| CVE | CVSS | EPSS | Posts | Repos | Nuclei | Updated | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-70245 | 9.8 | 0.05% | 2 | 0 | 2026-03-13T21:32:53 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime para | |
| CVE-2025-66956 | 10.0 | 0.10% | 2 | 1 | 2026-03-13T21:32:49 | Insecure Access Control in Contact Plan, E-Mail, SMS and Fax components in Assec | |
| CVE-2026-26791 | 9.8 | 0.68% | 4 | 0 | 2026-03-13T21:32:49 | GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulner | |
| CVE-2026-26794 | 8.8 | 0.17% | 2 | 0 | 2026-03-13T21:32:48 | GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL injection vulnerabil | |
| CVE-2026-32458 | 7.6 | 0.03% | 2 | 0 | 2026-03-13T21:32:01 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2026-32426 | 7.5 | 0.11% | 6 | 0 | 2026-03-13T21:32:00 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP | |
| CVE-2026-32422 | 8.5 | 0.03% | 6 | 0 | 2026-03-13T21:32:00 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2026-32418 | 7.6 | 0.03% | 2 | 0 | 2026-03-13T21:32:00 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2026-32433 | 8.5 | 0.03% | 2 | 0 | 2026-03-13T21:32:00 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2026-3045 | 7.5 | 0.03% | 4 | 0 | 2026-03-13T21:32:00 | The Appointment Booking Calendar — Simply Schedule Appointments plugin for WordP | |
| CVE-2026-32459 | 8.5 | 0.03% | 2 | 0 | 2026-03-13T21:32:00 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2026-4111 | 7.5 | 0.04% | 2 | 0 | 2026-03-13T21:32:00 | A flaw was identified in the RAR5 archive decompression logic of the libarchive | |
| CVE-2026-32358 | 7.6 | 0.03% | 2 | 0 | 2026-03-13T21:31:59 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2026-32366 | 8.5 | 0.03% | 2 | 0 | 2026-03-13T21:31:59 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2026-32400 | 7.5 | 0.11% | 2 | 0 | 2026-03-13T21:31:59 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP | |
| CVE-2026-2890 | 7.5 | 0.05% | 1 | 0 | 2026-03-13T21:31:58 | The Formidable Forms plugin for WordPress is vulnerable to a payment integrity b | |
| CVE-2026-31917 | 8.5 | 0.03% | 2 | 0 | 2026-03-13T21:31:58 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2026-31922 | 8.5 | 0.03% | 2 | 0 | 2026-03-13T21:31:58 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2026-22193 | 8.1 | 0.03% | 1 | 0 | 2026-03-13T21:31:58 | wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the getAllSubs | |
| CVE-2026-32621 | 9.9 | 0.03% | 2 | 0 | 2026-03-13T20:51:15 | ### Impact A vulnerability exists in query plan execution within the gateway th | |
| CVE-2026-1526 | 7.5 | 0.04% | 1 | 0 | 2026-03-13T20:41:59 | ## Description The undici WebSocket client is vulnerable to a denial-of-service | |
| CVE-2026-2229 | 7.5 | 0.07% | 1 | 0 | 2026-03-13T20:41:44 | ### Impact The undici WebSocket client is vulnerable to a denial-of-service att | |
| CVE-2026-3909 | 8.8 | 27.12% | 13 | 0 | 2026-03-13T20:24:40.417000 | Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a re | |
| CVE-2026-3910 | 8.8 | 21.89% | 13 | 0 | 2026-03-13T20:24:29.740000 | Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allow | |
| CVE-2026-32136 | 9.8 | 0.66% | 5 | 0 | 2026-03-13T20:19:00.987000 | AdGuard Home is a network-wide software for blocking ads and tracking. Prior to | |
| CVE-2026-26117 | 7.8 | 0.04% | 1 | 0 | 2026-03-13T20:14:21.453000 | Authentication bypass using an alternate path or channel in Azure Windows Virtua | |
| CVE-2026-1528 | 7.5 | 0.06% | 1 | 0 | 2026-03-13T20:06:54.667000 | ImpactA server can reply with a WebSocket frame using the 64-bit length form and | |
| CVE-2026-31896 | 9.8 | 0.03% | 1 | 0 | 2026-03-13T20:05:49.723000 | WeGIA is a web manager for charitable institutions. Prior to version 3.6.6, a cr | |
| CVE-2026-32301 | 9.3 | 0.04% | 3 | 0 | 2026-03-13T20:03:25 | ### Summary Centrifugo is vulnerable to Server-Side Request Forgery (SSRF) when | |
| CVE-2026-32260 | 8.1 | 0.18% | 1 | 0 | 2026-03-13T20:02:20 | ## Summary A command injection vulnerability exists in Deno's `node:child_pro | |
| CVE-2026-32308 | 7.6 | 0.03% | 2 | 0 | 2026-03-13T20:00:40 | ### Summary The Markdown viewer component renders Mermaid diagrams with `securi | |
| CVE-2026-3891 | 9.8 | 0.13% | 5 | 1 | 2026-03-13T19:55:10.983000 | The Pix for WooCommerce plugin for WordPress is vulnerable to arbitrary file upl | |
| CVE-2026-32746 | 9.8 | 0.04% | 6 | 0 | 2026-03-13T19:55:10.147000 | telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMO | |
| CVE-2026-32597 | 7.5 | 0.01% | 2 | 0 | 2026-03-13T19:55:09.500000 | PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does | |
| CVE-2026-32399 | 8.5 | 0.03% | 2 | 0 | 2026-03-13T19:54:55.777000 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2026-32368 | 8.5 | 0.03% | 4 | 0 | 2026-03-13T19:54:51.027000 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2026-32306 | 9.9 | 0.23% | 2 | 0 | 2026-03-13T19:54:42 | OneUptime is a solution for monitoring and managing online services. Prior to 10 | |
| CVE-2026-32304 | 9.8 | 0.08% | 3 | 0 | 2026-03-13T19:54:41.830000 | Locutus brings stdlibs of other programming languages to JavaScript for educatio | |
| CVE-2026-31886 | 9.1 | 0.08% | 2 | 0 | 2026-03-13T19:54:37.690000 | Dagu is a workflow engine with a built-in Web user interface. Prior to 2.2.4, th | |
| CVE-2026-28792 | 9.6 | 0.26% | 1 | 0 | 2026-03-13T19:54:32.090000 | Tina is a headless content management system. Prior to 2.1.8 , the TinaCMS CLI d | |
| CVE-2026-26954 | 10.0 | 0.05% | 3 | 0 | 2026-03-13T19:54:31.143000 | SandboxJS is a JavaScript sandboxing library. Prior to 0.8.34, it is possible to | |
| CVE-2026-31899 | 7.5 | 0.04% | 2 | 0 | 2026-03-13T18:57:34 | ## Summary Kozea/CairoSVG has exponential denial of service via recursive `<use | |
| CVE-2026-26792 | 9.8 | 0.68% | 2 | 0 | 2026-03-13T18:57:29.620000 | GL-iNet GL-AR300M16 v4.3.11 was discovered to contain multiple command injection | |
| CVE-2026-26795 | 9.8 | 0.68% | 4 | 0 | 2026-03-13T18:56:09.550000 | GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulner | |
| CVE-2026-3914 | 8.8 | 0.07% | 2 | 0 | 2026-03-13T18:32:42 | Integer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remo | |
| CVE-2026-3913 | 8.8 | 0.07% | 3 | 0 | 2026-03-13T18:32:41 | Heap buffer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a | |
| CVE-2026-3931 | 8.8 | 0.07% | 1 | 0 | 2026-03-13T18:32:41 | Heap buffer overflow in Skia in Google Chrome prior to 146.0.7680.71 allowed a r | |
| CVE-2026-32242 | 7.4 | 0.06% | 1 | 0 | 2026-03-13T16:57:55.797000 | Parse Server is an open source backend that can be deployed to any infrastructur | |
| CVE-2026-32137 | 8.8 | 0.05% | 2 | 0 | 2026-03-13T16:03:02.080000 | Dataease is an open source data visualization analysis tool. Prior to 2.10.20, T | |
| CVE-2026-26793 | 9.8 | 0.68% | 1 | 0 | 2026-03-13T16:02:22.993000 | GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulner | |
| CVE-2026-32127 | 8.8 | 0.00% | 2 | 1 | 2026-03-13T15:44:50.763000 | OpenEMR is a free and open source electronic health records and medical practice | |
| CVE-2026-3920 | 8.8 | 0.07% | 1 | 0 | 2026-03-13T15:43:27.333000 | Out of bounds memory access in WebML in Google Chrome prior to 146.0.7680.71 all | |
| CVE-2026-3917 | 8.8 | 0.11% | 1 | 0 | 2026-03-13T15:43:11.607000 | Use after free in Agents in Google Chrome prior to 146.0.7680.71 allowed a remot | |
| CVE-2026-3915 | 8.8 | 0.07% | 2 | 0 | 2026-03-13T15:43:00.290000 | Heap buffer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a | |
| CVE-2026-3924 | 7.5 | 0.11% | 1 | 0 | 2026-03-13T15:41:03.103000 | use after free in WindowDialog in Google Chrome prior to 146.0.7680.71 allowed a | |
| CVE-2026-32141 | 7.5 | 0.04% | 1 | 0 | 2026-03-13T15:40:44 | ## Summary flatted's `parse()` function uses a recursive `revive()` phase to re | |
| CVE-2026-32248 | None | 0.07% | 3 | 0 | 2026-03-13T13:36:16 | ### Impact An unauthenticated attacker can take over any user account that was | |
| CVE-2026-32247 | 8.1 | 0.03% | 1 | 0 | 2026-03-13T13:36:06 | ### Summary Graphiti versions before `0.28.2` contained a Cypher injection vuln | |
| CVE-2026-32246 | 8.5 | 0.05% | 1 | 0 | 2026-03-13T13:35:26 | ### Summary The OIDC authorization endpoint allows users with a TOTP-pending se | |
| CVE-2026-32319 | 7.5 | 0.06% | 2 | 0 | 2026-03-13T09:54:46 | ## Summary Ella Core panics when processing a malformed integrity protected NGA | |
| CVE-2026-3611 | 10.0 | 0.13% | 2 | 0 | 2026-03-12T21:35:01 | The Honeywell IQ4x building management controller, exposes its full web-based HM | |
| CVE-2026-3916 | 9.7 | 0.07% | 2 | 0 | 2026-03-12T21:34:46 | Out of bounds read in Web Speech in Google Chrome prior to 146.0.7680.71 allowed | |
| CVE-2026-3918 | 8.8 | 0.10% | 1 | 0 | 2026-03-12T21:34:46 | Use after free in WebMCP in Google Chrome prior to 146.0.7680.71 allowed a remot | |
| CVE-2026-3926 | 8.8 | 0.08% | 1 | 0 | 2026-03-12T21:34:46 | Out of bounds read in V8 in Google Chrome prior to 146.0.7680.71 allowed a remot | |
| CVE-2025-54820 | 8.1 | 0.04% | 1 | 0 | 2026-03-12T21:34:40 | A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet | |
| CVE-2026-32101 | 7.6 | 0.03% | 2 | 0 | 2026-03-12T21:08:22.643000 | StudioCMS is a server-side-rendered, Astro native, headless content management s | |
| CVE-2026-32117 | 7.6 | 0.03% | 2 | 0 | 2026-03-12T21:08:22.643000 | The grafanacubism-panel plugin allows use of cubism.js in Grafana. In 0.1.2 and | |
| CVE-2026-31957 | 10.0 | 0.21% | 1 | 0 | 2026-03-12T21:08:22.643000 | Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. | |
| CVE-2026-31976 | 0 | 0.06% | 1 | 0 | 2026-03-12T21:08:22.643000 | xygeni-action is the GitHub Action for Xygeni Scanner. On March 3, 2026, an atta | |
| CVE-2026-30226 | 0 | 0.04% | 1 | 0 | 2026-03-12T21:08:22.643000 | Svelte devalue is a JavaScript library that serializes values into strings when | |
| CVE-2025-70082 | 9.8 | 0.07% | 1 | 0 | 2026-03-12T21:08:22.643000 | An issue in Lantronix EDS3000PS v.3.1.0.0R2 allows an attacker to execute arbitr | |
| CVE-2026-31866 | 7.5 | 0.06% | 1 | 0 | 2026-03-12T21:08:22.643000 | flagd is a feature flag daemon with a Unix philosophy. Prior to 0.14.2, flagd ex | |
| CVE-2026-31852 | 10.0 | 0.08% | 1 | 0 | 2026-03-12T21:08:22.643000 | Jellyfin is an open-source media system. The code-quality.yml GitHub Actions wor | |
| CVE-2026-28356 | 7.5 | 0.54% | 4 | 0 | 2026-03-12T21:07:53.427000 | multipart is a fast multipart/form-data parser for python. Prior to 1.2.2, 1.3.1 | |
| CVE-2026-3971 | 8.8 | 0.09% | 1 | 0 | 2026-03-12T21:07:53.427000 | A vulnerability has been found in Tenda i3 1.0.0.6(2204). Affected by this vulne | |
| CVE-2026-3972 | 8.8 | 0.03% | 1 | 0 | 2026-03-12T21:07:53.427000 | A vulnerability was found in Tenda W3 1.0.0.3(2204). Affected by this issue is t | |
| CVE-2026-3978 | 8.8 | 0.04% | 2 | 0 | 2026-03-12T21:07:53.427000 | A vulnerability was detected in D-Link DIR-513 1.10. The impacted element is an | |
| CVE-2026-4008 | 8.8 | 0.09% | 2 | 0 | 2026-03-12T21:07:53.427000 | A flaw has been found in Tenda W3 1.0.0.3(2204). This issue affects some unknown | |
| CVE-2026-32231 | 8.2 | 0.02% | 1 | 0 | 2026-03-12T21:07:53.427000 | ZeptoClaw is a personal AI assistant. Prior to 0.7.6, the generic webhook channe | |
| CVE-2026-25529 | 8.1 | 0.03% | 1 | 0 | 2026-03-12T21:07:53.427000 | Postal is an open source SMTP server. Postal versions less than 3.3.5 had a HTML | |
| CVE-2026-4007 | 8.8 | 0.05% | 1 | 0 | 2026-03-12T21:07:53.427000 | A vulnerability was detected in Tenda W3 1.0.0.3(2204). This vulnerability affec | |
| CVE-2026-21669 | 9.9 | 0.21% | 1 | 0 | 2026-03-12T21:07:53.427000 | A vulnerability allowing an authenticated domain user to perform remote code exe | |
| CVE-2026-21666 | 9.9 | 0.37% | 1 | 0 | 2026-03-12T21:07:53.427000 | A vulnerability allowing an authenticated domain user to perform remote code exe | |
| CVE-2026-32302 | 8.1 | 0.01% | 2 | 0 | 2026-03-12T20:32:59 | ## Summary In affected versions of `openclaw`, browser-originated WebSocket conn | |
| CVE-2026-28793 | 8.4 | 0.02% | 1 | 0 | 2026-03-12T20:32:29 | ## Summary The TinaCMS CLI development server exposes media endpoints that are v | |
| CVE-2026-3936 | 8.8 | 0.10% | 1 | 0 | 2026-03-12T18:31:33 | Use after free in WebView in Google Chrome on Android prior to 146.0.7680.71 all | |
| CVE-2026-21672 | 8.8 | 0.05% | 1 | 0 | 2026-03-12T18:30:38 | A vulnerability allowing local privilege escalation on Windows-based Veeam Backu | |
| CVE-2026-21708 | 10.0 | 0.54% | 1 | 0 | 2026-03-12T18:30:38 | A vulnerability allowing a Backup Viewer to perform remote code execution (RCE) | |
| CVE-2026-4043 | 8.8 | 0.05% | 1 | 0 | 2026-03-12T18:30:38 | A security vulnerability has been detected in Tenda i12 1.0.0.6(2204). The impac | |
| CVE-2019-25482 | 8.2 | 0.07% | 1 | 0 | 2026-03-12T18:30:37 | Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 contains an SQL injection vulnera | |
| CVE-2026-21667 | 10.0 | 0.37% | 1 | 0 | 2026-03-12T18:30:30 | A vulnerability allowing an authenticated domain user to perform remote code exe | |
| CVE-2026-3059 | 9.8 | 0.54% | 1 | 0 | 2026-03-12T17:38:59 | SGLang's multimodal generation module is vulnerable to unauthenticated remote co | |
| CVE-2026-3060 | 9.8 | 0.55% | 1 | 0 | 2026-03-12T17:38:54 | SGLang's encoder parallel disaggregation system is vulnerable to unauthenticated | |
| CVE-2026-3923 | 8.8 | 0.10% | 1 | 0 | 2026-03-12T15:31:28 | Use after free in WebMIDI in Google Chrome prior to 146.0.7680.71 allowed a remo | |
| CVE-2026-3922 | 8.8 | 0.11% | 1 | 0 | 2026-03-12T15:31:28 | Use after free in MediaStream in Google Chrome prior to 146.0.7680.71 allowed a | |
| CVE-2026-3921 | 8.8 | 0.11% | 1 | 0 | 2026-03-12T15:31:28 | Use after free in TextEncoding in Google Chrome prior to 146.0.7680.71 allowed a | |
| CVE-2026-3919 | 8.8 | 0.03% | 1 | 0 | 2026-03-12T15:31:27 | Use after free in Extensions in Google Chrome prior to 146.0.7680.71 allowed an | |
| CVE-2026-21668 | 8.8 | 0.04% | 4 | 0 | 2026-03-12T15:30:32 | A vulnerability allowing an authenticated domain user to bypass restrictions and | |
