2026-22374 | 8.1 | 0.11% | 2 | 0 | 2026-02-20T21:31:22 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP | |
| CVE-2026-22372 | 8.1 | 0.11% | 2 | 0 | 2026-02-20T21:31:22 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP | |
| CVE-2026-22376 | 8.1 | 0.11% | 2 | 0 | 2026-02-20T21:31:22 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP | |
| CVE-2025-68461 | 7.2 | 14.26% | 4 | 2 | 2026-02-20T21:31:16 | Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-S | |
| CVE-2026-2857 | 8.8 | 0.04% | 2 | 0 | 2026-02-20T21:19:30.823000 | A vulnerability was determined in D-Link DWR-M960 1.01.07. Affected by this issu | |
| CVE-2026-2441 | 8.8 | 0.46% | 3 | 4 | 2026-02-20T21:19:30.107000 | Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote a | |
| CVE-2026-2329 | 9.8 | 0.14% | 6 | 0 | 2026-02-20T20:57:50.360000 | An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP | |
| CVE-2026-26362 | 8.1 | 0.05% | 3 | 0 | 2026-02-20T20:46:00.037000 | Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Relative Path Travers | |
| CVE-2026-24941 | 7.5 | 0.03% | 2 | 0 | 2026-02-20T20:25:21.757000 | Missing Authorization vulnerability in wpjobportal WP Job Portal wp-job-portal a | |
| CVE-2026-22370 | 8.1 | 0.11% | 2 | 0 | 2026-02-20T20:25:19.853000 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP | |
| CVE-2026-22362 | 8.1 | 0.11% | 2 | 0 | 2026-02-20T20:25:19.160000 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP | |
| CVE-2025-49113 | 9.9 | 89.96% | 4 | 22 | template | 2026-02-20T20:25:18.363000 | Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execu |
| CVE-2026-26286 | 8.5 | 0.03% | 2 | 0 | 2026-02-20T19:45:52.563000 | SillyTavern is a locally installed user interface that allows users to interact | |
| CVE-2026-27487 | 7.6 | 0.05% | 2 | 0 | 2026-02-20T19:26:57 | ## Summary On macOS, the Claude CLI keychain credential refresh path constructed | |
| CVE-2026-24959 | 8.5 | 0.03% | 2 | 0 | 2026-02-20T19:23:15.067000 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2021-35402 | 10.0 | 0.27% | 1 | 0 | 2026-02-20T19:23:14.200000 | PROLiNK PRC2402M 20190909 before 2021-06-13 allows live_api.cgi?page=satellite_l | |
| CVE-2026-26996 | 7.5 | 0.04% | 4 | 0 | 2026-02-20T19:12:33.527000 | minimatch is a minimal matching utility for converting glob expressions into Jav | |
| CVE-2026-26321 | 7.5 | 0.06% | 2 | 0 | 2026-02-20T19:12:08.257000 | OpenClaw is a personal AI assistant. Prior to OpenClaw version 2026.2.14, the Fe | |
| CVE-2026-24891 | 7.5 | 0.05% | 2 | 0 | 2026-02-20T18:57:15.973000 | openITCOCKPIT is an open source monitoring tool built for different monitoring e | |
| CVE-2026-25715 | 9.8 | 0.06% | 2 | 0 | 2026-02-20T18:57:15.973000 | The web management interface of the device allows the administrator username an | |
| CVE-2026-27343 | 7.5 | 0.11% | 2 | 0 | 2026-02-20T18:32:34 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP | |
| CVE-2026-2818 | 8.2 | 0.07% | 2 | 0 | 2026-02-20T18:31:51 | A zip-slip path traversal vulnerability in Spring Data Geode's import snapshot f | |
| CVE-2026-24790 | 8.2 | 0.06% | 3 | 0 | 2026-02-20T18:31:49 | The underlying PLC of the device can be remotely influenced, without proper safe | |
| CVE-2026-26048 | 7.5 | 0.03% | 2 | 0 | 2026-02-20T18:31:49 | The Wi-Fi router is vulnerable to de-authentication attacks due to the absence | |
| CVE-2026-24455 | 7.5 | 0.03% | 2 | 0 | 2026-02-20T18:31:48 | The embedded web interface of the device does not support HTTPS/TLS for authent | |
| CVE-2026-20761 | 8.1 | 0.25% | 4 | 0 | 2026-02-20T16:55:22.933000 | A vulnerability exists in EnOcean SmartServer IoT version 4.60.009 and prior, w | |
| CVE-2026-26980 | 9.4 | 0.07% | 4 | 0 | 2026-02-20T16:48:10 | ### Impact A SQL injection vulnerability existed in Ghost's Content API that al | |
| CVE-2026-27002 | None | 0.04% | 2 | 0 | 2026-02-20T16:47:05 | ## Summary A configuration injection issue in the Docker tool sandbox could allo | |
| CVE-2026-27001 | None | 0.02% | 2 | 0 | 2026-02-20T16:47:00 | ## Overview OpenClaw embedded the current working directory (workspace path) int | |
| CVE-2026-26323 | None | 0.18% | 2 | 0 | 2026-02-20T16:45:55 | ### Summary Command injection in the maintainer/dev script `scripts/update-clawt | |
| CVE-2026-26065 | 8.8 | 0.03% | 6 | 0 | 2026-02-20T16:45:18.507000 | calibre is a cross-platform e-book manager for viewing, converting, editing, and | |
| CVE-2026-26324 | 7.5 | 0.01% | 2 | 0 | 2026-02-20T16:44:49 | ### Summary OpenClaw's SSRF protection could be bypassed using full-form IPv4-m | |
| CVE-2026-26322 | 7.6 | 0.01% | 2 | 0 | 2026-02-20T16:44:39 | ## Summary The Gateway tool accepted a tool-supplied `gatewayUrl` without suffic | |
| CVE-2026-26319 | 7.5 | 0.03% | 2 | 0 | 2026-02-20T16:44:20 | ## Summary In affected versions, OpenClaw's optional `@openclaw/voice-call` plu | |
| CVE-2026-26316 | 7.5 | 0.06% | 2 | 0 | 2026-02-20T16:44:14 | ### Summary In affected versions, the optional BlueBubbles iMessage channel plu | |
| CVE-2026-22267 | 8.1 | 0.01% | 1 | 0 | 2026-02-20T16:33:47.890000 | Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Incorre | |
| CVE-2026-26339 | 9.8 | 0.17% | 4 | 0 | 2026-02-20T15:32:04 | Hyland Alfresco Transformation Service allows unauthenticated attackers to achie | |
| CVE-2026-26337 | 8.2 | 0.11% | 2 | 0 | 2026-02-20T15:20:29.797000 | Hyland Alfresco Transformation Service allows unauthenticated attackers to achie | |
| CVE-2026-26336 | 7.5 | 0.06% | 2 | 0 | 2026-02-20T15:20:29.647000 | Hyland Alfresco allows unauthenticated attackers to read arbitrary files from pr | |
| CVE-2026-26050 | 7.8 | 0.01% | 4 | 0 | 2026-02-20T13:49:47.623000 | The installer for ジョブログ集計/分析ソフトウェア RICOHジョブログ集計ツール versions prior to Ver.1.3.7 c | |
| CVE-2026-26975 | 8.8 | 0.02% | 4 | 0 | 2026-02-20T13:49:47.623000 | Music Assistant is an open-source media library manager that integrates streamin | |
| CVE-2025-30411 | 10.0 | 0.02% | 4 | 0 | 2026-02-20T13:49:47.623000 | Sensitive data disclosure and manipulation due to improper authentication. The f | |
| CVE-2026-26275 | 7.5 | 0.02% | 2 | 0 | 2026-02-20T13:49:47.623000 | httpsig-hyper is a hyper extension for http message signatures. An issue was dis | |
| CVE-2026-26278 | 7.5 | 0.05% | 2 | 0 | 2026-02-20T13:49:47.623000 | fast-xml-parser allows users to validate XML, parse XML to JS object, or build X | |
| CVE-2026-25940 | 8.1 | 0.03% | 2 | 0 | 2026-02-20T13:49:47.623000 | jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control | |
| CVE-2025-10970 | 9.8 | 0.03% | 3 | 0 | 2026-02-20T12:31:26 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2025-30416 | 10.0 | 0.01% | 2 | 0 | 2026-02-20T03:31:45 | Sensitive data disclosure and manipulation due to missing authorization. The fol | |
| CVE-2025-30412 | 10.0 | 0.02% | 2 | 0 | 2026-02-20T03:31:45 | Sensitive data disclosure and manipulation due to improper authentication. The f | |
| CVE-2025-30410 | 9.8 | 0.02% | 2 | 0 | 2026-02-20T03:31:45 | Sensitive data disclosure and manipulation due to missing authentication. The fo | |
| CVE-2026-0573 | 9.1 | 0.07% | 2 | 0 | 2026-02-20T00:32:59 | An URL redirection vulnerability was identified in GitHub Enterprise Server that | |
| CVE-2026-23542 | 9.8 | 0.04% | 2 | 0 | 2026-02-20T00:32:59 | Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Restaurant g | |
| CVE-2026-21535 | 8.2 | 0.10% | 4 | 0 | 2026-02-20T00:31:59 | Improper access control in Microsoft Teams allows an unauthorized attacker to di | |
| CVE-2026-23549 | 9.8 | 0.04% | 2 | 0 | 2026-02-20T00:31:53 | Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage | |
| CVE-2026-23544 | 8.8 | 0.05% | 2 | 0 | 2026-02-19T22:16:41.747000 | Deserialization of Untrusted Data vulnerability in codetipi Valenti valenti allo | |
| CVE-2025-13590 | 9.1 | 0.21% | 1 | 0 | 2026-02-19T22:11:44 | A malicious actor with administrative privileges can upload an arbitrary file to | |
| CVE-2026-27206 | 8.1 | 0.29% | 2 | 0 | 2026-02-19T22:05:43 | ### Description The `zumba/json-serializer` library allows deserialization of P | |
| CVE-2026-27013 | 7.6 | 0.04% | 2 | 0 | 2026-02-19T21:57:27 | fabric.js applies `escapeXml()` to text content during SVG export (`src/shapes/T | |
| CVE-2026-26318 | 8.8 | 0.04% | 2 | 0 | 2026-02-19T21:57:18 | # Command Injection via Unsanitized `locate` Output in `versions()` — systeminfo | |
| CVE-2026-26280 | 8.4 | 0.06% | 2 | 0 | 2026-02-19T21:57:03 | ### Summary A command injection vulnerability in the `wifiNetworks()` function a | |
| CVE-2026-26267 | 7.5 | 0.03% | 2 | 0 | 2026-02-19T21:56:47 | ### Impact The `#[contractimpl]` macro contains a bug in how it wires up functi | |
| CVE-2026-27476 | 9.8 | 0.27% | 4 | 0 | 2026-02-19T21:30:57 | RustFly 2.0.0 contains a command injection vulnerability in its remote UI contro | |
| CVE-2026-27475 | 8.1 | 0.05% | 2 | 0 | 2026-02-19T21:30:47 | SPIP before 4.4.9 allows Insecure Deserialization in the public area through the | |
| CVE-2026-27052 | 7.5 | 0.11% | 2 | 0 | 2026-02-19T21:30:46 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP | |
| CVE-2026-25378 | 7.6 | 0.03% | 2 | 0 | 2026-02-19T21:30:45 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2026-26016 | None | 0.04% | 4 | 0 | 2026-02-19T21:30:31 | ### Summary A missing authorization check in multiple controllers allows any us | |
| CVE-2026-24834 | None | 0.01% | 2 | 0 | 2026-02-19T21:30:21 | ### Summary An issue in Kata with Cloud Hypervisor allows a user of the contain | |
| CVE-2026-25474 | 7.5 | 0.01% | 1 | 0 | 2026-02-19T21:23:55 | ## Summary In Telegram webhook mode, if `channels.telegram.webhookSecret` is no | |
| CVE-2026-25242 | None | 0.05% | 2 | 1 | 2026-02-19T21:23:41 | Security Advisory:Unauthenticated File Upload in Gogs Vulnerability Type: Unauth | |
| CVE-2026-25232 | None | 0.03% | 2 | 0 | 2026-02-19T21:14:58 | ## Summary An access control bypass vulnerability in Gogs web interface allows | |
| CVE-2026-27192 | None | 0.02% | 2 | 0 | 2026-02-19T20:32:29 | The origin validation uses `startsWith()` for comparison, allowing attackers to | |
| CVE-2026-27196 | 8.1 | 0.02% | 2 | 0 | 2026-02-19T20:30:39 | ## Impact Stored XSS vulnerability in `html` fieldtypes allow authenticated use | |
| CVE-2026-27212 | None | 0.03% | 2 | 0 | 2026-02-19T20:28:39 | ### Summary A prototype pollution vulnerability exists in the the npm package sw | |
| CVE-2026-26030 | 10.0 | 0.09% | 7 | 0 | 2026-02-19T19:34:15 | ### Impact: An RCE vulnerability has been identified in Microsoft Semantic Kerne | |
| CVE-2026-25418 | 7.6 | 0.03% | 2 | 0 | 2026-02-19T19:22:28.717000 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2026-2648 | 8.8 | 0.07% | 2 | 0 | 2026-02-19T18:32:57 | Heap buffer overflow in PDFium in Google Chrome prior to 145.0.7632.109 allowed | |
| CVE-2026-2409 | None | 0.03% | 2 | 0 | 2026-02-19T18:32:10 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2026-1581 | 7.5 | 0.07% | 2 | 0 | 2026-02-19T18:32:09 | The wpForo Forum plugin for WordPress is vulnerable to time-based SQL Injection | |
| CVE-2026-2232 | 7.5 | 0.09% | 2 | 0 | 2026-02-19T18:32:09 | The Product Table and List Builder for WooCommerce Lite plugin for WordPress is | |
| CVE-2025-71250 | 8.1 | 0.00% | 2 | 0 | 2026-02-19T18:32:08 | SPIP before 4.4.9 allows Insecure Deserialization in the public area through the | |
| CVE-2025-71243 | 9.8 | 0.11% | 1 | 1 | 2026-02-19T18:32:08 | The 'Saisies pour formulaire' (Saisies) plugin for SPIP versions 5.4.0 through 5 | |
| CVE-2025-12107 | 10.0 | 0.28% | 2 | 0 | 2026-02-19T18:32:07 | Due to the use of a vulnerable third-party Velocity template engine, a malicious | |
| CVE-2026-26358 | 8.8 | 0.05% | 3 | 0 | 2026-02-19T18:32:07 | Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Missing Authorization | |
| CVE-2026-26359 | 8.8 | 0.04% | 1 | 0 | 2026-02-19T18:32:06 | Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of | |
| CVE-2026-26360 | 8.1 | 0.05% | 2 | 0 | 2026-02-19T18:32:05 | Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of | |
| CVE-2026-1994 | 9.8 | 0.05% | 2 | 0 | 2026-02-19T18:32:03 | The s2Member plugin for WordPress is vulnerable to privilege escalation via acco | |
| CVE-2025-4521 | 8.8 | 0.04% | 2 | 0 | 2026-02-19T18:32:02 | The IDonate – Blood Donation, Request And Donor Management System plugin for Wor | |
| CVE-2025-4960 | 7.8 | 0.01% | 2 | 0 | 2026-02-19T18:32:02 | The com.epson.InstallNavi.helper tool, deployed with the EPSON printer driver in | |
| CVE-2026-0926 | 9.8 | 0.19% | 2 | 0 | 2026-02-19T18:32:02 | The Prodigy Commerce plugin for WordPress is vulnerable to Local File Inclusion | |
| CVE-2026-1405 | 9.8 | 0.15% | 1 | 1 | 2026-02-19T18:32:02 | The Slider Future plugin for WordPress is vulnerable to arbitrary file uploads d | |
| CVE-2025-13851 | 9.8 | 0.06% | 2 | 0 | 2026-02-19T18:32:01 | The Buyent Classified plugin for WordPress (bundled with Buyent theme) is vulner | |
| CVE-2026-0912 | 8.8 | 0.04% | 1 | 0 | 2026-02-19T18:32:01 | The Toret Manager plugin for WordPress is vulnerable to unauthorized modificatio | |
| CVE-2025-12821 | 8.8 | 0.05% | 2 | 0 | 2026-02-19T18:31:53 | The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery | |
| CVE-2025-12707 | 7.5 | 0.07% | 2 | 0 | 2026-02-19T18:31:53 | The Library Management System plugin for WordPress is vulnerable to SQL Injectio | |
| CVE-2025-12882 | 9.8 | 0.06% | 2 | 0 | 2026-02-19T18:31:53 | The Clasifico Listing plugin for WordPress is vulnerable to privilege escalation | |
| CVE-2025-11754 | 7.5 | 0.04% | 2 | 0 | 2026-02-19T18:31:52 | The GDPR Cookie Consent plugin for WordPress is vulnerable to unauthorized acces | |
| CVE-2025-13563 | 9.8 | 0.06% | 2 | 0 | 2026-02-19T18:31:50 | The Lizza LMS Pro plugin for WordPress is vulnerable to Privilege Escalation in | |
| CVE-2019-25364 | 9.8 | 0.18% | 1 | 0 | 2026-02-19T15:53:02.850000 | MailCarrier 2.51 contains a buffer overflow vulnerability in the POP3 USER comma | |
| CVE-2025-12845 | 8.8 | 0.05% | 2 | 0 | 2026-02-19T15:53:02.850000 | The Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluen | |
| CVE-2025-13603 | 8.8 | 0.04% | 2 | 0 | 2026-02-19T15:53:02.850000 | The WP AUDIO GALLERY plugin for WordPress is vulnerable to Unauthorized Arbitrar | |
| CVE-2026-0974 | 8.8 | 0.21% | 2 | 0 | 2026-02-19T15:53:02.850000 | The Orderable – WordPress Restaurant Online Ordering System and Food Ordering Pl | |
| CVE-2026-27112 | None | 0.24% | 2 | 0 | 2026-02-19T15:16:47 | ## Summary The batch resource creation endpoints of both Kargo's legacy gRPC AP | |
| CVE-2026-26990 | 8.8 | 0.01% | 2 | 0 | 2026-02-18T22:31:38 | ### Summary A time-based blind SQL injection vulnerability exists in `address-se | |
| CVE-2026-26988 | None | 0.00% | 2 | 1 | 2026-02-18T22:30:20 | ### Summary *SQL Injection in IPv6 Address Search functionality via `address` pa | |
| CVE-2026-22769 | 10.0 | 28.78% | 3 | 0 | 2026-02-18T20:01:15.983000 | Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a | |
| CVE-2026-0714 | 6.8 | 0.01% | 6 | 0 | 2026-02-18T18:31:27 | A physical attack vulnerability exists in certain Moxa industrial computers usin | |
| CVE-2021-22175 | 9.8 | 75.69% | 2 | 0 | template | 2026-02-18T18:31:26 | When requests to the internal network for webhooks are enabled, a server-side re |
| CVE-2026-1670 | 9.8 | 0.04% | 4 | 0 | 2026-02-18T00:30:22 | The affected products are vulnerable to an unauthenticated API endpoint exposure | |
| CVE-2026-26119 | 8.8 | 0.07% | 2 | 0 | 2026-02-18T00:30:22 | Improper authentication in Windows Admin Center allows an authorized attacker to | |
| CVE-2025-65716 | 8.8 | 0.05% | 2 | 0 | 2026-02-17T15:32:42 | An issue in Visual Studio Code Extensions Markdown Preview Enhanced v0.8.18 allo | |
| CVE-2026-2447 | 8.8 | 0.04% | 3 | 0 | 2026-02-17T15:32:41 | Heap buffer overflow in libvpx. This vulnerability affects Firefox < 147.0.4, Fi | |
| CVE-2026-1731 | 9.8 | 49.74% | 16 | 4 | template | 2026-02-17T15:31:33 | BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote |
| CVE-2026-20841 | 7.8 | 0.09% | 3 | 10 | 2026-02-12T20:16:05.143000 | Improper neutralization of special elements used in a command ('command injectio | |
| CVE-2026-21509 | 7.8 | 9.21% | 2 | 9 | 2026-02-11T15:40:33.473000 | Reliance on untrusted inputs in a security decision in Microsoft Office allows a | |
| CVE-2026-24423 | 9.8 | 24.64% | 2 | 1 | 2026-02-06T18:30:29 | SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated | |
| CVE-2026-1281 | 9.8 | 54.31% | 1 | 2 | 2026-01-30T00:31:29 | A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve | |
| CVE-2026-1340 | 9.8 | 38.65% | 1 | 2 | 2026-01-30T00:31:28 | A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve | |
| CVE-2026-23760 | 9.8 | 55.75% | 2 | 2 | template | 2026-01-27T16:16:55.327000 | SmarterTools SmarterMail versions prior to build 9511 contain an authentication |
| CVE-2025-6571 | 6.0 | 0.02% | 2 | 0 | 2025-11-11T09:30:36 | A 3rd-party component exposed its password in process arguments, allowing for lo | |
| CVE-2022-22265 | 7.8 | 0.16% | 2 | 0 | 2025-10-22T00:32:28 | An improper check or handling of exceptional conditions in NPU driver prior to S | |
| CVE-2020-1472 | 10.0 | 94.38% | 1 | 76 | 2025-10-22T00:31:58 | An elevation of privilege vulnerability exists when an attacker establishes a vu | |
| CVE-2025-29969 | 7.5 | 0.35% | 4 | 1 | 2025-05-13T18:31:00 | Time-of-check time-of-use (toctou) race condition in Windows Fundamentals allows | |
| CVE-2023-51781 | 7.0 | 0.02% | 1 | 0 | 2024-01-27T05:05:43 | An issue was discovered in the Linux kernel before 6.6.8. atalk_ioctl in net/app | |
| CVE-2026-27574 | 0 | 0.05% | 2 | 1 | N/A | ||
| CVE-2026-27466 | 0 | 0.07% | 2 | 0 | N/A | ||
| CVE-2026-27467 | 0 | 0.03% | 2 | 0 | N/A | ||
| CVE-2026-27479 | 0 | 0.03% | 2 | 0 | N/A | ||
| CVE-2026-27471 | 0 | 0.04% | 2 | 0 | N/A | ||
| CVE-2026-27470 | 0 | 0.03% | 2 | 1 | N/A | ||
| CVE-2026-27452 | 0 | 0.04% | 2 | 0 | N/A | ||
| CVE-2026-27197 | 0 | 0.04% | 4 | 0 | N/A | ||
| CVE-2026-24892 | 0 | 0.31% | 2 | 0 | N/A | ||
| CVE-2026-27134 | 0 | 0.03% | 4 | 0 | N/A | ||
| CVE-2026-27169 | 0 | 0.04% | 2 | 0 | N/A | ||
| CVE-2026-27114 | 0 | 0.03% | 2 | 0 | N/A | ||
| CVE-2025-66039 | 0 | 32.61% | 2 | 3 | N/A | ||
| CVE-2025-61675 | 0 | 16.95% | 2 | 3 | N/A | ||
| CVE-2026-26064 | 0 | 0.05% | 4 | 0 | N/A | ||
| CVE-2026-26959 | 0 | 0.01% | 4 | 0 | N/A | ||
| CVE-2026-26202 | 0 | 0.05% | 2 | 0 | N/A | ||
| CVE-2026-26200 | 0 | 0.03% | 2 | 0 | N/A |
updated 2026-02-22T02:16:58.100000
4 posts
🚨 HIGH-severity (CVSS 8.7): Stack buffer overflow in Tenda HG9 (v300001138) via /boaform/formPing. Remote code execution possible with public exploit available. Restrict access, monitor, and patch ASAP! Details: https://radar.offseq.com/threat/cve-2026-2909-stack-based-buffer-overflow-in-tenda-c1902d12 #OffSeq #Infosec #Vuln #IoT
##🟠 CVE-2026-2909 - High (8.8)
A vulnerability was detected in Tenda HG9 300001138. This affects an unknown part of the file /boaform/formPing of the component Diagnostic Ping Endpoint. Performing a manipulation of the argument pingAddr results in stack-based buffer overflow. T...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2909/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 HIGH-severity (CVSS 8.7): Stack buffer overflow in Tenda HG9 (v300001138) via /boaform/formPing. Remote code execution possible with public exploit available. Restrict access, monitor, and patch ASAP! Details: https://radar.offseq.com/threat/cve-2026-2909-stack-based-buffer-overflow-in-tenda-c1902d12 #OffSeq #Infosec #Vuln #IoT
