| CVE | CVSS | EPSS | Posts | Repos | Nuclei | Updated | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-34394 | 8.1 | 0.02% | 2 | 0 | 2026-04-01T20:38:14.020000 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo | |
| CVE-2025-32957 | 8.7 | 0.04% | 1 | 0 | 2026-04-01T20:31:57.590000 | baserCMS is a website development framework. Prior to version 5.2.3, the applica | |
| CVE-2026-21861 | 9.1 | 0.17% | 2 | 0 | 2026-04-01T20:29:39.303000 | baserCMS is a website development framework. Prior to version 5.2.3, baserCMS co | |
| CVE-2026-30880 | 9.8 | 0.28% | 1 | 0 | 2026-04-01T20:27:00.497000 | baserCMS is a website development framework. Prior to version 5.2.3, baserCMS ha | |
| CVE-2026-5281 | 8.8 | 0.04% | 13 | 0 | 2026-04-01T20:16:29.780000 | Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote | |
| CVE-2026-34506 | 4.3 | 0.03% | 2 | 0 | 2026-04-01T19:27:12.840000 | OpenClaw before 2026.3.8 contains a sender allowlist bypass vulnerability in its | |
| CVE-2026-33576 | 6.5 | 0.04% | 1 | 0 | 2026-04-01T19:19:24.363000 | OpenClaw before 2026.3.28 downloads and stores inbound media from Zalo channels | |
| CVE-2026-35056 | 7.2 | 0.26% | 1 | 0 | 2026-04-01T18:55:19.097000 | XenForo before 2.3.9 and before 2.2.18 allows remote code execution (RCE) by aut | |
| CVE-2025-71282 | 7.5 | 0.03% | 1 | 0 | 2026-04-01T18:53:29.363000 | XenForo before 2.3.7 discloses filesystem paths through exception messages trigg | |
| CVE-2025-71278 | 8.8 | 0.04% | 1 | 0 | 2026-04-01T18:51:48.267000 | XenForo before 2.3.5 allows OAuth2 client applications to request unauthorized s | |
| CVE-2026-34162 | 10.0 | 0.09% | 1 | 0 | 2026-04-01T18:38:39.890000 | FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, the FastGPT | |
| CVE-2026-34163 | 7.7 | 0.03% | 1 | 0 | 2026-04-01T18:28:47.027000 | FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, FastGPT's M | |
| CVE-2026-34453 | 7.5 | 0.03% | 1 | 0 | 2026-04-01T17:28:40.643000 | SiYuan is a personal knowledge management system. Prior to version 3.6.2, the pu | |
| CVE-2026-33949 | 8.1 | 0.00% | 2 | 0 | 2026-04-01T17:28:39.507000 | Tina is a headless content management system. Prior to version 2.2.2, a path tra | |
| CVE-2026-20160 | 9.8 | 0.00% | 2 | 0 | 2026-04-01T17:28:31.760000 | A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allo | |
| CVE-2026-20093 | 9.8 | 0.00% | 2 | 0 | 2026-04-01T17:28:29.027000 | A vulnerability in the change password functionality of Cisco Integrated Managem | |
| CVE-2026-5278 | 8.8 | 0.03% | 2 | 0 | 2026-04-01T17:09:45.597000 | Use after free in Web MIDI in Google Chrome on Android prior to 146.0.7680.178 a | |
| CVE-2026-5284 | 7.5 | 0.04% | 2 | 0 | 2026-04-01T17:09:14.033000 | Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote | |
| CVE-2026-5288 | 9.6 | 0.03% | 2 | 0 | 2026-04-01T16:41:09.713000 | Use after free in WebView in Google Chrome on Android prior to 146.0.7680.178 al | |
| CVE-2026-5289 | 9.6 | 0.03% | 2 | 0 | 2026-04-01T16:40:59.350000 | Use after free in Navigation in Google Chrome prior to 146.0.7680.178 allowed a | |
| CVE-2026-5290 | 9.6 | 0.03% | 2 | 0 | 2026-04-01T16:40:52.530000 | Use after free in Compositing in Google Chrome prior to 146.0.7680.178 allowed a | |
| CVE-2026-5277 | 7.5 | 0.03% | 2 | 0 | 2026-04-01T16:40:22.150000 | Integer overflow in ANGLE in Google Chrome on Windows prior to 146.0.7680.178 al | |
| CVE-2026-5275 | 8.8 | 0.03% | 2 | 0 | 2026-04-01T16:40:00.530000 | Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 146.0.7680.178 al | |
| CVE-2026-5274 | 8.8 | 0.03% | 2 | 0 | 2026-04-01T16:39:51.933000 | Integer overflow in Codecs in Google Chrome prior to 146.0.7680.178 allowed a re | |
| CVE-2026-5272 | 8.8 | 0.01% | 2 | 0 | 2026-04-01T16:36:06.623000 | Heap buffer overflow in GPU in Google Chrome prior to 146.0.7680.178 allowed a r | |
| CVE-2026-5087 | 7.5 | 0.02% | 2 | 0 | 2026-04-01T16:23:52.180000 | PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl gene | |
| CVE-2026-4748 | 7.5 | 0.03% | 2 | 0 | 2026-04-01T16:23:51.263000 | A regression in the way hashes were calculated caused rules containing the addre | |
| CVE-2026-3308 | 7.8 | 0.02% | 2 | 0 | 2026-04-01T16:23:51.103000 | An integer overflow vulnerability in 'pdf-image.c' in Artifex's MuPDF version 1. | |
| CVE-2026-34430 | 8.8 | 0.00% | 2 | 0 | 2026-04-01T16:23:50.373000 | ByteDance Deer-Flow versions prior to commit 92c7a20 contain a sandbox escape vu | |
| CVE-2026-33373 | 8.8 | 0.03% | 2 | 0 | 2026-04-01T16:23:50.073000 | An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A Cross-Sit | |
| CVE-2026-29014 | 9.8 | 0.00% | 2 | 0 | 2026-04-01T16:23:49.123000 | MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injec | |
| CVE-2026-5292 | 8.8 | 0.03% | 2 | 0 | 2026-04-01T15:32:18 | Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed | |
| CVE-2026-2696 | 5.3 | 0.02% | 2 | 0 | 2026-04-01T15:32:18 | The Export All URLs WordPress plugin before 5.1 generates CSV filenames containi | |
| CVE-2026-5286 | 8.8 | 0.04% | 4 | 0 | 2026-04-01T15:32:17 | Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote | |
| CVE-2026-35092 | 7.5 | 0.00% | 4 | 0 | 2026-04-01T15:31:21 | A flaw was found in Corosync. An integer overflow vulnerability in Corosync's jo | |
| CVE-2026-35091 | 8.2 | 0.00% | 4 | 0 | 2026-04-01T15:31:21 | A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wr | |
| CVE-2026-5282 | 8.1 | 0.03% | 2 | 0 | 2026-04-01T15:31:15 | Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed | |
| CVE-2026-4747 | 8.8 | 0.16% | 21 | 0 | 2026-04-01T15:23:23.797000 | Each RPCSEC_GSS data packet is validated by a routine which checks a signature i | |
| CVE-2026-3256 | 9.8 | 0.02% | 2 | 0 | 2026-04-01T15:23:23.523000 | HTTP::Session versions through 0.53 for Perl defaults to using insecurely genera | |
| CVE-2026-2275 | 9.6 | 0.04% | 1 | 0 | 2026-04-01T14:24:21.833000 | The CrewAI CodeInterpreter tool falls back to SandboxPython when it cannot reach | |
| CVE-2026-29925 | 7.7 | 0.03% | 2 | 0 | 2026-04-01T14:24:21.833000 | Invoice Ninja v5.12.46 and v5.12.48 is vulnerable to Server-Side Request Forgery | |
| CVE-2026-29924 | 7.6 | 0.06% | 1 | 0 | 2026-04-01T14:24:21.833000 | Grav CMS v1.7.x and before is vulnerable to XML External Entity (XXE) through th | |
| CVE-2026-29953 | 7.4 | 0.03% | 1 | 0 | 2026-04-01T14:24:21.833000 | SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the | |
| CVE-2026-29954 | 7.6 | 0.03% | 1 | 1 | 2026-04-01T14:24:21.833000 | In KubePlus 4.1.4, the mutating webhook and kubeconfiggenerator components have | |
| CVE-2026-30077 | 7.5 | 0.06% | 1 | 0 | 2026-04-01T14:24:21.833000 | OpenAirInterface V2.2.0 AMF crashes when it fails to decode the message. Not all | |
| CVE-2026-29872 | 8.2 | 0.05% | 1 | 0 | 2026-04-01T14:24:21.833000 | A cross-session information disclosure vulnerability exists in the awesome-llm-a | |
| CVE-2026-34361 | 9.3 | 0.04% | 2 | 0 | 2026-04-01T14:24:02.583000 | HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare i | |
| CVE-2026-34504 | 8.3 | 0.04% | 1 | 0 | 2026-04-01T14:24:02.583000 | OpenClaw before 2026.3.28 contains a server-side request forgery vulnerability i | |
| CVE-2026-24164 | 8.8 | 0.04% | 1 | 0 | 2026-04-01T14:24:02.583000 | NVIDIA BioNeMo contains a vulnerability where a user could cause a deserializati | |
| CVE-2026-0596 | 9.6 | 0.24% | 2 | 0 | 2026-04-01T14:24:02.583000 | A command injection vulnerability exists in mlflow/mlflow when serving a model w | |
| CVE-2026-34243 | 9.8 | 0.24% | 2 | 0 | 2026-04-01T14:24:02.583000 | wenxian is a tool to generate BIBTEX files from given identifiers (DOI, PMID, ar | |
| CVE-2026-30309 | 7.8 | 0.05% | 1 | 0 | 2026-04-01T14:24:02.583000 | InfCode's terminal auto-execution module contains a critical command filtering v | |
| CVE-2026-5204 | 8.8 | 0.05% | 1 | 0 | 2026-04-01T14:24:02.583000 | A vulnerability was determined in Tenda CH22 1.0.0.1. Affected is the function f | |
| CVE-2025-15618 | 9.1 | 0.04% | 1 | 0 | 2026-04-01T14:24:02.583000 | Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses a | |
| CVE-2026-34214 | 7.7 | 0.02% | 2 | 0 | 2026-04-01T14:24:02.583000 | Trino is a distributed SQL query engine for big data analytics. From version 439 | |
| CVE-2026-32920 | 8.4 | 0.01% | 1 | 0 | 2026-04-01T14:24:02.583000 | OpenClaw before 2026.3.12 automatically discovers and loads plugins from .OpenCl | |
| CVE-2026-32916 | 9.4 | 0.07% | 1 | 0 | 2026-04-01T14:24:02.583000 | OpenClaw versions 2026.3.7 before 2026.3.11 contain an authorization bypass vuln | |
| CVE-2026-32982 | 7.5 | 0.03% | 1 | 0 | 2026-04-01T14:24:02.583000 | OpenClaw before 2026.3.13 contains an information disclosure vulnerability in th | |
| CVE-2025-10551 | 8.7 | 0.03% | 2 | 0 | 2026-04-01T14:24:02.583000 | A Stored Cross-site Scripting (XSS) vulnerability affecting Document Management | |
| CVE-2025-10553 | 8.7 | 0.03% | 1 | 0 | 2026-04-01T14:24:02.583000 | A Stored Cross-site Scripting (XSS) vulnerability affecting Factory Resource Man | |
| CVE-2026-34070 | 7.5 | 0.19% | 3 | 1 | 2026-04-01T14:24:02.583000 | LangChain is a framework for building agents and LLM-powered applications. Prior | |
| CVE-2026-32716 | 8.1 | 0.03% | 1 | 0 | 2026-04-01T14:24:02.583000 | SciTokens is a reference library for generating and using SciTokens. Prior to ve | |
| CVE-2026-34042 | 8.2 | 0.05% | 1 | 0 | 2026-04-01T14:24:02.583000 | act is a project which allows for local running of github actions. Prior to vers | |
| CVE-2026-4020 | 7.5 | 0.05% | 1 | 0 | template | 2026-04-01T14:24:02.583000 | The Gravity SMTP plugin for WordPress is vulnerable to Sensitive Information Exp |
| CVE-2026-4257 | 9.8 | 12.78% | 2 | 0 | template | 2026-04-01T14:24:02.583000 | The Contact Form by Supsystic plugin for WordPress is vulnerable to Server-Side |
| CVE-2026-5155 | 8.8 | 0.02% | 1 | 0 | 2026-04-01T14:24:02.583000 | A vulnerability was found in Tenda CH22 1.0.0.1. This affects the function fromA | |
| CVE-2026-34557 | 9.1 | 0.05% | 2 | 0 | 2026-04-01T14:24:02.583000 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, mo | |
| CVE-2026-5152 | 8.8 | 0.05% | 2 | 0 | 2026-04-01T14:24:02.583000 | A vulnerability was detected in Tenda CH22 1.0.0.1. Impacted is the function for | |
| CVE-2026-35093 | 8.8 | 0.00% | 4 | 0 | 2026-04-01T14:23:37.727000 | A flaw was found in libinput. A local attacker who can place a specially crafted | |
| CVE-2025-15484 | 9.1 | 0.02% | 2 | 0 | 2026-04-01T14:23:37.727000 | The Order Notification for WooCommerce WordPress plugin before 3.6.3 overrides | |
| CVE-2026-3356 | 0 | 0.05% | 4 | 0 | 2026-04-01T14:23:37.727000 | The MS27102A Remote Spectrum Monitor is vulnerable to an authentication bypass t | |
| CVE-2026-23898 | 0 | 0.06% | 2 | 0 | 2026-04-01T14:23:37.727000 | Lack of input validation leads to an arbitrary file deletion vulnerability in th | |
| CVE-2026-5211 | 8.8 | 0.04% | 2 | 0 | 2026-04-01T14:23:37.727000 | A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, | |
| CVE-2026-34367 | 7.6 | 0.03% | 2 | 0 | 2026-04-01T14:23:37.727000 | InvoiceShelf is an open-source web & mobile app that helps track expenses, payme | |
| CVE-2026-5213 | 8.8 | 0.04% | 2 | 0 | 2026-04-01T14:23:37.727000 | A vulnerability was determined in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, D | |
| CVE-2026-34448 | 9.0 | 0.05% | 3 | 0 | 2026-04-01T14:23:37.727000 | SiYuan is a personal knowledge management system. Prior to version 3.6.2, an att | |
| CVE-2025-13855 | 7.6 | 0.09% | 2 | 0 | 2026-04-01T14:23:37.727000 | IBM Storage Protect Server 8.2.0 IBM Storage Protect Plus Server is vulnerable t | |
| CVE-2026-3779 | 7.8 | 0.02% | 1 | 0 | 2026-04-01T14:23:37.727000 | The application's list box calculate array logic keeps stale references to page | |
| CVE-2026-32726 | 8.1 | 0.03% | 2 | 0 | 2026-04-01T14:23:37.727000 | SciTokens C++ is a minimal library for creating and using SciTokens from C or C+ | |
| CVE-2026-32725 | 8.3 | 0.21% | 1 | 0 | 2026-04-01T14:23:37.727000 | SciTokens C++ is a minimal library for creating and using SciTokens from C or C+ | |
| CVE-2026-5190 | 7.5 | 0.01% | 1 | 0 | 2026-04-01T14:23:37.727000 | Out-of-bounds write in the streaming decoder component in aws-c-event-stream bef | |
| CVE-2026-26060 | None | 0.04% | 1 | 0 | 2026-04-01T06:11:50 | ### Summary A vulnerability in Fleet’s password management logic could allow pr | |
| CVE-2025-71281 | 8.8 | 0.05% | 1 | 0 | 2026-04-01T03:31:46 | XenForo before 2.3.7 does not properly restrict methods callable from within tem | |
| CVE-2026-3775 | 7.8 | 0.01% | 1 | 0 | 2026-04-01T03:31:46 | The application's update service, when checking for updates, loads certain syste | |
| CVE-2025-71279 | 9.8 | 0.08% | 1 | 0 | 2026-04-01T03:31:46 | XenForo before 2.3.7 contains a security issue affecting Passkeys that have been | |
| CVE-2026-5214 | 8.8 | 0.04% | 1 | 0 | 2026-04-01T00:31:39 | A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-32 | |
| CVE-2026-34558 | 9.1 | 0.05% | 3 | 0 | 2026-04-01T00:09:24 | ## Summary ### **Vulnerability: Stored DOM XSS via Methods Management Fields ( | |
| CVE-2026-34585 | 8.6 | 0.07% | 1 | 0 | 2026-04-01T00:05:12 | ### Summary A vulnerability allows crafted block attribute values to bypass serv | |
| CVE-2026-33578 | 9.8 | 0.01% | 2 | 0 | 2026-04-01T00:01:11 | ## Summary When only a route-level group allowlist was configured, sender polic | |
| CVE-2026-33577 | 9.8 | 0.01% | 1 | 0 | 2026-04-01T00:00:20 | ## Summary The node pairing approval path did not consistently enforce that the | |
| CVE-2026-34503 | 7.5 | 0.03% | 1 | 0 | 2026-03-31T23:52:04 | ## Summary Removing a device or revoking its token updated stored credentials b | |
| CVE-2026-34449 | 9.7 | 0.14% | 3 | 0 | 2026-03-31T23:29:01 | ### Summary A malicious website can achieve Remote Code Execution (RCE) on any | |
| CVE-2026-34381 | 7.5 | 0.06% | 2 | 0 | 2026-03-31T23:10:05 | ### Summary Admidio relies on `adm_my_files/.htaccess` to deny direct HTTP acce | |
| CVE-2026-34240 | 7.5 | 0.01% | 1 | 0 | 2026-03-31T23:09:20 | ### Impact A vulnerability in `jose` versions up to and including `0.3.5` could | |
| CVE-2026-32727 | 8.1 | 0.05% | 1 | 0 | 2026-03-31T22:51:38 | ### Summary The `Enforcer` is vulnerable to a path traversal attack where an att | |
| CVE-2026-32714 | 9.8 | 0.03% | 1 | 0 | 2026-03-31T22:49:18 | ### Summary The `KeyCache` class in `scitokens` was vulnerable to SQL Injection | |
| CVE-2026-30877 | 9.1 | 0.17% | 3 | 0 | 2026-03-31T22:35:47 | ### Summary The latest version of baserCMS (basercms-5.2.2) contains an OS comma | |
| CVE-2026-4851 | 9.8 | 0.07% | 1 | 0 | 2026-03-31T21:32:22 | GRID::Machine versions through 0.127 for Perl allows arbitrary code execution vi | |
| CVE-2026-1579 | 9.8 | 0.07% | 6 | 0 | 2026-03-31T21:31:31 | The MAVLink communication protocol does not require cryptographic authenticatio | |
| CVE-2026-5212 | 8.8 | 0.08% | 2 | 0 | 2026-03-31T21:31:31 | A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, D | |
| CVE-2026-3502 | 7.8 | 0.01% | 2 | 0 | 2026-03-31T21:31:18 | TrueConf Client downloads application update code and applies it without perform | |
| CVE-2026-34209 | 7.5 | 0.03% | 1 | 0 | 2026-03-31T18:51:06 | ### Impact The `tempo/session` cooperative close handler validated the close vo | |
| CVE-2026-34156 | 10.0 | 5.19% | 2 | 0 | template | 2026-03-31T18:50:36 | `##` Summary NocoBase's Workflow Script Node executes user-supplied JavaScript |
| CVE-2026-34040 | 8.8 | 0.01% | 1 | 0 | 2026-03-31T18:40:35 | ## Summary A security vulnerability has been detected that allows attackers to | |
| CVE-2026-29870 | 7.6 | 0.08% | 1 | 0 | 2026-03-31T18:32:38 | A directory traversal vulnerability in the agentic-context-engine project versio | |
| CVE-2026-30282 | 9.1 | 0.03% | 1 | 0 | 2026-03-31T18:31:43 | An arbitrary file overwrite vulnerability in UXGROUP LLC Cast to TV Screen Mirro | |
| CVE-2026-24165 | 7.8 | 0.06% | 2 | 0 | 2026-03-31T18:31:43 | NVIDIA BioNeMo contains a vulnerability where a user could cause a deserializati | |
| CVE-2026-24154 | 7.7 | 0.03% | 2 | 0 | 2026-03-31T18:31:38 | NVIDIA Jetson Linux has vulnerability in initrd, where an unprivileged attacker | |
| CVE-2026-24148 | 8.3 | 0.04% | 1 | 0 | 2026-03-31T18:31:37 | NVIDIA Jetson for JetPack contains a vulnerability in the system initialization | |
| CVE-2025-53521 | 9.8 | 41.41% | 5 | 0 | 2026-03-31T17:12:31.053000 | When a BIG-IP APM access policy is configured on a virtual server, specific mali | |
| CVE-2026-5121 | 9.8 | 0.18% | 1 | 0 | 2026-03-31T15:32:59 | A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerabi | |
| CVE-2026-33579 | 9.8 | 0.01% | 1 | 0 | 2026-03-31T15:32:03 | OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the / | |
| CVE-2026-33580 | 9.8 | 0.06% | 1 | 0 | 2026-03-31T15:32:03 | OpenClaw before 2026.3.28 contains a missing rate limiting vulnerability in the | |
| CVE-2026-21710 | 7.5 | 0.01% | 1 | 1 | 2026-03-31T15:31:56 | A flaw in Node.js HTTP request handling causes an uncaught `TypeError` when a re | |
| CVE-2026-3055 | 9.8 | 44.30% | 11 | 5 | template | 2026-03-31T13:18:14.213000 | Insufficient input validation in NetScaler ADC and NetScaler Gateway when config |
| CVE-2026-34505 | 9.8 | 0.06% | 2 | 0 | 2026-03-31T12:31:43 | OpenClaw before 2026.3.12 applies rate limiting only after successful webhook au | |
| CVE-2026-32917 | 9.8 | 0.40% | 1 | 0 | 2026-03-31T12:31:42 | OpenClaw before 2026.3.13 contains a remote command injection vulnerability in t | |
| CVE-2026-32988 | 7.5 | 0.01% | 2 | 0 | 2026-03-31T12:31:42 | OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in fs | |
| CVE-2026-34509 | 7.5 | 0.03% | 1 | 0 | 2026-03-31T12:31:42 | OpenClaw before 2026.3.8 contains a sender allowlist bypass vulnerability in its | |
| CVE-2026-4317 | None | 0.05% | 1 | 0 | 2026-03-31T12:31:42 | SQL inyection (SQLi) vulnerability in Umami Software web application through an | |
| CVE-2026-5201 | 7.5 | 0.09% | 2 | 1 | 2026-03-31T09:31:49 | A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vuln | |
