| CVE | CVSS | EPSS | Posts | Repos | Nuclei | Updated | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-2835 | 0 | 0.00% | 2 | 0 | 2026-03-05T00:15:57.860000 | An HTTP Request Smuggling vulnerability (CWE-444) has been found in Pingora's pa | |
| CVE-2026-2833 | 0 | 0.00% | 2 | 0 | 2026-03-05T00:15:57.650000 | An HTTP request smuggling vulnerability (CWE-444) was found in Pingora's handlin | |
| CVE-2026-29000 | 10.0 | 0.00% | 2 | 0 | 2026-03-04T22:16:18.783000 | pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an authentication by | |
| CVE-2025-70240 | 9.8 | 0.02% | 2 | 0 | 2026-03-04T22:16:12.163000 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime para | |
| CVE-2026-24848 | 9.9 | 0.36% | 2 | 0 | 2026-03-04T21:58:33.060000 | OpenEMR is a free and open source electronic health records and medical practice | |
| CVE-2026-24898 | 10.0 | 0.09% | 1 | 0 | 2026-03-04T21:57:13.603000 | OpenEMR is a free and open source electronic health records and medical practice | |
| CVE-2025-70236 | 9.8 | 0.02% | 2 | 0 | 2026-03-04T21:33:52 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime para | |
| CVE-2026-0847 | 8.6 | 0.00% | 2 | 0 | 2026-03-04T21:32:57 | A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file | |
| CVE-2025-70223 | 9.8 | 0.00% | 2 | 0 | 2026-03-04T21:32:56 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime para | |
| CVE-2025-70220 | 9.8 | 0.00% | 2 | 0 | 2026-03-04T21:32:45 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime para | |
| CVE-2026-29065 | None | 0.00% | 1 | 0 | 2026-03-04T21:28:43 | ### Summary A Zip Slip vulnerability in the backup restore functionality allows | |
| CVE-2025-70239 | 9.8 | 0.02% | 2 | 0 | 2026-03-04T21:16:03.077000 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime para | |
| CVE-2026-2256 | 6.5 | 1.80% | 1 | 1 | 2026-03-04T21:14:09 | A Command Injection vulnerability in ModelScope's MS-Agent versions v1.6.0rc1 an | |
| CVE-2026-29038 | 6.1 | 0.00% | 1 | 0 | 2026-03-04T20:58:17 | A reflected cross-site scripting (XSS) vulnerability was identified in the `/rss | |
| CVE-2026-28518 | 7.8 | 0.01% | 1 | 0 | 2026-03-04T20:25:41 | OpenViking versions 0.2.1 and prior, fixed in commit 46b3e76, contain a path tra | |
| CVE-2026-25673 | 7.5 | 0.10% | 1 | 0 | 2026-03-04T20:24:03 | An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4 | |
| CVE-2026-3539 | 8.8 | 0.00% | 2 | 0 | 2026-03-04T20:16:20.957000 | Object lifecycle issue in DevTools in Google Chrome prior to 145.0.7632.159 allo | |
| CVE-2026-28435 | 7.5 | 0.00% | 2 | 0 | 2026-03-04T20:16:19.983000 | cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library | |
| CVE-2026-2025 | 7.5 | 0.01% | 2 | 9 | 2026-03-04T18:32:57 | The Mail Mint WordPress plugin before 1.19.5 does not have authorization in one | |
| CVE-2025-70341 | 7.8 | 0.00% | 4 | 1 | 2026-03-04T18:32:57 | Insecure permissions in App-Auto-Patch v3.4.2 create a race condition which allo | |
| CVE-2026-20049 | 7.7 | 0.00% | 4 | 0 | 2026-03-04T18:32:03 | A vulnerability in the processing of Galois/Counter Mode (GCM)-encrypted Interne | |
| CVE-2026-20103 | 8.6 | 0.00% | 2 | 0 | 2026-03-04T18:32:03 | A vulnerability in the Remote Access SSL VPN functionality of Cisco Secure Firew | |
| CVE-2026-20101 | 8.6 | 0.00% | 2 | 0 | 2026-03-04T18:32:03 | A vulnerability in the SAML 2.0 single sign-on (SSO) feature of Cisco Secure Fir | |
| CVE-2026-20105 | 7.7 | 0.00% | 2 | 0 | 2026-03-04T18:32:03 | A vulnerability in the Remote Access SSL VPN functionality of Cisco Secure Firew | |
| CVE-2026-20002 | 8.1 | 0.00% | 4 | 0 | 2026-03-04T18:32:02 | A vulnerability in the web-based management interface of Cisco Secure FMC Softwa | |
| CVE-2026-20039 | 8.6 | 0.00% | 4 | 0 | 2026-03-04T18:32:02 | A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security | |
| CVE-2026-20100 | 7.7 | 0.00% | 4 | 0 | 2026-03-04T18:32:02 | A vulnerability in the LUA interperter of the Remote Access SSL VPN feature of C | |
| CVE-2026-20014 | 7.7 | 0.00% | 2 | 0 | 2026-03-04T18:32:02 | A vulnerability in the IKEv2 feature of Cisco Secure Firewall ASA Software and C | |
| CVE-2026-20082 | 8.6 | 0.00% | 2 | 0 | 2026-03-04T18:32:02 | A vulnerability in the handling of the embryonic connection limits in Cisco Secu | |
| CVE-2026-26478 | 9.8 | 0.00% | 2 | 0 | 2026-03-04T18:32:01 | A shell command injection vulnerability in Mobvoi Tichome Mini smart speaker 012 | |
| CVE-2025-70237 | 9.8 | 0.02% | 2 | 0 | 2026-03-04T18:31:51 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime para | |
| CVE-2025-70234 | 9.8 | 0.02% | 2 | 0 | 2026-03-04T18:31:51 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime para | |
| CVE-2025-70241 | 9.8 | 0.02% | 2 | 0 | 2026-03-04T18:31:50 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime para | |
| CVE-2026-26673 | 7.5 | 0.00% | 4 | 0 | 2026-03-04T18:16:28.820000 | An issue in DJI Mavic Mini, Spark, Mavic Air, Mini, Mini SE 0.1.00.0500 and belo | |
| CVE-2026-20131 | 10.0 | 0.00% | 10 | 0 | 2026-03-04T18:16:27.153000 | A vulnerability in the web-based management interface of Cisco Secure Firewall M | |
| CVE-2026-20079 | 10.0 | 0.00% | 10 | 0 | 2026-03-04T18:16:24.230000 | A vulnerability in the web interface of Cisco Secure Firewall Management Center | |
| CVE-2026-21385 | 7.8 | 0.65% | 12 | 1 | 2026-03-04T18:13:00.207000 | Memory corruption while using alignments for memory allocation. | |
| CVE-2026-3224 | 9.8 | 0.01% | 5 | 1 | 2026-03-04T18:08:05.730000 | Authentication bypass in the Microsoft Entra ID (Azure AD) authentication mode i | |
| CVE-2026-26514 | 7.5 | 0.00% | 4 | 0 | 2026-03-04T18:08:05.730000 | An Argument Injection vulnerability exists in bird-lg-go before commit 6187a4e. | |
| CVE-2026-26279 | 9.1 | 0.23% | 2 | 0 | 2026-03-04T18:08:05.730000 | Froxlor is open source server administration software. Prior to 2.3.4, a typo in | |
| CVE-2026-3094 | 7.8 | 0.01% | 1 | 0 | 2026-03-04T18:08:05.730000 | Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. | |
| CVE-2026-27012 | 9.8 | 0.03% | 2 | 0 | 2026-03-04T18:08:05.730000 | OpenSTAManager is an open source management software for technical assistance an | |
| CVE-2026-27932 | 7.5 | 0.03% | 1 | 0 | 2026-03-04T18:08:05.730000 | joserfc is a Python library that provides an implementation of several JSON Obje | |
| CVE-2025-47375 | 7.8 | 0.01% | 1 | 0 | 2026-03-04T17:53:44.300000 | Memory corruption while handling different IOCTL calls from the user-space simul | |
| CVE-2025-47381 | 7.8 | 0.01% | 1 | 0 | 2026-03-04T15:44:13.047000 | Memory Corruption while processing IOCTL calls when concurrent access to shared | |
| CVE-2025-66945 | 9.1 | 0.06% | 2 | 0 | 2026-03-04T15:31:42 | A path traversal vulnerability exists in the ZIP extraction API of Zdir Pro 4.x. | |
| CVE-2026-3485 | 9.8 | 0.08% | 2 | 0 | 2026-03-04T15:31:42 | A flaw has been found in D-Link DIR-868L 110b03. This affects the function sub_1 | |
| CVE-2025-66363 | 7.5 | 0.02% | 2 | 0 | 2026-03-04T15:31:37 | An issue was discovered in LBS in Samsung Mobile Processor Exynos 2200. There wa | |
| CVE-2026-3130 | 9.8 | 0.01% | 2 | 0 | 2026-03-04T15:30:35 | Improper Enforcement of Behavioral Controls in Devolutions Server 2025.3.15 and | |
| CVE-2026-2590 | 9.8 | 0.01% | 4 | 0 | 2026-03-04T15:30:34 | Improper enforcement of the Disable password saving in vaults setting in the c | |
| CVE-2026-3204 | 9.8 | 0.02% | 2 | 0 | 2026-03-04T15:30:34 | Improper input validation in the error message page in Devolutions Server 2025. | |
| CVE-2025-62814 | 7.5 | 0.02% | 2 | 0 | 2026-03-04T15:30:33 | An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 148 | |
| CVE-2026-22719 | 8.1 | 10.76% | 6 | 0 | 2026-03-04T15:08:13.743000 | VMware Aria Operations contains a command injection vulnerability. A malicious u | |
| CVE-2025-69765 | 7.5 | 0.19% | 1 | 0 | 2026-03-04T14:04:54.033000 | Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formGetIptv functio | |
| CVE-2026-29120 | None | 0.01% | 1 | 0 | 2026-03-04T09:31:13 | The /root/anaconda-ks.cfg installation configuration file in International Datac | |
| CVE-2026-1874 | None | 0.14% | 1 | 0 | 2026-03-04T09:31:06 | Always-Incorrect Control Flow Implementation vulnerability in Mitsubishi Electri | |
| CVE-2026-1875 | None | 0.14% | 1 | 0 | 2026-03-04T09:31:06 | Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corpo | |
| CVE-2026-27971 | None | 0.06% | 1 | 0 | 2026-03-04T02:00:52 | ### Summary qwik <=1.19.0 is vulnerable to RCE due to an unsafe deserialization | |
| CVE-2025-59059 | 9.8 | 0.29% | 2 | 0 | 2026-03-03T21:52:29.877000 | Remote Code Execution Vulnerability in NashornScriptEngineCreator is reported in | |
| CVE-2026-22891 | 9.8 | 0.10% | 1 | 0 | 2026-03-03T21:52:29.877000 | A heap-based buffer overflow vulnerability exists in the Intan CLP parsing funct | |
| CVE-2026-20777 | 8.1 | 0.10% | 1 | 0 | 2026-03-03T21:52:29.877000 | A heap-based buffer overflow vulnerability exists in the Nicolet WFT parsing fun | |
| CVE-2025-12345 | 8.8 | 0.06% | 1 | 0 | 2026-03-03T21:52:29.877000 | A security vulnerability has been detected in LLM-Claw 0.1.0/0.1.1/0.1.1a/0.1.1a | |
| CVE-2026-3337 | 5.9 | 0.08% | 1 | 0 | 2026-03-03T21:52:29.877000 | Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthen | |
| CVE-2026-0032 | 7.8 | 0.01% | 2 | 0 | 2026-03-03T21:32:19 | In multiple functions of mem_protect.c, there is a possible out-of-bounds write | |
| CVE-2025-70252 | 7.5 | 0.04% | 1 | 0 | 2026-03-03T21:32:18 | An issue was discovered in /goform/WifiWpsStart in Tenda AC6V2.0 V15.03.06.23_mu | |
| CVE-2026-24502 | 8.8 | 0.01% | 1 | 0 | 2026-03-03T21:31:24 | Dell Command | Intel vPro Out of Band, versions prior to 4.7.0, contain an Uncon | |
| CVE-2026-28399 | None | 0.05% | 1 | 0 | 2026-03-03T20:58:59 | ### Summary An authenticated user with Creator role can inject arbitrary SQL via | |
| CVE-2026-24112 | 9.8 | 0.04% | 1 | 0 | 2026-03-03T20:16:47.360000 | An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit t | |
| CVE-2026-0029 | 8.4 | 0.01% | 1 | 0 | 2026-03-03T19:39:28.533000 | In __pkvm_init_vm of pkvm.c, there is a possible memory corruption due to a logi | |
| CVE-2026-0034 | 8.4 | 0.01% | 1 | 0 | 2026-03-03T19:36:58.937000 | In setPackageOrComponentEnabled of ManagedServices.java, there is a possible not | |
| CVE-2025-48602 | 8.4 | 0.01% | 1 | 0 | 2026-03-03T19:25:08.307000 | In exitKeyguardAndFinishSurfaceBehindRemoteAnimation of KeyguardViewMediator.jav | |
| CVE-2025-48645 | 7.8 | 0.03% | 1 | 0 | 2026-03-03T19:23:29.340000 | In loadDescription of DeviceAdminInfo.java, there is a possible persistent packa | |
| CVE-2025-50187 | 9.8 | 0.29% | 1 | 0 | 2026-03-03T19:12:14.917000 | Chamilo is a learning management system. Prior to version 1.11.28, parameter fro | |
| CVE-2025-50199 | 9.1 | 0.04% | 2 | 0 | 2026-03-03T18:47:26.910000 | Chamilo is a learning management system. Prior to version 1.11.30, there is a bl | |
| CVE-2026-0023 | 7.8 | 0.01% | 1 | 0 | 2026-03-03T18:41:40.640000 | In createSessionInternal of PackageInstallerService.java, there is a possible wa | |
| CVE-2026-0017 | 7.7 | 0.01% | 1 | 0 | 2026-03-03T18:40:59.027000 | In onChange of BiometricService.java, there is a possible way to enable fingerpr | |
| CVE-2025-48605 | 8.4 | 0.01% | 1 | 0 | 2026-03-03T18:32:35 | In multiple functions of KeyguardViewMediator.java, there is a possible lockscre | |
| CVE-2025-52365 | 7.8 | 0.09% | 1 | 0 | 2026-03-03T18:32:35 | A command injection vulnerability in the szc script of the ccurtsinger/stabilize | |
| CVE-2025-48654 | 7.8 | 0.01% | 1 | 0 | 2026-03-03T18:32:35 | In onStart of CompanionDeviceManagerService.java, there is a possible confused d | |
| CVE-2025-48635 | 7.7 | 0.01% | 1 | 0 | 2026-03-03T18:32:34 | In multiple functions of TaskFragmentOrganizerController.java, there is a possib | |
| CVE-2026-3437 | None | 0.01% | 1 | 0 | 2026-03-03T18:31:40 | An Improper Restriction of Operations within the Bounds of a Memory Buffer vulne | |
| CVE-2025-48613 | 7.8 | 0.01% | 1 | 0 | 2026-03-03T18:31:32 | In VBMeta, there is a possible way to modify and resign VBMeta using a test key, | |
| CVE-2025-48609 | 9.1 | 0.04% | 1 | 0 | 2026-03-03T18:31:32 | In multiple functions of MmsProvider.java, there is a possible way to arbitraril | |
| CVE-2026-0011 | 8.4 | 0.01% | 1 | 0 | 2026-03-03T18:31:32 | In enableSystemPackageLPw of Settings.java, there is a possible way to prevent l | |
| CVE-2025-48653 | 7.8 | 0.01% | 1 | 0 | 2026-03-03T18:31:32 | In loadDataAndPostValue of multiple files, there is a possible way to obscure pe | |
| CVE-2026-24115 | 9.8 | 0.04% | 1 | 0 | 2026-03-03T18:31:31 | An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the | |
| CVE-2026-24114 | 9.8 | 0.04% | 1 | 0 | 2026-03-03T18:31:30 | An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate `pP | |
| CVE-2026-24111 | 9.8 | 0.02% | 1 | 0 | 2026-03-03T18:31:29 | An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit t | |
| CVE-2026-24109 | 9.8 | 0.02% | 1 | 0 | 2026-03-03T18:31:29 | An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit t | |
| CVE-2025-48574 | 8.4 | 0.00% | 1 | 0 | 2026-03-03T18:16:56.797000 | In validateAddingWindowLw of DisplayPolicy.java, there is a possible way for an | |
| CVE-2025-48619 | 8.4 | 0.01% | 1 | 0 | 2026-03-03T18:13:02.407000 | In multiple functions of ContentProvider.java, there is a possible way for an ap | |
| CVE-2025-48579 | 8.4 | 0.00% | 1 | 0 | 2026-03-03T17:04:04.223000 | In multiple functions of MediaProvider.java, there is a possible external storag | |
| CVE-2026-24108 | 9.8 | 0.04% | 1 | 0 | 2026-03-03T15:54:49.147000 | An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit t | |
| CVE-2026-24113 | 9.8 | 0.02% | 1 | 0 | 2026-03-03T15:53:43.620000 | An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit t | |
| CVE-2026-0007 | 8.6 | 0.01% | 1 | 0 | 2026-03-03T15:32:43 | In writeToParcel of WindowInfo.cpp, there is a possible way to trick a user into | |
| CVE-2026-0025 | 7.8 | 0.01% | 2 | 0 | 2026-03-03T15:31:40 | In hasImage of Notification.java, there is a possible way to reveal information | |
| CVE-2026-0010 | 8.4 | 0.01% | 1 | 0 | 2026-03-03T15:31:40 | In onTransact of IDrmManagerService.cpp, there is a possible out of bounds write | |
| CVE-2026-0037 | 8.4 | 0.01% | 1 | 0 | 2026-03-03T15:31:40 | In multiple functions of ffa.c, there is a possible memory corruption due to a l | |
| CVE-2026-21902 | 9.8 | 0.28% | 5 | 1 | 2026-03-03T15:31:37 | An Incorrect Permission Assignment for Critical Resource vulnerability in the On | |
| CVE-2026-24105 | 9.8 | 0.29% | 1 | 0 | 2026-03-03T15:31:37 | An issue was discovered in goform/formsetUsbUnload in Tenda AC15V1.0 V15.03.05.1 | |
| CVE-2026-20423 | 7.1 | 0.01% | 1 | 0 | 2026-03-03T15:31:36 | In wlan STA driver, there is a possible out of bounds write due to a missing bou | |