##🟠 CVE-2026-2909 - High (8.8)
A vulnerability was detected in Tenda HG9 300001138. This affects an unknown part of the file /boaform/formPing of the component Diagnostic Ping Endpoint. Performing a manipulation of the argument pingAddr results in stack-based buffer overflow. T...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2909/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-22T02:16:57.890000
2 posts
🟠 CVE-2026-2908 - High (8.8)
A security vulnerability has been detected in Tenda HG9 300001138. Affected by this issue is some unknown functionality of the file /boaform/formLoopBack of the component Loopback Detection Configuration Endpoint. Such manipulation of the argument...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2908/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2908 - High (8.8)
A security vulnerability has been detected in Tenda HG9 300001138. Affected by this issue is some unknown functionality of the file /boaform/formLoopBack of the component Loopback Detection Configuration Endpoint. Such manipulation of the argument...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2908/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-22T02:16:57.703000
2 posts
🟠 CVE-2026-2907 - High (8.8)
A weakness has been identified in Tenda HG9 300001138. Affected by this vulnerability is an unknown functionality of the file /boaform/formgponConf of the component GPON Configuration Endpoint. This manipulation of the argument fmgpon_loid/fmgpon_...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2907/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2907 - High (8.8)
A weakness has been identified in Tenda HG9 300001138. Affected by this vulnerability is an unknown functionality of the file /boaform/formgponConf of the component GPON Configuration Endpoint. This manipulation of the argument fmgpon_loid/fmgpon_...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2907/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-22T02:16:57.493000
2 posts
🟠 CVE-2026-2906 - High (8.8)
A security flaw has been discovered in Tenda HG9 300001138. Affected is an unknown function of the file /boaform/formSamba of the component Samba Configuration Endpoint. The manipulation of the argument sambaCap results in stack-based buffer overf...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2906/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2906 - High (8.8)
A security flaw has been discovered in Tenda HG9 300001138. Affected is an unknown function of the file /boaform/formSamba of the component Samba Configuration Endpoint. The manipulation of the argument sambaCap results in stack-based buffer overf...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2906/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-22T02:16:56.380000
2 posts
🟠 CVE-2026-2905 - High (8.8)
A vulnerability was identified in Tenda HG9 300001138. This impacts an unknown function of the file /boaform/formWlanSetup of the component Wireless Configuration Endpoint. The manipulation of the argument ssid leads to stack-based buffer overflow...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2905/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2905 - High (8.8)
A vulnerability was identified in Tenda HG9 300001138. This impacts an unknown function of the file /boaform/formWlanSetup of the component Wireless Configuration Endpoint. The manipulation of the argument ssid leads to stack-based buffer overflow...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2905/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-22T01:16:00.797000
4 posts
⚠️ CVE-2026-2904 (HIGH): Buffer overflow in UTT HiPER 810G v1.7.7-171114 via /goform/ConfigExceptAli. Remote, unauthenticated RCE/DoS risk. Public exploit code available — restrict access & monitor. https://radar.offseq.com/threat/cve-2026-2904-buffer-overflow-in-utt-hiper-810g-b0bb6f4a #OffSeq #Vulnerability #NetworkSecurity
##🟠 CVE-2026-2904 - High (8.8)
A vulnerability was determined in UTT HiPER 810G 1.7.7-171114. This affects the function strcpy of the file /goform/ConfigExceptAli. Executing a manipulation can lead to buffer overflow. The attack can be launched remotely. The exploit has been pu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2904/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CVE-2026-2904 (HIGH): Buffer overflow in UTT HiPER 810G v1.7.7-171114 via /goform/ConfigExceptAli. Remote, unauthenticated RCE/DoS risk. Public exploit code available — restrict access & monitor. https://radar.offseq.com/threat/cve-2026-2904-buffer-overflow-in-utt-hiper-810g-b0bb6f4a #OffSeq #Vulnerability #NetworkSecurity
##🟠 CVE-2026-2904 - High (8.8)
A vulnerability was determined in UTT HiPER 810G 1.7.7-171114. This affects the function strcpy of the file /goform/ConfigExceptAli. Executing a manipulation can lead to buffer overflow. The attack can be launched remotely. The exploit has been pu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2904/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-21T21:30:28
2 posts
🟠 CVE-2026-2881 - High (8.8)
A vulnerability has been found in D-Link DWR-M960 1.01.07. This vulnerability affects the function sub_425FF8 of the file /boafrm/formFirewallAdv of the component Advanced Firewall Configuration Endpoint. Such manipulation of the argument submit-u...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2881/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2881 - High (8.8)
A vulnerability has been found in D-Link DWR-M960 1.01.07. This vulnerability affects the function sub_425FF8 of the file /boafrm/formFirewallAdv of the component Advanced Firewall Configuration Endpoint. Such manipulation of the argument submit-u...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2881/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-21T21:30:28
2 posts
🟠 CVE-2026-2883 - High (8.8)
A vulnerability was determined in D-Link DWR-M960 1.01.07. Impacted is the function sub_427D74 of the file /boafrm/formIpQoS. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. The attack can be executed r...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2883/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2883 - High (8.8)
A vulnerability was determined in D-Link DWR-M960 1.01.07. Impacted is the function sub_427D74 of the file /boafrm/formIpQoS. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. The attack can be executed r...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2883/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-21T21:30:27
2 posts
🟠 CVE-2026-2882 - High (8.8)
A vulnerability was found in D-Link DWR-M960 1.01.07. This issue affects the function sub_46385C of the file /boafrm/formDosCfg. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. Remote exploitation of th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2882/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2882 - High (8.8)
A vulnerability was found in D-Link DWR-M960 1.01.07. This issue affects the function sub_46385C of the file /boafrm/formDosCfg. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. Remote exploitation of th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2882/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-21T21:30:27
2 posts
🟠 CVE-2026-2877 - High (8.8)
A vulnerability has been found in Tenda A18 15.13.07.13. This affects the function strcpy of the file /goform/WifiExtraSet of the component Httpd Service. The manipulation of the argument wpapsk_crypto5g leads to stack-based buffer overflow. It is...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2877/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2877 - High (8.8)
A vulnerability has been found in Tenda A18 15.13.07.13. This affects the function strcpy of the file /goform/WifiExtraSet of the component Httpd Service. The manipulation of the argument wpapsk_crypto5g leads to stack-based buffer overflow. It is...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2877/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-21T21:16:11.217000
4 posts
🟠 CVE-2026-2886 - High (8.8)
A weakness has been identified in Tenda A21 1.0.0.0. This affects the function set_device_name of the file /goform/SetOnlineDevName. This manipulation of the argument devName causes stack-based buffer overflow. It is possible to initiate the attac...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2886/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2886 - High (8.8)
A weakness has been identified in Tenda A21 1.0.0.0. This affects the function set_device_name of the file /goform/SetOnlineDevName. This manipulation of the argument devName causes stack-based buffer overflow. It is possible to initiate the attac...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2886/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2886 - High (8.8)
A weakness has been identified in Tenda A21 1.0.0.0. This affects the function set_device_name of the file /goform/SetOnlineDevName. This manipulation of the argument devName causes stack-based buffer overflow. It is possible to initiate the attac...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2886/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2886 - High (8.8)
A weakness has been identified in Tenda A21 1.0.0.0. This affects the function set_device_name of the file /goform/SetOnlineDevName. This manipulation of the argument devName causes stack-based buffer overflow. It is possible to initiate the attac...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2886/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-21T21:16:10.907000
4 posts
🟠 CVE-2026-2885 - High (8.8)
A security flaw has been discovered in D-Link DWR-M960 1.01.07. The impacted element is the function sub_469104 of the file /boafrm/formIpv6Setup. The manipulation of the argument submit-url results in stack-based buffer overflow. The attack may b...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2885/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2885 - High (8.8)
A security flaw has been discovered in D-Link DWR-M960 1.01.07. The impacted element is the function sub_469104 of the file /boafrm/formIpv6Setup. The manipulation of the argument submit-url results in stack-based buffer overflow. The attack may b...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2885/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2885 - High (8.8)
A security flaw has been discovered in D-Link DWR-M960 1.01.07. The impacted element is the function sub_469104 of the file /boafrm/formIpv6Setup. The manipulation of the argument submit-url results in stack-based buffer overflow. The attack may b...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2885/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2885 - High (8.8)
A security flaw has been discovered in D-Link DWR-M960 1.01.07. The impacted element is the function sub_469104 of the file /boafrm/formIpv6Setup. The manipulation of the argument submit-url results in stack-based buffer overflow. The attack may b...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2885/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-21T21:16:10.680000
2 posts
🟠 CVE-2026-2884 - High (8.8)
A vulnerability was identified in D-Link DWR-M960 1.01.07. The affected element is the function sub_41914C of the file /boafrm/formWanConfigSetup of the component WAN Interface Setting Handler. The manipulation of the argument submit-url leads to ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2884/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2884 - High (8.8)
A vulnerability was identified in D-Link DWR-M960 1.01.07. The affected element is the function sub_41914C of the file /boafrm/formWanConfigSetup of the component WAN Interface Setting Handler. The manipulation of the argument submit-url leads to ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2884/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-21T18:31:23
2 posts
🟠 CVE-2026-2874 - High (8.8)
A flaw has been found in Tenda A21 1.0.0.0. Impacted is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. Executing a manipulation of the argument ssid can lead to stack-based buffer overflow. It is possible to lau...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2874/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2874 - High (8.8)
A flaw has been found in Tenda A21 1.0.0.0. Impacted is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. Executing a manipulation of the argument ssid can lead to stack-based buffer overflow. It is possible to lau...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2874/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-21T18:31:23
2 posts
🟠 CVE-2026-2876 - High (8.8)
A vulnerability was determined in Tenda A18 15.13.07.13. This affects the function parse_macfilter_rule of the file /goform/setBlackRule. This manipulation of the argument deviceList causes stack-based buffer overflow. The attack may be initiated ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2876/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2876 - High (8.8)
A vulnerability was determined in Tenda A18 15.13.07.13. This affects the function parse_macfilter_rule of the file /goform/setBlackRule. This manipulation of the argument deviceList causes stack-based buffer overflow. The attack may be initiated ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2876/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-21T18:31:23
2 posts
🟠 CVE-2026-2871 - High (8.8)
A weakness has been identified in Tenda A21 1.0.0.0. This affects the function fromSetIpMacBind of the file /goform/SetIpMacBind. This manipulation of the argument list causes stack-based buffer overflow. The attack is possible to be carried out r...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2871/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2871 - High (8.8)
A weakness has been identified in Tenda A21 1.0.0.0. This affects the function fromSetIpMacBind of the file /goform/SetIpMacBind. This manipulation of the argument list causes stack-based buffer overflow. The attack is possible to be carried out r...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2871/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-21T18:31:22
2 posts
🟠 CVE-2026-2873 - High (8.8)
A vulnerability was detected in Tenda A21 1.0.0.0. This issue affects the function setSchedWifi of the file /goform/openSchedWifi. Performing a manipulation of the argument schedStartTime/schedEndTime results in stack-based buffer overflow. It is ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2873/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2873 - High (8.8)
A vulnerability was detected in Tenda A21 1.0.0.0. This issue affects the function setSchedWifi of the file /goform/openSchedWifi. Performing a manipulation of the argument schedStartTime/schedEndTime results in stack-based buffer overflow. It is ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2873/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-21T18:31:22
2 posts
🟠 CVE-2026-2872 - High (8.8)
A security vulnerability has been detected in Tenda A21 1.0.0.0. This vulnerability affects the function set_device_name of the file /goform/setBlackRule of the component MAC Filtering Configuration Endpoint. Such manipulation of the argument devN...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2872/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2872 - High (8.8)
A security vulnerability has been detected in Tenda A21 1.0.0.0. This vulnerability affects the function set_device_name of the file /goform/setBlackRule of the component MAC Filtering Configuration Endpoint. Such manipulation of the argument devN...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2872/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-21T15:31:37
2 posts
🟠 CVE-2026-2870 - High (8.8)
A security flaw has been discovered in Tenda A21 1.0.0.0. Affected by this issue is the function set_qosMib_list of the file /goform/formSetQosBand. The manipulation of the argument list results in stack-based buffer overflow. The attack can be ex...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2870/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2870 - High (8.8)
A security flaw has been discovered in Tenda A21 1.0.0.0. Affected by this issue is the function set_qosMib_list of the file /goform/formSetQosBand. The manipulation of the argument list results in stack-based buffer overflow. The attack can be ex...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2870/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-21T08:16:10.553000
2 posts
🟠 CVE-2026-27464 - High (7.7)
Metabase is an open-source data analytics platform. In versions prior to 0.57.13 and versions 0.58.x through 0.58.6, authenticated users are able to retrieve sensitive information from a Metabase instance, including database access credentials. Du...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27464/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27464 - High (7.7)
Metabase is an open-source data analytics platform. In versions prior to 0.57.13 and versions 0.58.x through 0.58.6, authenticated users are able to retrieve sensitive information from a Metabase instance, including database access credentials. Du...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27464/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-21T06:17:00.543000
2 posts
🟠 CVE-2026-27198 - High (8.8)
Formwork is a flat file-based Content Management System (CMS). In versions 2.0.0 through 2.3.3, the application fails to properly enforce role-based authorization during account creation. Although the system validates that the specified role exist...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27198/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27198 - High (8.8)
Formwork is a flat file-based Content Management System (CMS). In versions 2.0.0 through 2.3.3, the application fails to properly enforce role-based authorization during account creation. Although the system validates that the specified role exist...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27198/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-21T05:17:17.817000
1 posts
updated 2026-02-21T00:31:55
3 posts
🔴 New security advisory:
CVE-2026-2635 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://yazoul.net/advisory/cve/cve-2026-2635
🔴 CVE-2026-2635 - Critical (9.8)
MLflow Use of Default Password Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not required to exploit this vulnerability.
The specifi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2635/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-2635 - Critical (9.8)
MLflow Use of Default Password Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not required to exploit this vulnerability.
