## Updated at UTC 2026-07-12T17:49:16.478048

Access data as JSON

CVE CVSS EPSS Posts Repos Nuclei Updated Description
CVE-2026-58596 8.3 0.00% 2 0 2026-07-12T16:16:31.350000 Untrusted pointer dereference in Microsoft Edge (Chromium-based) allows an unaut
CVE-2026-59260 8.8 0.00% 2 0 2026-07-12T12:31:59 OpenWrt luci-app-samba4 read ACL grants file.exec permission on /usr/sbin/smbd,
CVE-2026-56313 8.1 0.00% 2 0 2026-07-12T12:31:59 Capgo before 12.128.2 contains a cross-organization account disruption vulnerabi
CVE-2026-56260 9.1 0.00% 2 0 2026-07-12T12:31:59 Crawl4AI before 0.8.7 contains an arbitrary file write vulnerability in the Dock
CVE-2026-61876 8.8 0.00% 4 0 2026-07-12T12:31:59 LuCI versions fail to properly encode DHCPv6 lease hostnames before rendering in
CVE-2026-56259 8.2 0.00% 2 0 2026-07-12T12:31:59 Crawl4AI before 0.8.8 contains credential exfiltration vulnerabilities in the Do
CVE-2026-61875 8.8 0.00% 2 0 2026-07-12T12:31:59 luci-app-upnp contains a stored cross-site scripting vulnerability that allows u
CVE-2026-56238 7.5 0.00% 2 0 2026-07-12T12:31:54 Capgo before 12.128.2 contains an information disclosure vulnerability in the Su
CVE-2026-15491 7.3 0.45% 1 0 2026-07-12T12:31:47 A weakness has been identified in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0
CVE-2026-56271 9.8 0.00% 2 0 2026-07-12T12:16:45.290000 Flowise before 3.1.0 (affected versions 3.0.13 and earlier) uses weak hardcoded
CVE-2026-56241 8.3 0.00% 2 0 2026-07-12T12:16:44.730000 Capgo before 12.128.2 contains a privilege escalation vulnerability where demote
CVE-2026-15484 8.8 0.42% 3 0 2026-07-12T07:16:25.107000 A vulnerability was detected in TRENDnet TEW-821DAP 1.12B01. The affected elemen
CVE-2026-15483 8.8 0.42% 4 0 2026-07-12T07:16:24.927000 A security vulnerability has been detected in TRENDnet TEW-821DAP 1.12B01. Impac
CVE-2026-15481 8.8 0.43% 4 0 2026-07-12T06:31:17 A security flaw has been discovered in Trendnet TEW-635BRM up to 1.00.03. This v
CVE-2026-15480 8.8 0.42% 2 0 2026-07-12T06:31:17 A vulnerability was identified in Trendnet TEW-635BRM up to 1.00.03. This affect
CVE-2026-58281 8.3 0.70% 4 0 2026-07-11T21:16:23.903000 Deserialization of untrusted data in Microsoft Edge (Chromium-based) allows an u
CVE-2026-61447 10.0 0.54% 4 0 2026-07-11T15:30:30 PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAg
CVE-2026-61445 9.9 0.54% 4 0 2026-07-11T15:30:29 PraisonAI before 4.6.78 contains arbitrary file write and command execution vuln
CVE-2026-61439 7.5 0.26% 2 0 2026-07-11T15:30:29 PraisonAI versions before 4.6.78 contain a prompt injection defense misconfigura
CVE-2026-61429 8.5 0.22% 2 0 2026-07-11T15:30:29 PraisonAI versions before 1.6.78 contain a server-side request forgery vulnerabi
CVE-2026-60090 9.8 0.41% 4 0 2026-07-11T15:30:23 PraisonAI before 4.6.78 fails to validate the caller-controlled dimension argume
CVE-2026-61426 8.6 0.32% 2 0 2026-07-11T14:16:22.483000 PraisonAI before 1.7.3 contains an insecure default configuration that binds to
CVE-2026-56303 7.5 0.30% 2 0 2026-07-11T14:16:21.820000 Capgo before 12.128.2 contains an information disclosure vulnerability in the fi
CVE-2026-57828 None 0.26% 2 0 2026-07-11T12:30:29 The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary
CVE-2026-57827 0 0.29% 2 0 2026-07-11T10:16:34.057000 The Joomla extension RSFiles is vulnerable to an unauthenticated arbitrary file
CVE-2026-4661 7.5 0.33% 2 0 2026-07-11T09:34:25 The WP CTA – Sticky CTA Builder, Generate Leads, Promote Sales plugin for WordPr
CVE-2026-9282 7.5 0.68% 4 0 2026-07-11T09:34:25 The W3 Total Cache plugin for WordPress is vulnerable to Directory Traversal in
CVE-2025-6784 8.8 0.48% 2 0 2026-07-11T09:34:18 The Code Engine plugin for WordPress is vulnerable to Remote Code Execution in a
CVE-2026-1359 8.8 0.31% 4 0 2026-07-11T09:16:16.020000 The Genolve – AI image AI video generation plugin for WordPress is vulnerable to
CVE-2026-15155 8.8 0.37% 2 0 2026-07-11T07:16:46.170000 The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugi
CVE-2026-13114 7.2 0.25% 2 0 2026-07-11T06:31:24 The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is
CVE-2026-15335 7.5 0.48% 3 0 2026-07-11T06:31:24 The Booking Package plugin for WordPress is vulnerable to generic SQL Injection
CVE-2026-13378 7.2 0.26% 1 0 2026-07-11T06:31:24 The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable t
CVE-2026-14262 8.8 0.39% 2 0 2026-07-11T06:31:24 The Simple JWT Login – Allows you to use JWT on REST endpoints. plugin for WordP
CVE-2026-2354 8.8 0.55% 2 0 2026-07-11T06:31:24 The Swiss Toolkit For WP plugin for WordPress is vulnerable to arbitrary file up
CVE-2026-7655 8.1 0.30% 3 0 2026-07-11T06:31:24 The SureCart plugin for WordPress is vulnerable to privilege escalation via acco
CVE-2026-15338 7.5 0.56% 1 0 2026-07-11T06:31:24 The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Lo
CVE-2026-56291 9.8 0.84% 7 0 2026-07-11T05:16:34.310000 The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary
CVE-2026-13353 8.8 0.61% 1 0 2026-07-11T04:17:16.937000 The WP Ultimate CSV Importer – WordPress Import & Export for CSV, XML & Excel pl
CVE-2026-13756 8.8 0.31% 2 0 2026-07-11T02:32:48 The WP Grid Builder plugin for WordPress is vulnerable to Privilege Escalation i
CVE-2026-14480 9.9 0.62% 2 0 2026-07-11T00:31:56 OpenPLC Runtime v3 contains an authenticated arbitrary file write vulnerability
CVE-2026-44383 7.5 0.56% 1 0 2026-07-11T00:31:56 Multiple connections to the backend using the same charging station ID are allo
CVE-2026-42952 7.5 0.38% 1 0 2026-07-10T23:16:48.203000 Previously, there was no throttling on repeated authentication attempts to the
CVE-2026-20744 9.8 0.52% 3 0 2026-07-10T23:16:47.683000 The charging station websocket endpoint accepts connections without proper auth
CVE-2026-55884 0 0.40% 1 0 2026-07-10T22:16:44.423000 Tilt defines dev environments as code for microservice apps on Kubernetes. From
CVE-2025-70796 7.5 0.56% 2 0 2026-07-10T21:33:30 An unauthenticated path traversal vulnerability exists in the web management int
CVE-2026-51119 9.1 0.38% 2 1 2026-07-10T21:33:30 An issue in Invixium IXM WEB v.2.3.85.25 allows an attacker to escalate privileg
CVE-2026-39244 7.5 0.43% 2 0 2026-07-10T21:33:30 adm-zip before 0.5.18 is vulnerable to denial of service via a crafted ZIP file
CVE-2026-12761 9.8 0.46% 3 0 2026-07-10T21:32:40 The miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) pl
CVE-2026-61461 8.8 0.36% 2 0 2026-07-10T21:32:40 Dify before 1.16.0-rc1 contains a SQL injection vulnerability in the MyScale vec
CVE-2026-57807 9.8 0.43% 2 0 2026-07-10T21:32:40 Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOr
CVE-2026-57850 8.3 0.33% 1 1 2026-07-10T21:32:40 RustDesk before 1.4.9 does not enforce a session's authorized connection scope o
CVE-2026-61460 8.8 0.28% 1 0 2026-07-10T21:32:32 Krayin CRM through 2.2.3 contains an insecure direct object reference vulnerabil
CVE-2026-61459 9.8 0.42% 1 0 2026-07-10T21:32:32 MCP Server Kubernetes before 3.9.0 contains an argument injection vulnerability
CVE-2026-5801 9.8 0.40% 1 0 2026-07-10T21:32:32 Improper neutralization of special elements used in an SQL command ('SQL injecti
CVE-2026-58499 8.2 0.36% 1 0 2026-07-10T21:17:00.197000 EverOS is a memory runtime for agents. Prior to 1.0.1, EverOS is vulnerable to p
CVE-2026-55827 7.5 0.45% 1 0 2026-07-10T21:16:57.267000 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.27.1
CVE-2026-55233 7.5 0.34% 3 0 2026-07-10T21:16:55.760000 OpenResty is a high performance web platform. From 1.29.2.1 to before 1.29.2.5,
CVE-2026-54329 8.5 0.39% 2 0 2026-07-10T21:16:55.297000 Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the Accessori
CVE-2026-6212 8.8 0.25% 2 0 2026-07-10T20:16:49.257000 Authorization bypass through User-Controlled key vulnerability in Teracity Softw
CVE-2025-30007 8.8 2.08% 2 0 2026-07-10T19:21:09.530000 HestiaCP before 1.9.5 contains an authenticated OS command injection vulnerabili
CVE-2026-55604 8.6 0.22% 1 0 2026-07-10T19:20:32.893000 DeepSeek MCP Server is an MCP server for DeepSeek V4. Starting in version 1.4.2
CVE-2026-33655 7.7 0.44% 1 0 2026-07-10T19:17:58.040000 New API is a large language mode (LLM) gateway and artificial intelligence (AI)
CVE-2026-54063 7.5 0.57% 2 0 2026-07-10T19:17:24.330000 Excelize is a Go language library for reading and writing Microsoft Excel spread
CVE-2026-40452 7.5 0.26% 2 0 2026-07-10T19:17:23.540000 Incorrect Authorization, Improper Access Control vulnerability in Apache IoTDB.
CVE-2026-12598 8.1 0.35% 1 0 2026-07-10T19:17:20.113000 The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass i
CVE-2026-12685 7.5 0.22% 1 0 2026-07-10T18:33:19 The EscortWP escortwp WordPress theme through 3.6.2 was distributed with a vendo
CVE-2025-45422 8.1 0.45% 1 1 2026-07-10T18:33:14 Incorrect access control in Proximus b-box v8c.725A allows authenticated attacke
CVE-2026-2397 9.8 0.27% 2 0 2026-07-10T18:32:31 Improper neutralization of special elements used in an SQL command ('SQL injecti
CVE-2026-33382 7.5 0.38% 1 0 2026-07-10T18:32:26 Several Grafana API endpoints, some of them unauthenticated, do not limit the si
CVE-2026-48939 9.8 1.50% 4 2 2026-07-10T18:32:03 A vulnerability in the iCagenda extension for Joomla allows the upload of arbitr
CVE-2026-22659 8.1 0.28% 2 0 2026-07-10T18:22:49.657000 FlaskBB through 2.2.0, fixed in commit acc88cf, contains an authorization bypass
CVE-2026-2398 8.8 0.25% 2 1 2026-07-10T18:16:20.733000 Authorization bypass through User-Controlled key vulnerability in Adam Retail Au
CVE-2026-59795 8.1 0.27% 2 0 2026-07-10T18:01:31.563000 In JetBrains TeamCity before 2026.1.2 stored XSS via unauthenticated agent regis
CVE-2026-56765 9.8 0.35% 2 0 2026-07-10T17:56:00.910000 Vikunja before 2.2.1 contains an authorization flaw where the LinkSharing.ReadAl
CVE-2026-58143 8.8 0.18% 1 0 2026-07-10T17:56:00.910000 Cotonti Siena 0.9.26 and earlier contains a cross-site request forgery vulnerabi
CVE-2026-15378 9.3 0.42% 4 0 2026-07-10T17:49:57.737000 A flaw was found in the `guardrails-detectors` component. This vulnerability all
CVE-2026-15143 9.3 0.26% 3 0 2026-07-10T17:49:57.737000 A flaw was found in the file_type content detector of guardrails-detectors. This
CVE-2026-61437 7.8 0.13% 2 0 2026-07-10T17:41:47.303000 PraisonAI (pip package praisonaiagents) before 1.6.78 contains an unsafe dynamic
CVE-2026-55638 8.6 0.37% 2 0 2026-07-10T17:35:11.103000 9Router is an AI router & token saver. Prior to 0.5.2, 9router protects /v1, /v1
CVE-2026-55500 9.9 0.69% 1 0 2026-07-10T17:25:46.957000 9Router is an AI router & token saver. Prior to 0.4.80, the /api/settings/databa
CVE-2026-40008 9.8 0.33% 2 0 2026-07-10T16:16:30.343000 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection
CVE-2026-40007 7.5 0.28% 2 0 2026-07-10T16:16:30.140000 Uncontrolled Recursion, Uncontrolled Resource Consumption vulnerability in Apach
CVE-2026-40006 7.5 0.32% 2 0 2026-07-10T16:16:29.893000 Memory Allocation with Excessive Size Value, Allocation of Resources Without Lim
CVE-2026-40005 9.1 0.35% 2 0 2026-07-10T16:16:29.703000 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') v