| CVE-2026-3300 | 9.8 | 0.22% | 2 | 0 | 2026-03-31T03:31:35 | The Everest Forms Pro plugin for WordPress is vulnerable to Remote Code Executio | |
| CVE-2026-5156 | 8.8 | 0.05% | 1 | 0 | 2026-03-31T00:31:19 | A vulnerability was determined in Tenda CH22 1.0.0.1. This impacts the function | |
| CVE-2026-5130 | 8.8 | 0.02% | 1 | 0 | 2026-03-31T00:31:19 | The Debugger & Troubleshooter plugin for WordPress was vulnerable to Unauthentic | |
| CVE-2026-5154 | 8.8 | 0.05% | 1 | 0 | 2026-03-31T00:31:18 | A vulnerability has been found in Tenda CH22 1.0.0.1/1.If. The impacted element | |
| CVE-2026-34714 | 9.2 | 0.02% | 2 | 0 | 2026-03-30T21:31:10 | Vim before 9.2.0272 allows code execution that happens immediately upon opening | |
| CVE-2026-3991 | 7.8 | 0.01% | 1 | 0 | 2026-03-30T21:31:10 | Symantec Data Loss Prevention Windows Endpoint, prior to 25.1 MP1, 16.1 MP2, 16. | |
| CVE-2026-33634 | 8.8 | 21.15% | 1 | 3 | 2026-03-30T18:50:38.270000 | Trivy is a security scanner. On March 19, 2026, a threat actor used compromised | |
| CVE-2026-21643 | 9.8 | 0.05% | 6 | 2 | 2026-03-30T13:16:22.063000 | An improper neutralization of special elements used in an sql command ('sql inje | |
| CVE-2026-33871 | None | 0.06% | 1 | 0 | 2026-03-27T21:48:56 | ### Summary A remote user can trigger a Denial of Service (DoS) against a Netty | |
| CVE-2026-34475 | 5.4 | 0.04% | 2 | 0 | 2026-03-27T21:31:44 | Varnish Cache before 8.0.1 and Varnish Enterprise before 6.0.16r12, in certain u | |
| CVE-2026-33711 | None | 0.01% | 1 | 0 | 2026-03-27T17:09:48 | ### Summary Incus provides an API to retrieve VM screenshots, that API relies on | |
| CVE-2026-33017 | 9.8 | 5.65% | 1 | 6 | 2026-03-26T15:41:23 | ## Summary The `POST /api/v1/build_public_tmp/{flow_id}/flow` endpoint allows b | |
| CVE-2026-20700 | 7.8 | 0.30% | 2 | 0 | 2026-03-25T17:39:37.227000 | A memory corruption issue was addressed with improved state management. This iss | |
| CVE-2026-4342 | 8.8 | 0.04% | 1 | 1 | 2026-03-20T13:37:50.737000 | A security issue was discovered in ingress-nginx where a combination of Ingress | |
| CVE-2025-71260 | 8.8 | 9.15% | 1 | 1 | template | 2026-03-19T15:31:27 | BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a deserializa |
| CVE-2026-3888 | 7.8 | 0.01% | 2 | 6 | 2026-03-18T04:17:30.720000 | Local privilege escalation in snapd on Linux allows local attackers to get root | |
| CVE-2025-14558 | 7.2 | 53.60% | 1 | 2 | 2026-03-17T15:55:24.490000 | The rtsol(8) and rtsold(8) programs do not validate the domain search list optio | |
| CVE-2026-2493 | 7.5 | 15.24% | 1 | 0 | 2026-03-16T15:30:55 | IceWarp collaboration Directory Traversal Information Disclosure Vulnerability. | |
| CVE-2026-2413 | 7.5 | 26.22% | 1 | 3 | template | 2026-03-11T13:52:47.683000 | The Ally – Web Accessibility & Usability plugin for WordPress is vulnerable to S |
| CVE-2026-29058 | 9.8 | 42.99% | 1 | 0 | 2026-03-06T21:56:51 | ## Impact An unauthenticated attacker can execute arbitrary OS commands on the | |
| CVE-2026-2025 | 7.5 | 26.43% | 1 | 10 | template | 2026-03-04T18:16:29.953000 | The Mail Mint WordPress plugin before 1.19.5 does not have authorization in one |
| CVE-2023-7337 | 7.5 | 22.17% | 1 | 0 | template | 2026-03-04T18:08:05.730000 | The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is |
| CVE-2026-27971 | None | 23.12% | 1 | 0 | template | 2026-03-04T02:00:52 | ### Summary qwik <=1.19.0 is vulnerable to RCE due to an unsafe deserialization |
| CVE-2026-1492 | 9.8 | 30.99% | 1 | 2 | template | 2026-03-03T21:52:29.877000 | The User Registration & Membership – Custom Registration Form Builder, Custom Lo |
| CVE-2025-61594 | 7.5 | 0.01% | 1 | 0 | 2026-02-24T14:57:18.363000 | URI is a module providing classes to handle Uniform Resource Identifiers. In ver | |
| CVE-2026-21508 | 7.0 | 0.05% | 2 | 1 | 2026-02-10T18:30:53 | Improper authentication in Windows Storage allows an authorized attacker to elev | |
| CVE-2026-2150 | 4.3 | 0.01% | 2 | 11 | 2026-02-10T14:49:56.377000 | A flaw has been found in SourceCodester/Patrick Mvuma Patients Waiting Area Queu | |
| CVE-2026-21858 | 10.0 | 8.73% | 1 | 11 | template | 2026-01-16T19:31:34.467000 | n8n is an open source workflow automation platform. Versions starting with 1.65. |
| CVE-2025-68664 | 9.3 | 0.04% | 1 | 2 | 2026-01-13T15:58:23.373000 | LangChain is a framework for building agents and LLM-powered applications. Prior | |
| CVE-2025-14847 | 7.5 | 74.63% | 1 | 39 | template | 2025-12-30T00:32:58 | Mismatched length fields in Zlib compressed protocol headers may allow a read of |
| CVE-2025-32975 | 10.0 | 0.17% | 2 | 0 | 2025-11-03T20:18:29.263000 | Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x bef | |
| CVE-2023-4966 | 9.4 | 94.35% | 2 | 14 | template | 2025-10-24T13:42:55.550000 | Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when con |
| CVE-2024-3094 | 10.0 | 86.06% | 1 | 78 | template | 2025-08-19T01:15:57.407000 | Malicious code was discovered in the upstream tarballs of xz, starting with vers |
| CVE-2021-23337 | 7.2 | 0.46% | 2 | 1 | 2025-08-12T21:44:25 | `lodash` versions prior to 4.17.21 are vulnerable to Command Injection via the t | |
| CVE-2022-47392 | 6.5 | 0.31% | 1 | 0 | 2025-07-17T13:10:35.760000 | An authenticated, remote attacker may use a improper input validation vulnerabil | |
| CVE-2022-47390 | 8.8 | 2.36% | 1 | 0 | 2025-07-17T13:10:11.830000 | An authenticated, remote attacker may use a stack based out-of-bounds write vuln | |
| CVE-2022-47387 | 8.8 | 2.30% | 1 | 0 | 2025-07-17T13:05:21.360000 | An authenticated remote attacker may use a stack based out-of-bounds write vulne | |
| CVE-2022-47386 | 8.8 | 2.30% | 1 | 0 | 2025-07-17T13:02:11.490000 | An authenticated, remote attacker may use a stack based out-of-bounds write vuln | |
| CVE-2022-47383 | 8.8 | 2.30% | 1 | 0 | 2025-07-17T12:56:32.877000 | An authenticated, remote attacker may use a stack based out-of-bounds write vuln | |
| CVE-2022-47382 | 8.8 | 2.30% | 1 | 0 | 2025-07-17T12:50:47.377000 | An authenticated remote attacker may use a stack based out-of-bounds write vulne | |
| CVE-2022-47379 | 8.8 | 2.81% | 1 | 0 | 2025-07-17T12:38:27.903000 | An authenticated, remote attacker may use a out-of-bounds write vulnerability in | |
| CVE-2022-47378 | 6.5 | 0.41% | 1 | 0 | 2025-07-17T12:38:13.340000 | Multiple CODESYS products in multiple versions are prone to a improper input val | |
| CVE-2025-6514 | 9.7 | 1.29% | 1 | 3 | 2025-07-09T18:08:46 | mcp-remote is exposed to OS command injection when connecting to untrusted MCP s | |
| CVE-2025-29970 | 7.8 | 0.69% | 1 | 0 | 2025-05-19T14:20:49.300000 | Use after free in Microsoft Brokering File System allows an authorized attacker | |
| CVE-2025-24076 | 7.3 | 1.60% | 2 | 1 | 2025-03-11T18:32:27 | Improper access control in Windows Cross Device Service allows an authorized att | |
| CVE-2024-37408 | 7.3 | 0.05% | 1 | 0 | 2024-11-21T09:23:48.037000 | fprintd through 1.94.3 lacks a security attention mechanism, and thus unexpected | |
| CVE-2022-47385 | 8.8 | 2.30% | 1 | 0 | 2024-04-11T21:18:07 | An authenticated, remote attacker may use a stack based out-of-bounds write vuln | |
| CVE-2022-47389 | 8.8 | 4.37% | 1 | 0 | 2024-04-04T05:43:04 | An authenticated, remote attacker may use a stack based out-of-bounds write vuln | |
| CVE-2022-47388 | 8.8 | 2.30% | 1 | 0 | 2024-04-04T05:43:02 | An authenticated, remote attacker may use a stack based out-of-bounds write vuln | |
| CVE-2022-47384 | 8.8 | 2.30% | 1 | 0 | 2024-04-04T05:42:57 | An authenticated remote attacker may use a stack based out-of-bounds write vulne | |
| CVE-2022-47380 | 8.8 | 2.30% | 1 | 0 | 2024-04-04T05:42:52 | An authenticated remote attacker may use a stack based out-of-bounds write vuln | |
| CVE-2022-47381 | 8.8 | 2.30% | 1 | 0 | 2024-04-04T05:42:52 | An authenticated remote attacker may use a stack based out-of-bounds write vulne | |
| CVE-2022-47393 | 6.5 | 0.52% | 1 | 0 | 2024-04-04T04:05:11 | An authenticated, remote attacker may use a Improper Restriction of Operations w | |
| CVE-2022-47391 | 7.5 | 0.59% | 1 | 0 | 2024-04-04T04:05:08 | In multiple CODESYS products in multiple versions an unauthorized, remote attack | |
| CVE-2026-4370 | 0 | 0.03% | 4 | 0 | N/A | ||
| CVE-2026-4800 | 0 | 0.07% | 2 | 1 | N/A | ||
| CVE-2026-34365 | 0 | 0.03% | 2 | 0 | N/A | ||
| CVE-2026-34366 | 0 | 0.03% | 2 | 0 | N/A | ||
| CVE-2026-34731 | 0 | 0.06% | 2 | 0 | N/A | ||
| CVE-2026-28228 | 0 | 0.05% | 2 | 0 | N/A | ||
| CVE-2026-34054 | 0 | 0.06% | 1 | 0 | N/A | ||
| CVE-2026-33984 | 0 | 0.04% | 1 | 0 | N/A | ||
| CVE-2026-33986 | 0 | 0.04% | 1 | 0 | N/A | ||
| CVE-2026-32877 | 0 | 0.04% | 1 | 0 | N/A | ||
| CVE-2026-31946 | 0 | 0.04% | 1 | 0 | N/A | ||
| CVE-2026-33691 | 0 | 0.00% | 1 | 0 | N/A |
updated 2026-04-01T20:38:14.020000
2 posts
🟠 CVE-2026-34394 - High (8.1)
WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo's admin plugin configuration endpoint (admin/save.json.php) lacks any CSRF token validation. There is no call to isGlobalTokenValid() or verifyToken() before processi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34394/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34394 - High (8.1)
WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo's admin plugin configuration endpoint (admin/save.json.php) lacks any CSRF token validation. There is no call to isGlobalTokenValid() or verifyToken() before processi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34394/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T20:31:57.590000
1 posts
🟠 CVE-2025-32957 - High (8.7)
baserCMS is a website development framework. Prior to version 5.2.3, the application's restore function allows users to upload a .zip file, which is then automatically extracted. A PHP file inside the archive is included using require_once without...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-32957/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T20:29:39.303000
2 posts
🚨 CVE-2026-21861: CRITICAL OS command injection in baserCMS < 5.2.3. Admins can execute arbitrary system commands via core update. Patch to 5.2.3+ ASAP to prevent full compromise. https://radar.offseq.com/threat/cve-2026-21861-cwe-78-improper-neutralization-of-s-7b86deef #OffSeq #baserCMS #CVE2026_21861 #infosec #patching
##🔴 CVE-2026-21861 - Critical (9.1)
baserCMS is a website development framework. Prior to version 5.2.3, baserCMS contains an OS command injection vulnerability in the core update functionality. An authenticated administrator can execute arbitrary OS commands on the server due to im...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21861/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T20:27:00.497000
1 posts
baserCMS < 5.2.3 hit by CRITICAL OS command injection (CVE-2026-30880, CVSS 9.2). Remote unauthenticated RCE possible via installer. Patch to 5.2.3+ now or restrict installer access! https://radar.offseq.com/threat/cve-2026-30880-cwe-78-improper-neutralization-of-s-5ac38c48 #OffSeq #baserCMS #Vuln #infosec
##updated 2026-04-01T20:16:29.780000
13 posts
CVE ID: CVE-2026-5281
Vendor: Google
Product: Dawn
Date Added: 2026-04-01
Notes: This vulnerability affects an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-5281
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-5281
🟠 CVE-2026-5281 - High (8.8)
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5281/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Google on Tuesday released security updates for its Chrome web browser to address 21 vulnerabilities, including a zero-day flaw that it said has been exploited in the wild.
https://thehackernews.com/2026/04/new-chrome-zero-day-cve-2026-5281-under.html
##CVE-2026-5281 (Use after free in Dawn) included with this is a zero day
##Amongst other security improvements from Chromium upstream it includes a fix for CVE-2026-5281 (Use after free in Dawn), which has a known exploit in the wild.
##Amongst other security improvements from Chromium upstream it includes a fix for CVE-2026-5281 (Use after free in Dawn), which has a known exploit in the wild.
##Upstream release notes have been published. This release includes fixes for 21 CVES. Google is aware that an exploit for CVE-2026-5281 exists in the wild.
chromereleases.googleblog.com/2026/03/stab...
RE: https://bsky.app/profile/did:plc:6ol7vfhxcbk3ylrlbbioxlav/post/3mifg4rzfh22x
Stable Channel Update for Desk...
CVE ID: CVE-2026-5281
Vendor: Google
Product: Dawn
Date Added: 2026-04-01
Notes: This vulnerability affects an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-5281
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-5281
🟠 CVE-2026-5281 - High (8.8)
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5281/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##CVE-2026-5281 (Use after free in Dawn) included with this is a zero day
##Amongst other security improvements from Chromium upstream it includes a fix for CVE-2026-5281 (Use after free in Dawn), which has a known exploit in the wild.
##Amongst other security improvements from Chromium upstream it includes a fix for CVE-2026-5281 (Use after free in Dawn), which has a known exploit in the wild.
##Upstream release notes have been published. This release includes fixes for 21 CVES. Google is aware that an exploit for CVE-2026-5281 exists in the wild.
chromereleases.googleblog.com/2026/03/stab...
RE: https://bsky.app/profile/did:plc:6ol7vfhxcbk3ylrlbbioxlav/post/3mifg4rzfh22x
Stable Channel Update for Desk...
updated 2026-04-01T19:27:12.840000
2 posts
🟠 CVE-2026-34506 - High (7.5)
OpenClaw before 2026.3.8 contains a sender allowlist bypass vulnerability in its Microsoft Teams plugin that allows unauthorized senders to bypass intended authorization checks. When a team/channel route allowlist is configured with an empty group...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34506/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34506 - High (7.5)
OpenClaw before 2026.3.8 contains a sender allowlist bypass vulnerability in its Microsoft Teams plugin that allows unauthorized senders to bypass intended authorization checks. When a team/channel route allowlist is configured with an empty group...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34506/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T19:19:24.363000
1 posts
🔴 CVE-2026-33576 - Critical (9.8)
OpenClaw before 2026.3.28 downloads and stores inbound media from Zalo channels before validating sender authorization. Unauthorized senders can force network fetches and disk writes to the media store by sending messages that are subsequently rej...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33576/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T18:55:19.097000
1 posts
🟠 CVE-2026-35056 - High (8.8)
XenForo before 2.3.9 and before 2.2.18 allows remote code execution (RCE) by authenticated, but malicious, admin users. An attacker with admin panel access can execute arbitrary code on the server.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35056/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T18:53:29.363000
1 posts
🟠 CVE-2025-71282 - High (7.5)
XenForo before 2.3.7 discloses filesystem paths through exception messages triggered by open_basedir restrictions. This allows an attacker to obtain information about the server's directory structure.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71282/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T18:51:48.267000
1 posts
🟠 CVE-2025-71278 - High (8.8)
XenForo before 2.3.5 allows OAuth2 client applications to request unauthorized scopes. This affects any customer using OAuth2 clients on any version of XenForo 2.3 prior to 2.3.5, potentially allowing client applications to gain access beyond thei...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71278/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T18:38:39.890000
1 posts
🔴 CVE-2026-34162 - Critical (10)
FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, the FastGPT HTTP tools testing endpoint (/api/core/app/httpTools/runTool) is exposed without any authentication. This endpoint acts as a full HTTP proxy — it accepts a user-sup...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34162/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T18:28:47.027000
1 posts
🟠 CVE-2026-34163 - High (7.7)
FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, FastGPT's MCP (Model Context Protocol) tools endpoints (/api/core/app/mcpTools/getTools and /api/core/app/mcpTools/runTool) accept a user-supplied URL parameter and make server-s...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34163/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T17:28:40.643000
1 posts
🟠 CVE-2026-34453 - High (7.5)
SiYuan is a personal knowledge management system. Prior to version 3.6.2, the publish service exposes bookmarked blocks from password-protected documents to unauthenticated visitors. In publish/read-only mode, /api/bookmark/getBookmark filters boo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34453/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T17:28:39.507000
2 posts
🟠 CVE-2026-33949 - High (8.1)
Tina is a headless content management system. Prior to version 2.2.2, a path traversal vulnerability in @tinacms/graphql allows unauthenticated users to write and overwrite arbitrary files within the project root. This is achieved by manipulating ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33949/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33949 - High (8.1)
Tina is a headless content management system. Prior to version 2.2.2, a path traversal vulnerability in @tinacms/graphql allows unauthenticated users to write and overwrite arbitrary files within the project root. This is achieved by manipulating ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33949/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T17:28:31.760000
2 posts
And (drum roll) .... here it is. Grab a coffee, Cisco's having a bad hair day.
New.
