| CVE | CVSS | EPSS | Posts | Repos | Nuclei | Updated | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-45348 | 8.7 | 0.00% | 2 | 0 | 2026-05-28T20:16:24.857000 | pyLoad is a free and open-source download manager written in Python. Prior to 0. | |
| CVE-2026-43898 | 10.0 | 0.00% | 2 | 0 | 2026-05-28T20:16:23.810000 | SandboxJS is a JavaScript sandboxing library. Prior to 0.9.6, sandbox-defined fu | |
| CVE-2026-25713 | 7.8 | 0.01% | 1 | 0 | 2026-05-28T20:03:56.430000 | MediaArea MediaInfoLib ID3v2 parsing heap buffer overflow vulnerability | |
| CVE-2026-4944 | 8.8 | 0.00% | 2 | 0 | 2026-05-28T19:16:42.677000 | vllm-project/vllm version 0.14.1 contains a vulnerability where the `trust_remot | |
| CVE-2026-47333 | 7.8 | 0.00% | 2 | 0 | 2026-05-28T19:16:42.073000 | Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which can potentia | |
| CVE-2026-47331 | 7.8 | 0.00% | 2 | 0 | 2026-05-28T19:16:41.757000 | Ubuntu Linux 6.8 contains AppArmor SAUCE patches which fail to acquire a lock wh | |
| CVE-2026-46509 | 8.2 | 0.00% | 2 | 0 | 2026-05-28T19:16:39.280000 | deepobj provides get, set, delete deep objects in javascript. Prior to 1.0.3, pr | |
| CVE-2026-45332 | 7.5 | 0.00% | 2 | 0 | 2026-05-28T19:16:39.133000 | Automad is a flat-file content management system and template engine. From 2.0.0 | |
| CVE-2026-45039 | 9.8 | 0.00% | 2 | 0 | 2026-05-28T19:16:38.390000 | RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta | |
| CVE-2026-35671 | 8.8 | 0.00% | 2 | 0 | 2026-05-28T18:56:36.823000 | phpMyFAQ before 4.1.3 contains an insecure direct object reference vulnerability | |
| CVE-2026-45322 | 7.8 | 0.06% | 1 | 0 | 2026-05-28T18:56:36.823000 | Microsoft UFO open-source framework for intelligent automation across devices an | |
| CVE-2026-45296 | 7.7 | 0.00% | 2 | 0 | 2026-05-28T18:40:37.990000 | OpenReplay is a self-hosted session replay suite. Prior to 1.26.0, OpenReplay's | |
| CVE-2026-45374 | 9.6 | 0.00% | 2 | 0 | 2026-05-28T18:40:37.990000 | CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.26, the ta | |
| CVE-2026-45311 | 9.6 | 0.00% | 2 | 0 | 2026-05-28T18:40:37.990000 | CodeWhale is a DeepSeek + MiMo coding agent in terminal. From 0.3.0 to 0.8.23, t | |
| CVE-2026-38707 | 9.8 | 0.00% | 2 | 0 | 2026-05-28T18:30:39 | A command injection vulnerability exists in the IPSec VPN feature of InHand Netw | |
| CVE-2026-38704 | 9.8 | 0.00% | 2 | 0 | 2026-05-28T18:30:39 | A command injection vulnerability exists in the WireGuard VPN feature of InHand | |
| CVE-2026-45323 | 9.6 | 0.00% | 2 | 0 | 2026-05-28T18:16:35.300000 | MeshCore Card provides MeshCore Lovelace card for Home Assistant. Prior to 0.3.3 | |
| CVE-2023-25136 | 6.5 | 88.33% | 1 | 11 | 2026-05-28T18:16:28.073000 | OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options. | |
| CVE-2026-49238 | 8.4 | 0.00% | 2 | 0 | 2026-05-28T18:00:33.730000 | An issue was discovered in Canonical Multipass before version 1.16.3. The host-s | |
| CVE-2026-9628 | 8.8 | 0.04% | 1 | 0 | 2026-05-28T16:16:31.907000 | A weakness has been identified in UTT HiPER 1200GW up to 2.5.3-170306. Affected | |
| CVE-2026-35675 | 8.2 | 0.00% | 2 | 0 | 2026-05-28T14:20:34 | ### Summary An authentication bypass vulnerability in phpMyFAQ allows any unauth | |
| CVE-2026-45152 | 7.8 | 0.03% | 1 | 0 | 2026-05-28T14:16:22.270000 | uniget is a universal installer and updater for (container) tools. Prior to 0.27 | |
| CVE-2026-45137 | 8.2 | 0.04% | 1 | 0 | 2026-05-28T14:16:22.163000 | Anchor is a framework providing several convenient developer tools for writing S | |
| CVE-2026-44887 | 9.8 | 0.21% | 2 | 0 | 2026-05-28T14:16:21.723000 | Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to | |
| CVE-2026-44635 | 7.5 | 0.05% | 2 | 0 | 2026-05-28T14:16:20.450000 | Kysely is a type-safe TypeScript SQL query builder. From 0.26.0 to 0.28.16, Defa | |
| CVE-2026-48064 | 8.1 | 0.06% | 1 | 0 | 2026-05-28T13:57:25.390000 | pam_usb provides hardware authentication for Linux using ordinary removable medi | |
| CVE-2026-44709 | 7.8 | 0.02% | 1 | 0 | 2026-05-28T13:57:25.390000 | pam_usb provides hardware authentication for Linux using ordinary removable medi | |
| CVE-2026-9227 | 8.8 | 0.14% | 2 | 0 | 2026-05-28T13:45:25.260000 | The GutenBee – Gutenberg Blocks plugin for WordPress is vulnerable to Arbitrary | |
| CVE-2026-7862 | 8.6 | 0.04% | 2 | 0 | 2026-05-28T13:45:25.260000 | The Eupago Gateway For Woocommerce WordPress plugin before 4.7.2 does not proper | |
| CVE-2026-9009 | 8.8 | 0.24% | 2 | 0 | 2026-05-28T13:45:25.260000 | The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnera | |
| CVE-2026-4408 | 9.0 | 0.23% | 3 | 0 | 2026-05-28T09:31:27 | A flaw was found in Samba. A remote attacker can exploit a misconfiguration in S | |
| CVE-2026-6455 | 8.1 | 0.04% | 2 | 0 | 2026-05-28T09:31:26 | The WP Contact Form 7 DB Handler plugin for WordPress is vulnerable to Cross-Sit | |
| CVE-2026-7802 | 8.8 | 0.06% | 1 | 0 | 2026-05-28T06:31:16 | The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to authoriza | |
| CVE-2026-32999 | 9.0 | 0.05% | 1 | 0 | 2026-05-28T06:31:15 | Insufficient character filtering in backup agent signing module on Comet Backup | |
| CVE-2026-9789 | None | 0.02% | 1 | 0 | 2026-05-28T03:31:21 | A Local Privilege Escalation (LPE) vulnerability affects Acer NitroSense softwar | |
| CVE-2026-7374 | 9.9 | 0.11% | 1 | 0 | 2026-05-28T03:16:44.047000 | A flaw was found in KubeVirt's virt-handler component. This vulnerability allows | |
| CVE-2026-8915 | 8.8 | 0.02% | 2 | 0 | 2026-05-28T00:30:35 | Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflo | |
| CVE-2026-9739 | None | 0.02% | 1 | 0 | 2026-05-28T00:30:35 | Vulnerable to DNS rebinding attacks when using SSE (http://b/499408790). During | |
| CVE-2026-9208 | 8.8 | 0.07% | 1 | 0 | 2026-05-28T00:30:35 | Tanium addressed an unauthorized code execution vulnerability in Connect. | |
| CVE-2025-70103 | 7.3 | 0.04% | 1 | 0 | 2026-05-27T21:32:27 | Heap buffer overflow vulnerability in libjxl 0.12.0 via crafted PBM images to th | |
| CVE-2026-8359 | 7.5 | 0.05% | 1 | 0 | 2026-05-27T21:31:33 | When processing a request with a URL path starting with /status or /sysinfo, WOS | |
| CVE-2026-8362 | 9.8 | 0.04% | 1 | 0 | 2026-05-27T21:31:32 | A stack-based buffer overflow condition exists in WOSDefaultHttpModule.dll when | |
| CVE-2026-8361 | 7.5 | 0.04% | 1 | 0 | 2026-05-27T21:31:32 | A path traversal vulnerability exists in WOSDefaultHttpModule.dll when processin | |
| CVE-2026-8360 | 7.5 | 0.04% | 1 | 0 | 2026-05-27T21:31:32 | Function calls to WOSCommonUtil.dll!WOSSysInfoGetDeviceInterface() in various DL | |
| CVE-2026-8363 | 9.8 | 0.04% | 1 | 0 | 2026-05-27T21:31:32 | A stack-based buffer overflow condition exists in WOSDeviceDropFolder.dll when p | |
| CVE-2026-49017 | None | 0.04% | 1 | 0 | 2026-05-27T21:31:24 | In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite | |
| CVE-2026-8364 | 9.8 | 0.04% | 1 | 0 | 2026-05-27T21:16:19.700000 | Gladinet Triofox Cloud Server Agent Access Service (GladServerAgentService.exe) | |
| CVE-2026-45321 | 9.6 | 15.09% | 4 | 12 | 2026-05-27T20:18:55.940000 | On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions | |
| CVE-2026-48152 | 8.1 | 0.04% | 1 | 0 | 2026-05-27T20:16:40.943000 | Budibase is an open-source low-code platform. Prior to 3.39.0, the single-dataso | |
| CVE-2026-45102 | 9.9 | 0.06% | 1 | 0 | 2026-05-27T20:16:38.250000 | OneUptime is an open-source monitoring and observability platform. Prior to 10.0 | |
| CVE-2026-44724 | 7.8 | 0.05% | 1 | 0 | 2026-05-27T20:16:37.617000 | systeminformation is a System and OS information library for node.js. From 4.17. | |
| CVE-2026-44483 | 8.2 | 0.04% | 1 | 0 | 2026-05-27T20:16:37.180000 | RVF (formerly Remix Validated Form) provides easy form validation and state mana | |
| CVE-2026-42197 | 8.7 | 0.03% | 2 | 0 | 2026-05-27T20:16:36.260000 | RELATE is a web-based courseware package. Versions prior to commit 555f0efb1c5bd | |
| CVE-2025-43306 | 7.8 | 0.01% | 1 | 0 | 2026-05-27T20:02:49.877000 | A logic issue was addressed with improved checks. This issue is fixed in macOS S | |
| CVE-2026-49002 | 9.1 | 0.03% | 1 | 0 | 2026-05-27T19:59:03.360000 | Access control failure means that an application does not effectively check user | |
| CVE-2026-48153 | 8.5 | 0.03% | 1 | 0 | 2026-05-27T19:44:35.987000 | Budibase is an open-source low-code platform. Prior to 3.39.0, fetchToken in the | |
| CVE-2026-44847 | 7.5 | 0.08% | 1 | 0 | 2026-05-27T19:41:21.417000 | MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.0, MaxKB's web | |
| CVE-2026-45574 | 8.1 | 0.01% | 1 | 0 | 2026-05-27T19:41:21.417000 | epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrast | |
| CVE-2026-45659 | 8.8 | 0.62% | 5 | 2 | 2026-05-27T18:32:54.337000 | Deserialization of untrusted data in Microsoft Office SharePoint allows an autho | |
| CVE-2026-8450 | 9.1 | 0.22% | 1 | 0 | 2026-05-27T18:32:40 | HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_f | |
| CVE-2015-2808 | 10.0 | 21.39% | 1 | 0 | 2026-05-27T18:32:34 | The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not proper | |
| CVE-2026-48962 | 7.3 | 0.06% | 1 | 0 | 2026-05-27T18:31:37 | IO::Compress versions before 2.220 for Perl can execute arbitrary code in File:: | |
| CVE-2026-45047 | 7.5 | 0.08% | 2 | 0 | 2026-05-27T18:16:24.150000 | bird-lg-go is a BIRD looking glass in Go. Prior to 1.4.5, the apiHandler (and si | |
| CVE-2025-12686 | 9.8 | 0.17% | 1 | 0 | 2026-05-27T17:16:27.797000 | Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerabi | |
| CVE-2026-9170 | 7.5 | 0.05% | 1 | 0 | 2026-05-27T15:34:08 | IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8 | |
| CVE-2026-6957 | 8.0 | 0.04% | 1 | 0 | 2026-05-27T15:33:36 | Mattermost Plugins versions <=1.1.5 fail to sanitize filenames received from fed | |
| CVE-2026-7524 | 9.8 | 0.28% | 1 | 0 | 2026-05-27T15:33:32 | IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to im | |
| CVE-2026-8179 | 8.8 | 0.06% | 1 | 0 | 2026-05-27T15:33:32 | IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM A | |
| CVE-2026-8175 | 9.8 | 0.39% | 1 | 0 | 2026-05-27T15:33:31 | IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM A | |
| CVE-2025-14713 | 7.5 | 0.03% | 1 | 0 | 2026-05-27T14:54:20.160000 | An Exposed Dangerous Method or Function vulnerability in Synology C2 Identity Ed | |
| CVE-2026-42013 | 8.2 | 0.03% | 1 | 0 | 2026-05-27T14:54:20.160000 | A flaw was found in gnutls. When validating certificates, an oversized Subject A | |
| CVE-2026-7365 | 8.4 | 0.02% | 1 | 0 | 2026-05-27T14:53:51.833000 | IBM Operations Analytics - Log Analysis and IBM SmartCloud Analytics - Log Anal | |
| CVE-2026-8180 | 7.5 | 0.06% | 1 | 0 | 2026-05-27T14:53:51.833000 | IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM A | |
| CVE-2026-40826 | 4.9 | 0.03% | 2 | 0 | 2026-05-27T14:53:22.863000 | A high privileged remote attacker can exploit an unauthenticated SQL Injection v | |
| CVE-2026-40837 | 6.5 | 0.03% | 2 | 0 | 2026-05-27T14:53:22.863000 | An low privileged remote attacker can exploit an unauthenticated SQL Injection v | |
| CVE-2026-40818 | 7.5 | 0.05% | 2 | 0 | 2026-05-27T14:53:22.863000 | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection | |
| CVE-2026-40812 | 7.5 | 0.05% | 2 | 0 | 2026-05-27T14:53:22.863000 | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection | |
| CVE-2026-40824 | 5.5 | 0.03% | 2 | 0 | 2026-05-27T14:53:22.863000 | A high privileged remote attacker can exploit an unauthenticated SQL Injection v | |
| CVE-2026-40831 | 6.5 | 0.03% | 2 | 0 | 2026-05-27T14:53:22.863000 | An low privileged remote attacker can exploit an unauthenticated SQL Injection v | |
| CVE-2026-40835 | 6.5 | 0.03% | 2 | 0 | 2026-05-27T14:53:22.863000 | An low privileged remote attacker can exploit an unauthenticated SQL Injection v | |
| CVE-2026-40836 | 7.1 | 0.03% | 2 | 0 | 2026-05-27T14:53:22.863000 | An low privileged remote attacker can exploit an unauthenticated SQL Injection v | |
| CVE-2026-40827 | 5.5 | 0.03% | 2 | 0 | 2026-05-27T14:53:22.863000 | A high privileged remote attacker can exploit an unauthenticated SQL Injection v | |
| CVE-2026-40832 | 6.5 | 0.03% | 2 | 0 | 2026-05-27T14:53:22.863000 | An low privileged remote attacker can exploit an unauthenticated SQL Injection v | |
| CVE-2026-40828 | 5.5 | 0.03% | 2 | 0 | 2026-05-27T14:53:22.863000 | A high privileged remote attacker can exploit an unauthenticated SQL Injection v | |
| CVE-2026-40816 | 7.5 | 0.05% | 2 | 0 | 2026-05-27T14:53:22.863000 | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection | |
| CVE-2025-41670 | 7.8 | 0.03% | 1 | 0 | 2026-05-27T14:53:22.863000 | A local user with low privileges may be able to influence the behavior of a priv | |
| CVE-2026-48972 | 7.5 | 0.11% | 1 | 0 | 2026-05-27T14:50:47.627000 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP | |
| CVE-2026-42748 | 9.9 | 0.04% | 1 | 0 | 2026-05-27T14:50:47.627000 | Unrestricted Upload of File with Dangerous Type vulnerability in WPify WPify Woo | |
| CVE-2026-42760 | 7.5 | 0.04% | 1 | 0 | 2026-05-27T14:50:47.627000 | Authentication Bypass Using an Alternate Path or Channel vulnerability in revmak | |
| CVE-2026-42756 | 9.9 | 0.05% | 1 | 0 | 2026-05-27T14:50:47.627000 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') v | |
| CVE-2026-9632 | 8.8 | 0.04% | 1 | 0 | 2026-05-27T14:50:47.627000 | A flaw has been found in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected by | |
| CVE-2026-44905 | 7.5 | 0.03% | 1 | 0 | 2026-05-27T14:16:56.203000 | Vanetza is an open-source implementation of the ETSI C-ITS protocol suite. In 26 | |
| CVE-2026-42735 | 8.2 | 0.04% | 1 | 0 | 2026-05-27T12:31:30 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Iqonic | |
| CVE-2026-42755 | 9.3 | 0.03% | 1 | 0 | 2026-05-27T12:31:30 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2026-42747 | 9.3 | 0.03% | 1 | 0 | 2026-05-27T12:31:30 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2026-42761 | 9.3 | 0.03% | 1 | 0 | 2026-05-27T12:31:30 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2026-42758 | 9.8 | 0.04% | 1 | 0 | 2026-05-27T12:31:30 | Incorrect Privilege Assignment vulnerability in Saleswonder Team: Tobias Webinar | |
| CVE-2026-42757 | 9.9 | 0.05% | 1 | 0 | 2026-05-27T12:31:30 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') v | |
| CVE-2026-3012 | 8.0 | 0.00% | 1 | 0 | 2026-05-27T12:31:29 | A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. W | |
| CVE-2026-40849 | 6.5 | 0.03% | 2 | 0 | 2026-05-27T09:31:29 | An low privileged remote attacker can exploit an unauthenticated SQL Injection v | |
| CVE-2026-40851 | 8.4 | 0.02% | 3 | 0 | 2026-05-27T09:31:28 | A local attacker can perform a confusion attack on the cfgparser via a specially | |
| CVE-2026-40850 | 7.5 | 0.05% | 3 | 0 | 2026-05-27T09:31:28 | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection | |
| CVE-2026-40852 | 7.2 | 0.07% | 2 | 0 | 2026-05-27T09:31:28 | A highly authenticated attacker can alter the config generator injecting a paylo | |
| CVE-2026-40844 | 6.5 | 0.03% | 2 | 0 | 2026-05-27T09:31:28 | An low privileged remote attacker can exploit an unauthenticated SQL Injection v | |
| CVE-2026-40841 | 6.5 | 0.03% | 2 | 0 | 2026-05-27T09:31:28 | An low privileged remote attacker can exploit an unauthenticated SQL Injection v | |
| CVE-2026-40833 | 7.1 | 0.03% | 2 | 0 | 2026-05-27T09:31:28 | An low privileged remote attacker can exploit an unauthenticated SQL Injection v | |
| CVE-2026-40845 | 6.5 | 0.03% | 2 | 0 | 2026-05-27T09:31:28 | An low privileged remote attacker can exploit an unauthenticated SQL Injection v | |
| CVE-2026-40846 | 6.5 | 0.03% | 2 | 0 | 2026-05-27T09:31:28 | An low privileged remote attacker can exploit an unauthenticated SQL Injection v | |
| CVE-2026-40834 | 7.1 | 0.03% | 2 | 0 | 2026-05-27T09:31:28 | An low privileged remote attacker can exploit an unauthenticated SQL Injection v | |
| CVE-2026-40830 | 5.5 | 0.03% | 2 | 0 | 2026-05-27T09:31:28 | A high privileged remote attacker can exploit an unauthenticated SQL Injection v | |
| CVE-2026-40840 | 6.5 | 0.03% | 2 | 0 | 2026-05-27T09:31:28 | An low privileged remote attacker can exploit an unauthenticated SQL Injection v | |
| CVE-2026-40843 | 6.5 | 0.03% | 2 | 0 | 2026-05-27T09:31:28 | An low privileged remote attacker can exploit an unauthenticated SQL Injection v | |
| CVE-2026-40842 | 6.5 | 0.03% | 2 | 0 | 2026-05-27T09:31:28 | An low privileged remote attacker can exploit an unauthenticated SQL Injection v | |
| CVE-2026-40838 | 6.5 | 0.03% | 2 | 0 | 2026-05-27T09:31:28 | An low privileged remote attacker can exploit an unauthenticated SQL Injection v | |
| CVE-2026-40839 | 6.5 | 0.03% | 2 | 0 | 2026-05-27T09:31:28 | An low privileged remote attacker can exploit an unauthenticated SQL Injection v | |
| CVE-2026-40848 | 6.5 | 0.03% | 2 | 0 | 2026-05-27T09:31:28 | An low privileged remote attacker can exploit an unauthenticated SQL Injection v | |
| CVE-2026-40847 | 6.5 | 0.03% | 2 | 0 | 2026-05-27T09:31:28 | An low privileged remote attacker can exploit an unauthenticated SQL Injection v | |
| CVE-2025-13392 | 8.1 | 0.05% | 1 | 0 | 2026-05-27T09:31:24 | Improper check for unusual or exceptional conditions vulnerability in SSO in Syn | |
| CVE-2025-30028 | 8.6 | 0.04% | 1 | 0 | 2026-05-27T09:31:24 | A vulnerability in Active Backup for Business allows unauthorized remote attacke | |
| CVE-2026-40829 | 5.5 | 0.03% | 2 | 0 | 2026-05-27T09:31:24 | A high privileged remote attacker can exploit an unauthenticated SQL Injection v | |
| CVE-2026-40825 | 5.5 | 0.03% | 3 | 0 | 2026-05-27T09:31:23 | A high privileged remote attacker can exploit an unauthenticated SQL Injection v | |
| CVE-2026-40817 | 7.5 | 0.05% | 2 | 0 | 2026-05-27T09:31:23 | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection | |
| CVE-2026-40823 | 5.5 | 0.03% | 2 | 0 | 2026-05-27T09:31:23 | A high privileged remote attacker can exploit an unauthenticated SQL Injection v | |
| CVE-2026-40810 | 7.5 | 0.05% | 2 | 0 | 2026-05-27T09:31:23 | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection | |
| CVE-2026-40815 | 7.5 | 0.05% | 2 | 0 | 2026-05-27T09:31:23 | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection | |
| CVE-2026-40819 | 7.5 | 0.05% | 2 | 0 | 2026-05-27T09:31:23 | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection | |
| CVE-2026-40821 | 4.9 | 0.03% | 2 | 0 | 2026-05-27T09:31:23 | A high privileged remote attacker can exploit an unauthenticated SQL Injection v | |
| CVE-2026-40813 | 7.5 | 0.05% | 2 | 0 | 2026-05-27T09:31:23 | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection | |
| CVE-2026-40822 | 4.9 | 0.03% | 2 | 0 | 2026-05-27T09:31:23 | A high privileged remote attacker can exploit an unauthenticated SQL Injection v | |
| CVE-2026-40811 | 7.5 | 0.05% | 2 | 0 | 2026-05-27T09:31:22 | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection | |
| CVE-2026-40814 | 7.5 | 0.05% | 2 | 0 | 2026-05-27T09:31:22 | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection | |
| CVE-2025-41669 | 8.8 | 0.06% | 1 | 0 | 2026-05-27T09:31:22 | The Web-based Management allows a remote low privileged Engineer user to install | |
| CVE-2026-8760 | 9.8 | 0.25% | 1 | 0 | 2026-05-27T09:31:21 | The Login with OTP plugin for WordPress is vulnerable to authentication bypass i | |
| CVE-2026-5260 | 8.2 | 0.14% | 1 | 0 | 2026-05-27T06:32:38 | A flaw was found in libgnutls. A remote attacker, by sending an extremely short | |
| CVE-2026-2253 | 7.7 | 0.03% | 1 | 0 | 2026-05-27T06:31:42 | Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 an | |
| CVE-2026-9631 | 8.8 | 0.04% | 1 | 0 | 2026-05-27T03:30:37 | A vulnerability was detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affe | |
| CVE-2026-9627 | 8.8 | 0.04% | 1 | 0 | 2026-05-27T03:30:37 | A security flaw has been discovered in UTT HiPER 1200GW up to 2.5.3-170306. This | |
| CVE-2026-9207 | 8.8 | 0.07% | 1 | 0 | 2026-05-27T03:30:36 | Tanium addressed an unauthorized code execution vulnerability in Connect. | |
| CVE-2026-9312 | None | 0.05% | 1 | 0 | 2026-05-27T00:31:29 | A server-side request forgery (SSRF) vulnerability was identified in GitHub Ente | |
| CVE-2026-48172 | 9.8 | 7.96% | 5 | 3 | 2026-05-26T21:32:41 | LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possi | |
| CVE-2026-9642 | 9.8 | 0.04% | 1 | 0 | 2026-05-26T21:32:08 | There is a mitigation bypass / (incomplete fix) for CVE-2025-62582 (Unauthentica | |
| CVE-2026-8676 | 8.8 | 0.02% | 1 | 0 | 2026-05-26T21:32:07 | An attacker is able to downgrade the security of a Bluetooth LE connection by de | |
| CVE-2026-7454 | 7.8 | 0.01% | 1 | 0 | 2026-05-26T20:40:28.047000 | A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can force | |
| CVE-2026-8854 | 7.5 | 0.01% | 1 | 0 | 2026-05-26T20:27:32.703000 | IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional | |
| CVE-2026-8855 | 8.1 | 0.24% | 1 | 0 | 2026-05-26T20:25:33.130000 | IBM HTTP Server 8.5, and 9.0 is vulnerable to remote code execution and denial o | |
| CVE-2026-46368 | 8.8 | 0.06% | 1 | 0 | 2026-05-26T19:50:21.747000 | luci-app-https-dns-proxy through 2025.12.29-5 — an optional LuCI web UI add-on f | |
| CVE-2026-45247 | 9.8 | 0.10% | 1 | 0 | 2026-05-26T19:50:21.747000 | Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a | |
| CVE-2026-5426 | 9.1 | 0.07% | 3 | 1 | 2026-05-26T19:16:29.123000 | Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver de | |
| CVE-2026-8620 | 7.5 | 0.05% | 1 | 0 | 2026-05-26T19:06:14.330000 | IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8 | |
| CVE-2026-8856 | 7.7 | 0.03% | 1 | 0 | 2026-05-26T18:31:51 | IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service in configuration | |
| CVE-2026-25112 | 7.8 | 0.01% | 1 | 0 | 2026-05-26T18:31:42 | A high-severity vulnerability in the deployment of Genetec RabbitMQ that allows | |
| CVE-2026-43284 | 8.8 | 25.56% | 1 | 33 | 2026-05-26T18:16:49.533000 | In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: | |
| CVE-2026-4480 | 8.5 | 0.08% | 1 | 0 | 2026-05-26T15:32:17 | A flaw was found in the Samba printing subsystem. Samba passes the client-contro | |
| CVE-2026-48131 | 8.1 | 0.02% | 1 | 0 | 2026-05-26T15:32:16 | The VPN service may mishandle an unexpected IKE fragment value received on the I | |
| CVE-2026-9543 | 9.8 | 0.20% | 1 | 0 | 2026-05-26T15:32:16 | A vulnerability has been found in Totolink N300RH 6.1c.1353_B20190305. Affected | |
| CVE-2026-39661 | 7.5 | 0.11% | 1 | 0 | 2026-05-26T13:30:57 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP | |
| CVE-2026-25104 | 7.8 | 0.01% | 2 | 0 | 2026-05-26T13:30:56 | MediaArea MediaInfoLib LXF parsing heap-based buffer overflow vulnerability | |
| CVE-2026-45250 | 7.8 | 0.01% | 1 | 1 | 2026-05-22T03:30:26 | The setcred(2) system call is only available to privileged users. However, befo | |
| CVE-2026-9082 | 6.5 | 34.17% | 1 | 10 | template | 2026-05-20T21:32:36 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti |
| CVE-2026-41091 | 7.8 | 5.94% | 2 | 2 | 2026-05-20T19:06:36.850000 | Improper link resolution before file access ('link following') in Microsoft Defe | |
| CVE-2010-0249 | 8.8 | 88.79% | 1 | 0 | 2026-05-20T18:32:34 | Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 o | |
| CVE-2026-45498 | 4.0 | 4.11% | 1 | 1 | 2026-05-20T18:31:35 | Microsoft Defender Denial of Service Vulnerability | |
| CVE-2026-20223 | 10.0 | 0.06% | 1 | 1 | 2026-05-20T17:30:40.450000 | A vulnerability in the access validation of internal REST APIs of Cisco Sec | |
| CVE-2026-42096 | None | 0.04% | 1 | 1 | 2026-05-19T15:31:29 | Sparx Pro Cloud Server is vulnerable to Broken Access Control within communicati | |
| CVE-2026-45829 | 0 | 0.17% | 1 | 2 | 2026-05-19T14:16:46.977000 | A pre-authentication, code injection vulnerability in version 1.0.0 or later of | |
| CVE-2026-45736 | 4.4 | 0.01% | 1 | 0 | 2026-05-18T19:02:42 | ### Impact The `websocket.close()` implementation is vulnerable to uninitialize | |
| CVE-2026-45716 | 8.8 | 0.03% | 2 | 0 | 2026-05-18T17:42:25 | ## Summary The `POST /api/global/users/onboard` endpoint is protected by `works | |
| CVE-2026-45298 | 8.6 | 0.02% | 1 | 0 | 2026-05-18T16:41:41 | ## Summary In a default dozzle deploy (the documented quickstart, no `DOZZLE_AU | |
| CVE-2026-43500 | 7.8 | 27.00% | 1 | 15 | 2026-05-17T18:31:33 | In the Linux kernel, the following vulnerability has been resolved: rxrpc: Also | |
| CVE-2026-41089 | 9.8 | 0.13% | 1 | 0 | 2026-05-15T15:42:17.907000 | Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker | |
| CVE-2026-20182 | 10.0 | 77.32% | 2 | 3 | template | 2026-05-15T12:45:53.990000 | May 2026: This security advisory provides the details and fix information for a |
| CVE-2026-8398 | 9.8 | 33.02% | 2 | 0 | 2026-05-15T09:31:43 | A supply chain attack compromised the official installation packages of DAEMON T | |
| CVE-2026-42945 | 8.1 | 0.90% | 1 | 36 | 2026-05-14T21:30:40 | NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_mo | |
| CVE-2026-45083 | 9.8 | 0.04% | 1 | 0 | 2026-05-13T15:33:25 | ### Summary The Goobi viewer REST endpoint `POST /api/v1/index/stream` accepted | |
| CVE-2026-28910 | 3.3 | 0.01% | 2 | 0 | 2026-05-13T00:49:16 | This issue was addressed with improved permissions checking. This issue is fixed | |
| CVE-2016-10156 | 7.8 | 0.71% | 1 | 0 | 2026-05-13T00:24:29.033000 | A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files | |
| CVE-2026-45088 | 7.5 | 0.03% | 2 | 0 | 2026-05-12T15:08:14 | ## Summary When dalfox is run in REST API server mode, the `custom-payload-file | |
| CVE-2026-26980 | 9.4 | 56.66% | 3 | 4 | template | 2026-05-12T13:31:01 | ### Impact A SQL injection vulnerability existed in Ghost's Content API that al |
| CVE-2026-44971 | 8.2 | 0.03% | 1 | 0 | 2026-05-11T14:45:09 | # Summary The programmatic remote project scanning path rewrites attacker-contro | |
| CVE-2026-44966 | 8.3 | 0.08% | 1 | 0 | 2026-05-09T00:40:17 | ### Summary A prototype pollution vulnerability was discovered in Velocity.js <= | |
| CVE-2026-44895 | None | 0.02% | 1 | 0 | 2026-05-09T00:10:30 | ## SSE Transport Has No Authentication and Wildcard CORS, Exposing All 86 GitLab | |
| CVE-2026-44900 | 8.1 | 0.00% | 1 | 0 | 2026-05-08T23:47:13 | ### Impact In SignedPublicKeysTrustValidatorImpl.isTrusted(), the ECDSA signatur | |
| CVE-2026-44843 | 8.2 | 0.01% | 1 | 0 | 2026-05-08T23:07:34 | LangChain contains older runtime code paths that deserialize run inputs, run out | |
| CVE-2026-44327 | 10.0 | 0.04% | 1 | 0 | 2026-05-08T22:59:24 | ### Summary free5GC's NEF mounts the `nnef-oam` route group without inbound OAut | |
| CVE-2026-44326 | 9.4 | 0.04% | 1 | 0 | 2026-05-08T22:59:00 | ### Summary free5GC's NEF mounts the `3gpp-traffic-influence` API without inboun | |
| CVE-2026-41241 | 8.7 | 0.04% | 1 | 0 | 2026-04-28T19:07:37.290000 | pretalx is a conference planning tool. Prior to 2026.1.0, The organiser search i | |
| CVE-2026-40933 | 9.9 | 0.07% | 1 | 0 | 2026-04-16T21:18:18 | ### Summary Due to unsafe serialization of stdio commands in the MCP adapter, an | |
| CVE-2025-2005 | 9.8 | 2.94% | 1 | 4 | 2026-04-08T17:20:35.697000 | The Front End Users plugin for WordPress is vulnerable to arbitrary file uploads | |
| CVE-2024-23218 | 5.9 | 0.19% | 1 | 0 | 2026-04-02T21:32:39 | A timing side-channel issue was addressed with improvements to constant-time com | |
| CVE-2026-33416 | 7.5 | 0.02% | 1 | 0 | 2026-04-02T20:28:33.973000 | LIBPNG is a reference library for use in applications that read, create, and man | |
| CVE-2026-33509 | 7.5 | 0.10% | 1 | 0 | 2026-03-26T20:47:02.337000 | pyLoad is a free and open-source download manager written in Python. From versio | |
| CVE-2026-4565 | 8.8 | 0.09% | 2 | 2 | 2026-03-23T03:31:45 | A vulnerability was detected in Tenda AC21 16.03.08.16. Impacted is the function | |
| CVE-2026-3172 | 8.1 | 0.06% | 1 | 0 | 2026-02-25T21:31:25 | Buffer overflow in parallel HNSW index build in pgvector 0.6.0 through 0.8.1 all | |
| CVE-2021-4229 | 8.8 | 0.86% | 1 | 1 | 2026-02-17T21:57:43 | The npm package `ua-parser-js` had three versions published with malicious code. | |
| CVE-2025-62582 | 9.8 | 0.03% | 1 | 0 | 2026-01-20T16:58:23.900000 | Delta Electronics DIAView has multiple vulnerabilities. | |
| CVE-2017-16054 | 7.5 | 0.26% | 1 | 0 | 2024-11-21T03:15:44.050000 | `nodefabric` was a malicious module published with the intent to hijack environm | |
| CVE-2026-48027 | 0 | 26.85% | 4 | 0 | N/A | ||
| CVE-2026-47761 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-47760 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-47759 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-27771 | 0 | 0.00% | 3 | 2 | N/A | ||
| CVE-2026-48710 | 0 | 0.03% | 13 | 3 | N/A | ||
| CVE-2025-5199 | 0 | 0.04% | 1 | 0 | N/A | ||
| CVE-2026-48095 | 0 | 0.00% | 3 | 1 | N/A | ||
| CVE-2026-46402 | 0 | 0.06% | 2 | 0 | N/A | ||
| CVE-2026-44590 | 0 | 0.85% | 1 | 1 | N/A | ||
| CVE-2026-45108 | 0 | 0.07% | 1 | 0 | N/A | ||
| CVE-2026-45104 | 0 | 0.04% | 1 | 0 | N/A | ||
| CVE-2026-44888 | 0 | 0.05% | 1 | 0 | N/A | ||
| CVE-2026-46414 | 0 | 0.04% | 2 | 0 | N/A | ||
| CVE-2026-44713 | 0 | 0.02% | 1 | 0 | N/A | ||
| CVE-2026-44712 | 0 | 0.02% | 1 | 0 | N/A | ||
| CVE-2026-44711 | 0 | 0.02% | 1 | 0 | N/A | ||
| CVE-2026-46425 | 0 | 0.04% | 1 | 0 | N/A | ||
| CVE-2026-48151 | 0 | 0.03% | 1 | 0 | N/A | ||
| CVE-2026-48150 | 0 | 0.05% | 1 | 0 | N/A | ||
| CVE-2026-48149 | 0 | 0.03% | 1 | 0 | N/A | ||
| CVE-2026-41613 | 0 | 0.07% | 1 | 0 | N/A | ||
| CVE-2026-40820 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-44450 | 0 | 0.07% | 1 | 0 | N/A | ||
| CVE-2026-44449 | 0 | 0.08% | 1 | 0 | N/A | ||
| CVE-2026-43988 | 0 | 0.03% | 1 | 0 | N/A | ||
| CVE-2026-43935 | 0 | 0.13% | 1 | 0 | N/A | ||
| CVE-2026-33636 | 0 | 0.04% | 1 | 0 | N/A |
updated 2026-05-28T20:16:24.857000
2 posts
🟠 CVE-2026-45348 - High (8.7)
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the packages.js template at src/pyload/webui/app/themes/modern/templates/js/packages.js:172 interpolates a stored link URL into a template literal inside...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45348/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-45348 - High (8.7)
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the packages.js template at src/pyload/webui/app/themes/modern/templates/js/packages.js:172 interpolates a stored link URL into a template literal inside...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45348/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-28T20:16:23.810000
2 posts
🔴 CVE-2026-43898 - Critical (10)
SandboxJS is a JavaScript sandboxing library. Prior to 0.9.6, sandbox-defined functions expose Function.caller, allowing sandboxed code to recover the internal LispType.Call runtime callback. That callback can then be invoked with attacker-control...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-43898/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-43898 - Critical (10)
SandboxJS is a JavaScript sandboxing library. Prior to 0.9.6, sandbox-defined functions expose Function.caller, allowing sandboxed code to recover the internal LispType.Call runtime callback. That callback can then be invoked with attacker-control...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-43898/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-28T20:03:56.430000
1 posts
🟠 CVE-2026-25713 - High (7.8)
MediaArea MediaInfoLib ID3v2 parsing heap buffer overflow vulnerability
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25713/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-28T19:16:42.677000
2 posts
🟠 CVE-2026-4944 - High (8.8)
vllm-project/vllm version 0.14.1 contains a vulnerability where the `trust_remote_code=True` parameter is hardcoded in two model implementation files (`vllm/model_executor/models/nemotron_vl.py` and `vllm/model_executor/models/kimi_k25.py`). This ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4944/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4944 - High (8.8)
vllm-project/vllm version 0.14.1 contains a vulnerability where the `trust_remote_code=True` parameter is hardcoded in two model implementation files (`vllm/model_executor/models/nemotron_vl.py` and `vllm/model_executor/models/kimi_k25.py`). This ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4944/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-28T19:16:42.073000
2 posts
🟠 CVE-2026-47333 - High (7.8)
Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which can potentially incorrectly compute the size of an internal buffer, leading to a heap memory out-of-bounds read in notification handling code. The bug can be triggered by an unpri...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-47333/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-47333 - High (7.8)
Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which can potentially incorrectly compute the size of an internal buffer, leading to a heap memory out-of-bounds read in notification handling code. The bug can be triggered by an unpri...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-47333/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-28T19:16:41.757000
2 posts
🟠 CVE-2026-47331 - High (7.8)
Ubuntu Linux 6.8 contains AppArmor SAUCE patches which fail to acquire a lock when modifying a linked list. An unprivileged local user could trigger the race condition that can lead to a use-after-free (UAF) and, theoretically, arbitrary code exec...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-47331/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-47331 - High (7.8)
Ubuntu Linux 6.8 contains AppArmor SAUCE patches which fail to acquire a lock when modifying a linked list. An unprivileged local user could trigger the race condition that can lead to a use-after-free (UAF) and, theoretically, arbitrary code exec...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-47331/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-28T19:16:39.280000
2 posts
🟠 CVE-2026-46509 - High (8.2)
deepobj provides get, set, delete deep objects in javascript. Prior to 1.0.3, prototype pollution is possible when property paths contain __proto__/constructor/prototype. The property path must not be exposed as user input. This vulnerability is f...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-46509/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-46509 - High (8.2)
deepobj provides get, set, delete deep objects in javascript. Prior to 1.0.3, prototype pollution is possible when property paths contain __proto__/constructor/prototype. The property path must not be exposed as user input. This vulnerability is f...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-46509/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-28T19:16:39.133000
2 posts
🟠 CVE-2026-45332 - High (7.5)
Automad is a flat-file content management system and template engine. From 2.0.0-alpha.1 to 2.0.0-beta.27, a Broken Access Control vulnerability allows an unauthenticated attacker to retrieve the bcrypt password hash of every administrator account...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45332/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-45332 - High (7.5)
Automad is a flat-file content management system and template engine. From 2.0.0-alpha.1 to 2.0.0-beta.27, a Broken Access Control vulnerability allows an unauthenticated attacker to retrieve the bcrypt password hash of every administrator account...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45332/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-28T19:16:38.390000
2 posts
🔴 CVE-2026-45039 - Critical (9.8)
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the internode RPC layer authenticates every request with an HMAC-SHA256 signature using a shared secret. The function that produces this secret, get_shared_secret(...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45039/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-45039 - Critical (9.8)
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the internode RPC layer authenticates every request with an HMAC-SHA256 signature using a shared secret. The function that produces this secret, get_shared_secret(...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45039/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-28T18:56:36.823000