CVE-2026-15070 8.8 0.26% 1 0 2026-07-10T16:16:25.573000 The Salon Booking System – Free Version plugin for WordPress is vulnerable to Cr
CVE-2026-56690 8.5 0.23% 2 0 2026-07-10T15:45:33.663000 Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutral
CVE-2026-56305 8.3 0.36% 2 0 2026-07-10T15:44:09.370000 Capgo before 12.128.2 contains an authentication bypass vulnerability in the pas
CVE-2026-12595 8.1 0.35% 1 0 2026-07-10T15:43:30.330000 The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass v
CVE-2026-61434 8.8 0.58% 2 0 2026-07-10T15:31:49 PraisonAI versions before 4.6.78 contain an allowlist bypass vulnerability in sh
CVE-2026-54469 8.8 0.44% 2 0 2026-07-10T15:31:48 Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior, contain(s) a Deseria
CVE-2026-38059 7.5 0.59% 2 0 2026-07-10T15:31:48 The iDirect iQ200 exposes the /api/identity and /api/ REST API endpoints without
CVE-2026-38057 8.1 0.31% 2 0 2026-07-10T15:31:48 The iDirect iQ200 does not validate CSRF tokens on state-changing API endpoints
CVE-2026-29519 8.2 0.39% 2 1 2026-07-10T15:31:48 Lucee CFML Server versions across the 5.3.x, 6.1.x, 6.2.x, and 7.0.x release lin
CVE-2026-56279 7.5 0.31% 2 0 2026-07-10T15:31:48 Capgo before 12.128.2 contains an information disclosure vulnerability in the ge
CVE-2026-56261 8.6 0.37% 2 0 2026-07-10T15:31:48 Crawl4AI before 0.8.7 contains a server-side request forgery (SSRF) vulnerabilit
CVE-2026-59796 8.1 0.25% 2 0 2026-07-10T15:31:48 In JetBrains TeamCity before 2026.1.2 pipeline modification was possible due to
CVE-2026-59793 8.8 0.34% 2 0 2026-07-10T15:31:48 In JetBrains TeamCity before 2026.1.2 arbitrary file access was possible via the
CVE-2026-59792 9.6 0.42% 2 0 2026-07-10T15:31:48 In JetBrains IntelliJ IDEA before 2026.1.4, 2026.2 code execution via path trav
CVE-2026-61444 9.1 0.39% 2 0 2026-07-10T15:31:48 PraisonAI versions before 4.6.78 contain a code injection vulnerability in deplo
CVE-2026-11903 8.0 0.23% 1 0 2026-07-10T14:01:59.527000 Improper neutralization of input during web page generation ('cross-site scripti
CVE-2026-56689 7.7 0.21% 2 0 2026-07-10T12:31:56 Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutral
CVE-2026-56688 9.1 1.29% 3 0 2026-07-10T12:31:56 Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutral
CVE-2026-41880 None 1.33% 1 0 2026-07-10T12:31:56 R-SOFT DMS is vulnerable to OS Command Injection in the Optical Character Recogn
CVE-2026-54423 8.2 0.52% 1 0 2026-07-10T09:31:36 In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nod
CVE-2026-15300 9.1 0.35% 1 0 2026-07-10T06:31:33 The GEO my WP plugin for WordPress was vulnerable to SQL Injection via the 'dist
CVE-2026-14894 9.8 0.52% 2 1 2026-07-10T06:31:28 The Super Forms – Drag & Drop Form Builder plugin for WordPress is vulnerable to
CVE-2026-14544 9.8 0.51% 1 0 2026-07-10T05:16:28.067000 A flaw was found in HPLIP (HP Linux Imaging and Printing Software). This vulnera
CVE-2026-12597 8.1 0.42% 1 0 2026-07-10T00:31:34 The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass v
CVE-2026-58123 9.8 0.93% 2 0 2026-07-10T00:31:34 Hermes WebUI before 0.51.788 contains an unauthenticated remote code execution v
CVE-2026-57026 7.5 0.46% 1 0 2026-07-10T00:31:33 An Improper Validation of Syntactic Correctness of Input vulnerability in the SI
CVE-2026-57023 7.5 0.46% 1 0 2026-07-10T00:31:33 An Improper Validation of Specified Quantity in Input vulnerability in the TCP p
CVE-2026-58122 9.1 0.29% 2 0 2026-07-10T00:31:33 Hermes WebUI before 0.51.307 contains an authentication bypass vulnerability tha
CVE-2026-46215 7.8 0.13% 1 2 2026-07-09T21:31:14 In the Linux kernel, the following vulnerability has been resolved: drm: Set ol
CVE-2026-44825 8.1 0.53% 1 2 2026-07-09T20:59:06 Hardcoded credentials in the Basic Authentication setup tool (bin/solr auth enab
CVE-2026-13698 7.5 0.55% 1 0 2026-07-09T15:32:20 A memory leak in OpenVPN version 2.5.0 through 2.5.11, 2.6.0 through 2.6.20 and
CVE-2026-15128 6.1 0.14% 1 0 2026-07-09T12:31:30 Inappropriate implementation in Forms in Google Chrome prior to 150.0.7871.115 a
CVE-2026-9253 7.2 0.20% 1 0 2026-07-09T12:30:35 The WP Cost Estimation & Payment Forms Builder (E&P Forms) plugin for WordPress
CVE-2026-14245 9.8 0.59% 1 0 2026-07-09T09:30:40 The miniOrange OTP Login, Verification and SMS Notifications plugin for WordPres
CVE-2026-43499 7.8 0.12% 4 9 2026-07-09T00:32:11 In the Linux kernel, the following vulnerability has been resolved: rtmutex: Us
CVE-2026-11405 9.8 0.67% 4 1 2026-07-08T15:32:52 The web server binary /bin/httpd contains a hidden backdoor authentication mecha
CVE-2026-56290 9.8 2.91% 4 3 2026-07-08T13:37:08.977000 The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitra
CVE-2026-53359 0 0.18% 1 5 2026-07-08T05:16:27.990000 In the Linux kernel, the following vulnerability has been resolved: KVM: x86: F
CVE-2026-59706 9.3 0.26% 1 0 2026-07-08T00:38:03 mem0 contains unauthenticated config API endpoints that expose LLM API keys in p
CVE-2026-55255 8.4 0.47% 3 1 2026-07-07T22:14:37 ## Summary Insecure Direct Object Reference (IDOR) vulnerability in `/api/v1/re
CVE-2026-48282 10.0 28.58% 7 2 template 2026-07-07T21:32:33 ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limi
CVE-2026-40138 8.1 0.42% 1 0 2026-07-07T16:16:38.780000 A critical pre-authentication vulnerability exists in the authentication subsyst
CVE-2026-24014 9.8 0.51% 1 0 2026-07-06T21:31:39 Apache IoTDB DataNode’s internal RPC interface for creating Trigger instances us
CVE-2026-54771 8.1 0.39% 1 0 2026-07-06T20:42:19 ## Summary A Langroid application exposing a chat interface to untrusted users
CVE-2026-54769 10.0 0.91% 1 0 2026-07-06T20:42:02 ### Advisory Details **Title**: Sandbox Escape to Remote Code Execution via Inco
CVE-2026-13753 7.5 0.27% 1 0 2026-07-06T20:16:29.737000 A missing authorization vulnerability exists in the embedded webserver of HP Des
CVE-2026-13768 10.0 0.56% 1 2 2026-07-06T19:42:32.890000 Gardyn devices expose a privileged iothubowner key. Access to this key will allo
CVE-2026-23537 9.1 0.57% 1 0 2026-07-02T12:32:04 A vulnerability has been identified in the Feast Feature Server’s `/save-documen
CVE-2026-41851 5.3 0.36% 1 0 2026-06-27T21:16:30.420000 Applications which accept user-supplied Spring Expression Language (SpEL) expres
CVE-2017-8046 9.8 74.36% 1 10 template 2026-06-26T18:44:14.703000 Malicious PATCH requests submitted to servers using Spring Data REST versions pr
CVE-2026-57589 7.4 0.12% 1 0 2026-06-25T03:31:50 sys/kern/sysv_sem.c in OpenBSD through 7.9 has a use-after-free allowing local p
CVE-2026-44795 8.5 1.00% 2 0 2026-06-22T20:43:39 ### Impact There's an unsafe YAML processing vulnerability that bypasses safe de
CVE-2026-54003 None 0.55% 1 0 2026-06-18T15:04:58 ### TL;DR This vulnerability affects Kirby sites that have no configured user a
CVE-2026-55229 7.5 0.36% 2 0 2026-06-18T13:04:55 **Summary** Server-Side Request Forgery (SSRF) vulnerability affecting the `/f
CVE-2026-55405 7.6 0.35% 2 0 2026-06-17T18:39:57 ### Summary The MariaDB and pgvector embedding stores build metadata-filter SQL
CVE-2026-5027 8.8 31.41% 2 6 template 2026-06-17T10:58:17.977000 The 'POST /api/v2/files' endpoint does not sanitize the 'filename' parameter fro
CVE-2026-48611 9.8 2.86% 1 3 template 2026-06-17T10:55:09.423000 Improper authentication checks in the OAuth implementation allow account hijacki
CVE-2026-47291 9.8 21.51% 7 2 2026-06-17T10:54:28.290000 Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attack
CVE-2025-41253 7.5 0.45% 1 0 2026-06-17T09:22:40.703000 The following versions of Spring Cloud Gateway Server Webflux may be vulnerable
CVE-2022-22980 9.8 16.90% 1 8 2026-06-17T04:29:17.273000 A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Qu
CVE-2016-4977 8.8 79.18% 1 2 2026-06-17T00:48:32.683000 When processing authorization requests using the whitelabel views in Spring Secu
CVE-2026-50656 7.8 3.39% 3 2 2026-06-16T21:31:57 Microsoft is aware of an elevation of privilege in the Microsoft Malware Protect
CVE-2026-41717 8.1 0.33% 1 0 2026-06-10T00:31:59 Spring Data MongoDB contains a SpEL (Spring Expression Language) expression inje
CVE-2026-41729 8.1 0.39% 1 1 2026-06-10T00:31:59 Spring Data REST is vulnerable to SpEL expression injection through map-typed pr
CVE-2026-41719 6.4 0.20% 1 0 2026-06-10T00:31:59 A SpEL Injection vulnerability exists in the Spring Data KeyValue if unsanitized
CVE-2026-40639 5.7 0.12% 1 0 2026-06-09T21:32:37 Dell Client Platform BIOS contains a Weak Encoding for Password vulnerability. A
CVE-2026-41852 3.7 0.16% 1 0 2026-06-09T06:32:07 A vulnerability in Spring Expression Language (SpEL) evaluation logic allows for
CVE-2026-41850 7.5 0.36% 1 0 2026-06-09T06:32:06 Applications that evaluate user-supplied Spring Expression Language (SpEL) expre
CVE-2026-41849 7.5 0.26% 1 0 2026-06-09T06:32:06 An integer overflow vulnerability exists in the evaluation logic of the Spring E
CVE-2026-1207 None 9.44% 2 1 template 2026-06-05T16:24:43 An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4
CVE-2026-31694 7.8 0.13% 1 1 2026-06-01T18:32:31 In the Linux kernel, the following vulnerability has been resolved: fuse: rejec
CVE-2026-38431 9.8 0.39% 1 0 2026-05-06T18:31:37 ERPNext v15.103.1 and before is vulnerable to Server-Side Template Injection (SS
CVE-2025-3248 None 99.99% 3 27 template 2025-11-05T20:12:46 Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v
CVE-2022-22963 9.8 99.94% 1 38 template 2025-10-22T19:18:03 In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, w
CVE-2024-38808 4.3 0.54% 1 0 2025-06-18T17:46:29 In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it i
CVE-2023-20861 6.5 0.97% 1 0 2025-02-25T18:40:06 In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.
CVE-2018-1260 9.8 8.35% 1 1 2024-05-14T17:55:42 Spring Security OAuth versions prior to 2.3.3, prior to 2.2.2, prior to 2.1.2, a
CVE-2018-1273 9.8 95.65% 1 8 template 2024-03-20T14:20:44 Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older
CVE-2022-22947 10.0 98.25% 1 69 template 2023-07-24T19:30:19 In Spring Cloud Gateway versions prior to 3.1.1+ and 3.0.7+ , applications are v
CVE-2022-22950 6.5 35.83% 1 0 2023-03-28T22:26:11 In Spring Framework versions 5.3.0 - 5.3.16, 5.2.0.RELEASE - 5.2.19.RELEASE, and
CVE-2026-20896 0 0.78% 2 3 N/A
CVE-2026-53486 0 0.00% 2 0 N/A
CVE-2026-53657 0 0.20% 2 0 N/A
CVE-2026-55687 0 0.39% 2 0 N/A
CVE-2026-55641 0 0.25% 2 0 N/A
CVE-2026-56675 0 0.32% 2 0 N/A
CVE-2026-56668 0 0.23% 2 0 N/A
CVE-2026-55516 0 0.22% 2 0 N/A
CVE-2026-59151 0 0.30% 2 0 N/A
CVE-2026-55377 0 0.26% 2 0 N/A
CVE-2026-52747 0 0.46% 2 0 N/A
CVE-2026-49213 0 0.32% 2 0 N/A
CVE-2026-57220 0 0.43% 2 0 N/A
CVE-2026-55175 0 0.61% 1 0 N/A
CVE-2026-55213 0 0.34% 1 0 N/A
CVE-2026-55659 0 0.27% 1 0 N/A
CVE-2026-55879 0 0.27% 1 0 N/A
CVE-2026-55789 0 0.30% 1 0 N/A
CVE-2026-54149 0 0.38% 1 0 N/A
CVE-2026-13117 0 0.00% 1 0 N/A
CVE-2026-12932 0 0.00% 1 0 N/A
CVE-2026-12996 0 0.00% 1 0 N/A
CVE-2026-59834 0 0.38% 1 0 N/A
CVE-2026-59832 0 0.32% 1 0 N/A
CVE-2026-54433 0 0.00% 1 0 N/A
CVE-2026-57155 0 0.00% 1 0 N/A