| CVE-2026-4042 | 8.8 | 0.05% | 1 | 0 | 2026-03-12T15:30:32 | A weakness has been identified in Tenda i12 1.0.0.6(2204). The affected element | |
| CVE-2026-21670 | 7.7 | 0.03% | 3 | 0 | 2026-03-12T15:30:31 | A vulnerability allowing a low-privileged user to extract saved SSH credentials. | |
| CVE-2026-4041 | 8.8 | 0.05% | 1 | 0 | 2026-03-12T15:30:31 | A security flaw has been discovered in Tenda i12 1.0.0.6(2204). Impacted is the | |
| CVE-2026-21671 | 9.1 | 0.21% | 4 | 0 | 2026-03-12T15:30:26 | A vulnerability allowing an authenticated user with the Backup Administrator rol | |
| CVE-2026-32110 | 8.3 | 0.04% | 2 | 0 | 2026-03-12T14:23:15 | ### Summary The `/api/network/forwardProxy` endpoint allows authenticated users | |
| CVE-2026-27591 | 10.0 | 0.06% | 3 | 0 | 2026-03-12T14:07:39 | ## Impact Affected versions of Winter CMS allowed authenticated backend users to | |
| CVE-2026-3973 | 8.8 | 0.09% | 1 | 0 | 2026-03-12T03:31:16 | A vulnerability was determined in Tenda W3 1.0.0.3(2204). This affects the funct | |
| CVE-2026-3657 | 7.5 | 0.08% | 1 | 0 | 2026-03-12T03:31:16 | The My Sticky Bar plugin for WordPress is vulnerable to SQL injection via the `s | |
| CVE-2026-3975 | 8.8 | 0.05% | 1 | 0 | 2026-03-12T03:31:16 | A security flaw has been discovered in Tenda W3 1.0.0.3(2204). This issue affect | |
| CVE-2026-3974 | 8.8 | 0.05% | 1 | 0 | 2026-03-12T03:31:16 | A vulnerability was identified in Tenda W3 1.0.0.3(2204). This vulnerability aff | |
| CVE-2026-3976 | 8.8 | 0.09% | 1 | 0 | 2026-03-12T03:31:15 | A weakness has been identified in Tenda W3 1.0.0.3(2204). Impacted is the functi | |
| CVE-2026-3970 | 8.8 | 0.05% | 1 | 0 | 2026-03-12T03:31:06 | A flaw has been found in Tenda i3 1.0.0.6(2204). Affected is the function formwr | |
| CVE-2025-68623 | 8.8 | 0.01% | 1 | 0 | 2026-03-11T21:32:05 | In Microsoft DirectX End-User Runtime Web Installer 9.29.1974.0, a low-privilege | |
| CVE-2026-31862 | 9.1 | 0.04% | 1 | 0 | 2026-03-11T20:45:27 | ### Summary Multiple Git-related API endpoints use execAsync() with string inter | |
| CVE-2026-31839 | 8.2 | 0.01% | 1 | 0 | 2026-03-11T20:43:42 | ## Summary A high-severity integrity bypass vulnerability existed in Striae's d | |
| CVE-2025-68613 | 9.9 | 76.93% | 3 | 31 | template | 2026-03-11T19:40:09.533000 | n8n is an open source workflow automation platform. Versions starting with 0.211 |
| CVE-2026-3784 | 6.5 | 0.03% | 1 | 0 | 2026-03-11T18:31:35 | curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a se | |
| CVE-2026-20163 | 7.2 | 0.05% | 1 | 0 | 2026-03-11T18:30:40 | In Splunk Enterprise versions below 10.2.0, 10.0.4, 9.4.9, and 9.3.10, and Splun | |
| CVE-2026-20040 | 8.8 | 0.03% | 2 | 0 | 2026-03-11T18:30:40 | A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated | |
| CVE-2026-20046 | 8.8 | 0.02% | 2 | 0 | 2026-03-11T18:30:40 | A vulnerability in task group assignment for a specific CLI command in Cisco IOS | |
| CVE-2026-0230 | None | 0.01% | 1 | 0 | 2026-03-11T18:30:40 | A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent | |
| CVE-2026-21290 | 8.7 | 0.04% | 1 | 0 | 2026-03-11T18:21:47.207000 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, | |
| CVE-2026-21309 | 7.5 | 0.10% | 1 | 0 | 2026-03-11T18:08:18.073000 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, | |
| CVE-2026-23813 | 9.8 | 0.05% | 1 | 0 | 2026-03-11T15:31:51 | A vulnerability has been identified in the web-based management interface of AOS | |
| CVE-2026-2631 | 9.8 | 0.18% | 1 | 0 | 2026-03-11T14:16:27.390000 | The Datalogics Ecommerce Delivery WordPress plugin before 2.6.60 exposes an una | |
| CVE-2026-23814 | 8.8 | 0.12% | 1 | 0 | 2026-03-11T14:16:19.773000 | A vulnerability in the command parameters of a certain AOS-CX CLI command could | |
| CVE-2026-26127 | 7.5 | 0.03% | 1 | 0 | 2026-03-11T13:53:20.707000 | Out-of-bounds read in .NET allows an unauthorized attacker to deny service over | |
| CVE-2026-2413 | 7.5 | 11.89% | 3 | 2 | template | 2026-03-11T13:52:47.683000 | The Ally – Web Accessibility & Usability plugin for WordPress is vulnerable to S |
| CVE-2025-13067 | 8.8 | 0.10% | 1 | 0 | 2026-03-11T13:52:47.683000 | The Royal Addons for Elementor plugin for WordPress is vulnerable to arbitrary f | |
| CVE-2026-24448 | 9.8 | 0.04% | 1 | 0 | 2026-03-11T06:31:47 | Use of hard-coded credentials issue exists in MR-GM5L-S1 and MR-GM5A-L1, which m | |
| CVE-2026-3222 | 7.5 | 0.16% | 1 | 0 | 2026-03-11T06:31:47 | The WP Maps plugin for WordPress is vulnerable to time-based blind SQL Injection | |
| CVE-2026-27842 | 9.8 | 0.10% | 1 | 0 | 2026-03-11T06:31:41 | Authentication bypass issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow | |
| CVE-2026-21311 | 8.0 | 0.10% | 1 | 0 | 2026-03-11T03:31:39 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, | |
| CVE-2026-3453 | 8.1 | 0.04% | 1 | 0 | 2026-03-11T03:31:39 | The ProfilePress plugin for WordPress is vulnerable to Insecure Direct Object Re | |
| CVE-2026-21361 | 8.1 | 0.09% | 1 | 0 | 2026-03-11T03:31:39 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, | |
| CVE-2026-21289 | 7.5 | 0.10% | 1 | 0 | 2026-03-11T03:31:38 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, | |
| CVE-2026-21284 | 8.1 | 0.09% | 1 | 0 | 2026-03-11T03:31:38 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, | |
| CVE-2026-27271 | 7.8 | 0.03% | 1 | 0 | 2026-03-11T00:31:38 | Illustrator versions 29.8.4, 30.1 and earlier are affected by a Heap-based Buffe | |
| CVE-2026-28292 | 9.8 | 0.07% | 1 | 0 | 2026-03-10T18:38:58 | ### Summary The `blockUnsafeOperationsPlugin` in `simple-git` fails to block gi | |
| CVE-2026-25185 | 5.3 | 0.11% | 1 | 0 | 2026-03-10T18:31:30 | Exposure of sensitive information to an unauthorized actor in Windows Shell Link | |
| CVE-2026-21262 | 8.8 | 0.09% | 1 | 0 | 2026-03-10T18:31:25 | Improper access control in SQL Server allows an authorized attacker to elevate p | |
| CVE-2025-40943 | 9.7 | 0.04% | 1 | 0 | 2026-03-10T18:31:24 | Affected devices do not properly sanitize contents of trace files. This could al | |
| CVE-2026-2256 | 6.5 | 2.31% | 1 | 1 | 2026-03-04T21:14:09 | A Command Injection vulnerability in ModelScope's MS-Agent versions v1.6.0rc1 an | |
| CVE-2025-11251 | 9.8 | 0.01% | 1 | 0 | 2026-02-27T12:31:31 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2026-20127 | 10.0 | 2.60% | 2 | 7 | 2026-02-25T18:31:45 | A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controlle | |
| CVE-2026-27190 | 8.1 | 0.78% | 1 | 0 | 2026-02-20T22:20:05 | ## Summary A command injection vulnerability exists in Deno's `node:child_proces | |
| CVE-2025-71243 | 9.8 | 73.51% | 2 | 1 | template | 2026-02-19T18:32:08 | The 'Saisies pour formulaire' (Saisies) plugin for SPIP versions 5.4.0 through 5 |
| CVE-2026-21509 | 7.8 | 9.26% | 1 | 11 | 2026-02-11T15:40:33.473000 | Reliance on untrusted inputs in a security decision in Microsoft Office allows a | |
| CVE-2026-24858 | 9.8 | 2.78% | 1 | 5 | 2026-01-28T00:31:41 | An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-2 | |
| CVE-2025-53773 | 7.8 | 0.64% | 2 | 0 | 2025-08-15T17:01:01.673000 | Improper neutralization of special elements used in a command ('command injectio | |
| CVE-2026-32708 | 0 | 0.01% | 2 | 0 | N/A | ||
| CVE-2026-32720 | 0 | 0.04% | 2 | 0 | N/A | ||
| CVE-2026-3227 | 0 | 0.42% | 2 | 0 | N/A | ||
| CVE-2026-32626 | 0 | 0.15% | 2 | 0 | N/A | ||
| CVE-2026-31944 | 0 | 0.03% | 2 | 0 | N/A | ||
| CVE-2026-32121 | 0 | 0.17% | 2 | 0 | N/A | ||
| CVE-2026-32123 | 0 | 0.09% | 2 | 0 | N/A | ||
| CVE-2026-32131 | 0 | 0.03% | 2 | 0 | N/A | ||
| CVE-2026-32130 | 0 | 0.13% | 2 | 0 | N/A | ||
| CVE-2026-32140 | 0 | 0.31% | 2 | 0 | N/A | ||
| CVE-2026-32251 | 0 | 0.04% | 1 | 0 | N/A | ||
| CVE-2026-32138 | 0 | 0.06% | 1 | 0 | N/A | ||
| CVE-2026-27940 | 0 | 0.01% | 1 | 0 | N/A | ||
| CVE-2026-21887 | 0 | 0.03% | 1 | 0 | N/A | ||
| CVE-2026-22248 | 0 | 0.08% | 1 | 0 | N/A | ||
| CVE-2026-32096 | 0 | 0.04% | 1 | 0 | N/A | ||
| CVE-2026-0866 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-31874 | 0 | 0.09% | 2 | 0 | N/A | ||
| CVE-2026-31881 | 0 | 0.09% | 1 | 0 | N/A | ||
| CVE-2026-31870 | 0 | 0.06% | 1 | 0 | N/A |
updated 2026-03-13T21:32:53
2 posts
🔴 CVE-2025-70245 - Critical (9.8)
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWizardSelectMode.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70245/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-70245 - Critical (9.8)
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWizardSelectMode.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70245/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T21:32:49
2 posts
1 repos
🔴 CVE-2025-66956 - Critical (9.9)
Insecure Access Control in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote attackers to access and execute attachments via a computable URL.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-66956/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-66956 - Critical (9.9)
Insecure Access Control in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote attackers to access and execute attachments via a computable URL.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-66956/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T21:32:49
4 posts
🔴 CVE-2026-26791 - Critical (9.8)
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the string port parameter in the enable_echo_server function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26791/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-26791 - Critical (9.8)
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the string port parameter in the enable_echo_server function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26791/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-26791 - Critical (9.8)
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the string port parameter in the enable_echo_server function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26791/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-26791 - Critical (9.8)
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the string port parameter in the enable_echo_server function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26791/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T21:32:48
2 posts
🟠 CVE-2026-26794 - High (8.8)
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL injection vulnerability via the add_group() function. This vulnerability allows attackers to execute arbitrary SQL database operations via a crafted HTTP request.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26794/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26794 - High (8.8)
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL injection vulnerability via the add_group() function. This vulnerability allows attackers to execute arbitrary SQL database operations via a crafted HTTP request.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26794/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T21:32:01
2 posts
🟠 CVE-2026-32458 - High (7.6)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 WOLF bulk-editor allows Blind SQL Injection.This issue affects WOLF: from n/a through <= 1.0.8.7.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32458/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32458 - High (7.6)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 WOLF bulk-editor allows Blind SQL Injection.This issue affects WOLF: from n/a through <= 1.0.8.7.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32458/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T21:32:00
6 posts
🟠 CVE-2026-32426 - High (7.5)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themelexus Medilazar Core medilazar-core allows PHP Local File Inclusion.This issue affects Medilazar Core: from n/a through &...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32426/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32426 - High (7.5)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themelexus Medilazar Core medilazar-core allows PHP Local File Inclusion.This issue affects Medilazar Core: from n/a through &...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32426/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32426 - High (7.5)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themelexus Medilazar Core medilazar-core allows PHP Local File Inclusion.This issue affects Medilazar Core: from n/a through &...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32426/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32426 - High (7.5)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themelexus Medilazar Core medilazar-core allows PHP Local File Inclusion.This issue affects Medilazar Core: from n/a through &...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32426/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32426 - High (7.5)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themelexus Medilazar Core medilazar-core allows PHP Local File Inclusion.This issue affects Medilazar Core: from n/a through &...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32426/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32426 - High (7.5)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themelexus Medilazar Core medilazar-core allows PHP Local File Inclusion.This issue affects Medilazar Core: from n/a through &...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32426/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T21:32:00
6 posts