2 posts
🟠 CVE-2026-35671 - High (8.8)
phpMyFAQ before 4.1.3 contains an insecure direct object reference vulnerability in the admin API user password endpoint that allows authenticated administrators to change any user's password without authorization verification. An attacker with lo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35671/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-35671 - High (8.8)
phpMyFAQ before 4.1.3 contains an insecure direct object reference vulnerability in the admin API user password endpoint that allows authenticated administrators to change any user's password without authorization verification. An attacker with lo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35671/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-28T18:56:36.823000
1 posts
🟠 CVE-2026-45322 - High (7.8)
Microsoft UFO open-source framework for intelligent automation across devices and platforms. Microsoft UFO tagged releases up to and including v3.0.0 contain an OS command injection vulnerability in the shell action replay path. In affected releas...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45322/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-28T18:40:37.990000
2 posts
🟠 CVE-2026-45296 - High (7.7)
OpenReplay is a self-hosted session replay suite. Prior to 1.26.0, OpenReplay's Python API exposes several app_apikey routes that trust a caller-provided projectKey after validating only that the API key itself is valid and that the target project...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45296/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-45296 - High (7.7)
OpenReplay is a self-hosted session replay suite. Prior to 1.26.0, OpenReplay's Python API exposes several app_apikey routes that trust a caller-provided projectKey after validating only that the API key itself is valid and that the target project...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45296/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-28T18:40:37.990000
2 posts
🔴 CVE-2026-45374 - Critical (9.6)
CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.26, the task_create tool spawns durable sub-agents that inherit two insecure defaults, allow_shell defaults to true (config.rs:1499: self.allow_shell.unwrap_or(true)) and auto_a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45374/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-45374 - Critical (9.6)
CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.26, the task_create tool spawns durable sub-agents that inherit two insecure defaults, allow_shell defaults to true (config.rs:1499: self.allow_shell.unwrap_or(true)) and auto_a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45374/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-28T18:40:37.990000
2 posts
🔴 CVE-2026-45311 - Critical (9.6)
CodeWhale is a DeepSeek + MiMo coding agent in terminal. From 0.3.0 to 0.8.23, the run_tests tool executes cargo test in the workspace with ApprovalRequirement::Auto, meaning it runs without any user approval prompt. cargo test compiles and execut...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45311/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-45311 - Critical (9.6)
CodeWhale is a DeepSeek + MiMo coding agent in terminal. From 0.3.0 to 0.8.23, the run_tests tool executes cargo test in the workspace with ApprovalRequirement::Auto, meaning it runs without any user approval prompt. cargo test compiles and execut...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45311/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-28T18:30:39
2 posts
Anyone know anything about these router vulns? I'm especially interested in CVE-2026-38704, a command injection in the Wireguard function, and CVE-2026-38707, a command injection in the IPSEC function.
https://www.inhand.com/wp-content/uploads/InHand-PSA-2026-05_EN.pdf
##Anyone know anything about these router vulns? I'm especially interested in CVE-2026-38704, a command injection in the Wireguard function, and CVE-2026-38707, a command injection in the IPSEC function.
https://www.inhand.com/wp-content/uploads/InHand-PSA-2026-05_EN.pdf
##updated 2026-05-28T18:30:39
2 posts
Anyone know anything about these router vulns? I'm especially interested in CVE-2026-38704, a command injection in the Wireguard function, and CVE-2026-38707, a command injection in the IPSEC function.
https://www.inhand.com/wp-content/uploads/InHand-PSA-2026-05_EN.pdf
##Anyone know anything about these router vulns? I'm especially interested in CVE-2026-38704, a command injection in the Wireguard function, and CVE-2026-38707, a command injection in the IPSEC function.
https://www.inhand.com/wp-content/uploads/InHand-PSA-2026-05_EN.pdf
##updated 2026-05-28T18:16:35.300000
2 posts
🔴 CVE-2026-45323 - Critical (9.6)
MeshCore Card provides MeshCore Lovelace card for Home Assistant. Prior to 0.3.3, Meshcore node names are rendered without HTML escaping in meshcore-card, allowing any node within direct or indirect (repeated) radio range to execute arbitrary java...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45323/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-45323 - Critical (9.6)
MeshCore Card provides MeshCore Lovelace card for Home Assistant. Prior to 0.3.3, Meshcore node names are rendered without HTML escaping in meshcore-card, allowing any node within direct or indirect (repeated) radio range to execute arbitrary java...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45323/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-28T18:16:28.073000
1 posts
11 repos
https://github.com/jfrog/jfrog-CVE-2023-25136-OpenSSH_Double-Free
https://github.com/adhikara13/CVE-2023-25136
https://github.com/nhakobyan685/CVE-2023-25136
https://github.com/malvika-thakur/CVE-2023-25136
https://github.com/axylisdead/CVE-2023-25136_POC
https://github.com/H4K6/CVE-2023-25136
https://github.com/ticofookfook/CVE-2023-25136
https://github.com/Christbowel/CVE-2023-25136
https://github.com/Lane0218/CVE-2023-25136-PoC
my approach to finding security bugs:
me in 2017: "hmm the directory is world-writable, and the sticky bit looks ugly in my colorized ls, I'll send a patch"
someone on IRC a week later: "hey you're named in CVE-2016-10156"
me in 2023: "ugh OpenSSH crashes when I'm connecting from my retro Win98 VM"
someone on IRC a week later: "hey did you know you're in CVE-2023-25136"
updated 2026-05-28T18:00:33.730000
2 posts
🟠 CVE-2026-49238 - High (8.4)
An issue was discovered in Canonical Multipass before version 1.16.3. The host-side SFTP server component (sshfs_server), which executes with root privileges on the host, contains a path containment bypass vulnerability within its validate_path fu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-49238/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-49238 - High (8.4)
An issue was discovered in Canonical Multipass before version 1.16.3. The host-side SFTP server component (sshfs_server), which executes with root privileges on the host, contains a path containment bypass vulnerability within its validate_path fu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-49238/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-28T16:16:31.907000
1 posts
🟠 CVE-2026-9628 - High (8.8)
A weakness has been identified in UTT HiPER 1200GW up to 2.5.3-170306. Affected is an unknown function of the file /goform/formPptpClientConfig of the component Web Management Interface. This manipulation of the argument PPTP server address/userna...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-9628/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-28T14:20:34
2 posts
🟠 CVE-2026-35675 - High (8.2)
phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in the password reset endpoint that allows unauthenticated attackers to reset any user account password without token verification or email confirmation. Attackers can enumerate...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35675/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-35675 - High (8.2)
phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in the password reset endpoint that allows unauthenticated attackers to reset any user account password without token verification or email confirmation. Attackers can enumerate...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35675/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-28T14:16:22.270000
1 posts
🟠 CVE-2026-45152 - High (7.8)
uniget is a universal installer and updater for (container) tools. Prior to 0.27.1, a command injection vulnerability exists in uniget due to unsafe execution of the check field from metadata files using /bin/bash -c. Because the check field is lo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45152/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-28T14:16:22.163000
1 posts
🟠 CVE-2026-45137 - High (8.2)
Anchor is a framework providing several convenient developer tools for writing Solana programs. From 1.0.0 to before 1.0.2, an logic error causes anchor programs to accept any program id when requiring the system program id, causing false assumpti...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45137/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-28T14:16:21.723000
2 posts
🔴 CVE-2026-44887 - Critical (9.8)
Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's web-based configuration editor allows arbitrary Python code to be injected into pialert.conf. Since the background scan daemon loads this file ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44887/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-44887 - Critical (9.8)
Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's web-based configuration editor allows arbitrary Python code to be injected into pialert.conf. Since the background scan daemon loads this file ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44887/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-28T14:16:20.450000
2 posts
🟠 CVE-2026-44635 - High (7.5)
Kysely is a type-safe TypeScript SQL query builder. From 0.26.0 to 0.28.16, DefaultQueryCompiler.visitJSONPathLeg does not escape JSON-path metacharacters (., [, ], *, **, ?). When attacker-controlled input flows into eb.ref(col, '->$').key(input)...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44635/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-44635 - High (7.5)
Kysely is a type-safe TypeScript SQL query builder. From 0.26.0 to 0.28.16, DefaultQueryCompiler.visitJSONPathLeg does not escape JSON-path metacharacters (., [, ], *, **, ?). When attacker-controlled input flows into eb.ref(col, '->$').key(input)...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44635/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-28T13:57:25.390000
1 posts
🟠 CVE-2026-48064 - High (8.1)
pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, when a PAM service is configured with deny_remote=false in pam_usb (commonly done for display managers such as gdm-password or lightdm to bypass pro...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-48064/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-28T13:57:25.390000
1 posts
🟠 CVE-2026-44709 - High (7.8)
pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, pamusb-pinentry reads the PINENTRY_FALLBACK_APP environment variable and executes it directly without any validation. Any process that can set envir...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44709/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-28T13:45:25.260000
2 posts
🟠 CVE-2026-9227 - High (8.8)
The GutenBee – Gutenberg Blocks plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.20.1 via the gutenbee_file_and_ext_json function. This is due to a flawed strpos() substring check that only veri...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-9227/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-9227 - High (8.8)
The GutenBee – Gutenberg Blocks plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.20.1 via the gutenbee_file_and_ext_json function. This is due to a flawed strpos() substring check that only veri...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-9227/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-28T13:45:25.260000
2 posts
🟠 CVE-2026-7862 - High (8.6)
The Eupago Gateway For Woocommerce WordPress plugin before 4.7.2 does not properly restrict access to its refund request handler, allowing unauthenticated attackers to initiate refunds against any WooCommerce order using the merchant's payment gat...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7862/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-7862 - High (8.6)
The Eupago Gateway For Woocommerce WordPress plugin before 4.7.2 does not properly restrict access to its refund request handler, allowing unauthenticated attackers to initiate refunds against any WooCommerce order using the merchant's payment gat...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7862/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-28T13:45:25.260000
2 posts
⚠️ CVE-2026-9009 (HIGH): Crawlomatic Multipage Scraper Post Generator for WordPress lets author+ users trigger arbitrary PHP code via unsafe shortcodes. No patch yet — restrict author access & consider disabling plugin. Details: https://radar.offseq.com/threat/cve-2026-9009-cwe-434-unrestricted-upload-of-file--9027f144 #OffSeq #WordPress #Vuln
##🟠 CVE-2026-9009 - High (8.8)
The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.7.2 via the filter_content function. This is due to passing the attacker-supplied 'callback_raw' s...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-9009/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-28T09:31:27
3 posts
🔴 CVE-2026-4408 - Critical (9)
A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the cli...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4408/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-4408 - Critical (9)
A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the cli...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4408/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CRITICAL: CVE-2026-4408 in Red Hat Enterprise Linux 10 via Samba misconfig enables remote command execution if "check password script" uses %u. Audit your configs now! Details: https://radar.offseq.com/threat/cve-2026-4408-improper-neutralization-of-special-e-ffcecb34 #OffSeq #Linux #Samba #Infosec
##updated 2026-05-28T09:31:26
2 posts
🟠 CVE-2026-6455 - High (8.1)
The WP Contact Form 7 DB Handler plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Arbitrary File Deletion via SQL Injection and PHP Object Injection in versions up to and including 3.0. This is due to a missing nonce ver...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6455/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-6455 - High (8.1)
The WP Contact Form 7 DB Handler plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Arbitrary File Deletion via SQL Injection and PHP Object Injection in versions up to and including 3.0. This is due to a missing nonce ver...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6455/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-28T06:31:16
1 posts
🟠 CVE-2026-7802 - High (8.8)
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.29.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes i...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7802/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-28T06:31:15
1 posts
🔴 CVE-2026-32999 - Critical (9)
Insufficient character filtering in backup agent signing module on Comet Backup server allows authenticated tenant administrator to execute an arbitrary code on behalf of a privileged user on the affected server and connected devices.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32999/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-28T03:31:21
1 posts
🛡️ CVE-2026-9789 (HIGH, CVSS 8.5): Acer NitroSense V3 (≤3.01.3001) local users can delete arbitrary files via PSAdminAgent's weak pipe ACL. No patch yet — restrict access, monitor activity. More: https://radar.offseq.com/threat/cve-2026-9789-cwe-22-improper-limitation-of-a-path-0de6487d #OffSeq #Vuln #Acer #PrivilegeEscalation
##updated 2026-05-28T03:16:44.047000
1 posts
🔴 CVE-2026-7374 - Critical (9.9)
A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when connecting to virtual machine console sockets....
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7374/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-28T00:30:35
2 posts
🟠 CVE-2026-8915 - High (8.8)
Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers.
This issue affects Escargot: 36f5fb58366a67b713c02f6fd985e924fcc09e31.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-8915/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔔 CVE-2026-8915 (HIGH): Out-of-bounds write in Samsung Open Source Escargot (commit 36f5fb58...) enables buffer overflow risks — system compromise possible. No patch yet; monitor advisories & restrict access. https://radar.offseq.com/threat/cve-2026-8915-cwe-787-out-of-bounds-write-in-samsu-8e102c1a #OffSeq #Vulnerability #Escargot
##updated 2026-05-28T00:30:35
1 posts
🚨 CRITICAL: CVE-2026-9739 in Google MCP Toolbox for Databases (CVSS 9.4) allows DNS rebinding via a permissive cross-domain policy in SSE. No patch yet — restrict untrusted domains & monitor advisories. https://radar.offseq.com/threat/cve-2026-9739-cwe-942-permissive-cross-domain-poli-e5d6e88a #OffSeq #CVE #Infosec #Google
##updated 2026-05-28T00:30:35
1 posts
🟠 CVE-2026-9208 - High (8.8)
Tanium addressed an unauthorized code execution vulnerability in Connect.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-9208/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-27T21:32:27
1 posts
Security Advisory: CVE-2025-70103 - Heap-Based Buffer Overflow in libjxl / cjxl
A heap-based buffer overflow vulnerability was identified in JPEG XL libjxl when processing crafted PBM/PNM images.