The specifi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2635/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-21T00:31:54
2 posts
🟠 CVE-2026-2037 - High (8.8)
GFI Archiver MArc.Core Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Although authentication is required to ex...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2037/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2037 - High (8.8)
GFI Archiver MArc.Core Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Although authentication is required to ex...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2037/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-21T00:31:54
2 posts
🟠 CVE-2026-2036 - High (8.8)
GFI Archiver MArc.Store Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Although authentication is required to e...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2036/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2036 - High (8.8)
GFI Archiver MArc.Store Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Although authentication is required to e...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2036/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-21T00:31:54
2 posts
🟠 CVE-2026-2034 - High (7.8)
Sante DICOM Viewer Pro DCM File Parsing Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2034/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2034 - High (7.8)
Sante DICOM Viewer Pro DCM File Parsing Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2034/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-21T00:31:54
2 posts
🟠 CVE-2026-2045 - High (7.8)
GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2045/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2045 - High (7.8)
GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2045/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-21T00:31:54
2 posts
🟠 CVE-2026-2047 - High (7.8)
GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerabili...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2047/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2047 - High (7.8)
GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerabili...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2047/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-21T00:31:49
4 posts
🟠 CVE-2026-0777 - High (7.8)
Xmind Attachment Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xmind. User interaction is required to exploit this vulnerability in th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0777/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-0777 - High (7.8)
Xmind Attachment Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xmind. User interaction is required to exploit this vulnerability in th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0777/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-0777 - High (7.8)
Xmind Attachment Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xmind. User interaction is required to exploit this vulnerability in th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0777/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-0777 - High (7.8)
Xmind Attachment Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xmind. User interaction is required to exploit this vulnerability in th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0777/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-21T00:31:43
2 posts
🟠 CVE-2026-2044 - High (7.8)
GIMP PGM File Parsing Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in t...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2044/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2044 - High (7.8)
GIMP PGM File Parsing Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in t...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2044/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-21T00:16:17.463000
2 posts
🟠 CVE-2026-27203 - High (8.3)
eBay API MCP Server is an open source local MCP server providing AI assistants with comprehensive access to eBay's Sell APIs. All versions are vulnerable to Environment Variable Injection through the updateEnvFile function. The ebay_set_user_token...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27203/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27203 - High (8.3)
eBay API MCP Server is an open source local MCP server providing AI assistants with comprehensive access to eBay's Sell APIs. All versions are vulnerable to Environment Variable Injection through the updateEnvFile function. The ebay_set_user_token...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27203/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-21T00:16:16.640000
6 posts
⚠️ CVE-2026-27168: HIGH severity heap overflow in HappySeaFox sail (≤0.9.10). Remote code execution possible via crafted XWD files — no patch yet. Audit, block untrusted XWDs, and monitor! https://radar.offseq.com/threat/cve-2026-27168-cwe-122-heap-based-buffer-overflow--338e400d #OffSeq #Vulnerability #HappySeaFox #CyberAlert
##🟠 CVE-2026-27168 - High (8.8)
SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. All versions are vulnerable to Heap-based Buffer Overflow through the XWD parser's use of the bytes_per_line value. The value os...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27168/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27168 - High (8.8)
SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. All versions are vulnerable to Heap-based Buffer Overflow through the XWD parser's use of the bytes_per_line value. The value os...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27168/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CVE-2026-27168: HIGH severity heap overflow in HappySeaFox sail (≤0.9.10). Remote code execution possible via crafted XWD files — no patch yet. Audit, block untrusted XWDs, and monitor! https://radar.offseq.com/threat/cve-2026-27168-cwe-122-heap-based-buffer-overflow--338e400d #OffSeq #Vulnerability #HappySeaFox #CyberAlert
##🟠 CVE-2026-27168 - High (8.8)
SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. All versions are vulnerable to Heap-based Buffer Overflow through the XWD parser's use of the bytes_per_line value. The value os...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27168/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27168 - High (8.8)
SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. All versions are vulnerable to Heap-based Buffer Overflow through the XWD parser's use of the bytes_per_line value. The value os...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27168/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T23:16:05.167000
2 posts
🟠 CVE-2026-2048 - High (7.8)
GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2048/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2048 - High (7.8)
GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2048/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T23:16:03.093000
2 posts
🟠 CVE-2026-2033 - High (8.1)
MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MLflow Tracking Server. Authentication is not requir...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2033/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2033 - High (8.1)
MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MLflow Tracking Server. Authentication is not requir...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2033/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T22:20:05
2 posts
🟠 CVE-2026-27190 - High (8.1)
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.6.8, a command injection vulnerability exists in Deno's node:child_process implementation. This vulnerability is fixed in 2.6.8.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27190/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27190 - High (8.1)
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.6.8, a command injection vulnerability exists in Deno's node:child_process implementation. This vulnerability is fixed in 2.6.8.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27190/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T22:19:56
6 posts
CVE-2026-25896 (CVSS 9.3) disclosed in fast-xml-parser
A critical entity encoding bypass affects fast-xml-parser (40M+ weekly npm downloads).
-Allows attackers to shadow built-in XML entities (<, >, &, ", ')
-Can lead to XSS or injection when parsing untrusted XML and rendering the output
-Exploitable with default settings (processEntities: true)
-Impacts >= 4.1.3 and < 5.3.5, including transitive dependencies
Fix: upgrade to v5.3.5+
Advisory: GHSA-m7jm-9gc2-mpf2
https://www.endorlabs.com/learn/cve-2026-25896-fast-xml-parser
##🚨 CRITICAL: CVE-2026-25896 in fast-xml-parser (<5.3.5) lets attackers override built-in XML entities, enabling XSS via crafted XML. Affects web apps using vulnerable versions. Patch to 5.3.5+ ASAP! https://radar.offseq.com/threat/cve-2026-25896-cwe-185-incorrect-regular-expressio-a786da3a #OffSeq #Infosec #XSS #NodeJS
##🔴 CVE-2026-25896 - Critical (9.3)
fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. From 4.1.3to before 5.3.5, a dot (.) in a DOCTYPE entity name is treated as a regex wildcard during en...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25896/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##CVE-2026-25896 (CVSS 9.3) disclosed in fast-xml-parser
A critical entity encoding bypass affects fast-xml-parser (40M+ weekly npm downloads).
-Allows attackers to shadow built-in XML entities (<, >, &, ", ')
-Can lead to XSS or injection when parsing untrusted XML and rendering the output
-Exploitable with default settings (processEntities: true)
-Impacts >= 4.1.3 and < 5.3.5, including transitive dependencies
Fix: upgrade to v5.3.5+
Advisory: GHSA-m7jm-9gc2-mpf2
https://www.endorlabs.com/learn/cve-2026-25896-fast-xml-parser
##🚨 CRITICAL: CVE-2026-25896 in fast-xml-parser (<5.3.5) lets attackers override built-in XML entities, enabling XSS via crafted XML. Affects web apps using vulnerable versions. Patch to 5.3.5+ ASAP! https://radar.offseq.com/threat/cve-2026-25896-cwe-185-incorrect-regular-expressio-a786da3a #OffSeq #Infosec #XSS #NodeJS
##🔴 CVE-2026-25896 - Critical (9.3)
fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. From 4.1.3to before 5.3.5, a dot (.) in a DOCTYPE entity name is treated as a regex wildcard during en...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25896/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T22:16:19.280000
4 posts
🟠 CVE-2026-0797 - High (7.8)
GIMP ICO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerabilit...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0797/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-0797 - High (7.8)
GIMP ICO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerabilit...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0797/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-0797 - High (7.8)
GIMP ICO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerabilit...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0797/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-0797 - High (7.8)
GIMP ICO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerabilit...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0797/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T21:32:27
2 posts
🟠 CVE-2026-22364 - High (8.1)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes SevenTrees seventrees allows PHP Local File Inclusion.This issue affects SevenTrees: from n/a through <=1.0.2.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22364/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-22364 - High (8.1)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes SevenTrees seventrees allows PHP Local File Inclusion.This issue affects SevenTrees: from n/a through <=1.0.2.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22364/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T21:32:27
2 posts
🟠 CVE-2026-22378 - High (8.1)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Blabber blabber allows PHP Local File Inclusion.This issue affects Blabber: from n/a through <= 1.7.0.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22378/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-22378 - High (8.1)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Blabber blabber allows PHP Local File Inclusion.This issue affects Blabber: from n/a through <= 1.7.0.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22378/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T21:32:27
2 posts
🟠 CVE-2026-24950 - High (7.5)
Authorization Bypass Through User-Controlled Key vulnerability in themeplugs Authorsy authorsy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Authorsy: from n/a through <= 1.0.6.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24950/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-24950 - High (7.5)
Authorization Bypass Through User-Controlled Key vulnerability in themeplugs Authorsy authorsy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Authorsy: from n/a through <= 1.0.6.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24950/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T21:31:32
2 posts
🟠 CVE-2026-2856 - High (8.8)
A vulnerability was found in D-Link DWR-M960 1.01.07. Affected by this vulnerability is the function sub_424AFC of the file /boafrm/formFilter of the component Filter Configuration Endpoint. The manipulation of the argument submit-url results in s...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2856/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2856 - High (8.8)
A vulnerability was found in D-Link DWR-M960 1.01.07. Affected by this vulnerability is the function sub_424AFC of the file /boafrm/formFilter of the component Filter Configuration Endpoint. The manipulation of the argument submit-url results in s...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2856/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T21:31:32
2 posts
🟠 CVE-2026-2855 - High (8.8)
A vulnerability has been found in D-Link DWR-M960 1.01.07. Affected is the function sub_4648F0 of the file /boafrm/formDdns of the component DDNS Settings Handler. The manipulation of the argument submit-url leads to stack-based buffer overflow. T...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2855/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2855 - High (8.8)
A vulnerability has been found in D-Link DWR-M960 1.01.07. Affected is the function sub_4648F0 of the file /boafrm/formDdns of the component DDNS Settings Handler. The manipulation of the argument submit-url leads to stack-based buffer overflow. T...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2855/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T21:31:24
2 posts
🟠 CVE-2026-2854 - High (8.8)
A flaw has been found in D-Link DWR-M960 1.01.07. This impacts the function sub_4611CC of the file /boafrm/formNtp of the component NTP Configuration Endpoint. Executing a manipulation of the argument submit-url can lead to stack-based buffer over...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2854/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2854 - High (8.8)
A flaw has been found in D-Link DWR-M960 1.01.07. This impacts the function sub_4611CC of the file /boafrm/formNtp of the component NTP Configuration Endpoint. Executing a manipulation of the argument submit-url can lead to stack-based buffer over...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2854/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T21:31:24
2 posts
🟠 CVE-2026-2853 - High (8.8)
A vulnerability was detected in D-Link DWR-M960 1.01.07. This affects the function sub_462E14 of the file /boafrm/formSysLog of the component System Log Configuration Endpoint. Performing a manipulation of the argument submit-url results in stack-...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2853/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2853 - High (8.8)
A vulnerability was detected in D-Link DWR-M960 1.01.07. This affects the function sub_462E14 of the file /boafrm/formSysLog of the component System Log Configuration Endpoint. Performing a manipulation of the argument submit-url results in stack-...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2853/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T21:31:23
2 posts
🟠 CVE-2026-22383 - High (7.5)
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes PawFriends - Pet Shop and Veterinary WordPress Theme pawfriends allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PawFriends -...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22383/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-22383 - High (7.5)
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes PawFriends - Pet Shop and Veterinary WordPress Theme pawfriends allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PawFriends -...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22383/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T21:31:23
2 posts
🟠 CVE-2026-22380 - High (8.1)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes UnlimHost unlimhost allows PHP Local File Inclusion.This issue affects UnlimHost: from n/a through <= 1.2.3.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22380/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-22380 - High (8.1)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes UnlimHost unlimhost allows PHP Local File Inclusion.This issue affects UnlimHost: from n/a through <= 1.2.3.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22380/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T21:31:22
2 posts
🟠 CVE-2026-22368 - High (8.1)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Redy redy allows PHP Local File Inclusion.This issue affects Redy: from n/a through <= 1.0.2.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22368/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-22368 - High (8.1)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Redy redy allows PHP Local File Inclusion.This issue affects Redy: from n/a through <= 1.0.2.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22368/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T21:31:22
2 posts
🟠 CVE-2026-22366 - High (8.1)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Jude jude allows PHP Local File Inclusion.This issue affects Jude: from n/a through <= 1.3.0.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22366/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-22366 - High (8.1)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Jude jude allows PHP Local File Inclusion.This issue affects Jude: from n/a through <= 1.3.0.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22366/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T21:31:22
2 posts
🟠 CVE-2026-22374 - High (8.1)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Zio Alberto zioalberto allows PHP Local File Inclusion.This issue affects Zio Alberto: from n/a through <= 1.2.2.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22374/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-22374 - High (8.1)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Zio Alberto zioalberto allows PHP Local File Inclusion.This issue affects Zio Alberto: from n/a through <= 1.2.2.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22374/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T21:31:22
2 posts
🟠 CVE-2026-22372 - High (8.1)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Isida isida allows PHP Local File Inclusion.This issue affects Isida: from n/a through <= 1.4.2.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22372/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-22372 - High (8.1)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Isida isida allows PHP Local File Inclusion.This issue affects Isida: from n/a through <= 1.4.2.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22372/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T21:31:22
2 posts
🟠 CVE-2026-22376 - High (8.1)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Parkivia parkivia allows PHP Local File Inclusion.This issue affects Parkivia: from n/a through <= 1.1.9.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22376/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-22376 - High (8.1)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Parkivia parkivia allows PHP Local File Inclusion.This issue affects Parkivia: from n/a through <= 1.1.9.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22376/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T21:31:16
4 posts
2 repos
🚨 [CISA-2026:0220] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0220)
CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2025-49113 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-49113)
- Name: RoundCube Webmail Deserialization of Untrusted Data Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Roundcube
- Product: Webmail
- Notes: https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10 ; https://github.com/roundcube/roundcubemail/releases/tag/1.5.10 ; https://github.com/roundcube/roundcubemail/releases/tag/1.6.11 ; https://nvd.nist.gov/vuln/detail/CVE-2025-49113
⚠️ CVE-2025-68461 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-68461)
- Name: RoundCube Webmail Cross-site Scripting Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Roundcube
- Product: Webmail
- Notes: https://roundcube.net/news/2025/12/13/security-updates-1.6.12-and-1.5.12 ; https://github.com/roundcube/roundcubemail/commit/bfa032631c36b900e7444dfa278340b33cbf7cdb ; https://nvd.nist.gov/vuln/detail/CVE-2025-68461
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260220 #cisa20260220 #cve_2025_49113 #cve_2025_68461 #cve202549113 #cve202568461
##CVE ID: CVE-2025-68461
Vendor: Roundcube
Product: Webmail
Date Added: 2026-02-20
Notes: https://roundcube.net/news/2025/12/13/security-updates-1.6.12-and-1.5.12 ; https://github.com/roundcube/roundcubemail/commit/bfa032631c36b900e7444dfa278340b33cbf7cdb ; https://nvd.nist.gov/vuln/detail/CVE-2025-68461
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-68461
🚨 [CISA-2026:0220] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0220)
CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2025-49113 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-49113)
- Name: RoundCube Webmail Deserialization of Untrusted Data Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Roundcube
- Product: Webmail
- Notes: https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10 ; https://github.com/roundcube/roundcubemail/releases/tag/1.5.10 ; https://github.com/roundcube/roundcubemail/releases/tag/1.6.11 ; https://nvd.nist.gov/vuln/detail/CVE-2025-49113
⚠️ CVE-2025-68461 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-68461)
- Name: RoundCube Webmail Cross-site Scripting Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Roundcube
- Product: Webmail
- Notes: https://roundcube.net/news/2025/12/13/security-updates-1.6.12-and-1.5.12 ; https://github.com/roundcube/roundcubemail/commit/bfa032631c36b900e7444dfa278340b33cbf7cdb ; https://nvd.nist.gov/vuln/detail/CVE-2025-68461
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260220 #cisa20260220 #cve_2025_49113 #cve_2025_68461 #cve202549113 #cve202568461
##CVE ID: CVE-2025-68461
Vendor: Roundcube
Product: Webmail
Date Added: 2026-02-20
Notes: https://roundcube.net/news/2025/12/13/security-updates-1.6.12-and-1.5.12 ; https://github.com/roundcube/roundcubemail/commit/bfa032631c36b900e7444dfa278340b33cbf7cdb ; https://nvd.nist.gov/vuln/detail/CVE-2025-68461
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-68461
updated 2026-02-20T21:19:30.823000
2 posts
🟠 CVE-2026-2857 - High (8.8)
A vulnerability was determined in D-Link DWR-M960 1.01.07. Affected by this issue is the function sub_423E00 of the file /boafrm/formPortFw of the component Port Forwarding Configuration Endpoint. This manipulation of the argument submit-url cause...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2857/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2857 - High (8.8)
A vulnerability was determined in D-Link DWR-M960 1.01.07. Affected by this issue is the function sub_423E00 of the file /boafrm/formPortFw of the component Port Forwarding Configuration Endpoint. This manipulation of the argument submit-url cause...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2857/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T21:19:30.107000
3 posts
4 repos
https://github.com/huseyinstif/CVE-2026-2441-PoC
https://github.com/b1gchoi/CVE-2026-2441_POC
Zero-day CSS: CVE-2026-2441 exists in the wild https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_13.html
##Chrome CSS Zero-Day (CVE-2026-2441)
Google has patched a CVSS 8.8 high-severity use-after-free bug in Chrome’s CSS engine that is being exploited in the wild. This also affects all Chrome-based browsers such as Brave, Edge and Opera.
https://forum.hashpwn.net/post/10273
#google #chrome #brave #edge #opera #browser #cybersecurity #css #zeroday #cve20262441 #news #hashpwn
##Chrome CSS Zero-Day (CVE-2026-2441)
Google has patched a CVSS 8.8 high-severity use-after-free bug in Chrome’s CSS engine that is being exploited in the wild. This also affects all Chrome-based browsers such as Brave, Edge and Opera.
https://forum.hashpwn.net/post/10273
#google #chrome #brave #edge #opera #browser #cybersecurity #css #zeroday #cve20262441 #news #hashpwn
##updated 2026-02-20T20:57:50.360000
6 posts
CRITICAL: Grandstream VoIP phones hit by unauthenticated RCE (CVE-2026-2329) — allows call interception & device compromise. No patch yet. Restrict access, disable remote mgmt, and monitor for threats. https://radar.offseq.com/threat/critical-grandstream-phone-vulnerability-exposes-c-7d749d0a #OffSeq #VoIP #Security #RCE
##Hacking like the 1990s (cvss 9.8) —
A Cold War Style Vulnerability in Modern VoIP
Presented by LowLevelTV –
[Invidious](https://yewtu.be/watch?v=I4brAvpjbrg)
[YouTube](https://youtube.com/watch?v=I4brAvpjbrg)
Writeups:
Douglas McKee
[The Phone is Listening: A Cold War–Style Vulnerability in Modern VoIP](https://www.rapid7.com/blog/post/ve-phone-listening-cold-war-vulnerability-modern-voip/)
Stephen Fewer:
[CVE-2026-2329: Critical Unauthenticated Stack Buffer Overflow in Grandstream GXP1600 VoIP Phones](https://www.rapid7.com/blog/post/ve-cve-2026-2329-critical-unauthenticated-stack-buffer-overflow-in-grandstream-gxp1600-voip-phones-fixed/)
Critical Unauthenticated Root Vulnerability in Grandstream GXP1600 VoIP Phones
Grandstream GXP1600 series VoIP phones contain a critical unauthenticated buffer overflow vulnerability (CVE-2026-2329) that allows attackers to gain root access and intercept calls.