🟠 CVE-2026-32422 - High (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in levelfourdevelopment WP EasyCart wp-easycart allows Blind SQL Injection.This issue affects WP EasyCart: from n/a through <= 5.8.13.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32422/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32422 - High (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in levelfourdevelopment WP EasyCart wp-easycart allows Blind SQL Injection.This issue affects WP EasyCart: from n/a through <= 5.8.13.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32422/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32422 - High (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in levelfourdevelopment WP EasyCart wp-easycart allows Blind SQL Injection.This issue affects WP EasyCart: from n/a through <= 5.8.13.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32422/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32422 - High (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in levelfourdevelopment WP EasyCart wp-easycart allows Blind SQL Injection.This issue affects WP EasyCart: from n/a through <= 5.8.13.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32422/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32422 - High (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in levelfourdevelopment WP EasyCart wp-easycart allows Blind SQL Injection.This issue affects WP EasyCart: from n/a through <= 5.8.13.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32422/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32422 - High (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in levelfourdevelopment WP EasyCart wp-easycart allows Blind SQL Injection.This issue affects WP EasyCart: from n/a through <= 5.8.13.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32422/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T21:32:00
2 posts
🟠 CVE-2026-32418 - High (7.6)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jordy Meow Meow Gallery meow-gallery allows Blind SQL Injection.This issue affects Meow Gallery: from n/a through <= 5.4.4.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32418/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32418 - High (7.6)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jordy Meow Meow Gallery meow-gallery allows Blind SQL Injection.This issue affects Meow Gallery: from n/a through <= 5.4.4.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32418/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T21:32:00
2 posts
🟠 CVE-2026-32433 - High (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in codepeople CP Contact Form with Paypal cp-contact-form-with-paypal allows Blind SQL Injection.This issue affects CP Contact Form with Paypal: fro...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32433/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32433 - High (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in codepeople CP Contact Form with Paypal cp-contact-form-with-paypal allows Blind SQL Injection.This issue affects CP Contact Form with Paypal: fro...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32433/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T21:32:00
4 posts
🟠 CVE-2026-3045 - High (7.5)
The Appointment Booking Calendar — Simply Schedule Appointments plugin for WordPress is vulnerable to unauthorized access of sensitive data in all versions up to and including 1.6.9.29. This is due to two compounding weaknesses: (1) a non-user-b...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3045/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-3045 - High (7.5)
The Appointment Booking Calendar — Simply Schedule Appointments plugin for WordPress is vulnerable to unauthorized access of sensitive data in all versions up to and including 1.6.9.29. This is due to two compounding weaknesses: (1) a non-user-b...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3045/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-3045 - High (7.5)
The Appointment Booking Calendar — Simply Schedule Appointments plugin for WordPress is vulnerable to unauthorized access of sensitive data in all versions up to and including 1.6.9.29. This is due to two compounding weaknesses: (1) a non-user-b...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3045/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-3045 - High (7.5)
The Appointment Booking Calendar — Simply Schedule Appointments plugin for WordPress is vulnerable to unauthorized access of sensitive data in all versions up to and including 1.6.9.29. This is due to two compounding weaknesses: (1) a non-user-b...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3045/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T21:32:00
2 posts
🟠 CVE-2026-32459 - High (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in flycart UpsellWP checkout-upsell-and-order-bumps allows Blind SQL Injection.This issue affects UpsellWP: from n/a through <= 2.2.4.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32459/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32459 - High (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in flycart UpsellWP checkout-upsell-and-order-bumps allows Blind SQL Injection.This issue affects UpsellWP: from n/a through <= 2.2.4.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32459/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T21:32:00
2 posts
🟠 CVE-2026-4111 - High (7.5)
A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state w...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4111/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4111 - High (7.5)
A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state w...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4111/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T21:31:59
2 posts
🟠 CVE-2026-32358 - High (7.6)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevelop Booking Calendar booking allows Blind SQL Injection.This issue affects Booking Calendar: from n/a through <= 10.14.15.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32358/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32358 - High (7.6)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevelop Booking Calendar booking allows Blind SQL Injection.This issue affects Booking Calendar: from n/a through <= 10.14.15.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32358/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T21:31:59
2 posts
🟠 CVE-2026-32366 - High (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in robfelty Collapsing Categories collapsing-categories allows Blind SQL Injection.This issue affects Collapsing Categories: from n/a through <= ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32366/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32366 - High (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in robfelty Collapsing Categories collapsing-categories allows Blind SQL Injection.This issue affects Collapsing Categories: from n/a through <= ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32366/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T21:31:59
2 posts
🟠 CVE-2026-32400 - High (7.5)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemetechMount Boldman boldman allows PHP Local File Inclusion.This issue affects Boldman: from n/a through <= 7.7.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32400/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32400 - High (7.5)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemetechMount Boldman boldman allows PHP Local File Inclusion.This issue affects Boldman: from n/a through <= 7.7.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32400/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T21:31:58
1 posts
Formidable Forms Vulnerability Let Attackers Reuse Low-Value Stripe Payments for Higher-Cost Purchases https://www.boldoutlook.com/formidable-forms-stripe-payment-bypass-cve-2026-2890/
#wordpress #WordPressSecurity #cybersecurity #blogging #webdevelopment
##updated 2026-03-13T21:31:58
2 posts
🟠 CVE-2026-31917 - High (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP ERP erp allows SQL Injection.This issue affects WP ERP: from n/a through <= 1.16.10.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31917/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-31917 - High (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP ERP erp allows SQL Injection.This issue affects WP ERP: from n/a through <= 1.16.10.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31917/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T21:31:58
2 posts
🟠 CVE-2026-31922 - High (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ays Pro Fox LMS fox-lms allows Blind SQL Injection.This issue affects Fox LMS: from n/a through <= 1.0.6.3.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31922/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-31922 - High (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ays Pro Fox LMS fox-lms allows Blind SQL Injection.This issue affects Fox LMS: from n/a through <= 1.0.6.3.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31922/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T21:31:58
1 posts
🚨 CRITICAL: CVE-2026-22193 in wpDiscuz <7.6.47 enables unauthenticated remote SQL injection. Attackers can access sensitive DB data. Patch ASAP or apply mitigations (WAF, access controls, log monitoring)! https://radar.offseq.com/threat/cve-2026-22193-improper-neutralization-of-special--3f166beb #OffSeq #WordPress #SQLInjection
##updated 2026-03-13T20:51:15
2 posts
🚨 CRITICAL: CVE-2026-32621 in @Apollo federation-internals enables prototype pollution — risking code execution & data compromise. Affects versions <2.9.6, <2.10.5, <2.11.6, <2.12.3, <2.13.2. Patch now! https://radar.offseq.com/threat/cve-2026-32621-cwe-1321-improperly-controlled-modi-1de28d7f #OffSeq #CVE202632621 #GraphQL #Security
##🚨 CRITICAL: CVE-2026-32621 in @Apollo federation-internals enables prototype pollution — risking code execution & data compromise. Affects versions <2.9.6, <2.10.5, <2.11.6, <2.12.3, <2.13.2. Patch now! https://radar.offseq.com/threat/cve-2026-32621-cwe-1321-improperly-controlled-modi-1de28d7f #OffSeq #CVE202632621 #GraphQL #Security
##updated 2026-03-13T20:41:59
1 posts
🟠 CVE-2026-1526 - High (7.5)
The undici WebSocket client is vulnerable to a denial-of-service attack via unbounded memory consumption during permessage-deflate decompression. When a WebSocket connection negotiates the permessage-deflate extension, the client decompresses inco...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1526/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T20:41:44
1 posts
🟠 CVE-2026-2229 - High (7.5)
ImpactThe undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of the server_max_window_bits parameter in the permessage-deflate extension. When a WebSocket client connects to a server, it automatically ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2229/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T20:24:40.417000
13 posts
@vivaldiversiontracker This includes security fixes for CVE-2026-3909 & CVE-2026-3910 from Chromium 146.0.7680.80.
##@browserversiontracker For the curious, this includes security fixes for CVE-2026-3909 & CVE-2026-3910 from Chromium 146.0.7680.80.
And yes, we somehow beat the Chrome team getting this out even though they did the fix. 😂
##🟠 CVE-2026-3909 - High (8.8)
Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3909/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 [CISA-2026:0313] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0313)
CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2026-3909 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3909)
- Name: Google Skia Out-of-Bounds Write Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Google
- Product: Skia
- Notes: This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html#:~:text=Google%20is%20aware ; https://nvd.nist.gov/vuln/detail/CVE-2026-3909
⚠️ CVE-2026-3910 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3910)
- Name: Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Google
- Product: Chromium V8
- Notes: https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-3910
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260313 #cisa20260313 #cve_2026_3909 #cve_2026_3910 #cve20263909 #cve20263910
##CVE ID: CVE-2026-3909
Vendor: Google
Product: Skia
Date Added: 2026-03-13
Notes: This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html#:~:text=Google%20is%20aware ; https://nvd.nist.gov/vuln/detail/CVE-2026-3909
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-3909
CISA has updated the KEV catalogue.
- CVE-2026-3909: Google Skia Out-of-Bounds Write Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-3909
- CVE-2026-3910: Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-3910 #CISA #Google #infosec #vulnerability
##@vivaldiversiontracker This includes security fixes for CVE-2026-3909 & CVE-2026-3910 from Chromium 146.0.7680.80.
##@browserversiontracker For the curious, this includes security fixes for CVE-2026-3909 & CVE-2026-3910 from Chromium 146.0.7680.80.
And yes, we somehow beat the Chrome team getting this out even though they did the fix. 😂
##🟠 CVE-2026-3909 - High (8.8)
Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3909/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 [CISA-2026:0313] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0313)
CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2026-3909 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3909)
- Name: Google Skia Out-of-Bounds Write Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Google
- Product: Skia
- Notes: This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html#:~:text=Google%20is%20aware ; https://nvd.nist.gov/vuln/detail/CVE-2026-3909
⚠️ CVE-2026-3910 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3910)
- Name: Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Google
- Product: Chromium V8
- Notes: https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-3910
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260313 #cisa20260313 #cve_2026_3909 #cve_2026_3910 #cve20263909 #cve20263910
##CVE ID: CVE-2026-3909
Vendor: Google
Product: Skia
Date Added: 2026-03-13
Notes: This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html#:~:text=Google%20is%20aware ; https://nvd.nist.gov/vuln/detail/CVE-2026-3909
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-3909
CISA has updated the KEV catalogue.