Critical: CVE-2026-20160: Cisco Smart Software Manager On-Prem Arbitrary Command Execution Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssm-cli-execution-cHUcWuNr
Also new:
Critical: CVE-2026-20093: Cisco Integrated Management Controller Authentication Bypass Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-bypass-AgG2BxTn
Three high-severity entries:
Four medium-severity entries toward the end of today's list: https://sec.cloudapps.cisco.com/security/center/publicationListing.x @TalosSecurity #infosec #Cisco #vulnerability
##And (drum roll) .... here it is. Grab a coffee, Cisco's having a bad hair day.
New.
Critical: CVE-2026-20160: Cisco Smart Software Manager On-Prem Arbitrary Command Execution Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssm-cli-execution-cHUcWuNr
Also new:
Critical: CVE-2026-20093: Cisco Integrated Management Controller Authentication Bypass Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-bypass-AgG2BxTn
Three high-severity entries:
Four medium-severity entries toward the end of today's list: https://sec.cloudapps.cisco.com/security/center/publicationListing.x @TalosSecurity #infosec #Cisco #vulnerability
##updated 2026-04-01T17:28:29.027000
2 posts
And (drum roll) .... here it is. Grab a coffee, Cisco's having a bad hair day.
New.
Critical: CVE-2026-20160: Cisco Smart Software Manager On-Prem Arbitrary Command Execution Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssm-cli-execution-cHUcWuNr
Also new:
Critical: CVE-2026-20093: Cisco Integrated Management Controller Authentication Bypass Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-bypass-AgG2BxTn
Three high-severity entries:
Four medium-severity entries toward the end of today's list: https://sec.cloudapps.cisco.com/security/center/publicationListing.x @TalosSecurity #infosec #Cisco #vulnerability
##And (drum roll) .... here it is. Grab a coffee, Cisco's having a bad hair day.
New.
Critical: CVE-2026-20160: Cisco Smart Software Manager On-Prem Arbitrary Command Execution Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssm-cli-execution-cHUcWuNr
Also new:
Critical: CVE-2026-20093: Cisco Integrated Management Controller Authentication Bypass Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-bypass-AgG2BxTn
Three high-severity entries:
Four medium-severity entries toward the end of today's list: https://sec.cloudapps.cisco.com/security/center/publicationListing.x @TalosSecurity #infosec #Cisco #vulnerability
##updated 2026-04-01T17:09:45.597000
2 posts
🟠 CVE-2026-5278 - High (8.8)
Use after free in Web MIDI in Google Chrome on Android prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5278/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-5278 - High (8.8)
Use after free in Web MIDI in Google Chrome on Android prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5278/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T17:09:14.033000
2 posts
🟠 CVE-2026-5284 - High (7.5)
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5284/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-5284 - High (7.5)
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5284/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T16:41:09.713000
2 posts
🔴 CVE-2026-5288 - Critical (9.6)
Use after free in WebView in Google Chrome on Android prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5288/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-5288 - Critical (9.6)
Use after free in WebView in Google Chrome on Android prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5288/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T16:40:59.350000
2 posts
🔴 CVE-2026-5289 - Critical (9.6)
Use after free in Navigation in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5289/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-5289 - Critical (9.6)
Use after free in Navigation in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5289/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T16:40:52.530000
2 posts
🔴 CVE-2026-5290 - Critical (9.6)
Use after free in Compositing in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5290/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-5290 - Critical (9.6)
Use after free in Compositing in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5290/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T16:40:22.150000
2 posts
🟠 CVE-2026-5277 - High (7.5)
Integer overflow in ANGLE in Google Chrome on Windows prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5277/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-5277 - High (7.5)
Integer overflow in ANGLE in Google Chrome on Windows prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5277/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T16:40:00.530000
2 posts
🟠 CVE-2026-5275 - High (8.8)
Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5275/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-5275 - High (8.8)
Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5275/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T16:39:51.933000
2 posts
🟠 CVE-2026-5274 - High (8.8)
Integer overflow in Codecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5274/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-5274 - High (8.8)
Integer overflow in Codecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5274/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T16:36:06.623000
2 posts
🟠 CVE-2026-5272 - High (8.8)
Heap buffer overflow in GPU in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5272/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-5272 - High (8.8)
Heap buffer overflow in GPU in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5272/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T16:23:52.180000
2 posts
🟠 CVE-2026-5087 - High (7.5)
PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely.
PAGI::Middleware::Session::Store::Cookie attempts to read bytes from the /dev/urandom device directly. If that fails (for example, on s...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5087/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-5087 - High (7.5)
PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely.
PAGI::Middleware::Session::Store::Cookie attempts to read bytes from the /dev/urandom device directly. If that fails (for example, on s...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5087/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T16:23:51.263000
2 posts
🟠 CVE-2026-4748 - High (7.5)
A regression in the way hashes were calculated caused rules containing the address range syntax (x.x.x.x - y.y.y.y) that only differ in the address range(s) involved to be silently dropped as duplicates. Only the first of such rules is actually l...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4748/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4748 - High (7.5)
A regression in the way hashes were calculated caused rules containing the address range syntax (x.x.x.x - y.y.y.y) that only differ in the address range(s) involved to be silently dropped as duplicates. Only the first of such rules is actually l...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4748/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T16:23:51.103000
2 posts
🟠 CVE-2026-3308 - High (7.8)
An integer overflow vulnerability in 'pdf-image.c' in Artifex's MuPDF version 1.27.0 allows an attacker to maliciously craft a PDF that can trigger an integer overflow within the 'pdf_load_image_imp' function. This allows a heap out-of-bounds writ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3308/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-3308 - High (7.8)
An integer overflow vulnerability in 'pdf-image.c' in Artifex's MuPDF version 1.27.0 allows an attacker to maliciously craft a PDF that can trigger an integer overflow within the 'pdf_load_image_imp' function. This allows a heap out-of-bounds writ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3308/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T16:23:50.373000
2 posts
🟠 CVE-2026-34430 - High (8.8)
ByteDance Deer-Flow versions prior to commit 92c7a20 contain a sandbox escape vulnerability in bash tool handling that allows attackers to execute arbitrary commands on the host system by bypassing regex-based validation using shell features such...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34430/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34430 - High (8.8)
ByteDance Deer-Flow versions prior to commit 92c7a20 contain a sandbox escape vulnerability in bash tool handling that allows attackers to execute arbitrary commands on the host system by bypassing regex-based validation using shell features such...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34430/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T16:23:50.073000
2 posts
🟠 CVE-2026-33373 - High (8.8)
An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A Cross-Site Request Forgery (CSRF) vulnerability exists in Zimbra Web Client due to the issuance of authentication tokens without CSRF protection during certain account state tr...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33373/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33373 - High (8.8)
An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A Cross-Site Request Forgery (CSRF) vulnerability exists in Zimbra Web Client due to the issuance of authentication tokens without CSRF protection during certain account state tr...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33373/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T16:23:49.123000
2 posts
🔴 CVE-2026-29014 - Critical (9.8)
MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted requests with malicious PHP code. Attackers can exploit insufficient input...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-29014/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-29014 - Critical (9.8)
MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted requests with malicious PHP code. Attackers can exploit insufficient input...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-29014/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T15:32:18
2 posts
🟠 CVE-2026-5292 - High (8.8)
Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5292/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-5292 - High (8.8)
Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5292/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T15:32:18
2 posts
🚨 CVE-2026-2696: HIGH severity flaw in Export All URLs WP plugin (<5.1) leaks private post URLs via brute-forcible CSV files in uploads/. No auth needed. Upgrade ASAP & restrict dir access! https://radar.offseq.com/threat/cve-2026-2696-cwe-200-information-exposure-in-expo-c6c7420f #OffSeq #WordPress #CVE20262696
##🚨 CVE-2026-2696: HIGH severity flaw in Export All URLs WP plugin (<5.1) leaks private post URLs via brute-forcible CSV files in uploads/. No auth needed. Upgrade ASAP & restrict dir access! https://radar.offseq.com/threat/cve-2026-2696-cwe-200-information-exposure-in-expo-c6c7420f #OffSeq #WordPress #CVE20262696
##updated 2026-04-01T15:32:17
4 posts
🟠 CVE-2026-5286 - High (8.8)
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5286/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CVE-2026-5286: HIGH severity use-after-free in Chrome’s Dawn component <146.0.7680.178. Remote code execution possible via crafted HTML. Patch now to stay protected! https://radar.offseq.com/threat/cve-2026-5286-use-after-free-in-google-chrome-34aabe80 #OffSeq #Chrome #Vuln #InfoSec
##🟠 CVE-2026-5286 - High (8.8)
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5286/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CVE-2026-5286: HIGH severity use-after-free in Chrome’s Dawn component <146.0.7680.178. Remote code execution possible via crafted HTML. Patch now to stay protected! https://radar.offseq.com/threat/cve-2026-5286-use-after-free-in-google-chrome-34aabe80 #OffSeq #Chrome #Vuln #InfoSec
##updated 2026-04-01T15:31:21
4 posts
🟠 CVE-2026-35092 - High (7.5)
A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol (UDP) packets. This can cause the service to crash, leadi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35092/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-35092 - High (7.5)
A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol (UDP) packets. This can cause the service to crash, leadi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35092/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-35092 - High (7.5)
A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol (UDP) packets. This can cause the service to crash, leadi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35092/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-35092 - High (7.5)
A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol (UDP) packets. This can cause the service to crash, leadi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35092/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T15:31:21
4 posts
🟠 CVE-2026-35091 - High (8.2)
A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol (UDP) packet. This can lead t...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35091/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-35091 - High (8.2)
A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol (UDP) packet. This can lead t...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35091/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-35091 - High (8.2)
A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol (UDP) packet. This can lead t...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35091/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-35091 - High (8.2)
A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol (UDP) packet. This can lead t...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35091/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T15:31:15
2 posts
🟠 CVE-2026-5282 - High (8.1)
Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5282/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-5282 - High (8.1)
Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5282/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T15:23:23.797000
21 posts
https://github.com/califio/publications/tree/main/MADBugs/CVE-2026-4747
🧐
Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell (CVE-2026-4747): https://github.com/califio/publications/blob/main/MADBugs/CVE-2026-4747/write-up.md
Discussion: http://news.ycombinator.com/item?id=47597119
##📰 Today's Top 20 Hacker News Stories (Sorted by Score) 📰
----------------------------------------
🔖 Title: Claude Code Unpacked : A visual guide
🔗 URL: https://ccunpacked.dev/
👍 Score: [944]
💬 Discussion: https://news.ycombinator.com/item?id=47597085
----------------------------------------
🔖 Title: CERN levels up with new superconducting karts
🔗 URL: https://home.cern/news/news/engineering/cern-levels-new-superconducting-karts
👍 Score: [343]
💬 Discussion: https://news.ycombinator.com/item?id=47597935
----------------------------------------
🔖 Title: EmDash – a spiritual successor to WordPress that solves plugin security
🔗 URL: https://blog.cloudflare.com/emdash-wordpress/
👍 Score: [245]
💬 Discussion: https://news.ycombinator.com/item?id=47602832
----------------------------------------
🔖 Title: Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell (CVE-2026-4747)
🔗 URL: https://github.com/califio/publications/blob/main/MADBugs/CVE-2026-4747/write-up.md
👍 Score: [198]
💬 Discussion: https://news.ycombinator.com/item?id=47597119
----------------------------------------
🔖 Title: Is BGP safe yet?
🔗 URL: https://isbgpsafeyet.com/
👍 Score: [196]
💬 Discussion: https://news.ycombinator.com/item?id=47600382
----------------------------------------
🔖 Title: Show HN: CLI to order groceries via reverse-engineered REWE API (Haskell)
🔗 URL: https://github.com/yannick-cw/korb
👍 Score: [177]
💬 Discussion: https://news.ycombinator.com/item?id=47571183
----------------------------------------
🔖 Title: NASA Artemis II moon mission live launch broadcast
🔗 URL: https://plus.nasa.gov/scheduled-video/nasas-artemis-ii-crew-launches-to-the-moon-official-broadcast/
👍 Score: [139]
💬 Discussion: https://news.ycombinator.com/item?id=47603657
----------------------------------------
🔖 Title: The OpenAI Graveyard: All the Deals and Products That Haven't Happened
🔗 URL: https://www.forbes.com/sites/phoebeliu/2026/03/31/openai-graveyard-deals-and-products-havent-happened-openai/
👍 Score: [132]
💬 Discussion: https://news.ycombinator.com/item?id=47602565
----------------------------------------
🔖 Title: Intuiting Pratt Parsing
🔗 URL: https://louis.co.nz/2026/03/26/pratt-parsing.html
👍 Score: [121]
💬 Discussion: https://news.ycombinator.com/item?id=47573450
----------------------------------------
🔖 Title: StepFun 3.5 Flash is #1 cost-effective model for OpenClaw tasks (300 battles)
🔗 URL: https://app.uniclaw.ai/arena?tab=costEffectiveness&via=hn
👍 Score: [80]
💬 Discussion: https://news.ycombinator.com/item?id=47602879
----------------------------------------
🔖 Title: Random numbers, Persian code: A mysterious signal transfixes radio sleuths
🔗 URL: https://www.rferl.org/a/mystery-numbers-station-persian-signal-iran-war/33700659.html
👍 Score: [74]
💬 Discussion: https://news.ycombinator.com/item?id=47599510
----------------------------------------
🔖 Title: Consider the Greenland Shark (2020)
🔗 URL: https://www.lrb.co.uk/the-paper/v42/n09/katherine-rundell/consider-the-greenland-shark
👍 Score: [68]
💬 Discussion: https://news.ycombinator.com/item?id=47539945
----------------------------------------
🔖 Title: The Document Foundation ejects its core developers
🔗 URL: https://www.collaboraonline.com/blog/tdf-ejects-its-core-developers/
👍 Score: [67]
💬 Discussion: https://news.ycombinator.com/item?id=47599305
----------------------------------------
🔖 Title: What Is Copilot Exactly?
🔗 URL: https://idiallo.com/blog/what-is-copilot-exactly
👍 Score: [62]
💬 Discussion: https://news.ycombinator.com/item?id=47603231
----------------------------------------
🔖 Title: AI for American-Produced Cement and Concrete
🔗 URL: https://engineering.fb.com/2026/03/30/data-center-engineering/ai-for-american-produced-cement-and-concrete/
👍 Score: [57]
💬 Discussion: https://news.ycombinator.com/item?id=47603737
----------------------------------------
🔖 Title: Show HN: Real-time dashboard for Claude Code agent teams
🔗 URL: https://github.com/simple10/agents-observe
👍 Score: [44]
💬 Discussion: https://news.ycombinator.com/item?id=47602986
----------------------------------------
🔖 Title: Show HN: Zerobox – Sandbox any command with file and network restrictions
🔗 URL: https://github.com/afshinm/zerobox
👍 Score: [36]
💬 Discussion: https://news.ycombinator.com/item?id=47574871
----------------------------------------
🔖 Title: Ada and Spark on ARM Cortex-M – A Tutorial with Arduino and Nucleo Examples
🔗 URL: http://inspirel.com/articles/Ada_On_Cortex.html
👍 Score: [36]
💬 Discussion: https://news.ycombinator.com/item?id=47552144
----------------------------------------
🔖 Title: Randomness on Apple Platforms (2024)
🔗 URL: https://blog.xoria.org/randomness-on-apple-platforms/
👍 Score: [34]
💬 Discussion: https://news.ycombinator.com/item?id=47543205
----------------------------------------
Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell (CVE-2026-4747)
Link: https://github.com/califio/publications/blob/main/MADBugs/CVE-2026-4747/write-up.md
Discussion: https://news.ycombinator.com/item?id=47597119
Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell (CVE-2026-4747)
Link: https://github.com/califio/publications/blob/main/MADBugs/CVE-2026-4747/write-up.md
Discussion: https://news.ycombinator.com/item?id=47597119
MAD Bugs: Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell (CVE-2026-4747)
https://blog.calif.io/p/mad-bugs-claude-wrote-a-full-freebsd
##Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell (CVE-2026-4747) - https://github.com/califio/publications/blob/main/MADBugs/CVE-2026-4747/write-up.md
##Wow, #Claude, you wrote a remote kernel #RCE with a root shell for FreeBSD? 🙄 I’m sure this groundbreaking achievement will be a thrilling bedtime story for security experts everywhere. 🤦♂️ Meanwhile, GitHub is still doing cartwheels about #AI writing better code so we can break it even faster. 💥
https://github.com/califio/publications/blob/main/MADBugs/CVE-2026-4747/write-up.md #FreeBSD #cybersecurity #coding #HackerNews #ngated
Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell (CVE-2026-4747)
https://github.com/califio/publications/blob/main/MADBugs/CVE-2026-4747/write-up.md
#HackerNews #FreeBSD #RCE #Security #CVE-2026-4747 #RootShell #CyberSecurity
##Claude wrote a full FreeBSD remote kernel RCE with root shell
https://github.com/califio/publications/blob/main/MADBugs/CVE-2026-4747/write-up.md
##https://github.com/califio/publications/tree/main/MADBugs/CVE-2026-4747
🧐
Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell (CVE-2026-4747)
Link: https://github.com/califio/publications/blob/main/MADBugs/CVE-2026-4747/write-up.md
Discussion: https://news.ycombinator.com/item?id=47597119
Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell (CVE-2026-4747)
Link: https://github.com/califio/publications/blob/main/MADBugs/CVE-2026-4747/write-up.md
Discussion: https://news.ycombinator.com/item?id=47597119
MAD Bugs: Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell (CVE-2026-4747)
https://blog.calif.io/p/mad-bugs-claude-wrote-a-full-freebsd
##Wow, #Claude, you wrote a remote kernel #RCE with a root shell for FreeBSD? 🙄 I’m sure this groundbreaking achievement will be a thrilling bedtime story for security experts everywhere. 🤦♂️ Meanwhile, GitHub is still doing cartwheels about #AI writing better code so we can break it even faster. 💥
https://github.com/califio/publications/blob/main/MADBugs/CVE-2026-4747/write-up.md #FreeBSD #cybersecurity #coding #HackerNews #ngated
Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell (CVE-2026-4747)
https://github.com/califio/publications/blob/main/MADBugs/CVE-2026-4747/write-up.md
#HackerNews #FreeBSD #RCE #Security #CVE-2026-4747 #RootShell #CyberSecurity
##Claude wrote a full FreeBSD remote kernel RCE with root shell
https://github.com/califio/publications/blob/main/MADBugs/CVE-2026-4747/write-up.md
##@AmenZwa
MAD Bugs: Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell (CVE-2026-4747)
https://blog.calif.io/p/mad-bugs-claude-wrote-a-full-freebsd
Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell (CVE-2026-4747) https://lobste.rs/s/hsykbh #freebsd #security #vibecoding
https://blog.calif.io/p/mad-bugs-claude-wrote-a-full-freebsd
MAD Bugs: Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell (CVE-2026-4747) https://blog.calif.io/p/mad-bugs-claude-wrote-a-full-freebsd
##Claude Wrote a Full #FreeBSD Remote Kernel #RCE with Root Shell (CVE-2026-4747): https://blog.calif.io/p/mad-bugs-claude-wrote-a-full-freebsd
##updated 2026-04-01T15:23:23.523000
2 posts
🔴 CVE-2026-3256 - Critical (9.8)
HTTP::Session versions through 0.53 for Perl defaults to using insecurely generated session ids.
HTTP::Session defaults to using HTTP::Session::ID::SHA1 to generate session ids using a SHA-1 hash seeded with the built-in rand function, the high r...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3256/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-3256 - Critical (9.8)
HTTP::Session versions through 0.53 for Perl defaults to using insecurely generated session ids.