CVE-2026-58596
(8.3 HIGH)

EPSS: 0.00%

updated 2026-07-12T16:16:31.350000

2 posts

Untrusted pointer dereference in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a network.

thehackerwire@mastodon.social at 2026-07-12T17:00:05.000Z ##

🟠 CVE-2026-58596 - High (8.3)

Untrusted pointer dereference in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a network.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-12T17:00:05.000Z ##

🟠 CVE-2026-58596 - High (8.3)

Untrusted pointer dereference in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a network.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-59260
(8.8 HIGH)

EPSS: 0.00%

updated 2026-07-12T12:31:59

2 posts

OpenWrt luci-app-samba4 read ACL grants file.exec permission on /usr/sbin/smbd, allowing authenticated delegated users to execute the Samba daemon with caller-controlled command-line arguments. Attackers can pass arbitrary Samba global options such as message command to a root smbd process, triggering command execution when SMB protocol messages are processed.

thehackerwire@mastodon.social at 2026-07-12T14:00:49.000Z ##

🟠 CVE-2026-59260 - High (8.8)

OpenWrt luci-app-samba4 read ACL grants file.exec permission on /usr/sbin/smbd, allowing authenticated delegated users to execute the Samba daemon with caller-controlled command-line arguments. Attackers can pass arbitrary Samba global options suc...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-12T14:00:49.000Z ##

🟠 CVE-2026-59260 - High (8.8)

OpenWrt luci-app-samba4 read ACL grants file.exec permission on /usr/sbin/smbd, allowing authenticated delegated users to execute the Samba daemon with caller-controlled command-line arguments. Attackers can pass arbitrary Samba global options suc...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-56313
(8.1 HIGH)

EPSS: 0.00%

updated 2026-07-12T12:31:59

2 posts

Capgo before 12.128.2 contains a cross-organization account disruption vulnerability in the SSO prelink endpoint that allows enterprise administrators to delete password identities of users in foreign organizations. Attackers with org.update_settings permission and an active SSO provider can call the prelink-users endpoint to permanently remove email-based authentication for any user matching the

thehackerwire@mastodon.social at 2026-07-12T14:00:28.000Z ##

🟠 CVE-2026-56313 - High (8.1)

Capgo before 12.128.2 contains a cross-organization account disruption vulnerability in the SSO prelink endpoint that allows enterprise administrators to delete password identities of users in foreign organizations. Attackers with org.update_setti...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-12T14:00:28.000Z ##

🟠 CVE-2026-56313 - High (8.1)

Capgo before 12.128.2 contains a cross-organization account disruption vulnerability in the SSO prelink endpoint that allows enterprise administrators to delete password identities of users in foreign organizations. Attackers with org.update_setti...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-56260
(9.1 CRITICAL)

EPSS: 0.00%

updated 2026-07-12T12:31:59

2 posts

Crawl4AI before 0.8.7 contains an arbitrary file write vulnerability in the Docker API server's /screenshot and /pdf endpoints. The output_path parameter accepts arbitrary filesystem paths without validation, allowing an attacker to supply absolute or path-traversal values to write to any location writable by the application's user, overwriting server files and causing denial of service.

thehackerwire@mastodon.social at 2026-07-12T14:00:05.000Z ##

🔴 CVE-2026-56260 - Critical (9.1)

Crawl4AI before 0.8.7 contains an arbitrary file write vulnerability in the Docker API server's /screenshot and /pdf endpoints. The output_path parameter accepts arbitrary filesystem paths without validation, allowing an attacker to supply absolut...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-12T14:00:05.000Z ##

🔴 CVE-2026-56260 - Critical (9.1)

Crawl4AI before 0.8.7 contains an arbitrary file write vulnerability in the Docker API server's /screenshot and /pdf endpoints. The output_path parameter accepts arbitrary filesystem paths without validation, allowing an attacker to supply absolut...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-61876
(8.8 HIGH)

EPSS: 0.00%

updated 2026-07-12T12:31:59

4 posts

LuCI versions fail to properly encode DHCPv6 lease hostnames before rendering in status tables, allowing adjacent network attackers to inject HTML markup. Attackers can send a DHCPv6 Client FQDN containing script tags that execute in the administrator's browser when viewing DHCP lease pages.

offseq at 2026-07-12T13:30:26.978Z ##

OpenWrt LuCI hit by CRITICAL XSS (CVE-2026-61876, CVSS 9.4): DHCPv6 hostnames not properly encoded, enabling adjacent attackers to inject scripts into admin browsers. Restrict interface access, monitor advisories. radar.offseq.com/threat/cve-20

##

thehackerwire@mastodon.social at 2026-07-12T13:00:10.000Z ##

🟠 CVE-2026-61876 - High (8.8)

LuCI versions fail to properly encode DHCPv6 lease hostnames before rendering in status tables, allowing adjacent network attackers to inject HTML markup. Attackers can send a DHCPv6 Client FQDN containing script tags that execute in the administr...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-07-12T13:30:26.000Z ##

OpenWrt LuCI hit by CRITICAL XSS (CVE-2026-61876, CVSS 9.4): DHCPv6 hostnames not properly encoded, enabling adjacent attackers to inject scripts into admin browsers. Restrict interface access, monitor advisories. radar.offseq.com/threat/cve-20 #OffSeq #OpenWrt #XSS #Infosec

##

thehackerwire@mastodon.social at 2026-07-12T13:00:10.000Z ##

🟠 CVE-2026-61876 - High (8.8)

LuCI versions fail to properly encode DHCPv6 lease hostnames before rendering in status tables, allowing adjacent network attackers to inject HTML markup. Attackers can send a DHCPv6 Client FQDN containing script tags that execute in the administr...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-56259
(8.2 HIGH)

EPSS: 0.00%

updated 2026-07-12T12:31:59

2 posts

Crawl4AI before 0.8.8 contains credential exfiltration vulnerabilities in the Docker API server that allow attackers to redirect LLM API calls to attacker-controlled endpoints and read arbitrary environment variables. Attackers can exploit the unauthenticated /md, /llm, and /llm/job endpoints by supplying a malicious base_url parameter and setting api_token to env:VARIABLE_NAME to exfiltrate provi

thehackerwire@mastodon.social at 2026-07-12T13:00:19.000Z ##

🟠 CVE-2026-56259 - High (8.2)

Crawl4AI before 0.8.8 contains credential exfiltration vulnerabilities in the Docker API server that allow attackers to redirect LLM API calls to attacker-controlled endpoints and read arbitrary environment variables. Attackers can exploit the una...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-12T13:00:19.000Z ##

🟠 CVE-2026-56259 - High (8.2)

Crawl4AI before 0.8.8 contains credential exfiltration vulnerabilities in the Docker API server that allow attackers to redirect LLM API calls to attacker-controlled endpoints and read arbitrary environment variables. Attackers can exploit the una...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-61875
(8.8 HIGH)

EPSS: 0.00%

updated 2026-07-12T12:31:59

2 posts

luci-app-upnp contains a stored cross-site scripting vulnerability that allows unauthenticated LAN clients to inject JavaScript via UPnP IGD AddPortMapping SOAP requests. Attackers can send malicious HTML in the NewPortMappingDescription field, which miniupnpd stores and luci-app-upnp renders without output encoding, executing the payload when administrators view the UPnP or Status pages.

thehackerwire@mastodon.social at 2026-07-12T12:59:59.000Z ##

🟠 CVE-2026-61875 - High (8.8)

luci-app-upnp contains a stored cross-site scripting vulnerability that allows unauthenticated LAN clients to inject JavaScript via UPnP IGD AddPortMapping SOAP requests. Attackers can send malicious HTML in the NewPortMappingDescription field, wh...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-12T12:59:59.000Z ##

🟠 CVE-2026-61875 - High (8.8)

luci-app-upnp contains a stored cross-site scripting vulnerability that allows unauthenticated LAN clients to inject JavaScript via UPnP IGD AddPortMapping SOAP requests. Attackers can send malicious HTML in the NewPortMappingDescription field, wh...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-56238
(7.5 HIGH)

EPSS: 0.00%

updated 2026-07-12T12:31:54

2 posts

Capgo before 12.128.2 contains an information disclosure vulnerability in the Supabase PostgREST global_stats endpoint that allows unauthenticated attackers to read sensitive financial and operational metrics using only the public apikey. Remote attackers can query the /rest/v1/global_stats endpoint to expose MRR, total revenue, plan-tier revenue breakdown, customer counts, and operational telemet

thehackerwire@mastodon.social at 2026-07-12T14:00:58.000Z ##

🟠 CVE-2026-56238 - High (7.5)

Capgo before 12.128.2 contains an information disclosure vulnerability in the Supabase PostgREST global_stats endpoint that allows unauthenticated attackers to read sensitive financial and operational metrics using only the public apikey. Remote a...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-12T14:00:58.000Z ##

🟠 CVE-2026-56238 - High (7.5)

Capgo before 12.128.2 contains an information disclosure vulnerability in the Supabase PostgREST global_stats endpoint that allows unauthenticated attackers to read sensitive financial and operational metrics using only the public apikey. Remote a...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-15491
(7.3 HIGH)

EPSS: 0.45%

updated 2026-07-12T12:31:47

1 posts

A weakness has been identified in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. This affects an unknown part. This manipulation causes missing authentication. The attack is possible to be carried out remotely. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. Th

hugovalters@mastodon.social at 2026-07-12T12:01:30.000Z ##

CVE-2026-15491 - Missing Authentication in RafyMrX TOKO-ONLINE-ROTI. Remote exploitation possible. CVSS 7.3. No patch available. Monitor closely. #CVE #infosec #cybersecurity

valtersit.com/cve/CVE-2026-154

##

CVE-2026-56271
(9.8 CRITICAL)

EPSS: 0.00%

updated 2026-07-12T12:16:45.290000

2 posts

Flowise before 3.1.0 (affected versions 3.0.13 and earlier) uses weak hardcoded default JWT secrets ('auth_token', 'refresh_token') and default audience and issuer values ('AUDIENCE', 'ISSUER') in the enterprise passport authentication middleware (packages/server/src/enterprise/middleware/passport/index.ts). When the corresponding environment variables (JWT_AUTH_TOKEN_SECRET, JWT_REFRESH_TOKEN_SEC

thehackerwire@mastodon.social at 2026-07-12T14:00:16.000Z ##

🔴 CVE-2026-56271 - Critical (9.8)

Flowise before 3.1.0 (affected versions 3.0.13 and earlier) uses weak hardcoded default JWT secrets ('auth_token', 'refresh_token') and default audience and issuer values ('AUDIENCE', 'ISSUER') in the enterprise passport authentication middleware ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-12T14:00:16.000Z ##

🔴 CVE-2026-56271 - Critical (9.8)

Flowise before 3.1.0 (affected versions 3.0.13 and earlier) uses weak hardcoded default JWT secrets ('auth_token', 'refresh_token') and default audience and issuer values ('AUDIENCE', 'ISSUER') in the enterprise passport authentication middleware ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-56241
(8.3 HIGH)

EPSS: 0.00%

updated 2026-07-12T12:16:44.730000

2 posts

Capgo before 12.128.2 contains a privilege escalation vulnerability where demoted super_admin users retain access to delete_non_compliant_bundles and count_non_compliant_bundles RPCs due to stale org_users.user_right column not being cleared during role binding deletion. Attackers can exploit this by maintaining a previously granted super_admin role to enumerate and bulk delete non-compliant bundl

thehackerwire@mastodon.social at 2026-07-12T14:01:09.000Z ##

🟠 CVE-2026-56241 - High (8.3)

Capgo before 12.128.2 contains a privilege escalation vulnerability where demoted super_admin users retain access to delete_non_compliant_bundles and count_non_compliant_bundles RPCs due to stale org_users.user_right column not being cleared durin...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-12T14:01:09.000Z ##

🟠 CVE-2026-56241 - High (8.3)

Capgo before 12.128.2 contains a privilege escalation vulnerability where demoted super_admin users retain access to delete_non_compliant_bundles and count_non_compliant_bundles RPCs due to stale org_users.user_right column not being cleared durin...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-15484
(8.8 HIGH)

EPSS: 0.42%

updated 2026-07-12T07:16:25.107000

3 posts

A vulnerability was detected in TRENDnet TEW-821DAP 1.12B01. The affected element is the function sub_41EC14 of the file /goform/tools_nslookup of the component ssi. The manipulation results in buffer overflow. It is possible to launch the attack remotely. The vendor explains: "We are unable to confirm the existence of the vulnerabilities for (...) TEW-821DAP (v1.0R) as these items have been EOL.

hugovalters@mastodon.social at 2026-07-12T17:02:37.000Z ##

CVE-2026-15484 - Critical buffer overflow in TRENDnet TEW-821DAP (EOL). Remote exploitation via /goform/tools_nslookup. CVSS 8.8. Product is unpatched and end-of-life. Replace immediately. #CVE #TRENDnet #infosec

valtersit.com/cve/CVE-2026-154

##

offseq at 2026-07-12T07:30:23.029Z ##

CVE-2026-15484: HIGH-severity buffer overflow (CVSS 8.7) in TRENDnet TEW-821DAP v1.12B01 — remote code execution possible. Device is EOL; no patch. Mitigate by isolating or replacing affected units. radar.offseq.com/threat/cve-20