- CVE-2026-3909: Google Skia Out-of-Bounds Write Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-3909
- CVE-2026-3910: Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-3910 #CISA #Google #infosec #vulnerability
##Trivalent 145.0.7632.75-442755 released:
github.com/secureblue/T...
Google is aware that exploits for both CVE-2026-3909 & CVE-2026-3910 exist in the wild.
Release 146.0.7680.75-443342 ·...
updated 2026-03-13T20:24:29.740000
13 posts
@vivaldiversiontracker This includes security fixes for CVE-2026-3909 & CVE-2026-3910 from Chromium 146.0.7680.80.
##@browserversiontracker For the curious, this includes security fixes for CVE-2026-3909 & CVE-2026-3910 from Chromium 146.0.7680.80.
And yes, we somehow beat the Chrome team getting this out even though they did the fix. 😂
##🟠 CVE-2026-3910 - High (8.8)
Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3910/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 [CISA-2026:0313] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0313)
CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2026-3909 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3909)
- Name: Google Skia Out-of-Bounds Write Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Google
- Product: Skia
- Notes: This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html#:~:text=Google%20is%20aware ; https://nvd.nist.gov/vuln/detail/CVE-2026-3909
⚠️ CVE-2026-3910 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3910)
- Name: Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Google
- Product: Chromium V8
- Notes: https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-3910
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260313 #cisa20260313 #cve_2026_3909 #cve_2026_3910 #cve20263909 #cve20263910
##CVE ID: CVE-2026-3910
Vendor: Google
Product: Chromium V8
Date Added: 2026-03-13
Notes: https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-3910
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-3910
CISA has updated the KEV catalogue.
- CVE-2026-3909: Google Skia Out-of-Bounds Write Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-3909
- CVE-2026-3910: Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-3910 #CISA #Google #infosec #vulnerability
##@vivaldiversiontracker This includes security fixes for CVE-2026-3909 & CVE-2026-3910 from Chromium 146.0.7680.80.
##@browserversiontracker For the curious, this includes security fixes for CVE-2026-3909 & CVE-2026-3910 from Chromium 146.0.7680.80.
And yes, we somehow beat the Chrome team getting this out even though they did the fix. 😂
##🟠 CVE-2026-3910 - High (8.8)
Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3910/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 [CISA-2026:0313] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0313)
CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2026-3909 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3909)
- Name: Google Skia Out-of-Bounds Write Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Google
- Product: Skia
- Notes: This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html#:~:text=Google%20is%20aware ; https://nvd.nist.gov/vuln/detail/CVE-2026-3909
⚠️ CVE-2026-3910 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3910)
- Name: Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Google
- Product: Chromium V8
- Notes: https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-3910
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260313 #cisa20260313 #cve_2026_3909 #cve_2026_3910 #cve20263909 #cve20263910
##CVE ID: CVE-2026-3910
Vendor: Google
Product: Chromium V8
Date Added: 2026-03-13
Notes: https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-3910
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-3910
CISA has updated the KEV catalogue.
- CVE-2026-3909: Google Skia Out-of-Bounds Write Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-3909
- CVE-2026-3910: Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-3910 #CISA #Google #infosec #vulnerability
##Trivalent 145.0.7632.75-442755 released:
github.com/secureblue/T...
Google is aware that exploits for both CVE-2026-3909 & CVE-2026-3910 exist in the wild.
Release 146.0.7680.75-443342 ·...
updated 2026-03-13T20:19:00.987000
5 posts
AdGuard Home Patches Critical Authentication Bypass Vulnerability
AdGuard Home patched a critical authentication bypass (CVE-2026-32136) that allowed unauthenticated attackers to gain full administrative control by exploiting HTTP/2 Cleartext (h2c) upgrade requests.
**Update your AdGuard Home instances to version 0.107.73 and make sure the interfaces are restricted to local network access to minimize the risk of remote exploitation.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/adguard-home-patches-critical-authentication-bypass-vulnerability-v-9-u-7-u/gD2P6Ple2L
🔴 CVE-2026-32136 - Critical (9.8)
AdGuard Home is a network-wide software for blocking ads and tracking. Prior to 0.107.73, an unauthenticated remote attacker can bypass all authentication in AdGuardHome by sending an HTTP/1.1 request that requests an upgrade to HTTP/2 cleartext (...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32136/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##AdGuard Home Patches Critical Authentication Bypass Vulnerability
AdGuard Home patched a critical authentication bypass (CVE-2026-32136) that allowed unauthenticated attackers to gain full administrative control by exploiting HTTP/2 Cleartext (h2c) upgrade requests.
**Update your AdGuard Home instances to version 0.107.73 and make sure the interfaces are restricted to local network access to minimize the risk of remote exploitation.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/adguard-home-patches-critical-authentication-bypass-vulnerability-v-9-u-7-u/gD2P6Ple2L
🔴 CVE-2026-32136 - Critical (9.8)
AdGuard Home is a network-wide software for blocking ads and tracking. Prior to 0.107.73, an unauthenticated remote attacker can bypass all authentication in AdGuardHome by sending an HTTP/1.1 request that requests an upgrade to HTTP/2 cleartext (...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32136/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##CVE-2026-32136 (CRITICAL): AdGuard Home <0.107.73 allows remote auth bypass via HTTP/2 cleartext upgrade. Full admin access at risk. Upgrade now! 🔐 https://radar.offseq.com/threat/cve-2026-32136-cwe-287-improper-authentication-in--91bc9287 #OffSeq #AdGuardHome #Vulnerability #Infosec
##updated 2026-03-13T20:14:21.453000
1 posts
CVE-2026-26117: Hijacking Azure Arc on Windows for Local Privilege Escalation & Cloud Identity Takeover
https://cymulate.com/blog/cve-2026-26117-azure-arc-windows-lpe-cloud-identity-takeover/
##updated 2026-03-13T20:06:54.667000
1 posts
🟠 CVE-2026-1528 - High (7.5)
ImpactA server can reply with a WebSocket frame using the 64-bit length form and an extremely large length. undici's ByteParser overflows internal math, ends up in an invalid state, and throws a fatal TypeError that terminates the process.
Patche...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1528/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T20:05:49.723000
1 posts
⚠️ CRITICAL: CVE-2026-31896 in WeGIA <3.6.6 enables unauthenticated SQL injection via remover_produto_ocultar.php. Attackers can read or modify DB data. Patch to 3.6.6+ ASAP or apply WAF rules. Details: https://radar.offseq.com/threat/cve-2026-31896-cwe-89-improper-neutralization-of-s-90bf525e #OffSeq #SQLInjection #InfoSec
##updated 2026-03-13T20:03:25
3 posts
🔴 CVE-2026-32301 - Critical (9.3)
Centrifugo is an open-source scalable real-time messaging server. Prior to 6.7.0, Centrifugo is vulnerable to Server-Side Request Forgery (SSRF) when configured with a dynamic JWKS endpoint URL using template variables (e.g. {{tenant}}). An unauth...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32301/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-32301 - Critical (9.3)
Centrifugo is an open-source scalable real-time messaging server. Prior to 6.7.0, Centrifugo is vulnerable to Server-Side Request Forgery (SSRF) when configured with a dynamic JWKS endpoint URL using template variables (e.g. {{tenant}}). An unauth...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32301/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CVE-2026-32301: Centrifugo < 6.7.0 has a CRITICAL SSRF flaw — unauthenticated attackers can force outbound requests via dynamic JWKS URLs (e.g., using {{tenant}}). Upgrade ASAP & lock down configs! https://radar.offseq.com/threat/cve-2026-32301-cwe-918-server-side-request-forgery-6022b45c #OffSeq #SSRF #Centrifugo #Vuln
##updated 2026-03-13T20:02:20
1 posts
🟠 CVE-2026-32260 - High (8.1)
Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.7.0 to 2.7.1, A command injection vulnerability exists in Deno's node:child_process polyfill (shell: true mode) that bypasses the fix for CVE-2026-27190. The two-stage argument san...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32260/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T20:00:40
2 posts
🟠 CVE-2026-32308 - High (7.6)
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.23, the Markdown viewer component renders Mermaid diagrams with securityLevel: "loose" and injects the SVG output via innerHTML. This configuration explicitly allow...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32308/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32308 - High (7.6)
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.23, the Markdown viewer component renders Mermaid diagrams with securityLevel: "loose" and injects the SVG output via innerHTML. This configuration explicitly allow...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32308/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T19:55:10.983000
5 posts
1 repos
🔴 CVE-2026-3891 - Critical (9.8)
The Pix for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check and missing file type validation in the 'lkn_pix_for_woocommerce_c6_save_settings' function in all versions up to, and including, ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3891/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-3891 - Critical (9.8)
The Pix for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check and missing file type validation in the 'lkn_pix_for_woocommerce_c6_save_settings' function in all versions up to, and including, ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3891/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-3891 - Critical (9.8)
The Pix for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check and missing file type validation in the 'lkn_pix_for_woocommerce_c6_save_settings' function in all versions up to, and including, ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3891/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-3891 - Critical (9.8)
The Pix for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check and missing file type validation in the 'lkn_pix_for_woocommerce_c6_save_settings' function in all versions up to, and including, ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3891/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CVE-2026-3891 (CRITICAL, CVSS 9.8): Pix for WooCommerce plugin allows unauthenticated file uploads via missing checks, risking RCE. Disable/uninstall or apply mitigations now. Affects all versions. Full details: https://radar.offseq.com/threat/cve-2026-3891-cwe-434-unrestricted-upload-of-file--f5fb3cc6 #OffSeq #WordPress #WooCommerce #Vuln
##updated 2026-03-13T19:55:10.147000
6 posts
⚠️ CRITICAL: CVE-2026-32746 in GNU inetutils telnetd (<=2.7) enables remote buffer overflow — unauthenticated code execution or DoS possible. Disable telnet, restrict access, monitor for threats. No patch yet! https://radar.offseq.com/threat/cve-2026-32746-cwe-120-buffer-copy-without-checkin-0ceead78 #OffSeq #CVE202632746 #infosec
##🔴 CVE-2026-32746 - Critical (9.8)
telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32746/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-32746 - Critical (9.8)
telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32746/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CRITICAL: CVE-2026-32746 in GNU inetutils telnetd (<=2.7) enables remote buffer overflow — unauthenticated code execution or DoS possible. Disable telnet, restrict access, monitor for threats. No patch yet! https://radar.offseq.com/threat/cve-2026-32746-cwe-120-buffer-copy-without-checkin-0ceead78 #OffSeq #CVE202632746 #infosec
##🔴 CVE-2026-32746 - Critical (9.8)
telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32746/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-32746 - Critical (9.8)
telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32746/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T19:55:09.500000
2 posts
🟠 CVE-2026-32597 - High (7.5)
PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understan...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32597/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32597 - High (7.5)
PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understan...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32597/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T19:54:55.777000
2 posts
🟠 CVE-2026-32399 - High (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Lingren Media LIbrary Assistant media-library-assistant allows Blind SQL Injection.This issue affects Media LIbrary Assistant: from n/a thr...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32399/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32399 - High (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Lingren Media LIbrary Assistant media-library-assistant allows Blind SQL Injection.This issue affects Media LIbrary Assistant: from n/a thr...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32399/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T19:54:51.027000
4 posts
🟠 CVE-2026-32368 - High (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in delphiknight Geo to Lat geo-to-lat allows Blind SQL Injection.This issue affects Geo to Lat: from n/a through <= 1.0.19.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32368/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32368 - High (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in delphiknight Geo to Lat geo-to-lat allows Blind SQL Injection.This issue affects Geo to Lat: from n/a through <= 1.0.19.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32368/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32368 - High (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in delphiknight Geo to Lat geo-to-lat allows Blind SQL Injection.This issue affects Geo to Lat: from n/a through <= 1.0.19.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32368/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32368 - High (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in delphiknight Geo to Lat geo-to-lat allows Blind SQL Injection.This issue affects Geo to Lat: from n/a through <= 1.0.19.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32368/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T19:54:42
2 posts
🔴 CVE-2026-32306 - Critical (9.9)
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.23, the telemetry aggregation API accepts user-controlled aggregationType, aggregateColumnName, and aggregationTimestampColumnName parameters and interpolates them ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32306/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-32306 - Critical (9.9)
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.23, the telemetry aggregation API accepts user-controlled aggregationType, aggregateColumnName, and aggregationTimestampColumnName parameters and interpolates them ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32306/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T19:54:41.830000
3 posts
🔴 CVE-2026-32304 - Critical (9.8)
Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to 3.0.14, the create_function(args, code) function passes both parameters directly to the Function constructor without any sanitization, allowing ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32304/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-32304 - Critical (9.8)
Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to 3.0.14, the create_function(args, code) function passes both parameters directly to the Function constructor without any sanitization, allowing ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32304/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CRITICAL: CVE-2026-32304 in locutusjs (<3.0.14) enables unauthenticated remote code execution via create_function() and unsanitized inputs. Patch to 3.0.14+ now! Full details: https://radar.offseq.com/threat/cve-2026-32304-cwe-94-improper-control-of-generati-7207fd62 #OffSeq #Vuln #JavaScript #Infosec
##updated 2026-03-13T19:54:37.690000
2 posts
⚠️ CRITICAL vuln: dagu <2.2.4 suffers from path traversal (CVE-2026-31886). Exploit allows deletion of /tmp, causing system-wide DoS. Upgrade to 2.2.4+ or enforce input validation now! https://radar.offseq.com/threat/cve-2026-31886-cwe-22-improper-limitation-of-a-pat-116cb11a #OffSeq #dagu #security #CVE2026_31886
##⚠️ CRITICAL vuln: dagu <2.2.4 suffers from path traversal (CVE-2026-31886). Exploit allows deletion of /tmp, causing system-wide DoS. Upgrade to 2.2.4+ or enforce input validation now! https://radar.offseq.com/threat/cve-2026-31886-cwe-22-improper-limitation-of-a-pat-116cb11a #OffSeq #dagu #security #CVE2026_31886
##updated 2026-03-13T19:54:32.090000
1 posts
🔴 CVE-2026-28792 - Critical (9.6)
Tina is a headless content management system. Prior to 2.1.8 , the TinaCMS CLI dev server combines a permissive CORS configuration (Access-Control-Allow-Origin: *) with the path traversal vulnerability (previously reported) to enable a browser-bas...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28792/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T19:54:31.143000
3 posts
🔴 New security advisory:
CVE-2026-26954 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-26954-sandboxjs-sandbox-escape-vulnerability-update-to-0-8-34
🔥 CRITICAL: CVE-2026-26954 in SandboxJS (< 0.8.34) enables sandbox escape via Function & Object.fromEntries. Attackers can run arbitrary code remotely! Upgrade to v0.8.34+ now. Full details: https://radar.offseq.com/threat/cve-2026-26954-cwe-94-improper-control-of-generati-35790079 #OffSeq #CVE202626954 #infosec #sandbox
##🔥 CRITICAL: CVE-2026-26954 in SandboxJS (< 0.8.34) enables sandbox escape via Function & Object.fromEntries. Attackers can run arbitrary code remotely! Upgrade to v0.8.34+ now. Full details: https://radar.offseq.com/threat/cve-2026-26954-cwe-94-improper-control-of-generati-35790079 #OffSeq #CVE202626954 #infosec #sandbox
##updated 2026-03-13T18:57:34
2 posts
🟠 CVE-2026-31899 - High (7.5)
CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to Kozea/CairoSVG has exponential denial of service via recursive element amplification in cairosvg/defs.py. This causes CPU exhaustion from a small input.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31899/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-31899 - High (7.5)
CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to Kozea/CairoSVG has exponential denial of service via recursive element amplification in cairosvg/defs.py. This causes CPU exhaustion from a small input.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31899/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T18:57:29.620000
2 posts
🔴 CVE-2026-26792 - Critical (9.8)
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain multiple command injection vulnerabilities in the set_upgrade function via the modem_url, target_version, current_version, firmware_upload, hash_type, hash_value, and upgrade_type parameters. T...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26792/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-26792 - Critical (9.8)
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain multiple command injection vulnerabilities in the set_upgrade function via the modem_url, target_version, current_version, firmware_upload, hash_type, hash_value, and upgrade_type parameters. T...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26792/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T18:56:09.550000
4 posts
🔴 CVE-2026-26795 - Critical (9.8)
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the module parameter in the M.get_system_log function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26795/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-26795 - Critical (9.8)
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the module parameter in the M.get_system_log function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26795/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-26795 - Critical (9.8)
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the module parameter in the M.get_system_log function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26795/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-26795 - Critical (9.8)
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the module parameter in the M.get_system_log function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26795/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T18:32:42
2 posts
🟠 CVE-2026-3914 - High (8.8)
Integer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3914/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-3914 - High (8.8)
Integer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3914/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T18:32:41
3 posts
🟠 CVE-2026-3913 - High (8.8)
Heap buffer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3913/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-3913 - High (8.8)
Heap buffer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3913/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Google Patches Critical WebML Vulnerability and 28 Other Flaws in Chrome 146
Google released Chrome 146 to patch 29 vulnerabilities, including a critical heap memory flaw in the WebML component (CVE-2026-3913) that allows remote code execution via malicious web pages.