| CVE-2026-0038 | 8.4 | 0.01% | 1 | 0 | 2026-03-03T15:31:35.410000 | In multiple functions of mem_protect.c, there is a possible way to execute arbit | |
| CVE-2026-0026 | 7.8 | 0.01% | 1 | 0 | 2026-03-03T13:22:41.723000 | In removePermission of PermissionManagerServiceImpl.java, there is a possible wa | |
| CVE-2026-0013 | 8.4 | 0.01% | 1 | 0 | 2026-03-03T13:21:36.860000 | In setupLayout of PickActivity.java, there is a possible way to start any activi | |
| CVE-2026-22886 | 9.8 | 0.16% | 2 | 0 | 2026-03-03T12:31:32 | OpenMQ exposes a TCP-based management service (imqbrokerd) that by default requi | |
| CVE-2026-1492 | 9.8 | 0.07% | 3 | 0 | 2026-03-03T06:31:14 | The User Registration & Membership – Custom Registration Form Builder, Custom Lo | |
| CVE-2026-24107 | 9.8 | 0.29% | 1 | 0 | 2026-03-03T03:33:44 | An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the | |
| CVE-2026-2448 | 8.8 | 0.10% | 3 | 0 | 2026-03-03T03:32:48 | The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Local File | |
| CVE-2026-2628 | 9.8 | 0.25% | 2 | 1 | 2026-03-03T03:32:48 | The All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login plugin for WordPres | |
| CVE-2025-48567 | 7.8 | 0.01% | 1 | 0 | 2026-03-03T00:32:12 | In multiple locations, there is a possible bypass of a file path filter designed | |
| CVE-2026-1566 | 8.8 | 0.04% | 2 | 0 | 2026-03-03T00:31:17 | The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for W | |
| CVE-2026-0021 | 8.4 | 0.01% | 1 | 0 | 2026-03-03T00:31:11 | In hasInteractAcrossUsersFullPermission of AppInfoBase.java, there is a possible | |
| CVE-2026-0020 | 8.4 | 0.01% | 1 | 0 | 2026-03-03T00:31:11 | In parsePermissionGroup of ParsedPermissionUtils.java, there is a possible way t | |
| CVE-2026-0006 | 9.8 | 0.09% | 3 | 1 | 2026-03-03T00:31:10 | In multiple locations, there is a possible out of bounds read and write due to a | |
| CVE-2025-48650 | 8.4 | 0.01% | 1 | 0 | 2026-03-03T00:31:10 | In multiple locations, there is a possible information disclosure due to SQL inj | |
| CVE-2025-48646 | 7.8 | 0.01% | 1 | 0 | 2026-03-03T00:31:10 | In executeRequest of ActivityStarter.java, there is a possible launch anywhere d | |
| CVE-2026-0008 | 8.4 | 0.01% | 1 | 0 | 2026-03-03T00:31:10 | In multiple locations, there is a possible privilege escalation due to a confus | |
| CVE-2025-48582 | 8.4 | 0.00% | 1 | 0 | 2026-03-03T00:31:09 | In multiple locations, there is a possible way to delete media without the MANAG | |
| CVE-2025-48578 | 7.8 | 0.01% | 1 | 0 | 2026-03-03T00:31:09 | In multiple functions of MediaProvider.java, there is a possible way to bypass t | |
| CVE-2026-21882 | 8.4 | 0.01% | 1 | 0 | 2026-03-02T21:59:24 | ### Impact **Vulnerability Type:** Local Privilege Escalation (LPE) / Improper | |
| CVE-2026-0035 | 8.4 | 0.01% | 1 | 0 | 2026-03-02T21:31:51 | In createRequest of MediaProvider.java, there is a possible way for an app to ga | |
| CVE-2026-0028 | 8.4 | 0.01% | 1 | 0 | 2026-03-02T21:31:51 | In __pkvm_host_share_guest of mem_protect.c, there is a possible out of bounds w | |
| CVE-2026-0047 | 8.4 | 0.01% | 1 | 0 | 2026-03-02T21:31:44 | In dumpBitmapsProto of ActivityManagerService.java, there is a possible way for | |
| CVE-2026-0031 | 8.4 | 0.01% | 1 | 0 | 2026-03-02T21:31:43 | In multiple functions of mem_protect.c, there is a possible out of bounds write | |
| CVE-2026-0030 | 8.4 | 0.01% | 1 | 0 | 2026-03-02T21:31:43 | In __host_check_page_state_range of mem_protect.c, there is a possible out of bo | |
| CVE-2025-48636 | 8.4 | 0.01% | 2 | 0 | 2026-03-02T21:31:42 | In openFile of BugreportContentProvider.java, there is a possible way to read an | |
| CVE-2025-32313 | 8.4 | 0.01% | 1 | 0 | 2026-03-02T21:31:38 | In UsageEvents of UsageEvents.java, there is a possible out of bounds write due | |
| CVE-2025-58107 | 7.5 | 0.02% | 1 | 1 | 2026-03-02T20:29:29.330000 | In Microsoft Exchange through 2019, Exchange ActiveSync (EAS) configurations on | |
| CVE-2026-21853 | 8.8 | 0.16% | 1 | 0 | 2026-03-02T20:29:29.330000 | AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to | |
| CVE-2026-3132 | 8.8 | 0.22% | 1 | 0 | 2026-03-02T20:29:29.330000 | The Master Addons for Elementor Premium plugin for WordPress is vulnerable to Re | |
| CVE-2025-47379 | 7.8 | 0.01% | 1 | 0 | 2026-03-02T20:29:29.330000 | Memory Corruption when concurrent access to shared buffer occurs due to improper | |
| CVE-2025-47385 | 7.8 | 0.01% | 1 | 0 | 2026-03-02T20:29:29.330000 | Memory Corruption when accessing trusted execution environment without proper pr | |
| CVE-2026-21660 | 9.8 | 0.03% | 1 | 0 | 2026-03-02T18:32:46 | Hardcoded Email Credentials Saved as Plaintext in Firmware (CWE-256: Plaintext S | |
| CVE-2026-3180 | 7.5 | 0.08% | 1 | 0 | 2026-03-02T18:31:52 | The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plu | |
| CVE-2025-59603 | 7.8 | 0.01% | 1 | 0 | 2026-03-02T18:31:52 | Memory Corruption when processing invalid user address with nonstandard buffer a | |
| CVE-2026-26720 | 9.8 | 0.25% | 2 | 1 | 2026-03-02T18:31:51 | An issue in Twenty CRM v1.15.0 and before allows a remote attacker to execute ar | |
| CVE-2025-47376 | 7.8 | 0.01% | 1 | 0 | 2026-03-02T18:31:51 | Memory Corruption when concurrent access to shared buffer occurs during IOCTL ca | |
| CVE-2025-47377 | 7.8 | 0.01% | 1 | 0 | 2026-03-02T18:31:51 | Memory Corruption when accessing a buffer after it has been freed while processi | |
| CVE-2025-47386 | 7.8 | 0.01% | 1 | 0 | 2026-03-02T18:31:51 | Memory Corruption while invoking IOCTL calls when concurrent access to shared bu | |
| CVE-2025-59600 | 7.8 | 0.01% | 1 | 0 | 2026-03-02T18:31:51 | Memory Corruption when adding user-supplied data without checking available buff | |
| CVE-2026-24110 | 9.8 | 0.04% | 2 | 0 | 2026-03-02T18:31:45 | An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may send over | |
| CVE-2025-47373 | 7.8 | 0.01% | 1 | 0 | 2026-03-02T18:31:45 | Memory Corruption when accessing buffers with invalid length during TA invocatio | |
| CVE-2026-24101 | 9.8 | 0.29% | 2 | 0 | 2026-03-02T18:31:44 | An issue was discovered in goform/formSetIptv in Tenda AC15V1.0 V15.03.05.18_mul | |
| CVE-2026-21657 | 9.8 | 0.08% | 1 | 0 | 2026-03-02T18:31:41 | Improper Control of Generation of Code ('Code Injection') vulnerability in Johns | |
| CVE-2026-21656 | 9.8 | 0.08% | 1 | 0 | 2026-03-02T18:31:41 | Improper Control of Generation of Code ('Code Injection') vulnerability in Johns | |
| CVE-2026-21659 | 9.8 | 0.21% | 1 | 0 | 2026-03-02T18:31:41 | Unauthenticated Remote Code Execution and Information Disclosure due to Local Fi | |
| CVE-2026-21654 | 9.8 | 0.12% | 1 | 0 | 2026-03-02T18:25:01.993000 | Improper Neutralization of Special Elements used in an OS Command ('OS Command I | |
| CVE-2026-21658 | 9.8 | 0.21% | 1 | 0 | 2026-03-02T18:24:25.517000 | Unauthenticated Remote Code Execution i.e Improper Control of Generation of Code | |
| CVE-2026-23600 | None | 0.20% | 2 | 0 | 2026-03-02T15:31:31 | A remote authentication bypass vulnerability exists in HPE AutoPass License S | |
| CVE-2026-27510 | 9.6 | 0.08% | 1 | 0 | 2026-02-27T19:16:08.767000 | Unitree Go2 firmware versions 1.1.7 through 1.1.11, when used with the Unitree G | |
| CVE-2026-27509 | 8.0 | 0.04% | 1 | 0 | 2026-02-27T19:16:08.547000 | Unitree Go2 firmware versions V1.1.7 through V1.1.9 and V1.1.11 (EDU) do not imp | |
| CVE-2026-20127 | 10.0 | 2.60% | 2 | 4 | 2026-02-26T16:20:02.187000 | A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controlle | |
| CVE-2026-0714 | 6.8 | 0.01% | 1 | 0 | 2026-02-18T18:31:27 | A physical attack vulnerability exists in certain Moxa industrial computers usin | |
| CVE-2026-21513 | 8.8 | 4.76% | 2 | 0 | 2026-02-10T21:31:29 | Protection mechanism failure in MSHTML Framework allows an unauthorized attacker | |
| CVE-2026-24061 | 9.8 | 81.03% | 2 | 63 | template | 2026-02-10T18:30:34 | telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a " |
| CVE-2025-13348 | 0 | 0.01% | 1 | 0 | 2026-02-03T16:44:36.630000 | An improper access control vulnerability exists in ASUS Secure Delete Driver of | |
| CVE-2026-1281 | 9.8 | 64.79% | 1 | 2 | 2026-01-30T00:31:29 | A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve | |
| CVE-2026-21524 | 7.4 | 0.06% | 2 | 0 | 2026-01-23T00:31:24 | Exposure of sensitive information to an unauthorized actor in Azure Data Explore | |
| CVE-2026-21859 | 5.8 | 1.32% | 1 | 0 | template | 2026-01-20T19:03:30 | ## Summary A Server-Side Request Forgery (SSRF) vulnerability exists in Mailpit |
| CVE-2026-0628 | 8.8 | 0.04% | 1 | 2 | 2026-01-12T16:48:33.560000 | Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7 | |
| CVE-2025-38617 | 4.7 | 0.00% | 2 | 0 | 2026-01-07T18:30:21 | In the Linux kernel, the following vulnerability has been resolved: net/packet: | |
| CVE-2025-59718 | 9.8 | 1.97% | 2 | 2 | 2025-12-16T21:30:51 | A improper verification of cryptographic signature vulnerability in Fortinet For | |
| CVE-2025-54309 | 9.0 | 69.57% | 1 | 7 | template | 2025-11-05T19:25:42.887000 | CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is |
| CVE-2025-23299 | 6.7 | 0.02% | 1 | 0 | 2025-10-22T21:12:32.330000 | NVIDIA Bluefield and ConnectX contain a vulnerability in the management interfac | |
| CVE-2025-31161 | 9.8 | 87.29% | 1 | 18 | template | 2025-10-22T00:33:17 | CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and |
| CVE-2024-4040 | 7.7 | 94.43% | 1 | 18 | template | 2025-10-22T00:33:01 | VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1.0 on all p |
| CVE-2025-55315 | 9.9 | 0.36% | 1 | 7 | 2025-10-21T21:04:55 | # Microsoft Security Advisory CVE-2025-55315: .NET Security Feature Bypass Vulne | |
| CVE-2025-11462 | 7.8 | 0.04% | 1 | 0 | 2025-10-14T18:31:29 | Improper Link Resolution Before File Access in the AWS VPN Client for macOS vers | |
| CVE-2025-69969 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-22552 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2025-50192 | 0 | 0.03% | 2 | 0 | N/A | ||
| CVE-2025-50190 | 0 | 0.03% | 2 | 0 | N/A | ||
| CVE-2025-50189 | 0 | 0.05% | 2 | 0 | N/A | ||
| CVE-2026-25146 | 0 | 0.03% | 1 | 0 | N/A | ||
| CVE-2026-26266 | 0 | 0.03% | 1 | 0 | N/A | ||
| CVE-2026-27636 | 0 | 0.34% | 1 | 1 | N/A | ||
| CVE-2026-28289 | 0 | 0.04% | 2 | 0 | N/A | ||
| CVE-2025-52998 | 0 | 0.04% | 1 | 0 | N/A | ||
| CVE-2026-27825 | 0 | 0.00% | 1 | 1 | N/A | ||
| CVE-2026-27826 | 0 | 0.00% | 1 | 1 | N/A | ||
| CVE-2025-62507 | 0 | 0.12% | 1 | 1 | N/A | ||
| CVE-2026-3338 | 0 | 0.03% | 2 | 0 | N/A | ||
| CVE-2026-3336 | 0 | 0.02% | 2 | 0 | N/A | ||
| CVE-2026-28286 | 0 | 0.06% | 1 | 0 | N/A | ||
| CVE-2025-52468 | 0 | 0.04% | 1 | 0 | N/A |
updated 2026-03-05T00:15:57.860000
2 posts
🚨 CRITICAL: CVE-2026-2835 in Cloudflare Pingora enables HTTP request smuggling via improper HTTP/1.0 and Transfer-Encoding handling. Impacts standalone Pingora. Upgrade to v0.8.0+ ASAP! https://radar.offseq.com/threat/cve-2026-2835-cwe-444-inconsistent-interpretation--a3f6db67 #OffSeq #Cloudflare #HTTPsmuggling #infosec
##🚨 CRITICAL: CVE-2026-2835 in Cloudflare Pingora enables HTTP request smuggling via improper HTTP/1.0 and Transfer-Encoding handling. Impacts standalone Pingora. Upgrade to v0.8.0+ ASAP! https://radar.offseq.com/threat/cve-2026-2835-cwe-444-inconsistent-interpretation--a3f6db67 #OffSeq #Cloudflare #HTTPsmuggling #infosec
##updated 2026-03-05T00:15:57.650000
2 posts
⚠️ CRITICAL: CVE-2026-2833 in Cloudflare Pingora enables HTTP request smuggling — attackers can bypass proxy ACLs/WAFs, poison caches, and hijack sessions. Upgrade to v0.8.0+ or filter Upgrade headers. More info: https://radar.offseq.com/threat/cve-2026-2833-cwe-444-inconsistent-interpretation--c3ebdcf0 #OffSeq #Pingora #Vuln
##⚠️ CRITICAL: CVE-2026-2833 in Cloudflare Pingora enables HTTP request smuggling — attackers can bypass proxy ACLs/WAFs, poison caches, and hijack sessions. Upgrade to v0.8.0+ or filter Upgrade headers. More info: https://radar.offseq.com/threat/cve-2026-2833-cwe-444-inconsistent-interpretation--c3ebdcf0 #OffSeq #Pingora #Vuln
##updated 2026-03-04T22:16:18.783000
2 posts
🚨 CRITICAL: pac4j-jwt (pre-4.5.9/5.7.9/6.3.3) vulnerable to auth bypass (CVE-2026-29000). Attackers w/ RSA public key can forge JWTs, impersonate any user. Patch now & audit JWT usage! https://radar.offseq.com/threat/cve-2026-29000-cwe-347-improper-verification-of-cr-c33a53b1 #OffSeq #CVE202629000 #JWT #Security
##🚨 CRITICAL: pac4j-jwt (pre-4.5.9/5.7.9/6.3.3) vulnerable to auth bypass (CVE-2026-29000). Attackers w/ RSA public key can forge JWTs, impersonate any user. Patch now & audit JWT usage! https://radar.offseq.com/threat/cve-2026-29000-cwe-347-improper-verification-of-cr-c33a53b1 #OffSeq #CVE202629000 #JWT #Security
##updated 2026-03-04T22:16:12.163000
2 posts
🔴 CVE-2025-70240 - Critical (9.8)
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard51.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70240/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-70240 - Critical (9.8)
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard51.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70240/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T21:58:33.060000
2 posts
🔴 CVE-2026-24848 - Critical (9.9)
OpenEMR is a free and open source electronic health records and medical practice management application. In 7.0.4 and earlier, the disposeDocument() method in EtherFaxActions.php allows authenticated users to write arbitrary content to arbitrary l...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24848/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-24848 - Critical (9.9)
OpenEMR is a free and open source electronic health records and medical practice management application. In 7.0.4 and earlier, the disposeDocument() method in EtherFaxActions.php allows authenticated users to write arbitrary content to arbitrary l...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24848/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T21:57:13.603000
1 posts
🔴 CVE-2026-24898 - Critical (10)
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0, an unauthenticated token disclosure vulnerability in the MedEx callback endpoint allows any unauthenticated visitor to obtain ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24898/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T21:33:52
2 posts
🔴 CVE-2025-70236 - Critical (9.8)
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetDomainFilter.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70236/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-70236 - Critical (9.8)
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetDomainFilter.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70236/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T21:32:57
2 posts
🟠 CVE-2026-0847 - High (8.6)
A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. These classes fail to prop...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0847/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-0847 - High (8.6)