##

offseq@infosec.exchange at 2026-07-12T07:30:23.000Z ##

CVE-2026-15484: HIGH-severity buffer overflow (CVSS 8.7) in TRENDnet TEW-821DAP v1.12B01 — remote code execution possible. Device is EOL; no patch. Mitigate by isolating or replacing affected units. radar.offseq.com/threat/cve-20 #OffSeq #infosec #vuln #TRENDnet

##

CVE-2026-15483
(8.8 HIGH)

EPSS: 0.42%

updated 2026-07-12T07:16:24.927000

4 posts

A security vulnerability has been detected in TRENDnet TEW-821DAP 1.12B01. Impacted is the function sub_41EC14 of the file /goform/tools_nslookup of the component ssi. The manipulation of the argument nslookup_target leads to buffer overflow. It is possible to initiate the attack remotely. The vendor explains: "We are unable to confirm the existence of the vulnerabilities for (...) TEW-821DAP (v1.

offseq at 2026-07-12T09:00:24.395Z ##

CVE-2026-15483: HIGH (CVSS 8.7) buffer overflow in TRENDnet TEW-821DAP 1.12B01. Remote exploitation possible via /goform/tools_nslookup. No patch — device is EOL. Upgrade or replace to secure your network. radar.offseq.com/threat/cve-20

##

thehackerwire@mastodon.social at 2026-07-12T09:00:10.000Z ##

🟠 CVE-2026-15483 - High (8.8)

A security vulnerability has been detected in TRENDnet TEW-821DAP 1.12B01. Impacted is the function sub_41EC14 of the file /goform/tools_nslookup of the component ssi. The manipulation of the argument nslookup_target leads to buffer overflow. It i...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-07-12T09:00:24.000Z ##

CVE-2026-15483: HIGH (CVSS 8.7) buffer overflow in TRENDnet TEW-821DAP 1.12B01. Remote exploitation possible via /goform/tools_nslookup. No patch — device is EOL. Upgrade or replace to secure your network. radar.offseq.com/threat/cve-20 #OffSeq #CVE2026_15483 #TRENDnet #Vuln

##

thehackerwire@mastodon.social at 2026-07-12T09:00:10.000Z ##

🟠 CVE-2026-15483 - High (8.8)

A security vulnerability has been detected in TRENDnet TEW-821DAP 1.12B01. Impacted is the function sub_41EC14 of the file /goform/tools_nslookup of the component ssi. The manipulation of the argument nslookup_target leads to buffer overflow. It i...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-15481
(8.8 HIGH)

EPSS: 0.43%

updated 2026-07-12T06:31:17

4 posts

A security flaw has been discovered in Trendnet TEW-635BRM up to 1.00.03. This vulnerability affects the function ipoa_test of the file /sbin/rc of the component IPoA WAN Connection Setup. Performing a manipulation of the argument ipoa_ipaddr results in command injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The

thehackerwire@mastodon.social at 2026-07-12T07:00:23.000Z ##

🟠 CVE-2026-15481 - High (8.8)

A security flaw has been discovered in Trendnet TEW-635BRM up to 1.00.03. This vulnerability affects the function ipoa_test of the file /sbin/rc of the component IPoA WAN Connection Setup. Performing a manipulation of the argument ipoa_ipaddr resu...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq at 2026-07-12T06:00:25.136Z ##

CVE-2026-15481 (HIGH, CVSS 8.7) affects Trendnet TEW-635BRM <=1.00.03: Remote command injection via IPoA WAN setup. Exploit is public. Devices are EOL — replace hardware ASAP. radar.offseq.com/threat/cve-20

##

thehackerwire@mastodon.social at 2026-07-12T07:00:23.000Z ##

🟠 CVE-2026-15481 - High (8.8)

A security flaw has been discovered in Trendnet TEW-635BRM up to 1.00.03. This vulnerability affects the function ipoa_test of the file /sbin/rc of the component IPoA WAN Connection Setup. Performing a manipulation of the argument ipoa_ipaddr resu...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-07-12T06:00:25.000Z ##

CVE-2026-15481 (HIGH, CVSS 8.7) affects Trendnet TEW-635BRM <=1.00.03: Remote command injection via IPoA WAN setup. Exploit is public. Devices are EOL — replace hardware ASAP. radar.offseq.com/threat/cve-20 #OffSeq #Vulnerability #Infosec #IoTSecurity

##

CVE-2026-15480
(8.8 HIGH)

EPSS: 0.42%

updated 2026-07-12T06:31:17

2 posts

A vulnerability was identified in Trendnet TEW-635BRM up to 1.00.03. This affects the function start_httpd of the file /sbin/rc of the component Web Service. Such manipulation of the argument device_name leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor explains: "We are unable to confirm if the vulnerability

thehackerwire@mastodon.social at 2026-07-12T07:00:09.000Z ##

🟠 CVE-2026-15480 - High (8.8)

A vulnerability was identified in Trendnet TEW-635BRM up to 1.00.03. This affects the function start_httpd of the file /sbin/rc of the component Web Service. Such manipulation of the argument device_name leads to stack-based buffer overflow. The a...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-12T07:00:09.000Z ##

🟠 CVE-2026-15480 - High (8.8)

A vulnerability was identified in Trendnet TEW-635BRM up to 1.00.03. This affects the function start_httpd of the file /sbin/rc of the component Web Service. Such manipulation of the argument device_name leads to stack-based buffer overflow. The a...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-58281
(8.3 HIGH)

EPSS: 0.70%

updated 2026-07-11T21:16:23.903000

4 posts

Deserialization of untrusted data in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

offseq at 2026-07-12T04:30:24.109Z ##

HIGH severity CVE-2026-58281 in Microsoft Edge (Chromium-based) v1.0.0.0 lets attackers execute code remotely via deserialization of untrusted data. Patch from Microsoft is available. Full details: radar.offseq.com/threat/cve-20

##

thehackerwire@mastodon.social at 2026-07-11T21:59:48.000Z ##

🟠 CVE-2026-58281 - High (8.3)

Deserialization of untrusted data in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-07-12T04:30:24.000Z ##

HIGH severity CVE-2026-58281 in Microsoft Edge (Chromium-based) v1.0.0.0 lets attackers execute code remotely via deserialization of untrusted data. Patch from Microsoft is available. Full details: radar.offseq.com/threat/cve-20 #OffSeq #Vuln #MicrosoftEdge #InfoSec

##

thehackerwire@mastodon.social at 2026-07-11T21:59:48.000Z ##

🟠 CVE-2026-58281 - High (8.3)

Deserialization of untrusted data in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-61447
(10.0 CRITICAL)

EPSS: 0.54%

updated 2026-07-11T15:30:30

4 posts

PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent._execute_python() that executes LLM-generated Python code without AST validation, import restrictions, or sandbox enforcement. Attackers can influence LLM output through prompt injection to exfiltrate all environment secrets and execute arbitrary code on the host system.

offseq at 2026-07-12T00:00:37.103Z ##

CVE-2026-61447: CRITICAL RCE in MervinPraison PraisonAI (<1.6.78). Unauthenticated attackers can exploit prompt injection to run arbitrary Python, risking system compromise & secret leaks. No patch yet — restrict exposure & monitor use. radar.offseq.com/threat/cve-20

##

thehackerwire@mastodon.social at 2026-07-11T15:00:27.000Z ##

🔴 CVE-2026-61447 - Critical (10)

PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent._execute_python() that executes LLM-generated Python code without AST validation, import restrictions, or sandbox enforcement. Attackers can influence LLM output t...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-07-12T00:00:37.000Z ##

CVE-2026-61447: CRITICAL RCE in MervinPraison PraisonAI (<1.6.78). Unauthenticated attackers can exploit prompt injection to run arbitrary Python, risking system compromise & secret leaks. No patch yet — restrict exposure & monitor use. radar.offseq.com/threat/cve-20 #OffSeq #CVE202661447 #infosec #RCE

##

thehackerwire@mastodon.social at 2026-07-11T15:00:27.000Z ##

🔴 CVE-2026-61447 - Critical (10)

PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent._execute_python() that executes LLM-generated Python code without AST validation, import restrictions, or sandbox enforcement. Attackers can influence LLM output t...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-61445
(9.9 CRITICAL)

EPSS: 0.54%

updated 2026-07-11T15:30:29

4 posts

PraisonAI before 4.6.78 contains arbitrary file write and command execution vulnerabilities in the AICoder component due to missing path validation and command sanitization in LLM tool calls. Attackers can inject malicious prompts through the chat interface to write files to arbitrary filesystem locations and execute arbitrary shell commands with root privileges.

offseq at 2026-07-12T01:30:24.880Z ##

CVE-2026-61445 (CRITICAL, CVSS 9.4): PraisonAI <4.6.78 suffers path traversal & command injection via AICoder chat. Attackers gain root, write files anywhere. Restrict access & monitor — no patch yet. radar.offseq.com/threat/cve-20

##

thehackerwire@mastodon.social at 2026-07-11T15:00:17.000Z ##

🔴 CVE-2026-61445 - Critical (9.9)

PraisonAI before 4.6.78 contains arbitrary file write and command execution vulnerabilities in the AICoder component due to missing path validation and command sanitization in LLM tool calls. Attackers can inject malicious prompts through the chat...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-07-12T01:30:24.000Z ##

CVE-2026-61445 (CRITICAL, CVSS 9.4): PraisonAI <4.6.78 suffers path traversal & command injection via AICoder chat. Attackers gain root, write files anywhere. Restrict access & monitor — no patch yet. radar.offseq.com/threat/cve-20 #OffSeq #CVE202661445 #AIsecurity #infosec

##

thehackerwire@mastodon.social at 2026-07-11T15:00:17.000Z ##

🔴 CVE-2026-61445 - Critical (9.9)

PraisonAI before 4.6.78 contains arbitrary file write and command execution vulnerabilities in the AICoder component due to missing path validation and command sanitization in LLM tool calls. Attackers can inject malicious prompts through the chat...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-61439
(7.5 HIGH)

EPSS: 0.26%

updated 2026-07-11T15:30:29

2 posts

PraisonAI versions before 4.6.78 contain a prompt injection defense misconfiguration where the block threshold defaults to CRITICAL severity, allowing HIGH-level threats to pass through unblocked. Attackers can submit single-vector prompt injection attacks such as instruction overrides or financial manipulation that trigger HIGH severity detection but are logged without blocking, enabling system p

thehackerwire@mastodon.social at 2026-07-11T15:01:33.000Z ##

🟠 CVE-2026-61439 - High (7.5)

PraisonAI versions before 4.6.78 contain a prompt injection defense misconfiguration where the block threshold defaults to CRITICAL severity, allowing HIGH-level threats to pass through unblocked. Attackers can submit single-vector prompt injectio...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T15:01:33.000Z ##

🟠 CVE-2026-61439 - High (7.5)

PraisonAI versions before 4.6.78 contain a prompt injection defense misconfiguration where the block threshold defaults to CRITICAL severity, allowing HIGH-level threats to pass through unblocked. Attackers can submit single-vector prompt injectio...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-61429
(8.5 HIGH)

EPSS: 0.22%

updated 2026-07-11T15:30:29

2 posts

PraisonAI versions before 1.6.78 contain a server-side request forgery vulnerability in the Crawl4AI/Chromium backend that allows attackers to bypass SSRF validation by exploiting DNS rebinding and HTTP redirects. Attackers can craft URLs that resolve to internal services after the initial validation check, enabling the headless browser to follow redirects and read internal responses including sen

thehackerwire@mastodon.social at 2026-07-11T15:01:23.000Z ##

🟠 CVE-2026-61429 - High (8.5)

PraisonAI versions before 1.6.78 contain a server-side request forgery vulnerability in the Crawl4AI/Chromium backend that allows attackers to bypass SSRF validation by exploiting DNS rebinding and HTTP redirects. Attackers can craft URLs that res...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T15:01:23.000Z ##

🟠 CVE-2026-61429 - High (8.5)

PraisonAI versions before 1.6.78 contain a server-side request forgery vulnerability in the Crawl4AI/Chromium backend that allows attackers to bypass SSRF validation by exploiting DNS rebinding and HTTP redirects. Attackers can craft URLs that res...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-60090
(9.8 CRITICAL)

EPSS: 0.41%

updated 2026-07-11T15:30:23

4 posts

PraisonAI before 4.6.78 fails to validate the caller-controlled dimension argument in the PGVector and Cassandra knowledge-store create_collection() backends. Although schema, keyspace, and collection-name identifiers are validated, the dimension value (declared as int but not enforced at runtime) is interpolated directly into the vector column of the generated CREATE TABLE DDL. A caller able to i

offseq at 2026-07-12T03:00:25.083Z ##

CVE-2026-60090: PraisonAI <4.6.78 suffers CRITICAL SQL injection (CVSS 9.3). Unauthenticated attackers can drop tables or run arbitrary SQL/CQL via create_collection(). Restrict access & upgrade ASAP. radar.offseq.com/threat/cve-20

##

thehackerwire@mastodon.social at 2026-07-11T15:00:37.000Z ##

🔴 CVE-2026-60090 - Critical (9.8)

PraisonAI before 4.6.78 fails to validate the caller-controlled dimension argument in the PGVector and Cassandra knowledge-store create_collection() backends. Although schema, keyspace, and collection-name identifiers are validated, the dimension ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-07-12T03:00:25.000Z ##

CVE-2026-60090: PraisonAI <4.6.78 suffers CRITICAL SQL injection (CVSS 9.3). Unauthenticated attackers can drop tables or run arbitrary SQL/CQL via create_collection(). Restrict access & upgrade ASAP. radar.offseq.com/threat/cve-20 #OffSeq #infosec #SQLInjection #vuln

##

thehackerwire@mastodon.social at 2026-07-11T15:00:37.000Z ##

🔴 CVE-2026-60090 - Critical (9.8)