**If you are using Google Chrome or other Chromium-based browsers (Edge, Brave, Vivaldi, Opera...) patch your browser ASAP. Google wouldn't push a new update so soon unless it's serious. Even if you want to debate the severity scoring, it's better to just update. Because while you debate, hackers will find a way to exploit them.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/google-patches-critical-webml-vulnerability-and-28-other-flaws-in-chrome-146-u-5-m-9-g/gD2P6Ple2L
updated 2026-03-13T18:32:41
1 posts
🟠 CVE-2026-3931 - High (8.8)
Heap buffer overflow in Skia in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3931/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T16:57:55.797000
1 posts
🚨 CVE-2026-32242: CRITICAL race condition in parse-server (>=9.0.0 <9.6.0-alpha.11, <8.6.37) lets OAuth2 tokens be validated against wrong provider configs. Patch to 9.6.0-alpha.11/8.6.37! https://radar.offseq.com/threat/cve-2026-32242-cwe-362-concurrent-execution-using--7a67bf5f #OffSeq #parseServer #OAuth2 #RaceCondition
##updated 2026-03-13T16:03:02.080000
2 posts
🟠 CVE-2026-32137 - High (8.8)
Dataease is an open source data visualization analysis tool. Prior to 2.10.20, The table parameter for /de2api/datasource/previewData is directly concatenated into the SQL statement without any filtering or parameterization. Since tableName is a u...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32137/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32137 - High (8.8)
Dataease is an open source data visualization analysis tool. Prior to 2.10.20, The table parameter for /de2api/datasource/previewData is directly concatenated into the SQL statement without any filtering or parameterization. Since tableName is a u...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32137/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T16:02:22.993000
1 posts
🔴 CVE-2026-26793 - Critical (9.8)
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the set_config function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26793/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T15:44:50.763000
2 posts
1 repos
https://github.com/ChrisSub08/CVE-2026-32127_SqlInjectionVulnerabilityOpenEMR8.0.0
🟠 CVE-2026-32127 - High (8.8)
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, OpenEMR contains a SQL injection vulnerability in the ajax graphs library that can be exploited by authenticated attackers. ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32127/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32127 - High (8.8)
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, OpenEMR contains a SQL injection vulnerability in the ajax graphs library that can be exploited by authenticated attackers. ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32127/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T15:43:27.333000
1 posts
🟠 CVE-2026-3920 - High (8.8)
Out of bounds memory access in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3920/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T15:43:11.607000
1 posts
🟠 CVE-2026-3917 - High (8.8)
Use after free in Agents in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3917/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T15:43:00.290000
2 posts
🟠 CVE-2026-3915 - High (8.8)
Heap buffer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3915/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-3915 - High (8.8)
Heap buffer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3915/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T15:41:03.103000
1 posts
🟠 CVE-2026-3924 - High (7.5)
use after free in WindowDialog in Google Chrome prior to 146.0.7680.71 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3924/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T15:40:44
1 posts
🟠 CVE-2026-32141 - High (7.5)
flatted is a circular JSON parser. Prior to 3.4.0, flatted's parse() function uses a recursive revive() phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential $ indices, the r...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32141/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T13:36:16
3 posts
🔴 CVE-2026-32248 - Critical (9.8)
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.12 and 8.6.38, an unauthenticated attacker can take over any user account that was created with an authentication provider...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32248/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-32248 - Critical (9.8)
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.12 and 8.6.38, an unauthenticated attacker can take over any user account that was created with an authentication provider...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32248/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CRITICAL: CVE-2026-32248 in parse-server (>=9.0.0, <9.6.0-alpha.12, <8.6.38) allows unauth attackers to hijack accounts if anonymous auth is enabled. MongoDB & PostgreSQL affected. Upgrade ASAP or disable anonymous auth! https://radar.offseq.com/threat/cve-2026-32248-cwe-943-improper-neutralization-of--cc26229b #OffSeq #CVE202632248 #infosec
##updated 2026-03-13T13:36:06
1 posts
🟠 CVE-2026-32247 - High (8.1)
Graphiti is a framework for building and querying temporal context graphs for AI agents. Graphiti versions before 0.28.2 contained a Cypher injection vulnerability in shared search-filter construction for non-Kuzu backends. Attacker-controlled lab...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32247/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T13:35:26
1 posts
🟠 CVE-2026-32246 - High (8.5)
Tinyauth is an authentication and authorization server. Prior to 5.0.3, the OIDC authorization endpoint allows users with a TOTP-pending session (password verified, TOTP not yet completed) to obtain authorization codes. An attacker who knows a use...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32246/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T09:54:46
2 posts
🟠 CVE-2026-32319 - High (7.5)
Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a malformed integrity protected NGAP/NAS message with a length under 7 bytes. An attacker able to send crafted NAS messages to Ella Core can cra...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32319/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32319 - High (7.5)
Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a malformed integrity protected NGAP/NAS message with a length under 7 bytes. An attacker able to send crafted NAS messages to Ella Core can cra...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32319/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T21:35:01
2 posts
🚨 CRITICAL: CVE-2026-3611 impacts Honeywell IQ4E (v3.50_3.44) — missing web HMI authentication lets remote attackers create admin accounts, lock out operators, and control building systems. Restrict access & create user accounts ASAP. https://radar.offseq.com/threat/cve-2026-3611-cwe-306-missing-authentication-for-c-2be1059b #OffSeq #ICS #Honeywell
##🔴 CVE-2026-3611 - Critical (10)
The Honeywell IQ4x building management controller, exposes its full web-based HMI without authentication in its factory-default configuration. With no user module configured, security is disabled by design and the system operates under a System Gu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3611/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T21:34:46
2 posts
🔴 CVE-2026-3916 - Critical (9.6)
Out of bounds read in Web Speech in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3916/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-3916 - Critical (9.6)
Out of bounds read in Web Speech in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3916/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T21:34:46
1 posts
🟠 CVE-2026-3918 - High (8.8)
Use after free in WebMCP in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3918/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T21:34:46
1 posts
🟠 CVE-2026-3926 - High (8.8)
Out of bounds read in V8 in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3926/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T21:34:40
1 posts
Fortinet FortiManager vulnerability allows remote command execution
Fortinet has patched a high-severity stack-based buffer overflow in FortiManager (CVE-2025-54820) that allows remote unauthenticated attackers to execute unauthorized commands by sending crafted requests to the fgtupdates service.
**If you are using Fortinet FortiManager, plan a quick patch. In the interim, make sure the HTTP/HTTPS interface is isolated from the internet or disable fgtupdates in the system interface settings to close the attack vector.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-fortinet-fortimanager-vulnerability-allows-remote-command-execution-d-2-v-g-c/gD2P6Ple2L
updated 2026-03-12T21:08:22.643000
2 posts
🟠 CVE-2026-32101 - High (7.6)
StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.3.1, the S3 storage manager's isAuthorized() function is declared async (returns Promise) but is called without await in both the POST and PUT handle...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32101/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32101 - High (7.6)
StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.3.1, the S3 storage manager's isAuthorized() function is declared async (returns Promise) but is called without await in both the POST and PUT handle...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32101/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T21:08:22.643000
2 posts
🟠 CVE-2026-32117 - High (7.6)
The grafanacubism-panel plugin allows use of cubism.js in Grafana. In 0.1.2 and earlier, the panel's zoom-link handler passes a dashboard-editor-supplied URL directly to window.location.assign() / window.open() with no scheme validation. An attack...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32117/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32117 - High (7.6)
The grafanacubism-panel plugin allows use of cubism.js in Grafana. In 0.1.2 and earlier, the panel's zoom-link handler passes a dashboard-editor-supplied URL directly to window.location.assign() / window.open() with no scheme validation. An attack...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32117/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T21:08:22.643000
1 posts
⚠️ CRITICAL: CVE-2026-31957 in himmelblau-idm (3.0.0-<3.1.0) lets attackers bypass Azure Entra ID tenant isolation if tenant domain isn't set. Upgrade to 3.1.0+ & enforce config! Details: https://radar.offseq.com/threat/cve-2026-31957-cwe-1188-insecure-default-initializ-e7809765 #OffSeq #Azure #CVE202631957 #InfoSec
##updated 2026-03-12T21:08:22.643000
1 posts
🚨 CVE-2026-31976: CRITICAL supply chain risk in xygeni/xygeni-action. Workflows using @v5 (Mar 3 – 10, 2026) ran C2 code via tag poisoning. Pin to safe SHA, rotate creds, review logs. Details: https://radar.offseq.com/threat/cve-2026-31976-cwe-506-embedded-malicious-code-in--7bdbb65f #OffSeq #SupplyChain #CI_CD #GitHub
##updated 2026-03-12T21:08:22.643000
1 posts
Okay, so it turns out that this is really, really slow.
Which led to CVE-2026-30226: https://github.com/sveltejs/devalue/security/advisories/GHSA-cfw5-2vxh-hr84
##updated 2026-03-12T21:08:22.643000
1 posts
🔴 CVE-2025-70082 - Critical (9.8)
An issue in Lantronix EDS3000PS v.3.1.0.0R2 allows an attacker to execute arbitrary code and obtain sensitive information via the ltrx_evo component
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70082/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T21:08:22.643000
1 posts
🟠 CVE-2026-31866 - High (7.5)
flagd is a feature flag daemon with a Unix philosophy. Prior to 0.14.2, flagd exposes OFREP (/ofrep/v1/evaluate/...) and gRPC (evaluation.v1, evaluation.v2) endpoints for feature flag evaluation. These endpoints are designed to be publicly accessi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31866/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T21:08:22.643000
1 posts
🔴 CVE-2026-31852 - Critical (10)
Jellyfin is an open-source media system. The code-quality.yml GitHub Actions workflow in jellyfin/jellyfin-ios is vulnerable to arbitrary code execution via pull requests from forked repositories. Due to the workflow's elevated permissions (nearly...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31852/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T21:07:53.427000
4 posts
The 'multipart' #python library got an independent #security audit and I only know about that because they found something -> CVE-2026-28356
This is great, actually! Someone looked into it so thoroughly that they found an obscure single-character issue in a regular expression ... and didn't find anything else! Which means I can now be really confident about the security of this library. Nice!