**If you are using Grandstream GXP1600 phones, plan a quick update to firmware 1.0.7.81. As a first step, make sure to isolate VoIP hardware on a dedicated, firewalled VLAN and confirm that management interfaces are not reachable from untrusted networks.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-unauthenticated-root-vulnerability-in-grandstream-gxp1600-voip-phones-t-4-w-t-w/gD2P6Ple2L
🖲️ #Cybersecurity #Ciberseguridad #Ciberseguranca #Security #Seguridad #Seguranca #News #Noticia #Noticias #Tecnologia #Technology
⚫ Critical Grandstream VoIP Bug Highlights SMB Security Blind Spot
🔗 https://www.darkreading.com/threat-intelligence/grandstream-bug-voip-security-blind-spot
CVE-2026-2329 allows unauthenticated root-level access to SMB phone infrastructure, so attackers can intercept calls, commit toll fraud, and impersonate users.
##CRITICAL: Grandstream VoIP phones hit by unauthenticated RCE (CVE-2026-2329) — allows call interception & device compromise. No patch yet. Restrict access, disable remote mgmt, and monitor for threats. https://radar.offseq.com/threat/critical-grandstream-phone-vulnerability-exposes-c-7d749d0a #OffSeq #VoIP #Security #RCE
##Critical Unauthenticated Root Vulnerability in Grandstream GXP1600 VoIP Phones
Grandstream GXP1600 series VoIP phones contain a critical unauthenticated buffer overflow vulnerability (CVE-2026-2329) that allows attackers to gain root access and intercept calls.
**If you are using Grandstream GXP1600 phones, plan a quick update to firmware 1.0.7.81. As a first step, make sure to isolate VoIP hardware on a dedicated, firewalled VLAN and confirm that management interfaces are not reachable from untrusted networks.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-unauthenticated-root-vulnerability-in-grandstream-gxp1600-voip-phones-t-4-w-t-w/gD2P6Ple2L
updated 2026-02-20T20:46:00.037000
3 posts
🟠 CVE-2026-26362 - High (8.1)
Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Relative Path Traversal vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized modification of critical system fi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26362/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26362 - High (8.1)
Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Relative Path Traversal vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized modification of critical system fi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26362/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26362 - High (8.1)
Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Relative Path Traversal vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized modification of critical system fi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26362/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T20:25:21.757000
2 posts
🟠 CVE-2026-24941 - High (7.5)
Missing Authorization vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Portal: from n/a through <= 2.4.4.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24941/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-24941 - High (7.5)
Missing Authorization vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Portal: from n/a through <= 2.4.4.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24941/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T20:25:19.853000
2 posts
🟠 CVE-2026-22370 - High (8.1)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Marveland marveland allows PHP Local File Inclusion.This issue affects Marveland: from n/a through <= 1.3.0.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22370/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-22370 - High (8.1)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Marveland marveland allows PHP Local File Inclusion.This issue affects Marveland: from n/a through <= 1.3.0.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22370/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T20:25:19.160000
2 posts
🟠 CVE-2026-22362 - High (8.1)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Photolia photolia allows PHP Local File Inclusion.This issue affects Photolia: from n/a through <= 1.0.3.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22362/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-22362 - High (8.1)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Photolia photolia allows PHP Local File Inclusion.This issue affects Photolia: from n/a through <= 1.0.3.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22362/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T20:25:18.363000
4 posts
22 repos
https://github.com/ankitpandey383/roundcube-cve-2025-49113-lab
https://github.com/AC8999/CVE-2025-49113
https://github.com/Zwique/CVE-2025-49113
https://github.com/CyberQuestor-infosec/CVE-2025-49113-Roundcube_1.6.10
https://github.com/hakaioffsec/CVE-2025-49113-exploit
https://github.com/SyFi/CVE-2025-49113
https://github.com/Yuri08loveElaina/CVE-2025-49113
https://github.com/Zuack55/Roundcube-1.6.10-Post-Auth-RCE-CVE-2025-49113-
https://github.com/l4f2s4/CVE-2025-49113_exploit_cookies
https://github.com/rasool13x/exploit-CVE-2025-49113
https://github.com/SteamPunk424/CVE-2025-49113-Roundcube-RCE-PHP
https://github.com/BiiTts/Roundcube-CVE-2025-49113
https://github.com/00xCanelo/CVE-2025-49113
https://github.com/rxerium/CVE-2025-49113
https://github.com/5kr1pt/Roundcube_CVE-2025-49113
https://github.com/fearsoff-org/CVE-2025-49113
https://github.com/LeakForge/CVE-2025-49113
https://github.com/punitdarji/roundcube-cve-2025-49113
https://github.com/Ademking/CVE-2025-49113-nuclei-template
https://github.com/hackmelocal/CVE-2025-49113-Simulation
🚨 [CISA-2026:0220] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0220)
CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2025-49113 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-49113)
- Name: RoundCube Webmail Deserialization of Untrusted Data Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Roundcube
- Product: Webmail
- Notes: https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10 ; https://github.com/roundcube/roundcubemail/releases/tag/1.5.10 ; https://github.com/roundcube/roundcubemail/releases/tag/1.6.11 ; https://nvd.nist.gov/vuln/detail/CVE-2025-49113
⚠️ CVE-2025-68461 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-68461)
- Name: RoundCube Webmail Cross-site Scripting Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Roundcube
- Product: Webmail
- Notes: https://roundcube.net/news/2025/12/13/security-updates-1.6.12-and-1.5.12 ; https://github.com/roundcube/roundcubemail/commit/bfa032631c36b900e7444dfa278340b33cbf7cdb ; https://nvd.nist.gov/vuln/detail/CVE-2025-68461
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260220 #cisa20260220 #cve_2025_49113 #cve_2025_68461 #cve202549113 #cve202568461
##CVE ID: CVE-2025-49113
Vendor: Roundcube
Product: Webmail
Date Added: 2026-02-20
Notes: https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10 ; https://github.com/roundcube/roundcubemail/releases/tag/1.5.10 ; https://github.com/roundcube/roundcubemail/releases/tag/1.6.11 ; https://nvd.nist.gov/vuln/detail/CVE-2025-49113
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-49113
🚨 [CISA-2026:0220] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0220)
CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2025-49113 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-49113)
- Name: RoundCube Webmail Deserialization of Untrusted Data Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Roundcube
- Product: Webmail
- Notes: https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10 ; https://github.com/roundcube/roundcubemail/releases/tag/1.5.10 ; https://github.com/roundcube/roundcubemail/releases/tag/1.6.11 ; https://nvd.nist.gov/vuln/detail/CVE-2025-49113
⚠️ CVE-2025-68461 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-68461)
- Name: RoundCube Webmail Cross-site Scripting Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Roundcube
- Product: Webmail
- Notes: https://roundcube.net/news/2025/12/13/security-updates-1.6.12-and-1.5.12 ; https://github.com/roundcube/roundcubemail/commit/bfa032631c36b900e7444dfa278340b33cbf7cdb ; https://nvd.nist.gov/vuln/detail/CVE-2025-68461
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260220 #cisa20260220 #cve_2025_49113 #cve_2025_68461 #cve202549113 #cve202568461
##CVE ID: CVE-2025-49113
Vendor: Roundcube
Product: Webmail
Date Added: 2026-02-20
Notes: https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10 ; https://github.com/roundcube/roundcubemail/releases/tag/1.5.10 ; https://github.com/roundcube/roundcubemail/releases/tag/1.6.11 ; https://nvd.nist.gov/vuln/detail/CVE-2025-49113
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-49113
updated 2026-02-20T19:45:52.563000
2 posts
🟠 CVE-2026-26286 - High (8.5)
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. In versions prior to 1.16.0, a Server-Side Request Forgery (SSRF...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26286/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26286 - High (8.5)
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. In versions prior to 1.16.0, a Server-Side Request Forgery (SSRF...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26286/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T19:26:57
2 posts
🟠 CVE-2026-27487 - High (7.6)
OpenClaw is a personal AI assistant. In versions 2026.2.13 and below, when using macOS, the Claude CLI keychain credential refresh path constructed a shell command to write the updated JSON blob into Keychain via security add-generic-password -w ....
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27487/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27487 - High (7.6)
OpenClaw is a personal AI assistant. In versions 2026.2.13 and below, when using macOS, the Claude CLI keychain credential refresh path constructed a shell command to write the updated JSON blob into Keychain via security add-generic-password -w ....
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27487/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T19:23:15.067000
2 posts
🟠 CVE-2026-24959 - High (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Help Desk js-support-ticket allows Blind SQL Injection.This issue affects JS Help Desk: from n/a through <= 3.0.1.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24959/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-24959 - High (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Help Desk js-support-ticket allows Blind SQL Injection.This issue affects JS Help Desk: from n/a through <= 3.0.1.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24959/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T19:23:14.200000
1 posts
🔴 New security advisory:
CVE-2021-35402 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://yazoul.net/advisory/cve/cve-2021-35402
updated 2026-02-20T19:12:33.527000
4 posts
🟠 CVE-2026-26996 - High (7.5)
minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service (ReDoS) when a glob pattern contains many consecutive * wildca...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26996/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CVE-2026-26996: HIGH severity ReDoS in isaacs minimatch (<10.2.1). User-controlled glob patterns can cause exponential backtracking & DoS. Upgrade to 10.2.1+ & validate input! Info: https://radar.offseq.com/threat/cve-2026-26996-cwe-1333-inefficient-regular-expres-e16ebdd4 #OffSeq #ReDoS #NodeSecurity
##🟠 CVE-2026-26996 - High (7.5)
minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service (ReDoS) when a glob pattern contains many consecutive * wildca...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26996/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CVE-2026-26996: HIGH severity ReDoS in isaacs minimatch (<10.2.1). User-controlled glob patterns can cause exponential backtracking & DoS. Upgrade to 10.2.1+ & validate input! Info: https://radar.offseq.com/threat/cve-2026-26996-cwe-1333-inefficient-regular-expres-e16ebdd4 #OffSeq #ReDoS #NodeSecurity
##updated 2026-02-20T19:12:08.257000
2 posts
🟠 CVE-2026-26321 - High (7.5)
OpenClaw is a personal AI assistant. Prior to OpenClaw version 2026.2.14, the Feishu extension previously allowed `sendMediaFeishu` to treat attacker-controlled `mediaUrl` values as local filesystem paths and read them directly. If an attacker can...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26321/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26321 - High (7.5)
OpenClaw is a personal AI assistant. Prior to OpenClaw version 2026.2.14, the Feishu extension previously allowed `sendMediaFeishu` to treat attacker-controlled `mediaUrl` values as local filesystem paths and read them directly. If an attacker can...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26321/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T18:57:15.973000
2 posts
🟠 CVE-2026-24891 - High (7.5)
openITCOCKPIT is an open source monitoring tool built for different monitoring engines like Nagios, Naemon and Prometheus. Versions 5.3.1 and below contain an unsafe deserialization sink in the Gearman worker implementation. The worker function re...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24891/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-24891 - High (7.5)
openITCOCKPIT is an open source monitoring tool built for different monitoring engines like Nagios, Naemon and Prometheus. Versions 5.3.1 and below contain an unsafe deserialization sink in the Gearman worker implementation. The worker function re...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24891/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T18:57:15.973000
2 posts
🔴 CVE-2026-25715 - Critical (9.8)
The web management interface of the device allows the administrator
username and password to be set to blank values. Once applied, the
device permits authentication with empty credentials over the web
management interface and Telnet service. Th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25715/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-25715 - Critical (9.8)
The web management interface of the device allows the administrator
username and password to be set to blank values. Once applied, the
device permits authentication with empty credentials over the web
management interface and Telnet service. Th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25715/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T18:32:34
2 posts
🟠 CVE-2026-27343 - High (7.5)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in VanKarWai Airtifact airtifact allows PHP Local File Inclusion.This issue affects Airtifact: from n/a through <= 1.2.91.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27343/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27343 - High (7.5)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in VanKarWai Airtifact airtifact allows PHP Local File Inclusion.This issue affects Airtifact: from n/a through <= 1.2.91.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27343/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T18:31:51
2 posts
🟠 CVE-2026-2818 - High (8.2)
A zip-slip path traversal vulnerability in Spring Data Geode's import snapshot functionality allows attackers to write files outside the intended extraction directory. This vulnerability appears to be susceptible on Windows OS only.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2818/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2818 - High (8.2)
A zip-slip path traversal vulnerability in Spring Data Geode's import snapshot functionality allows attackers to write files outside the intended extraction directory. This vulnerability appears to be susceptible on Windows OS only.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2818/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T18:31:49
3 posts
Critical Vulnerability in Industrial Control Systems: Unauthorized Odorization Threat in Welker System
A serious cybersecurity flaw has been identified in the Welker OdorEyes EcoSystem Pulse Bypass System with XL4 Controller, with the potential to trigger unauthorized odorization events. The vulnerability, tagged as CVE-2026-24790, has been classified by the Cybersecurity and Infrastructure Security Agency (CISA) with a CVSS score of 8.2, indicating a high risk of…
##🟠 CVE-2026-24790 - High (8.2)
The underlying PLC of the device can be remotely influenced, without proper safeguards or authentication.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24790/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-24790 - High (8.2)
The underlying PLC of the device can be remotely influenced, without proper safeguards or authentication.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24790/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T18:31:49
2 posts
🟠 CVE-2026-26048 - High (7.5)
The Wi-Fi router is vulnerable to de-authentication attacks due to the
absence of management frame protection, allowing forged deauthentication
and disassociation frames to be broadcast without authentication or
encryption. An attacker can use ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26048/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26048 - High (7.5)
The Wi-Fi router is vulnerable to de-authentication attacks due to the
absence of management frame protection, allowing forged deauthentication
and disassociation frames to be broadcast without authentication or
encryption. An attacker can use ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26048/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T18:31:48
2 posts
🟠 CVE-2026-24455 - High (7.5)
The embedded web interface of the device does not support HTTPS/TLS for
authentication and uses HTTP Basic Authentication. Traffic is encoded
but not encrypted, exposing user credentials to passive interception by
attackers on the same network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24455/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-24455 - High (7.5)
The embedded web interface of the device does not support HTTPS/TLS for
authentication and uses HTTP Basic Authentication. Traffic is encoded
but not encrypted, exposing user credentials to passive interception by
attackers on the same network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24455/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T16:55:22.933000
4 posts
🟠 CVE-2026-20761 - High (8.1)
A vulnerability exists in EnOcean SmartServer IoT version 4.60.009 and
prior, which would allow remote attackers, in the LON IP-852 management
messages, to send specially crafted IP-852 messages resulting in
arbitrary OS command execution on th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20761/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-20761 - High (8.1)
A vulnerability exists in EnOcean SmartServer IoT version 4.60.009 and
prior, which would allow remote attackers, in the LON IP-852 management
messages, to send specially crafted IP-852 messages resulting in
arbitrary OS command execution on th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20761/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-20761 - High (8.1)
A vulnerability exists in EnOcean SmartServer IoT version 4.60.009 and
prior, which would allow remote attackers, in the LON IP-852 management
messages, to send specially crafted IP-852 messages resulting in
arbitrary OS command execution on th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20761/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-20761 - High (8.1)
A vulnerability exists in EnOcean SmartServer IoT version 4.60.009 and
prior, which would allow remote attackers, in the LON IP-852 management
messages, to send specially crafted IP-852 messages resulting in
arbitrary OS command execution on th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20761/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T16:48:10
4 posts
⚠️ CVE-2026-26980: CRITICAL SQL Injection in TryGhost Ghost CMS (3.24.0 – 6.19.0). Unauth attackers can read DB data remotely. Patch to 6.19.1 now! https://radar.offseq.com/threat/cve-2026-26980-cwe-89-improper-neutralization-of-s-8eb7ae8a #OffSeq #SQLInjection #GhostCMS #Vuln
##🔴 CVE-2026-26980 - Critical (9.4)
Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26980/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CVE-2026-26980: CRITICAL SQL Injection in TryGhost Ghost CMS (3.24.0 – 6.19.0). Unauth attackers can read DB data remotely. Patch to 6.19.1 now! https://radar.offseq.com/threat/cve-2026-26980-cwe-89-improper-neutralization-of-s-8eb7ae8a #OffSeq #SQLInjection #GhostCMS #Vuln
##🔴 CVE-2026-26980 - Critical (9.4)
Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26980/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T16:47:05
2 posts
🔴 CVE-2026-27002 - Critical (9.8)
OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a configuration injection issue in the Docker tool sandbox could allow dangerous Docker options (bind mounts, host networking, unconfined profiles) to be applied, enabling container ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27002/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-27002 - Critical (9.8)
OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a configuration injection issue in the Docker tool sandbox could allow dangerous Docker options (bind mounts, host networking, unconfined profiles) to be applied, enabling container ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27002/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T16:47:00
2 posts
🟠 CVE-2026-27001 - High (7.8)
OpenClaw is a personal AI assistant. Prior to version 2026.2.15, OpenClaw embedded the current working directory (workspace path) into the agent system prompt without sanitization. If an attacker can cause OpenClaw to run inside a directory whose ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27001/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27001 - High (7.8)
OpenClaw is a personal AI assistant. Prior to version 2026.2.15, OpenClaw embedded the current working directory (workspace path) into the agent system prompt without sanitization. If an attacker can cause OpenClaw to run inside a directory whose ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27001/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T16:45:55
2 posts
🟠 CVE-2026-26323 - High (8.8)
OpenClaw is a personal AI assistant. Versions 2026.1.8 through 2026.2.13 have a command injection in the maintainer/dev script `scripts/update-clawtributors.ts`. The issue affects contributors/maintainers (or CI) who run `bun scripts/update-clawtr...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26323/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26323 - High (8.8)
OpenClaw is a personal AI assistant. Versions 2026.1.8 through 2026.2.13 have a command injection in the maintainer/dev script `scripts/update-clawtributors.ts`. The issue affects contributors/maintainers (or CI) who run `bun scripts/update-clawtr...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26323/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T16:45:18.507000
6 posts
🟠 CVE-2026-26065 - High (8.8)
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below are vulnerable to Path Traversal through PDB readers (both 132-byte and 202-byte header variants) that allow arbitrary fi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26065/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26065 - High (8.8)
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below are vulnerable to Path Traversal through PDB readers (both 132-byte and 202-byte header variants) that allow arbitrary fi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26065/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CRITICAL vuln: calibre <9.3.0 (CVE-2026-26065) allows arbitrary file writes via path traversal in PDB reader. Risks: code execution, DoS. Patch to 9.3.0+ ASAP! No known exploits yet. https://radar.offseq.com/threat/cve-2026-26065-cwe-22-improper-limitation-of-a-pat-53326093 #OffSeq #Vuln #Calibre #InfoSec
##🟠 CVE-2026-26065 - High (8.8)
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below are vulnerable to Path Traversal through PDB readers (both 132-byte and 202-byte header variants) that allow arbitrary fi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26065/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26065 - High (8.8)
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below are vulnerable to Path Traversal through PDB readers (both 132-byte and 202-byte header variants) that allow arbitrary fi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26065/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CRITICAL vuln: calibre <9.3.0 (CVE-2026-26065) allows arbitrary file writes via path traversal in PDB reader. Risks: code execution, DoS. Patch to 9.3.0+ ASAP! No known exploits yet. https://radar.offseq.com/threat/cve-2026-26065-cwe-22-improper-limitation-of-a-pat-53326093 #OffSeq #Vuln #Calibre #InfoSec
##updated 2026-02-20T16:44:49
2 posts
🟠 CVE-2026-26324 - High (7.5)
OpenClaw is a personal AI assistant. Prior to version 2026.2.14, OpenClaw's SSRF protection could be bypassed using full-form IPv4-mapped IPv6 literals such as `0:0:0:0:0:ffff:7f00:1` (which is `127.0.0.1`). This could allow requests that should b...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26324/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26324 - High (7.5)
OpenClaw is a personal AI assistant. Prior to version 2026.2.14, OpenClaw's SSRF protection could be bypassed using full-form IPv4-mapped IPv6 literals such as `0:0:0:0:0:ffff:7f00:1` (which is `127.0.0.1`). This could allow requests that should b...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26324/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T16:44:39
2 posts
🟠 CVE-2026-26322 - High (7.6)
OpenClaw is a personal AI assistant. Prior to OpenClaw version 2026.2.14, the Gateway tool accepted a tool-supplied `gatewayUrl` without sufficient restrictions, which could cause the OpenClaw host to attempt outbound WebSocket connections to user...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26322/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26322 - High (7.6)
OpenClaw is a personal AI assistant. Prior to OpenClaw version 2026.2.14, the Gateway tool accepted a tool-supplied `gatewayUrl` without sufficient restrictions, which could cause the OpenClaw host to attempt outbound WebSocket connections to user...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26322/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T16:44:20
2 posts
🟠 CVE-2026-26319 - High (7.5)
OpenClaw is a personal AI assistant. Versions 2026.2.13 and below allow the optional @openclaw/voice-call plugin Telnyx webhook handler to accept unsigned inbound webhook requests when telnyx.publicKey is not configured, enabling unauthenticated c...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26319/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26319 - High (7.5)
OpenClaw is a personal AI assistant. Versions 2026.2.13 and below allow the optional @openclaw/voice-call plugin Telnyx webhook handler to accept unsigned inbound webhook requests when telnyx.publicKey is not configured, enabling unauthenticated c...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26319/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T16:44:14
2 posts
🟠 CVE-2026-26316 - High (7.5)
OpenClaw is a personal AI assistant. Prior to 2026.2.13, the optional BlueBubbles iMessage channel plugin could accept webhook requests as authenticated based only on the TCP peer address being loopback (`127.0.0.1`, `::1`, `::ffff:127.0.0.1`) eve...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26316/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26316 - High (7.5)
OpenClaw is a personal AI assistant. Prior to 2026.2.13, the optional BlueBubbles iMessage channel plugin could accept webhook requests as authenticated based only on the TCP peer address being loopback (`127.0.0.1`, `::1`, `::ffff:127.0.0.1`) eve...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26316/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T16:33:47.890000
1 posts
🟠 CVE-2026-22267 - High (8.1)
Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22267/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T15:32:04
4 posts
🔴 CVE-2026-26339 - Critical (9.8)
Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve remote code execution through the argument injection vulnerability, which exists in the document processing functionality.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26339/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔎 CRITICAL: CVE-2026-26339 in Hyland Alfresco Transformation Service (Enterprise) enables unauthenticated SSRF → RCE. Restrict access, monitor for abuse, patch ASAP. All versions at risk. https://radar.offseq.com/threat/cve-2026-26339-cwe-918-server-side-request-forgery-f1de4ab8 #OffSeq #CVE202626339 #SSRF #RCE #Alfresco
##🔴 CVE-2026-26339 - Critical (9.8)
Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve remote code execution through the argument injection vulnerability, which exists in the document processing functionality.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26339/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔎 CRITICAL: CVE-2026-26339 in Hyland Alfresco Transformation Service (Enterprise) enables unauthenticated SSRF → RCE. Restrict access, monitor for abuse, patch ASAP. All versions at risk. https://radar.offseq.com/threat/cve-2026-26339-cwe-918-server-side-request-forgery-f1de4ab8 #OffSeq #CVE202626339 #SSRF #RCE #Alfresco
##updated 2026-02-20T15:20:29.797000
2 posts
🟠 CVE-2026-26337 - High (8.2)
Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve both arbitrary file read and server-side request forgery through the absolute path traversal.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26337/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26337 - High (8.2)
Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve both arbitrary file read and server-side request forgery through the absolute path traversal.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26337/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T15:20:29.647000
2 posts
🟠 CVE-2026-26336 - High (7.5)
Hyland Alfresco allows unauthenticated attackers to read arbitrary files from protected directories (like WEB-INF) via the "/share/page/resource/" endpoint, thus leading to the disclosure of sensitive configuration files.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26336/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26336 - High (7.5)
Hyland Alfresco allows unauthenticated attackers to read arbitrary files from protected directories (like WEB-INF) via the "/share/page/resource/" endpoint, thus leading to the disclosure of sensitive configuration files.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26336/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T13:49:47.623000
4 posts
🚨 Ricoh ジョブログ集計ツール (<1.3.7) has a HIGH severity DLL search path issue (CVE-2026-26050). Exploiting this enables admin-level code execution during install. Update to v1.3.7+ and restrict local access. https://radar.offseq.com/threat/cve-2026-26050-uncontrolled-search-path-element-in-8a10be9e #OffSeq #Vuln #Ricoh
##🟠 CVE-2026-26050 - High (7.8)
The installer for ジョブログ集計/分析ソフトウェア RICOHジョブログ集計ツール versions prior to Ver.1.3.7 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26050/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 Ricoh ジョブログ集計ツール (<1.3.7) has a HIGH severity DLL search path issue (CVE-2026-26050). Exploiting this enables admin-level code execution during install. Update to v1.3.7+ and restrict local access. https://radar.offseq.com/threat/cve-2026-26050-uncontrolled-search-path-element-in-8a10be9e #OffSeq #Vuln #Ricoh
##🟠 CVE-2026-26050 - High (7.8)
The installer for ジョブログ集計/分析ソフトウェア RICOHジョブログ集計ツール versions prior to Ver.1.3.7 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26050/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T13:49:47.623000
4 posts
🎵 CVE-2026-26975: HIGH severity RCE in Music Assistant server <2.7.0. Unauthenticated attackers can write arbitrary files via playlist update API — root compromise possible if running as root. Upgrade to 2.7.0+ now! https://radar.offseq.com/threat/cve-2026-26975-cwe-73-external-control-of-file-nam-f0001b29 #OffSeq #Vuln #RCE #MusicAssistant
##🟠 CVE-2026-26975 - High (8.8)
Music Assistant is an open-source media library manager that integrates streaming services with connected speakers. Versions 2.6.3 and below allow unauthenticated network-adjacent attackers to execute arbitrary code on affected installations. The ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26975/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🎵 CVE-2026-26975: HIGH severity RCE in Music Assistant server <2.7.0. Unauthenticated attackers can write arbitrary files via playlist update API — root compromise possible if running as root. Upgrade to 2.7.0+ now! https://radar.offseq.com/threat/cve-2026-26975-cwe-73-external-control-of-file-nam-f0001b29 #OffSeq #Vuln #RCE #MusicAssistant
##🟠 CVE-2026-26975 - High (8.8)
Music Assistant is an open-source media library manager that integrates streaming services with connected speakers. Versions 2.6.3 and below allow unauthenticated network-adjacent attackers to execute arbitrary code on affected installations. The ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26975/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T13:49:47.623000
4 posts
🔴 CVE-2025-30411 - Critical (10)
Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, Windows) before build 41800.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-30411/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-30411 - Critical (10)
Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, Windows) before build 41800.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-30411/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-30411 - Critical (10)
Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, Windows) before build 41800.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-30411/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-30411 - Critical (10)
Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, Windows) before build 41800.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-30411/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T13:49:47.623000
2 posts
🟠 CVE-2026-26275 - High (7.5)
httpsig-hyper is a hyper extension for http message signatures. An issue was discovered in `httpsig-hyper` prior to version 0.0.23 where Digest header verification could incorrectly succeed due to misuse of Rust's `matches!` macro. Specifically, t...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26275/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26275 - High (7.5)
httpsig-hyper is a hyper extension for http message signatures. An issue was discovered in `httpsig-hyper` prior to version 0.0.23 where Digest header verification could incorrectly succeed due to misuse of Rust's `matches!` macro. Specifically, t...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26275/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T13:49:47.623000
2 posts
🟠 CVE-2026-26278 - High (7.5)
fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 4.1.3 through 5.3.5, the XML parser can be forced to do an unlimited amount of entity expa...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26278/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26278 - High (7.5)
fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 4.1.3 through 5.3.5, the XML parser can be forced to do an unlimited amount of entity expa...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26278/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T13:49:47.623000
2 posts
🟠 CVE-2026-25940 - High (8.1)
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25940/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ HIGH severity: CVE-2026-25940 in jsPDF (<4.2.0) allows arbitrary PDF object injection via Acroform, leading to code execution on user interaction. Patch to 4.2.0+ & sanitize inputs now! https://radar.offseq.com/threat/cve-2026-25940-cwe-116-improper-encoding-or-escapi-3b5e393d #OffSeq #jsPDF #vuln #AppSec
##updated 2026-02-20T12:31:26
3 posts
🔴 New security advisory:
CVE-2025-10970 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://yazoul.net/advisory/cve/cve-2025-10970
🔴 CVE-2025-10970 - Critical (9.8)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kolay Software Inc. Talentics allows Blind SQL Injection.This issue affects Talentics: through 20022026.
NOTE: The vendor was contacted early ab...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-10970/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-10970 - Critical (9.8)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kolay Software Inc. Talentics allows Blind SQL Injection.This issue affects Talentics: through 20022026.
NOTE: The vendor was contacted early ab...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-10970/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T03:31:45
2 posts
🔴 CVE-2025-30416 - Critical (10)
Sensitive data disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, Windows) before build 41800.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-30416/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-30416 - Critical (10)
Sensitive data disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, Windows) before build 41800.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-30416/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T03:31:45
2 posts
🔴 CVE-2025-30412 - Critical (10)
Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, Windows) before build 41800.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-30412/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-30412 - Critical (10)
Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, Windows) before build 41800.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-30412/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T03:31:45
2 posts
🔴 CVE-2025-30410 - Critical (9.8)
Sensitive data disclosure and manipulation due to missing authentication. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 39870, Acronis Cyber Protect 16 (Linux, macOS, Windows) before bu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-30410/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-30410 - Critical (9.8)
Sensitive data disclosure and manipulation due to missing authentication. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 39870, Acronis Cyber Protect 16 (Linux, macOS, Windows) before bu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-30410/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T00:32:59
2 posts
🔴 CVE-2026-0573 - Critical (9)
An URL redirection vulnerability was identified in GitHub Enterprise Server that allowed attacker-controlled redirects to leak sensitive authorization tokens. The repository_pages API insecurely followed HTTP redirects when fetching artifact URLs,...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0573/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-0573 - Critical (9)
An URL redirection vulnerability was identified in GitHub Enterprise Server that allowed attacker-controlled redirects to leak sensitive authorization tokens. The repository_pages API insecurely followed HTTP redirects when fetching artifact URLs,...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0573/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T00:32:59
2 posts
🔴 CVE-2026-23542 - Critical (9.8)
Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Object Injection.This issue affects Grand Restaurant: from n/a through <= 7.0.10.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23542/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-23542 - Critical (9.8)
Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Object Injection.This issue affects Grand Restaurant: from n/a through <= 7.0.10.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23542/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T00:31:59
4 posts
If you missed this, Microsoft posted this advisory yesterday:
Critical: CVE-2026-21535: Microsoft Teams Information Disclosure Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21535 #infosec #Microsoft #Teams
##🟠 CVE-2026-21535 - High (8.2)
Improper access control in Microsoft Teams allows an unauthorized attacker to disclose information over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21535/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##If you missed this, Microsoft posted this advisory yesterday:
Critical: CVE-2026-21535: Microsoft Teams Information Disclosure Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21535 #infosec #Microsoft #Teams
##🟠 CVE-2026-21535 - High (8.2)
Improper access control in Microsoft Teams allows an unauthorized attacker to disclose information over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21535/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T00:31:53
2 posts
🔴 CVE-2026-23549 - Critical (9.8)
Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Object Injection.This issue affects WpEvently: from n/a through <= 5.1.1.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23549/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-23549 - Critical (9.8)
Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Object Injection.This issue affects WpEvently: from n/a through <= 5.1.1.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23549/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T22:16:41.747000
2 posts
🟠 CVE-2026-23544 - High (8.8)
Deserialization of Untrusted Data vulnerability in codetipi Valenti valenti allows Object Injection.This issue affects Valenti: from n/a through <= 5.6.3.5.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23544/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-23544 - High (8.8)
Deserialization of Untrusted Data vulnerability in codetipi Valenti valenti allows Object Injection.This issue affects Valenti: from n/a through <= 5.6.3.5.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23544/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T22:11:44
1 posts
🔴 CVE-2025-13590 - Critical (9.1)
A malicious actor with administrative privileges can upload an arbitrary file to a user-controlled location within the deployment via a system REST API. Successful uploads may lead to remote code execution.
By leveraging the vulnerability, a ma...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-13590/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T22:05:43
2 posts
🟠 CVE-2026-27206 - High (8.1)
Zumba Json Serializer is a library to serialize PHP variables in JSON format. In versions 3.2.2 and below, the library allows deserialization of PHP objects from JSON using a special @type field. The deserializer instantiates any class specified i...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27206/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27206 - High (8.1)
Zumba Json Serializer is a library to serialize PHP variables in JSON format. In versions 3.2.2 and below, the library allows deserialization of PHP objects from JSON using a special @type field. The deserializer instantiates any class specified i...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27206/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T21:57:27
2 posts
🟠 CVE-2026-27013 - High (7.6)
Fabric.js is a Javascript HTML5 canvas library. Prior to version 7.2.0, Fabric.js applies `escapeXml()` to text content during SVG export (`src/shapes/Text/TextSVGExportMixin.ts:186`) but fails to apply it to other user-controlled string values th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27013/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27013 - High (7.6)
Fabric.js is a Javascript HTML5 canvas library. Prior to version 7.2.0, Fabric.js applies `escapeXml()` to text content during SVG export (`src/shapes/Text/TextSVGExportMixin.ts:186`) but fails to apply it to other user-controlled string values th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27013/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T21:57:18
2 posts
🟠 CVE-2026-26318 - High (8.8)
systeminformation is a System and OS information library for node.js. Versions prior to 5.31.0 are vulnerable to command injection via unsanitized `locate` output in `versions()`. Version 5.31.0 fixes the issue.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26318/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26318 - High (8.8)
systeminformation is a System and OS information library for node.js. Versions prior to 5.31.0 are vulnerable to command injection via unsanitized `locate` output in `versions()`. Version 5.31.0 fixes the issue.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26318/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T21:57:03
2 posts
🟠 CVE-2026-26280 - High (8.4)
systeminformation is a System and OS information library for node.js. In versions prior to 5.30.8, a command injection vulnerability in the `wifiNetworks()` function allows an attacker to execute arbitrary OS commands via an unsanitized network in...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26280/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26280 - High (8.4)
systeminformation is a System and OS information library for node.js. In versions prior to 5.30.8, a command injection vulnerability in the `wifiNetworks()` function allows an attacker to execute arbitrary OS commands via an unsanitized network in...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26280/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T21:56:47
2 posts
🟠 CVE-2026-26267 - High (7.5)
soroban-sdk is a Rust SDK for Soroban contracts. Prior to versions 22.0.10, 23.5.2, and 25.1.1, the `#[contractimpl]` macro contains a bug in how it wires up function calls. `#[contractimpl]` generates code that uses `MyContract::value()` style ca...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26267/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26267 - High (7.5)
soroban-sdk is a Rust SDK for Soroban contracts. Prior to versions 22.0.10, 23.5.2, and 25.1.1, the `#[contractimpl]` macro contains a bug in how it wires up function calls. `#[contractimpl]` generates code that uses `MyContract::value()` style ca...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26267/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T21:30:57
4 posts
⚠️ CRITICAL: CVE-2026-27476 in Bixat RustFly 2.0.0 lets remote attackers run arbitrary system commands over UDP port 5005 — no auth needed. Block 5005, monitor for hex payloads, & audit systems now. Patch ASAP! https://radar.offseq.com/threat/cve-2026-27476-improper-neutralization-of-special--c7ddf948 #OffSeq #Vulnerability #Infosec
##🔴 CVE-2026-27476 - Critical (9.8)
RustFly 2.0.0 contains a command injection vulnerability in its remote UI control mechanism that accepts hex-encoded instructions over UDP port 5005 without proper sanitization. Attackers can send crafted hex-encoded payloads containing system com...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27476/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CRITICAL: CVE-2026-27476 in Bixat RustFly 2.0.0 lets remote attackers run arbitrary system commands over UDP port 5005 — no auth needed. Block 5005, monitor for hex payloads, & audit systems now. Patch ASAP! https://radar.offseq.com/threat/cve-2026-27476-improper-neutralization-of-special--c7ddf948 #OffSeq #Vulnerability #Infosec
##🔴 CVE-2026-27476 - Critical (9.8)
RustFly 2.0.0 contains a command injection vulnerability in its remote UI control mechanism that accepts hex-encoded instructions over UDP port 5005 without proper sanitization. Attackers can send crafted hex-encoded payloads containing system com...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27476/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T21:30:47
2 posts
🟠 CVE-2026-27475 - High (8.1)
SPIP before 4.4.9 allows Insecure Deserialization in the public area through the table_valeur filter and the DATA iterator, which accept serialized data. An attacker who can place malicious serialized content (a pre-condition requiring prior acces...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27475/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27475 - High (8.1)
SPIP before 4.4.9 allows Insecure Deserialization in the public area through the table_valeur filter and the DATA iterator, which accept serialized data. An attacker who can place malicious serialized content (a pre-condition requiring prior acces...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27475/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T21:30:46
2 posts
🟠 CVE-2026-27052 - High (7.5)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in villatheme Sales Countdown Timer for WooCommerce and WordPress sctv-sales-countdown-timer allows PHP Local File Inclusion.This...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27052/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27052 - High (7.5)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in villatheme Sales Countdown Timer for WooCommerce and WordPress sctv-sales-countdown-timer allows PHP Local File Inclusion.This...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27052/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T21:30:45
2 posts
🟠 CVE-2026-25378 - High (7.6)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Blind SQL Injection.This issue affects Nelio AB Testing: from n/a through <= 8.2.4.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25378/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25378 - High (7.6)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Blind SQL Injection.This issue affects Nelio AB Testing: from n/a through <= 8.2.4.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25378/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T21:30:31
4 posts
🟠 CVE-2026-26016 - High (8.1)
Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Prior to version 1.12.1, a missing authorization check in multiple controllers allows any user with access to a node secret token to fetch informa...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26016/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CRITICAL: Pterodactyl Panel <1.12.1 has an auth bypass (CVE-2026-26016). Wings node token = full access to all servers, data loss risk. Upgrade to 1.12.1 ASAP & secure tokens! https://radar.offseq.com/threat/cve-2026-26016-cwe-639-authorization-bypass-throug-e8901bb1 #OffSeq #Pterodactyl #CVE202626016 #Vulnerability
##🟠 CVE-2026-26016 - High (8.1)
Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Prior to version 1.12.1, a missing authorization check in multiple controllers allows any user with access to a node secret token to fetch informa...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26016/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CRITICAL: Pterodactyl Panel <1.12.1 has an auth bypass (CVE-2026-26016). Wings node token = full access to all servers, data loss risk. Upgrade to 1.12.1 ASAP & secure tokens! https://radar.offseq.com/threat/cve-2026-26016-cwe-639-authorization-bypass-throug-e8901bb1 #OffSeq #Pterodactyl #CVE202626016 #Vulnerability
##updated 2026-02-19T21:30:21
2 posts
🔴 CVE-2026-24834 - Critical (9.3)
Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In versions prior to 3.27.0, an issue in Kata with Cloud Hypervisor allows a user of the container ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24834/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-24834 - Critical (9.3)
Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In versions prior to 3.27.0, an issue in Kata with Cloud Hypervisor allows a user of the container ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24834/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T21:23:55
1 posts
🟠 CVE-2026-25474 - High (7.5)
OpenClaw is a personal AI assistant. In versions 2026.1.30 and below, if channels.telegram.webhookSecret is not set when in Telegram webhook mode, OpenClaw may accept webhook HTTP requests without verifying Telegram’s secret token header. In dep...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25474/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T21:23:41
2 posts
1 repos
🔴 CVE-2026-25242 - Critical (9.8)
Gogs is an open source self-hosted Git service. Versions 0.13.4 and below expose unauthenticated file upload endpoints by default. When the global RequireSigninView setting is disabled (default), any remote user can upload arbitrary files to the s...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25242/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-25242 - Critical (9.8)
Gogs is an open source self-hosted Git service. Versions 0.13.4 and below expose unauthenticated file upload endpoints by default. When the global RequireSigninView setting is disabled (default), any remote user can upload arbitrary files to the s...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25242/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T21:14:58
2 posts
🟠 CVE-2026-25232 - High (8.8)
Gogs is an open source self-hosted Git service. Versions 0.13.4 and below have an access control bypass vulnerability which allows any repository collaborator with Write permissions to delete protected branches (including the default branch) by se...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25232/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25232 - High (8.8)
Gogs is an open source self-hosted Git service. Versions 0.13.4 and below have an access control bypass vulnerability which allows any repository collaborator with Write permissions to delete protected branches (including the default branch) by se...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25232/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T20:32:29
2 posts
⚠️ CVE-2026-27192: Feathersjs (<5.0.40) suffers a HIGH-severity origin validation error (CWE-346). Prefix-based checks let attackers steal OAuth tokens, risking account takeover. Upgrade to 5.0.40+! https://radar.offseq.com/threat/cve-2026-27192-cwe-346-origin-validation-error-in--17700ad4 #OffSeq #Feathersjs #OAuth #CVE202627192
##⚠️ CVE-2026-27192: Feathersjs (<5.0.40) suffers a HIGH-severity origin validation error (CWE-346). Prefix-based checks let attackers steal OAuth tokens, risking account takeover. Upgrade to 5.0.40+! https://radar.offseq.com/threat/cve-2026-27192-cwe-346-origin-validation-error-in--17700ad4 #OffSeq #Feathersjs #OAuth #CVE202627192
##updated 2026-02-19T20:30:39
2 posts
🟠 CVE-2026-27196 - High (8.1)
Statmatic is a Laravel and Git powered content management system (CMS). Versions 5.73.8 and below in addition to 6.0.0-alpha.1 through 6.3.1 have a Stored XSS vulnerability in html fieldtypes which allows authenticated users with field management ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27196/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27196 - High (8.1)
Statmatic is a Laravel and Git powered content management system (CMS). Versions 5.73.8 and below in addition to 6.0.0-alpha.1 through 6.3.1 have a Stored XSS vulnerability in html fieldtypes which allows authenticated users with field management ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27196/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T20:28:39
2 posts
🚨 CRITICAL: CVE-2026-27212 in nolimits4web swiper (6.5.1 – 12.1.1) enables prototype pollution, risking auth bypass, DoS, & RCE. Affects Node & Bun, Windows & Linux. Upgrade to 12.1.2 now! https://radar.offseq.com/threat/cve-2026-27212-cwe-1321-improperly-controlled-modi-35374c82 #OffSeq #CVE202627212 #AppSec #JavaScript
##🚨 CRITICAL: CVE-2026-27212 in nolimits4web swiper (6.5.1 – 12.1.1) enables prototype pollution, risking auth bypass, DoS, & RCE. Affects Node & Bun, Windows & Linux. Upgrade to 12.1.2 now! https://radar.offseq.com/threat/cve-2026-27212-cwe-1321-improperly-controlled-modi-35374c82 #OffSeq #CVE202627212 #AppSec #JavaScript
##updated 2026-02-19T19:34:15
7 posts
🚨 New security advisory:
CVE-2026-26030 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://yazoul.net/advisory/cve/cve-2026-26030
Unbelievable.... https://digg.com/cybersecurity/yCL5Ang/critical-alert-cve-2026-26030-microsoft
##⚠️ CRITICAL RCE: CVE-2026-26030 in Microsoft Semantic Kernel (<1.39.4) lets remote attackers execute code via InMemoryVectorStore filter. Upgrade to 1.39.4+ ASAP or avoid this component in prod. Details: https://radar.offseq.com/threat/cve-2026-26030-cwe-94-improper-control-of-generati-8c490551
#OffSeq #CVE #infosec #Python #AIsecurity
🔴 CVE-2026-26030 - Critical (9.9)
Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execution vulnerability in versions prior to 1.39.4, specifically within the `InMemoryVectorStore` filter functionality. The problem has been fixed in version `python-1.39....