PraisonAI before 4.6.78 fails to validate the caller-controlled dimension argument in the PGVector and Cassandra knowledge-store create_collection() backends. Although schema, keyspace, and collection-name identifiers are validated, the dimension ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-61426
(8.6 HIGH)

EPSS: 0.32%

updated 2026-07-11T14:16:22.483000

2 posts

PraisonAI before 1.7.3 contains an insecure default configuration that binds to all interfaces with no API key requirement and wildcard CORS. Unauthenticated attackers can call GET /api/agents to read agent instructions and system prompts, or POST /api/chat to invoke agents without authentication.

thehackerwire@mastodon.social at 2026-07-11T15:01:13.000Z ##

🟠 CVE-2026-61426 - High (8.6)

PraisonAI before 1.7.3 contains an insecure default configuration that binds to all interfaces with no API key requirement and wildcard CORS. Unauthenticated attackers can call GET /api/agents to read agent instructions and system prompts, or POST...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T15:01:13.000Z ##

🟠 CVE-2026-61426 - High (8.6)

PraisonAI before 1.7.3 contains an insecure default configuration that binds to all interfaces with no API key requirement and wildcard CORS. Unauthenticated attackers can call GET /api/agents to read agent instructions and system prompts, or POST...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-56303
(7.5 HIGH)

EPSS: 0.30%

updated 2026-07-11T14:16:21.820000

2 posts

Capgo before 12.128.2 contains an information disclosure vulnerability in the find_apikey_by_value PostgreSQL function marked SECURITY DEFINER and executable by the anon role. Unauthenticated attackers can call this function via the /rest/v1/rpc/find_apikey_by_value endpoint to retrieve sensitive API key metadata including user_id, mode, org scoping, and expiration details when supplied a valid ke

thehackerwire@mastodon.social at 2026-07-11T16:00:04.000Z ##

🟠 CVE-2026-56303 - High (7.5)

Capgo before 12.128.2 contains an information disclosure vulnerability in the find_apikey_by_value PostgreSQL function marked SECURITY DEFINER and executable by the anon role. Unauthenticated attackers can call this function via the /rest/v1/rpc/f...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T16:00:04.000Z ##

🟠 CVE-2026-56303 - High (7.5)

Capgo before 12.128.2 contains an information disclosure vulnerability in the find_apikey_by_value PostgreSQL function marked SECURITY DEFINER and executable by the anon role. Unauthenticated attackers can call this function via the /rest/v1/rpc/f...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-57828(CVSS UNKNOWN)

EPSS: 0.26%

updated 2026-07-11T12:30:29

2 posts

The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file upload that allows registered users uploading executable files and leads to full RCE.

offseq at 2026-07-11T12:00:27.397Z ##

Phoca Download for Joomla (v1.0 – 6.1.2) suffers a CRITICAL vuln (CVE-2026-57828): Authenticated users can upload/execute malicious files (RCE risk). No official patch — limit upload access & monitor for updates. radar.offseq.com/threat/cve-20

##

offseq@infosec.exchange at 2026-07-11T12:00:27.000Z ##

Phoca Download for Joomla (v1.0 – 6.1.2) suffers a CRITICAL vuln (CVE-2026-57828): Authenticated users can upload/execute malicious files (RCE risk). No official patch — limit upload access & monitor for updates. radar.offseq.com/threat/cve-20 #OffSeq #Joomla #Infosec #CVE202657828

##

CVE-2026-57827
(0 None)

EPSS: 0.29%

updated 2026-07-11T10:16:34.057000

2 posts

The Joomla extension RSFiles is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.

offseq at 2026-07-11T10:30:24.579Z ##

CVE-2026-57827 (CRITICAL): RSFiles for Joomla v1.0 – 1.17.11 lets unauthenticated attackers upload & execute arbitrary files (RCE, CWE-434). No patch — restrict/disable the extension & monitor for updates. radar.offseq.com/threat/cve-20

##

offseq@infosec.exchange at 2026-07-11T10:30:24.000Z ##

CVE-2026-57827 (CRITICAL): RSFiles for Joomla v1.0 – 1.17.11 lets unauthenticated attackers upload & execute arbitrary files (RCE, CWE-434). No patch — restrict/disable the extension & monitor for updates. radar.offseq.com/threat/cve-20 #OffSeq #Joomla #RCE #Vuln

##

CVE-2026-4661
(7.5 HIGH)

EPSS: 0.33%

updated 2026-07-11T09:34:25

2 posts

The WP CTA – Sticky CTA Builder, Generate Leads, Promote Sales plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'fildname' parameter in all versions up to, and including, 2.2.2. This is due to insufficient escaping of user-supplied column names in the ajaxCheck() method and lack of preparation in the $wpdb->update() call. The vulnerability is compounded by the complete

thehackerwire@mastodon.social at 2026-07-11T08:00:13.000Z ##

🟠 CVE-2026-4661 - High (7.5)

The WP CTA – Sticky CTA Builder, Generate Leads, Promote Sales plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'fildname' parameter in all versions up to, and including, 2.2.2. This is due to insufficient escaping of...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T08:00:13.000Z ##

🟠 CVE-2026-4661 - High (7.5)

The WP CTA – Sticky CTA Builder, Generate Leads, Promote Sales plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'fildname' parameter in all versions up to, and including, 2.2.2. This is due to insufficient escaping of...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-9282
(7.5 HIGH)

EPSS: 0.68%

updated 2026-07-11T09:34:25

4 posts

The W3 Total Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.4 via the setupSources function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. Exploitation requires enabling manual minify mode and supplying a manual-format minify filename so

thehackerwire@mastodon.social at 2026-07-11T07:59:50.000Z ##

🟠 CVE-2026-9282 - High (7.5)

The W3 Total Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.4 via the setupSources function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq at 2026-07-11T07:30:25.149Z ##

CVE-2026-9282: HIGH severity Path Traversal in boldgrid W3 Total Cache ≤2.9.4. Unauthenticated file read possible if manual minify is enabled and misconfigured. Review configs & monitor for abuse. radar.offseq.com/threat/cve-20

##

thehackerwire@mastodon.social at 2026-07-11T07:59:50.000Z ##

🟠 CVE-2026-9282 - High (7.5)

The W3 Total Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.4 via the setupSources function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-07-11T07:30:25.000Z ##

CVE-2026-9282: HIGH severity Path Traversal in boldgrid W3 Total Cache ≤2.9.4. Unauthenticated file read possible if manual minify is enabled and misconfigured. Review configs & monitor for abuse. radar.offseq.com/threat/cve-20 #OffSeq #WordPress #Vuln #Cybersecurity

##

CVE-2025-6784
(8.8 HIGH)

EPSS: 0.48%

updated 2026-07-11T09:34:18

2 posts

The Code Engine plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 0.3.5 via the 'code-engine' shortcode. This is due to the plugin not restricting access to the code injecting functionality of the plugin. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server.

thehackerwire@mastodon.social at 2026-07-11T10:00:13.000Z ##

🟠 CVE-2025-6784 - High (8.8)

The Code Engine plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 0.3.5 via the 'code-engine' shortcode. This is due to the plugin not restricting access to the code injecting functionality of the pl...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T10:00:13.000Z ##

🟠 CVE-2025-6784 - High (8.8)

The Code Engine plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 0.3.5 via the 'code-engine' shortcode. This is due to the plugin not restricting access to the code injecting functionality of the pl...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-1359
(8.8 HIGH)

EPSS: 0.31%

updated 2026-07-11T09:16:16.020000

4 posts

The Genolve – AI image AI video generation plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the genolve_setOpt() function in all versions up to, and including, 5.0.5. This makes it possible for authenticated attackers, with Contributor-level access and above, to update arbitrary WordPress options, including enabling user registration and

thehackerwire@mastodon.social at 2026-07-11T09:59:48.000Z ##

🟠 CVE-2026-1359 - High (8.8)

The Genolve – AI image AI video generation plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the genolve_setOpt() function in all versions up to, and including, 5.0.5. This makes it poss...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq at 2026-07-11T09:00:27.889Z ##

CVE-2026-1359: Genolve AI Business Graphics & Images plugin ≤5.0.5 (HIGH, CVSS 8.8) allows Contributor+ users to escalate privileges by altering WP options via flawed auth checks. Restrict permissions & monitor for patches. radar.offseq.com/threat/cve-20

##

thehackerwire@mastodon.social at 2026-07-11T09:59:48.000Z ##

🟠 CVE-2026-1359 - High (8.8)

The Genolve – AI image AI video generation plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the genolve_setOpt() function in all versions up to, and including, 5.0.5. This makes it poss...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-07-11T09:00:27.000Z ##

CVE-2026-1359: Genolve AI Business Graphics & Images plugin ≤5.0.5 (HIGH, CVSS 8.8) allows Contributor+ users to escalate privileges by altering WP options via flawed auth checks. Restrict permissions & monitor for patches. radar.offseq.com/threat/cve-20 #OffSeq #WordPress #Vuln #Infosec

##

CVE-2026-15155
(8.8 HIGH)

EPSS: 0.37%

updated 2026-07-11T07:16:46.170000

2 posts

The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Authenticated Account Takeover via Email Header Injection in all versions up to, and including, 6.6.10 This is due to insufficient server-side validation of a Login/Register widget setting used to construct outgoing email headers — the allowed-values restriction is enforced only in the

thehackerwire@mastodon.social at 2026-07-11T08:00:00.000Z ##

🟠 CVE-2026-15155 - High (8.8)

The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Authenticated Account Takeover via Email Header Injection in all versions up to, and including, 6.6.10 This is due to insufficient s...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T08:00:00.000Z ##

🟠 CVE-2026-15155 - High (8.8)

The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Authenticated Account Takeover via Email Header Injection in all versions up to, and including, 6.6.10 This is due to insufficient s...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-13114
(7.2 HIGH)

EPSS: 0.25%

updated 2026-07-11T06:31:24

2 posts

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Comment Content and User Biographical Info in all versions up to, and including, 1.4.112 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a u

hugovalters@mastodon.social at 2026-07-12T14:02:13.000Z ##

CVE-2026-13114 – Stored XSS in Motors WordPress plugin. Unauthenticated injection via comments/bio. CVSS 7.2. No patch yet. Harden now. #CVE #WordPress #infosec

valtersit.com/cve/CVE-2026-131

##

offseq@infosec.exchange at 2026-07-11T04:30:23.000Z ##

Motors – Car Dealership & Classified Listings Plugin (≤1.4.112) hit by HIGH severity stored XSS (CVE-2026-13114). Unauthenticated attackers can inject JS via comments/biographical fields. Patch pending; restrict inputs. radar.offseq.com/threat/cve-20 #OffSeq #WordPress #XSS 🛡️

##

CVE-2026-15335
(7.5 HIGH)

EPSS: 0.48%

updated 2026-07-11T06:31:24

3 posts

The Booking Package plugin for WordPress is vulnerable to generic SQL Injection via 'email' Form Parameter (form<N>) in all versions up to, and including, 1.7.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries

hugovalters@mastodon.social at 2026-07-12T05:04:04.000Z ##

CVE-2026-15335 - SQLi in Booking Package for WordPress. Unauthenticated attackers can extract sensitive DB info. CVSS 7.5. No patch available. Disable or replace immediately. #CVE #WordPress #infosec

valtersit.com/cve/CVE-2026-153

##

thehackerwire@mastodon.social at 2026-07-11T11:00:18.000Z ##

🟠 CVE-2026-15335 - High (7.5)

The Booking Package plugin for WordPress is vulnerable to generic SQL Injection via 'email' Form Parameter (form) in all versions up to, and including, 1.7.20 due to insufficient escaping on the user supplied parameter and lack of sufficient prepa...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T11:00:18.000Z ##

🟠 CVE-2026-15335 - High (7.5)

The Booking Package plugin for WordPress is vulnerable to generic SQL Injection via 'email' Form Parameter (form) in all versions up to, and including, 1.7.20 due to insufficient escaping on the user supplied parameter and lack of sufficient prepa...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-13378
(7.2 HIGH)

EPSS: 0.26%

updated 2026-07-11T06:31:24

1 posts

The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Contact Form 7 Form Field in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

hugovalters@mastodon.social at 2026-07-11T17:05:14.000Z ##

CVE-2026-13378 - Stored XSS in Form Vibes WordPress plugin. Unauthenticated attackers can inject scripts via Contact Form 7 fields. CVSS 7.2. No patch available. Disable or replace immediately. #CVE #WordPress #infosec

valtersit.com/cve/CVE-2026-133

##

CVE-2026-14262
(8.8 HIGH)

EPSS: 0.39%

updated 2026-07-11T06:31:24

2 posts

The Simple JWT Login – Allows you to use JWT on REST endpoints. plugin for WordPress is vulnerable to Authentication Bypass to Privilege Escalation in all versions up to, and including, 3.6.6 via the `payload` parameter. The vulnerability exists because `AuthenticateService::generatePayload()` only overwrites JWT payload keys whose names appear in the admin-configured `jwt_payload` list — leaving

thehackerwire@mastodon.social at 2026-07-11T11:00:08.000Z ##

🟠 CVE-2026-14262 - High (8.8)

The Simple JWT Login – Allows you to use JWT on REST endpoints. plugin for WordPress is vulnerable to Authentication Bypass to Privilege Escalation in all versions up to, and including, 3.6.6 via the `payload` parameter. The vulnerability exists...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T11:00:08.000Z ##

🟠 CVE-2026-14262 - High (8.8)

The Simple JWT Login – Allows you to use JWT on REST endpoints. plugin for WordPress is vulnerable to Authentication Bypass to Privilege Escalation in all versions up to, and including, 3.6.6 via the `payload` parameter. The vulnerability exists...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-2354
(8.8 HIGH)