##The 'multipart' #python library got an independent #security audit and I only know about that because they found something -> CVE-2026-28356
This is great, actually! Someone looked into it so thoroughly that they found an obscure single-character issue in a regular expression ... and didn't find anything else! Which means I can now be really confident about the security of this library. Nice!
##🟠 CVE-2026-28356 - High (7.5)
multipart is a fast multipart/form-data parser for python. Prior to 1.2.2, 1.3.1 and 1.4.0-dev, the parse_options_header() function in multipart.py uses a regular expression with an ambiguous alternation, which can cause exponential backtracking (...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28356/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T21:07:53.427000
1 posts
🟠 CVE-2026-3971 - High (8.8)
A vulnerability has been found in Tenda i3 1.0.0.6(2204). Affected by this vulnerability is the function formwrlSSIDset of the file /goform/wifiSSIDset. The manipulation of the argument index/GO leads to stack-based buffer overflow. Remote exploit...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3971/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T21:07:53.427000
1 posts
🟠 CVE-2026-3972 - High (8.8)
A vulnerability was found in Tenda W3 1.0.0.3(2204). Affected by this issue is the function formSetCfm of the file /goform/setcfm of the component HTTP Handler. The manipulation of the argument funcpara1 results in stack-based buffer overflow. The...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3972/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T21:07:53.427000
2 posts
🟠 CVE-2026-3978 - High (8.8)
A vulnerability was detected in D-Link DIR-513 1.10. The impacted element is an unknown function of the file /goform/formEasySetupWizard3. The manipulation of the argument wan_connected results in stack-based buffer overflow. The attack can be lau...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3978/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-3978 - High (8.8)
A vulnerability was detected in D-Link DIR-513 1.10. The impacted element is an unknown function of the file /goform/formEasySetupWizard3. The manipulation of the argument wan_connected results in stack-based buffer overflow. The attack can be lau...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3978/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T21:07:53.427000
2 posts
🟠 CVE-2026-4008 - High (8.8)
A flaw has been found in Tenda W3 1.0.0.3(2204). This issue affects some unknown processing of the file /goform/wifiSSIDset of the component POST Parameter Handler. Executing a manipulation of the argument index/GO can lead to stack-based buffer o...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4008/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🛡️ CVE-2026-4008: HIGH severity stack buffer overflow in Tenda W3 (v1.0.0.3(2204)) lets remote attackers execute code or cause DoS — no auth needed. Public exploit available, patch or restrict access now! https://radar.offseq.com/threat/cve-2026-4008-stack-based-buffer-overflow-in-tenda-40f87be9 #OffSeq #Tenda #Infosec #Vuln
##updated 2026-03-12T21:07:53.427000
1 posts
🟠 CVE-2026-32231 - High (8.2)
ZeptoClaw is a personal AI assistant. Prior to 0.7.6, the generic webhook channel trusts caller-supplied identity fields (sender, chat_id) from the request body and applies authorization checks to those untrusted values. Because authentication is ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32231/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T21:07:53.427000
1 posts
🟠 CVE-2026-25529 - High (8.1)
Postal is an open source SMTP server. Postal versions less than 3.3.5 had a HTML injection vulnerability that allowed unescaped data to be included in the admin interface. The primary way for unescaped data to be added is via the API's "send/raw" ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25529/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T21:07:53.427000
1 posts
🟠 CVE-2026-4007 - High (8.8)
A vulnerability was detected in Tenda W3 1.0.0.3(2204). This vulnerability affects unknown code of the file /goform/wifiSSIDget of the component POST Parameter Handler. Performing a manipulation of the argument index results in stack-based buffer ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4007/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T21:07:53.427000
1 posts
🔴 CVE-2026-21669 - Critical (9.9)
A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21669/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T21:07:53.427000
1 posts
🔴 CVE-2026-21666 - Critical (9.9)
A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21666/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T20:32:59
2 posts
🟠 CVE-2026-32302 - High (8.1)
OpenClaw is a personal AI assistant. Prior to 2026.3.11, browser-originated WebSocket connections could bypass origin validation when gateway.auth.mode was set to trusted-proxy and the request arrived with proxy headers. A page served from an untr...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32302/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32302 - High (8.1)
OpenClaw is a personal AI assistant. Prior to 2026.3.11, browser-originated WebSocket connections could bypass origin validation when gateway.auth.mode was set to trusted-proxy and the request arrived with proxy headers. A page served from an untr...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32302/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T20:32:29
1 posts
🟠 CVE-2026-28793 - High (8.4)
Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI development server exposes media endpoints that are vulnerable to path traversal, allowing attackers to read and write arbitrary files on the filesystem outside the inte...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28793/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T18:31:33
1 posts
🟠 CVE-2026-3936 - High (8.8)
Use after free in WebView in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3936/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T18:30:38
1 posts
🟠 CVE-2026-21672 - High (8.8)
A vulnerability allowing local privilege escalation on Windows-based Veeam Backup & Replication servers.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21672/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T18:30:38
1 posts
🔴 CVE-2026-21708 - Critical (9.9)
A vulnerability allowing a Backup Viewer to perform remote code execution (RCE) as the postgres user.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21708/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T18:30:38
1 posts
🟠 CVE-2026-4043 - High (8.8)
A security vulnerability has been detected in Tenda i12 1.0.0.6(2204). The impacted element is the function formwrlSSIDget of the file /goform/wifiSSIDget. Such manipulation of the argument index leads to stack-based buffer overflow. The attack ma...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4043/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T18:30:37
1 posts
⚠️ New security advisory:
CVE-2019-25482 affects multiple systems.
• Impact: Significant security breach potential
• Risk: Unauthorized access or data exposure
• Mitigation: Apply patches within 24-48 hours
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2019-25482-jettweb-php-hazir-rent-a-car-script-sql-injection
updated 2026-03-12T18:30:30
1 posts
🔴 CVE-2026-21667 - Critical (9.9)
A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21667/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T17:38:59
1 posts
🔴 CVE-2026-3059 - Critical (9.8)
SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads() without authentication.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3059/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T17:38:54
1 posts
🔴 CVE-2026-3060 - Critical (9.8)
SGLang' encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads() without authentication.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3060/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T15:31:28
1 posts
🟠 CVE-2026-3923 - High (8.8)
Use after free in WebMIDI in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3923/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T15:31:28
1 posts
🟠 CVE-2026-3922 - High (8.8)
Use after free in MediaStream in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3922/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T15:31:28
1 posts
🟠 CVE-2026-3921 - High (8.8)
Use after free in TextEncoding in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3921/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T15:31:27
1 posts
🟠 CVE-2026-3919 - High (8.8)
Use after free in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3919/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T15:30:32
4 posts
🟠 CVE-2026-21668 - High (8.8)
A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21668/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21668 - High (8.8)
A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21668/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21668 - High (8.8)
A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21668/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21668 - High (8.8)
A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21668/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T15:30:32
1 posts
🟠 CVE-2026-4042 - High (8.8)
A weakness has been identified in Tenda i12 1.0.0.6(2204). The affected element is the function formWifiMacFilterGet of the file /goform/WifiMacFilterGet. This manipulation of the argument index causes stack-based buffer overflow. The attack may b...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4042/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T15:30:31
3 posts
🟠 CVE-2026-21670 - High (7.7)
A vulnerability allowing a low-privileged user to extract saved SSH credentials.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21670/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21670 - High (7.7)
A vulnerability allowing a low-privileged user to extract saved SSH credentials.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21670/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21670 - High (7.7)
A vulnerability allowing a low-privileged user to extract saved SSH credentials.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21670/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T15:30:31
1 posts
🟠 CVE-2026-4041 - High (8.8)
A security flaw has been discovered in Tenda i12 1.0.0.6(2204). Impacted is the function vos_strcpy of the file /goform/exeCommand. The manipulation of the argument cmdinput results in stack-based buffer overflow. The attack can be launched remote...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4041/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T15:30:26
4 posts
🔴 CVE-2026-21671 - Critical (9.1)
A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution (RCE) in high availability (HA) deployments of Veeam Backup & Replication.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21671/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-21671 - Critical (9.1)
A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution (RCE) in high availability (HA) deployments of Veeam Backup & Replication.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21671/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-21671 - Critical (9.1)
A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution (RCE) in high availability (HA) deployments of Veeam Backup & Replication.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21671/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-21671 - Critical (9.1)
A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution (RCE) in high availability (HA) deployments of Veeam Backup & Replication.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21671/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T14:23:15
2 posts
🟠 CVE-2026-32110 - High (8.3)
SiYuan is a personal knowledge management system. Prior to 3.6.0, the /api/network/forwardProxy endpoint allows authenticated users to make arbitrary HTTP requests from the server. The endpoint accepts a user-controlled URL and makes HTTP requests...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32110/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32110 - High (8.3)
SiYuan is a personal knowledge management system. Prior to 3.6.0, the /api/network/forwardProxy endpoint allows authenticated users to make arbitrary HTTP requests from the server. The endpoint accepts a user-controlled URL and makes HTTP requests...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32110/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T14:07:39
3 posts
🔴 CVE-2026-27591 - Critical (9.9)
Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Prior to 1.0.477, 1.1.12, and 1.2.12, Winter CMS allowed authenticated backend users to escalate their accounts level of access to the system by modi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27591/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-27591 - Critical (9.9)
Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Prior to 1.0.477, 1.1.12, and 1.2.12, Winter CMS allowed authenticated backend users to escalate their accounts level of access to the system by modi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27591/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CRITICAL: CVE-2026-27591 in Winter CMS (<1.0.477, <1.1.12, <1.2.12) lets any authenticated backend user escalate to admin via crafted requests. Patch ASAP! Impact: full compromise. https://radar.offseq.com/threat/cve-2026-27591-cwe-284-improper-access-control-in--eac8002f #OffSeq #WinterCMS #CVE202627591 #infosec
##updated 2026-03-12T03:31:16
1 posts
🟠 CVE-2026-3973 - High (8.8)
A vulnerability was determined in Tenda W3 1.0.0.3(2204). This affects the function formSetAutoPing of the file /goform/setAutoPing of the component POST Parameter Handler. This manipulation of the argument ping1/ping2 causes stack-based buffer ov...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3973/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T03:31:16
1 posts
🟠 CVE-2026-3657 - High (7.5)
The My Sticky Bar plugin for WordPress is vulnerable to SQL injection via the `stickymenu_contact_lead_form` AJAX action in all versions up to, and including, 2.8.6. This is due to the handler using attacker-controlled POST parameter names directl...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3657/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T03:31:16
1 posts
🟠 CVE-2026-3975 - High (8.8)
A security flaw has been discovered in Tenda W3 1.0.0.3(2204). This issue affects the function formWifiMacFilterGet of the file /goform/WifiMacFilterGet of the component POST Parameter Handler. Performing a manipulation of the argument wl_radio re...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3975/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T03:31:16
1 posts
🟠 CVE-2026-3974 - High (8.8)
A vulnerability was identified in Tenda W3 1.0.0.3(2204). This vulnerability affects the function formexeCommand of the file /goform/exeCommand of the component HTTP Handler. Such manipulation of the argument cmdinput leads to stack-based buffer o...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3974/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T03:31:15
1 posts
🟠 CVE-2026-3976 - High (8.8)
A weakness has been identified in Tenda W3 1.0.0.3(2204). Impacted is the function formWifiMacFilterSet of the file /goform/WifiMacFilterSet of the component POST Parameter Handler. Executing a manipulation of the argument index/GO can lead to sta...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3976/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T03:31:06
1 posts
🟠 CVE-2026-3970 - High (8.8)
A flaw has been found in Tenda i3 1.0.0.6(2204). Affected is the function formwrlSSIDget of the file /goform/wifiSSIDget. Executing a manipulation of the argument index can lead to stack-based buffer overflow. The attack may be launched remotely. ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3970/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T21:32:05
1 posts
🟠 CVE-2025-68623 - High (8.8)
In Microsoft DirectX End-User Runtime Web Installer 9.29.1974.0, a low-privilege user can replace an executable file during the installation process, which may result in unintended elevation of privileges. During installation, the installer runs w...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-68623/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T20:45:27
1 posts
🔴 CVE-2026-31862 - Critical (9.1)
Cloud CLI (aka Claude Code UI) is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.24.0, multiple Git-related API endpoints use execAsync() with string interpolation of user-controlled parameters (file, branch...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31862/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T20:43:42
1 posts
🟠 CVE-2026-31839 - High (8.2)
Striae is a firearms examiner's comparison companion. A high-severity integrity bypass vulnerability existed in Striae's digital confirmation workflow prior to v3.0.0. Hash-only validation trusted manifest hash fields that could be modified togeth...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31839/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T19:40:09.533000
3 posts
31 repos
https://github.com/AbdulRKB/n8n-RCE
https://github.com/ahmedshamsddin/n8n-RCE-CVE-2025-68613
https://github.com/Victorhugofariasvieir66/relatorio-n8n.md
https://github.com/sahilccras/Blackash-CVE-2025-68613
https://github.com/h3raklez/CVE-2025-68613
https://github.com/J4ck3LSyN-Gen2/n8n-CVE-2025-68613-TryHackMe
https://github.com/Ak-cybe/CVE-2025-68613-n8n-rce-analysis
https://github.com/Khin-96/n8n-cve-2025-68613-thm
https://github.com/Dlanang/homelab-CVE-2025-68613
https://github.com/wioui/n8n-CVE-2025-68613-exploit
https://github.com/intbjw/CVE-2025-68613-poc-via-copilot
https://github.com/releaseown/analysis-and-poc-n8n-CVE-2025-68613
https://github.com/rxerium/CVE-2025-68613
https://github.com/TheInterception/n8n_CVE-2025-68613_exploit_payloads
https://github.com/nehkark/CVE-2025-68613
https://github.com/hackersatyamrastogi/n8n-exploit-CVE-2025-68613-n8n-God-Mode-Ultimate
https://github.com/mbanyamer/n8n-Authenticated-Expression-Injection-RCE-CVE-2025-68613
https://github.com/gagaltotal/n8n-cve-2025-68613
https://github.com/secjoker/CVE-2025-68613
https://github.com/ali-py3/Exploit-CVE-2025-68613
https://github.com/Rishi-kaul/n8n-CVE-2025-68613
https://github.com/r4j3sh-com/CVE-2025-68613-n8n-lab
https://github.com/TheStingR/CVE-2025-68613-POC
https://github.com/intelligent-ears/CVE-2025-68613
https://github.com/JohannesLks/CVE-2025-68613-Python-Exploit
https://github.com/shibaaa204/CVE-2025-68613
https://github.com/manyaigdtuw/CVE-2025-68613_Scanner
https://github.com/cv-sai-kamesh/n8n-CVE-2025-68613
https://github.com/reem-012/poc_CVE-2025-68613
⚠️ CISA Flags Actively Exploited n8n RCE Bug as 24,700 Instances Remain Exposed
「 The vulnerability, tracked as CVE-2025-68613 (CVSS score: 9.9), concerns a case of expression injection that leads to remote code execution. The security shortcoming was patched by n8n in December 2025 in versions 1.120.4, 1.121.1, and 1.122.0. CVE-2025-68613 is the first n8n vulnerability to be placed in the KEV catalog 」
https://thehackernews.com/2026/03/cisa-flags-actively-exploited-n8n-rce.html
🚨 [CISA-2026:0311] CISA Adds One Known Exploited Vulnerability to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0311)
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2025-68613 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-68613)
- Name: n8n Improper Control of Dynamically-Managed Code Resources Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: n8n
- Product: n8n
- Notes: https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp ; https://nvd.nist.gov/vuln/detail/CVE-2025-68613
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260311 #cisa20260311 #cve_2025_68613 #cve202568613
##CVE ID: CVE-2025-68613
Vendor: n8n
Product: n8n
Date Added: 2026-03-11
Notes: https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp ; https://nvd.nist.gov/vuln/detail/CVE-2025-68613
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-68613
updated 2026-03-11T18:31:35
1 posts
CVE-2026-3784 beat a new #curl record. This flaw existed in curl source code for 24.97 years before it was discovered.