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26030/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Unbelievable.... https://digg.com/cybersecurity/yCL5Ang/critical-alert-cve-2026-26030-microsoft
##⚠️ CRITICAL RCE: CVE-2026-26030 in Microsoft Semantic Kernel (<1.39.4) lets remote attackers execute code via InMemoryVectorStore filter. Upgrade to 1.39.4+ ASAP or avoid this component in prod. Details: https://radar.offseq.com/threat/cve-2026-26030-cwe-94-improper-control-of-generati-8c490551
#OffSeq #CVE #infosec #Python #AIsecurity
🔴 CVE-2026-26030 - Critical (9.9)
Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execution vulnerability in versions prior to 1.39.4, specifically within the `InMemoryVectorStore` filter functionality. The problem has been fixed in version `python-1.39....
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26030/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T19:22:28.717000
2 posts
🟠 CVE-2026-25418 - High (7.6)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bitpressadmin Bit Form bit-form allows SQL Injection.This issue affects Bit Form: from n/a through <= 2.21.10.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25418/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25418 - High (7.6)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bitpressadmin Bit Form bit-form allows SQL Injection.This issue affects Bit Form: from n/a through <= 2.21.10.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25418/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T18:32:57
2 posts
🟠 CVE-2026-2648 - High (8.8)
Heap buffer overflow in PDFium in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to perform an out of bounds memory write via a crafted PDF file. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2648/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2648 - High (8.8)
Heap buffer overflow in PDFium in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to perform an out of bounds memory write via a crafted PDF file. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2648/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T18:32:10
2 posts
🚨 CRITICAL: CVE-2026-2409 in Delinea Cloud Suite (<25.2 HF1) enables remote SQL Injection by low-priv users — risking sensitive data. Patch urgently, validate inputs, and monitor DB activity! https://radar.offseq.com/threat/cve-2026-2409-cwe-89-improper-neutralization-of-sp-62e3fd17 #OffSeq #SQLInjection #Delinea #Vuln
##🚨 CRITICAL: CVE-2026-2409 in Delinea Cloud Suite (<25.2 HF1) enables remote SQL Injection by low-priv users — risking sensitive data. Patch urgently, validate inputs, and monitor DB activity! https://radar.offseq.com/threat/cve-2026-2409-cwe-89-improper-neutralization-of-sp-62e3fd17 #OffSeq #SQLInjection #Delinea #Vuln
##updated 2026-02-19T18:32:09
2 posts
🟠 CVE-2026-1581 - High (7.5)
The wpForo Forum plugin for WordPress is vulnerable to time-based SQL Injection via the 'wpfob' parameter in all versions up to, and including, 2.4.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation o...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1581/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-1581 - High (7.5)
The wpForo Forum plugin for WordPress is vulnerable to time-based SQL Injection via the 'wpfob' parameter in all versions up to, and including, 2.4.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation o...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1581/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T18:32:09
2 posts
🟠 CVE-2026-2232 - High (7.5)
The Product Table and List Builder for WooCommerce Lite plugin for WordPress is vulnerable to time-based SQL Injection via the 'search' parameter in all versions up to, and including, 4.6.2 due to insufficient escaping on the user supplied paramet...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2232/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2232 - High (7.5)
The Product Table and List Builder for WooCommerce Lite plugin for WordPress is vulnerable to time-based SQL Injection via the 'search' parameter in all versions up to, and including, 4.6.2 due to insufficient escaping on the user supplied paramet...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2232/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T18:32:08
2 posts
🟠 CVE-2025-71250 - High (8.1)
SPIP before 4.4.9 allows Insecure Deserialization in the public area through the table_valeur filter and the DATA iterator, which accept serialized data. An attacker who can place malicious serialized content (a pre-condition requiring prior acces...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71250/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-71250 - High (8.1)
SPIP before 4.4.9 allows Insecure Deserialization in the public area through the table_valeur filter and the DATA iterator, which accept serialized data. An attacker who can place malicious serialized content (a pre-condition requiring prior acces...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71250/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T18:32:08
1 posts
1 repos
🔴 CVE-2025-71243 - Critical (9.8)
The 'Saisies pour formulaire' (Saisies) plugin for SPIP versions 5.4.0 through 5.11.0 contains a critical Remote Code Execution (RCE) vulnerability. An attacker can exploit this vulnerability to execute arbitrary code on the server. Users should i...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71243/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T18:32:07
2 posts
🚨 New security advisory:
CVE-2025-12107 affects Wso2 Identity Server.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://yazoul.net/advisory/cve/cve-2025-12107
🔴 CVE-2025-12107 - Critical (10)
Due to the use of a vulnerable third-party Velocity template engine, a malicious actor with admin privilege may inject and execute arbitrary template syntax within server-side templates.
Successful exploitation of this vulnerability could allow...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-12107/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T18:32:07
3 posts
🟠 CVE-2026-26358 - High (8.8)
Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26358/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26358 - High (8.8)
Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26358/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26358 - High (8.8)
Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26358/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T18:32:06
1 posts
🟠 CVE-2026-26359 - High (8.8)
Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the ability to overwrite arbitra...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26359/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T18:32:05
2 posts
🟠 CVE-2026-26360 - High (8.1)
Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability to delete arbitrary files.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26360/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26360 - High (8.1)
Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability to delete arbitrary files.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26360/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T18:32:03
2 posts
🔴 New security advisory:
CVE-2026-1994 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://yazoul.net/advisory/cve/cve-2026-1994
🔴 CVE-2026-1994 - Critical (9.8)
The s2Member plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 260127. This is due to the plugin not properly validating a user's identity prior to updating their password. This m...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1994/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T18:32:02
2 posts
🟠 CVE-2025-4521 - High (8.8)
The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the idonate_donor_profile() function in versions 2.1.5 to 2.1.9. This makes it poss...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-4521/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-4521 - High (8.8)
The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the idonate_donor_profile() function in versions 2.1.5 to 2.1.9. This makes it poss...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-4521/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T18:32:02
2 posts
🟠 CVE-2025-4960 - High (7.8)
The com.epson.InstallNavi.helper tool, deployed with the EPSON printer driver installer, contains a local privilege escalation vulnerability due to multiple flaws in its implementation. It fails to properly authenticate clients over the XPC protoc...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-4960/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-4960 - High (7.8)
The com.epson.InstallNavi.helper tool, deployed with the EPSON printer driver installer, contains a local privilege escalation vulnerability due to multiple flaws in its implementation. It fails to properly authenticate clients over the XPC protoc...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-4960/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T18:32:02
2 posts
🔴 CVE-2026-0926 - Critical (9.8)
The Prodigy Commerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.2.9 via the 'parameters[template_name]' parameter. This makes it possible for unauthenticated attackers to include and read arb...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0926/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-0926 - Critical (9.8)
The Prodigy Commerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.2.9 via the 'parameters[template_name]' parameter. This makes it possible for unauthenticated attackers to include and read arb...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0926/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T18:32:02
1 posts
1 repos
🔴 CVE-2026-1405 - Critical (9.8)
The Slider Future plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'slider_future_handle_image_upload' function in all versions up to, and including, 1.0.5. This makes it possible for unauthen...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1405/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T18:32:01
2 posts
🔴 CVE-2025-13851 - Critical (9.8)
The Buyent Classified plugin for WordPress (bundled with Buyent theme) is vulnerable to privilege escalation via user registration in all versions up to, and including, 1.0.7. This is due to the plugin not validating or restricting the user role d...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-13851/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-13851 - Critical (9.8)
The Buyent Classified plugin for WordPress (bundled with Buyent theme) is vulnerable to privilege escalation via user registration in all versions up to, and including, 1.0.7. This is due to the plugin not validating or restricting the user role d...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-13851/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T18:32:01
1 posts
🟠 CVE-2026-0912 - High (8.8)
The Toret Manager plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'trman_save_option' function and on the 'trman_save_option_items' in all versi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0912/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T18:31:53
2 posts
🟠 CVE-2025-12821 - High (8.8)
The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 0.2.5.6 to 0.2.6.1. This is due to missing or incorrect nonce validation on the newsblogger_install_and_activate_plugin() function. This makes it possible...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-12821/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-12821 - High (8.8)
The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 0.2.5.6 to 0.2.6.1. This is due to missing or incorrect nonce validation on the newsblogger_install_and_activate_plugin() function. This makes it possible...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-12821/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T18:31:53
2 posts
🟠 CVE-2025-12707 - High (7.5)
The Library Management System plugin for WordPress is vulnerable to SQL Injection via the 'bid' parameter in all versions up to, and including, 3.2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-12707/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-12707 - High (7.5)
The Library Management System plugin for WordPress is vulnerable to SQL Injection via the 'bid' parameter in all versions up to, and including, 3.2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-12707/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T18:31:53
2 posts
🔴 CVE-2025-12882 - Critical (9.8)
The Clasifico Listing plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0. This is due to the plugin allowing users who are registering new accounts to set their own role by supplying the 'listing_user_...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-12882/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-12882 - Critical (9.8)
The Clasifico Listing plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0. This is due to the plugin allowing users who are registering new accounts to set their own role by supplying the 'listing_user_...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-12882/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T18:31:52
2 posts
🟠 CVE-2025-11754 - High (7.5)
The GDPR Cookie Consent plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'gdpr/v1/settings' REST API endpoint in all versions up to, and including, 4.1.2. This makes it possible for unauthe...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-11754/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-11754 - High (7.5)
The GDPR Cookie Consent plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'gdpr/v1/settings' REST API endpoint in all versions up to, and including, 4.1.2. This makes it possible for unauthe...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-11754/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T18:31:50
2 posts
🔴 CVE-2025-13563 - Critical (9.8)
The Lizza LMS Pro plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the 'lizza_lms_pro_register_user_front_end' function not restricting what user roles a user can register with....
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-13563/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-13563 - Critical (9.8)
The Lizza LMS Pro plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the 'lizza_lms_pro_register_user_front_end' function not restricting what user roles a user can register with....
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-13563/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T15:53:02.850000
1 posts
🚨 New security advisory:
CVE-2019-25364 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://yazoul.net/advisory/cve/cve-2019-25364
updated 2026-02-19T15:53:02.850000
2 posts
🟠 CVE-2025-12845 - High (8.8)
The Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent plugin for WordPress is vulnerable to unauthorized access of data that leads to privilege escalation due to a missing capability check on the get_table_data() fu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-12845/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-12845 - High (8.8)
The Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent plugin for WordPress is vulnerable to unauthorized access of data that leads to privilege escalation due to a missing capability check on the get_table_data() fu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-12845/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T15:53:02.850000
2 posts
🟠 CVE-2025-13603 - High (8.8)
The WP AUDIO GALLERY plugin for WordPress is vulnerable to Unauthorized Arbitrary File Read in all versions up to, and including, 2.0. This is due to insufficient capability checks and lack of nonce verification on the "wpag_htaccess_callback" fun...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-13603/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-13603 - High (8.8)
The WP AUDIO GALLERY plugin for WordPress is vulnerable to Unauthorized Arbitrary File Read in all versions up to, and including, 2.0. This is due to insufficient capability checks and lack of nonce verification on the "wpag_htaccess_callback" fun...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-13603/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T15:53:02.850000
2 posts
🟠 CVE-2026-0974 - High (8.8)
The Orderable – WordPress Restaurant Online Ordering System and Food Ordering Plugin plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the 'install_plugin' function in all versions up to,...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0974/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-0974 - High (8.8)
The Orderable – WordPress Restaurant Online Ordering System and Food Ordering Plugin plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the 'install_plugin' function in all versions up to,...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0974/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T15:16:47
2 posts
🚨 CRITICAL vuln: CVE-2026-27112 in akuity kargo (v1.7.0 – 1.9.2) enables resource injection & privilege escalation via batch API endpoints. Patch to 1.7.8/1.8.11/1.9.3+ ASAP. Monitor logs & restrict API access. https://radar.offseq.com/threat/cve-2026-27112-cwe-863-incorrect-authorization-in--0476694e #OffSeq #Kubernetes #InfoSec
##🚨 CRITICAL vuln: CVE-2026-27112 in akuity kargo (v1.7.0 – 1.9.2) enables resource injection & privilege escalation via batch API endpoints. Patch to 1.7.8/1.8.11/1.9.3+ ASAP. Monitor logs & restrict API access. https://radar.offseq.com/threat/cve-2026-27112-cwe-863-incorrect-authorization-in--0476694e #OffSeq #Kubernetes #InfoSec
##updated 2026-02-18T22:31:38
2 posts
🟠 CVE-2026-26990 - High (8.8)
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below have a Time-Based Blind SQL Injection vulnerability in address-search.inc.php via the address parameter. When a crafted subnet prefix is suppl...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26990/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26990 - High (8.8)
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below have a Time-Based Blind SQL Injection vulnerability in address-search.inc.php via the address parameter. When a crafted subnet prefix is suppl...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26990/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-18T22:30:20
2 posts
1 repos
🔴 CVE-2026-26988 - Critical (9.1)
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below contain an SQL Injection vulnerability in the ajax_table.php endpoint. The application fails to properly sanitize or parameterize user input w...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26988/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-26988 - Critical (9.1)
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below contain an SQL Injection vulnerability in the ajax_table.php endpoint. The application fails to properly sanitize or parameterize user input w...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26988/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-18T20:01:15.983000
3 posts
🚨 [CISA-2026:0218] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0218)
CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2021-22175 (https://secdb.nttzen.cloud/cve/detail/CVE-2021-22175)
- Name: GitLab Server-Side Request Forgery (SSRF) Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: GitLab
- Product: GitLab
- Notes: https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22175.json ; https://nvd.nist.gov/vuln/detail/CVE-2021-22175
⚠️ CVE-2026-22769 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-22769)
- Name: Dell RecoverPoint for Virtual Machines (RP4VMs) Use of Hard-coded Credentials Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Dell
- Product: RecoverPoint for Virtual Machines (RP4VMs)
- Notes: https://www.dell.com/support/kbdoc/en-us/000426773/dsa-2026-079 ; https://www.dell.com/support/kbdoc/en-us/000426742/recoverpoint-for-vms-apply-the-remediation-script-for-dsa ; https://cloud.google.com/blog/topics/threat-intelligence/unc6201-exploiting-dell-recoverpoint-zero-day ; https://nvd.nist.gov/vuln/detail/CVE-2026-22769
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260218 #cisa20260218 #cve_2021_22175 #cve_2026_22769 #cve202122175 #cve202622769
##The issue, officially named CVE-2026-22769, involves hardcoded credentials. This means the software came with a built-in username and password that could not be easily changed.