Summary:
The vulnerability exists in `jxl::extras::DecodeImagePNM()` in `lib/extras/dec/pnm.cc`. When processing a specially crafted PBM/PNM image, insufficient validation of buffer sizes before memory copy operations may cause `memcpy()` to write past the end of an allocated heap buffer.
The issue was observed as a WRITE of 24 bytes at the end of a 16-byte heap region.
CWE:
CWE-122 - Heap-based Buffer Overflow
CWE-787 - Out-of-bounds Write
Affected product:
JPEG XL / libjxl
Affected component:
`lib/extras/dec/pnm.cc`
Function: `jxl::extras::DecodeImagePNM()`
Affected line: `pnm.cc:554`
Affected version:
The issue was reproduced in `cjxl v0.12.0` at commit `24357f189c233c03fb46368a142a0b2c1a949f9d`.
Attack conditions:
Exploitation requires the vulnerable application or library consumer to process a crafted PBM/PNM image. This can be triggered locally via `cjxl` or through software that exposes the `DecodeImagePNM` decoding path to attacker-controlled input.
Example reproduction command:
`./cjxl ./2_PBM_lib_extras_dec_pnm_cc_554 --disable_output`
Impact:
Successful exploitation may cause memory corruption and process termination. The confirmed impact is denial of service (DoS) due to a crash during image processing. No evidence of reliable arbitrary code execution has been identified.
Fix / mitigation status:
The upstream issue is closed. A mitigation/fix proposal was provided in PR `#4338`, adding additional buffer-size, row-boundary, pixel-size, offset, and extra-channel checks. Users are advised to update to a libjxl build that contains the relevant fix once available, or review and apply the mitigation from PR `#4338` where appropriate.
References:
Issue:
https://github.com/libjxl/libjxl/issues/4337
Fix / mitigation PR:
https://github.com/libjxl/libjxl/pull/4338
https://github.com/libjxl/libjxl/commit/49fb89f23473e57fa1dac416adce7c7679e5d051
PoC:
https://github.com/sigdevel/pocs/blob/main/res/libjxl/2025/2/2_PBM_lib_extras_dec_pnm_cc_554
Credit:
@sigdevel
https://www.cve.org/CVERecord?id=CVE-2025-70103
#fuzzing #infosec #security #afl #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory
##updated 2026-05-27T21:31:33
1 posts
🟠 CVE-2026-8359 - High (7.5)
When processing a request with a URL path starting with /status or /sysinfo, WOSHttpStatusModule.dll is to be loaded to handle such URL patterns. The WOSBin_LoadHttpModule function in the dll would be called to set up a "module" object for that mo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-8359/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-27T21:31:32
1 posts
🔴 CVE-2026-8362 - Critical (9.8)
A stack-based buffer overflow condition exists in WOSDefaultHttpModule.dll when processing a long URL path starting with /woshome
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-8362/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-27T21:31:32
1 posts
🟠 CVE-2026-8361 - High (7.5)
A path traversal vulnerability exists in WOSDefaultHttpModule.dll when processing a URL path starting with /woshome
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-8361/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-27T21:31:32
1 posts
🟠 CVE-2026-8360 - High (7.5)
Function calls to WOSCommonUtil.dll!WOSSysInfoGetDeviceInterface() in various DLLs (i.e., WOSProfileMgrModule.dll, WOSWebDavModule.dll) can return a NULL pointer (i.e., when no user is logged into the Triofox Server Agent Management Console). The...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-8360/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-27T21:31:32
1 posts
🔴 CVE-2026-8363 - Critical (9.8)
A stack-based buffer overflow condition exists in WOSDeviceDropFolder.dll when processing a long URL path starting with /resources:
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-8363/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-27T21:31:24
1 posts
CVE-2026-49017: HIGH-severity in OpenStack Swift 2.36.0 & 2.37.0. Infinite loop in s3api lets authenticated attackers exhaust proxy workers → DoS risk. Patch to 2.36.2 or 2.37.2+ now! 🔄 https://radar.offseq.com/threat/cve-2026-49017-cwe-835-loop-with-unreachable-exit--0557d1bf #OffSeq #OpenStack #Vuln #DoS
##updated 2026-05-27T21:16:19.700000
1 posts
🔴 CVE-2026-8364 - Critical (9.8)
Gladinet Triofox Cloud Server Agent Access Service (GladServerAgentService.exe) listens on TCP port 7878 and processes remote HTTP messages with URL paths starting with /resources, /status, /sysinfo, /woshome, /Settings, /schedule, or /DavCache.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-8364/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-27T20:18:55.940000
4 posts
12 repos
https://github.com/Yomisana/are-you-get-tanstack-attack
https://github.com/digi4care/shai-scan
https://github.com/prashanthnataraj/mini-shai-hulud-detector
https://github.com/Breakingcircuitsllc/teampcp_shai_hulud.yar
https://github.com/Intrudify/mini-shai-hulud-scanner
https://github.com/ry-allan/tanstack-compromise-checker
https://github.com/renewablehacking/CVE-2026-45321-Tanstack
https://github.com/qi-scape/scan-shai-hulud
https://github.com/fabriziosalmi/tanstack-compromise-checker
https://github.com/Caixa-git/tanstack-shield
CVE-2026-45321 - Changed to Known Ransomware Status
TanStack Unspecified VulnerabilityVendor: TanStackProduct: TanStackTanStack contains an unspecified vulnerability that allowed malicious versions of the product to be published to the npm registry to publish credential-stealing malware under a trusted identity.Status changed from Unknown to Known for ransomware campaign usage.Flip detected on: May 28, 2026 at 18:00:35 UTCDate Added to KEV: https://nvd.nist.gov/vuln/detail/CVE-2026-45321
##CVE-2026-45321 - Changed to Known Ransomware Status
TanStack Unspecified VulnerabilityVendor: TanStackProduct: TanStackTanStack contains an unspecified vulnerability that allowed malicious versions of the product to be published to the npm registry to publish credential-stealing malware under a trusted identity.Status changed from Unknown to Known for ransomware campaign usage.Flip detected on: May 28, 2026 at 18:00:35 UTCDate Added to KEV: https://nvd.nist.gov/vuln/detail/CVE-2026-45321
##🚨 [CISA-2026:0527] CISA Adds 3 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0527)
CISA has added 3 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2026-45321 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-45321)
- Name: TanStack Unspecified Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: TanStack
- Product: TanStack
- Notes: This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://github.com/TanStack/router/security/advisories/GHSA-g7cv-rxg3-hmpx ; https://nvd.nist.gov/vuln/detail/CVE-2026-45321
⚠️ CVE-2026-48027 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-48027)
- Name: Nx Console Embedded Malicious Code Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Nx
- Product: Nx Console
- Notes: This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://github.com/nrwl/nx-console/security/advisories/GHSA-c9j4-9m59-847w ; https://nvd.nist.gov/vuln/detail/CVE-2026-48027
⚠️ CVE-2026-8398 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-8398)
- Name: Daemon Tools Lite Embedded Malicious Code Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Daemon
- Product: Daemon Tools Lite
- Notes: https://blog.daemon-tools.cc/post/security-incident ; https://nvd.nist.gov/vuln/detail/CVE-2026-8398
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260527 #cisa20260527 #cve_2026_45321 #cve_2026_48027 #cve_2026_8398 #cve202645321 #cve202648027 #cve20268398
##CVE ID: CVE-2026-45321
Vendor: TanStack
Product: TanStack
Date Added: 2026-05-27
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-45321
updated 2026-05-27T20:16:40.943000
1 posts
🟠 CVE-2026-48152 - High (8.1)
Budibase is an open-source low-code platform. Prior to 3.39.0, the single-datasource GET and PUT routes are guarded by generic TABLE READ, not by Builder/Admin permission or datasource-specific ownership/resource checks. The built-in Basic app use...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-48152/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-27T20:16:38.250000
1 posts
🔴 CVE-2026-45102 - Critical (9.9)
OneUptime is an open-source monitoring and observability platform. Prior to 10.0.98, OneUptime uses the Node.js' vm module as an isolation primitive. This API was not designed for that and can be escaped via error objects and infinite recursion. T...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45102/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-27T20:16:37.617000
1 posts
🟠 CVE-2026-44724 - High (7.8)
systeminformation is a System and OS information library for node.js. From 4.17.0 to 5.31.5, on Linux, systeminformation is vulnerable to command injection in networkInterfaces() when an active NetworkManager connection profile name contains shell...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44724/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-27T20:16:37.180000
1 posts
🟠 CVE-2026-44483 - High (8.2)
RVF (formerly Remix Validated Form) provides easy form validation and state management for React. From 6.0.0 to before 6.0.4 and 7.0.2, setPath in @Rvf/set-get (used by @Rvf/core to flatten incoming form data into a nested object) does not block t...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44483/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-27T20:16:36.260000
2 posts
🟠 CVE-2026-42197 - High (8.7)
RELATE is a web-based courseware package. Versions prior to commit 555f0efb1c5bd7531c07cd73724d7e566a81f620 have a stored cross-site scripting vulnerability that allows any enrolled student to execute arbitrary JavaScript in an administrator's bro...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42197/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-42197 - High (8.7)
RELATE is a web-based courseware package. Versions prior to commit 555f0efb1c5bd7531c07cd73724d7e566a81f620 have a stored cross-site scripting vulnerability that allows any enrolled student to execute arbitrary JavaScript in an administrator's bro...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42197/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-27T20:02:49.877000
1 posts
🟠 CVE-2025-43306 - High (7.8)
A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. A malicious app may be able to gain root privileges.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-43306/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-27T19:59:03.360000
1 posts
🔴 CVE-2026-49002 - Critical (9.1)
Access control failure means that an application does not effectively check user access permissions, so that unauthorized users can access system data beyond their permissions, such as viewing and modifying configuration information.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-49002/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-27T19:44:35.987000
1 posts
🟠 CVE-2026-48153 - High (8.5)
Budibase is an open-source low-code platform. Prior to 3.39.0, fetchToken in the OAuth2 SDK makes a POST to a builder-supplied URL with plain node-fetch, skipping the blacklist.isBlacklisted check that every other outbound fetch path in the codeba...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-48153/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-27T19:41:21.417000
1 posts
🟠 CVE-2026-44847 - High (7.5)
MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.0, MaxKB's webhook trigger endpoint (/api/trigger/v1/webhook/{trigger_id}) is accessible without authentication. The WebhookAuth class unconditionally returns (None, {}), which Djan...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44847/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-27T19:41:21.417000
1 posts
🟠 CVE-2026-45574 - High (8.1)
epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker on the network path between the ePA service and the Konnektor can present any TLS certificate (self-signed, expired, wrong CN) and ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45574/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-27T18:32:54.337000
5 posts
2 repos
https://github.com/mistbarbarianspot/CVE-2026-45659-SharePoint-RCE
⚪️ Microsoft Fixes RCE Vulnerability in SharePoint
🗨️ Microsoft engineers have released out-of-band patches for an RCE vulnerability in SharePoint Server (CVE-2026-45659). The issue has a CVSS score of 8.8 and affects SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016. Exploiting it only requires…
##⚪️ Microsoft Fixes RCE Vulnerability in SharePoint
🗨️ Microsoft engineers have released out-of-band patches for an RCE vulnerability in SharePoint Server (CVE-2026-45659). The issue has a CVSS score of 8.8 and affects SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016. Exploiting it only requires…
##Global tensions escalate with US strikes on Iran and Israeli actions in Lebanon (May 27). Tech sees an AI boom boosting chip stocks, with China restricting AI talent travel. Cybersecurity highlights: FBI warns on "First VPN Service" enabling ransomware (May 27), and Microsoft patched a critical SharePoint RCE vulnerability (CVE-2026-45659).
##Microsoft Patches High-Severity SharePoint RCE Vulnerability CVE-2026-45659
Microsoft patched a high-severity remote code execution vulnerability (CVE-2026-45659) in SharePoint that allows authenticated attackers with low-level permissions to execute arbitrary code via untrusted data deserialization.
**If you run SharePoint on-premise (Subscription Edition, 2019, or 2016), apply Microsoft's patch for CVE-2026-45659 asap, since even low-level Site Member accounts can trigger remote code execution.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/microsoft-patches-high-severity-sharepoint-rce-vulnerability-cve-2026-45659-i-3-f-p-1/gD2P6Ple2L
Faille RCE dans SharePoint : Microsoft publie un patch pour la CVE-2026-45659 https://www.it-connect.fr/faille-rce-sharepoint-patch-cve-2026-45659/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #SharePoint #Microsoft
##updated 2026-05-27T18:32:40
1 posts
🚨 CVE-2026-8450 (CRITICAL): OALDERS HTTP::Daemon <6.17 has OS command injection via send_file(). Attackers can run commands, leak data, & manipulate files. Avoid untrusted input and monitor for patches. https://radar.offseq.com/threat/cve-2026-8450-cwe-78-improper-neutralization-of-sp-75c93cb2 #OffSeq #CVE20268450 #infosec
##updated 2026-05-27T18:32:34
1 posts
RE: https://infosec.exchange/@perfect10_bot/116647910574183905
So CVE-2015-2808 (RC4 weaknesses in TLS) got bumped to 10.0 today due to CISA enrichment...
##updated 2026-05-27T18:31:37
1 posts
⚠️ HIGH severity: CVE-2026-48962 in PMQS IO::Compress (Perl <2.220) enables eval injection via crafted glob strings. Arbitrary Perl code may execute with process privileges. Restrict untrusted input & monitor for patches. https://radar.offseq.com/threat/cve-2026-48962-cwe-95-improper-neutralization-of-d-a4f0eb17 #OffSeq #Vuln #Perl #Infosec
##updated 2026-05-27T18:16:24.150000
2 posts
🟠 CVE-2026-45047 - High (7.5)
bird-lg-go is a BIRD looking glass in Go. Prior to 1.4.5, the apiHandler (and similarly webHandlerTelegramBot) processes user-provided JSON payloads by directly using json.NewDecoder(r.Body).Decode(&request) without restricting the maximum read si...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45047/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-45047 - High (7.5)
bird-lg-go is a BIRD looking glass in Go. Prior to 1.4.5, the apiHandler (and similarly webHandlerTelegramBot) processes user-provided JSON payloads by directly using json.NewDecoder(r.Body).Decode(&request) without restricting the maximum read si...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45047/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-27T17:16:27.797000
1 posts
🔴 CVE-2025-12686 - Critical (9.8)
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in AdminCenter in Synology BeeStation Manager (BSM) before 1.3.2-65648 and Synology BeeStation OS before 1.3.2-65648 allows remote attackers to execute arbitrary ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-12686/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-27T15:34:08
1 posts
🟠 CVE-2026-9170 - High (7.5)
IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to denial of service and a potential remote code execution due to impr...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-9170/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-27T15:33:36
1 posts
🟠 CVE-2026-6957 - High (8)
Mattermost Plugins versions <=1.1.5 fail to sanitize filenames received from federated peers before using them to construct export destination paths, which allows an administrator of a remote federated Mattermost server to write files to arbitr...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6957/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-27T15:33:32
1 posts
🔴 CVE-2026-7524 - Critical (9.8)
IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to improper validation of symbolic links during archive extraction.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7524/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-27T15:33:32
1 posts
🟠 CVE-2026-8179 - High (8.8)
IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a buffer overflow in the asperahttpd compon...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-8179/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-27T15:33:31
1 posts
🔴 CVE-2026-8175 - Critical (9.8)
IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a buffer overflow in the asperahttpd compon...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-8175/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-27T14:54:20.160000
1 posts
🟠 CVE-2025-14713 - High (7.5)
An Exposed Dangerous Method or Function vulnerability in Synology C2 Identity Edge Server package in DSM before 1.76.0-0307 allows remote attackers to obtain user credentials from the edge server.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-14713/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-27T14:54:20.160000
1 posts
🟠 CVE-2026-42013 - High (8.2)
A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name (SAN) could cause the validation process to incorrectly fall back to checking the Common Name (CN) field. This could allow a remote attacker to bypass ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42013/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-27T14:53:51.833000
1 posts
🟠 CVE-2026-7365 - High (8.4)
IBM Operations Analytics - Log Analysis and IBM SmartCloud Analytics - Log Analysis uses default passwords default passwords from the manufacturing process for use during the installation process, which could allow an attacker to bypass authenti...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7365/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-27T14:53:51.833000
1 posts
🟠 CVE-2026-8180 - High (7.5)
IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential denial of service in the aspera...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-8180/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-27T14:53:22.863000
2 posts
#OT #Advisory VDE-2026-058
Helmholz: Multiple SQLi vulnerabilities in myREX24V2/myREX24V2.virtual
Multiple SQLi vulnerabilities have been discovered in Helmholz myREX24V2/myREX24V2.virtual
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-058/
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-058.json
###OT #Advisory VDE-2026-044
MB connect line: Multiple SQLi vulnerabilities in mbCONNECT24/mymbCONNECT24
Multiple SQLi vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24.
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-044/
#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-044.json
##updated 2026-05-27T14:53:22.863000
2 posts
#OT #Advisory VDE-2026-058
Helmholz: Multiple SQLi vulnerabilities in myREX24V2/myREX24V2.virtual
Multiple SQLi vulnerabilities have been discovered in Helmholz myREX24V2/myREX24V2.virtual
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-058/
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-058.json
###OT #Advisory VDE-2026-044
MB connect line: Multiple SQLi vulnerabilities in mbCONNECT24/mymbCONNECT24
Multiple SQLi vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24.
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-044/
#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-044.json
##updated 2026-05-27T14:53:22.863000
2 posts
#OT #Advisory VDE-2026-058
Helmholz: Multiple SQLi vulnerabilities in myREX24V2/myREX24V2.virtual
Multiple SQLi vulnerabilities have been discovered in Helmholz myREX24V2/myREX24V2.virtual
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-058/
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-058.json
###OT #Advisory VDE-2026-044
MB connect line: Multiple SQLi vulnerabilities in mbCONNECT24/mymbCONNECT24
Multiple SQLi vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24.
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-044/
#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-044.json
##updated 2026-05-27T14:53:22.863000
2 posts
#OT #Advisory VDE-2026-058
Helmholz: Multiple SQLi vulnerabilities in myREX24V2/myREX24V2.virtual
Multiple SQLi vulnerabilities have been discovered in Helmholz myREX24V2/myREX24V2.virtual
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-058/
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-058.json
###OT #Advisory VDE-2026-044
MB connect line: Multiple SQLi vulnerabilities in mbCONNECT24/mymbCONNECT24
Multiple SQLi vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24.