A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. These classes fail to prop...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0847/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T21:32:56
2 posts
🔴 CVE-2025-70223 - Critical (9.8)
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAdvNetwork.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70223/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-70223 - Critical (9.8)
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAdvNetwork.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70223/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T21:32:45
2 posts
🔴 CVE-2025-70220 - Critical (9.8)
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAutoDetecWAN_wizard4.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70220/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-70220 - Critical (9.8)
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAutoDetecWAN_wizard4.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70220/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T21:28:43
1 posts
Security-focused update: changedetection.io v0.54.4 is here! 🛡️
This release is a must-have, patching critical vulnerabilities like Reflected XSS, Arbitrary File Read via XPath, and backup security flaws like 'zip slip' (CVE-2026-29038, CVE-2026-29065).
It also adds support for Python 3.14. 🐍
Release details: https://github.com/dgtlmoon/changedetection.io/releases/tag/0.54.4
Run it on PikaPods: https://pikapods.com/pods?run=changedetection
updated 2026-03-04T21:16:03.077000
2 posts
🔴 CVE-2025-70239 - Critical (9.8)
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard55.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70239/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-70239 - Critical (9.8)
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard55.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70239/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T21:14:09
1 posts
1 repos
Critical MS-Agent Vulnerability Allows Full System Takeover via AI Prompt Injection
ModelScope's MS-Agent framework contains a critical command injection vulnerability (CVE-2026-2256) that allows attackers to execute arbitrary system commands via malicious AI prompts.
**If you are using ModelScope's MS-Agent, this is important and urgent. There's a critical command injection flaw, a public PoC and no patch. Isolate the system as much as possible and until a patch is released, disable the Shell tool or implement strict command allowlists to prevent remote code execution. Treat AI agents with shell access as high-risk assets and isolate them in sandboxed environments.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-ms-agent-vulnerability-allows-full-system-takeover-via-ai-prompt-injection-r-f-r-o-w/gD2P6Ple2L
updated 2026-03-04T20:58:17
1 posts
Security-focused update: changedetection.io v0.54.4 is here! 🛡️
This release is a must-have, patching critical vulnerabilities like Reflected XSS, Arbitrary File Read via XPath, and backup security flaws like 'zip slip' (CVE-2026-29038, CVE-2026-29065).
It also adds support for Python 3.14. 🐍
Release details: https://github.com/dgtlmoon/changedetection.io/releases/tag/0.54.4
Run it on PikaPods: https://pikapods.com/pods?run=changedetection
updated 2026-03-04T20:25:41
1 posts
🟠 CVE-2026-28518 - High (7.8)
OpenViking versions 0.2.1 and prior, fixed in commit 46b3e76, contain a path traversal vulnerability in the .ovpack import handling that allows attackers to write files outside the intended import directory. Attackers can craft malicious ZIP arch...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28518/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T20:24:03
1 posts
🟠 CVE-2026-25673 - High (7.5)
An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29.
`URLField.to_python()` in Django calls `urllib.parse.urlsplit()`, which performs NFKC normalization on Windows that is disproportionately slow for certain Unico...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25673/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T20:16:20.957000
2 posts
🟠 CVE-2026-3539 - High (8.8)
Object lifecycle issue in DevTools in Google Chrome prior to 145.0.7632.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severit...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3539/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-3539 - High (8.8)
Object lifecycle issue in DevTools in Google Chrome prior to 145.0.7632.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severit...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3539/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T20:16:19.983000
2 posts
🟠 CVE-2026-28435 - High (7.5)
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, cpp-httplib (httplib.h) does not enforce Server::set_payload_max_length() on the decompressed request body when using HandlerWithContentReader (stre...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28435/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-28435 - High (7.5)
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, cpp-httplib (httplib.h) does not enforce Server::set_payload_max_length() on the decompressed request body when using HandlerWithContentReader (stre...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28435/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T18:32:57
2 posts
9 repos
https://github.com/R3lva/CVE-2025-54100-BYPASS-
https://github.com/ANYLNK/STProcessMonitorBYOVD
https://github.com/saruman9/cve_2025_20265
https://github.com/magercode/List-CVE-2025-2026
https://github.com/DeathShotXD/0xKern3lCrush-Foreverday-BYOVD-CVE-2026-0828
https://github.com/jordan922/cve2025-20265
🟠 CVE-2026-2025 - High (7.5)
The Mail Mint WordPress plugin before 1.19.5 does not have authorization in one of its REST API endpoint, allowing unauthenticated users to call it and retrieve the email addresses of users on the blog
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2025/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2025 - High (7.5)
The Mail Mint WordPress plugin before 1.19.5 does not have authorization in one of its REST API endpoint, allowing unauthenticated users to call it and retrieve the email addresses of users on the blog
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2025/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T18:32:57
4 posts
1 repos
🟠 CVE-2025-70341 - High (7.8)
Insecure permissions in App-Auto-Patch v3.4.2 create a race condition which allows attackers to write arbitrary files.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70341/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-70341 - High (7.8)
Insecure permissions in App-Auto-Patch v3.4.2 create a race condition which allows attackers to write arbitrary files.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70341/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-70341 - High (7.8)
Insecure permissions in App-Auto-Patch v3.4.2 create a race condition which allows attackers to write arbitrary files.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70341/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-70341 - High (7.8)
Insecure permissions in App-Auto-Patch v3.4.2 create a race condition which allows attackers to write arbitrary files.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70341/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T18:32:03
4 posts
🟠 CVE-2026-20049 - High (7.7)
A vulnerability in the processing of Galois/Counter Mode (GCM)-encrypted Internet Key Exchange version 2 (IKEv2) IPsec traffic of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Softw...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20049/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-20049 - High (7.7)
A vulnerability in the processing of Galois/Counter Mode (GCM)-encrypted Internet Key Exchange version 2 (IKEv2) IPsec traffic of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Softw...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20049/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-20049 - High (7.7)
A vulnerability in the processing of Galois/Counter Mode (GCM)-encrypted Internet Key Exchange version 2 (IKEv2) IPsec traffic of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Softw...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20049/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-20049 - High (7.7)
A vulnerability in the processing of Galois/Counter Mode (GCM)-encrypted Internet Key Exchange version 2 (IKEv2) IPsec traffic of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Softw...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20049/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T18:32:03
2 posts
🟠 CVE-2026-20103 - High (8.6)
A vulnerability in the Remote Access SSL VPN functionality of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust device memo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20103/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-20103 - High (8.6)
A vulnerability in the Remote Access SSL VPN functionality of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust device memo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20103/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T18:32:03
2 posts
🟠 CVE-2026-20101 - High (8.6)
A vulnerability in the SAML 2.0 single sign-on (SSO) feature of Cisco Secure Firewall ASA Software and Secure FTD Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a DoS condition.
...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20101/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-20101 - High (8.6)
A vulnerability in the SAML 2.0 single sign-on (SSO) feature of Cisco Secure Firewall ASA Software and Secure FTD Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a DoS condition.
...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20101/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T18:32:03
2 posts
🟠 CVE-2026-20105 - High (7.7)
A vulnerability in the Remote Access SSL VPN functionality of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker with a valid VPN connect...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20105/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-20105 - High (7.7)
A vulnerability in the Remote Access SSL VPN functionality of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker with a valid VPN connect...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20105/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T18:32:02
4 posts
🟠 CVE-2026-20002 - High (8.1)
A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.
This vulnerability is due to inadequate validation of user-...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20002/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-20002 - High (8.1)
A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.
This vulnerability is due to inadequate validation of user-...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20002/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-20002 - High (8.1)
A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.
This vulnerability is due to inadequate validation of user-...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20002/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-20002 - High (8.1)
A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.
This vulnerability is due to inadequate validation of user-...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20002/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T18:32:02
4 posts
🟠 CVE-2026-20039 - High (8.6)
A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) co...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20039/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-20039 - High (8.6)
A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) co...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20039/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-20039 - High (8.6)
A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) co...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20039/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-20039 - High (8.6)
A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) co...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20039/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T18:32:02
4 posts
🟠 CVE-2026-20100 - High (7.7)
A vulnerability in the LUA interperter of the Remote Access SSL VPN feature of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker with a ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20100/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-20100 - High (7.7)
A vulnerability in the LUA interperter of the Remote Access SSL VPN feature of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker with a ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20100/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-20100 - High (7.7)
A vulnerability in the LUA interperter of the Remote Access SSL VPN feature of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker with a ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20100/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-20100 - High (7.7)
A vulnerability in the LUA interperter of the Remote Access SSL VPN feature of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker with a ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20100/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T18:32:02
2 posts
🟠 CVE-2026-20014 - High (7.7)
A vulnerability in the IKEv2 feature of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an authenticated, remote attacker with valid VPN user credentials to cause a DoS condition on an affected device that may also imp...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20014/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-20014 - High (7.7)
A vulnerability in the IKEv2 feature of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an authenticated, remote attacker with valid VPN user credentials to cause a DoS condition on an affected device that may also imp...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20014/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T18:32:02
2 posts
🟠 CVE-2026-20082 - High (8.6)
A vulnerability in the handling of the embryonic connection limits in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause incoming TCP SYN packets to be dropped incorrectly.
...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20082/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-20082 - High (8.6)
A vulnerability in the handling of the embryonic connection limits in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause incoming TCP SYN packets to be dropped incorrectly.