5/10
🚨 [CISA-2026:0218] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0218)
CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2021-22175 (https://secdb.nttzen.cloud/cve/detail/CVE-2021-22175)
- Name: GitLab Server-Side Request Forgery (SSRF) Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: GitLab
- Product: GitLab
- Notes: https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22175.json ; https://nvd.nist.gov/vuln/detail/CVE-2021-22175
⚠️ CVE-2026-22769 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-22769)
- Name: Dell RecoverPoint for Virtual Machines (RP4VMs) Use of Hard-coded Credentials Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Dell
- Product: RecoverPoint for Virtual Machines (RP4VMs)
- Notes: https://www.dell.com/support/kbdoc/en-us/000426773/dsa-2026-079 ; https://www.dell.com/support/kbdoc/en-us/000426742/recoverpoint-for-vms-apply-the-remediation-script-for-dsa ; https://cloud.google.com/blog/topics/threat-intelligence/unc6201-exploiting-dell-recoverpoint-zero-day ; https://nvd.nist.gov/vuln/detail/CVE-2026-22769
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260218 #cisa20260218 #cve_2021_22175 #cve_2026_22769 #cve202122175 #cve202622769
##updated 2026-02-18T18:31:27
6 posts
[CVE-2026-0714] TPM-sniffing LUKS Keys on an Embedded Device
https://www.cyloq.se/en/research/cve-2026-0714-tpm-sniffing-luks-keys-on-an-embedded-device
[CVE-2026-0714] TPM-sniffing LUKS Keys on an Embedded Device
#CVE_2026_0714
https://www.cyloq.se/en/research/cve-2026-0714-tpm-sniffing-luks-keys-on-an-embedded-device
[CVE-2026-0714] TPM-sniffing LUKS Keys on an Embedded Device
https://www.cyloq.se/en/research/cve-2026-0714-tpm-sniffing-luks-keys-on-an-embedded-device
##[CVE-2026-0714] TPM-sniffing LUKS Keys on an Embedded Device
https://www.cyloq.se/en/research/cve-2026-0714-tpm-sniffing-luks-keys-on-an-embedded-device
[CVE-2026-0714] TPM-sniffing LUKS Keys on an Embedded Device
#CVE_2026_0714
https://www.cyloq.se/en/research/cve-2026-0714-tpm-sniffing-luks-keys-on-an-embedded-device
[CVE-2026-0714] TPM-sniffing LUKS Keys on an Embedded Device
https://www.cyloq.se/en/research/cve-2026-0714-tpm-sniffing-luks-keys-on-an-embedded-device
##updated 2026-02-18T18:31:26
2 posts
🚨 [CISA-2026:0218] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0218)
CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2021-22175 (https://secdb.nttzen.cloud/cve/detail/CVE-2021-22175)
- Name: GitLab Server-Side Request Forgery (SSRF) Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: GitLab
- Product: GitLab
- Notes: https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22175.json ; https://nvd.nist.gov/vuln/detail/CVE-2021-22175
⚠️ CVE-2026-22769 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-22769)
- Name: Dell RecoverPoint for Virtual Machines (RP4VMs) Use of Hard-coded Credentials Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Dell
- Product: RecoverPoint for Virtual Machines (RP4VMs)
- Notes: https://www.dell.com/support/kbdoc/en-us/000426773/dsa-2026-079 ; https://www.dell.com/support/kbdoc/en-us/000426742/recoverpoint-for-vms-apply-the-remediation-script-for-dsa ; https://cloud.google.com/blog/topics/threat-intelligence/unc6201-exploiting-dell-recoverpoint-zero-day ; https://nvd.nist.gov/vuln/detail/CVE-2026-22769
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260218 #cisa20260218 #cve_2021_22175 #cve_2026_22769 #cve202122175 #cve202622769
##🚨 [CISA-2026:0218] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0218)
CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2021-22175 (https://secdb.nttzen.cloud/cve/detail/CVE-2021-22175)
- Name: GitLab Server-Side Request Forgery (SSRF) Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: GitLab
- Product: GitLab
- Notes: https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22175.json ; https://nvd.nist.gov/vuln/detail/CVE-2021-22175
⚠️ CVE-2026-22769 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-22769)
- Name: Dell RecoverPoint for Virtual Machines (RP4VMs) Use of Hard-coded Credentials Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Dell
- Product: RecoverPoint for Virtual Machines (RP4VMs)
- Notes: https://www.dell.com/support/kbdoc/en-us/000426773/dsa-2026-079 ; https://www.dell.com/support/kbdoc/en-us/000426742/recoverpoint-for-vms-apply-the-remediation-script-for-dsa ; https://cloud.google.com/blog/topics/threat-intelligence/unc6201-exploiting-dell-recoverpoint-zero-day ; https://nvd.nist.gov/vuln/detail/CVE-2026-22769
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260218 #cisa20260218 #cve_2021_22175 #cve_2026_22769 #cve202122175 #cve202622769
##updated 2026-02-18T00:30:22
4 posts
Why TF does the NVD not include the CVE title, vendor, or other useful information. If you look at the following you have no what's impacted and have to hunt details in the links.
https://nvd.nist.gov/vuln/detail/CVE-2026-1670
The backing CVE data contains all of this:
##CRITICAL INTEL: Honeywell CVSS 9.8 (CVE-2026-1670) is here. 🚨 Unauthenticated API exploitation means total compromise. I’m breaking down the Sovereign Sentry strategy using Raspberry Pi & Suricata to harden your network. https://thecybermind.co/2026/02/20/cve-2026-1670-honeywell-exploit/
#exploit
Why TF does the NVD not include the CVE title, vendor, or other useful information. If you look at the following you have no what's impacted and have to hunt details in the links.
https://nvd.nist.gov/vuln/detail/CVE-2026-1670
The backing CVE data contains all of this:
##CRITICAL INTEL: Honeywell CVSS 9.8 (CVE-2026-1670) is here. 🚨 Unauthenticated API exploitation means total compromise. I’m breaking down the Sovereign Sentry strategy using Raspberry Pi & Suricata to harden your network. https://thecybermind.co/2026/02/20/cve-2026-1670-honeywell-exploit/
#exploit
updated 2026-02-18T00:30:22
2 posts
CVE-2026-26119 : cette faille dans Windows Admin Center peut mener à la compromission du domaine https://www.it-connect.fr/cve-2026-26119-cette-faille-dans-windows-admin-center-peut-mener-a-la-compromission-du-domaine/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Microsoft
##CVE-2026-26119 : cette faille dans Windows Admin Center peut mener à la compromission du domaine https://www.it-connect.fr/cve-2026-26119-cette-faille-dans-windows-admin-center-peut-mener-a-la-compromission-du-domaine/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Microsoft
##updated 2026-02-17T15:32:42
2 posts
"OX Security discovered a vulnerability (CVE-2025-65716) in Markdown Preview Enhanced that enables a crafted Markdown file to execute JavaScript in the Markdown preview, allowing local port enumeration and exfiltration to an attacker-controlled server."
https://www.ox.security/blog/cve-2025-65716-markdown-preview-enhanced-vscode-vulnerability/
##"OX Security discovered a vulnerability (CVE-2025-65716) in Markdown Preview Enhanced that enables a crafted Markdown file to execute JavaScript in the Markdown preview, allowing local port enumeration and exfiltration to an attacker-controlled server."
https://www.ox.security/blog/cve-2025-65716-markdown-preview-enhanced-vscode-vulnerability/
##updated 2026-02-17T15:32:41
3 posts
📢 Firefox 147.0.4 corrige la faille à haut risque CVE-2026-2447 dans libvpx (RCE)
📝 Selon The Cyber Express, Firefox v147.0.4 corrige la vulnérabilité CVE-2026-2447, décrite comme un débordement de tampon du tas dans la bibliothèque libvp...
📖 cyberveille : https://cyberveille.ch/posts/2026-02-19-firefox-147-0-4-corrige-la-faille-a-haut-risque-cve-2026-2447-dans-libvpx-rce/
🌐 source : https://thecyberexpress.com/firefox-v147-cve-2026-2447/
#CVE_2026_2447 #Firefox #Cyberveille
updated 2026-02-17T15:31:33
16 posts
4 repos
https://github.com/jakubie07/CVE-2026-1731
https://github.com/win3zz/CVE-2026-1731
Critical CVE-2026-1731 in BeyondTrust RS/PRA is under active exploitation.
Web shells. RATs. PostgreSQL dumps.
Now listed in CISA KEV & tied to ransomware.
Remote support appliances are high-value targets.
Are we giving PAM systems enough monitoring visibility?
Source: https://thehackernews.com/2026/02/beyondtrust-flaw-used-for-web-shells.html
Follow @technadu for independent cybersecurity reporting.
Like and join the discussion below.
#CyberSecurity #Infosec #ZeroDay #Ransomware #PAM #ThreatIntel #SecurityCommunity #CVE20261731
##CISA Sounds the Alarm: Actively Exploited BeyondTrust Flaw Opens the Door to Pre-Auth RCE Attacks
Introduction: A Quiet Vulnerability With Loud Consequences U.S. cybersecurity authorities have issued a high-priority warning after discovering active exploitation of a critical vulnerability affecting BeyondTrust Remote Support. The flaw, tracked as CVE-2026-1731, allows attackers to execute arbitrary operating system commands before authentication, turning trusted remote…
##"CISA: BeyondTrust RCE flaw now exploited in ransomware attacks"
"[...] Cybersecurity and Infrastructure Security Agency (CISA) warns. Hackers are actively exploiting the CVE-2026-1731 vulnerability in the BeyondTrust Remote Support product, the U.S."
##CISA: BeyondTrust RCE flaw now exploited in ransomware attacks
Hackers are actively exploiting the CVE-2026-1731 vulnerability in the BeyondTrust Remote Support product, the U.S. Cybersecurity and...
🔗️ [Bleepingcomputer] https://link.is.it/nNcFd0
##Ransomware gangs found a new shortcut into company networks with CVE-2026-1731—no passwords needed, attacks automated, and defenders caught off guard. How did this flaw become their go-to weapon almost overnight?
https://thedefendopsdiaries.com/how-cve-2026-1731-became-ransomwares-new-favorite-toy/
##Critical Vulnerability in BeyondTrust Products: A Threat Actor’s Playground
A serious cybersecurity vulnerability has been discovered in BeyondTrust’s Remote Support (RS) and Privileged Remote Access (PRA) products, impacting numerous sectors worldwide. This flaw, identified as CVE-2026-1731, has already been exploited by cybercriminals for a range of malicious activities, putting sensitive data and networks at severe risk. the Vulnerability The vulnerability, with a…
https://undercodenews.com/critical-vulnerability-in-beyondtrust-products-a-threat-actors-playground/
##VShell and SparkRAT Observed in Exploitation of BeyondTrust Critical Vulnerability (CVE-2026-1731)
https://unit42.paloaltonetworks.com/beyondtrust-cve-2026-1731/
##VShell and SparkRAT Observed in Exploitation of BeyondTrust Critical Vulnerability (CVE-2026-1731)
#CVE_2026_1731 #Vshell #SparkRAT
https://unit42.paloaltonetworks.com/beyondtrust-cve-2026-1731/
CVE-2026-1731 - Changed to Known Ransomware Status
BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection VulnerabilityVendor: BeyondTrustProduct: Remote Support (RS) and Privileged Remote Access (PRA)BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)contain an OS command injection vulnerability. Successful exploitation could allow an unauthenticated remote attacker to execute operating system https://nvd.nist.gov/vuln/detail/CVE-2026-1731
##Critical CVE-2026-1731 in BeyondTrust RS/PRA is under active exploitation.
Web shells. RATs. PostgreSQL dumps.
Now listed in CISA KEV & tied to ransomware.
Remote support appliances are high-value targets.
Are we giving PAM systems enough monitoring visibility?
Source: https://thehackernews.com/2026/02/beyondtrust-flaw-used-for-web-shells.html
Follow @technadu for independent cybersecurity reporting.
Like and join the discussion below.
#CyberSecurity #Infosec #ZeroDay #Ransomware #PAM #ThreatIntel #SecurityCommunity #CVE20261731
##"CISA: BeyondTrust RCE flaw now exploited in ransomware attacks"
"[...] Cybersecurity and Infrastructure Security Agency (CISA) warns. Hackers are actively exploiting the CVE-2026-1731 vulnerability in the BeyondTrust Remote Support product, the U.S."
##CISA: BeyondTrust RCE flaw now exploited in ransomware attacks
Hackers are actively exploiting the CVE-2026-1731 vulnerability in the BeyondTrust Remote Support product, the U.S. Cybersecurity and...
🔗️ [Bleepingcomputer] https://link.is.it/nNcFd0
##Ransomware gangs found a new shortcut into company networks with CVE-2026-1731—no passwords needed, attacks automated, and defenders caught off guard. How did this flaw become their go-to weapon almost overnight?
https://thedefendopsdiaries.com/how-cve-2026-1731-became-ransomwares-new-favorite-toy/
##VShell and SparkRAT Observed in Exploitation of BeyondTrust Critical Vulnerability (CVE-2026-1731)
https://unit42.paloaltonetworks.com/beyondtrust-cve-2026-1731/
##VShell and SparkRAT Observed in Exploitation of BeyondTrust Critical Vulnerability (CVE-2026-1731)
#CVE_2026_1731 #Vshell #SparkRAT
https://unit42.paloaltonetworks.com/beyondtrust-cve-2026-1731/
CVE-2026-1731 - Changed to Known Ransomware Status
BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection VulnerabilityVendor: BeyondTrustProduct: Remote Support (RS) and Privileged Remote Access (PRA)BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)contain an OS command injection vulnerability. Successful exploitation could allow an unauthenticated remote attacker to execute operating system https://nvd.nist.gov/vuln/detail/CVE-2026-1731
##updated 2026-02-12T20:16:05.143000
3 posts
10 repos
https://github.com/uky007/CVE-2026-20841_notepad_analysis
https://github.com/patchpoint/CVE-2026-20841
https://github.com/atiilla/CVE-2026-20841
https://github.com/SecureWithUmer/CVE-2026-20841
https://github.com/RajaUzairAbdullah/CVE-2026-20841
https://github.com/hackfaiz/CVE-2026-20841-PoC
https://github.com/dogukankurnaz/CVE-2026-20841-PoC
https://github.com/tangent65536/CVE-2026-20841
CVE-2026-20841: Arbitrary Code Execution in the Windows Notepad https://www.thezdi.com/blog/2026/2/19/cve-2026-20841-arbitrary-code-execution-in-the-windows-notepad
##CVE-2026-20841: Arbitrary Code Execution in the Windows Notepad - The TrendAI Research team takes a deep dive into this recently patched file parsing bug to show you root cause, source code walk through, and provide detection guidance. Read the details at https://www.zerodayinitiative.com/blog/2026/2/19/cve-2026-20841-arbitrary-code-execution-in-the-windows-notepad
##CVE-2026-20841: Arbitrary Code Execution in the Windows Notepad - The TrendAI Research team takes a deep dive into this recently patched file parsing bug to show you root cause, source code walk through, and provide detection guidance. Read the details at https://www.zerodayinitiative.com/blog/2026/2/19/cve-2026-20841-arbitrary-code-execution-in-the-windows-notepad
##updated 2026-02-11T15:40:33.473000
2 posts
9 repos
https://github.com/SimoesCTT/CTT-MICROSOFT-OFFICE-OLE-MANIFOLD-BYPASS-CVE-2026-21509
https://github.com/gavz/CVE-2026-21509-PoC
https://github.com/planetoid/cve-2026-21509-mitigation
https://github.com/kimstars/Ashwesker-CVE-2026-21509
https://github.com/kaizensecurity/CVE-2026-21509
https://github.com/ksk-itdk/KSK-ITDK-CVE-2026-21509-Mitigation
https://github.com/decalage2/detect_CVE-2026-21509
https://github.com/SimoesCTT/SCTT-2026-33-0007-The-OLE-Vortex-Laminar-Bypass-
The video discusses a recently patched Microsoft Office zero-day vulnerability (CVE-2026-21509) being actively exploited by Russian hackers. It emphasizes the rapid weaponization of vulnerabilities after patches and the importance of threat intelligence for managing exposed attack surfaces.
https://www.youtube.com/watch?v=Ck8IPInn74A
The video discusses a recently patched Microsoft Office zero-day vulnerability (CVE-2026-21509) being actively exploited by Russian hackers. It emphasizes the rapid weaponization of vulnerabilities after patches and the importance of threat intelligence for managing exposed attack surfaces.
https://www.youtube.com/watch?v=Ck8IPInn74A
updated 2026-02-06T18:30:29
2 posts
1 repos
Rapid weaponization of SmarterMail flaws exposed through underground Telegram channels. Just days after CVE-2026-24423 and CVE-2026-23760 were disclosed, exploit PoCs and stolen admin credentials were shared among these communities, highlighting the urgent need for...
Read more: https://steelefortress.com/dlk923
##Rapid weaponization of SmarterMail flaws exposed through underground Telegram channels. Just days after CVE-2026-24423 and CVE-2026-23760 were disclosed, exploit PoCs and stolen admin credentials were shared among these communities, highlighting the urgent need for...
Read more: https://steelefortress.com/dlk923
##updated 2026-01-30T00:31:29
1 posts
2 repos
https://github.com/YunfeiGE18/CVE-2026-1281-CVE-2026-1340-Ivanti-EPMM-RCE
https://github.com/MehdiLeDeaut/CVE-2026-1281-Ivanti-EPMM-RCE
#Critical #Vulnerabilities in #Ivanti #EPMM Exploited
Never ending Story?
https://unit42.paloaltonetworks.com/ivanti-cve-2026-1281-cve-2026-1340/
##updated 2026-01-30T00:31:28
1 posts
2 repos
https://github.com/YunfeiGE18/CVE-2026-1281-CVE-2026-1340-Ivanti-EPMM-RCE
https://github.com/MehdiLeDeaut/CVE-2026-1281-Ivanti-EPMM-RCE
#Critical #Vulnerabilities in #Ivanti #EPMM Exploited
Never ending Story?
https://unit42.paloaltonetworks.com/ivanti-cve-2026-1281-cve-2026-1340/
##updated 2026-01-27T16:16:55.327000
2 posts
2 repos
https://github.com/MaxMnMl/smartermail-CVE-2026-23760-poc
https://github.com/hilwa24/CVE-2026-23760_SmarterMail-Auth-Bypass-and-RCE
Rapid weaponization of SmarterMail flaws exposed through underground Telegram channels. Just days after CVE-2026-24423 and CVE-2026-23760 were disclosed, exploit PoCs and stolen admin credentials were shared among these communities, highlighting the urgent need for...
Read more: https://steelefortress.com/dlk923
##Rapid weaponization of SmarterMail flaws exposed through underground Telegram channels. Just days after CVE-2026-24423 and CVE-2026-23760 were disclosed, exploit PoCs and stolen admin credentials were shared among these communities, highlighting the urgent need for...