EPSS: 0.55%

updated 2026-07-11T06:31:24

2 posts

The Swiss Toolkit For WP plugin for WordPress is vulnerable to arbitrary file upload due to a flawed file type validation bypass in the `upload_extension_files()` function in all versions up to, and including, 1.4.6. The `upload_extension_files()` function hooks into WordPress's `wp_check_filetype_and_ext` filter and uses `strpos()` to check if a filename contains a configured extension string, ra

thehackerwire@mastodon.social at 2026-07-11T10:00:34.000Z ##

🟠 CVE-2026-2354 - High (8.8)

The Swiss Toolkit For WP plugin for WordPress is vulnerable to arbitrary file upload due to a flawed file type validation bypass in the `upload_extension_files()` function in all versions up to, and including, 1.4.6. The `upload_extension_files()`...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T10:00:34.000Z ##

🟠 CVE-2026-2354 - High (8.8)

The Swiss Toolkit For WP plugin for WordPress is vulnerable to arbitrary file upload due to a flawed file type validation bypass in the `upload_extension_files()` function in all versions up to, and including, 1.4.6. The `upload_extension_files()`...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-7655
(8.1 HIGH)

EPSS: 0.30%

updated 2026-07-11T06:31:24

3 posts

The SureCart plugin for WordPress is vulnerable to privilege escalation via account takeover in versions up to, and including, 4.2.3. This is due to the plugin not properly validating a user's identity prior to updating their details like email during customer profile synchronization from webhook events. This makes it possible for unauthenticated attackers to change linked user's email addresses,

thehackerwire@mastodon.social at 2026-07-11T10:00:24.000Z ##

🟠 CVE-2026-7655 - High (8.1)

The SureCart plugin for WordPress is vulnerable to privilege escalation via account takeover in versions up to, and including, 4.2.3. This is due to the plugin not properly validating a user's identity prior to updating their details like email du...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T10:00:24.000Z ##

🟠 CVE-2026-7655 - High (8.1)

The SureCart plugin for WordPress is vulnerable to privilege escalation via account takeover in versions up to, and including, 4.2.3. This is due to the plugin not properly validating a user's identity prior to updating their details like email du...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-07-11T06:00:30.000Z ##

CVE-2026-7655 | HIGH severity in SureCart WordPress plugin (≤4.2.3): Unauthenticated attackers can hijack accounts, including admins, by exploiting weak email validation in webhook sync. Restrict webhook access, monitor activity. radar.offseq.com/threat/cve-20 #OffSeq #WordPress #Infosec #Vuln

##

CVE-2026-15338
(7.5 HIGH)

EPSS: 0.56%

updated 2026-07-11T06:31:24

1 posts

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.1 via the get_type_template function. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be us

thehackerwire@mastodon.social at 2026-07-11T05:00:14.000Z ##

🟠 CVE-2026-15338 - High (7.5)

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.1 via the get_type_template function. This makes it possible for authenticated attackers, with contributor...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-56291
(9.8 CRITICAL)

EPSS: 0.84%

updated 2026-07-11T05:16:34.310000

7 posts

The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.

netsecio@mastodon.social at 2026-07-12T14:01:27.000Z ##

📰 CISA Adds Two Actively Exploited Joomla Plugin Flaws to KEV Catalog

📢 CISA KEV UPDATE: Two Joomla plugin vulnerabilities are now listed as actively exploited. CVE-2026-48939 (iCagenda) & CVE-2026-56291 (Balbooa Forms) allow file uploads and server takeover. Patch immediately! #CISA #KEV #Joomla #Vulnerability

🌐 cyber[.]netsecops[.]io

🔗 cyber.netsecops.io/articles/ci

##

beyondmachines1 at 2026-07-12T12:01:29.189Z ##

CISA Reports Actively Exploited Balbooa Forms Zero-Day

Balbooa Forms patched a critical zero-day vulnerability (CVE-2026-56291) that allows unauthenticated attackers to upload and execute malicious PHP files. CISA has added the flaw to its KEV catalog following reports of active exploitation in the wild.

**If your Joomla site uses the Balbooa Forms extension, update it to version 2.4.1 or later immediately - all older versions can be hacked without any login and are actively attacked. After updating, check the `images/baforms/uploads/` folder for suspicious PHP files, since attackers may have already planted backdoors that survive the update.**

beyondmachines.net/event_detai

##

beyondmachines1@infosec.exchange at 2026-07-12T12:01:29.000Z ##

CISA Reports Actively Exploited Balbooa Forms Zero-Day

Balbooa Forms patched a critical zero-day vulnerability (CVE-2026-56291) that allows unauthenticated attackers to upload and execute malicious PHP files. CISA has added the flaw to its KEV catalog following reports of active exploitation in the wild.

**If your Joomla site uses the Balbooa Forms extension, update it to version 2.4.1 or later immediately - all older versions can be hacked without any login and are actively attacked. After updating, check the `images/baforms/uploads/` folder for suspicious PHP files, since attackers may have already planted backdoors that survive the update.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

secdb@infosec.exchange at 2026-07-10T19:00:12.000Z ##

🚨 [CISA-2026:0710] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (secdb.nttzen.cloud/security-ad)

CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2026-48939 (secdb.nttzen.cloud/cve/detail/)
- Name: iCagenda Unrestricted Upload of File with Dangerous Type Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset&#39;s internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: iCagenda
- Product: iCagenda
- Notes: icagenda.com/#download ; BOD 26-04: cisa.gov/news-events/directive ; Forensics Triage Requirements: cisa.gov/news-events/directive ; nvd.nist.gov/vuln/detail/CVE-2

⚠️ CVE-2026-56291 (secdb.nttzen.cloud/cve/detail/)
- Name: Balbooa Forms Unrestricted Upload of File with Dangerous Type Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset&#39;s internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Balbooa
- Product: Forms
- Notes: balbooa.com/joomla-forms ; BOD 26-04: cisa.gov/news-events/directive ; Forensics Triage Requirements: cisa.gov/news-events/directive ; nvd.nist.gov/vuln/detail/CVE-2

#ZEN #SecDB #InfoSec #CVE #CISA_KEV #cisa_20260710 #cisa20260710 #cve_2026_48939 #cve_2026_56291 #cve202648939 #cve202656291

##

cisakevtracker@mastodon.social at 2026-07-10T18:00:48.000Z ##

CVE ID: CVE-2026-56291
Vendor: Balbooa
Product: Forms
Date Added: 2026-07-10
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

AAKL@infosec.exchange at 2026-07-10T17:21:04.000Z ##

CISA has added two vulnerabilities to the KEV catalogue.

- CVE-2026-48939: iCagenda Unrestricted Upload of File with Dangerous Type Vulnerability cve.org/CVERecord?id=CVE-2026-

- CVE-2026-56291: Balbooa Forms Unrestricted Upload of File with Dangerous Type Vulnerability cve.org/CVERecord?id=CVE-2026- #CISA #infosec #vulnerability

##

offseq@infosec.exchange at 2026-07-09T12:00:29.000Z ##

CVE-2026-56291 | CRITICAL: Balbooa Forms for Joomla (v1.0 – 2.4.0) allows unauthenticated RCE via arbitrary file upload (CWE-434). No patch yet. Disable or restrict access until fixed. radar.offseq.com/threat/cve-20 #OffSeq #Joomla #RCE #Vuln

##

CVE-2026-13353
(8.8 HIGH)

EPSS: 0.61%

updated 2026-07-11T04:17:16.937000

1 posts

The WP Ultimate CSV Importer – WordPress Import & Export for CSV, XML & Excel plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 8.0.1 via the 'MappedFields' parameter. This is due to missing capability checks on the AJAX handlers for install_addon, saveMappedFields, and StartImport, combined with the plugin nonce being exposed to any authenticated us

thehackerwire@mastodon.social at 2026-07-11T05:00:26.000Z ##

🟠 CVE-2026-13353 - High (8.8)

The WP Ultimate CSV Importer – WordPress Import & Export for CSV, XML & Excel plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 8.0.1 via the 'MappedFields' parameter. This is due to missing capabi...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-13756
(8.8 HIGH)

EPSS: 0.31%

updated 2026-07-11T02:32:48

2 posts

The WP Grid Builder plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.3.3. This is due to missing authorization and meta key validation in the `update()` handler for the `/wp-json/wpgb/v2/metadata` REST endpoint. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to Administrator b

hugovalters@mastodon.social at 2026-07-11T14:08:55.000Z ##

CVE-2026-13756 - Privilege Escalation in WP Grid Builder plugin. Subscriber+ can become Admin via REST API flaw. CVSS 8.8. No patch available. Disable or restrict access immediately. #CVE #WordPress #infosec

valtersit.com/cve/CVE-2026-137

##

thehackerwire@mastodon.social at 2026-07-11T05:00:39.000Z ##

🟠 CVE-2026-13756 - High (8.8)

The WP Grid Builder plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.3.3. This is due to missing authorization and meta key validation in the `update()` handler for the `/wp-json/wpgb/v2/metadata` ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-14480
(9.9 CRITICAL)

EPSS: 0.62%

updated 2026-07-11T00:31:56

2 posts

OpenPLC Runtime v3 contains an authenticated arbitrary file write vulnerability in the legacy web UI program‑upload workflow. The application stores an attacker‑supplied filename (prog_file) directly into the Programs.File database field and later uses this value as the destination path for an uploaded file without validating or restricting the path. Because Python os.path.join() honors attac

thehackerwire@mastodon.social at 2026-07-11T11:00:27.000Z ##

🔴 CVE-2026-14480 - Critical (9.9)

OpenPLC Runtime v3 contains an authenticated arbitrary file write
vulnerability in the legacy web UI program‑upload workflow. The
application stores an attacker‑supplied filename (prog_file) directly
into the Programs.File database field an...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T11:00:27.000Z ##

🔴 CVE-2026-14480 - Critical (9.9)

OpenPLC Runtime v3 contains an authenticated arbitrary file write
vulnerability in the legacy web UI program‑upload workflow. The
application stores an attacker‑supplied filename (prog_file) directly
into the Programs.File database field an...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-44383
(7.5 HIGH)

EPSS: 0.56%

updated 2026-07-11T00:31:56

1 posts

Multiple connections to the backend using the same charging station ID are allowed, which could allow an attacker to deploy multiple instances of malicious OCPP clients to overwhelm the backend.

thehackerwire@mastodon.social at 2026-07-11T00:00:33.000Z ##

🟠 CVE-2026-44383 - High (7.5)

Multiple connections to the backend using the same charging station ID
are allowed, which could allow an attacker to deploy multiple instances
of malicious OCPP clients to overwhelm the backend.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-42952
(7.5 HIGH)

EPSS: 0.38%

updated 2026-07-10T23:16:48.203000

1 posts

Previously, there was no throttling on repeated authentication attempts to the charging station backend, which could allow an attacker to execute a denial-of-service attack.

thehackerwire@mastodon.social at 2026-07-11T00:00:22.000Z ##

🟠 CVE-2026-42952 - High (7.5)

Previously, there was no throttling on repeated authentication attempts
to the charging station backend, which could allow an attacker to
execute a denial-of-service attack.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-20744
(9.8 CRITICAL)

EPSS: 0.52%

updated 2026-07-10T23:16:47.683000

3 posts

The charging station websocket endpoint accepts connections without proper authentication, which could lead to privilege escalation.

thehackerwire@mastodon.social at 2026-07-11T11:59:47.000Z ##

🔴 CVE-2026-20744 - Critical (9.8)

The charging station websocket endpoint accepts connections without
proper authentication, which could lead to privilege escalation.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T11:59:47.000Z ##

🔴 CVE-2026-20744 - Critical (9.8)

The charging station websocket endpoint accepts connections without
proper authentication, which could lead to privilege escalation.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-07-11T00:00:36.000Z ##

CVE-2026-20744 (CRITICAL, CVSS 9.8): Hydro-Québec Le Circuit Electrique backend websocket lacks auth, allowing privilege escalation. No patch available. Restrict access & monitor connections. radar.offseq.com/threat/cve-20 #OffSeq #CVE202620744 #ICS #Vulnerability

##

CVE-2026-55884
(0 None)

EPSS: 0.40%

updated 2026-07-10T22:16:44.423000

1 posts

Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.20.8 through 0.37.3, the Tilt HUD HTTP server registers handlers on a gorilla/mux router with no authenticating middleware. When the HUD is bound to a non-loopback address, an unauthenticated network caller can trigger developer-defined resources, tamper with Tiltfile arguments, read full engine state including the s

offseq@infosec.exchange at 2026-07-11T01:30:25.000Z ##

CVE-2026-55884: tilt-dev tilt (0.20.8 – 0.37.3) has a CRITICAL auth bypass. Exposes dev resources & session tokens if HUD is bound to non-loopback. Upgrade to 0.37.4 ASAP. radar.offseq.com/threat/cve-20 #OffSeq #Vulnerability #Kubernetes #Infosec

##

CVE-2025-70796
(7.5 HIGH)

EPSS: 0.56%

updated 2026-07-10T21:33:30

2 posts

An unauthenticated path traversal vulnerability exists in the web management interface of WTI (Wireless Technology, Inc.) version 3.5.0.r 2024/05/24 00:00:00. An unauthenticated attacker can craft malicious HTTP requests containing traversal sequences to access files outside of the intended web root directory. This may allow disclosure of sensitive system files and configuration data

thehackerwire@mastodon.social at 2026-07-12T00:59:50.000Z ##

🟠 CVE-2025-70796 - High (7.5)

An unauthenticated path traversal vulnerability exists in the web management interface of WTI (Wireless Technology, Inc.) version 3.5.0.r 2024/05/24 00:00:00. An unauthenticated attacker can craft malicious HTTP requests containing traversal seque...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-12T00:59:50.000Z ##