...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20082/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T18:32:01
2 posts
🔴 CVE-2026-26478 - Critical (9.8)
A shell command injection vulnerability in Mobvoi Tichome Mini smart speaker 012-18853 and 027-58389 allows remote attackers to send a specially crafted UDP datagram and execute arbitrary shell code as the root account.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26478/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-26478 - Critical (9.8)
A shell command injection vulnerability in Mobvoi Tichome Mini smart speaker 012-18853 and 027-58389 allows remote attackers to send a specially crafted UDP datagram and execute arbitrary shell code as the root account.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26478/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T18:31:51
2 posts
🔴 CVE-2025-70237 - Critical (9.8)
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetPortTr.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70237/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-70237 - Critical (9.8)
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetPortTr.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70237/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T18:31:51
2 posts
🔴 CVE-2025-70234 - Critical (9.8)
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetQoS.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70234/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-70234 - Critical (9.8)
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetQoS.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70234/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T18:31:50
2 posts
🔴 CVE-2025-70241 - Critical (9.8)
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWANType_Wizard5.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70241/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-70241 - Critical (9.8)
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWANType_Wizard5.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70241/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T18:16:28.820000
4 posts
🟠 CVE-2026-26673 - High (7.5)
An issue in DJI Mavic Mini, Spark, Mavic Air, Mini, Mini SE 0.1.00.0500 and below allows a remote attacker to cause a denial of service via the DJI Enhanced-WiFi transmission subsystem
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26673/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26673 - High (7.5)
An issue in DJI Mavic Mini, Spark, Mavic Air, Mini, Mini SE 0.1.00.0500 and below allows a remote attacker to cause a denial of service via the DJI Enhanced-WiFi transmission subsystem
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26673/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26673 - High (7.5)
An issue in DJI Mavic Mini, Spark, Mavic Air, Mini, Mini SE 0.1.00.0500 and below allows a remote attacker to cause a denial of service via the DJI Enhanced-WiFi transmission subsystem
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26673/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26673 - High (7.5)
An issue in DJI Mavic Mini, Spark, Mavic Air, Mini, Mini SE 0.1.00.0500 and below allows a remote attacker to cause a denial of service via the DJI Enhanced-WiFi transmission subsystem
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26673/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T18:16:27.153000
10 posts
💥 Cisco warns of max severity Secure FMC flaws giving root access
「 Both vulnerabilities can be exploited remotely by unauthenticated attackers: the authentication bypass flaw (CVE-2026-20079) allows attackers to gain root access to the underlying operating system, while the remote code execution (RCE) vulnerability (CVE-2026-20131) lets them execute arbitrary Java code as root on unpatched devices 」
#cisco #rce #cybersecurity
https://www.bleepingcomputer.com/news/security/cisco-warns-of-max-severity-secure-fmc-flaws-giving-root-access/
yikes.. 50 CVEs for Cisco today incl. two max severity CVE-2026-20131 & CVE-2026-20079 with auth bypass 🫡
🚬
##🔴 CVE-2026-20131 - Critical (10)
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device.
This vulnerability is ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20131/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Second is CVE-2026-20131: remote code execution in the same product by way of, aww yiss, Java deserialization.
##Oops.
A long list of Cisco vulnerabilities, two critical, several high-severity.
- Critical: CVE-2026-20079-CWE-288: Cisco Secure Firewall Management Center Software Authentication Bypass Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-onprem-fmc-authbypass-5JPp45V2
- Critical: CVE-2026-20131-CWE-502: Cisco Secure Firewall Management Center Software Remote Code Execution Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-rce-NKhnULJh
More. Grab a coffee https://sec.cloudapps.cisco.com/security/center/publicationListing.x @TalosSecurity #infosec #vulnerability #Cisco
##💥 Cisco warns of max severity Secure FMC flaws giving root access
「 Both vulnerabilities can be exploited remotely by unauthenticated attackers: the authentication bypass flaw (CVE-2026-20079) allows attackers to gain root access to the underlying operating system, while the remote code execution (RCE) vulnerability (CVE-2026-20131) lets them execute arbitrary Java code as root on unpatched devices 」
#cisco #rce #cybersecurity
https://www.bleepingcomputer.com/news/security/cisco-warns-of-max-severity-secure-fmc-flaws-giving-root-access/
yikes.. 50 CVEs for Cisco today incl. two max severity CVE-2026-20131 & CVE-2026-20079 with auth bypass 🫡
🚬
##🔴 CVE-2026-20131 - Critical (10)
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device.
This vulnerability is ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20131/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Second is CVE-2026-20131: remote code execution in the same product by way of, aww yiss, Java deserialization.
##Oops.
A long list of Cisco vulnerabilities, two critical, several high-severity.
- Critical: CVE-2026-20079-CWE-288: Cisco Secure Firewall Management Center Software Authentication Bypass Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-onprem-fmc-authbypass-5JPp45V2
- Critical: CVE-2026-20131-CWE-502: Cisco Secure Firewall Management Center Software Remote Code Execution Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-rce-NKhnULJh
More. Grab a coffee https://sec.cloudapps.cisco.com/security/center/publicationListing.x @TalosSecurity #infosec #vulnerability #Cisco
##updated 2026-03-04T18:16:24.230000
10 posts
💥 Cisco warns of max severity Secure FMC flaws giving root access
「 Both vulnerabilities can be exploited remotely by unauthenticated attackers: the authentication bypass flaw (CVE-2026-20079) allows attackers to gain root access to the underlying operating system, while the remote code execution (RCE) vulnerability (CVE-2026-20131) lets them execute arbitrary Java code as root on unpatched devices 」
#cisco #rce #cybersecurity
https://www.bleepingcomputer.com/news/security/cisco-warns-of-max-severity-secure-fmc-flaws-giving-root-access/
yikes.. 50 CVEs for Cisco today incl. two max severity CVE-2026-20131 & CVE-2026-20079 with auth bypass 🫡
🚬
##🔴 CVE-2026-20079 - Critical (10)
A vulnerability in the web interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authentication and execute script files on an affected device to obtain root access to the und...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20079/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##2 perfect 10s from Cisco today! First up, CVE-2026-20079, auth bypass in Cisco Secure Firewall Management, by way of a...rogue process launched at boot?
##Oops.
A long list of Cisco vulnerabilities, two critical, several high-severity.
- Critical: CVE-2026-20079-CWE-288: Cisco Secure Firewall Management Center Software Authentication Bypass Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-onprem-fmc-authbypass-5JPp45V2
- Critical: CVE-2026-20131-CWE-502: Cisco Secure Firewall Management Center Software Remote Code Execution Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-rce-NKhnULJh
More. Grab a coffee https://sec.cloudapps.cisco.com/security/center/publicationListing.x @TalosSecurity #infosec #vulnerability #Cisco
##💥 Cisco warns of max severity Secure FMC flaws giving root access
「 Both vulnerabilities can be exploited remotely by unauthenticated attackers: the authentication bypass flaw (CVE-2026-20079) allows attackers to gain root access to the underlying operating system, while the remote code execution (RCE) vulnerability (CVE-2026-20131) lets them execute arbitrary Java code as root on unpatched devices 」
#cisco #rce #cybersecurity
https://www.bleepingcomputer.com/news/security/cisco-warns-of-max-severity-secure-fmc-flaws-giving-root-access/
yikes.. 50 CVEs for Cisco today incl. two max severity CVE-2026-20131 & CVE-2026-20079 with auth bypass 🫡
🚬
##🔴 CVE-2026-20079 - Critical (10)
A vulnerability in the web interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authentication and execute script files on an affected device to obtain root access to the und...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20079/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##2 perfect 10s from Cisco today! First up, CVE-2026-20079, auth bypass in Cisco Secure Firewall Management, by way of a...rogue process launched at boot?
##Oops.
A long list of Cisco vulnerabilities, two critical, several high-severity.
- Critical: CVE-2026-20079-CWE-288: Cisco Secure Firewall Management Center Software Authentication Bypass Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-onprem-fmc-authbypass-5JPp45V2
- Critical: CVE-2026-20131-CWE-502: Cisco Secure Firewall Management Center Software Remote Code Execution Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-rce-NKhnULJh
More. Grab a coffee https://sec.cloudapps.cisco.com/security/center/publicationListing.x @TalosSecurity #infosec #vulnerability #Cisco
##updated 2026-03-04T18:13:00.207000
12 posts
1 repos
https://github.com/automate-it0/qualcomm-vulnerability-scanner
🖲️ #Cybersecurity #Ciberseguridad #Ciberseguranca #Security #Seguridad #Seguranca #News #Noticia #Noticias #Tecnologia #Technology
⚫ Qualcomm Zero-Day Exploited in Targeted Android Attacks
🔗 https://www.darkreading.com/threat-intelligence/qualcomm-zero-day-exploited-targeted-android-attacks
The exploitation activity against CVE-2026-21385, a high-severity memory corruption flaw, could be tied to commercial spyware or nation-state threat groups.
##Google notifying Android user of high-severity vuln CVE-2026-21385 and March 2026 security update might work better if that link the "AI Mode" #slopgenerator did not link to December 2025 bulletin.
##The exploitation activity against CVE-2026-21385, a high-severity memory corruption flaw, could be tied to commercial spyware or nation-state threat groups. https://www.darkreading.com/threat-intelligence/qualcomm-zero-day-exploited-targeted-android-attacks
##Google notifying Android user of high-severity vuln CVE-2026-21385 and March 2026 security update might work better if that link the "AI Mode" #slopgenerator did not link to December 2025 bulletin.
##The exploitation activity against CVE-2026-21385, a high-severity memory corruption flaw, could be tied to commercial spyware or nation-state threat groups. https://www.darkreading.com/threat-intelligence/qualcomm-zero-day-exploited-targeted-android-attacks
##🚨 [CISA-2026:0303] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0303)
CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2026-21385 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21385)
- Name: Qualcomm Multiple Chipsets Memory Corruption Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Qualcomm
- Product: Multiple Chipsets
- Notes: https://source.android.com/docs/security/bulletin/2026/2026-03-01 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21385
⚠️ CVE-2026-22719 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-22719)
- Name: Broadcom VMware Aria Operations Command Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Broadcom
- Product: VMware Aria Operations
- Notes: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ; https://knowledge.broadcom.com/external/article/430349 ; https://nvd.nist.gov/vuln/detail/CVE-2026-22719
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260303 #cisa20260303 #cve_2026_21385 #cve_2026_22719 #cve202621385 #cve202622719
##CVE ID: CVE-2026-21385
Vendor: Qualcomm
Product: Multiple Chipsets
Date Added: 2026-03-03
Notes: https://source.android.com/docs/security/bulletin/2026/2026-03-01 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21385
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-21385
Aggiornamenti Android marzo 2026, corretta una zero-day già sfruttata: cosa fare subito
Google ha rilasciato l’Android Security Bulletin di marzo 2026, il più corposo dell’anno: 129 vulnerabilità corrette di cui una, la CVE-2026-21385...
🔗️ [Cybersecurity360] https://link.is.it/AC1JZ9
##Google confirms that the Qualcomm Android vulnerability CVE-2026-21385 was exploited in real-world attacks.
#CVE_2026_21385
https://securityaffairs.com/188823/security/android-devices-hit-by-exploited-qualcomm-flaw-cve-2026-21385.html
Google Android March 2026 Security Bulletin Patches 129 Vulnerabilities, One Actively Exploited Qualcomm Flaw
Google's March 2026 Android Security Bulletin patches 129 vulnerabilities, including a critical RCE flaw (CVE-2026-0006) requiring no user interaction and multiple CVSS 9.0 privilege escalation bugs in the kernel virtualization layer. A Qualcomm Display component vulnerability (CVE-2026-21385) is already being actively exploited in targeted attacks in the wild.
**An critical update for Android, with actively exploited flaw patched. Most users can't rush the patch because their vendors may not have released an updated version of Android for their devices. Do not delay the update to your Android when the you see the alert that an update is available. Your device may be targeted via the Qualcomm flaw.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/march-2026-android-security-bulletin-patches-129-vulnerabilities-one-actively-exploited-qualcomm-flaw-s-u-0-2-i/gD2P6Ple2L
The exploited flaw, tracked as CVE-2026-21385 (CVSS score of 7.8) and impacting the graphics component of over 200 Qualcomm chipsets, is described as an integer overflow or wraparound issue leading to memory corruption while using alignments for memory allocation. https://www.securityweek.com/android-update-patches-exploited-qualcomm-zero-day/
##🟠 CVE-2026-21385 - High (7.8)
Memory corruption while using alignments for memory allocation.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21385/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T18:08:05.730000
5 posts
1 repos
🔴 CVE-2026-3224 - Critical (9.8)
Authentication bypass in the Microsoft Entra ID (Azure AD) authentication mode in Devolutions Server 2025.3.15.0 and earlier allows an unauthenticated user to authenticate as an arbitrary Entra ID user via a forged JSON Web Token (JWT).
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3224/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-3224 - Critical (9.8)
Authentication bypass in the Microsoft Entra ID (Azure AD) authentication mode in Devolutions Server 2025.3.15.0 and earlier allows an unauthenticated user to authenticate as an arbitrary Entra ID user via a forged JSON Web Token (JWT).
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3224/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-3224 - Critical (9.8)
Authentication bypass in the Microsoft Entra ID (Azure AD) authentication mode in Devolutions Server 2025.3.15.0 and earlier allows an unauthenticated user to authenticate as an arbitrary Entra ID user via a forged JSON Web Token (JWT).
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3224/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-3224 - Critical (9.8)
Authentication bypass in the Microsoft Entra ID (Azure AD) authentication mode in Devolutions Server 2025.3.15.0 and earlier allows an unauthenticated user to authenticate as an arbitrary Entra ID user via a forged JSON Web Token (JWT).