HTTP::Session defaults to using HTTP::Session::ID::SHA1 to generate session ids using a SHA-1 hash seeded with the built-in rand function, the high r...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3256/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T14:24:21.833000
1 posts
🔴 CVE-2026-2275 - Critical (9.6)
The CrewAI CodeInterpreter tool falls back to SandboxPython when it cannot reach Docker, which can enable RCE through arbitrary C function calling.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2275/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T14:24:21.833000
2 posts
🟠 CVE-2026-29925 - High (7.7)
Invoice Ninja v5.12.46 and v5.12.48 is vulnerable to Server-Side Request Forgery (SSRF) in CheckDatabaseRequest.php.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-29925/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-29925 - High (7.7)
Invoice Ninja v5.12.46 and v5.12.48 is vulnerable to Server-Side Request Forgery (SSRF) in CheckDatabaseRequest.php.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-29925/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T14:24:21.833000
1 posts
🟠 CVE-2026-29924 - High (7.6)
Grav CMS v1.7.x and before is vulnerable to XML External Entity (XXE) through the SVG file upload functionality in the admin panel and File Manager plugin.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-29924/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T14:24:21.833000
1 posts
🟠 CVE-2026-29953 - High (7.5)
SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the columnAsInsert function in file plugins/postgres/lib/column.go.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-29953/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T14:24:21.833000
1 posts
1 repos
🟠 CVE-2026-29954 - High (7.6)
In KubePlus 4.1.4, the mutating webhook and kubeconfiggenerator components have an SSRF vulnerability when processing the chartURL field of ResourceComposition resources. The field is only URL-encoded without validating the target address. More cr...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-29954/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T14:24:21.833000
1 posts
🟠 CVE-2026-30077 - High (7.5)
OpenAirInterface V2.2.0 AMF crashes when it fails to decode the message. Not all decode failures result in a crash. But the crash is consistent for particular inputs. An example input in hex stream is 80 00 00 0E 00 00 01 00 0F 80 02 02 40 00 58 0...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30077/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T14:24:21.833000
1 posts
🟠 CVE-2026-29872 - High (8.2)
A cross-session information disclosure vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80a9877fab52acacf7ab8251 (2026-01-19). The affected Streamlit-based GitHub MCP Agent stores user-supplied API tokens in process-w...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-29872/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T14:24:02.583000
2 posts
🔴 New security advisory:
CVE-2026-34361 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-34361-hapi-fhir-auth-token-theft
🔴 CVE-2026-34361 - Critical (9.3)
HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.4, the FHIR Validator HTTP service exposes an unauthenticated "/loadIG" endpoint that makes outbound HTTP requests to att...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34361/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T14:24:02.583000
1 posts
🟠 CVE-2026-34504 - High (8.3)
OpenClaw before 2026.3.28 contains a server-side request forgery vulnerability in the fal provider image-generation-provider.ts component that allows attackers to fetch internal URLs. A malicious or compromised fal relay can exploit unguarded imag...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34504/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T14:24:02.583000
1 posts
🟠 CVE-2026-24164 - High (8.8)
NVIDIA BioNeMo contains a vulnerability where a user could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24164/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T14:24:02.583000
2 posts
🔴 CVE-2026-0596 - Critical (9.6)
A command injection vulnerability exists in mlflow/mlflow when serving a model with `enable_mlserver=True`. The `model_uri` is embedded directly into a shell command executed via `bash -c` without proper sanitization. If the `model_uri` contains s...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0596/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-0596 - Critical (9.6)
A command injection vulnerability exists in mlflow/mlflow when serving a model with `enable_mlserver=True`. The `model_uri` is embedded directly into a shell command executed via `bash -c` without proper sanitization. If the `model_uri` contains s...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0596/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T14:24:02.583000
2 posts
🔴 CVE-2026-34243 - Critical (9.8)
wenxian is a tool to generate BIBTEX files from given identifiers (DOI, PMID, arXiv ID, or paper title). In versions 0.3.1 and prior, a GitHub Actions workflow uses untrusted user input from issue_comment.body directly inside a shell command, allo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34243/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-34243 - Critical (9.8)
wenxian is a tool to generate BIBTEX files from given identifiers (DOI, PMID, arXiv ID, or paper title). In versions 0.3.1 and prior, a GitHub Actions workflow uses untrusted user input from issue_comment.body directly inside a shell command, allo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34243/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T14:24:02.583000
1 posts
🟠 CVE-2026-30309 - High (7.8)
InfCode's terminal auto-execution module contains a critical command filtering vulnerability that renders its blacklist security mechanism completely ineffective. The predefined blocklist fails to cover native high-risk commands in Windows PowerSh...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30309/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T14:24:02.583000
1 posts
🟠 CVE-2026-5204 - High (8.8)
A vulnerability was determined in Tenda CH22 1.0.0.1. Affected is the function formWebTypeLibrary of the file /goform/webtypelibrary of the component Parameter Handler. This manipulation of the argument webSiteId causes stack-based buffer overflow...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5204/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T14:24:02.583000
1 posts
🔴 CVE-2025-15618 - Critical (9.1)
Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key.
Business::OnlinePayment::StoredTransaction generates a secret key by using a MD5 hash of a single call to the built-in rand function, which is ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-15618/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T14:24:02.583000
2 posts
🟠 CVE-2026-34214 - High (7.7)
Trino is a distributed SQL query engine for big data analytics. From version 439 to before version 480, Iceberg connector REST catalog static credentials (access key) or vended credentials (temporary access key) are accessible to users that have w...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34214/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34214 - High (7.7)
Trino is a distributed SQL query engine for big data analytics. From version 439 to before version 480, Iceberg connector REST catalog static credentials (access key) or vended credentials (temporary access key) are accessible to users that have w...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34214/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T14:24:02.583000
1 posts
🔴 CVE-2026-32920 - Critical (9.8)
OpenClaw before 2026.3.12 automatically discovers and loads plugins from .OpenClaw/extensions/ without explicit trust verification, allowing arbitrary code execution. Attackers can execute malicious code by including crafted workspace plugins in c...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32920/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T14:24:02.583000
1 posts
🟠 CVE-2026-32916 - High (7.7)
OpenClaw versions 2026.3.7 before 2026.3.11 contain an authorization bypass vulnerability where plugin subagent routes execute gateway methods through a synthetic operator client with broad administrative scopes. Remote unauthenticated requests to...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32916/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T14:24:02.583000
1 posts
🟠 CVE-2026-32982 - High (7.5)
OpenClaw before 2026.3.13 contains an information disclosure vulnerability in the fetchRemoteMedia function that exposes Telegram bot tokens in error messages. When media downloads fail, the original Telegram file URLs containing bot tokens are em...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32982/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T14:24:02.583000
2 posts
🟠 CVE-2025-10551 - High (8.7)
A Stored Cross-site Scripting (XSS) vulnerability affecting Document Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-10551/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-10551 - High (8.7)
A Stored Cross-site Scripting (XSS) vulnerability affecting Document Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-10551/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T14:24:02.583000
1 posts
🟠 CVE-2025-10553 - High (8.7)
A Stored Cross-site Scripting (XSS) vulnerability affecting Factory Resource Management in DELMIA Factory Resource Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-10553/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T14:24:02.583000
3 posts
1 repos
🟠 CVE-2026-34070 - High (7.5)
LangChain is a framework for building agents and LLM-powered applications. Prior to version 1.2.22, multiple functions in langchain_core.prompts.loading read files from paths embedded in deserialized config dicts without validating against directo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34070/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34070 - High (7.5)
LangChain is a framework for building agents and LLM-powered applications. Prior to version 1.2.22, multiple functions in langchain_core.prompts.loading read files from paths embedded in deserialized config dicts without validating against directo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34070/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34070 - High (7.5)
LangChain is a framework for building agents and LLM-powered applications. Prior to version 1.2.22, multiple functions in langchain_core.prompts.loading read files from paths embedded in deserialized config dicts without validating against directo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34070/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T14:24:02.583000
1 posts
🟠 CVE-2026-32716 - High (8.1)
SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.6, the Enforcer incorrectly validates scope paths by using a simple prefix match (startswith). This allows a token with access to a specific path (e.g., /joh...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32716/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T14:24:02.583000
1 posts
🟠 CVE-2026-34042 - High (8.2)
act is a project which allows for local running of github actions. Prior to version 0.2.86, act's built in actions/cache server listens to connections on all interfaces and allows anyone who can connect to it including someone anywhere on the inte...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34042/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T14:24:02.583000
1 posts
🟠 CVE-2026-4020 - High (7.5)
The Gravity SMTP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4. This is due to a REST API endpoint registered at /wp-json/gravitysmtp/v1/tests/mock-data with a permission_callback ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4020/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T14:24:02.583000
2 posts
🚨 CRITICAL: CVE-2026-4257 in Contact Form by Supsystic (all versions) enables unauth RCE via SSTI (Twig). No patch yet. Disable plugin or block endpoints ASAP. Details: https://radar.offseq.com/threat/cve-2026-4257-cwe-94-improper-control-of-generatio-c9e2f160 #OffSeq #WordPress #CVE20264257 #SSTI #RCE
##🔴 CVE-2026-4257 - Critical (9.8)
The Contact Form by Supsystic plugin for WordPress is vulnerable to Server-Side Template Injection (SSTI) leading to Remote Code Execution (RCE) in all versions up to, and including, 1.7.36. This is due to the plugin using the Twig `Twig_Loader_St...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4257/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T14:24:02.583000
1 posts
🟠 CVE-2026-5155 - High (8.8)
A vulnerability was found in Tenda CH22 1.0.0.1. This affects the function fromAdvSetWan of the file /goform/AdvSetWan of the component Parameter Handler. The manipulation of the argument wanmode results in stack-based buffer overflow. The attack ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5155/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T14:24:02.583000
2 posts
🔴 CVE-2026-34557 - Critical (9.1)
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within group ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34557/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-34557 - Critical (9.1)
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within group ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34557/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T14:24:02.583000
2 posts
🟠 CVE-2026-5152 - High (8.8)
A vulnerability was detected in Tenda CH22 1.0.0.1. Impacted is the function formCreateFileName of the file /goform/createFileName. Performing a manipulation of the argument fileNameMit results in stack-based buffer overflow. The attack may be ini...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5152/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-5152 - High (8.8)
A vulnerability was detected in Tenda CH22 1.0.0.1. Impacted is the function formCreateFileName of the file /goform/createFileName. Performing a manipulation of the argument fileNameMit results in stack-based buffer overflow. The attack may be ini...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5152/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T14:23:37.727000
4 posts
🟠 CVE-2026-35093 - High (8.8)
A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the attacker to run unauthorized code with the sam...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35093/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-35093 - High (8.8)
A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the attacker to run unauthorized code with the sam...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35093/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-35093 - High (8.8)
A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the attacker to run unauthorized code with the sam...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35093/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-35093 - High (8.8)
A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the attacker to run unauthorized code with the sam...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35093/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T14:23:37.727000
2 posts
🔴 CVE-2025-15484 - Critical (9.1)
The Order Notification for WooCommerce WordPress plugin before 3.6.3 overrides WooCommerce's permission checks to grant full access to all unauthenticated requests, enabling complete read/write access to store resources like products, coupons, an...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-15484/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-15484 - Critical (9.1)
The Order Notification for WooCommerce WordPress plugin before 3.6.3 overrides WooCommerce's permission checks to grant full access to all unauthenticated requests, enabling complete read/write access to store resources like products, coupons, an...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-15484/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T14:23:37.727000
4 posts
Critical Authentication Bypass in Anritsu Remote Spectrum Monitors Left Unpatched
CISA and Anritsu report a critical authentication bypass vulnerability (CVE-2026-3356) affecting all versions of its Remote Spectrum Monitors, which the company does not plan to patch. The flaw allows unauthenticated remote attackers to take full control of the devices, potentially disrupting critical communications and defense infrastructure.
**Since Anritsu will not patch this critical flaw, these devices are permanently insecure. Make sure to isolate them from the internet and all untrusted networks. Ideally, consider replacing them with hardware that supports modern authentication standards because no isolation is perfect.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-authentication-bypass-in-anritsu-remote-spectrum-monitors-left-unpatched-d-4-h-z-o/gD2P6Ple2L
⚡️ CVE-2026-3356 (CVSS 9.3): Anritsu MS27100A lacks authentication for management — remote attackers can access & control all versions. No patch yet. Urgent: segment networks & restrict access! https://radar.offseq.com/threat/cve-2026-3356-cwe-306-missing-authentication-for-c-80869dad #OffSeq #CVE20263356 #IoTSecurity #Infosec
##Critical Authentication Bypass in Anritsu Remote Spectrum Monitors Left Unpatched
CISA and Anritsu report a critical authentication bypass vulnerability (CVE-2026-3356) affecting all versions of its Remote Spectrum Monitors, which the company does not plan to patch. The flaw allows unauthenticated remote attackers to take full control of the devices, potentially disrupting critical communications and defense infrastructure.
**Since Anritsu will not patch this critical flaw, these devices are permanently insecure. Make sure to isolate them from the internet and all untrusted networks. Ideally, consider replacing them with hardware that supports modern authentication standards because no isolation is perfect.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-authentication-bypass-in-anritsu-remote-spectrum-monitors-left-unpatched-d-4-h-z-o/gD2P6Ple2L
⚡️ CVE-2026-3356 (CVSS 9.3): Anritsu MS27100A lacks authentication for management — remote attackers can access & control all versions. No patch yet. Urgent: segment networks & restrict access! https://radar.offseq.com/threat/cve-2026-3356-cwe-306-missing-authentication-for-c-80869dad #OffSeq #CVE20263356 #IoTSecurity #Infosec
##updated 2026-04-01T14:23:37.727000
2 posts
⚠️ CVE-2026-23898: HIGH-severity flaw in Joomla! CMS (4.0.0-5.4.3, 6.0.0-6.0.3) lets admin-level attackers delete arbitrary files, risking DoS or system compromise. Patch ASAP, restrict high-priv accounts, monitor for deletions. https://radar.offseq.com/threat/cve-2026-23898-cwe-73-destructive-file-deletion-an-4b16a48a #OffSeq #Joomla #Vuln
##⚠️ CVE-2026-23898: HIGH-severity flaw in Joomla! CMS (4.0.0-5.4.3, 6.0.0-6.0.3) lets admin-level attackers delete arbitrary files, risking DoS or system compromise. Patch ASAP, restrict high-priv accounts, monitor for deletions. https://radar.offseq.com/threat/cve-2026-23898-cwe-73-destructive-file-deletion-an-4b16a48a #OffSeq #Joomla #Vuln
##updated 2026-04-01T14:23:37.727000
2 posts
🟠 CVE-2026-5211 - High (8.8)
A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 202602...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5211/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-5211 - High (8.8)
A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 202602...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5211/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T14:23:37.727000
2 posts
🟠 CVE-2026-34367 - High (7.6)
InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery (SSRF) vulnerability exists in the Invoice PDF generation mod...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34367/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34367 - High (7.6)
InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery (SSRF) vulnerability exists in the Invoice PDF generation mod...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34367/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T14:23:37.727000
2 posts
🟠 CVE-2026-5213 - High (8.8)
A vulnerability was determined in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5213/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-5213 - High (8.8)
A vulnerability was determined in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5213/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T14:23:37.727000
3 posts
🔴 CVE-2026-34448 - Critical (9)
SiYuan is a personal knowledge management system. Prior to version 3.6.2, an attacker who can place a malicious URL in an Attribute View mAsse field can trigger stored XSS when a victim opens the Gallery or Kanban view with “Cover From -> Asset ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34448/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-34448 - Critical (9)
SiYuan is a personal knowledge management system. Prior to version 3.6.2, an attacker who can place a malicious URL in an Attribute View mAsse field can trigger stored XSS when a victim opens the Gallery or Kanban view with “Cover From -> Asset ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34448/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CRITICAL alert: CVE-2026-34448 in SiYuan (<3.6.2) enables stored XSS, escalating to OS command execution via unsafe Electron configs. Patch to 3.6.2+ & tighten app security! Details: https://radar.offseq.com/threat/cve-2026-34448-cwe-79-improper-neutralization-of-i-36bc82a3 #OffSeq #SiYuan #CVE202634448 #XSS #infosec
##updated 2026-04-01T14:23:37.727000
2 posts
🟠 CVE-2025-13855 - High (7.6)
IBM Storage Protect Server 8.2.0 IBM Storage Protect Plus Server is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-13855/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-13855 - High (7.6)
IBM Storage Protect Server 8.2.0 IBM Storage Protect Plus Server is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-13855/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T14:23:37.727000
1 posts
🟠 CVE-2026-3779 - High (7.8)
The application's list box calculate array logic keeps stale references to page or form objects after they are deleted or re-created, which allows crafted documents to trigger a use-after-free when the calculation runs and can potentially lead to ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3779/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T14:23:37.727000
2 posts
🟠 CVE-2026-32726 - High (8.1)
SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass in path-based scope validation. The enforcer used a simple string-prefix comparison w...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32726/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32726 - High (8.1)
SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass in path-based scope validation. The enforcer used a simple string-prefix comparison w...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32726/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T14:23:37.727000
1 posts
🟠 CVE-2026-32725 - High (8.3)
SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass when processing path-based scopes in tokens. The library normalizes the scope path fr...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32725/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T14:23:37.727000
1 posts
🟠 CVE-2026-5190 - High (7.5)
Out-of-bounds write in the streaming decoder component in aws-c-event-stream before 0.6.0 might allow a third party operating a server to cause memory corruption leading to arbitrary code execution on a client application that processes crafted ev...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5190/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T06:11:50
1 posts
🟠 CVE-2026-26060 - High (8.8)
Fleet is open source device management software. Prior to 4.81.0, a vulnerability in Fleet’s password management logic could allow previously issued password reset tokens to remain valid after a user changes their password. As a result, a stale ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26060/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T03:31:46
1 posts
🟠 CVE-2025-71281 - High (8.8)
XenForo before 2.3.7 does not properly restrict methods callable from within templates. A loose prefix match was used instead of a stricter first-word match for methods accessible through callbacks and variable method calls in templates, potential...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71281/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T03:31:46
1 posts
🟠 CVE-2026-3775 - High (7.8)
The application's update service, when checking for updates, loads certain system libraries from a search path that includes directories writable by low‑privileged users and is not strictly restricted to trusted system locations. Because these l...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3775/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T03:31:46
1 posts
🔴 CVE-2025-71279 - Critical (9.8)
XenForo before 2.3.7 contains a security issue affecting Passkeys that have been added to user accounts. An attacker may be able to compromise the security of Passkey-based authentication.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71279/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T00:31:39
1 posts
🟠 CVE-2026-5214 - High (8.8)
A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5214/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T00:09:24
3 posts
⚠️ CRITICAL: CVE-2026-34558 in ci4ms (<0.31.0.0) — Stored DOM XSS in Methods Management lets attackers inject persistent JS into admin panels. Patch to 0.31.0.0+ ASAP! Details: https://radar.offseq.com/threat/cve-2026-34558-cwe-79-improper-neutralization-of-i-198231a4 #OffSeq #XSS #Vuln #AppSec
##🔴 CVE-2026-34558 - Critical (9.1)
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within the Me...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34558/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-34558 - Critical (9.1)
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within the Me...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34558/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T00:05:12
1 posts
🟠 CVE-2026-34585 - High (8.6)
SiYuan is a personal knowledge management system. Prior to version 3.6.2, a vulnerability allows crafted block attribute values to bypass server-side attribute escaping when an HTML entity is mixed with raw special characters. An attacker can embe...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34585/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T00:01:11
2 posts
🔴 CVE-2026-33578 - Critical (9.8)
OpenClaw before 2026.3.28 contains a sender policy bypass vulnerability in the Google Chat and Zalouser extensions where route-level group allowlist policies silently downgrade to open policy. Attackers can exploit this policy resolution flaw to b...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33578/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-33578 - Critical (9.8)
OpenClaw before 2026.3.28 contains a sender policy bypass vulnerability in the Google Chat and Zalouser extensions where route-level group allowlist policies silently downgrade to open policy. Attackers can exploit this policy resolution flaw to b...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33578/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T00:00:20
1 posts
🔴 CVE-2026-33577 - Critical (9.8)
OpenClaw before 2026.3.28 contains an insufficient scope validation vulnerability in the node pairing approval path that allows low-privilege operators to approve nodes with broader scopes. Attackers can exploit missing callerScopes validation in ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33577/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T23:52:04
1 posts
🟠 CVE-2026-34503 - High (7.5)
OpenClaw before 2026.3.28 fails to disconnect active WebSocket sessions when devices are removed or tokens are revoked. Attackers with revoked credentials can maintain unauthorized access through existing live sessions until forced reconnection.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34503/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T23:29:01
3 posts
🔴 CVE-2026-34449 - Critical (9.6)
SiYuan is a personal knowledge management system. Prior to version 3.6.2, a malicious website can achieve Remote Code Execution (RCE) on any desktop running SiYuan by exploiting the permissive CORS policy (Access-Control-Allow-Origin: * + Access-C...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34449/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-34449 - Critical (9.6)
SiYuan is a personal knowledge management system. Prior to version 3.6.2, a malicious website can achieve Remote Code Execution (RCE) on any desktop running SiYuan by exploiting the permissive CORS policy (Access-Control-Allow-Origin: * + Access-C...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34449/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CVE-2026-34449: CRITICAL RCE in SiYuan (<3.6.2) via permissive CORS. Visiting a malicious site while SiYuan runs allows OS-level code exec. Patch to 3.6.2+ ASAP! https://radar.offseq.com/threat/cve-2026-34449-cwe-942-permissive-cross-domain-pol-0cb7b35e #OffSeq #SiYuan #CVE202634449 #RCE #InfoSec
##updated 2026-03-31T23:10:05
2 posts
🟠 CVE-2026-34381 - High (7.5)
Admidio is an open-source user management solution. From version 5.0.0 to before version 5.0.8, Admidio relies on adm_my_files/.htaccess to deny direct HTTP access to uploaded documents. The Docker image ships with AllowOverride None in the Apache...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34381/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34381 - High (7.5)
Admidio is an open-source user management solution. From version 5.0.0 to before version 5.0.8, Admidio relies on adm_my_files/.htaccess to deny direct HTTP access to uploaded documents. The Docker image ships with AllowOverride None in the Apache...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34381/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T23:09:20
1 posts
🟠 CVE-2026-34240 - High (7.5)
JOSE is a Javascript Object Signing and Encryption (JOSE) library. Prior to version 0.3.5+1, a vulnerability in jose could allow an unauthenticated, remote attacker to forge valid JWS/JWT tokens by using a key embedded in the JOSE header (jwk). Th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34240/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T22:51:38
1 posts
🟠 CVE-2026-32727 - High (8.1)
SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.7, the Enforcer is vulnerable to a path traversal attack where an attacker can use dot-dot (..) in the scope claim of a token to escape the intended director...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32727/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T22:49:18
1 posts
🔴 CVE-2026-32714 - Critical (9.8)
SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.6, the KeyCache class in scitokens was vulnerable to SQL Injection because it used Python's str.format() to construct SQL queries with user-supplied data (su...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32714/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T22:35:47
3 posts
🔥 CRITICAL: CVE-2026-30877 in baserCMS (<5.2.3) enables admin users to execute arbitrary OS commands via update functionality (CWE-78). Patch to 5.2.3+ immediately! https://radar.offseq.com/threat/cve-2026-30877-cwe-78-improper-neutralization-of-s-36a348b4 #OffSeq #baserCMS #CVE202630877 #infosec
##🔴 CVE-2026-30877 - Critical (9.1)
baserCMS is a website development framework. Prior to version 5.2.3, there is an OS command injection vulnerability in the update functionality. Due to this issue, an authenticated user with administrator privileges in baserCMS can execute arbitra...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30877/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-30877 - Critical (9.1)
baserCMS is a website development framework. Prior to version 5.2.3, there is an OS command injection vulnerability in the update functionality. Due to this issue, an authenticated user with administrator privileges in baserCMS can execute arbitra...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30877/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T21:32:22
1 posts
🔴 CVE-2026-4851 - Critical (9.8)
GRID::Machine versions through 0.127 for Perl allows arbitrary code execution via unsafe deserialization.