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-044/
#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-044.json
##updated 2026-05-27T14:53:22.863000
2 posts
#OT #Advisory VDE-2026-058
Helmholz: Multiple SQLi vulnerabilities in myREX24V2/myREX24V2.virtual
Multiple SQLi vulnerabilities have been discovered in Helmholz myREX24V2/myREX24V2.virtual
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-058/
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-058.json
###OT #Advisory VDE-2026-044
MB connect line: Multiple SQLi vulnerabilities in mbCONNECT24/mymbCONNECT24
Multiple SQLi vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24.
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-044/
#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-044.json
##updated 2026-05-27T14:53:22.863000
2 posts
#OT #Advisory VDE-2026-058
Helmholz: Multiple SQLi vulnerabilities in myREX24V2/myREX24V2.virtual
Multiple SQLi vulnerabilities have been discovered in Helmholz myREX24V2/myREX24V2.virtual
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-058/
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-058.json
###OT #Advisory VDE-2026-044
MB connect line: Multiple SQLi vulnerabilities in mbCONNECT24/mymbCONNECT24
Multiple SQLi vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24.
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-044/
#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-044.json
##updated 2026-05-27T14:53:22.863000
2 posts
#OT #Advisory VDE-2026-058
Helmholz: Multiple SQLi vulnerabilities in myREX24V2/myREX24V2.virtual
Multiple SQLi vulnerabilities have been discovered in Helmholz myREX24V2/myREX24V2.virtual
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-058/
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-058.json
###OT #Advisory VDE-2026-044
MB connect line: Multiple SQLi vulnerabilities in mbCONNECT24/mymbCONNECT24
Multiple SQLi vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24.
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-044/
#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-044.json
##updated 2026-05-27T14:53:22.863000
2 posts
#OT #Advisory VDE-2026-058
Helmholz: Multiple SQLi vulnerabilities in myREX24V2/myREX24V2.virtual
Multiple SQLi vulnerabilities have been discovered in Helmholz myREX24V2/myREX24V2.virtual
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-058/
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-058.json
###OT #Advisory VDE-2026-044
MB connect line: Multiple SQLi vulnerabilities in mbCONNECT24/mymbCONNECT24
Multiple SQLi vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24.
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-044/
#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-044.json
##updated 2026-05-27T14:53:22.863000
2 posts
#OT #Advisory VDE-2026-058
Helmholz: Multiple SQLi vulnerabilities in myREX24V2/myREX24V2.virtual
Multiple SQLi vulnerabilities have been discovered in Helmholz myREX24V2/myREX24V2.virtual
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-058/
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-058.json
###OT #Advisory VDE-2026-044
MB connect line: Multiple SQLi vulnerabilities in mbCONNECT24/mymbCONNECT24
Multiple SQLi vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24.
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-044/
#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-044.json
##updated 2026-05-27T14:53:22.863000
2 posts
#OT #Advisory VDE-2026-058
Helmholz: Multiple SQLi vulnerabilities in myREX24V2/myREX24V2.virtual
Multiple SQLi vulnerabilities have been discovered in Helmholz myREX24V2/myREX24V2.virtual
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-058/
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-058.json
###OT #Advisory VDE-2026-044
MB connect line: Multiple SQLi vulnerabilities in mbCONNECT24/mymbCONNECT24
Multiple SQLi vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24.
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-044/
#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-044.json
##updated 2026-05-27T14:53:22.863000
2 posts
#OT #Advisory VDE-2026-058
Helmholz: Multiple SQLi vulnerabilities in myREX24V2/myREX24V2.virtual
Multiple SQLi vulnerabilities have been discovered in Helmholz myREX24V2/myREX24V2.virtual
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-058/
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-058.json
###OT #Advisory VDE-2026-044
MB connect line: Multiple SQLi vulnerabilities in mbCONNECT24/mymbCONNECT24
Multiple SQLi vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24.
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-044/
#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-044.json
##updated 2026-05-27T14:53:22.863000
2 posts
#OT #Advisory VDE-2026-058
Helmholz: Multiple SQLi vulnerabilities in myREX24V2/myREX24V2.virtual
Multiple SQLi vulnerabilities have been discovered in Helmholz myREX24V2/myREX24V2.virtual
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-058/
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-058.json
###OT #Advisory VDE-2026-044
MB connect line: Multiple SQLi vulnerabilities in mbCONNECT24/mymbCONNECT24
Multiple SQLi vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24.
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-044/
#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-044.json
##updated 2026-05-27T14:53:22.863000
1 posts
#OT #Advisory VDE-2026-050
Phoenix Contact: PLCnext Firmware Security Issues Related to APPs and Configuration Files
This advisory addresses security issues in PLCnext firmware versions prior to 2026.0.3 that are related to APP handling and the processing of configuration files. The identified vulnerabilities affect APP installation authenticity as well as the handling of configuration data in writable directories. Successful exploitation may allow authenticated attackers with different privilege levels to compromise integrity, availability, and system security of affected PLCnext Control. Both issues are resolved starting with PLCnext firmware version 2026.0.3.
#CVE CVE-2025-41669, CVE-2025-41670
https://certvde.com/en/advisories/vde-2026-050/
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-050.json
##updated 2026-05-27T14:50:47.627000
1 posts
🟠 CVE-2026-48972 - High (7.5)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SeedProd LLC SeedProd Pro allows PHP Local File Inclusion.
This issue affects SeedProd Pro: from n/a before 6.19.5.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-48972/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-27T14:50:47.627000
1 posts
🔴 CVE-2026-42748 - Critical (9.9)
Unrestricted Upload of File with Dangerous Type vulnerability in WPify WPify Woo Czech wpify-woo allows Upload a Web Shell to a Web Server.This issue affects WPify Woo Czech: from n/a through <= 5.4.1.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42748/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-27T14:50:47.627000
1 posts
🟠 CVE-2026-42760 - High (7.5)
Authentication Bypass Using an Alternate Path or Channel vulnerability in revmakx Backup and Staging by WP Time Capsule wp-time-capsule allows Password Recovery Exploitation.This issue affects Backup and Staging by WP Time Capsule: from n/a throug...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42760/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-27T14:50:47.627000
1 posts
🔴 CVE-2026-42756 - Critical (9.9)
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ludwig You QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly quickwebp allows Path Traversal.This issue affects QuickWebP ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42756/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-27T14:50:47.627000
1 posts
🟠 CVE-2026-9632 - High (8.8)
A flaw has been found in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected by this issue is the function strcpy of the file /goform/formGroupConfig of the component Web Management Interface. Executing a manipulation of the argument Profile can ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-9632/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-27T14:16:56.203000
1 posts
🟠 CVE-2026-44905 - High (7.5)
Vanetza is an open-source implementation of the ETSI C-ITS protocol suite. In 26.02 and earlier, a denial-of-service vulnerability was identified in the cryptographic verification pipeline of Vanetza. When processing incoming V2X messages, the ASN...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44905/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-27T12:31:30
1 posts
🟠 CVE-2026-42735 - High (8.2)
Authentication Bypass Using an Alternate Path or Channel vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Password Recovery Exploitation.This issue affects KiviCare: from n/a through <= 4.3.0.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42735/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-27T12:31:30
1 posts
🔴 CVE-2026-42755 - Critical (9.3)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 TableOn posts-table-filterable allows Blind SQL Injection.This issue affects TableOn: from n/a through <= 1.0.5.1.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42755/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-27T12:31:30
1 posts
🔴 CVE-2026-42747 - Critical (9.3)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Blind SQL Injection.This issue affects Easy Form Builder: from n/a through <= 4.0.6.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42747/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-27T12:31:30
1 posts
🔴 CVE-2026-42761 - Critical (9.3)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows Blind SQL Injection.This issue affects Active Pro...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42761/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-27T12:31:30
1 posts
🔴 CVE-2026-42758 - Critical (9.8)
Incorrect Privilege Assignment vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Privilege Escalation.This issue affects WebinarIgnition: from n/a through < 4.08.253.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42758/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-27T12:31:30
1 posts
🔴 CVE-2026-42757 - Critical (9.9)
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Path Traversal.This issue affects WebinarIgnition: from n/a through < 4.08.253.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42757/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-27T12:31:29
1 posts
🟠 CVE-2026-3012 - High (8)
A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3012/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-27T09:31:29
2 posts
#OT #Advisory VDE-2026-058
Helmholz: Multiple SQLi vulnerabilities in myREX24V2/myREX24V2.virtual
Multiple SQLi vulnerabilities have been discovered in Helmholz myREX24V2/myREX24V2.virtual
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-058/
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-058.json
###OT #Advisory VDE-2026-044
MB connect line: Multiple SQLi vulnerabilities in mbCONNECT24/mymbCONNECT24
Multiple SQLi vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24.
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-044/
#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-044.json
##updated 2026-05-27T09:31:28
3 posts
🟠 CVE-2026-40851 - High (8.4)
A local attacker can perform a confusion attack on the cfgparser via a specially crafted file on an USB stick leading to code execution. This can result in a total loss of confidentiality, integrity and availability.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40851/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
###OT #Advisory VDE-2026-059
Helmholz: Multiple vulnerabilities in REX100/REX200/REX250
Two command injection vulnerabilities have been discovered in Helmholz REX100/REX200/REX250.
#CVE CVE-2026-40851, CVE-2026-40852
https://certvde.com/en/advisories/vde-2026-059/
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-059.json
###OT #Advisory VDE-2026-054
MB connect line: Multiple vulnerabilities in mbNET/mbNET.rokey/mbNET.mini
Two command injection vulnerabilities have been discovered in MB connect line mbNET/mbNET.rokey/mbNET.mini.
#CVE CVE-2026-40851, CVE-2026-40852
https://certvde.com/en/advisories/vde-2026-054/
#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-054.json
##updated 2026-05-27T09:31:28
3 posts
🟠 CVE-2026-40850 - High (7.5)
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAccountData function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentia...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40850/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
###OT #Advisory VDE-2026-058
Helmholz: Multiple SQLi vulnerabilities in myREX24V2/myREX24V2.virtual
Multiple SQLi vulnerabilities have been discovered in Helmholz myREX24V2/myREX24V2.virtual
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-058/
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-058.json
###OT #Advisory VDE-2026-044
MB connect line: Multiple SQLi vulnerabilities in mbCONNECT24/mymbCONNECT24
Multiple SQLi vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24.
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-044/
#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-044.json
##updated 2026-05-27T09:31:28
2 posts
#OT #Advisory VDE-2026-059
Helmholz: Multiple vulnerabilities in REX100/REX200/REX250
Two command injection vulnerabilities have been discovered in Helmholz REX100/REX200/REX250.
#CVE CVE-2026-40851, CVE-2026-40852
https://certvde.com/en/advisories/vde-2026-059/
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-059.json
###OT #Advisory VDE-2026-054
MB connect line: Multiple vulnerabilities in mbNET/mbNET.rokey/mbNET.mini
Two command injection vulnerabilities have been discovered in MB connect line mbNET/mbNET.rokey/mbNET.mini.
#CVE CVE-2026-40851, CVE-2026-40852
https://certvde.com/en/advisories/vde-2026-054/
#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-054.json
##updated 2026-05-27T09:31:28
2 posts
#OT #Advisory VDE-2026-058
Helmholz: Multiple SQLi vulnerabilities in myREX24V2/myREX24V2.virtual
Multiple SQLi vulnerabilities have been discovered in Helmholz myREX24V2/myREX24V2.virtual
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-058/
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-058.json
###OT #Advisory VDE-2026-044
MB connect line: Multiple SQLi vulnerabilities in mbCONNECT24/mymbCONNECT24
Multiple SQLi vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24.
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-044/
#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-044.json
##updated 2026-05-27T09:31:28
2 posts
#OT #Advisory VDE-2026-058
Helmholz: Multiple SQLi vulnerabilities in myREX24V2/myREX24V2.virtual
Multiple SQLi vulnerabilities have been discovered in Helmholz myREX24V2/myREX24V2.virtual
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-058/
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-058.json
###OT #Advisory VDE-2026-044
MB connect line: Multiple SQLi vulnerabilities in mbCONNECT24/mymbCONNECT24
Multiple SQLi vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24.
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-044/
#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-044.json
##updated 2026-05-27T09:31:28
2 posts
#OT #Advisory VDE-2026-058
Helmholz: Multiple SQLi vulnerabilities in myREX24V2/myREX24V2.virtual
Multiple SQLi vulnerabilities have been discovered in Helmholz myREX24V2/myREX24V2.virtual
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-058/
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-058.json
###OT #Advisory VDE-2026-044
MB connect line: Multiple SQLi vulnerabilities in mbCONNECT24/mymbCONNECT24
Multiple SQLi vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24.
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-044/
#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-044.json
##updated 2026-05-27T09:31:28
2 posts
#OT #Advisory VDE-2026-058
Helmholz: Multiple SQLi vulnerabilities in myREX24V2/myREX24V2.virtual
Multiple SQLi vulnerabilities have been discovered in Helmholz myREX24V2/myREX24V2.virtual
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-058/
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-058.json
###OT #Advisory VDE-2026-044
MB connect line: Multiple SQLi vulnerabilities in mbCONNECT24/mymbCONNECT24
Multiple SQLi vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24.
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-044/
#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-044.json
##updated 2026-05-27T09:31:28
2 posts
#OT #Advisory VDE-2026-058
Helmholz: Multiple SQLi vulnerabilities in myREX24V2/myREX24V2.virtual
Multiple SQLi vulnerabilities have been discovered in Helmholz myREX24V2/myREX24V2.virtual
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-058/
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-058.json
###OT #Advisory VDE-2026-044
MB connect line: Multiple SQLi vulnerabilities in mbCONNECT24/mymbCONNECT24
Multiple SQLi vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24.
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-044/
#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-044.json
##updated 2026-05-27T09:31:28
2 posts
#OT #Advisory VDE-2026-058
Helmholz: Multiple SQLi vulnerabilities in myREX24V2/myREX24V2.virtual
Multiple SQLi vulnerabilities have been discovered in Helmholz myREX24V2/myREX24V2.virtual
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-058/
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-058.json
###OT #Advisory VDE-2026-044
MB connect line: Multiple SQLi vulnerabilities in mbCONNECT24/mymbCONNECT24
Multiple SQLi vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24.
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-044/
#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-044.json
##updated 2026-05-27T09:31:28
2 posts
#OT #Advisory VDE-2026-058
Helmholz: Multiple SQLi vulnerabilities in myREX24V2/myREX24V2.virtual
Multiple SQLi vulnerabilities have been discovered in Helmholz myREX24V2/myREX24V2.virtual
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-058/
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-058.json
###OT #Advisory VDE-2026-044
MB connect line: Multiple SQLi vulnerabilities in mbCONNECT24/mymbCONNECT24
Multiple SQLi vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24.
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-044/
#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-044.json
##updated 2026-05-27T09:31:28
2 posts
#OT #Advisory VDE-2026-058
Helmholz: Multiple SQLi vulnerabilities in myREX24V2/myREX24V2.virtual
Multiple SQLi vulnerabilities have been discovered in Helmholz myREX24V2/myREX24V2.virtual
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-058/
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-058.json
###OT #Advisory VDE-2026-044
MB connect line: Multiple SQLi vulnerabilities in mbCONNECT24/mymbCONNECT24
Multiple SQLi vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24.
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-044/
#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-044.json
##updated 2026-05-27T09:31:28
2 posts
#OT #Advisory VDE-2026-058
Helmholz: Multiple SQLi vulnerabilities in myREX24V2/myREX24V2.virtual
Multiple SQLi vulnerabilities have been discovered in Helmholz myREX24V2/myREX24V2.virtual
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-058/
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-058.json
###OT #Advisory VDE-2026-044
MB connect line: Multiple SQLi vulnerabilities in mbCONNECT24/mymbCONNECT24
Multiple SQLi vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24.
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-044/
#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-044.json
##updated 2026-05-27T09:31:28
2 posts
#OT #Advisory VDE-2026-058
Helmholz: Multiple SQLi vulnerabilities in myREX24V2/myREX24V2.virtual
Multiple SQLi vulnerabilities have been discovered in Helmholz myREX24V2/myREX24V2.virtual
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-058/
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-058.json
###OT #Advisory VDE-2026-044
MB connect line: Multiple SQLi vulnerabilities in mbCONNECT24/mymbCONNECT24
Multiple SQLi vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24.
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-044/
#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-044.json
##updated 2026-05-27T09:31:28
2 posts
#OT #Advisory VDE-2026-058
Helmholz: Multiple SQLi vulnerabilities in myREX24V2/myREX24V2.virtual
Multiple SQLi vulnerabilities have been discovered in Helmholz myREX24V2/myREX24V2.virtual
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-058/
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-058.json
###OT #Advisory VDE-2026-044
MB connect line: Multiple SQLi vulnerabilities in mbCONNECT24/mymbCONNECT24
Multiple SQLi vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24.
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-044/
#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-044.json
##updated 2026-05-27T09:31:28
2 posts
#OT #Advisory VDE-2026-058
Helmholz: Multiple SQLi vulnerabilities in myREX24V2/myREX24V2.virtual
Multiple SQLi vulnerabilities have been discovered in Helmholz myREX24V2/myREX24V2.virtual
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-058/
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-058.json
###OT #Advisory VDE-2026-044
MB connect line: Multiple SQLi vulnerabilities in mbCONNECT24/mymbCONNECT24
Multiple SQLi vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24.
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-044/
#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-044.json
##updated 2026-05-27T09:31:28
2 posts
#OT #Advisory VDE-2026-058
Helmholz: Multiple SQLi vulnerabilities in myREX24V2/myREX24V2.virtual
Multiple SQLi vulnerabilities have been discovered in Helmholz myREX24V2/myREX24V2.virtual
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-058/
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-058.json
###OT #Advisory VDE-2026-044
MB connect line: Multiple SQLi vulnerabilities in mbCONNECT24/mymbCONNECT24
Multiple SQLi vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24.
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-044/
#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-044.json
##updated 2026-05-27T09:31:28
2 posts
#OT #Advisory VDE-2026-058
Helmholz: Multiple SQLi vulnerabilities in myREX24V2/myREX24V2.virtual
Multiple SQLi vulnerabilities have been discovered in Helmholz myREX24V2/myREX24V2.virtual
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-058/
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-058.json
###OT #Advisory VDE-2026-044
MB connect line: Multiple SQLi vulnerabilities in mbCONNECT24/mymbCONNECT24
Multiple SQLi vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24.