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3224/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CVE-2026-3224: CRITICAL auth bypass in Devolutions Server <=2025.3.15.0 using Microsoft Entra ID. Attackers can forge JWTs for full access. No known exploits, but patch ASAP & tighten token validation. https://radar.offseq.com/threat/cve-2026-3224-cwe-287-improper-authentication-cwe--6697497e #OffSeq #Vuln #CyberSecurity #JWT
##updated 2026-03-04T18:08:05.730000
4 posts
🟠 CVE-2026-26514 - High (7.5)
An Argument Injection vulnerability exists in bird-lg-go before commit 6187a4e. The traceroute module uses shlex.Split to parse user input without validation, allowing remote attackers to inject arbitrary flags (e.g., -w, -q) via the q parameter. ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26514/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26514 - High (7.5)
An Argument Injection vulnerability exists in bird-lg-go before commit 6187a4e. The traceroute module uses shlex.Split to parse user input without validation, allowing remote attackers to inject arbitrary flags (e.g., -w, -q) via the q parameter. ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26514/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26514 - High (7.5)
An Argument Injection vulnerability exists in bird-lg-go before commit 6187a4e. The traceroute module uses shlex.Split to parse user input without validation, allowing remote attackers to inject arbitrary flags (e.g., -w, -q) via the q parameter. ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26514/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26514 - High (7.5)
An Argument Injection vulnerability exists in bird-lg-go before commit 6187a4e. The traceroute module uses shlex.Split to parse user input without validation, allowing remote attackers to inject arbitrary flags (e.g., -w, -q) via the q parameter. ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26514/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T18:08:05.730000
2 posts
🚨 New security advisory:
CVE-2026-26279 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://yazoul.net/advisory/cve/cve-2026-26279
🔴 CVE-2026-26279 - Critical (9.1)
Froxlor is open source server administration software. Prior to 2.3.4, a typo in Froxlor's input validation code (== instead of =) completely disables email format checking for all settings fields declared as email type. This allows an authenticat...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26279/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T18:08:05.730000
1 posts
🟠 CVE-2026-3094 - High (7.8)
Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3094/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T18:08:05.730000
2 posts
🔴 CVE-2026-27012 - Critical (9.8)
OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a privilege escalation and authentication bypass vulnerability in OpenSTAManager allows any attacker to arbitrarily change a user's ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27012/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CRITICAL: OpenSTAManager <=2.9.8 hit by CVE-2026-27012 (CVSS 9.8). Unauthenticated users can escalate privileges by altering user group IDs via modules/utenti/actions.php. Restrict access & monitor logs! Details: https://radar.offseq.com/threat/cve-2026-27012-cwe-306-missing-authentication-for--435d22b5 #OffSeq #infosec #CVE202627012
##updated 2026-03-04T18:08:05.730000
1 posts
🟠 CVE-2026-27932 - High (7.5)
joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption (JOSE) standards. In 1.6.2 and earlier, a resource exhaustion vulnerability in joserfc allows an unauthenticated attacker to cause a Denial o...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27932/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T17:53:44.300000
1 posts
🟠 CVE-2025-47375 - High (7.8)
Memory corruption while handling different IOCTL calls from the user-space simultaneously.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-47375/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T15:44:13.047000
1 posts
🟠 CVE-2025-47381 - High (7.8)
Memory Corruption while processing IOCTL calls when concurrent access to shared buffer occurs.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-47381/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T15:31:42
2 posts
🔴 CVE-2025-66945 - Critical (9.1)
A path traversal vulnerability exists in the ZIP extraction API of Zdir Pro 4.x. When a crafted ZIP archive is processed by the backend at /api/extract, files may be written outside the intended directory, leading to arbitrary file overwrite and p...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-66945/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-66945 - Critical (9.1)
A path traversal vulnerability exists in the ZIP extraction API of Zdir Pro 4.x. When a crafted ZIP archive is processed by the backend at /api/extract, files may be written outside the intended directory, leading to arbitrary file overwrite and p...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-66945/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T15:31:42
2 posts
🔴 CVE-2026-3485 - Critical (9.8)
A flaw has been found in D-Link DIR-868L 110b03. This affects the function sub_1BF84 of the component SSDP Service. This manipulation of the argument ST causes os command injection. It is possible to initiate the attack remotely. The exploit has b...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3485/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CRITICAL: CVE-2026-3485 enables remote OS command injection in D-Link DIR-868L (110b03) via SSDP (UPnP). Exploit is public, no patch. Replace or isolate device ASAP — block SSDP, monitor traffic. https://radar.offseq.com/threat/cve-2026-3485-os-command-injection-in-d-link-dir-8-905d15ee #OffSeq #CVE20263485 #RouterSecurity #Vuln
##updated 2026-03-04T15:31:37
2 posts
🟠 CVE-2025-66363 - High (7.5)
An issue was discovered in LBS in Samsung Mobile Processor Exynos 2200. There was no check for memory initialization within DL NAS Transport messages.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-66363/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-66363 - High (7.5)
An issue was discovered in LBS in Samsung Mobile Processor Exynos 2200. There was no check for memory initialization within DL NAS Transport messages.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-66363/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T15:30:35
2 posts
🔴 CVE-2026-3130 - Critical (9.8)
Improper Enforcement of Behavioral Controls in Devolutions Server 2025.3.15 and earlier allows an authenticated attacker with the delete permission to delete a PAM account that is currently checked out by selecting it alongside at least one non-c...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3130/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-3130 - Critical (9.8)
Improper Enforcement of Behavioral Controls in Devolutions Server 2025.3.15 and earlier allows an authenticated attacker with the delete permission to delete a PAM account that is currently checked out by selecting it alongside at least one non-c...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3130/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T15:30:34
4 posts
🔴 CVE-2026-2590 - Critical (9.8)
Improper
enforcement of the Disable password saving in vaults setting in the
connection entry component in Devolutions Remote Desktop Manager 2025.3.30 and earlier allows an authenticated user to persist credentials in vault entries,
potentiall...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2590/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-2590 - Critical (9.8)
Improper
enforcement of the Disable password saving in vaults setting in the
connection entry component in Devolutions Remote Desktop Manager 2025.3.30 and earlier allows an authenticated user to persist credentials in vault entries,
potentiall...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2590/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-2590 - Critical (9.8)
Improper
enforcement of the Disable password saving in vaults setting in the
connection entry component in Devolutions Remote Desktop Manager 2025.3.30 and earlier allows an authenticated user to persist credentials in vault entries,
potentiall...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2590/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-2590 - Critical (9.8)
Improper
enforcement of the Disable password saving in vaults setting in the
connection entry component in Devolutions Remote Desktop Manager 2025.3.30 and earlier allows an authenticated user to persist credentials in vault entries,
potentiall...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2590/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T15:30:34
2 posts
🔴 CVE-2026-3204 - Critical (9.8)
Improper
input validation in the error message page in Devolutions Server 2025.3.15 and earlier allows remote attackers to spoof the displayed error message via a specially crafted URL.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3204/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-3204 - Critical (9.8)
Improper
input validation in the error message page in Devolutions Server 2025.3.15 and earlier allows remote attackers to spoof the displayed error message via a specially crafted URL.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3204/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T15:30:33
2 posts
🟠 CVE-2025-62814 - High (7.5)
An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, and 2400. A NULL pointer dereference of ft_handle in load_fw_utc_vector() causes a denial of service.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-62814/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-62814 - High (7.5)
An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, and 2400. A NULL pointer dereference of ft_handle in load_fw_utc_vector() causes a denial of service.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-62814/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T15:08:13.743000
6 posts
The recently patched CVE-2026-22719 can be exploited by an unauthenticated attacker for remote code execution. https://www.securityweek.com/vmware-aria-operations-vulnerability-exploited-in-the-wild/
##Critical VMware Aria Operations Vulnerability Added to CISA’s Exploited Catalog
A newly identified, actively exploited vulnerability in Broadcom’s VMware Aria Operations (formerly vRealize Operations, vROps) has been flagged as critical by the U.S. Cybersecurity and Infrastructure Security Agency (CISA). Tracked as CVE-2026-22719, this flaw allows attackers to execute remote commands on enterprise IT infrastructure, making swift patching a top priority for…
##The recently patched CVE-2026-22719 can be exploited by an unauthenticated attacker for remote code execution. https://www.securityweek.com/vmware-aria-operations-vulnerability-exploited-in-the-wild/
##🚨 [CISA-2026:0303] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0303)
CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2026-21385 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21385)
- Name: Qualcomm Multiple Chipsets Memory Corruption Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Qualcomm
- Product: Multiple Chipsets
- Notes: https://source.android.com/docs/security/bulletin/2026/2026-03-01 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21385
⚠️ CVE-2026-22719 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-22719)
- Name: Broadcom VMware Aria Operations Command Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Broadcom
- Product: VMware Aria Operations
- Notes: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ; https://knowledge.broadcom.com/external/article/430349 ; https://nvd.nist.gov/vuln/detail/CVE-2026-22719
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260303 #cisa20260303 #cve_2026_21385 #cve_2026_22719 #cve202621385 #cve202622719
##CISA flags VMware Aria Operations RCE flaw as exploited in attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a VMware Aria Operations vulnerability tracked as CVE-2026-22719 to its...
🔗️ [Bleepingcomputer] https://link.is.it/bR3nUY
##CVE ID: CVE-2026-22719
Vendor: Broadcom
Product: VMware Aria Operations
Date Added: 2026-03-03
Notes: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ; https://knowledge.broadcom.com/external/article/430349 ; https://nvd.nist.gov/vuln/detail/CVE-2026-22719
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-22719
updated 2026-03-04T14:04:54.033000
1 posts
🟠 CVE-2025-69765 - High (7.5)
Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formGetIptv function and the list parameter, which can cause memory corruption and enable remote code execution.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69765/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T09:31:13
1 posts
🛰️ CRITICAL: CVE-2026-29120 in IDC SFX2100 Satellite Receiver — hardcoded root hash in /root/anaconda-ks.cfg. Local attackers can escalate to root via offline cracking. Restrict access & monitor for abuse. Details: https://radar.offseq.com/threat/cve-2026-29120-cwe-798-use-of-hard-coded-credentia-587f7886 #OffSeq #CVE202629120 #IoTSecurity
##updated 2026-03-04T09:31:06
1 posts
⚠️ CVE-2026-1874 (HIGH): Mitsubishi MELSEC iQ-F FX5-ENET/IP modules ≤1.106 vulnerable to unauthenticated UDP-based DoS. No patch yet. Segment networks & monitor UDP traffic. Reset needed to recover. https://radar.offseq.com/threat/cve-2026-1874-cwe-670-always-incorrect-control-flo-ab07aefb #OffSeq #ICS #Infosec #Vulnerability
##updated 2026-03-04T09:31:06
1 posts
🔎 CVE-2026-1875 (HIGH, CVSS 8.7) hits all Mitsubishi MELSEC iQ-F FX5-EIP modules. Remote UDP floods cause DoS — no auth needed. Segment networks & monitor UDP traffic. No known exploits, patch when available. https://radar.offseq.com/threat/cve-2026-1875-cwe-404-improper-resource-shutdown-o-290a0193 #OffSeq #ICS #CVE20261875 #OTSecurity
##updated 2026-03-04T02:00:52
1 posts
⚠️ CVE-2026-27971: QwikDev qwik <1.19.1 has a CRITICAL RCE flaw via unsafe deserialization in server-side RPC. No auth needed — patch to 1.19.1+ now! Exploits are trivial if require() is exposed. https://radar.offseq.com/threat/cve-2026-27971-cwe-502-deserialization-of-untruste-b59de789 #OffSeq #CVE202627971 #RCE #JavaScript #InfoSec
##updated 2026-03-03T21:52:29.877000
2 posts
🔴 CVE-2025-59059 - Critical (9.8)
Remote Code Execution Vulnerability in NashornScriptEngineCreator is reported in Apache Ranger versions <= 2.7.0.
Users are recommended to upgrade to version 2.8.0, which fixes this issue.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-59059/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-59059 - Critical (9.8)
Remote Code Execution Vulnerability in NashornScriptEngineCreator is reported in Apache Ranger versions <= 2.7.0.
Users are recommended to upgrade to version 2.8.0, which fixes this issue.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-59059/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T21:52:29.877000
1 posts
🔴 CVE-2026-22891 - Critical (9.8)
A heap-based buffer overflow vulnerability exists in the Intan CLP parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (db9a9a63). A specially crafted Intan CLP file can lead to arbitrary code execution. An attacker can p...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22891/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T21:52:29.877000
1 posts
🟠 CVE-2026-20777 - High (8.1)
A heap-based buffer overflow vulnerability exists in the Nicolet WFT parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (db9a9a63). A specially crafted .wft file can lead to arbitrary code execution. An attacker can prov...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20777/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T21:52:29.877000
1 posts
🟠 CVE-2025-12345 - High (8.8)
A security vulnerability has been detected in LLM-Claw 0.1.0/0.1.1/0.1.1a/0.1.1a-p1. The affected element is the function agent_deploy_init of the file /agents/deploy/initiate.c of the component Agent Deployment. Such manipulation leads to buffer ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-12345/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T21:52:29.877000
1 posts
Issue with AWS-LC: an open-source, general-purpose cryptographic library (CVE-2026-3336, CVE-2026-3337, CVE-2026-3338)
Bulletin ID: 2026-005-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/03/02 14:30 PM PST
Description:
AWS-LC is an open-source, general-purpose cryptographic library. We identified three distin...
https://aws.amazon.com/security/security-bulletins/rss/2026-005-aws/
##updated 2026-03-03T21:32:19
2 posts
🟠 CVE-2026-0032 - High (7.8)
In multiple functions of mem_protect.c, there is a possible out-of-bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for e...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0032/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-0032 - High (7.8)
In multiple functions of mem_protect.c, there is a possible out-of-bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for e...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0032/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T21:32:18
1 posts
🟠 CVE-2025-70252 - High (7.5)
An issue was discovered in /goform/WifiWpsStart in Tenda AC6V2.0 V15.03.06.23_multi. The index and mode are controllable. If the conditions are met to sprintf, they will be spliced into tmp. It is worth noting that there is no size check,which lea...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70252/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T21:31:24
1 posts
🟠 CVE-2026-24502 - High (8.8)
Dell Command | Intel vPro Out of Band, versions prior to 4.7.0, contain an Uncontrolled Search Path Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24502/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T20:58:59
1 posts
🟠 CVE-2026-28399 - High (8.8)
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, an authenticated user with Creator role can inject arbitrary SQL via the DATEADD formula's unit parameter. This issue has been patched in version 0.301.3.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28399/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T20:16:47.360000
1 posts
🔴 CVE-2026-24112 - Critical (9.8)
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by specifying the value of `userInfo`. When `userInfo` is passed into the `addWewifiWhiteUser` function and processed by `sscanf` without size validat...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24112/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T19:39:28.533000
1 posts
🔴 CVE-2026-0029 - Critical (9.8)
In __pkvm_init_vm of pkvm.c, there is a possible memory corruption due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0029/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T19:36:58.937000
1 posts
🟠 CVE-2026-0034 - High (8.4)
In setPackageOrComponentEnabled of ManagedServices.java, there is a possible notification policy desync due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interac...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0034/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T19:25:08.307000
1 posts
🟠 CVE-2025-48602 - High (8.4)
In exitKeyguardAndFinishSurfaceBehindRemoteAnimation of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges nee...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48602/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T19:23:29.340000
1 posts
🟠 CVE-2025-48645 - High (7.8)
In loadDescription of DeviceAdminInfo.java, there is a possible persistent package due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed fo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48645/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T19:12:14.917000
1 posts
🔴 CVE-2025-50187 - Critical (9.8)
Chamilo is a learning management system. Prior to version 1.11.28, parameter from SOAP request is evaluated without filtering which leads to Remote Code Execution. This issue has been patched in version 1.11.28.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-50187/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T18:47:26.910000
2 posts
🔴 CVE-2025-50199 - Critical (9.1)
Chamilo is a learning management system. Prior to version 1.11.30, there is a blind SSRF vulnerability in /index.php via the POST openid_url parameter. This issue has been patched in version 1.11.30.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-50199/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-50199 - Critical (9.1)
Chamilo is a learning management system. Prior to version 1.11.30, there is a blind SSRF vulnerability in /index.php via the POST openid_url parameter. This issue has been patched in version 1.11.30.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-50199/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T18:41:40.640000
1 posts
🟠 CVE-2026-0023 - High (8.4)
In createSessionInternal of PackageInstallerService.java, there is a possible way for an app to update its ownership due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0023/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T18:40:59.027000
1 posts
🟠 CVE-2026-0017 - High (7.7)
In onChange of BiometricService.java, there is a possible way to enable fingerprint unlock due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not n...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0017/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T18:32:35
1 posts
🟠 CVE-2025-48605 - High (8.4)
In multiple functions of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not ne...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48605/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T18:32:35
1 posts
🟠 CVE-2025-52365 - High (7.8)
A command injection vulnerability in the szc script of the ccurtsinger/stabilizer repository allows remote attackers to execute arbitrary system commands via unsanitized user input passed to os.system(). The vulnerability arises from improper inpu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-52365/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T18:32:35
1 posts
🟠 CVE-2025-48654 - High (7.8)
In onStart of CompanionDeviceManagerService.java, there is a possible confused deputy due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48654/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T18:32:34
1 posts
🟠 CVE-2025-48635 - High (7.7)
In multiple functions of TaskFragmentOrganizerController.java, there is a possible activity token leak due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interact...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48635/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T18:31:40
1 posts
🚨 CVE-2026-3437 (CRITICAL, CVSS 9.3): Portwell Engineering Toolkits 4.8.2 lets local users escalate privileges or trigger DoS via memory access in driver. No patch yet — restrict local access, audit users, monitor! https://radar.offseq.com/threat/cve-2026-3437-cwe-119-improper-restriction-of-oper-291f400a #OffSeq #Vulnerability #ICS #InfoSec
##updated 2026-03-03T18:31:32
1 posts
🟠 CVE-2025-48613 - High (7.8)
In VBMeta, there is a possible way to modify and resign VBMeta using a test key, assuming the original image was previously signed with the same key. This could lead to local escalation of privilege with no additional execution privileges needed. ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48613/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T18:31:32
1 posts
🔴 CVE-2025-48609 - Critical (9.1)
In multiple functions of MmsProvider.java, there is a possible way to arbitrarily delete files which affect telephony, SMS, and MMS functionalities due to a path traversal error. This could lead to local denial of service with no additional execut...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48609/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T18:31:32
1 posts
🟠 CVE-2026-0011 - High (8.4)
In enableSystemPackageLPw of Settings.java, there is a possible way to prevent location access from working due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User int...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0011/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T18:31:32
1 posts
🟠 CVE-2025-48653 - High (7.8)
In loadDataAndPostValue of multiple files, there is a possible way to obscure permission usage due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is n...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48653/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T18:31:31
1 posts
🔴 CVE-2026-24115 - Critical (9.8)
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the sizes of `gstup` and `gstdwn` before concatenating them into `gstruleQos` may lead to buffer overflow.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24115/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T18:31:30
1 posts
🔴 CVE-2026-24114 - Critical (9.8)
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate `pPortMapIndex` may lead to buffer overflows when using `strcpy`.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24114/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T18:31:29
1 posts
🔴 CVE-2026-24111 - Critical (9.8)
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by specifying the value of `userInfo`. When `userInfo` is passed into the `addAuthUser` function and processed by `sscanf` without size validation, it...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24111/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T18:31:29
1 posts
🔴 CVE-2026-24109 - Critical (9.8)
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `picName`. When this value is used in `sprintf` without validating variable sizes, it could lead to a buffer overflow vuln...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24109/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T18:16:56.797000
1 posts
🟠 CVE-2025-48574 - High (8.4)
In validateAddingWindowLw of DisplayPolicy.java, there is a possible way for an app to intercept drag-and-drop events due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges neede...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48574/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T18:13:02.407000
1 posts
🟠 CVE-2025-48619 - High (8.4)
In multiple functions of ContentProvider.java, there is a possible way for an app with read-only access to truncate files due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges ne...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48619/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T17:04:04.223000
1 posts
🟠 CVE-2025-48579 - High (8.4)
In multiple functions of MediaProvider.java, there is a possible external storage write permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction i...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48579/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T15:54:49.147000
1 posts
🔴 CVE-2026-24108 - Critical (9.8)
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `nptr`. When this value is passed into the `getMibPrefix` function and concatenated using `sprintf` without proper size va...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24108/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T15:53:43.620000
1 posts
🔴 CVE-2026-24113 - Critical (9.8)
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `nptr`. When this value is passed into the `getMibPrefix` function and concatenated using `sprintf` without proper size va...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24113/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T15:32:43
1 posts
🟠 CVE-2026-0007 - High (8.6)
In writeToParcel of WindowInfo.cpp, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User inter...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0007/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T15:31:40
2 posts
🟠 CVE-2026-0025 - High (7.8)
In hasImage of Notification.java, there is a possible way to reveal information across users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not need...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0025/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-0025 - High (7.8)
In hasImage of Notification.java, there is a possible way to reveal information across users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not need...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0025/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T15:31:40
1 posts
🟠 CVE-2026-0010 - High (8.4)
In onTransact of IDrmManagerService.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exp...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0010/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T15:31:40
1 posts
🟠 CVE-2026-0037 - High (8.4)
In multiple functions of ffa.c, there is a possible memory corruption due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0037/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T15:31:37
5 posts
1 repos
https://github.com/watchtowrlabs/watchTowr-vs-JunosEvolved-CVE-2026-21902
Sometimes, You Can Just Feel The Security In The Design (Juniper Junos Evolved CVE-2026-21902 Pre-Auth RCE)
##Sometimes, You Can Just Feel The Security In The Design (Juniper Junos Evolved CVE-2026-21902 Pre-Auth RCE)
##New.