GRID::Machine provides Remote Procedure Calls (RPC) over SSH for Perl. The client connects to remote hosts to execute code on them. A compro...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4851/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T21:31:31
6 posts
Critical Authentication Bypass in PX4 Autopilot Allows Remote Drone Takeover
PX4 Autopilot version v1.16.0 is vulnerable to a critical authentication bypass (CVE-2026-1579) that allows unauthenticated attackers to execute arbitrary shell commands via the MAVLink protocol. This flaw enables full system takeover of drones and autonomous vehicles used in defense and transportation.
**If you use PX4 Autopilot, you must enable MAVLink 2.0 message signing to prevent unauthorized command execution. Without this cryptographic check, anyone who can reach your drone's communication interface can take full control of the aircraft.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-authentication-bypass-in-px4-autopilot-allows-remote-drone-takeover-h-o-k-m-n/gD2P6Ple2L
🔴 CVE-2026-1579 - Critical (9.8)
The MAVLink communication protocol does not require cryptographic
authentication by default. When MAVLink 2.0 message signing is not
enabled, any message -- including SERIAL_CONTROL, which provides
interactive shell access -- can be sent by an ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1579/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CVE-2026-1579 (CRITICAL): PX4 Autopilot v1.16.0 SITL allows unauthenticated MAVLink commands — attackers can gain shell access if message signing is disabled. Enable MAVLink 2.0 signing now! https://radar.offseq.com/threat/cve-2026-1579-cwe-306-in-px4-autopilot-77f763f3 #OffSeq #CVE20261579 #DroneSec #Security
##Critical Authentication Bypass in PX4 Autopilot Allows Remote Drone Takeover
PX4 Autopilot version v1.16.0 is vulnerable to a critical authentication bypass (CVE-2026-1579) that allows unauthenticated attackers to execute arbitrary shell commands via the MAVLink protocol. This flaw enables full system takeover of drones and autonomous vehicles used in defense and transportation.
**If you use PX4 Autopilot, you must enable MAVLink 2.0 message signing to prevent unauthorized command execution. Without this cryptographic check, anyone who can reach your drone's communication interface can take full control of the aircraft.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-authentication-bypass-in-px4-autopilot-allows-remote-drone-takeover-h-o-k-m-n/gD2P6Ple2L
🔴 CVE-2026-1579 - Critical (9.8)
The MAVLink communication protocol does not require cryptographic
authentication by default. When MAVLink 2.0 message signing is not
enabled, any message -- including SERIAL_CONTROL, which provides
interactive shell access -- can be sent by an ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1579/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CVE-2026-1579 (CRITICAL): PX4 Autopilot v1.16.0 SITL allows unauthenticated MAVLink commands — attackers can gain shell access if message signing is disabled. Enable MAVLink 2.0 signing now! https://radar.offseq.com/threat/cve-2026-1579-cwe-306-in-px4-autopilot-77f763f3 #OffSeq #CVE20261579 #DroneSec #Security
##updated 2026-03-31T21:31:31
2 posts
🟠 CVE-2026-5212 - High (8.8)
A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5212/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-5212 - High (8.8)
A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5212/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T21:31:18
2 posts
🟠 CVE-2026-3502 - High (7.8)
TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3502/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-3502 - High (7.8)
TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3502/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T18:51:06
1 posts
🟠 CVE-2026-34209 - High (7.5)
mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the tempo/session cooperative close handler validated the close voucher amount using "<" instead of "<=" against the on-chain settled amoun...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34209/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T18:50:36
2 posts
🔴 New security advisory:
CVE-2026-34156 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-34156-nocobase-rce
🔴 CVE-2026-34156 - Critical (9.9)
NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.28, NocoBase's Workflow Script Node executes user-supplied JavaScript inside a Node.js vm sandbox with a custom r...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34156/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T18:40:35
1 posts
🟠 CVE-2026-34040 - High (8.8)
Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins (AuthZ). This issue has been patched in version 29.3.1.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34040/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T18:32:38
1 posts
🟠 CVE-2026-29870 - High (7.6)
A directory traversal vulnerability in the agentic-context-engine project versions up to 0.7.1 allows arbitrary file writes via the checkpoint_dir parameter in OfflineACE.run. The save_to_file method in ace/skillbook.py fails to normalize or valid...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-29870/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T18:31:43
1 posts
🔴 CVE-2026-30282 - Critical (9)
An arbitrary file overwrite vulnerability in UXGROUP LLC Cast to TV Screen Mirroring v2.2.77 allows attackers to overwrite critical internal files via the file import process, leading to arbtrary code execution or information exposure.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30282/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T18:31:43
2 posts
🟠 CVE-2026-24165 - High (7.8)
NVIDIA BioNeMo contains a vulnerability where a user could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24165/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-24165 - High (7.8)
NVIDIA BioNeMo contains a vulnerability where a user could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24165/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T18:31:38
2 posts
🟠 CVE-2026-24154 - High (7.6)
NVIDIA Jetson Linux has vulnerability in initrd, where an unprivileged attacker with physical access coul inject incorrect command line arguments. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, d...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24154/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-24154 - High (7.6)
NVIDIA Jetson Linux has vulnerability in initrd, where an unprivileged attacker with physical access coul inject incorrect command line arguments. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, d...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24154/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T18:31:37
1 posts
🟠 CVE-2026-24148 - High (8.3)
NVIDIA Jetson for JetPack contains a vulnerability in the system initialization logic, where an unprivileged attacker could cause the initialization of a resource with an insecure default. A successful exploit of this vulnerability might lead to i...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24148/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T17:12:31.053000
5 posts
📰 F5 BIG-IP Flaw Escalated to Critical 9.8 RCE, Now Under Active Attack
🚨 CRITICAL: F5 reclassifies a BIG-IP flaw (CVE-2025-53521) to a 9.8 CVSS RCE, and it's being actively exploited! Unauthenticated attackers can gain root access. CISA added to KEV. Patch NOW! 🔥 #F5 #BIGIP #CVE #RCE #CyberSecurity
##🖲️ #Cybersecurity #Ciberseguridad #Ciberseguranca #Security #Seguridad #Seguranca #News #Noticia #Noticias #Tecnologia #Technology
⚫ Fortinet BIG-IP Vulnerability Reclassified as RCE, Under Exploitation
🔗 https://www.darkreading.com/application-security/fortinet-big-ip-vulnerability-reclassified-rce-exploitation
CVE-2025-53521 was initially disclosed in October as a high-severity denial-of-service (DoS) flaw, but new information has revealed the bug is actually much more dangerous.
##⚠️ Alerte CERT-FR ⚠️
La vulnérabilité CVE-2025-53521 est activement exploitée et permet de provoquer une exécution de code arbitraire à distance dans F5 Big-IP APM.
📢⚠️ Sicherheitswarnung: Version 1.0: F5 BIG-IP – Aktive Ausnutzung einer #Schwachstelle im Access Policy Manager
Am 27.03.2026 gab der Hersteller F5 ein Advisory heraus, in dem Details zu beobachteten Angriffen auf BIG-IP-Instanzen beschrieben wurden. Im Bericht enthalten waren im Wesentlichen Indicators of Compromise (IoCs), anhand derer eine Ausnutzung von CVE-2025-53521 detektiert werden kann.
Mehr Informationen gibt's hier: https://www.bsi.bund.de/dok/1195766
##F5 BIG-IP APM vulnerability (CVE-2025-53521) escalates to critical 9.8 RCE, actively exploited. Patch now, check IoCs, and secure vulnerable systems immediately.
Read: https://hackread.com/critical-f5-big-ip-flaw-upgrad-to-9-8-rce-exploited/
##updated 2026-03-31T15:32:59
1 posts
🔴 CVE-2026-5121 - Critical (9.8)
A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap b...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5121/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T15:32:03
1 posts
🔴 CVE-2026-33579 - Critical (9.8)
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the /pair approve command path that fails to forward caller scopes into the core approval check. A caller with pairing privileges but without admin privileges can approve p...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33579/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T15:32:03
1 posts
🔴 CVE-2026-33580 - Critical (9.8)
OpenClaw before 2026.3.28 contains a missing rate limiting vulnerability in the Nextcloud Talk webhook authentication that allows attackers to brute-force weak shared secrets. Attackers who can reach the webhook endpoint can exploit this to forge ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33580/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T15:31:56
1 posts
1 repos
🟠 CVE-2026-21710 - High (7.5)
A flaw in Node.js HTTP request handling causes an uncaught `TypeError` when a request is received with a header named `__proto__` and the application accesses `req.headersDistinct`.
When this occurs, `dest["__proto__"]` resolves to `Object.prot...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21710/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T13:18:14.213000
11 posts
5 repos
https://github.com/RootAid/CVE-2026-3055
https://github.com/l0lsec/check-cve-2026-3055-netscaler
https://github.com/fevar54/CVE-2026-3055-Scanner---Herramienta-de-Detecci-n
https://github.com/0xBlackash/CVE-2026-3055
https://github.com/fevar54/CVE-2026-3055---Citrix-NetScaler-Memory-Overread-PoC
Most security is passive. Your firewall is a bouncer; your antivirus is a janitor. The Ransier Sentinel (TRS) is different. Built on ARM64, it identifies threats like CVE-2026-3055 in real-time and welds the door shut before the breach. Active sovereignty for your precinct. 🛡️ #TheCyberMind #TRS
##Most security is passive. Your firewall is a bouncer; your antivirus is a janitor. The Ransier Sentinel (TRS) is different. Built on ARM64, it identifies threats like CVE-2026-3055 in real-time and welds the door shut before the breach. Active sovereignty for your precinct. 🛡️ #TheCyberMind #TRS
##Critical Citrix NetScaler Vulnerability CVE-2026-3055 Exploited in the Wild
Citrix NetScaler ADC and Gateway are facing active exploitation of a critical memory overread vulnerability, CVE-2026-3055 (CVSS score 9.3), which allows unauthenticated attackers to steal administrative session IDs and sensitive data.
**If you are using NetScaler, this is now urgent - the devices are under attack. If possible, make sure your NetScaler ADC and Gateway appliances are isolated from the internet and accessible from trusted networks only. Them plan an urgent update. Update the firmware to the fixed versions (14.1-66.59, 13.1-62.23, or 13.1-37.262 for FIPS/NDcPP).**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/critical-citrix-netscaler-memory-overread-vulnerability-exploited-in-the-wild-l-i-k-1-a/gD2P6Ple2L
March 31, 2026
Axios npm Supply Chain Attack Deploys Cross-Platform RAT
A supply chain attack compromised the widely used Axios HTTP client library on npm, affecting versions 1.14.1 and 0.30.4. The attacker hijacked a maintainer account and injected a malicious dependency called "plain-crypto-js," which delivers a remote access trojan capable of executing arbitrary commands, exfiltrating data, and persisting across Windows, macOS, and Linux systems. Socket's automated detection flagged the package within six minutes of publication. With Axios receiving approximately 100 million weekly downloads, the blast radius is significant. The attack was carefully staged: payloads for three operating systems were pre-built, both release branches were hit within 39 minutes, and every trace was designed to self-destruct.
European Commission Confirms Cloud Data Breach
The European Commission confirmed a cyberattack affecting its cloud infrastructure hosting the Europa.eu platform. The ShinyHunters extortion gang claimed responsibility, posting screenshots suggesting possession of approximately 350 GB of data including mail server contents, databases, and confidential documents. The Commission stated its internal systems were not affected. This marks the second breach of EU institutions this year, following an earlier compromise of the Commission's mobile device management platform.
Citrix NetScaler Vulnerability Under Active Exploitation
CISA added CVE-2026-3055—a critical out-of-bounds read vulnerability (CVSS 9.3) in Citrix NetScaler ADC and Gateway—to its known exploited vulnerabilities list on March 30, based on evidence of active exploitation. The flaw affects systems configured as SAML Identity Providers and can leak sensitive memory contents. Threat actors have been probing honeypots to enumerate vulnerable configurations since at least March 27.
Iran-Linked Cyber Campaigns Escalate Amid Conflict
Iranian-linked groups have mounted nearly 5,800 cyberattacks since hostilities began, according to security firm DigiCert. A recent operation targeted Israeli Android users with texts offering bomb shelter information that instead downloaded spyware granting access to cameras, location data, and all device contents. Palo Alto's Unit 42 has identified 7,381 conflict-themed phishing URLs across 1,881 unique hostnames.
Iran's AI Deepfake Campaign Draws Hundreds of Millions of Views
A pro-Iran disinformation campaign has generated over 145 million views and nine million interactions across social media platforms. The New York Times identified more than 110 unique deepfakes conveying pro-Iran messaging in a two-week span. The majority are produced by Iranian government-linked networks and amplified by Russian and Chinese information ecosystems. The campaign uses tens of thousands of fake accounts to portray Iran as victorious and its adversaries as weakened. X announced it would penalize creators who post unlabeled AI war content by removing them from revenue-sharing for 90 days.
Russia–China–Iran Convergence in Cognitive Warfare
A Small Wars Journal analysis published March 18 documents how Russia, Iran, and China are coordinating narrative warfare to erode Western cohesion. Russia's 2026 budget increased information operations funding by 54%, adding $458 million for state-run media. Generative AI allows a single adversary to manage thousands of personas producing unique content at scale, while China uses state-aligned media accounts to echo anti-U.S. narratives.
Russia Expels British Diplomat on Espionage Allegations
Russia's FSB ordered the expulsion of British Embassy second secretary Albertus Gerhardus Janse van Rensburg, accusing him of economic espionage and providing false information to obtain entry to Russia. The FSB alleged he attempted to obtain sensitive information during informal meetings with Russian economic experts. The British Embassy dismissed the allegations as "completely unacceptable." Russian state TV reported he is the 16th British diplomat expelled over the past two years.
Pakistan-Linked Spy Network Dismantled in India
Indian police arrested 22 individuals operating a Pakistan-linked espionage network that used solar-powered CCTV cameras and GPS-enabled apps to monitor troop movements and critical infrastructure. The network installed surveillance equipment along the Delhi-Jammu railway corridor, with cameras recovered from Delhi Cantonment and Haryana's Sonipat found actively transmitting footage to Pakistan-based handlers. Nearly 50 such installations were planned nationwide. The Indian government has ordered a nationwide CCTV audit in response.
Russia Shifts to Vulnerable Recruits for European Operations
Following the mass expulsion of Russian intelligence officers from Europe, the GRU and FSB have shifted to recruiting financially vulnerable Europeans—including migrants, criminals, and the unemployed—for low-level sabotage and surveillance. Former Wagner Group operatives have been tasked with identifying recruits willing to carry out arson, assaults, or vandalism for small payments. More than 150 suspected hybrid incidents linked to Russia have been reported across the EU and NATO in early 2026.
ODNI Releases 2026 Annual Threat Assessment
DNI Gabbard released the 2026 Annual Threat Assessment on March 26. The report identifies lone wolf attackers as the most likely terrorist threat to the U.S. homeland, highlights Mexican cartels and Venezuelan organized crime as top domestic concerns, and warns that nuclear-capable adversaries could collectively field more than 16,000 missiles by 2035. The assessment also flags AI and quantum computing as critical emerging technology challenges, alongside cyberthreats from China and North Korea.
##RE: https://social.bund.de/@bsi/116295890584639194
📢⚠️ Update zur Sicherheitswarnung: Version 1.1: #Citrix NetScaler ADC & Gateway – #Schwachstellen gefährden Organisationen.
Seit dem Wochenende häufen sich Berichte über Angriffe auf Citrix-Systeme [WAT26], [XCO26]. So finden mindestens seit dem 27. März Angriffsversuche mithilfe von CVE-2026-3055 statt.
Mehr Informationen findet ihr hier: https://www.bsi.bund.de/dok/1195484
##Comme suite à la publication de la pertinente, agréable et incontournable PART 2 de l'analyse de watchTowr:
les nouveaux scans basés sur la présence de
GET /wsfed/passive?wctx
aka "This is Bad™" 😁
plutôt que sur la version, réduisent considérablement le nombre d'appliances exposées.
On passe à une petite centaine d'appliances potentiellement vulnérables sur les internets publics :gentleblob: , dont quelques-unes en Suisse selon ONYPHE. 📉
(CVE-2026-3055 couvre en réalité au moins deux vulnérabilités distinctes de memory overread — /saml/login et /wsfed/passive?wctx ce qui est, disons… discutable™" de la part de Citrix.)
##https://www.sentinelone.com/vulnerability-database/cve-2026-3055/
##🚨 [CISA-2026:0330] CISA Adds One Known Exploited Vulnerability to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0330)
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2026-3055 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3055)
- Name: Citrix NetScaler Out-of-Bounds Read Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Citrix
- Product: NetScaler
- Notes: https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300&articleURL=NetScaler_ADC_and_NetScaler_Gateway_Security_Bulletin_for_CVE_2026_3055_and_CVE_2026_4368 ; https://nvd.nist.gov/vuln/detail/CVE-2026-3055
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260330 #cisa20260330 #cve_2026_3055 #cve20263055
##CVE ID: CVE-2026-3055
Vendor: Citrix
Product: NetScaler
Date Added: 2026-03-30
Notes: https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300&articleURL=NetScaler_ADC_and_NetScaler_Gateway_Security_Bulletin_for_CVE_2026_3055_and_CVE_2026_4368 ; https://nvd.nist.gov/vuln/detail/CVE-2026-3055
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-3055
CISA has updated the KEV catalogue.
- CVE-2026-3055: Citrix NetScaler Out-of-Bounds Read Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-3055 #infosec #CISA #vulnerability
##Critical Citrix NetScaler memory flaw actively exploited in attacks
Hackers are exploiting a critical severity vulnerability, tracked as CVE-2026-3055, in Citrix NetScaler ADC and NetScaler Gateway appliances to...