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-044/
#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-044.json
##updated 2026-05-27T09:31:24
1 posts
🟠 CVE-2025-13392 - High (8.1)
Improper check for unusual or exceptional conditions vulnerability in SSO in Synology DiskStation Manager (DSM) before 7.2.2-72806-5 and 7.3.1-86003-1 (7.2.1-69057 is not affected) allows remote attackers to bypass authentication with prior knowle...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-13392/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-27T09:31:24
1 posts
🟠 CVE-2025-30028 - High (8.6)
A vulnerability in Active Backup for Business allows unauthorized remote attackers to read arbitrary files.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-30028/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-27T09:31:24
2 posts
#OT #Advisory VDE-2026-058
Helmholz: Multiple SQLi vulnerabilities in myREX24V2/myREX24V2.virtual
Multiple SQLi vulnerabilities have been discovered in Helmholz myREX24V2/myREX24V2.virtual
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-058/
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-058.json
###OT #Advisory VDE-2026-044
MB connect line: Multiple SQLi vulnerabilities in mbCONNECT24/mymbCONNECT24
Multiple SQLi vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24.
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-044/
#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-044.json
##updated 2026-05-27T09:31:23
3 posts
⚠️ HIGH severity: CVE-2026-40825 in MB connect line mbCONNECT24. SQL Injection via accountstatus view devices param enables DB read/modify. No patch yet — restrict access & monitor vendor advisories. https://radar.offseq.com/threat/cve-2026-40825-cwe-89-improper-neutralization-of-s-0b1fbf64 #OffSeq #SQLInjection #Vuln #MBconnect
###OT #Advisory VDE-2026-058
Helmholz: Multiple SQLi vulnerabilities in myREX24V2/myREX24V2.virtual
Multiple SQLi vulnerabilities have been discovered in Helmholz myREX24V2/myREX24V2.virtual
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-058/
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-058.json
###OT #Advisory VDE-2026-044
MB connect line: Multiple SQLi vulnerabilities in mbCONNECT24/mymbCONNECT24
Multiple SQLi vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24.
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-044/
#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-044.json
##updated 2026-05-27T09:31:23
2 posts
#OT #Advisory VDE-2026-058
Helmholz: Multiple SQLi vulnerabilities in myREX24V2/myREX24V2.virtual
Multiple SQLi vulnerabilities have been discovered in Helmholz myREX24V2/myREX24V2.virtual
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-058/
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-058.json
###OT #Advisory VDE-2026-044
MB connect line: Multiple SQLi vulnerabilities in mbCONNECT24/mymbCONNECT24
Multiple SQLi vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24.
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-044/
#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-044.json
##updated 2026-05-27T09:31:23
2 posts
#OT #Advisory VDE-2026-058
Helmholz: Multiple SQLi vulnerabilities in myREX24V2/myREX24V2.virtual
Multiple SQLi vulnerabilities have been discovered in Helmholz myREX24V2/myREX24V2.virtual
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-058/
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-058.json
###OT #Advisory VDE-2026-044
MB connect line: Multiple SQLi vulnerabilities in mbCONNECT24/mymbCONNECT24
Multiple SQLi vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24.
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-044/
#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-044.json
##updated 2026-05-27T09:31:23
2 posts
#OT #Advisory VDE-2026-058
Helmholz: Multiple SQLi vulnerabilities in myREX24V2/myREX24V2.virtual
Multiple SQLi vulnerabilities have been discovered in Helmholz myREX24V2/myREX24V2.virtual
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-058/
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-058.json
###OT #Advisory VDE-2026-044
MB connect line: Multiple SQLi vulnerabilities in mbCONNECT24/mymbCONNECT24
Multiple SQLi vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24.
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-044/
#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-044.json
##updated 2026-05-27T09:31:23
2 posts
#OT #Advisory VDE-2026-058
Helmholz: Multiple SQLi vulnerabilities in myREX24V2/myREX24V2.virtual
Multiple SQLi vulnerabilities have been discovered in Helmholz myREX24V2/myREX24V2.virtual
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-058/
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-058.json
###OT #Advisory VDE-2026-044
MB connect line: Multiple SQLi vulnerabilities in mbCONNECT24/mymbCONNECT24
Multiple SQLi vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24.
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-044/
#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-044.json
##updated 2026-05-27T09:31:23
2 posts
#OT #Advisory VDE-2026-058
Helmholz: Multiple SQLi vulnerabilities in myREX24V2/myREX24V2.virtual
Multiple SQLi vulnerabilities have been discovered in Helmholz myREX24V2/myREX24V2.virtual
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-058/
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-058.json
###OT #Advisory VDE-2026-044
MB connect line: Multiple SQLi vulnerabilities in mbCONNECT24/mymbCONNECT24
Multiple SQLi vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24.
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-044/
#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-044.json
##updated 2026-05-27T09:31:23
2 posts
#OT #Advisory VDE-2026-058
Helmholz: Multiple SQLi vulnerabilities in myREX24V2/myREX24V2.virtual
Multiple SQLi vulnerabilities have been discovered in Helmholz myREX24V2/myREX24V2.virtual
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-058/
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-058.json
###OT #Advisory VDE-2026-044
MB connect line: Multiple SQLi vulnerabilities in mbCONNECT24/mymbCONNECT24
Multiple SQLi vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24.
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-044/
#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-044.json
##updated 2026-05-27T09:31:23
2 posts
#OT #Advisory VDE-2026-058
Helmholz: Multiple SQLi vulnerabilities in myREX24V2/myREX24V2.virtual
Multiple SQLi vulnerabilities have been discovered in Helmholz myREX24V2/myREX24V2.virtual
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-058/
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-058.json
###OT #Advisory VDE-2026-044
MB connect line: Multiple SQLi vulnerabilities in mbCONNECT24/mymbCONNECT24
Multiple SQLi vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24.
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-044/
#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-044.json
##updated 2026-05-27T09:31:23
2 posts
#OT #Advisory VDE-2026-058
Helmholz: Multiple SQLi vulnerabilities in myREX24V2/myREX24V2.virtual
Multiple SQLi vulnerabilities have been discovered in Helmholz myREX24V2/myREX24V2.virtual
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-058/
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-058.json
###OT #Advisory VDE-2026-044
MB connect line: Multiple SQLi vulnerabilities in mbCONNECT24/mymbCONNECT24
Multiple SQLi vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24.
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-044/
#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-044.json
##updated 2026-05-27T09:31:22
2 posts
#OT #Advisory VDE-2026-058
Helmholz: Multiple SQLi vulnerabilities in myREX24V2/myREX24V2.virtual
Multiple SQLi vulnerabilities have been discovered in Helmholz myREX24V2/myREX24V2.virtual
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-058/
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-058.json
###OT #Advisory VDE-2026-044
MB connect line: Multiple SQLi vulnerabilities in mbCONNECT24/mymbCONNECT24
Multiple SQLi vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24.
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-044/
#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-044.json
##updated 2026-05-27T09:31:22
2 posts
#OT #Advisory VDE-2026-058
Helmholz: Multiple SQLi vulnerabilities in myREX24V2/myREX24V2.virtual
Multiple SQLi vulnerabilities have been discovered in Helmholz myREX24V2/myREX24V2.virtual
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-058/
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-058.json
###OT #Advisory VDE-2026-044
MB connect line: Multiple SQLi vulnerabilities in mbCONNECT24/mymbCONNECT24
Multiple SQLi vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24.
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-044/
#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-044.json
##updated 2026-05-27T09:31:22
1 posts
#OT #Advisory VDE-2026-050
Phoenix Contact: PLCnext Firmware Security Issues Related to APPs and Configuration Files
This advisory addresses security issues in PLCnext firmware versions prior to 2026.0.3 that are related to APP handling and the processing of configuration files. The identified vulnerabilities affect APP installation authenticity as well as the handling of configuration data in writable directories. Successful exploitation may allow authenticated attackers with different privilege levels to compromise integrity, availability, and system security of affected PLCnext Control. Both issues are resolved starting with PLCnext firmware version 2026.0.3.
#CVE CVE-2025-41669, CVE-2025-41670
https://certvde.com/en/advisories/vde-2026-050/
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-050.json
##updated 2026-05-27T09:31:21
1 posts
🔥 CVE-2026-8760 (CRITICAL, CVSS 9.8): india-web-developer Login with OTP ≤1.6 allows brute-force OTP bypass — no rate-limit on validation, no OTP expiry. Disable the plugin or restrict login access now. Patch pending. https://radar.offseq.com/threat/cve-2026-8760-cwe-307-improper-restriction-of-exce-49a9becd #OffSeq #WordPress #Vuln
##updated 2026-05-27T06:32:38
1 posts
🟠 CVE-2026-5260 - High (8.2)
A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS#11 token, could trigger a short heap overread. This memory corruption vulnera...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5260/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-27T06:31:42
1 posts
🟠 CVE-2026-2253 - High (7.7)
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0, including 9.3.x and 8.3.x, does not prevent certain XML parsers from resolving external entities.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2253/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-27T03:30:37
1 posts
🟠 CVE-2026-9631 - High (8.8)
A vulnerability was detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected by this vulnerability is the function strcpy of the file /goform/formConfigFastDirectionW of the component Web Management Interface. Performing a manipulation of ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-9631/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-27T03:30:37
1 posts
🟠 CVE-2026-9627 - High (8.8)
A security flaw has been discovered in UTT HiPER 1200GW up to 2.5.3-170306. This impacts the function strcpy of the file /goform/setSysAdm of the component Web Management Interface. The manipulation of the argument sysAdmUser/sysAdmPass results in...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-9627/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-27T03:30:36
1 posts
🟠 CVE-2026-9207 - High (8.8)
Tanium addressed an unauthorized code execution vulnerability in Connect.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-9207/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-27T00:31:29
1 posts
🚨 CRITICAL: CVE-2026-9312 (SSRF) in GitHub Enterprise Server 3.16.0 – 3.21.0 lets unauth attackers access internal services via crafted uploads. Patch to 3.16.20+ ASAP! Details: https://radar.offseq.com/threat/cve-2026-9312-cwe-918-server-side-request-forgery--b1f49fcb #OffSeq #SSRF #GitHub #Vuln
##updated 2026-05-26T21:32:41
5 posts
3 repos
https://github.com/HORKimhab/CVE-2026-48172
https://github.com/retmakarunia/CVE-2026-48172
https://github.com/fevar54/CVE-2026-48172---LiteSpeed-cPanel-Plugin-Version-Auditor
📰 CISA Mandates Urgent Patch for Actively Exploited LiteSpeed cPanel Flaw Granting Root Access
⚠️ CRITICAL ALERT: CISA adds LiteSpeed cPanel plugin flaw (CVE-2026-48172) to its KEV catalog. The bug allows for root access and is actively exploited. Patch immediately! #CVE #LiteSpeed #cPanel #CyberSecurity #PatchNow
🌐 cyber[.]netsecops[.]io
##⚠️ CRITICAL: Actively exploited privilege escalation in LiteSpeed cPanel plugin (CVE-2026-48172) enables remote root access via lsws.redisAble. Patch plugin v2.3 – v2.4.4 now! CISA mandates 4-day deadline for U.S. agencies. https://radar.offseq.com/threat/cisa-gives-feds-4-days-to-patch-actively-exploited-ebc57663 #OffSeq #vuln #patchnow
##🏛️ CISA Adds LiteSpeed cPanel Plugin Privilege Escalation Vulnerability
📝 CISA adds CVE-2026-48172 to KEV Catalog, affecting federal agencies.
📰 Alerts
##🚨 [CISA-2026:0526] CISA Adds One Known Exploited Vulnerability to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0526)
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2026-48172 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-48172)
- Name: LiteSpeed cPanel Plugin Privilege Escalation Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: LiteSpeed
- Product: cPanel Plugin
- Notes: https://blog.litespeedtech.com/2026/05/21/security-update-for-litespeed-cpanel-plugin/ ; https://nvd.nist.gov/vuln/detail/CVE-2026-48172
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260526 #cisa20260526 #cve_2026_48172 #cve202648172
##CVE ID: CVE-2026-48172
Vendor: LiteSpeed
Product: cPanel Plugin
Date Added: 2026-05-26
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-48172
updated 2026-05-26T21:32:08
1 posts
🔴 CVE-2026-9642 - Critical (9.8)
There is a mitigation bypass / (incomplete fix) for CVE-2025-62582 (Unauthenticated Remote Database Access)
An unauthenticated remote attacker can access configured databases in a DIAView project.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-9642/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-26T21:32:07
1 posts
🟠 CVE-2026-8676 - High (8.8)
An attacker is able to downgrade the security of a Bluetooth LE connection by deleting an existing bond, spoofing the bonded device and creating a new bond.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-8676/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-26T20:40:28.047000
1 posts
🟠 CVE-2026-7454 - High (7.8)
A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7454/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-26T20:27:32.703000
1 posts
🟠 CVE-2026-8854 - High (7.5)
IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_mem_cache.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-8854/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-26T20:25:33.130000
1 posts
🟠 CVE-2026-8855 - High (8.1)
IBM HTTP Server 8.5, and 9.0 is vulnerable to remote code execution and denial of service in configurations with TLS mutual authentication (client authentication).
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-8855/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-26T19:50:21.747000
1 posts
🟠 CVE-2026-46368 - High (8.8)
luci-app-https-dns-proxy through 2025.12.29-5 — an optional LuCI web UI add-on for the https-dns-proxy package, distributed through the OpenWrt community packages feed and not installed by default — contains a command injection vulnerability i...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-46368/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-26T19:50:21.747000
1 posts
🔴 CVE-2026-45247 - Critical (9.8)
Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarm...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45247/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-26T19:16:29.123000
3 posts
1 repos
KnowledgeDeliver Zero-Day Flaw Exploited to Deploy Web Shells
KnowledgeDeliver LMS installations are being targeted by a zero-day deserialization vulnerability (CVE-2026-5426) caused by hardcoded machine keys, allowing attackers to deploy web shells and Cobalt Strike backdoors.
**If you run Digital Knowledge's KnowledgeDeliver LMS, immediately replace the default ASP.NET machine keys in your web.config with unique, cryptographically strong ones to block these attacks. If possible, restrict portal access to trusted IP ranges, and monitor Windows Application logs for Event ID 1316 (ViewState verification failures).**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/knowledgedeliver-zero-day-flaw-exploited-to-deploy-web-shells-5-x-f-c-n/gD2P6Ple2L
updated 2026-05-26T19:06:14.330000
1 posts
🟠 CVE-2026-8620 - High (7.5)
IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to HTTP request smuggling in the Web Server Plug-ins through a special...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-8620/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-26T18:31:51
1 posts
🟠 CVE-2026-8856 - High (7.7)
IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service in configurations where an attacker has write access to parts of the server configuration.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-8856/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-26T18:31:42
1 posts
🟠 CVE-2026-25112 - High (7.8)
A high-severity vulnerability in the deployment of Genetec RabbitMQ that allows a privilege escalation attack.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25112/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-26T18:16:49.533000
1 posts
33 repos
https://github.com/scriptzteam/Paranoid-Dirty-Frag-CVE-2026-43284
https://github.com/dixyes/dirtypatch
https://github.com/AK777177/Dirty-Frag-Analysis
https://github.com/liamromanis101/DirtyFrag-Detector
https://github.com/jayhutajulu1/CVE-2026-43284-DirtyFrag-PoC
https://github.com/FrosterDL/CVE-2026-43284
https://github.com/infiniroot/ansible-mitigate-copyfail-dirtyfrag
https://github.com/Aiyakami/rust_dirtyfrag
https://github.com/gagaltotal/CVE-2026-43284-CVE-2026-43500-scan
https://github.com/Percivalll/Dirty-Frag-Kubernetes-PoC
https://github.com/xd20111/CVE-2026-43284
https://github.com/XRSecCD/202605_dirty_frag
https://github.com/krisiasty/vcheck
https://github.com/ChernStepanov/DirtyFrag-for-dummies
https://github.com/kuniyal08/Dirty-Frag-CVE-2026-43284
https://github.com/AtlasVector/Dirty-Frag-CVE-2026-43284
https://github.com/whosfault/CVE-2026-43284
https://github.com/metalx1993/dirtyfrag-patches
https://github.com/ochebotar/copy-fail-CVE-2026-31431-detection-probe
https://github.com/KaraZajac/DIRTYFAIL
https://github.com/linnemanlabs/dirtyfrag-arm64
https://github.com/attaattaatta/CVE-2026-43500
https://github.com/6abc/Copy-Fail-CVE-2026-31431-dirty-frag-CVE-2026-43284
https://github.com/LucasPDiniz/CVE-2026-43284
https://github.com/haydenjames/dirty-frag-check
https://github.com/Koshmare-Blossom/DirtyFrag-go
https://github.com/grabesec/XCP_ng_CVE-2026-43284_tester
https://github.com/0xlane/pagecache-guard
https://github.com/DylanClaudio/Reporte-de-Escalada-de-Privilegios-Local-Dirty-Frag
https://github.com/0xBlackash/CVE-2026-43284
https://github.com/mym0us3r/DIRTY-FRAG-Detection-with-Wazuh-4.14.4
updated 2026-05-26T15:32:17
1 posts
🟠 CVE-2026-4480 - High (8.5)
A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J"
substitution character without escaping shell meta characters. A re...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4480/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-26T15:32:16
1 posts
🟠 CVE-2026-48131 - High (8.1)
The VPN service may mishandle an unexpected IKE fragment value received on the IKE port 500/UDP during the early stage of a connection attempt. This can cause the service to terminate unexpectedly, resulting in denial of service (temporary disrupt...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-48131/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-26T15:32:16
1 posts
🔴 CVE-2026-9543 - Critical (9.8)
A vulnerability has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument admpass leads to os comman...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-9543/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-26T13:30:57
1 posts
🟠 CVE-2026-39661 - High (7.5)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Magentech SW Core allows PHP Local File Inclusion.
This issue affects SW Core: from n/a through 1.7.18.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-39661/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-26T13:30:56
2 posts
🟠 CVE-2026-25104 - High (7.8)
MediaArea MediaInfoLib LXF parsing heap-based buffer overflow vulnerability
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25104/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 HIGH severity: CVE-2026-25104 impacts MediaArea MediaInfoLib 26.01. Integer underflow in LXF parsing can trigger heap-based buffer overflow. No patch yet — restrict untrusted LXF file parsing and monitor for updates. https://radar.offseq.com/threat/cve-2026-25104-cwe-191-integer-underflow-wrap-or-w-860fcfcf #OffSeq #Vulnerability #Infosec
##updated 2026-05-22T03:30:26
1 posts
1 repos
@lattera How is autoloading zfs.ko related to CVE-2026-45250?
##updated 2026-05-20T21:32:36
1 posts
10 repos
https://github.com/thinhap/CVE-2026-9082-PoC
https://github.com/7h30th3r0n3/CVE-2026-9082-Drupal-PoC
https://github.com/lysophavin18/cve-2026-9082
https://github.com/ridhinva/CVE-2026-9082
https://github.com/0xBlackash/CVE-2026-9082
https://github.com/ambionics/cve-2026-9082-drupal-postgresql-rce
https://github.com/ywh-jfellus/CVE-2026-9082
https://github.com/N45HT/drupal-cve-2026-9082-checker
Drupal: kritische Sicherheitslücke (CVE-2026-9082). Der Patch steht zur Verfügung. Aktuell sind in Deutschland 61 Instanzen ungepatcht.