WatchTower: Sometimes, You Can Just Feel The Security In The Design (Juniper Junos Evolved CVE-2026-21902 Pre-Auth RCE) https://labs.watchtowr.com/sometimes-you-can-just-feel-the-security-in-the-design-junos-os-evolved-cve-2026-21902-rce/ #infosec #threatresearch
##Sometimes, You Can Just Feel The Security In The Design (Junos OS Evolved CVE-2026-21902 RCE)
#CVE_2026_21902
https://labs.watchtowr.com/sometimes-you-can-just-feel-the-security-in-the-design-junos-os-evolved-cve-2026-21902-rce/
Sometimes, You Can Just Feel The Security In The Design (Junos OS Evolved CVE-2026-21902 RCE) - watchTowr Labs https://labs.watchtowr.com/sometimes-you-can-just-feel-the-security-in-the-design-junos-os-evolved-cve-2026-21902-rce/
##updated 2026-03-03T15:31:37
1 posts
🔴 CVE-2026-24105 - Critical (9.8)
An issue was discovered in goform/formsetUsbUnload in Tenda AC15V1.0 V15.03.05.18_multi. The value of `v1` was not checked, potentially leading to a command injection vulnerability if injected into doSystemCmd.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24105/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T15:31:36
1 posts
🟠 CVE-2026-20423 - High (7.8)
In wlan STA driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR0046...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20423/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T15:31:35.410000
1 posts
🟠 CVE-2026-0038 - High (8.4)
In multiple functions of mem_protect.c, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not ne...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0038/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T13:22:41.723000
1 posts
🟠 CVE-2026-0026 - High (7.8)
In removePermission of PermissionManagerServiceImpl.java, there is a possible way to override any system permission due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed....
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0026/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T13:21:36.860000
1 posts
🟠 CVE-2026-0013 - High (8.4)
In setupLayout of PickActivity.java, there is a possible way to start any activity as a DocumentsUI app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0013/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T12:31:32
2 posts
🔴 CVE-2026-22886 - Critical (9.8)
OpenMQ exposes a TCP-based management service (imqbrokerd) that by default requires
authentication. However, the product ships with a default administrative account (admin/
admin) and does not enforce a mandatory password change on first use. Afte...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22886/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🛑 CRITICAL: CVE-2026-22886 in Eclipse OpenMQ lets remote attackers fully compromise brokers via default admin/admin creds if mgmt service is open. Disable unneeded services & update passwords now! https://radar.offseq.com/threat/cve-2026-22886-cwe-1392-use-of-default-credentials-68ab8e2b #OffSeq #CVE202622886 #EclipseOpenMQ #infosec
##updated 2026-03-03T06:31:14
3 posts
Critical Privilege Escalation Vulnerability Reported in WordPress User Registration Plugin
A critical vulnerability (CVE-2026-1492) in the WordPress User Registration & Membership plugin allows unauthenticated attackers to create administrator accounts by exploiting a lack of server-side role validation. Active exploitation has already been detected.
**If you are using User Registration & Membership plugin, this is urgent. Update to version 5.1.3 immediately, because this is an actively exploited flaw. If you can't update, disable user registration.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/critical-privilege-escalation-vulnerability-reported-in-wordpress-user-registration-plugin-s-t-r-5-i/gD2P6Ple2L
🔴 CVE-2026-1492 - Critical (9.8)
The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to improper privilege management in all versions up to, and includ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1492/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CVE-2026-1492 (CRITICAL, CVSS 9.8): wpeverest User Registration plugin ≤5.1.2 lets unauthenticated attackers register admin accounts via improper privilege checks. Disable registrations & audit users urgently! https://radar.offseq.com/threat/cve-2026-1492-cwe-269-improper-privilege-managemen-edd7f3b1 #OffSeq #WordPress #Infosec #Vuln
##updated 2026-03-03T03:33:44
1 posts
🔴 CVE-2026-24107 - Critical (9.8)
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the value of `usbPartitionName`, which is directly used in `doSystemCmd`, may lead to critical command injection vulnerabilities.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24107/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T03:32:48
3 posts
🟠 CVE-2026-2448 - High (8.8)
The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.5 via the locate_template() function. This makes it possible for authenticated attackers, with Contributor-level a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2448/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2448 - High (8.8)
The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.5 via the locate_template() function. This makes it possible for authenticated attackers, with Contributor-level a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2448/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CVE-2026-2448: HIGH severity path traversal in Page Builder by SiteOrigin (all versions). Contributor+ authentication enables LFI, risking server takeover. No patch yet — restrict permissions, monitor activity, and use a WAF. https://radar.offseq.com/threat/cve-2026-2448-cwe-22-improper-limitation-of-a-path-365740f6 #OffSeq #WordPress #Vuln
##updated 2026-03-03T03:32:48
2 posts
1 repos
🔴 CVE-2026-2628 - Critical (9.8)
The All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.2.5. This makes it possible for unauthenticated attackers to bypass authentication and...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2628/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CVE-2026-2628: CRITICAL auth bypass in All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login plugin (≤2.2.5). Attackers can access WP admin accounts with no credentials. Disable plugin or restrict logins until patched! https://radar.offseq.com/threat/cve-2026-2628-cwe-288-authentication-bypass-using--3ce6682b #OffSeq #WordPress #AzureAD
##updated 2026-03-03T00:32:12
1 posts
🟠 CVE-2025-48567 - High (7.8)
In multiple locations, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution priv...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48567/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T00:31:17
2 posts
🟠 CVE-2026-1566 - High (8.8)
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 5.2.7. This is due to the plugin allowing users with a LatePo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1566/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚩 CVE-2026-1566 (HIGH): LatePoint WordPress plugin lets Agent users reset admin passwords — leads to full privilege escalation. All versions up to 5.2.7 affected. Restrict Agent roles & monitor now. https://radar.offseq.com/threat/cve-2026-1566-cwe-269-improper-privilege-managemen-02d5d7d7 #OffSeq #WordPress #Vuln #Infosec
##updated 2026-03-03T00:31:11
1 posts
🟠 CVE-2026-0021 - High (8.4)
In hasInteractAcrossUsersFullPermission of AppInfoBase.java, there is a possible cross-user permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interacti...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0021/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T00:31:11
1 posts
🟠 CVE-2026-0020 - High (8.4)
In parsePermissionGroup of ParsedPermissionUtils.java, there is a possible way to bypass a consent dialog to obtain permissions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges n...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0020/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T00:31:10
3 posts
1 repos
Google Android March 2026 Security Bulletin Patches 129 Vulnerabilities, One Actively Exploited Qualcomm Flaw
Google's March 2026 Android Security Bulletin patches 129 vulnerabilities, including a critical RCE flaw (CVE-2026-0006) requiring no user interaction and multiple CVSS 9.0 privilege escalation bugs in the kernel virtualization layer. A Qualcomm Display component vulnerability (CVE-2026-21385) is already being actively exploited in targeted attacks in the wild.
**An critical update for Android, with actively exploited flaw patched. Most users can't rush the patch because their vendors may not have released an updated version of Android for their devices. Do not delay the update to your Android when the you see the alert that an update is available. Your device may be targeted via the Qualcomm flaw.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/march-2026-android-security-bulletin-patches-129-vulnerabilities-one-actively-exploited-qualcomm-flaw-s-u-0-2-i/gD2P6Ple2L
🔴 CVE-2026-0006 - Critical (9.8)
In multiple locations, there is a possible out of bounds read and write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0006/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-0006: CRITICAL RCE in Android 16 via heap buffer overflows. No user action or privileges needed — remote attackers can fully compromise devices. Patch urgently when available! https://radar.offseq.com/threat/cve-2026-0006-remote-code-execution-in-google-andr-79236030 #OffSeq #Android #RCE #Vulnerability
##updated 2026-03-03T00:31:10
1 posts
🟠 CVE-2025-48650 - High (8.4)
In multiple locations, there is a possible information disclosure due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48650/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T00:31:10
1 posts
🟠 CVE-2025-48646 - High (7.8)
In executeRequest of ActivityStarter.java, there is a possible launch anywhere due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48646/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T00:31:10
1 posts
🟠 CVE-2026-0008 - High (8.4)
In multiple locations, there is a possible privilege escalation due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0008/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T00:31:09
1 posts
🟠 CVE-2025-48582 - High (8.4)
In multiple locations, there is a possible way to delete media without the MANAGE_EXTERNAL_STORAGE permission due to an intent redirect. This could lead to local escalation of privilege with no additional execution privileges needed. User interact...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48582/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T00:31:09
1 posts
🟠 CVE-2025-48578 - High (7.8)
In multiple functions of MediaProvider.java, there is a possible way to bypass the WRITE_EXTERNAL_STORAGE permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48578/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T21:59:24
1 posts
🟠 CVE-2026-21882 - High (8.4)
theshit is a command-line utility that automatically detects and fixes common mistakes in shell commands. Prior to version 0.2.0, improper privilege dropping allows local privilege escalation via command re-execution. This issue has been patched i...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21882/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T21:31:51
1 posts
🟠 CVE-2026-0035 - High (8.4)
In createRequest of MediaProvider.java, there is a possible way for an app to gain read/write access to non-existing files due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges n...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0035/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T21:31:51
1 posts
🟠 CVE-2026-0028 - High (8.4)
In __pkvm_host_share_guest of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for ex...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0028/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T21:31:44
1 posts
🟠 CVE-2026-0047 - High (8.4)
In dumpBitmapsProto of ActivityManagerService.java, there is a possible way for an app to access private information due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0047/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T21:31:43
1 posts
🟠 CVE-2026-0031 - High (8.4)
In multiple functions of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploit...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0031/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T21:31:43
1 posts
🟠 CVE-2026-0030 - High (8.4)
In __host_check_page_state_range of mem_protect.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not n...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0030/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T21:31:42
2 posts
🟠 CVE-2025-48636 - High (8.4)
In openFile of BugreportContentProvider.java, there is a possible way to read and write unauthorized files due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interac...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48636/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-48636 - High (8.4)
In openFile of BugreportContentProvider.java, there is a possible way to read and write unauthorized files due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interac...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48636/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T21:31:38
1 posts
🟠 CVE-2025-32313 - High (8.4)
In UsageEvents of UsageEvents.java, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for explo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-32313/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T20:29:29.330000
1 posts
1 repos
🟠 CVE-2025-58107 - High (7.5)
In Microsoft Exchange through 2019, Exchange ActiveSync (EAS) configurations on on-premises servers may transmit sensitive data from Samsung mobile devices in cleartext, including the user's name, e-mail address, device ID, bearer token, and base6...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-58107/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T20:29:29.330000
1 posts
🟠 CVE-2026-21853 - High (8.8)
AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.25.4, there is a one-click remote code execution vulnerability. This vulnerability can be exploited by embedding a specially crafted affine: URL on a websit...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21853/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T20:29:29.330000
1 posts
🟠 CVE-2026-3132 - High (8.8)
The Master Addons for Elementor Premium plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.1.3 via the 'JLTMA_Widget_Admin::render_preview'. This is due to missing capability check. This makes it po...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3132/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T20:29:29.330000
1 posts
🟠 CVE-2025-47379 - High (7.8)
Memory Corruption when concurrent access to shared buffer occurs due to improper synchronization between assignment and deallocation of buffer resources.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-47379/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T20:29:29.330000
1 posts
🟠 CVE-2025-47385 - High (7.8)
Memory Corruption when accessing trusted execution environment without proper privilege check.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-47385/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T18:32:46
1 posts
🔴 CVE-2026-21660 - Critical (9.8)
Hardcoded Email Credentials Saved as Plaintext in Firmware (CWE-256: Plaintext Storage of a Password) vulnerability in Frick Controls Quantum HD version 10.22 and prior lead to unauthorized access, exposure of sensitive information, and potential...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21660/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T18:31:52
1 posts
🟠 CVE-2026-3180 - High (7.5)
The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to blind SQL Injection via the ‘cgLostPasswordEmail’ and the ’cgl_mail’ parameter in all versions up to, and including, 28.1....