🔗️ [Bleepingcomputer] https://link.is.it/kDDWy1
##updated 2026-03-31T12:31:43
2 posts
🔴 CVE-2026-34505 - Critical (9.8)
OpenClaw before 2026.3.12 applies rate limiting only after successful webhook authentication, allowing attackers to bypass rate limits and brute-force webhook secrets. Attackers can submit repeated authentication requests with invalid secrets with...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34505/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-34505 - Critical (9.8)
OpenClaw before 2026.3.12 applies rate limiting only after successful webhook authentication, allowing attackers to bypass rate limits and brute-force webhook secrets. Attackers can submit repeated authentication requests with invalid secrets with...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34505/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T12:31:42
1 posts
🔴 CVE-2026-32917 - Critical (9.8)
OpenClaw before 2026.3.13 contains a remote command injection vulnerability in the iMessage attachment staging flow that allows attackers to execute arbitrary commands on configured remote hosts. The vulnerability exists because unsanitized remote...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32917/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T12:31:42
2 posts
🟠 CVE-2026-32988 - High (7.5)
OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in fs-bridge staged writes where temporary file creation and population are not pinned to a verified parent directory. Attackers can exploit a race condition in parent-path...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32988/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32988 - High (7.5)
OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in fs-bridge staged writes where temporary file creation and population are not pinned to a verified parent directory. Attackers can exploit a race condition in parent-path...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32988/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T12:31:42
1 posts
🟠 CVE-2026-34509 - High (7.5)
OpenClaw before 2026.3.8 contains a sender allowlist bypass vulnerability in its Microsoft Teams plugin that allows unauthorized senders to bypass intended authorization checks. When a team/channel route allowlist is configured with an empty group...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34509/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T12:31:42
1 posts
🔴 CRITICAL: CVE-2026-4317 in Umami 3.0.2 enables authenticated SQL injection via 'timezone' param. No patch yet — sanitize inputs, use parameterized queries, and enforce least privilege. Protect your data! https://radar.offseq.com/threat/cve-2026-4317-cwe-89-improper-neutralization-of-sp-e769b7b4 #OffSeq #CVE20264317 #SQLInjection #Vuln
##updated 2026-03-31T09:31:49
2 posts
1 repos
🟠 CVE-2026-5201 - High (7.5)
A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can ex...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5201/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-5201 - High (7.5)
A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can ex...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5201/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T03:31:35
2 posts
🚨 CRITICAL: CVE-2026-3300 in Everest Forms Pro (all versions) enables unauthenticated RCE via "Complex Calculation" forms. Disable the feature or restrict access ASAP. No patch yet — monitor for updates. https://radar.offseq.com/threat/cve-2026-3300-cwe-94-improper-control-of-generatio-6c6e7217 #OffSeq #WordPress #CVE20263300 #RCE
##🔴 CVE-2026-3300 - Critical (9.8)
The Everest Forms Pro plugin for WordPress is vulnerable to Remote Code Execution via PHP Code Injection in all versions up to, and including, 1.9.12. This is due to the Calculation Addon's process_filter() function concatenating user-submitted fo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3300/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T00:31:19
1 posts
🟠 CVE-2026-5156 - High (8.8)
A vulnerability was determined in Tenda CH22 1.0.0.1. This impacts the function formQuickIndex of the file /goform/QuickIndex of the component Parameter Handler. This manipulation of the argument mit_linktype causes stack-based buffer overflow. Th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5156/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T00:31:19
1 posts
🟠 CVE-2026-5130 - High (8.8)
The Debugger & Troubleshooter plugin for WordPress was vulnerable to Unauthenticated Privilege Escalation in versions up to and including 1.3.2. This was due to the plugin accepting the wp_debug_troubleshoot_simulate_user cookie value directly as ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5130/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T00:31:18
1 posts
🟠 CVE-2026-5154 - High (8.8)
A vulnerability has been found in Tenda CH22 1.0.0.1/1.If. The impacted element is the function fromSetCfm of the file /goform/setcfm of the component Parameter Handler. The manipulation of the argument funcname leads to stack-based buffer overflo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5154/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-30T21:31:10
2 posts
🔴 CVE-2026-34714 - Critical (9.2)
Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %{expr} injection occurs with tabpanel lacking P_MLE.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34714/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-34714 - Critical (9.2)
Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %{expr} injection occurs with tabpanel lacking P_MLE.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34714/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-30T21:31:10
1 posts
🟠 CVE-2026-3991 - High (7.8)
Symantec Data Loss Prevention Windows Endpoint, prior to 25.1 MP1, 16.1 MP2, 16.0 RU2 HF9, 16.0 RU1 MP1 HF12, and 16.0 MP2 HF15, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3991/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-30T18:50:38.270000
1 posts
3 repos
https://github.com/AshleyT3/docker-socket-risk-demos
📈 CVE Published in last 30 days (2026-03-02 - 2026-04-01)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 6145
Severity:
- Critical: 615
- High: 2408
- Medium: 2575
- Low: 237
- None: 310
Status:
- : 52
- Analyzed: 2872
- Awaiting Analysis: 2622
- Modified: 245
- Received: 185
- Rejected: 58
- Undergoing Analysis: 111
Top CNAs:
- GitHub, Inc.: 1471
- Patchstack: 699
- VulnCheck: 594
- VulDB: 577
- MITRE: 381
- Wordfence: 308
- kernel.org: 180
- Microsoft Corporation: 97
- Apple Inc.: 89
- Adobe Systems Incorporated: 86
Top Affected Products:
- UNKNOWN: 3040
- Openclaw: 173
- Google Android: 101
- Apple Macos: 79
- Google Chrome: 75
- Wwbn Avideo: 65
- Parseplatform Parse-server: 56
- Mozilla Firefox: 48
- Apple Ipados: 44
- Open-emr Openemr: 44
Top EPSS Score:
- CVE-2025-14558 - 53.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14558)
- CVE-2026-29058 - 42.99 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-29058)
- CVE-2026-1492 - 29.00 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1492)
- CVE-2026-2025 - 26.43 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2025)
- CVE-2026-2413 - 26.22 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2413)
- CVE-2026-27971 - 23.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-27971)
- CVE-2023-7337 - 22.17 % (https://secdb.nttzen.cloud/cve/detail/CVE-2023-7337)
- CVE-2026-33634 - 20.84 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33634)
- CVE-2026-2493 - 15.24 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2493)
- CVE-2025-71260 - 9.15 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71260)
updated 2026-03-30T13:16:22.063000
6 posts
2 repos
🖲️ #Noticia de #CiberSeguridad #CiberGuerra #CiberAtaque #CiberNoticia
⚫ (Otra) Vulnerabilidad SQLi está siendo explotada en Fortinet FortiClient EMS (CVE-2026-21643)
🔗 http://blog.segu-info.com.ar/2026/03/otra-vulnerabilidad-sqli-esta-siendo.html
Empresas de inteligencia de amenazas advierten que ciberdelincuentes han
comenzado a explotar una vulnerabilidad crítica en Fortinet FortiClient EMS.
FortiClient EMS, un servidor de administración centralizado, permite a las
##Critical Fortinet FortiClient EMS SQL Injection Vulnerability Exploited in the Wild
Fortinet's FortiClient EMS is being exploited via a critical SQL injection vulnerability (CVE-2026-21643) that allows unauthenticated remote code execution.
**If you are using FortiClientEMS this is urgent: Make sure the management interface is isolated from the internet and accessible only from trusted networks. Then plan an immediate patch if you are on 7.4 versions. Attackers are exploiting this flaw.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-fortinet-forticlient-ems-sql-injection-vulnerability-exploited-in-the-wild-v-0-x-k-g/gD2P6Ple2L
CVE-2026-21643 – Cette faille critique dans FortiClient EMS est exploitée ! https://www.it-connect.fr/cve-2026-21643-cette-faille-critique-dans-forticlient-ems-est-exploitee/ #ActuCybersécurité #Cybersécurité #Fortinet
##Pre-Authentication SQL Injection in FortiClient EMS 7.4.4 - CVE-2026-21643
#CVE_2026_21643
https://bishopfox.com/blog/cve-2026-21643-pre-authentication-sql-injection-in-forticlient-ems-7-4-4
Critical supply chain attack on Axios npm distributed a Remote Access Trojan (RAT) via a `plain-crypto-js` dependency. Fortinet faces active exploitation of a critical SQL injection flaw (CVE-2026-21643). Geopolitically, Iran-US tensions escalate; a Kuwaiti oil tanker was hit, and Yemen launched strikes against Israeli sites.
##🚨 CVE-2026-21643 an SQL Injection vulnerability (CVSS 9.8) is seeing active exploitation in the wild as reported by @DefusedCyber
Vulnerability detection script available here:
https://github.com/rxerium/rxerium-templates/blob/main/2026/CVE-2026-21643.yaml
This vulnerability currently only affects FortiClientEMS 7.4.4 and it is recommended that you upgrade to 7.4.5 or later as reported by Fortinet:
https://fortiguard.fortinet.com/psirt/FG-IR-25-1142
updated 2026-03-27T21:48:56
1 posts
🟠 CVE-2026-33871 - High (7.5)
Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote user can trigger a Denial of Service (DoS) against a Netty HTTP/2 server by sending a flood of `CONTINUATION` frame...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33871/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-27T21:31:44
2 posts
A CVE ID has been assigned: https://www.cve.org/CVERecord?id=CVE-2026-34475
##A CVE ID has been assigned: https://www.cve.org/CVERecord?id=CVE-2026-34475
##updated 2026-03-27T17:09:48
1 posts
🟠 CVE-2026-33711 - High (7.8)
Incus is a system container and virtual machine manager. Incus provides an API to retrieve VM screenshots. That API relies on the use of a temporary file for QEMU to write the screenshot to which is then picked up and sent to the user prior to del...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33711/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-26T15:41:23
1 posts
6 repos
https://github.com/SimoesCTT/Sovereign-Echo-33017
https://github.com/MaxMnMl/langflow-CVE-2026-33017-poc
https://github.com/rootdirective-sec/CVE-2026-33017-Lab
https://github.com/omer-efe-curkus/CVE-2026-33017-Langflow-RCE-PoC
Langflow – À peine dévoilée, déjà exploitée : attention à cette faille critique https://www.it-connect.fr/langflow-cve-2026-33017-cyberattaques-mars-2026/ #ActuCybersécurité #Cybersécurité
##updated 2026-03-25T17:39:37.227000
2 posts
There is a bunch of buzz along the lines of "Apple FINALLY backports DarkSword related fixes to 18.x and will release this on April 1".
Based on publicly available information this is incorrect.
What Apple has actually done broadened the device models that are eligible to upgrade to iOS/iPadOS 18.
Per Google [1] every vuln in the DarkSword kit except for CVE-2026-20700 had already been patched in iOS 18 as of 18.7.3 which was released on Dec 12, 2025.
Per Apple [2], CVE-2026-20700 is not included in 18.7.7 which was released today.
Apple has placed an easy to miss note at the top of the release notes:
"We enabled the availability of iOS 18.7.7 for more devices on April 1, 2026, so users with Automatic Updates turned on can automatically receive important security protections from web attacks called Darksword. The fixes associated with the Darksword exploit first shipped in 2025."
Unfortunately I don't see an indication of which devices are newly eligible to upgrade to iOS/iPadOS 18.
References:
Google DarkSword writeup - https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain
Apple iOS/iPadOS 18.7.7 release notes:
https://support.apple.com/en-us/126793
There is a bunch of buzz along the lines of "Apple FINALLY backports DarkSword related fixes to 18.x and will release this on April 1".
Based on publicly available information this is incorrect.
What Apple has actually done broadened the device models that are eligible to upgrade to iOS/iPadOS 18.
Per Google [1] every vuln in the DarkSword kit except for CVE-2026-20700 had already been patched in iOS 18 as of 18.7.3 which was released on Dec 12, 2025.
Per Apple [2], CVE-2026-20700 is not included in 18.7.7 which was released today.
Apple has placed an easy to miss note at the top of the release notes:
"We enabled the availability of iOS 18.7.7 for more devices on April 1, 2026, so users with Automatic Updates turned on can automatically receive important security protections from web attacks called Darksword. The fixes associated with the Darksword exploit first shipped in 2025."
Unfortunately I don't see an indication of which devices are newly eligible to upgrade to iOS/iPadOS 18.
References:
Google DarkSword writeup - https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain
Apple iOS/iPadOS 18.7.7 release notes:
https://support.apple.com/en-us/126793
updated 2026-03-20T13:37:50.737000
1 posts
1 repos
CVE-2026-4342 in Kubernetes ingress-nginx: annotation combo = config injection = RCE + Secrets leak. CVSS 8.8. Default controller sees ALL cluster Secrets. Patch now.
##updated 2026-03-19T15:31:27
1 posts
1 repos
https://github.com/watchtowrlabs/watchTowr-vs-BMC-Footprints-RCE-CVE-2025-71257-CVE-2025-71260
📈 CVE Published in last 30 days (2026-03-02 - 2026-04-01)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 6145
Severity:
- Critical: 615
- High: 2408
- Medium: 2575
- Low: 237
- None: 310
Status:
- : 52
- Analyzed: 2872
- Awaiting Analysis: 2622
- Modified: 245
- Received: 185
- Rejected: 58
- Undergoing Analysis: 111
Top CNAs:
- GitHub, Inc.: 1471
- Patchstack: 699
- VulnCheck: 594
- VulDB: 577
- MITRE: 381
- Wordfence: 308
- kernel.org: 180
- Microsoft Corporation: 97
- Apple Inc.: 89
- Adobe Systems Incorporated: 86
Top Affected Products:
- UNKNOWN: 3040
- Openclaw: 173
- Google Android: 101
- Apple Macos: 79
- Google Chrome: 75
- Wwbn Avideo: 65
- Parseplatform Parse-server: 56
- Mozilla Firefox: 48
- Apple Ipados: 44
- Open-emr Openemr: 44
Top EPSS Score:
- CVE-2025-14558 - 53.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14558)
- CVE-2026-29058 - 42.99 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-29058)
- CVE-2026-1492 - 29.00 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1492)
- CVE-2026-2025 - 26.43 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2025)
- CVE-2026-2413 - 26.22 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2413)
- CVE-2026-27971 - 23.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-27971)
- CVE-2023-7337 - 22.17 % (https://secdb.nttzen.cloud/cve/detail/CVE-2023-7337)
- CVE-2026-33634 - 20.84 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33634)
- CVE-2026-2493 - 15.24 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2493)
- CVE-2025-71260 - 9.15 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71260)
updated 2026-03-18T04:17:30.720000
2 posts
6 repos
https://github.com/fevar54/CVE-2026-3888-POC-all-from-the-Qualys-platform.
https://github.com/Many-Hat-Group/Ubuntu-CVE-2026-3888-patcher
https://github.com/TheCyberGeek/CVE-2026-3888-snap-confine-systemd-tmpfiles-LPE
https://github.com/nomaisthere/CVE-2026-3888
updated 2026-03-17T15:55:24.490000
1 posts
2 repos
📈 CVE Published in last 30 days (2026-03-02 - 2026-04-01)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 6145
Severity:
- Critical: 615
- High: 2408
- Medium: 2575
- Low: 237
- None: 310
Status:
- : 52
- Analyzed: 2872
- Awaiting Analysis: 2622
- Modified: 245
- Received: 185
- Rejected: 58
- Undergoing Analysis: 111
Top CNAs:
- GitHub, Inc.: 1471
- Patchstack: 699
- VulnCheck: 594
- VulDB: 577
- MITRE: 381
- Wordfence: 308
- kernel.org: 180
- Microsoft Corporation: 97
- Apple Inc.: 89
- Adobe Systems Incorporated: 86
Top Affected Products:
- UNKNOWN: 3040
- Openclaw: 173
- Google Android: 101
- Apple Macos: 79
- Google Chrome: 75
- Wwbn Avideo: 65
- Parseplatform Parse-server: 56
- Mozilla Firefox: 48
- Apple Ipados: 44
- Open-emr Openemr: 44
Top EPSS Score:
- CVE-2025-14558 - 53.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14558)
- CVE-2026-29058 - 42.99 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-29058)
- CVE-2026-1492 - 29.00 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1492)
- CVE-2026-2025 - 26.43 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2025)
- CVE-2026-2413 - 26.22 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2413)
- CVE-2026-27971 - 23.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-27971)
- CVE-2023-7337 - 22.17 % (https://secdb.nttzen.cloud/cve/detail/CVE-2023-7337)
- CVE-2026-33634 - 20.84 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33634)
- CVE-2026-2493 - 15.24 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2493)
- CVE-2025-71260 - 9.15 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71260)
updated 2026-03-16T15:30:55
1 posts
📈 CVE Published in last 30 days (2026-03-02 - 2026-04-01)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 6145
Severity:
- Critical: 615
- High: 2408
- Medium: 2575
- Low: 237
- None: 310
Status:
- : 52
- Analyzed: 2872
- Awaiting Analysis: 2622
- Modified: 245
- Received: 185
- Rejected: 58
- Undergoing Analysis: 111
Top CNAs:
- GitHub, Inc.: 1471
- Patchstack: 699
- VulnCheck: 594
- VulDB: 577
- MITRE: 381
- Wordfence: 308
- kernel.org: 180
- Microsoft Corporation: 97
- Apple Inc.: 89
- Adobe Systems Incorporated: 86
Top Affected Products:
- UNKNOWN: 3040
- Openclaw: 173
- Google Android: 101
- Apple Macos: 79
- Google Chrome: 75
- Wwbn Avideo: 65
- Parseplatform Parse-server: 56
- Mozilla Firefox: 48
- Apple Ipados: 44
- Open-emr Openemr: 44
Top EPSS Score:
- CVE-2025-14558 - 53.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14558)
- CVE-2026-29058 - 42.99 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-29058)
- CVE-2026-1492 - 29.00 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1492)
- CVE-2026-2025 - 26.43 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2025)
- CVE-2026-2413 - 26.22 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2413)
- CVE-2026-27971 - 23.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-27971)
- CVE-2023-7337 - 22.17 % (https://secdb.nttzen.cloud/cve/detail/CVE-2023-7337)
- CVE-2026-33634 - 20.84 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33634)
- CVE-2026-2493 - 15.24 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2493)
- CVE-2025-71260 - 9.15 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71260)
updated 2026-03-11T13:52:47.683000
1 posts
3 repos
https://github.com/p3Nt3st3r-sTAr/CVE-2026-2413-POC
📈 CVE Published in last 30 days (2026-03-02 - 2026-04-01)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 6145
Severity:
- Critical: 615
- High: 2408
- Medium: 2575
- Low: 237
- None: 310
Status:
- : 52
- Analyzed: 2872
- Awaiting Analysis: 2622
- Modified: 245
- Received: 185
- Rejected: 58
- Undergoing Analysis: 111
Top CNAs:
- GitHub, Inc.: 1471
- Patchstack: 699
- VulnCheck: 594
- VulDB: 577
- MITRE: 381
- Wordfence: 308
- kernel.org: 180
- Microsoft Corporation: 97
- Apple Inc.: 89
- Adobe Systems Incorporated: 86
Top Affected Products:
- UNKNOWN: 3040
- Openclaw: 173
- Google Android: 101
- Apple Macos: 79
- Google Chrome: 75
- Wwbn Avideo: 65
- Parseplatform Parse-server: 56
- Mozilla Firefox: 48
- Apple Ipados: 44
- Open-emr Openemr: 44
Top EPSS Score:
- CVE-2025-14558 - 53.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14558)
- CVE-2026-29058 - 42.99 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-29058)
- CVE-2026-1492 - 29.00 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1492)
- CVE-2026-2025 - 26.43 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2025)
- CVE-2026-2413 - 26.22 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2413)
- CVE-2026-27971 - 23.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-27971)
- CVE-2023-7337 - 22.17 % (https://secdb.nttzen.cloud/cve/detail/CVE-2023-7337)
- CVE-2026-33634 - 20.84 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33634)
- CVE-2026-2493 - 15.24 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2493)
- CVE-2025-71260 - 9.15 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71260)