🟠 CVE-2025-70796 - High (7.5)

An unauthenticated path traversal vulnerability exists in the web management interface of WTI (Wireless Technology, Inc.) version 3.5.0.r 2024/05/24 00:00:00. An unauthenticated attacker can craft malicious HTTP requests containing traversal seque...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-51119
(9.1 CRITICAL)

EPSS: 0.38%

updated 2026-07-10T21:33:30

2 posts

An issue in Invixium IXM WEB v.2.3.85.25 allows an attacker to escalate privileges via the /SystemUsers/CreateAppUser components

1 repos

https://github.com/A17-ba/CVE-2026-51119

thehackerwire@mastodon.social at 2026-07-11T20:59:52.000Z ##

🔴 CVE-2026-51119 - Critical (9.1)

An issue in Invixium IXM WEB v.2.3.85.25 allows an attacker to escalate privileges via the /SystemUsers/CreateAppUser components

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T20:59:52.000Z ##

🔴 CVE-2026-51119 - Critical (9.1)

An issue in Invixium IXM WEB v.2.3.85.25 allows an attacker to escalate privileges via the /SystemUsers/CreateAppUser components

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-39244
(7.5 HIGH)

EPSS: 0.43%

updated 2026-07-10T21:33:30

2 posts

adm-zip before 0.5.18 is vulnerable to denial of service via a crafted ZIP file with a manipulated uncompressed size header field. In zipEntry.js line 103, Buffer.alloc(_centralHeader.size) allocates memory based on the declared uncompressed size from the ZIP central directory header without validating it against the actual compressed data size or imposing any upper bound. The size value is read d

thehackerwire@mastodon.social at 2026-07-11T20:00:17.000Z ##

🟠 CVE-2026-39244 - High (7.5)

adm-zip before 0.5.18 is vulnerable to denial of service via a crafted ZIP file with a manipulated uncompressed size header field. In zipEntry.js line 103, Buffer.alloc(_centralHeader.size) allocates memory based on the declared uncompressed size ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T20:00:17.000Z ##

🟠 CVE-2026-39244 - High (7.5)

adm-zip before 0.5.18 is vulnerable to denial of service via a crafted ZIP file with a manipulated uncompressed size header field. In zipEntry.js line 103, Buffer.alloc(_centralHeader.size) allocates memory based on the declared uncompressed size ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-12761
(9.8 CRITICAL)

EPSS: 0.46%

updated 2026-07-10T21:32:40

3 posts

The miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass leading to account takeover in versions up to and including 7.7.0. This is due to the Profile Completion flow accepting an arbitrary email address via the 'email_field' POST parameter without verifying that the email belongs to the identity returned by the OAuth

hugovalters@mastodon.social at 2026-07-12T09:07:34.000Z ##

CVE-2026-12761 - Critical Authentication Bypass in miniOrange WordPress plugin. Unvalidated email field allows account takeover. CVSS 9.8. No patch available. Disable plugin immediately. #CVE #WordPress #infosec

valtersit.com/cve/CVE-2026-127

##

thehackerwire@mastodon.social at 2026-07-11T14:00:05.000Z ##

🔴 CVE-2026-12761 - Critical (9.8)

The miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass leading to account takeover in versions up to and including 7.7.0. This is due to the Profile Completion flow...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T14:00:05.000Z ##

🔴 CVE-2026-12761 - Critical (9.8)

The miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass leading to account takeover in versions up to and including 7.7.0. This is due to the Profile Completion flow...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-61461
(8.8 HIGH)

EPSS: 0.36%

updated 2026-07-10T21:32:40

2 posts

Dify before 1.16.0-rc1 contains a SQL injection vulnerability in the MyScale vector store backend that allows attackers to execute arbitrary SQL by supplying unsanitized search parameters to the search_by_full_text method without escaping or parameterization. Attackers can inject malicious SQL through the search parameters to read, modify, or delete data in the underlying ClickHouse database.

thehackerwire@mastodon.social at 2026-07-11T16:00:16.000Z ##

🟠 CVE-2026-61461 - High (8.8)

Dify before 1.16.0-rc1 contains a SQL injection vulnerability in the MyScale vector store backend that allows attackers to execute arbitrary SQL by supplying unsanitized search parameters to the search_by_full_text method without escaping or param...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T16:00:16.000Z ##

🟠 CVE-2026-61461 - High (8.8)

Dify before 1.16.0-rc1 contains a SQL injection vulnerability in the MyScale vector store backend that allows attackers to execute arbitrary SQL by supplying unsanitized search parameters to the search_by_full_text method without escaping or param...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-57807
(9.8 CRITICAL)

EPSS: 0.43%

updated 2026-07-10T21:32:40

2 posts

Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Security Software Pvt Ltd. OAuth Single Sign On - SSO (OAuth Client) allows Password Recovery Exploitation. This issue affects OAuth Single Sign On - SSO (OAuth Client): from n/a through 38.5.8.

offseq@infosec.exchange at 2026-07-11T03:00:26.000Z ##

CVE-2026-57807 | CRITICAL auth bypass in miniOrange OAuth SSO (<=38.5.8). Exploit via password recovery threatens full compromise. No patch yet — monitor for vendor updates. radar.offseq.com/threat/cve-20 #OffSeq #CVE202657807 #OAuth #Security

##

thehackerwire@mastodon.social at 2026-07-10T22:00:25.000Z ##

🔴 CVE-2026-57807 - Critical (9.8)

Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Security Software Pvt Ltd. OAuth Single Sign On - SSO (OAuth Client) allows Password Recovery Exploitation.

This issue affects OAuth Single Sign On - SSO (OAuth ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-57850
(8.3 HIGH)

EPSS: 0.33%

updated 2026-07-10T21:32:40

1 posts

RustDesk before 1.4.9 does not enforce a session's authorized connection scope on the server side, so a peer granted a limited session type (FileTransfer, PortForward, ViewCamera, or Terminal) can send control messages and login options reserved for a full Remote session. An authenticated remote peer can exploit this missing scope check to act outside its granted scope, injecting out-of-scope cont

1 repos

https://github.com/sn0x-sharma/CVE-2026-57850

thehackerwire@mastodon.social at 2026-07-10T21:00:11.000Z ##

🟠 CVE-2026-57850 - High (8.3)

RustDesk before 1.4.9 does not enforce a session's authorized connection scope on the server side, so a peer granted a limited session type (FileTransfer, PortForward, ViewCamera, or Terminal) can send control messages and login options reserved f...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-61460
(8.8 HIGH)

EPSS: 0.28%

updated 2026-07-10T21:32:32

1 posts

Krayin CRM through 2.2.3 contains an insecure direct object reference vulnerability in LeadController, PersonController, OrganizationController, QuoteController, and ActivityController that allows authenticated users to edit, update, or delete records owned by other users. Attackers can modify CRM records and reassign ownership by exploiting missing record-level ownership validation in edit, updat

thehackerwire@mastodon.social at 2026-07-10T20:00:29.000Z ##

🟠 CVE-2026-61460 - High (8.8)

Krayin CRM through 2.2.3 contains an insecure direct object reference vulnerability in LeadController, PersonController, OrganizationController, QuoteController, and ActivityController that allows authenticated users to edit, update, or delete rec...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-61459
(9.8 CRITICAL)

EPSS: 0.42%

updated 2026-07-10T21:32:32

1 posts

MCP Server Kubernetes before 3.9.0 contains an argument injection vulnerability in structured tools (kubectl_get, kubectl_describe, kubectl_delete) that allows attackers to bypass the assertNoDangerousFlags security check by supplying resourceType and name parameters with leading dashes. Attackers can inject the --server flag to redirect kubectl commands to an attacker-controlled API server, causi

thehackerwire@mastodon.social at 2026-07-10T20:00:19.000Z ##

🔴 CVE-2026-61459 - Critical (9.8)

MCP Server Kubernetes before 3.9.0 contains an argument injection vulnerability in structured tools (kubectl_get, kubectl_describe, kubectl_delete) that allows attackers to bypass the assertNoDangerousFlags security check by supplying resourceType...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5801
(9.8 CRITICAL)

EPSS: 0.40%

updated 2026-07-10T21:32:32

1 posts

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Semtek Informatics Software Consulting Trade Ltd. Co. SEM-PMP allows Command Line Execution through SQL Injection. This issue affects SEM-PMP: through 23042026.

thehackerwire@mastodon.social at 2026-07-10T20:00:08.000Z ##

🔴 CVE-2026-5801 - Critical (9.8)

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Semtek Informatics Software Consulting Trade Ltd. Co. SEM-PMP allows Command Line Execution through SQL Injection.

This issue affects SEM-PMP: t...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-58499
(8.2 HIGH)

EPSS: 0.36%

updated 2026-07-10T21:17:00.197000

1 posts

EverOS is a memory runtime for agents. Prior to 1.0.1, EverOS is vulnerable to path traversal in the POST /api/v1/memory/add ingestion endpoint because the per-message sender_id field was not validated as a path-safe identifier, unlike app_id and project_id. During user-memory extraction, sender_id is used as owner_id and joined into the filesystem path where the extracted episode is persisted as

thehackerwire@mastodon.social at 2026-07-10T22:00:04.000Z ##

🟠 CVE-2026-58499 - High (8.2)

EverOS is a memory runtime for agents. Prior to 1.0.1, EverOS is vulnerable to path traversal in the POST /api/v1/memory/add ingestion endpoint because the per-message sender_id field was not validated as a path-safe identifier, unlike app_id and ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-55827
(7.5 HIGH)

EPSS: 0.45%

updated 2026-07-10T21:16:57.267000

1 posts

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.27.1, FreeRDP clients launched with the non-default /cache:codec:rfx option pass desktop stride and height to RemoteFX decoding for Cache Bitmap V3 data while allocating bitmap->data only for the smaller DstWidth and DstHeight in gdi_Bitmap_Decompress, allowing a malicious RDP server to trigger a heap out-of-bounds write w

thehackerwire@mastodon.social at 2026-07-10T21:00:01.000Z ##

🟠 CVE-2026-55827 - High (7.5)

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.27.1, FreeRDP clients launched with the non-default /cache:codec:rfx option pass desktop stride and height to RemoteFX decoding for Cache Bitmap V3 data while allocating b...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-55233
(7.5 HIGH)

EPSS: 0.34%

updated 2026-07-10T21:16:55.760000

3 posts

OpenResty is a high performance web platform. From 1.29.2.1 to before 1.29.2.5, an out-of-bounds write vulnerability exists in the upstream PROXY protocol v2 implementation. When OpenResty is configured to send PROXY protocol version 2 headers to upstream servers, constructing the header in the stream proxy protocol v2 patch can write beyond the bounds of the allocated buffer, causing the worker p

thehackerwire@mastodon.social at 2026-07-11T13:00:37.000Z ##

🟠 CVE-2026-55233 - High (7.5)

OpenResty is a high performance web platform. From 1.29.2.1 to before 1.29.2.5, an out-of-bounds write vulnerability exists in the upstream PROXY protocol v2 implementation. When OpenResty is configured to send PROXY protocol version 2 headers to ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

hugovalters@mastodon.social at 2026-07-11T12:04:47.000Z ##

CVE-2026-55233 - DoS via OOB write in OpenResty PROXY protocol v2. CVSS 7.5. Workers crash when sending PROXY headers. Update to 1.29.2.5 immediately. #CVE #OpenResty #infosec

valtersit.com/cve/CVE-2026-552

##

thehackerwire@mastodon.social at 2026-07-11T13:00:37.000Z ##

🟠 CVE-2026-55233 - High (7.5)

OpenResty is a high performance web platform. From 1.29.2.1 to before 1.29.2.5, an out-of-bounds write vulnerability exists in the upstream PROXY protocol v2 implementation. When OpenResty is configured to send PROXY protocol version 2 headers to ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-54329
(8.5 HIGH)

EPSS: 0.39%

updated 2026-07-10T21:16:55.297000

2 posts

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the Accessories API create path mass-assigns request parameters to the Accessory model while company_id is mass assignable, allowing a low-privileged authenticated user in one company to create accessory records under another company when Full Multiple Companies Support is enabled. This issue is fixed in version 8.6.2.

thehackerwire@mastodon.social at 2026-07-11T17:00:31.000Z ##

🟠 CVE-2026-54329 - High (8.5)

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the Accessories API create path mass-assigns request parameters to the Accessory model while company_id is mass assignable, allowing a low-privileged authenticated user in one comp...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T17:00:31.000Z ##

🟠 CVE-2026-54329 - High (8.5)

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the Accessories API create path mass-assigns request parameters to the Accessory model while company_id is mass assignable, allowing a low-privileged authenticated user in one comp...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6212
(8.8 HIGH)

EPSS: 0.25%

updated 2026-07-10T20:16:49.257000

2 posts

Authorization bypass through User-Controlled key vulnerability in Teracity Software Technologies Inc. TeraMIS allows Privilege Abuse. This issue affects TeraMIS: from V03.26.01.14 through 30.04.2026.

thehackerwire@mastodon.social at 2026-07-11T16:00:34.000Z ##

🟠 CVE-2026-6212 - High (8.8)

Authorization bypass through User-Controlled key vulnerability in Teracity Software Technologies Inc. TeraMIS allows Privilege Abuse.

This issue affects TeraMIS: from V03.26.01.14 through 30.04.2026.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T16:00:34.000Z ##

🟠 CVE-2026-6212 - High (8.8)

Authorization bypass through User-Controlled key vulnerability in Teracity Software Technologies Inc. TeraMIS allows Privilege Abuse.