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3180/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T18:31:52
1 posts
🟠 CVE-2025-59603 - High (7.8)
Memory Corruption when processing invalid user address with nonstandard buffer address.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-59603/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T18:31:51
2 posts
1 repos
🔴 CVE-2026-26720 - Critical (9.8)
An issue in Twenty CRM v1.15.0 and before allows a remote attacker to execute arbitrary code via the local.driver.ts module.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26720/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-26720 - Critical (9.8)
An issue in Twenty CRM v1.15.0 and before allows a remote attacker to execute arbitrary code via the local.driver.ts module.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26720/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T18:31:51
1 posts
🟠 CVE-2025-47376 - High (7.8)
Memory Corruption when concurrent access to shared buffer occurs during IOCTL calls.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-47376/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T18:31:51
1 posts
🟠 CVE-2025-47377 - High (7.8)
Memory Corruption when accessing a buffer after it has been freed while processing IOCTL calls.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-47377/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T18:31:51
1 posts
🟠 CVE-2025-47386 - High (7.8)
Memory Corruption while invoking IOCTL calls when concurrent access to shared buffer occurs.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-47386/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T18:31:51
1 posts
🟠 CVE-2025-59600 - High (7.8)
Memory Corruption when adding user-supplied data without checking available buffer space.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-59600/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T18:31:45
2 posts
🔴 CVE-2026-24110 - Critical (9.8)
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may send overly long `addDhcpRules` data. When these rules enter the `addDhcpRule` function and are processed by `ret = sscanf(pRule, " %d\t%[^\t]\t%[^\n\r\t]", &dhcpsIndex, dhcpsI...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24110/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-24110 - Critical (9.8)
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may send overly long `addDhcpRules` data. When these rules enter the `addDhcpRule` function and are processed by `ret = sscanf(pRule, " %d\t%[^\t]\t%[^\n\r\t]", &dhcpsIndex, dhcpsI...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24110/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T18:31:45
1 posts
🟠 CVE-2025-47373 - High (7.8)
Memory Corruption when accessing buffers with invalid length during TA invocation.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-47373/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T18:31:44
2 posts
🔴 CVE-2026-24101 - Critical (9.8)
An issue was discovered in goform/formSetIptv in Tenda AC15V1.0 V15.03.05.18_multi. When the condition is met, `s1_1` will be passed into sub_B0488, concatenated into `doSystemCmd`. The value of s1_1 is not validated, potentially leading to a comm...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24101/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-24101 - Critical (9.8)
An issue was discovered in goform/formSetIptv in Tenda AC15V1.0 V15.03.05.18_multi. When the condition is met, `s1_1` will be passed into sub_B0488, concatenated into `doSystemCmd`. The value of s1_1 is not validated, potentially leading to a comm...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24101/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T18:31:41
1 posts
🔴 CVE-2026-21657 - Critical (9.8)
Improper Control of Generation of Code ('Code Injection') vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21657/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T18:31:41
1 posts
🔴 CVE-2026-21656 - Critical (9.8)
Improper Control of Generation of Code ('Code Injection') vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21656/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T18:31:41
1 posts
🔴 CVE-2026-21659 - Critical (9.8)
Unauthenticated Remote Code Execution and Information Disclosure due to Local File Inclusion (LFI) vulnerability in Johnson Controls Frick Controls Quantum HD allow an unauthenticated attacker to
execute arbitrary code on the affected device, lea...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21659/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T18:25:01.993000
1 posts
🔴 CVE-2026-21654 - Critical (9.8)
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Johnson Controls Frick Controls Quantum HD allows OS Command Injection. Insufficient validation of input in certain parameters may permit ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21654/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T18:24:25.517000
1 posts
🔴 CVE-2026-21658 - Critical (9.8)
Unauthenticated Remote Code Execution i.e Improper Control of Generation of Code ('Code Injection') vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21658/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T15:31:31
2 posts
HPE Reports Flaw in AutoPass License Server Enabling Authentication Bypass
HPE reports an authentication bypass vulnerability (CVE-2026-23600) in its AutoPass License Server that allows remote attackers to gain full control over the system.
**Treat your license servers as part of high-priority infrastructure because they often hold the keys to your entire software environment. Immediately update HPE APLS to version 9.19 and ensure these servers are never exposed to the public internet.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/hpe-reports-flaw-in-autopass-license-server-enabling-authentication-bypass-k-f-a-n-b/gD2P6Ple2L
HPE Reports Flaw in AutoPass License Server Enabling Authentication Bypass
HPE reports an authentication bypass vulnerability (CVE-2026-23600) in its AutoPass License Server that allows remote attackers to gain full control over the system.
**Treat your license servers as part of high-priority infrastructure because they often hold the keys to your entire software environment. Immediately update HPE APLS to version 9.19 and ensure these servers are never exposed to the public internet.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/hpe-reports-flaw-in-autopass-license-server-enabling-authentication-bypass-k-f-a-n-b/gD2P6Ple2L
updated 2026-02-27T19:16:08.767000
1 posts
From DDS Packets to Robot Shells: Two RCEs in Unitree Robots (CVE-2026-27509 & CVE-2026-27510) https://boschko.ca/unitree-go2-rce/
##updated 2026-02-27T19:16:08.547000
1 posts
From DDS Packets to Robot Shells: Two RCEs in Unitree Robots (CVE-2026-27509 & CVE-2026-27510) https://boschko.ca/unitree-go2-rce/
##updated 2026-02-26T16:20:02.187000
2 posts
4 repos
https://github.com/leemuun/CVE-2026-20127
https://github.com/Dimchuk/CVE-2026-20127-chain
https://github.com/zerozenxlabs/CVE-2026-20127---Cisco-SD-WAN-Preauth-RCE
Broadcom has an updated advisory for a low-severity vulnerability: Datacom SQL Performance Analyzer 1.2 - Vulnerabilities in Third Party Dependencies https://support.broadcom.com/web/ecx/security-advisory
Updated advisory from Cisco:
Critical: CVE-2026-20127-CWE-287: Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk
Also from Cisco: VTK tagged for a zero-day report https://talosintelligence.com/vulnerability_info @TalosSecurity #Cisco #Broadcom #infosec #vulnerability #zeroday
##The maximum-severity vulnerability CVE-2026-20127 was exploited by an unknown but sophisticated threat actor who left very little evidence behind. https://www.darkreading.com/vulnerabilities-threats/cisco-sd-wan-zero-day-exploitation-3-years
##updated 2026-02-18T18:31:27
1 posts
updated 2026-02-10T21:31:29
2 posts
APT28 vinculada a la explotación real de un 0-day de MSHTML (CVE-2026-21513) antes del Patch Tuesday de febrero
##APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday
https://thehackernews.com/2026/03/apt28-tied-to-cve-2026-21513-mshtml-0.html
##updated 2026-02-10T18:30:34
2 posts
63 repos
https://github.com/Mr-Zapi/CVE-2026-24061
https://github.com/SeptembersEND/CVE--2026-24061
https://github.com/Alter-N0X/CVE-2026-24061-POC
https://github.com/Gabs-hub/CVE-2026-24061_Lab
https://github.com/cumakurt/tscan
https://github.com/X-croot/CVE-2026-24061_POC
https://github.com/MY0723/GNU-Inetutils-telnet-CVE-2026-24061-
https://github.com/obrunolima1910/CVE-2026-24061
https://github.com/killsystema/scan-cve-2026-24061
https://github.com/setuju/telnetd
https://github.com/0x7556/CVE-2026-24061
https://github.com/Lingzesec/CVE-2026-24061-GUI
https://github.com/infat0x/CVE-2026-24061
https://github.com/nrnw/CVE-2026-24061-GNU-inetutils-Telnet-Detector
https://github.com/BrainBob/Telnet-TestVuln-CVE-2026-24061
https://github.com/hyu164/Terrminus-CVE-2026-2406
https://github.com/Ali-brarou/telnest
https://github.com/punitdarji/telnetd-cve-2026-24061
https://github.com/FurkanKAYAPINAR/CVE-2026-24061-telnet2root
https://github.com/Mefhika120/Ashwesker-CVE-2026-24061
https://github.com/ridpath/Terrminus-CVE-2026-2406
https://github.com/balgan/CVE-2026-24061
https://github.com/Parad0x7e/CVE-2026-24061
https://github.com/XsanFlip/CVE-2026-24061-Scanner
https://github.com/Remnant-DB/CVE-2026-24061
https://github.com/ms0x08-dev/CVE-2026-24061-POC
https://github.com/0xXyc/telnet-inetutils-auth-bypass-CVE-2026-24061
https://github.com/duy-31/CVE-2026-24061---telnetd
https://github.com/r00tuser111/CVE-2026-24061
https://github.com/canpilayda/inetutils-telnetd-cve-2026-24061
https://github.com/madfxr/Twenty-Three-Scanner
https://github.com/parameciumzhang/Tell-Me-Root
https://github.com/SystemVll/CVE-2026-24061
https://github.com/LucasPDiniz/CVE-2026-24061
https://github.com/hackingyseguridad/root
https://github.com/tiborscholtz/CVE-2026-24061
https://github.com/leonjza/inetutils-telnetd-auth-bypass
https://github.com/monstertsl/CVE-2026-24061
https://github.com/scumfrog/cve-2026-24061
https://github.com/shivam-bathla/CVE-2026-24061-setup
https://github.com/typeconfused/CVE-2026-24061
https://github.com/Chocapikk/CVE-2026-24061
https://github.com/midox008/CVE-2026-24061
https://github.com/BrainBob/CVE-2026-24061
https://github.com/0p5cur/CVE-2026-24061-POC
https://github.com/lavabyte/telnet-CVE-2026-24061
https://github.com/TryA9ain/CVE-2026-24061
https://github.com/dotelpenguin/telnetd_CVE-2026-24061_tester
https://github.com/hilwa24/CVE-2026-24061
https://github.com/franckferman/CVE_2026_24061_PoC
https://github.com/androidteacher/CVE-2026-24061-PoC-Telnetd
https://github.com/novitahk/Exploit-CVE-2026-24061
https://github.com/ilostmypassword/Melissae
https://github.com/yanxinwu946/CVE-2026-24061--telnetd
https://github.com/ibrahmsql/CVE-2026-24061-PoC
https://github.com/JayGLXR/CVE-2026-24061-POC
https://github.com/buzz075/CVE-2026-24061
https://github.com/xuemian168/CVE-2026-24061
https://github.com/m3ngx1ng/cve_2026_24061_cli
https://github.com/z3n70/CVE-2026-24061
New.
Picus: CVE-2026-24061: Critical Telnetd Flaw Grants Root Access https://www.picussecurity.com/resource/blog/cve-2026-24061-critical-telnetd-flaw-grants-root-access #infosec #vulnerability #threatresearch
##February was about moving from detection to proof.
Here are the top updates in Pentest-Tools.com:
🧪 New research hub - we launched the Offensive Security Research Hub to share original 0-day research, working PoCs, and technical exploit chains built by our own team.
🔐 ISO 27001 certified - we are officially ISO/IEC 27001:2022 certified, providing verified assurance for your sensitive findings.
🎯 One-click RCE validation - Sniper: Auto-Exploiter now supports controlled exploitation for Telnet (CVE-2026-24061) and Ivanti EPMM (CVE-2026-1281) for confirmed proof-of-impact.
🛡️ New detection: Redis RCE - identify exploitable Redis instances (CVE-2025-62507) across internet-facing and internal segments.
🧭 Granular scan logs - Website and API Scanners now display discoveries in the console output in real-time.
Catch the full breakdown in the video or in this link: https://pentest-tools.com/change-log
Until next time: Stay sharp. Stay human.
#OffensiveSecurity #EthicalHacking #Infosec #VulnerabilityManagement #ISO27001
##updated 2026-02-03T16:44:36.630000
1 posts
ASUS has a new security advisory relating to CVE-2025-13348, a high-severity vulnerability:
Security Update for ASUS Business Manager https://www.asus.com/security-advisory/ #infosec #vulnerability #ASUS
##updated 2026-01-30T00:31:29
1 posts
2 repos
https://github.com/MehdiLeDeaut/CVE-2026-1281-Ivanti-EPMM-RCE
https://github.com/YunfeiGE18/CVE-2026-1281-CVE-2026-1340-Ivanti-EPMM-RCE
February was about moving from detection to proof.
Here are the top updates in Pentest-Tools.com:
🧪 New research hub - we launched the Offensive Security Research Hub to share original 0-day research, working PoCs, and technical exploit chains built by our own team.
🔐 ISO 27001 certified - we are officially ISO/IEC 27001:2022 certified, providing verified assurance for your sensitive findings.
🎯 One-click RCE validation - Sniper: Auto-Exploiter now supports controlled exploitation for Telnet (CVE-2026-24061) and Ivanti EPMM (CVE-2026-1281) for confirmed proof-of-impact.
🛡️ New detection: Redis RCE - identify exploitable Redis instances (CVE-2025-62507) across internet-facing and internal segments.
🧭 Granular scan logs - Website and API Scanners now display discoveries in the console output in real-time.
Catch the full breakdown in the video or in this link: https://pentest-tools.com/change-log
Until next time: Stay sharp. Stay human.
#OffensiveSecurity #EthicalHacking #Infosec #VulnerabilityManagement #ISO27001
##updated 2026-01-23T00:31:24
2 posts
New.
Tenable has added this critical vulnerability to its research advisories:
Critical: CVE-2026-21524: Microsoft Azure Data Explorer Cross-Tenant Data Leak with Custom Dashboard https://www.tenable.com/security/research/tra-2026-14 @tenable #infosec #vulnerability #Microsoft #Azure
##New.
Tenable has added this critical vulnerability to its research advisories:
Critical: CVE-2026-21524: Microsoft Azure Data Explorer Cross-Tenant Data Leak with Custom Dashboard https://www.tenable.com/security/research/tra-2026-14 @tenable #infosec #vulnerability #Microsoft #Azure
##updated 2026-01-20T19:03:30
1 posts
Mailpit SSRF Vulnerability Exploited in Targeted Attacks
Mailpit versions 1.28.0 and earlier are vulnerable to a Server-Side Request Forgery (SSRF) flaw (CVE-2026-21859) that allows attackers to probe internal networks and access sensitive cloud metadata. CrowdSec reports active, intelligence-driven exploitation attempts targeting the /proxy endpoint.