Interessiert das irgendjemenschen? Braucht es weitere Informationen? Oder ist der Beitrag flüssiger als Wasser?
updated 2026-05-20T19:06:36.850000
2 posts
2 repos
⚪️ Microsoft patches UnDefend and RedSun 0‑day vulnerabilities
🗨️ Microsoft developers have released out-of-band updates to fix two 0‑day vulnerabilities in Microsoft Defender that are already being used in real-world attacks. These are the bugs CVE-2026-41091 and CVE-2026-45498, known as RedSun and UnDefend. The first issue (7.8 on the…
##The RedSun vulnerability was "officially fixed" on May 19, with the fix being "let's break the PoC by quarantining the affected .exe". The fix is just part of a Defender definition update. So, I guess the Red Sun no longer prevails.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41091
updated 2026-05-20T18:32:34
1 posts
Ok, CISA adding CVE-2010-0249 (Use-After-Free in checks notes Internet Explorer 6, 6 SP1, 7, and 8 for Server up to 2008 & Win7 to their KEV list... last week... has me giggle.
Yeah, I guess there may be EITW exploitation? But putting a "you got 2 weeks to fix your Server 2008 Internet Explorer NOW in 2 weeks!!!" is, like, seriously funny.
https://db.gcve.eu/known-exploited-vulnerabilities-catalog/378dd17e-1682-4b50-ad24-e7d16fbfb2fd
##updated 2026-05-20T18:31:35
1 posts
1 repos
⚪️ Microsoft patches UnDefend and RedSun 0‑day vulnerabilities
🗨️ Microsoft developers have released out-of-band updates to fix two 0‑day vulnerabilities in Microsoft Defender that are already being used in real-world attacks. These are the bugs CVE-2026-41091 and CVE-2026-45498, known as RedSun and UnDefend. The first issue (7.8 on the…
##updated 2026-05-20T17:30:40.450000
1 posts
1 repos
Mal etwas neues von Cisco: neues Sicherheitsloch mit 10 von 10
Ach nein, das ist ja gar nicht neu! Im Gegenteil: Cisco hat die Welt doch gerade erst mit eine perfekten 10 beglückt. Sicherheitslücken mit höchster Risikostufe prasseln auf uns nieder, als erhielte Cisco dafür Geld*. Das nächste gefährliche Sicherheitsloch mit der Nummer CVE-2026-20223 klafft diesmal in Cisco Secure Workload (CSW). Dieses Produkt soll eigentlich die IT sicherer machen, indem es Anwendungen voneinander isoliert. Jetzt wird es selber zur Schwachstelle, die relativ einfach angegriffen werden kann. Ein entfernter, nicht angemeldeter Angreifer braucht nur eine speziell gedrechselte*
#Allgemein #Empfehlung #Hintergrund #Warnung #hersteller #hintertür #UnplugTrump #usa #wissen #backdoor
##updated 2026-05-19T15:31:29
1 posts
1 repos
Sparx Systems has failed to patch five security issues in its Pro Cloud Server even after being contacted by CERT Poland
##updated 2026-05-19T14:16:46.977000
1 posts
2 repos
https://github.com/0xBlackash/CVE-2026-45829
https://github.com/fevar54/FULL-ANALYSIS---CVE-2026-45829-ChromaDB-
NicFab Newsletter #22 is out.
→ Garante fines Ambrosetti €85k for late breach notification (Art. 34 GDPR)
→ Verizon DBIR 2026: vuln exploitation overtakes credentials as #1 vector
→ Commission opens first Article 112(1) AI Act review
→ Colorado CADMA replaces the 2024 AI Act
→ Unpatched RCE in ChromaDB (CVE-2026-45829)
Read: https://www.nicfab.eu/en/newsletter-issues/2026-05-26-issue-22/
Subscribe: https://www.nicfab.eu/en/pages/newsletter/#subscribe-now
updated 2026-05-18T19:02:42
1 posts
🔍 Lambda Watchdog detected that CVE-2026-45736 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/530 #AWS #Lambda #Security #CVE #DevOps #SecOps
##updated 2026-05-18T17:42:25
2 posts
🟠 CVE-2026-45716 - High (8.8)
Budibase is an open-source low-code platform. Prior to 3.38.1, the POST /api/global/users/onboard endpoint is protected by workspaceBuilderOrAdmin middleware, allowing any user with builder permissions to access it. When SMTP email is not configur...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45716/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-45716 - High (8.8)
Budibase is an open-source low-code platform. Prior to 3.38.1, the POST /api/global/users/onboard endpoint is protected by workspaceBuilderOrAdmin middleware, allowing any user with builder permissions to access it. When SMTP email is not configur...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45716/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-18T16:41:41
1 posts
🟠 CVE-2026-45298 - High (8.6)
Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, in a default dozzle deploy (the documented quickstart, no DOZZLE_AUTH_PROVIDER set), POST /api/notifications/test-webhook is reachable without authentication and forwards an a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45298/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-17T18:31:33
1 posts
15 repos
https://github.com/gagaltotal/CVE-2026-43284-CVE-2026-43500-scan
https://github.com/metalx1993/dirtyfrag-patches
https://github.com/Koshmare-Blossom/DirtyFrag-go
https://github.com/XRSecCD/202605_dirty_frag
https://github.com/vorkampfer/dirty_frag_mitigation
https://github.com/KaraZajac/DIRTYFAIL
https://github.com/krisiasty/vcheck
https://github.com/linnemanlabs/dirtyfrag-arm64
https://github.com/AK777177/Dirty-Frag-Analysis
https://github.com/0xlane/pagecache-guard
https://github.com/liamromanis101/DirtyFrag-Detector
https://github.com/attaattaatta/CVE-2026-43500
https://github.com/DylanClaudio/Reporte-de-Escalada-de-Privilegios-Local-Dirty-Frag
https://github.com/mym0us3r/DIRTY-FRAG-Detection-with-Wazuh-4.14.4
updated 2026-05-15T15:42:17.907000
1 posts
Micropatches released for Windows Netlogon Remote Code Execution Vulnerability (CVE-2026-41089)
#CVE_2026_41089
https://blog.0patch.com/2026/05/micropatches-released-for-windows_0304568783.html
updated 2026-05-15T12:45:53.990000
2 posts
3 repos
https://github.com/portbuster1337/CVE-2026-20182
Cisco, posted yesterday:
CRITICAL: CVE-2026-20182: Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa2-v69WY2SW @TalosSecurity #Cisco #vulnerability #infosec
##Cisco, posted yesterday:
CRITICAL: CVE-2026-20182: Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa2-v69WY2SW @TalosSecurity #Cisco #vulnerability #infosec
##updated 2026-05-15T09:31:43
2 posts
🚨 [CISA-2026:0527] CISA Adds 3 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0527)
CISA has added 3 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2026-45321 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-45321)
- Name: TanStack Unspecified Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: TanStack
- Product: TanStack
- Notes: This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://github.com/TanStack/router/security/advisories/GHSA-g7cv-rxg3-hmpx ; https://nvd.nist.gov/vuln/detail/CVE-2026-45321
⚠️ CVE-2026-48027 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-48027)
- Name: Nx Console Embedded Malicious Code Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Nx
- Product: Nx Console
- Notes: This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://github.com/nrwl/nx-console/security/advisories/GHSA-c9j4-9m59-847w ; https://nvd.nist.gov/vuln/detail/CVE-2026-48027
⚠️ CVE-2026-8398 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-8398)
- Name: Daemon Tools Lite Embedded Malicious Code Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Daemon
- Product: Daemon Tools Lite
- Notes: https://blog.daemon-tools.cc/post/security-incident ; https://nvd.nist.gov/vuln/detail/CVE-2026-8398
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260527 #cisa20260527 #cve_2026_45321 #cve_2026_48027 #cve_2026_8398 #cve202645321 #cve202648027 #cve20268398
##CVE ID: CVE-2026-8398
Vendor: Daemon
Product: Daemon Tools Lite
Date Added: 2026-05-27
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-8398
updated 2026-05-14T21:30:40
1 posts
36 repos
https://github.com/p3Nt3st3r-sTAr/CVE-2026-42945-POC
https://github.com/yusufdalbudak/CVE-2026-42945
https://github.com/chenqin231/CVE-2026-42945
https://github.com/quantumworld-dpdns-io/CVE-2026-42945
https://github.com/Renison-Gohel/CVE-2026-42945-NGINX-Rift
https://github.com/dinosn/cve-2026-42945-nginx32-lab
https://github.com/sibersan/web-server-audit_CVE-2026-42945
https://github.com/oseasfr/Scanner_CVE_2026-42945
https://github.com/bamov970/CVE-2026-42945-Nginx-RCE-bypass-ASLR
https://github.com/iammerrida-source/nginx-rift-detect
https://github.com/karakapaku43/CVE-2026-42945
https://github.com/nu0l/NGINX-Rift
https://github.com/niekaicheng/CVE-2026-42945_NGINX_Rift
https://github.com/hnytgl/cve-2026-42945
https://github.com/nanwinata/nginxrift-CVE-2026-42945
https://github.com/ChamsBouzaiene/ai-vuln-rediscovery-nginx-cve-2026-42945
https://github.com/BarAppTeam/nginx-cve-fix
https://github.com/forxiucn/nginx-cve-2026-42945-poc
https://github.com/soksofos/wazuh-nginx-cve-2026-42945-sca-lab
https://github.com/cipherspy/CVE-2026-42945-POC
https://github.com/rheodev/CVE-2026-42945
https://github.com/fkj-src/fix_nginx_cve_2026_42945
https://github.com/realityone/cve-2026-42945-scan
https://github.com/gagaltotal/CVE-2026-42945-NGINX-Rift-Toolkit
https://github.com/F2u0a0d3/CVE-2026-42945-nginx-rift-poc
https://github.com/byezero/nginx-cve-2026-42945-check
https://github.com/0xBlackash/CVE-2026-42945
https://github.com/edgecases-PurpleHax/cve-images
https://github.com/webdev75950-ux/nginx-rce-cve-2026-42945
https://github.com/jelasin/CVE-2026-42945
https://github.com/imSre9/CVE-2026-42945
https://github.com/RedCrazyGhost/CVE-2026-42945
https://github.com/DepthFirstDisclosures/Nginx-Rift
https://github.com/MateusVerass/nGixshell
Researchers report "NGINX Rift" (CVE-2026-42945) is being probed and exploited days after disclosure — attackers are scanning exposed servers for the 18‑year bug. Patches released; teams urged to remediate. 🔍⚠️🛡️ #NGINX #infosec #CVE2026-42945 https://www.theregister.com/security/2026/05/18/nginx-rift-attackers-waste-no-time-targeting-exposed-servers/5241851
##updated 2026-05-13T15:33:25
1 posts
🔴 CVE-2026-45083 - Critical (9.8)
The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. From 4.8.0 to before 26.04.1, the Goobi viewer REST endpoint POST /api/v1/index/stream accepted an arbitrary Solr streaming expression from unau...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45083/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-13T00:49:16
2 posts
We had lengthy discussions explaining the bug to Apple. It was clear to us the bug was new to Apple Product Security. After 5 months, they informed us that the report was treated as a duplicate and it was addressed.
We just got this update for CVE-2026-28910: No bounty
You can read the full blog post (aka charity work for a 4-trillion-dollar company) highlighting this bug here:
##We had lengthy discussions explaining the bug to Apple. It was clear to us the bug was new to Apple Product Security. After 5 months, they informed us that the report was treated as a duplicate and it was addressed.
We just got this update for CVE-2026-28910: No bounty
You can read the full blog post (aka charity work for a 4-trillion-dollar company) highlighting this bug here:
##updated 2026-05-13T00:24:29.033000
1 posts
my approach to finding security bugs:
me in 2017: "hmm the directory is world-writable, and the sticky bit looks ugly in my colorized ls, I'll send a patch"
someone on IRC a week later: "hey you're named in CVE-2016-10156"
me in 2023: "ugh OpenSSH crashes when I'm connecting from my retro Win98 VM"
someone on IRC a week later: "hey did you know you're in CVE-2023-25136"
updated 2026-05-12T15:08:14
2 posts
🟠 CVE-2026-45088 - High (7.5)
Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is run in REST API server mode, the custom-payload-file field in model.Options is JSON-tagged and deserialized directly from the attacker'...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45088/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-45088 - High (7.5)
Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is run in REST API server mode, the custom-payload-file field in model.Options is JSON-tagged and deserialized directly from the attacker'...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45088/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-12T13:31:01
3 posts
4 repos
https://github.com/dinosn/ghost-cve-2026-26980
https://github.com/vognik/CVE-2026-26980
https://github.com/EQSTLab/CVE-2026-26980
https://github.com/Kulik-Labs-Development/Ghost-CMS-Code-Injection-Audit-CVE-2026-26980
Plus de 700 sites piratés : la faille critique de Ghost CMS qui sème la terreur sur le web https://goodtech.info/ghost-cms-faille-critique-cve-2026-26980-clickfix-piratage/ #Développement #Applications #Sécurité #Àlaune
##⚠️ Un CMS molto usato finisce nel mirino: siti legittimi possono diventare trappole invisibili. Aggiornare, monitorare, verificare. #Cybersecurity #CMS
🔗 https://www.tomshw.it/hardware/ghost-cms-clickfix-falla-sql-cve-2026-26980
##Critical Ghost CMS Vulnerability Exploited to Hack 700+ Websites
A critical Ghost CMS vulnerability identified as CVE-2026-26980 has been exploited in a widespread cyber campaign that compromised more than 700...
🔗️ [Thecyberexpress] https://link.is.it/FdS8KE
##updated 2026-05-11T14:45:09
1 posts
🟠 CVE-2026-44971 - High (8.2)
GuardDog is a CLI tool to identify malicious PyPI packages. From 1.0.0 to 2.9.0, the programmatic remote project scanning path rewrites attacker-controlled repository URLs using a blind string replacement and then sends the caller's GitHub credent...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44971/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-09T00:40:17
1 posts
🟠 CVE-2026-44966 - High (8.3)
Velocity.js is a JavaScript implementation of the Apache Velocity template engine. In 2.1.5 and earlier, a prototype pollution vulnerability was discovered in velocityjs. This issue occurs during the processing of #set directives in Velocity templ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44966/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-09T00:10:30
1 posts
🚨 CRITICAL: CVE-2026-44895 in yoda-digital mcp-gitlab-server (<0.6.0) allows unauthenticated access to a mutation-capable RPC endpoint, risking full GitLab resource compromise. Upgrade to 0.6.0+ ASAP. https://radar.offseq.com/threat/cve-2026-44895-cwe-306-missing-authentication-for--bc836ac6 #OffSeq #Vuln #GitLab #CVE202644895
##updated 2026-05-08T23:47:13
1 posts
🟠 CVE-2026-44900 - High (8.1)
epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.1, in SignedPublicKeysTrustValidatorImpl.isTrusted(), the ECDSA signature verification at line 45 discards the boolean return value of Signature....
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44900/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-08T23:07:34
1 posts
🟠 CVE-2026-44843 - High (8.2)
LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.85 and 1.3.3, LangChain contains older runtime code paths that deserialize run inputs, run outputs, or other application-controlled payloads using overly broad...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44843/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-08T22:59:24
1 posts
🔴 CVE-2026-44327 - Critical (10)
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-oam route group without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can hit the OAM route...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44327/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-08T22:59:00
1 posts
🔴 CVE-2026-44326 - Critical (9.4)
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the 3gpp-traffic-influence API without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can create, rea...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44326/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-28T19:07:37.290000
1 posts
CVE-2026-41241: Pretalx Stored XSS Flaw Allowed Speakers to Hijack Organizer Sessions + Video
A Newly Revealed Pretalx Vulnerability Raises Fresh Concerns for Event Platforms A newly disclosed cybersecurity issue affecting the popular open source conference management platform Pretalx has drawn attention across the security community after researchers confirmed that attackers could abuse a stored Cross-Site Scripting (XSS) vulnerability to execute malicious JavaScript…
##updated 2026-04-16T21:18:18
1 posts
1-Click RCE in Flowise (CVE-2026-40933)
Obsidian Security가 Flowise의 stdio MCP 기능에서 발견한 CVE-2026-40933 취약점은, 악성 chatflow를 임포트하는 것만으로도 서버 측 임의 코드 실행(RCE)이 가능한 심각한 보안 문제입니다. Flowise의 self-hosted 버전이 기본적으로 취약하며, stdio MCP 프로토콜이 명령어를 샌드박스 없이 실행하기 때문에 공격자가 서버 환경과 API 키 등 민감 정보를 탈취할 수 있습니다. Flowise Cloud는 영향을 받지 않으며, 현재의 입력 검증 패치는 우회 가능해 실질적 완전한 해결책은 stdio MCP 비활성...
https://www.obsidiansecurity.com/blog/when-is-stdio-mcp-actually-a-vulnerability
##updated 2026-04-08T17:20:35.697000
1 posts
4 repos
https://github.com/mrmtwoj/CVE-2025-2005
https://github.com/chetools/CVE2005_Spring2025
CVE-2025-2005 - Critical RCE in Front End Users plugin for WordPress. Unauthenticated arbitrary file upload. CVSS 9.8. No patch available. Disable plugin immediately. #CVE #WordPress #infosec
##updated 2026-04-02T21:32:39
1 posts
@campuscodi As far I know, that code has always been available for download, the only change is that it's now a lot less hidden and on GitHub. It used to be an unversioned download link well hidden somewhere on their website.
Source: read it a while ago to report CVE-2024-23218.
##updated 2026-04-02T20:28:33.973000
1 posts
#OT #Advisory VDE-2026-053
METTLER TOLEDO: EVA Karl Fischer titrators affected by libpng vulnerabilities
Titration software versions prior to 2.0.2.6 are affected by libpng vulnerabilities CVE-2026-33416 and CVE-2026-33636.
#CVE CVE-2026-33636, CVE-2026-33416
https://certvde.com/en/advisories/vde-2026-053/
#CSAF https://mettler-toledo.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-053.json
##updated 2026-03-26T20:47:02.337000
1 posts
🚨 EUVD-2026-32958
📊 Score: 6.5/10 (CVSS v3.1)
📦 Product: pyload
🏢 Vendor: pyload
📅 Updated: 2026-05-28
📝 pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the fix for CVE-2026-33509 prevents setting storage_folder inside PKGDIR or userdir, but does NOT protect the Flask session directory (/tmp/pyLoad/flask). An authenti...
🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-32958
##updated 2026-03-23T03:31:45
2 posts
2 repos
https://github.com/mistbarbarianspot/CVE-2026-45659-SharePoint-RCE
⚪️ Microsoft Fixes RCE Vulnerability in SharePoint
🗨️ Microsoft engineers have released out-of-band patches for an RCE vulnerability in SharePoint Server (CVE-2026-45659). The issue has a CVSS score of 8.8 and affects SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016. Exploiting it only requires…
##⚪️ Microsoft Fixes RCE Vulnerability in SharePoint
🗨️ Microsoft engineers have released out-of-band patches for an RCE vulnerability in SharePoint Server (CVE-2026-45659). The issue has a CVSS score of 8.8 and affects SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016. Exploiting it only requires…
##updated 2026-02-25T21:31:25
1 posts
Blip blop, I'm a #mastobot.
Here is a summary (in beta) of the latest posts in #programmingAtKukei https://masto.kukei.eu/browse/programming category:
- **AI coding tools and workflows**: Discussions on GitHub Copilot, Claude Code, Cursor, DeepSeek, hallucinations in AI outputs, and security risks (e.g., symlink RCE in AI agents).
- **PostgreSQL updates**: Security patches (CVE-2026-3172), pgvector fixes, pgBackRest funding, and PostgreSQL 14 end-of-life (Nov 2026).
- **Python ecosystem**: PyCon [1/2]
updated 2026-02-17T21:57:43
1 posts
1 repos
@GossiTheDog Yes, since 2017ish, for example
##updated 2026-01-20T16:58:23.900000
1 posts
🔴 CVE-2026-9642 - Critical (9.8)
There is a mitigation bypass / (incomplete fix) for CVE-2025-62582 (Unauthenticated Remote Database Access)
An unauthenticated remote attacker can access configured databases in a DIAView project.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-9642/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2024-11-21T03:15:44.050000
1 posts
@GossiTheDog Yes, since 2017ish, for example
##CVE-2026-48027 - Changed to Known Ransomware Status
Nx Console Embedded Malicious Code VulnerabilityVendor: NxProduct: Nx ConsoleNx Console contains an embedded malicious code vulnerability that allowed a malicious version of Nx Console to be published. The compromised extension fetched an obfuscated payload that could harvested credentials from multiple sources on disk and in memory.Status changed from Unknown to Known for ransomware https://nvd.nist.gov/vuln/detail/CVE-2026-48027
##CVE-2026-48027 - Changed to Known Ransomware Status
Nx Console Embedded Malicious Code VulnerabilityVendor: NxProduct: Nx ConsoleNx Console contains an embedded malicious code vulnerability that allowed a malicious version of Nx Console to be published. The compromised extension fetched an obfuscated payload that could harvested credentials from multiple sources on disk and in memory.Status changed from Unknown to Known for ransomware https://nvd.nist.gov/vuln/detail/CVE-2026-48027
##🚨 [CISA-2026:0527] CISA Adds 3 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0527)
CISA has added 3 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2026-45321 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-45321)
- Name: TanStack Unspecified Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: TanStack
- Product: TanStack
- Notes: This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://github.com/TanStack/router/security/advisories/GHSA-g7cv-rxg3-hmpx ; https://nvd.nist.gov/vuln/detail/CVE-2026-45321
⚠️ CVE-2026-48027 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-48027)
- Name: Nx Console Embedded Malicious Code Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Nx
- Product: Nx Console
- Notes: This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://github.com/nrwl/nx-console/security/advisories/GHSA-c9j4-9m59-847w ; https://nvd.nist.gov/vuln/detail/CVE-2026-48027
⚠️ CVE-2026-8398 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-8398)
- Name: Daemon Tools Lite Embedded Malicious Code Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Daemon
- Product: Daemon Tools Lite
- Notes: https://blog.daemon-tools.cc/post/security-incident ; https://nvd.nist.gov/vuln/detail/CVE-2026-8398
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260527 #cisa20260527 #cve_2026_45321 #cve_2026_48027 #cve_2026_8398 #cve202645321 #cve202648027 #cve20268398
##CVE ID: CVE-2026-48027
Vendor: Nx
Product: Nx Console
Date Added: 2026-05-27
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-48027
🟠 CVE-2026-47761 - High (8.7)
TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability in the media plugin. Attackers can inject malicious scripts via crafted data-mce-* attributes, which are executed when content is re...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-47761/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-47761 - High (8.7)
TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability in the media plugin. Attackers can inject malicious scripts via crafted data-mce-* attributes, which are executed when content is re...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-47761/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-47760 - High (8.7)
TinyMCE is an open source rich text editor. From 6.8.0 to before 7.1.0, TinyMCE contains an XSS vulnerability caused by improper SVG namespace scope handling in the sanitizer. A crafted payload using nested elements can bypass attribute sanitizati...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-47760/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-47760 - High (8.7)
TinyMCE is an open source rich text editor. From 6.8.0 to before 7.1.0, TinyMCE contains an XSS vulnerability caused by improper SVG namespace scope handling in the sanitizer. A crafted payload using nested elements can bypass attribute sanitizati...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-47760/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-47759 - High (8.7)
TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via unsanitized data-mce-* attributes (data-mce-href, data-mce-src, data-mce-style). Allows attackers to inject malicious values tha...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-47759/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-47759 - High (8.7)
TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via unsanitized data-mce-* attributes (data-mce-href, data-mce-src, data-mce-style). Allows attackers to inject malicious values tha...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-47759/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##3 posts
2 repos
Starting to think git is cursed in some way
CVE-2026-27771: NoScope Discov...
A security vulnerability labelled CVE-2026-27771 affecting Forgejo and Gitea is being widely reported recently.
Packages in Forgejo are visible to unauthenticated users if they are published under a public owner, as designed. It is not a security vulnerability, but a misunderstanding about the permissions and a good opportunity for users to review that they are not in a misconfigured state.
Please see the statement issued by the security team here for more details: https://codeberg.org/forgejo/website/issues/839#issuecomment-15980039
##A security vulnerability labelled CVE-2026-27771 affecting Forgejo and Gitea is being widely reported recently.
Packages in Forgejo are visible to unauthenticated users if they are published under a public owner, as designed. It is not a security vulnerability, but a misunderstanding about the permissions and a good opportunity for users to review that they are not in a misconfigured state.
Please see the statement issued by the security team here for more details: https://codeberg.org/forgejo/website/issues/839#issuecomment-15980039
##13 posts
3 repos
https://github.com/xtremebeing/starlette-host-header-lab
https://github.com/eris-ths/supply-chain-guard
https://github.com/Bhanunamikaze/BadHost-CVE-2026-48710-Exploit
1/3
BadHost (CVE-2026-48710) exposes MCP servers through a trivial HTTP header parsing flaw that hits 325 million weekly downloads across FastAPI, vLLM, LiteLLM, and the entire agentic AI stack.
But the vulnerability isn't the story. The story is why patches won't fix it.
https://haunted.lighthouse.co.im/articles/badhost-mcp-sovereignty/
##There's an update for the Starlette issue: We've scanned thousands of hosts for CVE-2026-48710 and found something important: Being behind a proxy or CloudFlare isn't always a protection unlike previously stated!
When a reverse proxy or CDN (including Cloudflare) sits in front of the target and rejects malformed Host headers, the X-Forwarded-Host header can sometimes be used to bypass the protection! If the backend middleware reads X-Forwarded-Host and updates the ASGI scope, the malicious value can reach the ASGI and Starlette. #badhost
⚪️ BadHost vulnerability in the Starlette framework poses a threat to AI agents
🗨️ Researchers are warning about a critical vulnerability, CVE-2026-48710, discovered in the open-source Starlette framework and dubbed BadHost. Since Starlette underpins FastAPI and many popular AI tools, the issue creates risks for millions of servers and AI agents, and exploiting the…
##BadHost – CVE-2026-48710: Starlette Host-Header Auth Bypass
Link: https://badhost.org/
Discussion: https://news.ycombinator.com/item?id=48277107
BadHost – CVE-2026-48710: Starlette Host-Header Auth Bypass
Link: https://badhost.org/
Discussion: https://news.ycombinator.com/item?id=48277107
BadHost Vulnerability in Starlette Framework Threatens AI Infrastructure
Starlette patched a path-poisoning vulnerability (CVE-2026-48710) that allows attackers to bypass security middleware in AI agents and Python-based servers. The flaw enables unauthorized access to sensitive credentials and internal endpoints by manipulating the HTTP Host header.
**If you're running applications built on Starlette, FastAPI, or LLM tools like vLLM, LiteLLM, or MCP servers, update Starlette to version 1.0.1 ASAP. While updating, put a reverse proxy (Nginx or Cloudflare) in front of your application to block malformed Host headers, and test your endpoints with the free scanner at BadHost.org.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/badhost-vulnerability-in-starlette-framework-threatens-ai-infrastructure-o-g-u-6-8/gD2P6Ple2L
BadHost – CVE-2026-48710: Starlette Host-Header Auth Bypass
Link: https://badhost.org/
Comments: https://news.ycombinator.com/item?id=48277107
CVE-2026-48710 Starlette Host-Header Auth Bypass https://lobste.rs/s/cmsgwo #python #web
https://badhost.org
BadHost – CVE-2026-48710: Starlette Host-Header Auth Bypass - https://badhost.org/
##BadHost – CVE-2026-48710: Starlette Host-Header Auth Bypass
#HackerNews #BadHost #CVE-2026-48710 #Starlette #Security #Vulnerability #Auth #Bypass
##BadHost: One Char Bypasses Host-Based Security Across the Python AI Stack
Python AI 생태계에서 FastAPI의 핵심 라이브러리인 Starlette의 호스트 헤더 처리 취약점(CVE-2026-48710, BadHost)이 발견됐다. 단일 문자 삽입만으로 경로 기반 인증 우회, SSRF, 원격 코드 실행 등이 가능해 LLM 인프라와 AI 서비스에 심각한 보안 위협을 준다. 취약점은 Starlette 1.0.1 버전에서 패치되었으나, CVSS 점수는 실제 영향보다 낮게 평가되어 생태계 전반에 경고가 부족했다. 운영자는 즉시 패치 적용과 함께 request.url 대신 request.scope["path"] 사용, 역방향 프록시 배치 등 방어 조치를 권고한다.
##Disclosing the Badhost Vulnerability in Starlette
Starlette의 BadHost 취약점(CVE-2026-48710)은 HTTP Host 헤더의 입력 검증 부족으로 인해 FastAPI, LiteLLM, vLLM 등 주요 Python LLM 인프라에서 인증 우회, SSRF, RCE 공격이 가능하다. 이 취약점은 Starlette 1.0.1 버전으로 업데이트하거나 request.url.path 대신 request.scope["path"]를 사용하는 방식으로 완화할 수 있다. BadHost.org와 X41 D-Sec에서 제공하는 도구로 취약점 점검이 가능하며, HTTP/1.1 준수 리버스 프록시 배치도 권장된다.
https://ostif.org/disclosing-the-badhost-vulnerability-in-starlette/
##🚨 EUVD-2026-32900
📊 Score: 7.8/10 (CVSS v3.1)
📦 Product: Multipass
🏢 Vendor: Canonical
📅 Updated: 2026-05-28
📝 An issue was discovered in Canonical Multipass for macOS before version 1.16.3 due to an incomplete fix for CVE-2025-5199. While the patch in version 1.16.0 updated the ownership of the multipassd daemon binary to root:wheel, five co-located binaries (mu...
🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-32900
##🔒 7-Zip ha corretto una falla critica, ma chi non aggiorna resta esposto: verifica la versione e installa subito l’ultima release. #Cybersecurity #7Zip
🔗 https://www.tomshw.it/hardware/7-zip-falla-cve-2026-48095-esecuzione-codice
##🔒 7-Zip ha corretto una falla critica, ma chi non aggiorna resta esposto: verifica la versione e installa subito l’ultima release. #Cybersecurity #7Zip
🔗 https://www.tomshw.it/hardware/7-zip-falla-cve-2026-48095-esecuzione-codice
##Critical 7-Zip Vulnerability Allows Remote Code Execution via NTFS Handler
7-Zip version 26.00 and earlier contain a critical heap buffer overflow (CVE-2026-48095) in the NTFS handler that allows attackers to execute arbitrary code via a crafted archive. The flaw is extension-agnostic and can be triggered simply by opening a malicious file.
**If you use 7-Zip, update to version 26.01 or later immediately. Versions 26.00 and earlier let attackers take over your system just by opening a malicious archive. Until you've updated, do not open any archive or disk image files from untrusted or unexpected sources, regardless of the file extension.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-7-zip-vulnerability-allows-remote-code-execution-via-ntfs-handler-2-b-s-s-0/gD2P6Ple2L
⚠️ HIGH severity: Microsoft UFO 3.0.1-4-ge2626659 has a path traversal vuln (CVE-2026-46402). Authenticated users can write files outside logs/. No patch yet — restrict access & monitor input. https://radar.offseq.com/threat/cve-2026-46402-cwe-22-improper-limitation-of-a-pat-6437f7ab #OffSeq #Microsoft #PathTraversal #CVE202646402
##🟠 CVE-2026-46402 - High (8.1)
Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO uses the user-controlled task_name value directly when constructing session log paths. An authenticated client can sup...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-46402/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-44590 - Critical (9.3)
Sherlock hunts down social media accounts by username across social networks. Prior to 0.16.1, the GitHub Actions workflow validate_modified_targets.yml is vulnerable to command injection via the pull_request_target trigger. Any GitHub user can ex...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44590/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-45108 - High (8.4)
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 2.0.0 to before 3.1.5 and 2.3.11, Himmelblau contained an authentication bypass vulnerability in the Device Authorization Grant (DAG) flow that allowed a user wi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45108/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-45104 - High (7.5)
MapServer is a system for developing web-based GIS applications. From 6.4.0 to before 8.6.3, msSLDParseUserStyle always calls _SLDApplyRuleValues(psRule, psLayer, 1); for any carrying — it assumes msSLDParseRule added one class. When the rule ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45104/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-44888 - Critical (9.8)
Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's SaveConfigFile() endpoint writes user-supplied numeric config values (e.g., SMTP_PORT) directly into
pialert.conf without validation. Since pia...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44888/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🛡️ CVE-2026-46414 (HIGH): Auth bypass in Microsoft UFO 3.0.1-4-ge2626659. Attackers can spoof roles & hijack device tasks via WebSocket. No patch yet — restrict server token & trusted client access. More: https://radar.offseq.com/threat/cve-2026-46414-cwe-290-authentication-bypass-by-sp-c8a9e703 #OffSeq #CVE202646414 #MicrosoftUFO #Vuln
##🟠 CVE-2026-46414 - High (8.8)
Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's WebSocket control plane trusts client-supplied identity and role fields in task messages. A client connection can re...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-46414/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-44713 - High (8.8)
pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, src/tmux.c reads the user's $TMUX environment variable, splits it on commas, and interpolates the socket-path component directly into a shell comman...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44713/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-44712 - High (8.2)
pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, a crafted UUID such as $(id>/tmp/rce) in the config causes root RCE when pamusb-conf --reset-pads is run. A USB device with a crafted filesystem UUI...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44712/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-44711 - High (7.9)
pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, symlink attacks on pad directory and pad files enable authentication bypass and root file corruption. This vulnerability is fixed in 0.8.7.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44711/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-46425 - Critical (9.9)
Budibase is an open-source low-code platform. Prior to 3.38.2, packages/worker/src/api/routes/global/scim.ts attaches only two middlewares to the SCIM router: requireSCIM (checks the Enterprise feature flag and SCIM config) and doInScimContext (se...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-46425/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-48151 - High (7.5)
Budibase is an open-source low-code platform. Prior to 3.39.0, the webhook schema-building endpoint is registered under builderRoutes, but the generic authorization middleware skips authorization for all paths matching /api/webhooks/schema. As a r...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-48151/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-48150 - Critical (9)
Budibase is an open-source low-code platform. Prior to 3.39.0, /api/public/v1/roles/assign is guarded by the builderOrAdmin middleware, which passes any user who is a builder for the app id in the x-budibase-app-id header. That check admits both g...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-48150/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-48149 - High (8.1)
Budibase is an open-source low-code platform. Prior to 3.39.0, the Budibase Text component renders markdown by assigning marked.parse(markdown) straight to innerHTML with no sanitizer (packages/bbui/src/Markdown/MarkdownViewer.svelte:22). Any colu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-48149/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Vulnerability alert: Developers using Microsoft's code editor could hand an attacker full control of their machine by clicking a single install link, with nothing in the confirmation screen to warn them. Microsoft patched the flaw (CVE-2026-41613). https://www.databreachtoday.com/microsoft-code-editor-flaw-lets-attackers-hijack-developer-pcs-a-31775
###OT #Advisory VDE-2026-058
Helmholz: Multiple SQLi vulnerabilities in myREX24V2/myREX24V2.virtual
Multiple SQLi vulnerabilities have been discovered in Helmholz myREX24V2/myREX24V2.virtual
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-058/
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-058.json
###OT #Advisory VDE-2026-044
MB connect line: Multiple SQLi vulnerabilities in mbCONNECT24/mymbCONNECT24
Multiple SQLi vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24.
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820
https://certvde.com/en/advisories/vde-2026-044/
#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-044.json
##🔴 CVE-2026-44450 - Critical (9.9)
Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the MCP server creation endpoint validates the command field against an allowlist of binary names but forwards the args array to the child process without any validation. Every bina...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44450/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-44449 - Critical (9.1)
Lumiverse is a full-featured AI chat application. Prior to 0.9.7, when the primary toSmbPath(fullPath) call throws, the method falls back to a dirname/basename split and only validates the directory prefix. The basename is concatenated directly in...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44449/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-43988 - High (7.5)
Vanetza is an open-source implementation of the ETSI C-ITS protocol suite. In 26.02 and earlier, a denial-of-service vulnerability was identified in the ASN.1/OER parsing pipeline of Vanetza. When processing malformed network packets containing co...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-43988/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-43935 - High (8.1)
e107 is a content management system (CMS). Prior to 2.3.4, a Host Header Injection vulnerability in the password reset page allows attackers to manipulate the Host header to generate password reset links pointing to attacker-controlled domains. Th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-43935/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
###OT #Advisory VDE-2026-053
METTLER TOLEDO: EVA Karl Fischer titrators affected by libpng vulnerabilities
Titration software versions prior to 2.0.2.6 are affected by libpng vulnerabilities CVE-2026-33416 and CVE-2026-33636.
#CVE CVE-2026-33636, CVE-2026-33416
https://certvde.com/en/advisories/vde-2026-053/
#CSAF https://mettler-toledo.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-053.json
##