Read more: https://steelefortress.com/dlk923
##updated 2025-11-11T09:30:36
2 posts
"OX Security discovered a vulnerability (CVE-2025-65716) in Markdown Preview Enhanced that enables a crafted Markdown file to execute JavaScript in the Markdown preview, allowing local port enumeration and exfiltration to an attacker-controlled server."
https://www.ox.security/blog/cve-2025-65716-markdown-preview-enhanced-vscode-vulnerability/
##"OX Security discovered a vulnerability (CVE-2025-65716) in Markdown Preview Enhanced that enables a crafted Markdown file to execute JavaScript in the Markdown preview, allowing local port enumeration and exfiltration to an attacker-controlled server."
https://www.ox.security/blog/cve-2025-65716-markdown-preview-enhanced-vscode-vulnerability/
##updated 2025-10-22T00:32:28
2 posts
Here's the good read of the day, more interesting part is the exploitation tricks at the end of the post https://soez.github.io/posts/CVE-2022-22265-Samsung-npu-driver/ by @javierprtd
##Here's the good read of the day, more interesting part is the exploitation tricks at the end of the post https://soez.github.io/posts/CVE-2022-22265-Samsung-npu-driver/ by @javierprtd
##updated 2025-10-22T00:31:58
1 posts
76 repos
https://github.com/striveben/CVE-2020-1472
https://github.com/Whippet0/CVE-2020-1472
https://github.com/dr4g0n23/CVE-2020-1472
https://github.com/rhymeswithmogul/Set-ZerologonMitigation
https://github.com/JayP232/The_big_Zero
https://github.com/CanciuCostin/CVE-2020-1472
https://github.com/carlos55ml/zerologon
https://github.com/sho-luv/zerologon
https://github.com/grupooruss/CVE-2020-1472
https://github.com/thatonesecguy/zerologon-CVE-2020-1472
https://github.com/blackh00d/zerologon-poc
https://github.com/k8gege/CVE-2020-1472-EXP
https://github.com/Rvn0xsy/ZeroLogon
https://github.com/victim10wq3/CVE-2020-1472
https://github.com/mingchen-script/CVE-2020-1472-visualizer
https://github.com/nyambiblaise/Domain-Controller-DC-Exploitation-with-Metasploit-Impacket
https://github.com/TheJoyOfHacking/SecuraBV-CVE-2020-1472
https://github.com/hell-moon/ZeroLogon-Exploit
https://github.com/B34MR/zeroscan
https://github.com/TuanCui22/ZerologonWithImpacket-CVE2020-1472
https://github.com/RicYaben/CVE-2020-1472-LAB
https://github.com/TheJoyOfHacking/dirkjanm-CVE-2020-1472
https://github.com/JolynNgSC/Zerologon_CVE-2020-1472
https://github.com/cube0x0/CVE-2020-1472
https://github.com/Udyz/Zerologon
https://github.com/mods20hh/ZeroLogon-PoC-DC-Pwn
https://github.com/commit2main/zerologon-lab
https://github.com/dirkjanm/CVE-2020-1472
https://github.com/midpipps/CVE-2020-1472-Easy
https://github.com/VoidSec/CVE-2020-1472
https://github.com/Fa1c0n35/CVE-2020-1472-02-
https://github.com/jiushill/CVE-2020-1472
https://github.com/NAXG/CVE-2020-1472
https://github.com/0xcccc666/cve-2020-1472_Tool-collection
https://github.com/risksense/zerologon
https://github.com/Tobey123/CVE-2020-1472-visualizer
https://github.com/sv3nbeast/CVE-2020-1472
https://github.com/WiIs0n/Zerologon_CVE-2020-1472
https://github.com/npocmak/CVE-2020-1472
https://github.com/murataydemir/CVE-2020-1472
https://github.com/Privia-Security/ADZero
https://github.com/Ken-Abruzzi/cve-2020-1472
https://github.com/itssmikefm/CVE-2020-1472
https://github.com/PakwanSK/Simulating-and-preventing-Zerologon-CVE-2020-1472-vulnerability-attacks.
https://github.com/shanfenglan/cve-2020-1472
https://github.com/johnpathe/zerologon-cve-2020-1472-notes
https://github.com/maikelnight/zerologon
https://github.com/whoami-chmod777/Zerologon-Attack-CVE-2020-1472-POC
https://github.com/t31m0/CVE-2020-1472
https://github.com/wrathfulDiety/zerologon
https://github.com/0xkami/CVE-2020-1472
https://github.com/zeronetworks/zerologon
https://github.com/logg-1/0logon
https://github.com/CPO-EH/CVE-2020-1472_ZeroLogonChecker
https://github.com/bb00/zer0dump
https://github.com/likeww/MassZeroLogon
https://github.com/hectorgie/CVE-2020-1472
https://github.com/b1ack0wl/CVE-2020-1472
https://github.com/mos165/CVE-20200-1472
https://github.com/Akash7350/CVE-2020-1472
https://github.com/SaharAttackit/CVE-2020-1472
https://github.com/100HnoMeuNome/ZeroLogon-CVE-2020-1472-lab
https://github.com/technion/ZeroLogonAssess
https://github.com/guglia001/MassZeroLogon
https://github.com/mstxq17/cve-2020-1472
https://github.com/YossiSassi/ZeroLogon-Exploitation-Check
https://github.com/Anonymous-Family/CVE-2020-1472
https://github.com/McKinnonIT/zabbix-template-CVE-2020-1472
https://github.com/Fa1c0n35/CVE-2020-1472
https://github.com/Sajuwithgithub/CVE2020-1472
https://github.com/bvcyber/CVE-2020-1472
https://github.com/Fa1c0n35/SecuraBV-CVE-2020-1472
https://github.com/tdevworks/CVE-2020-1472-ZeroLogon-Demo-Detection-Mitigation
https://github.com/puckiestyle/CVE-2020-1472
What’s more dangerous?
A) Zero-days
B) Unpatched one-year-old CVEs
C) Assets you forgot existed
Attackers already chose B + C.
Example:
CVE-2020-1472 (Zerologon) — still exploited in 2026.
🔗 Why it still works:
https://cvedatabase.com/cve/CVE-2020-1472
#CyberSecurity #VulnerabilityManagement
updated 2025-05-13T18:31:00
4 posts
1 repos
https://github.com/SafeBreach-Labs/EventLogin-CVE-2025-29969
Discovery & Analysis of CVE-2025-29969 https://www.safebreach.com/blog/safebreach_labs_discovers_cve-2025-29969/
##EventLog-in: Propagating With Weak Credentials Using the Eventlog Service in Microsoft Windows (CVE-2025-29969)
#CVE_2025_29969
https://www.safebreach.com/blog/safebreach_labs_discovers_cve-2025-29969/
Discovery & Analysis of CVE-2025-29969 https://www.safebreach.com/blog/safebreach_labs_discovers_cve-2025-29969/
##EventLog-in: Propagating With Weak Credentials Using the Eventlog Service in Microsoft Windows (CVE-2025-29969)
#CVE_2025_29969
https://www.safebreach.com/blog/safebreach_labs_discovers_cve-2025-29969/
updated 2024-01-27T05:05:43
1 posts
🔴 CVE-2026-27574 - Critical (9.9)
OneUptime is a solution for monitoring and managing online services. In versions 9.5.13 and below, custom JavaScript monitor feature uses Node.js's node:vm module (explicitly documented as not a security mechanism) to execute user-supplied code, a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27574/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-27574 - Critical (9.9)
OneUptime is a solution for monitoring and managing online services. In versions 9.5.13 and below, custom JavaScript monitor feature uses Node.js's node:vm module (explicitly documented as not a security mechanism) to execute user-supplied code, a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27574/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##BigBlueButton on < 3.0.22 with two new CVEs today: CVE-2026-27466 & CVE-2026-27467
Feel free to use the AI slop analyses (Gemini for student with free API configured).. Hecate is a prototype app for my master thesis
##BigBlueButton on < 3.0.22 with two new CVEs today: CVE-2026-27466 & CVE-2026-27467
Feel free to use the AI slop analyses (Gemini for student with free API configured).. Hecate is a prototype app for my master thesis
##BigBlueButton on < 3.0.22 with two new CVEs today: CVE-2026-27466 & CVE-2026-27467
Feel free to use the AI slop analyses (Gemini for student with free API configured).. Hecate is a prototype app for my master thesis
##BigBlueButton on < 3.0.22 with two new CVEs today: CVE-2026-27466 & CVE-2026-27467
Feel free to use the AI slop analyses (Gemini for student with free API configured).. Hecate is a prototype app for my master thesis
##🟠 CVE-2026-27479 - High (7.7)
Wallos is an open-source, self-hostable personal subscription tracker. Versions 4.6.0 and below contain a Server-Side Request Forgery (SSRF) vulnerability in the subscription and payment logo/icon upload functionality. The application validates th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27479/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27479 - High (7.7)
Wallos is an open-source, self-hostable personal subscription tracker. Versions 4.6.0 and below contain a Server-Side Request Forgery (SSRF) vulnerability in the subscription and payment logo/icon upload functionality. The application validates th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27479/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CRITICAL: CVE-2026-27471 in ERPNext (≤15.98.0, 16.0.0-rc.1 – 16.6.0) lets unauth attackers access sensitive docs via missing API auth. Upgrade to 15.98.1/16.6.1+ & restrict access now. https://radar.offseq.com/threat/cve-2026-27471-cwe-862-missing-authorization-in-fr-0d95cb60 #OffSeq #ERPNext #CVE202627471 #Infosec
##🚨 CRITICAL: CVE-2026-27471 in ERPNext (≤15.98.0, 16.0.0-rc.1 – 16.6.0) lets unauth attackers access sensitive docs via missing API auth. Upgrade to 15.98.1/16.6.1+ & restrict access now. https://radar.offseq.com/threat/cve-2026-27471-cwe-862-missing-authorization-in-fr-0d95cb60 #OffSeq #ERPNext #CVE202627471 #Infosec
##🟠 CVE-2026-27470 - High (8.8)
ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a second-order SQL Injection vulnerability in the web/ajax/status.php file within the getNearEvent...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27470/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27470 - High (8.8)
ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a second-order SQL Injection vulnerability in the web/ajax/status.php file within the getNearEvent...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27470/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🛡️ CRITICAL: CVE-2026-27452 in JonathanWilbur asn1-ts (<=11.0.5) — Decoding INTEGERs may leak ArrayBuffer, exposing sensitive data. Upgrade to 11.0.6 urgently. Details: https://radar.offseq.com/threat/cve-2026-27452-cwe-200-exposure-of-sensitive-infor-d39700d7 #OffSeq #Vulnerability #Security #CVE202627452
##🛡️ CRITICAL: CVE-2026-27452 in JonathanWilbur asn1-ts (<=11.0.5) — Decoding INTEGERs may leak ArrayBuffer, exposing sensitive data. Upgrade to 11.0.6 urgently. Details: https://radar.offseq.com/threat/cve-2026-27452-cwe-200-exposure-of-sensitive-infor-d39700d7 #OffSeq #Vulnerability #Security #CVE202627452
##🚨 Critical SAML SSO vuln (CVE-2026-27197, CVSS 9.1) in Sentry 21.12.0 – 26.1.0 allows remote account takeover in multi-org instances. Upgrade to 26.2.0+, enable user 2FA, audit SSO settings! Full details: https://radar.offseq.com/threat/cve-2026-27197-cwe-287-improper-authentication-in--f7f67e7c #OffSeq #Sentry #CVE202627197 #infosec
##🔴 CVE-2026-27197 - Critical (9.1)
Sentry is a developer-first error tracking and performance monitoring tool. Versions 21.12.0 through 26.1.0 have a critical vulnerability in its SAML SSO implementation which allows an attacker to take over any user account by using a malicious S...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27197/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 Critical SAML SSO vuln (CVE-2026-27197, CVSS 9.1) in Sentry 21.12.0 – 26.1.0 allows remote account takeover in multi-org instances. Upgrade to 26.2.0+, enable user 2FA, audit SSO settings! Full details: https://radar.offseq.com/threat/cve-2026-27197-cwe-287-improper-authentication-in--f7f67e7c #OffSeq #Sentry #CVE202627197 #infosec
##🔴 CVE-2026-27197 - Critical (9.1)
Sentry is a developer-first error tracking and performance monitoring tool. Versions 21.12.0 through 26.1.0 have a critical vulnerability in its SAML SSO implementation which allows an attacker to take over any user account by using a malicious S...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27197/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-24892 - High (7.5)
openITCOCKPIT is an open source monitoring tool built for different monitoring engines like Nagios, Naemon and Prometheus. openITCOCKPIT Community Edition 5.3.1 and earlier contains an unsafe PHP deserialization pattern in the processing of change...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24892/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-24892 - High (7.5)
openITCOCKPIT is an open source monitoring tool built for different monitoring engines like Nagios, Naemon and Prometheus. openITCOCKPIT Community Edition 5.3.1 and earlier contains an unsafe PHP deserialization pattern in the processing of change...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24892/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27134 - High (8.1)
Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployment configurations. In versions 0.49.0 through 0.50.0, when using a custom Cluster or Clients CA with a multistage CA chain consisting of multiple ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27134/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27134 - High (8.1)
Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployment configurations. In versions 0.49.0 through 0.50.0, when using a custom Cluster or Clients CA with a multistage CA chain consisting of multiple ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27134/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27134 - High (8.1)
Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployment configurations. In versions 0.49.0 through 0.50.0, when using a custom Cluster or Clients CA with a multistage CA chain consisting of multiple ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27134/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27134 - High (8.1)
Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployment configurations. In versions 0.49.0 through 0.50.0, when using a custom Cluster or Clients CA with a multistage CA chain consisting of multiple ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27134/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27169 - High (8.9)
OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below render untrusted user/model content in chat tool UI surfaces using unsafe HTML interpolation patterns, leading t...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27169/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27169 - High (8.9)
OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below render untrusted user/model content in chat tool UI surfaces using unsafe HTML interpolation patterns, leading t...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27169/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27114 - High (7.5)
NanaZip is an open source file archive Starting in version 5.0.1252.0 and prior to version 6.0.1630.0, circular `NextOffset` chains cause an infinite loop in the ROMFS archive parser. Version 6.0.1630.0 patches the issue.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27114/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27114 - High (7.5)
NanaZip is an open source file archive Starting in version 5.0.1252.0 and prior to version 6.0.1630.0, circular `NextOffset` chains cause an infinite loop in the ROMFS archive parser. Version 6.0.1630.0 patches the issue.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27114/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##2 posts
3 repos
https://github.com/cyberleelawat/FreePBX-Multiple-CVEs-2025
https://github.com/rxerium/FreePBX-Vulns-December-25
https://github.com/BimBoxH4/CVE-2025-66039_CVE-2025-61675_CVE-2025-61678_reePBX
#FreePBX is a popular open-source IP PBX management tool. @FreePBX manages #VoIP communications & requires high availability & relatively open access, making it a very attractive target for threat actors. It now has serious CVE vulns. HT @PicusSecurity https://cybersec.picussecurity.com/s/critical-freepbx-vulnerabilities-cve-2025-66039-cve-2025-61675-cve-2025-61675-25485
###FreePBX is a popular open-source IP PBX management tool. @FreePBX manages #VoIP communications & requires high availability & relatively open access, making it a very attractive target for threat actors. It now has serious CVE vulns. HT @PicusSecurity https://cybersec.picussecurity.com/s/critical-freepbx-vulnerabilities-cve-2025-66039-cve-2025-61675-cve-2025-61675-25485
##2 posts
3 repos
https://github.com/cyberleelawat/FreePBX-Multiple-CVEs-2025
https://github.com/rxerium/FreePBX-Vulns-December-25
https://github.com/BimBoxH4/CVE-2025-66039_CVE-2025-61675_CVE-2025-61678_reePBX
#FreePBX is a popular open-source IP PBX management tool. @FreePBX manages #VoIP communications & requires high availability & relatively open access, making it a very attractive target for threat actors. It now has serious CVE vulns. HT @PicusSecurity https://cybersec.picussecurity.com/s/critical-freepbx-vulnerabilities-cve-2025-66039-cve-2025-61675-cve-2025-61675-25485
###FreePBX is a popular open-source IP PBX management tool. @FreePBX manages #VoIP communications & requires high availability & relatively open access, making it a very attractive target for threat actors. It now has serious CVE vulns. HT @PicusSecurity https://cybersec.picussecurity.com/s/critical-freepbx-vulnerabilities-cve-2025-66039-cve-2025-61675-cve-2025-61675-25485
##🟠 CVE-2026-26064 - High (8.8)
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below contain a Path Traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Wind...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26064/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🛑 CRITICAL CVE-2026-26064 in calibre <9.3.0: Path traversal in extract_pictures enables arbitrary file writes & remote code execution on Windows. Patch to 9.3.0+ ASAP. User interaction required. Details: https://radar.offseq.com/threat/cve-2026-26064-cwe-22-improper-limitation-of-a-pat-71d04e0e #OffSeq #Calibre #Vuln #InfoSec
##🟠 CVE-2026-26064 - High (8.8)
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below contain a Path Traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Wind...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26064/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🛑 CRITICAL CVE-2026-26064 in calibre <9.3.0: Path traversal in extract_pictures enables arbitrary file writes & remote code execution on Windows. Patch to 9.3.0+ ASAP. User interaction required. Details: https://radar.offseq.com/threat/cve-2026-26064-cwe-22-improper-limitation-of-a-pat-71d04e0e #OffSeq #Calibre #Vuln #InfoSec
##🟠 CVE-2026-26959 - High (7.8)
ADB Explorer is a fluent UI for ADB on Windows. Versions 0.9.26020 and below fail to validate the integrity or authenticity of the ADB binary path specified in the ManualAdbPath setting before executing it, allowing arbitrary code execution with t...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26959/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##CVE-2026-26959: HIGH severity vuln in Alex4SSB ADB-Explorer (<0.9.26021). Malicious config (App.txt) can trigger code execution if users launch app with a crafted argument. Upgrade ASAP! https://radar.offseq.com/threat/cve-2026-26959-cwe-829-inclusion-of-functionality--f5a9dc71 #OffSeq #Vulnerability #Security #CVE202626959
##🟠 CVE-2026-26959 - High (7.8)
ADB Explorer is a fluent UI for ADB on Windows. Versions 0.9.26020 and below fail to validate the integrity or authenticity of the ADB binary path specified in the ManualAdbPath setting before executing it, allowing arbitrary code execution with t...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26959/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##CVE-2026-26959: HIGH severity vuln in Alex4SSB ADB-Explorer (<0.9.26021). Malicious config (App.txt) can trigger code execution if users launch app with a crafted argument. Upgrade ASAP! https://radar.offseq.com/threat/cve-2026-26959-cwe-829-inclusion-of-functionality--f5a9dc71 #OffSeq #Vulnerability #Security #CVE202626959
##🟠 CVE-2026-26202 - High (7.5)
Penpot is an open-source design tool for design and code collaboration. Prior to version 2.13.2, an authenticated user can read arbitrary files from the server by supplying a local file path (e.g. `/etc/passwd`) as a font data chunk in the `create...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26202/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26202 - High (7.5)
Penpot is an open-source design tool for design and code collaboration. Prior to version 2.13.2, an authenticated user can read arbitrary files from the server by supplying a local file path (e.g. `/etc/passwd`) as a font data chunk in the `create...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26202/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26200 - High (7.8)
HDF5 is software for managing data. Prior to version 1.14.4-2, an attacker who can control an `h5` file parsed by HDF5 can trigger a write-based heap buffer overflow condition. This can lead to a denial-of-service condition, and potentially furthe...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26200/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26200 - High (7.8)
HDF5 is software for managing data. Prior to version 1.14.4-2, an attacker who can control an `h5` file parsed by HDF5 can trigger a write-based heap buffer overflow condition. This can lead to a denial-of-service condition, and potentially furthe...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26200/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##