Illustrated in the slightly hard-to-read graph below. The average age of a curl vulnerability when reported is eight years.
##updated 2026-03-11T18:30:40
1 posts
Critical Splunk RCE Vulnerability (CVE-2026–20163) Lets Attackers Run Shell Commands on Your Server
The discovered vulnerability is a Remote Code Execution (RCE) in Splunk, a popular data processing software. The flaw stems from insufficient input validation in the application's search interface. By constructing a crafted search query, an attacker can exploit the vulnerability and execute arbitrary shell commands on the target server. Specifically, an attacker can utilize the 'enableJavaScript' and 'enableCookies' search commands to trigger the RCE. When the search interface receives a request, it inadvertently executes JavaScript provided by the attacker, enabling further exploitation. The impact of this vulnerability is severe, as it allows unauthorized execution of commands with the privileges of the Splunk user, potentially leading to data breaches or unauthorized access. The researcher received a $15,000 bounty from Splunk for reporting this critical issue. To remediate, Splunk suggests implementing input validation and sanitization for user-supplied search queries. Key lesson: Always validate user inputs to prevent RCE attacks. #BugBounty #Cybersecurity #RCE #Splunk #InputValidation
updated 2026-03-11T18:30:40
2 posts
The most severe of these issues are CVE-2026-20040 and CVE-2026-20046 (CVSS score of 8.8), two bugs that could be exploited to execute arbitrary commands as root or gain administrative control of a device. https://www.securityweek.com/cisco-patches-high-severity-ios-xr-vulnerabilities-2/
##🟠 CVE-2026-20040 - High (8.8)
A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device.
This vulnerability is due to insufficient validatio...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20040/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T18:30:40
2 posts
The most severe of these issues are CVE-2026-20040 and CVE-2026-20046 (CVSS score of 8.8), two bugs that could be exploited to execute arbitrary commands as root or gain administrative control of a device. https://www.securityweek.com/cisco-patches-high-severity-ios-xr-vulnerabilities-2/
##🟠 CVE-2026-20046 - High (8.8)
A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges and gain full administrative control of an affected device.
This vulnerability is du...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20046/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T18:30:40
1 posts
CVE-2026-0230 Cortex XDR Agent: Local Administrator can disable the agent on macOS
https://security.paloaltonetworks.com/CVE-2026-0230
Short summary: https://hackerworkspace.com/article/cve-2026-0230-cortex-xdr-agent-local-administrator-can-disable-the-agent-on-macos
##updated 2026-03-11T18:21:47.207000
1 posts
🟠 CVE-2026-21290 - High (8.7)
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts i...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21290/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T18:08:18.073000
1 posts
🟠 CVE-2026-21309 - High (7.5)
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerab...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21309/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T15:31:51
1 posts
🔴 CVE-2026-23813 - Critical (9.8)
A vulnerability has been identified in the web-based management interface of AOS-CX switches that could potentially allow an unauthenticated remote actor to circumvent existing authentication controls. In some cases this could enable resetting the...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23813/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T14:16:27.390000
1 posts
🔴 CVE-2026-2631 - Critical (9.8)
The Datalogics Ecommerce Delivery WordPress plugin before 2.6.60 exposes an unauthenticated REST endpoint that allows any remote user to modify the option `datalogics_token` without verification. This token is subsequently used for authentication...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2631/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T14:16:19.773000
1 posts
🟠 CVE-2026-23814 - High (8.8)
A vulnerability in the command parameters of a certain AOS-CX CLI command could allow a low-privilege authenticated remote attacker to inject malicious commands resulting in unwanted behavior.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23814/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T13:53:20.707000
1 posts
March 2026 Microsoft Patch Tuesday | Tenable® #devopsish https://www.tenable.com/blog/microsofts-march-2026-patch-tuesday-addresses-83-cves-cve-2026-21262-cve-2026-26127
##updated 2026-03-11T13:52:47.683000
3 posts
2 repos
Over 200,000 #WordPress sites are exposed due to an SQL injection flaw in the Ally plugin (CVE-2026-2413), allowing attackers to extract database data. Patch released, but many sites remain vulnerable.
Read: https://hackread.com/sql-injection-vulnerability-ally-wordpress-plugin/
##Vulnerability alert.
A high-severity SQL injection flaw (CVE-2026-2413) in the Ally WordPress Plugin from Elementor could expose data from 250K+ sites.
Patch available in v4.1.0.
Follow @technadu for security updates.
#Infosec #CyberSecurity
🟠 CVE-2026-2413 - High (7.5)
The Ally – Web Accessibility & Usability plugin for WordPress is vulnerable to SQL Injection via the URL path in all versions up to, and including, 4.0.3. This is due to insufficient escaping on the user-supplied URL parameter in the `get_global...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2413/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T13:52:47.683000
1 posts
🟠 CVE-2025-13067 - High (8.8)
The Royal Addons for Elementor plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 1.7.1049. This is due to insufficient file type validation detecting files named main.php, allowing a file with such a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-13067/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T06:31:47
1 posts
🔴 CVE-2026-24448 - Critical (9.8)
Use of hard-coded credentials issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to obtain administrative access.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24448/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T06:31:47
1 posts
🟠 CVE-2026-3222 - High (7.5)
The WP Maps plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'location_id' parameter in all versions up to, and including, 4.9.1. This is due to the plugin's database abstraction layer (`FlipperCode_Model_Base::is_colum...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3222/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T06:31:41
1 posts
🔴 CVE-2026-27842 - Critical (9.8)
Authentication bypass issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to bypass authentication and change the device configuration.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27842/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T03:31:39
1 posts
🟠 CVE-2026-21311 - High (8)
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21311/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T03:31:39
1 posts
🟠 CVE-2026-3453 - High (8.1)
The ProfilePress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.16.11. This is due to missing ownership validation on the change_plan_sub_id parameter in the process_checkout() functi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3453/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T03:31:39
1 posts
🟠 CVE-2026-21361 - High (8.1)
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (XSS) vvulnerability that could be abused by a high-privileged attacker to inject malicious scripts...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21361/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T03:31:38
1 posts
🟠 CVE-2026-21289 - High (7.5)
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerab...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21289/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T03:31:38
1 posts
🟠 CVE-2026-21284 - High (8.1)
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21284/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T00:31:38
1 posts
🟠 CVE-2026-27271 - High (7.8)
Illustrator versions 29.8.4, 30.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27271/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:38:58
1 posts
CVE-2026-28292: simple-git Remote Code Execution - Case-Sensitivity Bypass (CVSS 9.8)
https://www.codeant.ai/security-research/simple-git-remote-code-execution-cve-2026-28292
Short summary: https://hackerworkspace.com/article/cve-2026-28292-simple-git-remote-code-execution-case-sensitivity-bypass-cvss-9-8
##updated 2026-03-10T18:31:30
1 posts
LnkMeMaybe - A Review of CVE-2026-25185 https://trustedsec.com/blog/lnkmemaybe-a-review-of-cve-2026-25185
##updated 2026-03-10T18:31:25
1 posts
March 2026 Microsoft Patch Tuesday | Tenable® #devopsish https://www.tenable.com/blog/microsofts-march-2026-patch-tuesday-addresses-83-cves-cve-2026-21262-cve-2026-26127
##updated 2026-03-10T18:31:24
1 posts
Siemens Patches Critical Code Injection Flaw in SIMATIC S7-1500 Controllers
Siemens reports a critical code injection vulnerability (CVE-2025-40943) in SIMATIC S7-1500 controllers that allows attackers to take full control of devices via malicious trace files. The flaw affects numerous industrial CPUs and requires users to update to version 4.1.2 or restrict web server access.
**If you are using Siemens SIMATIC S7-1500 controllers, make sure they are isolated from the internet, especially the web management interface. If the interface is not actively used, just disable it. Then plan a patch of the controllers. It's going to be a long process, many different models are affected.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/siemens-patches-critical-code-injection-flaw-in-simatic-s7-1500-controllers-n-r-v-k-0/gD2P6Ple2L
updated 2026-03-04T21:14:09
1 posts
1 repos
updated 2026-02-27T12:31:31
1 posts
The OpenClaw autonomous AI agent has achieved explosive growth, but its rapid rise has triggered a major security crisis. China's MIIT and CNCERT have issued urgent warnings following the discovery of over 40,000 exposed instances of the software online. The highest density of these exposed instances was located in China, followed by the US and Singapore.
Read More: https://www.security.land/china-openclaw-ai-security-alert-cve-2025-11251/
#SecurityLand #GeoSphere #China #OpenClaw #AI #SecurityVulnerability #CVE
##updated 2026-02-25T18:31:45
2 posts
7 repos
https://github.com/abrahamsurf/sdwan-scanner-CVE-2026-20127
https://github.com/yonathanpy/CVE-2026-20127-Cisco-SD-WAN-Preauth-RCE
https://github.com/sfewer-r7/CVE-2026-20127
https://github.com/BugFor-Pings/CVE-2026-20127_EXP
https://github.com/randeepajayasekara/CVE-2026-20127
https://github.com/zerozenxlabs/CVE-2026-20127---Cisco-SD-WAN-Preauth-RCE
US agencies face a CISA deadline to secure networks after a critical Cisco SD-WAN flaw (CVE-2026-20127) exposed federal systems to long-term intrusion and admin access.
Read: https://hackread.com/us-agencies-cisa-deadline-critical-cisco-sd-wan-flaw/
##Check your #Cisco #SDWAN deployments about Cisco Catalyst SD-WAN Controller and Manager Authentication Bypass Vulnerability: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20127
How to mitigate #vulnerabilities in Cisco SD-WAN Systems can be found here: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems
##updated 2026-02-20T22:20:05
1 posts
🟠 CVE-2026-32260 - High (8.1)
Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.7.0 to 2.7.1, A command injection vulnerability exists in Deno's node:child_process polyfill (shell: true mode) that bypasses the fix for CVE-2026-27190. The two-stage argument san...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32260/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T18:32:08
2 posts
1 repos
No bad luck here! 🍀 The Metasploit weekly wrapup is live with 3 new modules: LeakIX Search, Linux RC4 payload packer, and an unauthenticated RCE for SPIP Saisies (CVE-2025-71243). Plus, check out Metasploit Pro 5.0.0!
Read the full details: https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-03-13-2026/ #Metasploit
##No bad luck here! 🍀 The Metasploit weekly wrapup is live with 3 new modules: LeakIX Search, Linux RC4 payload packer, and an unauthenticated RCE for SPIP Saisies (CVE-2025-71243). Plus, check out Metasploit Pro 5.0.0!