updated 2026-03-06T21:56:51
1 posts
📈 CVE Published in last 30 days (2026-03-02 - 2026-04-01)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 6145
Severity:
- Critical: 615
- High: 2408
- Medium: 2575
- Low: 237
- None: 310
Status:
- : 52
- Analyzed: 2872
- Awaiting Analysis: 2622
- Modified: 245
- Received: 185
- Rejected: 58
- Undergoing Analysis: 111
Top CNAs:
- GitHub, Inc.: 1471
- Patchstack: 699
- VulnCheck: 594
- VulDB: 577
- MITRE: 381
- Wordfence: 308
- kernel.org: 180
- Microsoft Corporation: 97
- Apple Inc.: 89
- Adobe Systems Incorporated: 86
Top Affected Products:
- UNKNOWN: 3040
- Openclaw: 173
- Google Android: 101
- Apple Macos: 79
- Google Chrome: 75
- Wwbn Avideo: 65
- Parseplatform Parse-server: 56
- Mozilla Firefox: 48
- Apple Ipados: 44
- Open-emr Openemr: 44
Top EPSS Score:
- CVE-2025-14558 - 53.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14558)
- CVE-2026-29058 - 42.99 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-29058)
- CVE-2026-1492 - 29.00 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1492)
- CVE-2026-2025 - 26.43 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2025)
- CVE-2026-2413 - 26.22 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2413)
- CVE-2026-27971 - 23.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-27971)
- CVE-2023-7337 - 22.17 % (https://secdb.nttzen.cloud/cve/detail/CVE-2023-7337)
- CVE-2026-33634 - 20.84 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33634)
- CVE-2026-2493 - 15.24 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2493)
- CVE-2025-71260 - 9.15 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71260)
updated 2026-03-04T18:16:29.953000
1 posts
10 repos
https://github.com/jordan922/cve2025-20265
https://github.com/magercode/List-CVE-2025-2026
https://github.com/ANYLNK/STProcessMonitorBYOVD
https://github.com/wutang700/STProcessMonitorBYOVD
https://github.com/fevra-dev/GitExpose
https://github.com/keyuraghao/CVE-2025-20260
https://github.com/DeathShotXD/0xKern3lCrush-Foreverday-BYOVD-CVE-2026-0828
https://github.com/R3lva/CVE-2025-54100-BYPASS-
📈 CVE Published in last 30 days (2026-03-02 - 2026-04-01)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 6145
Severity:
- Critical: 615
- High: 2408
- Medium: 2575
- Low: 237
- None: 310
Status:
- : 52
- Analyzed: 2872
- Awaiting Analysis: 2622
- Modified: 245
- Received: 185
- Rejected: 58
- Undergoing Analysis: 111
Top CNAs:
- GitHub, Inc.: 1471
- Patchstack: 699
- VulnCheck: 594
- VulDB: 577
- MITRE: 381
- Wordfence: 308
- kernel.org: 180
- Microsoft Corporation: 97
- Apple Inc.: 89
- Adobe Systems Incorporated: 86
Top Affected Products:
- UNKNOWN: 3040
- Openclaw: 173
- Google Android: 101
- Apple Macos: 79
- Google Chrome: 75
- Wwbn Avideo: 65
- Parseplatform Parse-server: 56
- Mozilla Firefox: 48
- Apple Ipados: 44
- Open-emr Openemr: 44
Top EPSS Score:
- CVE-2025-14558 - 53.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14558)
- CVE-2026-29058 - 42.99 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-29058)
- CVE-2026-1492 - 29.00 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1492)
- CVE-2026-2025 - 26.43 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2025)
- CVE-2026-2413 - 26.22 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2413)
- CVE-2026-27971 - 23.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-27971)
- CVE-2023-7337 - 22.17 % (https://secdb.nttzen.cloud/cve/detail/CVE-2023-7337)
- CVE-2026-33634 - 20.84 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33634)
- CVE-2026-2493 - 15.24 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2493)
- CVE-2025-71260 - 9.15 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71260)
updated 2026-03-04T18:08:05.730000
1 posts
📈 CVE Published in last 30 days (2026-03-02 - 2026-04-01)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 6145
Severity:
- Critical: 615
- High: 2408
- Medium: 2575
- Low: 237
- None: 310
Status:
- : 52
- Analyzed: 2872
- Awaiting Analysis: 2622
- Modified: 245
- Received: 185
- Rejected: 58
- Undergoing Analysis: 111
Top CNAs:
- GitHub, Inc.: 1471
- Patchstack: 699
- VulnCheck: 594
- VulDB: 577
- MITRE: 381
- Wordfence: 308
- kernel.org: 180
- Microsoft Corporation: 97
- Apple Inc.: 89
- Adobe Systems Incorporated: 86
Top Affected Products:
- UNKNOWN: 3040
- Openclaw: 173
- Google Android: 101
- Apple Macos: 79
- Google Chrome: 75
- Wwbn Avideo: 65
- Parseplatform Parse-server: 56
- Mozilla Firefox: 48
- Apple Ipados: 44
- Open-emr Openemr: 44
Top EPSS Score:
- CVE-2025-14558 - 53.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14558)
- CVE-2026-29058 - 42.99 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-29058)
- CVE-2026-1492 - 29.00 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1492)
- CVE-2026-2025 - 26.43 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2025)
- CVE-2026-2413 - 26.22 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2413)
- CVE-2026-27971 - 23.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-27971)
- CVE-2023-7337 - 22.17 % (https://secdb.nttzen.cloud/cve/detail/CVE-2023-7337)
- CVE-2026-33634 - 20.84 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33634)
- CVE-2026-2493 - 15.24 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2493)
- CVE-2025-71260 - 9.15 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71260)
updated 2026-03-04T02:00:52
1 posts
📈 CVE Published in last 30 days (2026-03-02 - 2026-04-01)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 6145
Severity:
- Critical: 615
- High: 2408
- Medium: 2575
- Low: 237
- None: 310
Status:
- : 52
- Analyzed: 2872
- Awaiting Analysis: 2622
- Modified: 245
- Received: 185
- Rejected: 58
- Undergoing Analysis: 111
Top CNAs:
- GitHub, Inc.: 1471
- Patchstack: 699
- VulnCheck: 594
- VulDB: 577
- MITRE: 381
- Wordfence: 308
- kernel.org: 180
- Microsoft Corporation: 97
- Apple Inc.: 89
- Adobe Systems Incorporated: 86
Top Affected Products:
- UNKNOWN: 3040
- Openclaw: 173
- Google Android: 101
- Apple Macos: 79
- Google Chrome: 75
- Wwbn Avideo: 65
- Parseplatform Parse-server: 56
- Mozilla Firefox: 48
- Apple Ipados: 44
- Open-emr Openemr: 44
Top EPSS Score:
- CVE-2025-14558 - 53.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14558)
- CVE-2026-29058 - 42.99 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-29058)
- CVE-2026-1492 - 29.00 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1492)
- CVE-2026-2025 - 26.43 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2025)
- CVE-2026-2413 - 26.22 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2413)
- CVE-2026-27971 - 23.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-27971)
- CVE-2023-7337 - 22.17 % (https://secdb.nttzen.cloud/cve/detail/CVE-2023-7337)
- CVE-2026-33634 - 20.84 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33634)
- CVE-2026-2493 - 15.24 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2493)
- CVE-2025-71260 - 9.15 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71260)
updated 2026-03-03T21:52:29.877000
1 posts
2 repos
📈 CVE Published in last 30 days (2026-03-02 - 2026-04-01)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 6145
Severity:
- Critical: 615
- High: 2408
- Medium: 2575
- Low: 237
- None: 310
Status:
- : 52
- Analyzed: 2872
- Awaiting Analysis: 2622
- Modified: 245
- Received: 185
- Rejected: 58
- Undergoing Analysis: 111
Top CNAs:
- GitHub, Inc.: 1471
- Patchstack: 699
- VulnCheck: 594
- VulDB: 577
- MITRE: 381
- Wordfence: 308
- kernel.org: 180
- Microsoft Corporation: 97
- Apple Inc.: 89
- Adobe Systems Incorporated: 86
Top Affected Products:
- UNKNOWN: 3040
- Openclaw: 173
- Google Android: 101
- Apple Macos: 79
- Google Chrome: 75
- Wwbn Avideo: 65
- Parseplatform Parse-server: 56
- Mozilla Firefox: 48
- Apple Ipados: 44
- Open-emr Openemr: 44
Top EPSS Score:
- CVE-2025-14558 - 53.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14558)
- CVE-2026-29058 - 42.99 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-29058)
- CVE-2026-1492 - 29.00 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1492)
- CVE-2026-2025 - 26.43 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2025)
- CVE-2026-2413 - 26.22 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2413)
- CVE-2026-27971 - 23.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-27971)
- CVE-2023-7337 - 22.17 % (https://secdb.nttzen.cloud/cve/detail/CVE-2023-7337)
- CVE-2026-33634 - 20.84 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33634)
- CVE-2026-2493 - 15.24 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2493)
- CVE-2025-71260 - 9.15 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71260)
updated 2026-02-24T14:57:18.363000
1 posts
ruby3.2 (3.2.3-1ubuntu0.24.04.7)
CVE-2025-61594へのセキュリティ対応
libruby3.2
#Mastodon v4.5 ではruby 3.4.7になっています。これは gem uri (default: 1.0.4)で、今回のCVEは uri 1.0.3 までが影響を受けるので、Mastodon v4.5 なら問題なさそうです。
pollinatee (4.33-3.1ubuntu1.3)
CVEセキュリティ対応ではない。
updated 2026-02-10T18:30:53
2 posts
1 repos
Yet another abuse of the missing "CrossDevice.Streaming.Source.dll" DLL!
After CVE-2025-24076 / CVE-2025-24076 found by Compass Security, Researcher Oscar Zanotti Campo found another vulnerability that he could exploit using the built-in misconfigured COM class referencing this DLL. This is CVE-2026-21508. 🔥
👉 https://0xc4r.github.io/posts/CVE-2026-21508/
👉 https://github.com/0xc4r/CVE-2026-21508_POC/
👉 https://blog.0patch.com/2026/03/micropatches-released-for-windows.html
Yet another abuse of the missing "CrossDevice.Streaming.Source.dll" DLL!
After CVE-2025-24076 / CVE-2025-24076 found by Compass Security, Researcher Oscar Zanotti Campo found another vulnerability that he could exploit using the built-in misconfigured COM class referencing this DLL. This is CVE-2026-21508. 🔥
👉 https://0xc4r.github.io/posts/CVE-2026-21508/
👉 https://github.com/0xc4r/CVE-2026-21508_POC/
👉 https://blog.0patch.com/2026/03/micropatches-released-for-windows.html
updated 2026-02-10T14:49:56.377000
2 posts
11 repos
https://github.com/0xc4r/CVE-2026-21508_POC
https://github.com/gavz/CVE-2026-21509-PoC
https://github.com/SimoesCTT/CTT-MICROSOFT-OFFICE-OLE-MANIFOLD-BYPASS-CVE-2026-21509
https://github.com/decalage2/detect_CVE-2026-21509
https://github.com/kimstars/Ashwesker-CVE-2026-21509
https://github.com/YoussefMami/CVE2026_21509
https://github.com/kaizensecurity/CVE-2026-21509
https://github.com/ksk-itdk/KSK-ITDK-CVE-2026-21509-Mitigation
https://github.com/suuhm/CVE-2026-21509-handler
Yet another abuse of the missing "CrossDevice.Streaming.Source.dll" DLL!
After CVE-2025-24076 / CVE-2025-24076 found by Compass Security, Researcher Oscar Zanotti Campo found another vulnerability that he could exploit using the built-in misconfigured COM class referencing this DLL. This is CVE-2026-21508. 🔥
👉 https://0xc4r.github.io/posts/CVE-2026-21508/
👉 https://github.com/0xc4r/CVE-2026-21508_POC/
👉 https://blog.0patch.com/2026/03/micropatches-released-for-windows.html
Yet another abuse of the missing "CrossDevice.Streaming.Source.dll" DLL!
After CVE-2025-24076 / CVE-2025-24076 found by Compass Security, Researcher Oscar Zanotti Campo found another vulnerability that he could exploit using the built-in misconfigured COM class referencing this DLL. This is CVE-2026-21508. 🔥
👉 https://0xc4r.github.io/posts/CVE-2026-21508/
👉 https://github.com/0xc4r/CVE-2026-21508_POC/
👉 https://blog.0patch.com/2026/03/micropatches-released-for-windows.html
updated 2026-01-16T19:31:34.467000
1 posts
11 repos
https://github.com/sec-dojo-com/CVE-2026-21858
https://github.com/Alhakim88/CVE-2026-21858
https://github.com/0xBlackash/CVE-2026-21858
https://github.com/cropnet/Ni8mare
https://github.com/EQSTLab/CVE-2026-21858
https://github.com/bamov970/CVE-2026-21858
https://github.com/Yati2/Ni8mare-CVE-2026-21858
https://github.com/SystemVll/CVE-2026-21858
Ni8mare - Unauthenticated Remote Code Execution in n8n (CVE-2026-21858) https://www.cyera.com/research-labs/ni8mare-unauthenticated-remote-code-execution-in-n8n-cve-2026-21858
##updated 2026-01-13T15:58:23.373000
1 posts
2 repos
LangGrinch: A Bug in the Library, A Lesson for the Architecture https://amlalabs.com/blog/langgrinch-cve-2025-68664/
##updated 2025-12-30T00:32:58
1 posts
39 repos
https://github.com/JemHadar/MongoBleed-DFIR-Triage-Script-CVE-2025-14847
https://github.com/saereya/CVE-2025-14847---MongoBleed
https://github.com/FurkanKAYAPINAR/CVE-2025-14847-MongoBleed-Exploit
https://github.com/Rishi-kaul/CVE-2025-14847-MongoBleed
https://github.com/im-hanzou/mongobleed
https://github.com/Security-Phoenix-demo/mongobleed-exploit-CVE-2025-14847
https://github.com/14mb1v45h/CYBERDUDEBIVASH-MONGODB-DETECTOR-v2026
https://github.com/vfa-tuannt/CVE-2025-14847
https://github.com/sho-luv/MongoBleed
https://github.com/sahar042/CVE-2025-14847
https://github.com/pedrocruz2202/pedrocruz2202.github.io
https://github.com/ElJoamy/MongoBleed-exploit
https://github.com/lincemorado97/CVE-2025-14847
https://github.com/chinaxploiter/CVE-2025-14847-PoC
https://github.com/j0lt-github/mongobleedburp
https://github.com/sakthivel10q/sakthivel10q.github.io
https://github.com/cybertechajju/CVE-2025-14847_Expolit
https://github.com/0xBlackash/CVE-2025-14847
https://github.com/CadGoose/MongoBleed-CVE-2025-14847-Fully-Automated-scanner
https://github.com/amnnrth/CVE-2025-14847
https://github.com/KingHacker353/CVE-2025-14847_Expolit
https://github.com/waheeb71/CVE-2025-14847
https://github.com/franksec42/mongobleed-exploit-CVE-2025-14847
https://github.com/pedrocruz2202/mongobleed-scanner
https://github.com/InfoSecAntara/CVE-2025-14847-MongoDB
https://github.com/tunahantekeoglu/MongoDeepDive
https://github.com/Systemhaus-Schulz/MongoBleed-CVE-2025-14847
https://github.com/peakcyber-security/CVE-2025-14847
https://github.com/Black1hp/mongobleed-scanner
https://github.com/joshuavanderpoll/CVE-2025-14847
https://github.com/ProbiusOfficial/CVE-2025-14847
https://github.com/onewinner/CVE-2025-14847
https://github.com/NoNameError/MongoBLEED---CVE-2025-14847-POC-
https://github.com/alexcyberx/CVE-2025-14847_Expolit
https://github.com/nma-io/mongobleed
https://github.com/sakthivel10q/CVE-2025-14847
https://github.com/kuyrathdaro/cve-2025-14847
https://github.com/keraattin/Mongobleed-Detector-CVE-2025-14847
Mongobleed - CVE-2025-14847 https://doublepulsar.com/merry-christmas-day-have-a-mongodb-security-incident-9537f54289eb
##updated 2025-11-03T20:18:29.263000
2 posts
Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems https://thehackernews.com/2026/03/hackers-exploit-cve-2025-32975-cvss-100.html
##Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems https://thehackernews.com/2026/03/hackers-exploit-cve-2025-32975-cvss-100.html
##updated 2025-10-24T13:42:55.550000
2 posts
14 repos
https://github.com/akshthejo/CVE-2023-4966-exploit
https://github.com/IceBreakerCode/CVE-2023-4966
https://github.com/dinosn/citrix_cve-2023-4966
https://github.com/s-bt/CVE-2023-4966
https://github.com/mlynchcogent/CVE-2023-4966-POC
https://github.com/RevoltSecurities/CVE-2023-4966
https://github.com/certat/citrix-logchecker
https://github.com/morganwdavis/overread
https://github.com/byte4RR4Y/CVE-2023-4966
https://github.com/vignesh-hp/LockBit-Ransomware-Analysis
https://github.com/Chocapikk/CVE-2023-4966
https://github.com/LucasOneZ/CVE-2023-4966
CISA just added CVE-2023-4966 to its Known Exploited Vulnerabilities catalog and is giving federal agencies until Thursday to patch Citrix Net Scaler devices.
Read more: https://steelefortress.com/botzi1
InfoSec #Cybersecurity #Security
##CISA just added CVE-2023-4966 to its Known Exploited Vulnerabilities catalog and is giving federal agencies until Thursday to patch Citrix Net Scaler devices.
Read more: https://steelefortress.com/botzi1
InfoSec #Cybersecurity #Security
##updated 2025-08-19T01:15:57.407000
1 posts
78 repos
https://github.com/mesutgungor/xz-backdoor-vulnerability
https://github.com/Yuma-Tsushima07/CVE-2024-3094
https://github.com/spidygal/CVE-2024-3094-Nmap-NSE-script
https://github.com/ykhurshudyan-blip/CVE-2024-3094
https://github.com/zpxlz/CVE-2024-3094
https://github.com/mightysai1997/CVE-2024-3094
https://github.com/amlweems/xzbot
https://github.com/hackura/xz-cve-2024-3094
https://github.com/Simplifi-ED/CVE-2024-3094-patcher
https://github.com/r0binak/xzk8s
https://github.com/pentestfunctions/CVE-2024-3094
https://github.com/Juul/xz-backdoor-scan
https://github.com/ScrimForever/CVE-2024-3094
https://github.com/lypd0/CVE-2024-3094-Vulnerabity-Checker
https://github.com/encikayelwhitehat-glitch/CVE-2024-3094
https://github.com/devjanger/CVE-2024-3094-XZ-Backdoor-Detector
https://github.com/MagpieRYL/CVE-2024-3094-backdoor-env-container
https://github.com/Horizon-Software-Development/CVE-2024-3094
https://github.com/fevar54/Detectar-Backdoor-en-liblzma-de-XZ-utils-CVE-2024-3094-
https://github.com/mightysai1997/CVE-2024-3094-info
https://github.com/robertdfrench/ifuncd-up
https://github.com/ThomRgn/xzutils_backdoor_obfuscation
https://github.com/Dermot-lab/TryHack
https://github.com/byinarie/CVE-2024-3094-info
https://github.com/felipecosta09/cve-2024-3094
https://github.com/been22426/CVE-2024-3094
https://github.com/harekrishnarai/xz-utils-vuln-checker
https://github.com/24Owais/threat-intel-cve-2024-3094
https://github.com/isuruwa/CVE-2024-3094
https://github.com/brinhosa/CVE-2024-3094-One-Liner
https://github.com/hackingetico21/revisaxzutils
https://github.com/lockness-Ko/xz-vulnerable-honeypot
https://github.com/TheTorjanCaptain/CVE-2024-3094-Checker
https://github.com/Mustafa1986/CVE-2024-3094
https://github.com/MrBUGLF/XZ-Utils_CVE-2024-3094
https://github.com/HackerHermanos/CVE-2024-3094_xz_check
https://github.com/0xlane/xz-cve-2024-3094
https://github.com/hazemkya/CVE-2024-3094-checker
https://github.com/hariskhalil555000-sketch/What-utility-does-CVE-2024-3094-refer-to-
https://github.com/iheb2b/CVE-2024-3094-Checker
https://github.com/Titus-soc/-CVE-2024-3094-Vulnerability-Checker-Fixer-Public
https://github.com/ackemed/detectar_cve-2024-3094
https://github.com/badsectorlabs/ludus_xz_backdoor
https://github.com/Security-Phoenix-demo/CVE-2024-3094-fix-exploits
https://github.com/Bella-Bc/xz-backdoor-CVE-2024-3094-Check
https://github.com/robertdebock/ansible-role-cve_2024_3094
https://github.com/przemoc/xz-backdoor-links
https://github.com/KaminaDuck/ansible-CVE-2024-3094
https://github.com/gustavorobertux/CVE-2024-3094
https://github.com/M1lo25/CS50FinalProject
https://github.com/FabioBaroni/CVE-2024-3094-checker
https://github.com/ashwani95/CVE-2024-3094
https://github.com/shefirot/CVE-2024-3094
https://github.com/weltregie/liblzma-scan
https://github.com/Ikram124/CVE-2024-3094-analysis
https://github.com/bsekercioglu/cve2024-3094-Checker
https://github.com/OpensourceICTSolutions/xz_utils-CVE-2024-3094
https://github.com/Fractal-Tess/CVE-2024-3094
https://github.com/bioless/xz_cve-2024-3094_detection
https://github.com/michalAshurov/writeup-CVE-2024-3094
https://github.com/greydoubt/xz
https://github.com/AndreaCicca/Sicurezza-Informatica-Presentazione
https://github.com/valeriot30/cve-2024-3094
https://github.com/jfrog/cve-2024-3094-tools
https://github.com/BOSE122/CVE-2024-3094
https://github.com/DANO-AMP/CVE-2024-3094
https://github.com/buluma/ansible-role-cve_2024_3094
https://github.com/galacticquest/cve-2024-3094-detect
https://github.com/wgetnz/CVE-2024-3094-check
https://github.com/extracoding-dozen/CVE-2024-3094
https://github.com/laxmikumari615/Linux---Security---Detect-and-Mitigate-CVE-2024-3094
https://github.com/gensecaihq/CVE-2024-3094-Vulnerability-Checker-Fixer
https://github.com/mrk336/CVE-2024-3094
https://github.com/dah4k/CVE-2024-3094
https://github.com/robertdebock/ansible-playbook-cve-2024-3094
https://github.com/emirkmo/xz-backdoor-github
🚨 CVE-2024-3094 proved that policy isn't protection—architecture is. Our latest forensic brief breaks down the XZ Utils backdoor and how the Ransier Sentinel™ (SOC-n-a-BOX™) restores trust through hardware-isolated telemetry. Read the full audit at The Cyber Mind Co. 🛡️ #CyberSecurity #Sentinel
##updated 2025-08-12T21:44:25
2 posts
1 repos
🟠 CVE-2026-4800 - High (8.1)
Impact:
The fix for CVE-2021-23337 (https://github.com/advisories/GHSA-35jh-r3h4-6jhm) added validation for the variable option in _.template but did not apply the same validation to options.imports key names. Both paths flow into the same Functi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4800/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4800 - High (8.1)
Impact:
The fix for CVE-2021-23337 (https://github.com/advisories/GHSA-35jh-r3h4-6jhm) added validation for the variable option in _.template but did not apply the same validation to options.imports key names. Both paths flow into the same Functi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4800/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2025-07-17T13:10:35.760000
1 posts
#OT #Advisory VDE-2026-003
Endress+Hauser: Multiple products prone to multiple vulnerabilities in e!Runtime and CODESYS V3 Runtime
Multiple Endress+Hauser devices are prone to vulnerabilities found in e!Runtime and the CODESYS V3 framework.