**Ensure development tools like Mailpit are never exposed to the public internet without strict authentication and network segmentation. If you are using Mailpit make sure it's isolated and update ASAP to version 1.28.1. These tools are already attacked and attacks will only get worse.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/mailpit-ssrf-vulnerability-cve-2026-21859-exploited-in-targeted-attacks-3-h-o-g-u/gD2P6Ple2L
updated 2026-01-12T16:48:33.560000
1 posts
2 repos
The flaw, tracked as CVE-2026-0628, was uncovered by researchers at Palo Alto Networks' Unit 42 who found that rogue Chrome extensions could manipulate how the browser handled requests to the embedded Gemini Live side panel. https://www.theregister.com/2026/03/03/google_chrome_bug_gemini/
##updated 2026-01-07T18:30:21
2 posts
A Race Within a Race: Exploiting CVE-2025-38617 in Linux Packet Sockets https://blog.calif.io/p/a-race-within-a-race-exploiting-cve
##A Race Within A Race: Exploiting CVE-2025-38617 in Linux Packet Sockets https://lobste.rs/s/1mya3a #linux #security
https://blog.calif.io/p/a-race-within-a-race-exploiting-cve
updated 2025-12-16T21:30:51
2 posts
2 repos
New.
Picus: CVE-2025-59718: Critical FortiCloud SSO Authentication Bypass https://www.picussecurity.com/resource/blog/cve-2025-59718-critical-forticloud-sso-authentication-bypass #Fortinet #infosec #threatresearch #vulnerability
##New.
Picus: CVE-2025-59718: Critical FortiCloud SSO Authentication Bypass https://www.picussecurity.com/resource/blog/cve-2025-59718-critical-forticloud-sso-authentication-bypass #Fortinet #infosec #threatresearch #vulnerability
##updated 2025-11-05T19:25:42.887000
1 posts
7 repos
https://github.com/foregenix/CVE-2025-54309
https://github.com/0xLittleSpidy/CVE-2025-54309
https://github.com/watchtowrlabs/watchTowr-vs-CrushFTP-Authentication-Bypass-CVE-2025-54309
https://github.com/chin-tech/CrushFTP_CVE-2025-54309
https://github.com/Smileyface101/CrushFTP-AS2-Bypass-Research-CVE-2025-54309
https://github.com/whisperer1290/CVE-2025-54309__Enhanced_exploit
🔵 THREAT INTELLIGENCE
Bruteforce Scans for CrushFTP , (Tue, Mar 3rd)
Vulnerability | CRITICAL
CVEs: CVE-2024-4040, CVE-2025-31161, CVE-2025-54309
CrushFTP is a Java-based open source file transfer system. It is offered for multiple operating systems. If you run a CrushFTP instance, you may...
Full analysis:
https://yazoul.net/news/news/bruteforce-scans-for-crushftp-tue-mar-3rd
updated 2025-10-22T21:12:32.330000
1 posts
Dell has a new advisory:
CVE-2025-23299: Security Update for NVIDIA Bluefield and ConnectX Vulnerabilities https://www.dell.com/support/kbdoc/en-us/000435005/dsa-2026-121-security-update-for-nvidia-bluefield-and-connectx-vulnerabilities #Dell #infosec #vulnerability #Nvidia
##updated 2025-10-22T00:33:17
1 posts
18 repos
https://github.com/0xDTC/CrushFTP-auth-bypass-CVE-2025-31161
https://github.com/ghostsec420/ShatteredFTP
https://github.com/cesarbtakeda/CVE-2025-31161
https://github.com/TX-One/CVE-2025-31161
https://github.com/Dairrow/CVE-2025-31161
https://github.com/acan0007/CVE-2025-31161
https://github.com/Immersive-Labs-Sec/CVE-2025-31161
https://github.com/f4dee-backup/CVE-2025-31161
https://github.com/0xgh057r3c0n/CVE-2025-31161
https://github.com/Drelinss/Blackash-CVE-2025-31161
https://github.com/Teexo/CVE-2025-31161
https://github.com/ch3m1cl/CVE-2025-31161
https://github.com/SUPRAAA-1337/CVE-2025-31161_exploit
https://github.com/Shisones/CVE-2025-31161
https://github.com/SUPRAAA-1337/Nuclei_CVE-2025-31161_CVE-2025-2825
https://github.com/ibrahmsql/CVE-2025-31161
🔵 THREAT INTELLIGENCE
Bruteforce Scans for CrushFTP , (Tue, Mar 3rd)
Vulnerability | CRITICAL
CVEs: CVE-2024-4040, CVE-2025-31161, CVE-2025-54309
CrushFTP is a Java-based open source file transfer system. It is offered for multiple operating systems. If you run a CrushFTP instance, you may...
Full analysis:
https://yazoul.net/news/news/bruteforce-scans-for-crushftp-tue-mar-3rd
updated 2025-10-22T00:33:01
1 posts
18 repos
https://github.com/juanorts/CrushFTP10-Docker-CVE-2024-4040
https://github.com/tucommenceapousser/CVE-2024-4040-Scanner
https://github.com/rbih-boulanouar/CVE-2024-4040
https://github.com/airbus-cert/CVE-2024-4040
https://github.com/jakabakos/CVE-2024-4040-CrushFTP-File-Read-vulnerability
https://github.com/olebris/CVE-2024-4040
https://github.com/0xN7y/CVE-2024-4040
https://github.com/gotr00t0day/CVE-2024-4040
https://github.com/ill-deed/CrushFTP-CVE-2024-4040-illdeed
https://github.com/Stuub/CVE-2024-4040-SSTI-LFI-PoC
https://github.com/1ncendium/CVE-2024-4040
https://github.com/rahisec/CVE-2024-4040
https://github.com/entroychang/CVE-2024-4040
https://github.com/Mufti22/CVE-2024-4040
https://github.com/Praison001/CVE-2024-4040-CrushFTP-server
https://github.com/geniuszly/GenCrushSSTIExploit
https://github.com/dhammerg/CVE-2024-4040
https://github.com/safeer-accuknox/CrushFTP-cve-2024-4040-poc
🔵 THREAT INTELLIGENCE
Bruteforce Scans for CrushFTP , (Tue, Mar 3rd)
Vulnerability | CRITICAL
CVEs: CVE-2024-4040, CVE-2025-31161, CVE-2025-54309
CrushFTP is a Java-based open source file transfer system. It is offered for multiple operating systems. If you run a CrushFTP instance, you may...
Full analysis:
https://yazoul.net/news/news/bruteforce-scans-for-crushftp-tue-mar-3rd
updated 2025-10-21T21:04:55
1 posts
7 repos
https://github.com/nickcopi/CVE-2025-55315-detection-playground
https://github.com/sirredbeard/CVE-2025-55315-repro
https://github.com/MartinFabianIonut/CVE-2025-55315
https://github.com/jlinebau/CVE-2025-55315-Scanner-Monitor
https://github.com/7huukdlnkjkjba/CVE-2025-55315-
#OT #Advisory VDE-2026-001
METTLER TOLEDO: ASP.NET core vulnerability in LabX
LabX 21.2.12 (formerly known as LabX Cloud 1.2.12) is affected by the ASP.NET core vulnerability CVE-2025-55315.
#CVE CVE-2025-55315
https://certvde.com/en/advisories/vde-2026-001/
#oCSAF
#CSAF https://mettler-toledo.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-001.json
updated 2025-10-14T18:31:29
1 posts
CVE-2025-11462 AWS ClientVPN macOS Client Local Privilege Escalation
Bulletin ID: AWS-2025-020 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/10/07 01:30 PM PDT
Description:
AWS Client VPN is a managed client-based VPN service that enables secure access to AWS and ...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-020/
##🔴 CVE-2025-69969 - Critical (9.6)
A lack of authentication and authorization mechanisms in the Bluetooth Low Energy (BLE) communication protocol of SRK Powertech Pvt Ltd Pebble Prism Ultra v2.9.2 allows attackers to reverse engineer the protocol and execute arbitrary commands on t...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69969/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-69969 - Critical (9.6)
A lack of authentication and authorization mechanisms in the Bluetooth Low Energy (BLE) communication protocol of SRK Powertech Pvt Ltd Pebble Prism Ultra v2.9.2 allows attackers to reverse engineer the protocol and execute arbitrary commands on t...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69969/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##CISA warns of multiple vulnerabilities in ePower EV charging stations
CISA warns of multiple vulnerabilities in ePower charging stations, including a critical authentication bypass (CVE-2026-22552), that allow unauthenticated attackers to hijack EV infrastructure and disrupt services.
**Make sure your ePower charging station is isolated from the internet and behind a firewall or VPN. Since the vendor has not released a patch that's your only defense until the vendor does something or you replace these systems.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/cisa-warns-of-multiple-vulnerabilities-in-epower-ev-charging-stations-f-j-9-6-s/gD2P6Ple2L
CISA warns of multiple vulnerabilities in ePower EV charging stations
CISA warns of multiple vulnerabilities in ePower charging stations, including a critical authentication bypass (CVE-2026-22552), that allow unauthenticated attackers to hijack EV infrastructure and disrupt services.
**Make sure your ePower charging station is isolated from the internet and behind a firewall or VPN. Since the vendor has not released a patch that's your only defense until the vendor does something or you replace these systems.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/cisa-warns-of-multiple-vulnerabilities-in-epower-ev-charging-stations-f-j-9-6-s/gD2P6Ple2L
🔴 CVE-2025-50192 - Critical (9.8)
Chamilo is a learning management system. Prior to version 1.11.30, there is a time-based SQL Injection in found in /main/webservices/registration.soap.php. This issue has been patched in version 1.11.30.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-50192/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-50192 - Critical (9.8)
Chamilo is a learning management system. Prior to version 1.11.30, there is a time-based SQL Injection in found in /main/webservices/registration.soap.php. This issue has been patched in version 1.11.30.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-50192/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-50190 - Critical (9.8)
Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via the GET openid.assoc_handle parameter with the /index.php script. This issue has been patched in version 1.11.30.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-50190/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-50190 - Critical (9.8)
Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via the GET openid.assoc_handle parameter with the /index.php script. This issue has been patched in version 1.11.30.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-50190/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-50189 - High (8.8)
Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of data coming from the user from the POST resource[document][SQL_INJECTION_HERE] and POST login parameters found in /main/courseco...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-50189/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-50189 - High (8.8)
Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of data coming from the user from the POST resource[document][SQL_INJECTION_HERE] and POST login parameters found in /main/courseco...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-50189/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-25146 - Critical (9.6)
OpenEMR is a free and open source electronic health records and medical practice management application. From 5.0.2 to before 8.0.0, there are (at least) two paths where the gateway_api_key secret value is rendered to the client in plaintext. Thes...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25146/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-26266 - Critical (9.3)
AliasVault is a privacy-first password manager with built-in email aliasing. A stored cross-site scripting (XSS) vulnerability was identified in the email rendering feature of AliasVault Web Client versions 0.25.3 and lower. When viewing received ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26266/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-28289 - Critical (10)
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. A patch bypass vulnerability for CVE-2026-27636 in FreeScout 1.8.206 and earlier allows any authenticated user with file upload permissions to achieve Remote Code E...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28289/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-28289 - Critical (10)
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. A patch bypass vulnerability for CVE-2026-27636 in FreeScout 1.8.206 and earlier allows any authenticated user with file upload permissions to achieve Remote Code E...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28289/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CRITICAL: CVE-2026-28289 in FreeScout <1.8.207 allows RCE via file upload bypass (zero-width space in .htaccess). Authenticated users can compromise servers. Patch to 1.8.207+ ASAP! https://radar.offseq.com/threat/cve-2026-28289-cwe-434-unrestricted-upload-of-file-e2a6fd58 #OffSeq #FreeScout #Vuln #RCE
##🔴 CVE-2025-52998 - Critical (9.8)
Chamilo is a learning management system. Prior to version 1.11.30, in the application, deserialization of data is performed, the data can be spoofed. An attacker can create objects of arbitrary classes, as well as fully control their properties, a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-52998/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Critical RCE and SSRF Vulnerabilities Discovered in Popular mcp-atlassian Server
mcp-atlassian versions before 0.17.0 contain vulnerabilities (CVE-2026-27825 and CVE-2026-27826) that allow unauthenticated attackers to execute remote code and perform SSRF attacks by exploiting missing path validation and insecure header handling.
**If you use mcp-atlassian, update to version 0.17.0 ASAP. Since these servers run with high privileges and no authentication by default, network isolation is your first defense against unauthorized access and lateral movement withing environments.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-rce-and-ssrf-vulnerabilities-discovered-in-popular-mcp-atlassian-server-m-l-c-6-g/gD2P6Ple2L
Critical RCE and SSRF Vulnerabilities Discovered in Popular mcp-atlassian Server
mcp-atlassian versions before 0.17.0 contain vulnerabilities (CVE-2026-27825 and CVE-2026-27826) that allow unauthenticated attackers to execute remote code and perform SSRF attacks by exploiting missing path validation and insecure header handling.
**If you use mcp-atlassian, update to version 0.17.0 ASAP. Since these servers run with high privileges and no authentication by default, network isolation is your first defense against unauthorized access and lateral movement withing environments.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-rce-and-ssrf-vulnerabilities-discovered-in-popular-mcp-atlassian-server-m-l-c-6-g/gD2P6Ple2L
1 posts
1 repos
https://github.com/Network-Sec/CVE-2025-62507-Buffer-Overflow_PoC
February was about moving from detection to proof.
Here are the top updates in Pentest-Tools.com:
🧪 New research hub - we launched the Offensive Security Research Hub to share original 0-day research, working PoCs, and technical exploit chains built by our own team.
🔐 ISO 27001 certified - we are officially ISO/IEC 27001:2022 certified, providing verified assurance for your sensitive findings.
🎯 One-click RCE validation - Sniper: Auto-Exploiter now supports controlled exploitation for Telnet (CVE-2026-24061) and Ivanti EPMM (CVE-2026-1281) for confirmed proof-of-impact.
🛡️ New detection: Redis RCE - identify exploitable Redis instances (CVE-2025-62507) across internet-facing and internal segments.
🧭 Granular scan logs - Website and API Scanners now display discoveries in the console output in real-time.
Catch the full breakdown in the video or in this link: https://pentest-tools.com/change-log
Until next time: Stay sharp. Stay human.
#OffensiveSecurity #EthicalHacking #Infosec #VulnerabilityManagement #ISO27001
##Issue with AWS-LC: an open-source, general-purpose cryptographic library (CVE-2026-3336, CVE-2026-3337, CVE-2026-3338)
Bulletin ID: 2026-005-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/03/02 14:30 PM PST
Description:
AWS-LC is an open-source, general-purpose cryptographic library. We identified three distin...
https://aws.amazon.com/security/security-bulletins/rss/2026-005-aws/
##🟠 CVE-2026-3338 - High (7.5)
Improper signature validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass signature verification when processing PKCS7 objects with Authenticated Attributes.
Customers of AWS services do not need to take action. Applica...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3338/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Issue with AWS-LC: an open-source, general-purpose cryptographic library (CVE-2026-3336, CVE-2026-3337, CVE-2026-3338)
Bulletin ID: 2026-005-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/03/02 14:30 PM PST
Description:
AWS-LC is an open-source, general-purpose cryptographic library. We identified three distin...
https://aws.amazon.com/security/security-bulletins/rss/2026-005-aws/
##🟠 CVE-2026-3336 - High (7.5)
Improper certificate validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer.
Customers of AWS services do not nee...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3336/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-28286 - High (8.5)
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.2-beta3, the application enforces restrictions in the frontend/UI to prevent users from creating files or folders in internal OS paths. H...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28286/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-52468 - High (8.8)
Chamilo is a learning management system. Prior to version 1.11.30, an input validation vulnerability exists when importing user data from CSV files. This flaw occurs due to insufficient sanitization of user data, specifically in the "Last Name", "...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-52468/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##