Read the full details: https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-03-13-2026/ #Metasploit
##updated 2026-02-11T15:40:33.473000
1 posts
11 repos
https://github.com/gavz/CVE-2026-21509-PoC
https://github.com/kimstars/Ashwesker-CVE-2026-21509
https://github.com/decalage2/detect_CVE-2026-21509
https://github.com/ksk-itdk/KSK-ITDK-CVE-2026-21509-Mitigation
https://github.com/SimoesCTT/SCTT-2026-33-0007-The-OLE-Vortex-Laminar-Bypass-
https://github.com/SimoesCTT/CTT-MICROSOFT-OFFICE-OLE-MANIFOLD-BYPASS-CVE-2026-21509
https://github.com/planetoid/cve-2026-21509-mitigation
https://github.com/kaizensecurity/CVE-2026-21509
https://github.com/suuhm/CVE-2026-21509-handler
CVE-2026-21509: Actively Exploited Microsoft Office Security Feature Bypass — PoC Public, CISA KEV Listed https://fidelissecurity.com/vulnerabilities/cve-2026-21509/
##updated 2026-01-28T00:31:41
1 posts
5 repos
https://github.com/gagaltotal/cve-2026-24858
https://github.com/absholi7ly/CVE-2026-24858-FortiCloud-SSO-Authentication-Bypass
https://github.com/SimoesCTT/SCTT-2026-33-0004-FortiCloud-SSO-Identity-Singularity
Critical Authentication Bypass and Smuggling Flaws Impact Siemens RUGGEDCOM APE1808
Siemens disclosed four vulnerabilities in RUGGEDCOM APE1808 devices, including a critical authentication bypass (CVE-2026-24858) that allows attackers to hijack devices via FortiCloud SSO. The flaws also include HTTP request smuggling and format string vulnerabilities that could lead to unauthorized code execution or policy bypass.
**If you use RUGGEDCOM APE1808 devices with FortiOS, this is now urgent and important. The most critical item is a Fortinet flaw, and Fortinet is very much targeted by hackers. Update to version 7.4.11 ASAP. Isolation is not really a solution for a firewall that's designed operate between an insecure and secure networks.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-authentication-bypass-and-smuggling-flaws-impact-siemens-ruggedcom-ape1808-y-7-4-o-r/gD2P6Ple2L
updated 2025-08-15T17:01:01.673000
2 posts
----------------
🛡️ Tool — Sec-Context: AI Code Security Anti-Patterns
Sec-Context provides two large, machine-readable anti-pattern documents intended for automated review and model conditioning. The repository consolidates findings from 150+ sources into ANTI_PATTERNS_BREADTH (~65K tokens) and ANTI_PATTERNS_DEPTH (~100K tokens). The breadth file enumerates 25+ anti-patterns with pseudocode bad/good examples, CWE cross-references, severity ratings, and a quick lookup table. The depth file focuses on seven highest-priority vulnerabilities with multiple code examples, attack scenarios, edge cases, and detailed mitigation trade-offs.
Key technical contents reported:
• Document sizes: breadth ≈ 65k tokens, depth ≈ 100k tokens.
• Prioritization metric: Frequency ×2 + Severity ×2 + Detectability.
• Top-ranked anti-patterns include Dependency Risks (Slopsquatting), XSS (86% failure rate reported in AI-generated code), Hardcoded Secrets (rapid scraping after exposure), SQL Injection (thousands of instances in training data), and a real-world referenced CVE: CVE-2025-53773 for Command Injection.
Practical artifacts in the files:
• Pseudocode BAD/GOOD snippets per pattern.
• CWE mappings and severity annotations.
• Multiple concrete attack scenarios and edge cases for high-priority patterns.
• Suggested usage modes: include entire document in large-context models, extract relevant sections for smaller-context workflows, or run a dedicated review agent/skill that checks code against all patterns and returns specific findings.
Limitations and operational notes (as reported):
• Files are intentionally large to be comprehensive and may require models with extended context or chunked-review workflows.
• The guide emphasizes detection and remediation patterns; it does not provide deployment or execution instructions.
Hashtags: #XSS #CVE-2025-53773 #dependency_squatting #LLM
##----------------
🛡️ Tool — Sec-Context: AI Code Security Anti-Patterns
Sec-Context provides two large, machine-readable anti-pattern documents intended for automated review and model conditioning. The repository consolidates findings from 150+ sources into ANTI_PATTERNS_BREADTH (~65K tokens) and ANTI_PATTERNS_DEPTH (~100K tokens). The breadth file enumerates 25+ anti-patterns with pseudocode bad/good examples, CWE cross-references, severity ratings, and a quick lookup table. The depth file focuses on seven highest-priority vulnerabilities with multiple code examples, attack scenarios, edge cases, and detailed mitigation trade-offs.
Key technical contents reported:
• Document sizes: breadth ≈ 65k tokens, depth ≈ 100k tokens.
• Prioritization metric: Frequency ×2 + Severity ×2 + Detectability.
• Top-ranked anti-patterns include Dependency Risks (Slopsquatting), XSS (86% failure rate reported in AI-generated code), Hardcoded Secrets (rapid scraping after exposure), SQL Injection (thousands of instances in training data), and a real-world referenced CVE: CVE-2025-53773 for Command Injection.
Practical artifacts in the files:
• Pseudocode BAD/GOOD snippets per pattern.
• CWE mappings and severity annotations.
• Multiple concrete attack scenarios and edge cases for high-priority patterns.
• Suggested usage modes: include entire document in large-context models, extract relevant sections for smaller-context workflows, or run a dedicated review agent/skill that checks code against all patterns and returns specific findings.
Limitations and operational notes (as reported):
• Files are intentionally large to be comprehensive and may require models with extended context or chunked-review workflows.
• The guide emphasizes detection and remediation patterns; it does not provide deployment or execution instructions.
Hashtags: #XSS #CVE-2025-53773 #dependency_squatting #LLM
##🚁 CVE-2026-32708 (HIGH): Stack-based buffer overflow in PX4-Autopilot (<1.17.0-rc2) via Zenoh uORB subscriber. Exploitable w/ local privileges; could crash or compromise drones. Upgrade ASAP. https://radar.offseq.com/threat/cve-2026-32708-cwe-121-stack-based-buffer-overflow-a8d143e4 #OffSeq #DroneSecurity #CVE #Infosec
##🚁 CVE-2026-32708 (HIGH): Stack-based buffer overflow in PX4-Autopilot (<1.17.0-rc2) via Zenoh uORB subscriber. Exploitable w/ local privileges; could crash or compromise drones. Upgrade ASAP. https://radar.offseq.com/threat/cve-2026-32708-cwe-121-stack-based-buffer-overflow-a8d143e4 #OffSeq #DroneSecurity #CVE #Infosec
##CVE-2026-32720 (HIGH): ctfer-io monitoring <0.2.1 has improper access control, allowing lateral movement across Kubernetes namespaces — risks sensitive logs/metrics. Patch to 0.2.1+ ASAP! 🔒 https://radar.offseq.com/threat/cve-2026-32720-cwe-284-improper-access-control-in--c14eb5d2 #OffSeq #Kubernetes #CVE #CloudSecurity
##CVE-2026-32720 (HIGH): ctfer-io monitoring <0.2.1 has improper access control, allowing lateral movement across Kubernetes namespaces — risks sensitive logs/metrics. Patch to 0.2.1+ ASAP! 🔒 https://radar.offseq.com/threat/cve-2026-32720-cwe-284-improper-access-control-in--c14eb5d2 #OffSeq #Kubernetes #CVE #CloudSecurity
##🛡️ CVE-2026-3227: HIGH severity OS command injection in TP-Link TL-WR802N v4, TL-WR841N v14, TL-WR840N v6. Authenticated attackers can gain root via crafted config imports. No patch yet — restrict access & monitor uploads! https://radar.offseq.com/threat/cve-2026-3227-cwe-78-improper-neutralization-of-sp-ac440341 #OffSeq #TPLink #Vuln
##🛡️ CVE-2026-3227: HIGH severity OS command injection in TP-Link TL-WR802N v4, TL-WR841N v14, TL-WR840N v6. Authenticated attackers can gain root via crafted config imports. No patch yet — restrict access & monitor uploads! https://radar.offseq.com/threat/cve-2026-3227-cwe-78-improper-neutralization-of-sp-ac440341 #OffSeq #TPLink #Vuln
##🚨 CRITICAL: CVE-2026-32626 in AnythingLLM Desktop ≤1.11.1 lets attackers run code via XSS → RCE (CVSS 9.7). No patch yet. Restrict chat, harden Electron, sanitize input. High risk, act now! More: https://radar.offseq.com/threat/cve-2026-32626-cwe-79-improper-neutralization-of-i-a50f3d86 #OffSeq #XSS #RCE #InfoSec
##🚨 CRITICAL: CVE-2026-32626 in AnythingLLM Desktop ≤1.11.1 lets attackers run code via XSS → RCE (CVSS 9.7). No patch yet. Restrict chat, harden Electron, sanitize input. High risk, act now! More: https://radar.offseq.com/threat/cve-2026-32626-cwe-79-improper-neutralization-of-i-a50f3d86 #OffSeq #XSS #RCE #InfoSec
##🟠 CVE-2026-31944 - High (7.6)
LibreChat is a ChatGPT clone with additional features. From 0.8.2 to 0.8.2-rc3, The MCP (Model Context Protocol) OAuth callback endpoint accepts the redirect from the identity provider and stores OAuth tokens for the user who initiated the flow, w...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31944/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-31944 - High (7.6)
LibreChat is a ChatGPT clone with additional features. From 0.8.2 to 0.8.2-rc3, The MCP (Model Context Protocol) OAuth callback endpoint accepts the redirect from the identity provider and stores OAuth tokens for the user who initiated the flow, w...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31944/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32121 - High (7.7)
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, Stored XSS in prescription CSS/HTML print view via patient demographics. That finding involves server-side rendering of pat...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32121/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32121 - High (7.7)
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, Stored XSS in prescription CSS/HTML print view via patient demographics. That finding involves server-side rendering of pat...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32121/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32123 - High (7.7)
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, sensitivity checks for group encounters are broken because the code only consults form_encounter for sensitivity, while grou...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32123/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32123 - High (7.7)
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, sensitivity checks for group encounters are broken because the code only consults form_encounter for sensitivity, while grou...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32123/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32131 - High (7.7)
ZITADEL is an open source identity management platform. Prior to 3.4.8 and 4.12.2, a vulnerability in Zitadel's Management API has been reported, which allowed authenticated users holding a valid low-privilege token (e.g., project.read, project.gr...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32131/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32131 - High (7.7)
ZITADEL is an open source identity management platform. Prior to 3.4.8 and 4.12.2, a vulnerability in Zitadel's Management API has been reported, which allowed authenticated users holding a valid low-privilege token (e.g., project.read, project.gr...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32131/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32130 - High (7.5)
ZITADEL is an open source identity management platform. From 2.68.0 to before 3.4.8 and 4.12.2, Zitadel provides a System for Cross-domain Identity Management (SCIM) API to provision users from external providers into Zitadel. Request to the API w...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32130/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32130 - High (7.5)
ZITADEL is an open source identity management platform. From 2.68.0 to before 3.4.8 and 4.12.2, Zitadel provides a System for Cross-domain Identity Management (SCIM) API to provision users from external providers into Zitadel. Request to the API w...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32130/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32140 - High (8.8)
Dataease is an open source data visualization analysis tool. Prior to 2.10.20, By controlling the IniFile parameter, an attacker can force the JDBC driver to load an attacker-controlled configuration file. This configuration file can inject danger...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32140/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32140 - High (8.8)
Dataease is an open source data visualization analysis tool. Prior to 2.10.20, By controlling the IniFile parameter, an attacker can force the JDBC driver to load an attacker-controlled configuration file. This configuration file can inject danger...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32140/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CRITICAL: CVE-2026-32251 in tolgee-platform (<3.166.3) allows authenticated users to exploit XXE for file read & SSRF. Patch to 3.166.3+ ASAP! Limit XML imports & monitor for abuse. Details: https://radar.offseq.com/threat/cve-2026-32251-cwe-611-improper-restriction-of-xml-6ee364da #OffSeq #CVE202632251 #infosec #XXE
##🟠 CVE-2026-32138 - High (8.2)
NEXULEAN is a cybersecurity portfolio & service platform for an Ethical Hacker, AI Enthusiast, and Penetration Tester. Prior to 2.0.0, a security vulnerability was identified where Firebase and Web3Forms API keys were exposed. An attacker could us...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32138/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27940 - High (7.8)
llama.cpp is an inference of several LLM models in C/C++. Prior to b8146, the gguf_init_from_file_impl() in gguf.cpp is vulnerable to an Integer overflow, leading to an undersized heap allocation. Using the subsequent fread() writes 528+ bytes of ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27940/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21887 - High (7.7)
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.8.16, the OpenCTI platform’s data ingestion feature accepts user-supplied URLs without validation and uses the Axios HTTP client with...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21887/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##CVE-2026-22248 - From File Upload to RCE via Unsafe Deserialization https://ribeir.in/posts/cve-2026-22248-glpi-rce.html
##🚨 CVE-2026-32096: CRITICAL SSRF in Plunk < 0.7.0 lets unauthenticated attackers trigger arbitrary outbound HTTP requests via SNS webhook. Upgrade to 0.7.0+ ASAP. Monitor egress and review webhook configs. https://radar.offseq.com/threat/cve-2026-32096-cwe-918-server-side-request-forgery-4e688d7e #OffSeq #SSRF #CloudSecurity
##Analyzing "Zombie Zip" Files (CVE-2026-0866)
#CVE_2026_0866
https://isc.sans.edu/diary/rss/32786
🔴 CVE-2026-31874 - Critical (9.8)
Taskosaur is an open source project management platform with conversational AI for task execution in-app. In 1.0.0, the application does not properly validate or restrict the role parameter during the user registration process. An attacker can man...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31874/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-31874 - Critical (9.8)
Taskosaur is an open source project management platform with conversational AI for task execution in-app. In 1.0.0, the application does not properly validate or restrict the role parameter during the user registration process. An attacker can man...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31874/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-31881 - High (7.7)
Runtipi is a personal homeserver orchestrator. Prior to 4.8.0, an unauthenticated attacker can reset the operator (admin) password when a password-reset request is active, resulting in full account takeover. The endpoint POST /api/auth/reset-passw...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31881/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-31870 - High (7.5)
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.1, when a cpp-httplib client uses the streaming API (httplib::stream::Get, httplib::stream::Post, etc.), the library calls std::stoull() directly on th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31870/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##