#CVE CVE-2022-47390, CVE-2022-47389, CVE-2022-47388, CVE-2022-47387, CVE-2022-47386, CVE-2022-47385, CVE-2022-47384, CVE-2022-47383, CVE-2022-47382, CVE-2022-47381, CVE-2022-47380, CVE-2022-47379, CVE-2022-47391, CVE-2022-47393, CVE-2022-47392, CVE-2022-47378
https://certvde.com/en/advisories/vde-2026-003/
#CSAF https://endress-hauser.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-003.json
##updated 2025-07-17T13:10:11.830000
1 posts
#OT #Advisory VDE-2026-003
Endress+Hauser: Multiple products prone to multiple vulnerabilities in e!Runtime and CODESYS V3 Runtime
Multiple Endress+Hauser devices are prone to vulnerabilities found in e!Runtime and the CODESYS V3 framework.
#CVE CVE-2022-47390, CVE-2022-47389, CVE-2022-47388, CVE-2022-47387, CVE-2022-47386, CVE-2022-47385, CVE-2022-47384, CVE-2022-47383, CVE-2022-47382, CVE-2022-47381, CVE-2022-47380, CVE-2022-47379, CVE-2022-47391, CVE-2022-47393, CVE-2022-47392, CVE-2022-47378
https://certvde.com/en/advisories/vde-2026-003/
#CSAF https://endress-hauser.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-003.json
##updated 2025-07-17T13:05:21.360000
1 posts
#OT #Advisory VDE-2026-003
Endress+Hauser: Multiple products prone to multiple vulnerabilities in e!Runtime and CODESYS V3 Runtime
Multiple Endress+Hauser devices are prone to vulnerabilities found in e!Runtime and the CODESYS V3 framework.
#CVE CVE-2022-47390, CVE-2022-47389, CVE-2022-47388, CVE-2022-47387, CVE-2022-47386, CVE-2022-47385, CVE-2022-47384, CVE-2022-47383, CVE-2022-47382, CVE-2022-47381, CVE-2022-47380, CVE-2022-47379, CVE-2022-47391, CVE-2022-47393, CVE-2022-47392, CVE-2022-47378
https://certvde.com/en/advisories/vde-2026-003/
#CSAF https://endress-hauser.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-003.json
##updated 2025-07-17T13:02:11.490000
1 posts
#OT #Advisory VDE-2026-003
Endress+Hauser: Multiple products prone to multiple vulnerabilities in e!Runtime and CODESYS V3 Runtime
Multiple Endress+Hauser devices are prone to vulnerabilities found in e!Runtime and the CODESYS V3 framework.
#CVE CVE-2022-47390, CVE-2022-47389, CVE-2022-47388, CVE-2022-47387, CVE-2022-47386, CVE-2022-47385, CVE-2022-47384, CVE-2022-47383, CVE-2022-47382, CVE-2022-47381, CVE-2022-47380, CVE-2022-47379, CVE-2022-47391, CVE-2022-47393, CVE-2022-47392, CVE-2022-47378
https://certvde.com/en/advisories/vde-2026-003/
#CSAF https://endress-hauser.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-003.json
##updated 2025-07-17T12:56:32.877000
1 posts
#OT #Advisory VDE-2026-003
Endress+Hauser: Multiple products prone to multiple vulnerabilities in e!Runtime and CODESYS V3 Runtime
Multiple Endress+Hauser devices are prone to vulnerabilities found in e!Runtime and the CODESYS V3 framework.
#CVE CVE-2022-47390, CVE-2022-47389, CVE-2022-47388, CVE-2022-47387, CVE-2022-47386, CVE-2022-47385, CVE-2022-47384, CVE-2022-47383, CVE-2022-47382, CVE-2022-47381, CVE-2022-47380, CVE-2022-47379, CVE-2022-47391, CVE-2022-47393, CVE-2022-47392, CVE-2022-47378
https://certvde.com/en/advisories/vde-2026-003/
#CSAF https://endress-hauser.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-003.json
##updated 2025-07-17T12:50:47.377000
1 posts
#OT #Advisory VDE-2026-003
Endress+Hauser: Multiple products prone to multiple vulnerabilities in e!Runtime and CODESYS V3 Runtime
Multiple Endress+Hauser devices are prone to vulnerabilities found in e!Runtime and the CODESYS V3 framework.
#CVE CVE-2022-47390, CVE-2022-47389, CVE-2022-47388, CVE-2022-47387, CVE-2022-47386, CVE-2022-47385, CVE-2022-47384, CVE-2022-47383, CVE-2022-47382, CVE-2022-47381, CVE-2022-47380, CVE-2022-47379, CVE-2022-47391, CVE-2022-47393, CVE-2022-47392, CVE-2022-47378
https://certvde.com/en/advisories/vde-2026-003/
#CSAF https://endress-hauser.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-003.json
##updated 2025-07-17T12:38:27.903000
1 posts
#OT #Advisory VDE-2026-003
Endress+Hauser: Multiple products prone to multiple vulnerabilities in e!Runtime and CODESYS V3 Runtime
Multiple Endress+Hauser devices are prone to vulnerabilities found in e!Runtime and the CODESYS V3 framework.
#CVE CVE-2022-47390, CVE-2022-47389, CVE-2022-47388, CVE-2022-47387, CVE-2022-47386, CVE-2022-47385, CVE-2022-47384, CVE-2022-47383, CVE-2022-47382, CVE-2022-47381, CVE-2022-47380, CVE-2022-47379, CVE-2022-47391, CVE-2022-47393, CVE-2022-47392, CVE-2022-47378
https://certvde.com/en/advisories/vde-2026-003/
#CSAF https://endress-hauser.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-003.json
##updated 2025-07-17T12:38:13.340000
1 posts
#OT #Advisory VDE-2026-003
Endress+Hauser: Multiple products prone to multiple vulnerabilities in e!Runtime and CODESYS V3 Runtime
Multiple Endress+Hauser devices are prone to vulnerabilities found in e!Runtime and the CODESYS V3 framework.
#CVE CVE-2022-47390, CVE-2022-47389, CVE-2022-47388, CVE-2022-47387, CVE-2022-47386, CVE-2022-47385, CVE-2022-47384, CVE-2022-47383, CVE-2022-47382, CVE-2022-47381, CVE-2022-47380, CVE-2022-47379, CVE-2022-47391, CVE-2022-47393, CVE-2022-47392, CVE-2022-47378
https://certvde.com/en/advisories/vde-2026-003/
#CSAF https://endress-hauser.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-003.json
##updated 2025-07-09T18:08:46
1 posts
3 repos
https://github.com/darshjme/mcp-security-audit
When OAuth Becomes a Weapon: Lessons from CVE-2025-6514 https://amlalabs.com/blog/oauth-cve-2025-6514/
##updated 2025-05-19T14:20:49.300000
1 posts
Microsoft Brokering File System Elevation of Privilege Vulnerability (CVE--2025-29970) https://www.pixiepointsecurity.com/blog/nday-cve-2025-29970/
##updated 2025-03-11T18:32:27
2 posts
1 repos
Yet another abuse of the missing "CrossDevice.Streaming.Source.dll" DLL!
After CVE-2025-24076 / CVE-2025-24076 found by Compass Security, Researcher Oscar Zanotti Campo found another vulnerability that he could exploit using the built-in misconfigured COM class referencing this DLL. This is CVE-2026-21508. 🔥
👉 https://0xc4r.github.io/posts/CVE-2026-21508/
👉 https://github.com/0xc4r/CVE-2026-21508_POC/
👉 https://blog.0patch.com/2026/03/micropatches-released-for-windows.html
Yet another abuse of the missing "CrossDevice.Streaming.Source.dll" DLL!
After CVE-2025-24076 / CVE-2025-24076 found by Compass Security, Researcher Oscar Zanotti Campo found another vulnerability that he could exploit using the built-in misconfigured COM class referencing this DLL. This is CVE-2026-21508. 🔥
👉 https://0xc4r.github.io/posts/CVE-2026-21508/
👉 https://github.com/0xc4r/CVE-2026-21508_POC/
👉 https://blog.0patch.com/2026/03/micropatches-released-for-windows.html
updated 2024-11-21T09:23:48.037000
1 posts
i just want fingerprint reading on linux :floofCry:
https://nvd.nist.gov/vuln/detail/cve-2024-37408
updated 2024-04-11T21:18:07
1 posts
#OT #Advisory VDE-2026-003
Endress+Hauser: Multiple products prone to multiple vulnerabilities in e!Runtime and CODESYS V3 Runtime
Multiple Endress+Hauser devices are prone to vulnerabilities found in e!Runtime and the CODESYS V3 framework.
#CVE CVE-2022-47390, CVE-2022-47389, CVE-2022-47388, CVE-2022-47387, CVE-2022-47386, CVE-2022-47385, CVE-2022-47384, CVE-2022-47383, CVE-2022-47382, CVE-2022-47381, CVE-2022-47380, CVE-2022-47379, CVE-2022-47391, CVE-2022-47393, CVE-2022-47392, CVE-2022-47378
https://certvde.com/en/advisories/vde-2026-003/
#CSAF https://endress-hauser.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-003.json
##updated 2024-04-04T05:43:04
1 posts
#OT #Advisory VDE-2026-003
Endress+Hauser: Multiple products prone to multiple vulnerabilities in e!Runtime and CODESYS V3 Runtime
Multiple Endress+Hauser devices are prone to vulnerabilities found in e!Runtime and the CODESYS V3 framework.
#CVE CVE-2022-47390, CVE-2022-47389, CVE-2022-47388, CVE-2022-47387, CVE-2022-47386, CVE-2022-47385, CVE-2022-47384, CVE-2022-47383, CVE-2022-47382, CVE-2022-47381, CVE-2022-47380, CVE-2022-47379, CVE-2022-47391, CVE-2022-47393, CVE-2022-47392, CVE-2022-47378
https://certvde.com/en/advisories/vde-2026-003/
#CSAF https://endress-hauser.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-003.json
##updated 2024-04-04T05:43:02
1 posts
#OT #Advisory VDE-2026-003
Endress+Hauser: Multiple products prone to multiple vulnerabilities in e!Runtime and CODESYS V3 Runtime
Multiple Endress+Hauser devices are prone to vulnerabilities found in e!Runtime and the CODESYS V3 framework.
#CVE CVE-2022-47390, CVE-2022-47389, CVE-2022-47388, CVE-2022-47387, CVE-2022-47386, CVE-2022-47385, CVE-2022-47384, CVE-2022-47383, CVE-2022-47382, CVE-2022-47381, CVE-2022-47380, CVE-2022-47379, CVE-2022-47391, CVE-2022-47393, CVE-2022-47392, CVE-2022-47378
https://certvde.com/en/advisories/vde-2026-003/
#CSAF https://endress-hauser.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-003.json
##updated 2024-04-04T05:42:57
1 posts
#OT #Advisory VDE-2026-003
Endress+Hauser: Multiple products prone to multiple vulnerabilities in e!Runtime and CODESYS V3 Runtime
Multiple Endress+Hauser devices are prone to vulnerabilities found in e!Runtime and the CODESYS V3 framework.
#CVE CVE-2022-47390, CVE-2022-47389, CVE-2022-47388, CVE-2022-47387, CVE-2022-47386, CVE-2022-47385, CVE-2022-47384, CVE-2022-47383, CVE-2022-47382, CVE-2022-47381, CVE-2022-47380, CVE-2022-47379, CVE-2022-47391, CVE-2022-47393, CVE-2022-47392, CVE-2022-47378
https://certvde.com/en/advisories/vde-2026-003/
#CSAF https://endress-hauser.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-003.json
##updated 2024-04-04T05:42:52
1 posts
#OT #Advisory VDE-2026-003
Endress+Hauser: Multiple products prone to multiple vulnerabilities in e!Runtime and CODESYS V3 Runtime
Multiple Endress+Hauser devices are prone to vulnerabilities found in e!Runtime and the CODESYS V3 framework.
#CVE CVE-2022-47390, CVE-2022-47389, CVE-2022-47388, CVE-2022-47387, CVE-2022-47386, CVE-2022-47385, CVE-2022-47384, CVE-2022-47383, CVE-2022-47382, CVE-2022-47381, CVE-2022-47380, CVE-2022-47379, CVE-2022-47391, CVE-2022-47393, CVE-2022-47392, CVE-2022-47378
https://certvde.com/en/advisories/vde-2026-003/
#CSAF https://endress-hauser.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-003.json
##updated 2024-04-04T05:42:52
1 posts
#OT #Advisory VDE-2026-003
Endress+Hauser: Multiple products prone to multiple vulnerabilities in e!Runtime and CODESYS V3 Runtime
Multiple Endress+Hauser devices are prone to vulnerabilities found in e!Runtime and the CODESYS V3 framework.
#CVE CVE-2022-47390, CVE-2022-47389, CVE-2022-47388, CVE-2022-47387, CVE-2022-47386, CVE-2022-47385, CVE-2022-47384, CVE-2022-47383, CVE-2022-47382, CVE-2022-47381, CVE-2022-47380, CVE-2022-47379, CVE-2022-47391, CVE-2022-47393, CVE-2022-47392, CVE-2022-47378
https://certvde.com/en/advisories/vde-2026-003/
#CSAF https://endress-hauser.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-003.json
##updated 2024-04-04T04:05:11
1 posts
#OT #Advisory VDE-2026-003
Endress+Hauser: Multiple products prone to multiple vulnerabilities in e!Runtime and CODESYS V3 Runtime
Multiple Endress+Hauser devices are prone to vulnerabilities found in e!Runtime and the CODESYS V3 framework.
#CVE CVE-2022-47390, CVE-2022-47389, CVE-2022-47388, CVE-2022-47387, CVE-2022-47386, CVE-2022-47385, CVE-2022-47384, CVE-2022-47383, CVE-2022-47382, CVE-2022-47381, CVE-2022-47380, CVE-2022-47379, CVE-2022-47391, CVE-2022-47393, CVE-2022-47392, CVE-2022-47378
https://certvde.com/en/advisories/vde-2026-003/
#CSAF https://endress-hauser.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-003.json
##updated 2024-04-04T04:05:08
1 posts
#OT #Advisory VDE-2026-003
Endress+Hauser: Multiple products prone to multiple vulnerabilities in e!Runtime and CODESYS V3 Runtime
Multiple Endress+Hauser devices are prone to vulnerabilities found in e!Runtime and the CODESYS V3 framework.
#CVE CVE-2022-47390, CVE-2022-47389, CVE-2022-47388, CVE-2022-47387, CVE-2022-47386, CVE-2022-47385, CVE-2022-47384, CVE-2022-47383, CVE-2022-47382, CVE-2022-47381, CVE-2022-47380, CVE-2022-47379, CVE-2022-47391, CVE-2022-47393, CVE-2022-47392, CVE-2022-47378
https://certvde.com/en/advisories/vde-2026-003/
#CSAF https://endress-hauser.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-003.json
##🔴 CVE-2026-4370 - Critical (10)
A vulnerability was identified in Juju from version 3.2.0 until 3.6.19 and from version 4.0 until 4.0.4, where the internal Dqlite database cluster fails to perform proper TLS client and server authentication. Specifically, the Juju controller's d...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4370/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔥 CRITICAL: CVE-2026-4370 in Canonical Juju (3.2.0 – 3.6.19, 4.0 – 4.0.4) allows unauthenticated attackers to join Dqlite clusters via improper TLS validation. Patch or restrict port access now! https://radar.offseq.com/threat/cve-2026-4370-cwe-295-improper-certificate-validat-9bb2b3b6 #OffSeq #Juju #Vuln #Infosec
##🔴 CVE-2026-4370 - Critical (10)
A vulnerability was identified in Juju from version 3.2.0 until 3.6.19 and from version 4.0 until 4.0.4, where the internal Dqlite database cluster fails to perform proper TLS client and server authentication. Specifically, the Juju controller's d...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4370/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔥 CRITICAL: CVE-2026-4370 in Canonical Juju (3.2.0 – 3.6.19, 4.0 – 4.0.4) allows unauthenticated attackers to join Dqlite clusters via improper TLS validation. Patch or restrict port access now! https://radar.offseq.com/threat/cve-2026-4370-cwe-295-improper-certificate-validat-9bb2b3b6 #OffSeq #Juju #Vuln #Infosec
##🟠 CVE-2026-4800 - High (8.1)
Impact:
The fix for CVE-2021-23337 (https://github.com/advisories/GHSA-35jh-r3h4-6jhm) added validation for the variable option in _.template but did not apply the same validation to options.imports key names. Both paths flow into the same Functi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4800/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4800 - High (8.1)
Impact:
The fix for CVE-2021-23337 (https://github.com/advisories/GHSA-35jh-r3h4-6jhm) added validation for the variable option in _.template but did not apply the same validation to options.imports key names. Both paths flow into the same Functi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4800/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34365 - High (7.6)
InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery (SSRF) vulnerability exists in the Estimate PDF generation mo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34365/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34365 - High (7.6)
InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery (SSRF) vulnerability exists in the Estimate PDF generation mo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34365/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34366 - High (7.6)
InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery (SSRF) vulnerability exists in the Payment receipt PDF genera...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34366/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34366 - High (7.6)
InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery (SSRF) vulnerability exists in the Payment receipt PDF genera...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34366/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34731 - High (7.5)
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo on_publish_done.php endpoint in the Live plugin allows unauthenticated users to terminate any active live stream. The endpoint processes RTMP callback events to m...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34731/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34731 - High (7.5)
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo on_publish_done.php endpoint in the Live plugin allows unauthenticated users to terminate any active live stream. The endpoint processes RTMP callback events to m...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34731/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Our colleague @mal had another look at OpenOLAT and found a nice RCE (CVE-2026-28228 and CVE-2026-28228). If you're interested, details can be found on our blog https://secfault-security.com/blog/openolat-ssti.html
##🟠 CVE-2026-28228 - High (8.8)
OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. Prior to versions 19.1.31, 20.1.18, and 20.2.5, an authenticated user with the Author role can inject Velocity directives into a reminde...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28228/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34054 - High (7.8)
vcpkg is a free and open-source C/C++ package manager. Prior to version 3.6.1#3, vcpkg's Windows builds of OpenSSL set openssldir to a path on the build machine, making that path be attackable later on customer machines. This issue has been patche...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34054/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33984 - High (7.5)
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in resize_vbar_entry() in libfreerdp/codec/clear.c, vBarEntry->size is updated to vBarEntry->count before the winpr_aligned_recalloc() call. If realloc fails...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33984/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33986 - High (7.5)
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in yuv_ensure_buffer() in libfreerdp/codec/h264.c, h264->width and h264->height are updated before the reallocation loop. If any winpr_aligned_recalloc() cal...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33986/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32877 - High (8.2)
Botan is a C++ cryptography library. From version 2.3.0 to before version 3.11.0, during SM2 decryption, the code that checked the authentication code value (C3) failed to check that the encoded value was of the expected length prior to comparison...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32877/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-31946 - Critical (9.8)
OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. From version 10.5.4 to before version 20.2.5, OpenOLAT's OpenID Connect implicit flow implementation does not verify JWT signatures. The...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31946/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔒 Security Advisory: OWASP CRS file upload extension checks could be bypassed using whitespace padding in filenames (e.g. shell. php). CVE-2026-33691, Moderate severity.
Upgrade to CRS v4.25.0 or v3.3.9.
Thanks @HackingRepo for the report!
https://github.com/coreruleset/coreruleset/security/advisories/GHSA-rw5f-9w43-gv2w