This issue affects TeraMIS: from V03.26.01.14 through 30.04.2026.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-30007
(8.8 HIGH)

EPSS: 2.08%

updated 2026-07-10T19:21:09.530000

2 posts

HestiaCP before 1.9.5 contains an authenticated OS command injection vulnerability that allows low-privilege authenticated users to execute arbitrary commands as root by injecting a single-quote character into unvalidated DNS record types. Attackers can exploit insufficient input validation in is_dns_record_format_valid() combined with unsafe eval-based parsing in update_domain_zone() to premature

thehackerwire@mastodon.social at 2026-07-11T18:00:09.000Z ##

🟠 CVE-2025-30007 - High (8.8)

HestiaCP before 1.9.5 contains an authenticated OS command injection vulnerability that allows low-privilege authenticated users to execute arbitrary commands as root by injecting a single-quote character into unvalidated DNS record types. Attacke...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T18:00:09.000Z ##

🟠 CVE-2025-30007 - High (8.8)

HestiaCP before 1.9.5 contains an authenticated OS command injection vulnerability that allows low-privilege authenticated users to execute arbitrary commands as root by injecting a single-quote character into unvalidated DNS record types. Attacke...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-55604
(8.6 HIGH)

EPSS: 0.22%

updated 2026-07-10T19:20:32.893000

1 posts

DeepSeek MCP Server is an MCP server for DeepSeek V4. Starting in version 1.4.2 and prior to version 1.7.0, the process-global `SessionStore` accepts caller-supplied `session_id` values without binding them to any authenticated principal or transport session. An attacker can enumerate active session IDs via `deepseek_sessions`, then reuse a victim-controlled `session_id` in `deepseek_chat` to retr

thehackerwire@mastodon.social at 2026-07-10T05:01:33.000Z ##

🟠 CVE-2026-55604 - High (8.6)

DeepSeek MCP Server is an MCP server for DeepSeek V4. Starting in version 1.4.2 and prior to version 1.7.0, the process-global `SessionStore` accepts caller-supplied `session_id` values without binding them to any authenticated principal or transp...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33655
(7.7 HIGH)

EPSS: 0.44%

updated 2026-07-10T19:17:58.040000

1 posts

New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to 0.12.0-alpha.1, the default SSRF protection configuration did not apply IP filtering to hostnames; with ApplyIPFilterForDomain disabled by default, URL validation checked domain allow/block rules but did not resolve a hostname and validate the resolved IP address, allowing authenticate

thehackerwire@mastodon.social at 2026-07-10T03:01:15.000Z ##

🟠 CVE-2026-33655 - High (7.7)

New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to 0.12.0-alpha.1, the default SSRF protection configuration did not apply IP filtering to hostnames; with ApplyIPFilterForDomain disabl...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-54063
(7.5 HIGH)

EPSS: 0.57%

updated 2026-07-10T19:17:24.330000

2 posts

Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the checkSheet() function in github.com/xuri/excelize/v2 uses an attacker-controlled <row r="N"> XML attribute value directly as the length argument to make([]xlsxRow, row) without validating it against the Excel row limit (TotalRows = 1,048,576). A specially crafted XLSX file can trigger two d

thehackerwire@mastodon.social at 2026-07-11T20:00:06.000Z ##

🟠 CVE-2026-54063 - High (7.5)

Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the checkSheet() function in github.com/xuri/excelize/v2 uses an attacker-controlled XML attribute value directly as the length argument to m...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T20:00:06.000Z ##

🟠 CVE-2026-54063 - High (7.5)

Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the checkSheet() function in github.com/xuri/excelize/v2 uses an attacker-controlled XML attribute value directly as the length argument to m...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40452
(7.5 HIGH)

EPSS: 0.26%

updated 2026-07-10T19:17:23.540000

2 posts

Incorrect Authorization, Improper Access Control vulnerability in Apache IoTDB. Authorization bypass in /rest/v2/fastLastQuery exposes last-value data to unauthorized authenticated users. This issue affects Apache IoTDB: from 1.3.5 before 1.3.8, from 2.0.5 before 2.0.10. Users are recommended to upgrade to version 2.0.10, which fixes the issue.

thehackerwire@mastodon.social at 2026-07-12T17:00:49.000Z ##

🟠 CVE-2026-40452 - High (7.5)

Incorrect Authorization, Improper Access Control vulnerability in Apache IoTDB.
Authorization bypass in /rest/v2/fastLastQuery exposes last-value data to unauthorized authenticated users.

This issue affects Apache IoTDB: from 1.3.5 before 1.3.8,...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-12T17:00:49.000Z ##

🟠 CVE-2026-40452 - High (7.5)

Incorrect Authorization, Improper Access Control vulnerability in Apache IoTDB.
Authorization bypass in /rest/v2/fastLastQuery exposes last-value data to unauthorized authenticated users.

This issue affects Apache IoTDB: from 1.3.5 before 1.3.8,...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-12598
(8.1 HIGH)

EPSS: 0.35%

updated 2026-07-10T19:17:20.113000

1 posts

The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in versions up to and including 6.2.3 via the Spotify Social Login addon. This is due to the loginpress_on_spotify_login() function trusting the unverified 'email' field returned by Spotify's /v1/me endpoint and using it directly with get_user_by('email', $profile['email']) to identify and log in an existing WordPress a

thehackerwire@mastodon.social at 2026-07-10T01:59:58.000Z ##

🟠 CVE-2026-12598 - High (8.1)

The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in versions up to and including 6.2.3 via the Spotify Social Login addon. This is due to the loginpress_on_spotify_login() function trusting the unverified 'email' fiel...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-12685
(7.5 HIGH)

EPSS: 0.22%

updated 2026-07-10T18:33:19

1 posts

The EscortWP escortwp WordPress theme through 3.6.2 was distributed with a vendor-authored, obfuscated backdoor that lets an unauthenticated attacker who supplies a hard-coded, per-build key permanently delete all of the site's content, and that covertly transmits the site URL, administrator email address, and license key to a third-party server.

offseq@infosec.exchange at 2026-07-10T07:30:26.000Z ##

CVE-2026-12685 | EscortWP ≤3.6.2: CRITICAL backdoor (CWE-912) enables unauthenticated data wipe & exfiltrates site/admin info via hard-coded key. No patch available — replace theme & monitor vendor. radar.offseq.com/threat/cve-20 #OffSeq #WordPress #Infosec #CVE2026_12685

##

CVE-2025-45422
(8.1 HIGH)

EPSS: 0.45%

updated 2026-07-10T18:33:14

1 posts

Incorrect access control in Proximus b-box v8c.725A allows authenticated attackers to bypass normal restrictions and make arbitrary changes to port forwarding rules.

1 repos

https://github.com/Cedrico03/CVE-2025-45422---Bbox

obivan@infosec.exchange at 2026-07-10T13:32:39.000Z ##

CVE-2025-45422: Proximus b-box UPnP Persistence & Access Control Bypass github.com/Cedrico03/CVE-2025-

##

CVE-2026-2397
(9.8 CRITICAL)

EPSS: 0.27%

updated 2026-07-10T18:32:31

2 posts

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Adam Retail Automation Ltd. MobilMen 20T allows SQL Injection. This issue affects MobilMen 20T: from v3 through 10072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

thehackerwire@mastodon.social at 2026-07-11T18:00:31.000Z ##

🔴 CVE-2026-2397 - Critical (9.8)

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Adam Retail Automation Ltd. MobilMen 20T allows SQL Injection.

This issue affects MobilMen 20T: from v3 through 10072026. NOTE: The vendor was ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T18:00:31.000Z ##

🔴 CVE-2026-2397 - Critical (9.8)

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Adam Retail Automation Ltd. MobilMen 20T allows SQL Injection.

This issue affects MobilMen 20T: from v3 through 10072026. NOTE: The vendor was ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33382
(7.5 HIGH)

EPSS: 0.38%

updated 2026-07-10T18:32:26

1 posts

Several Grafana API endpoints, some of them unauthenticated, do not limit the size of the request body before processing it. An attacker can send very large payloads that force excessive memory allocation, potentially exhausting memory and causing a denial of service.

thehackerwire@mastodon.social at 2026-07-10T17:00:31.000Z ##

🟠 CVE-2026-33382 - High (7.5)

Several Grafana API endpoints, some of them unauthenticated, do not limit the size of the request body before processing it. An attacker can send very large payloads that force excessive memory allocation, potentially exhausting memory and causing...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-48939
(9.8 CRITICAL)

EPSS: 1.50%

updated 2026-07-10T18:32:03

4 posts

A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment feature, ultimately resulting in PHP code upload and execution.

2 repos

https://github.com/shinthink/CVE-2026-48939

https://github.com/Polosss/By-Poloss..-..CVE-2026-48939

netsecio@mastodon.social at 2026-07-12T14:01:27.000Z ##

📰 CISA Adds Two Actively Exploited Joomla Plugin Flaws to KEV Catalog

📢 CISA KEV UPDATE: Two Joomla plugin vulnerabilities are now listed as actively exploited. CVE-2026-48939 (iCagenda) & CVE-2026-56291 (Balbooa Forms) allow file uploads and server takeover. Patch immediately! #CISA #KEV #Joomla #Vulnerability

🌐 cyber[.]netsecops[.]io

🔗 cyber.netsecops.io/articles/ci

##

secdb@infosec.exchange at 2026-07-10T19:00:12.000Z ##

🚨 [CISA-2026:0710] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (secdb.nttzen.cloud/security-ad)

CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2026-48939 (secdb.nttzen.cloud/cve/detail/)
- Name: iCagenda Unrestricted Upload of File with Dangerous Type Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset&#39;s internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: iCagenda
- Product: iCagenda
- Notes: icagenda.com/#download ; BOD 26-04: cisa.gov/news-events/directive ; Forensics Triage Requirements: cisa.gov/news-events/directive ; nvd.nist.gov/vuln/detail/CVE-2

⚠️ CVE-2026-56291 (secdb.nttzen.cloud/cve/detail/)
- Name: Balbooa Forms Unrestricted Upload of File with Dangerous Type Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset&#39;s internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Balbooa
- Product: Forms
- Notes: balbooa.com/joomla-forms ; BOD 26-04: cisa.gov/news-events/directive ; Forensics Triage Requirements: cisa.gov/news-events/directive ; nvd.nist.gov/vuln/detail/CVE-2

#ZEN #SecDB #InfoSec #CVE #CISA_KEV #cisa_20260710 #cisa20260710 #cve_2026_48939 #cve_2026_56291 #cve202648939 #cve202656291

##

cisakevtracker@mastodon.social at 2026-07-10T18:01:04.000Z ##

CVE ID: CVE-2026-48939
Vendor: iCagenda
Product: iCagenda
Date Added: 2026-07-10
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

AAKL@infosec.exchange at 2026-07-10T17:21:04.000Z ##

CISA has added two vulnerabilities to the KEV catalogue.

- CVE-2026-48939: iCagenda Unrestricted Upload of File with Dangerous Type Vulnerability cve.org/CVERecord?id=CVE-2026-

- CVE-2026-56291: Balbooa Forms Unrestricted Upload of File with Dangerous Type Vulnerability cve.org/CVERecord?id=CVE-2026- #CISA #infosec #vulnerability

##

CVE-2026-22659
(8.1 HIGH)

EPSS: 0.28%

updated 2026-07-10T18:22:49.657000

2 posts

FlaskBB through 2.2.0, fixed in commit acc88cf, contains an authorization bypass vulnerability that allows authenticated moderators to perform unauthorized actions on topics in forums they do not control by submitting crafted topic ID lists. Attackers can include a low-ID topic from a permitted forum as an anchor in a batch request, causing the permission check applied only to the first result to

thehackerwire@mastodon.social at 2026-07-12T12:00:03.000Z ##

🟠 CVE-2026-22659 - High (8.1)

FlaskBB through 2.2.0, fixed in commit acc88cf, contains an authorization bypass vulnerability that allows authenticated moderators to perform unauthorized actions on topics in forums they do not control by submitting crafted topic ID lists. Attac...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-12T12:00:03.000Z ##

🟠 CVE-2026-22659 - High (8.1)

FlaskBB through 2.2.0, fixed in commit acc88cf, contains an authorization bypass vulnerability that allows authenticated moderators to perform unauthorized actions on topics in forums they do not control by submitting crafted topic ID lists. Attac...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-2398
(8.8 HIGH)

EPSS: 0.25%

updated 2026-07-10T18:16:20.733000

2 posts

Authorization bypass through User-Controlled key vulnerability in Adam Retail Automation Ltd. MobilMen 20T allows Privilege Escalation. This issue affects MobilMen 20T: from v3 through 10072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

1 repos

https://github.com/oscar-mine/CVE-2026-23980-Exploit

thehackerwire@mastodon.social at 2026-07-11T21:00:12.000Z ##

🟠 CVE-2026-2398 - High (8.8)

Authorization bypass through User-Controlled key vulnerability in Adam Retail Automation Ltd. MobilMen 20T allows Privilege Escalation.

This issue affects MobilMen 20T: from v3 through 10072026. NOTE: The vendor was contacted early about this di...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T21:00:12.000Z ##

🟠 CVE-2026-2398 - High (8.8)

Authorization bypass through User-Controlled key vulnerability in Adam Retail Automation Ltd. MobilMen 20T allows Privilege Escalation.

This issue affects MobilMen 20T: from v3 through 10072026. NOTE: The vendor was contacted early about this di...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-59795
(8.1 HIGH)

EPSS: 0.27%

updated 2026-07-10T18:01:31.563000

2 posts

In JetBrains TeamCity before 2026.1.2 stored XSS via unauthenticated agent registration was possible

thehackerwire@mastodon.social at 2026-07-12T06:00:11.000Z ##

🟠 CVE-2026-59795 - High (8.1)

In JetBrains TeamCity before 2026.1.2 stored XSS via unauthenticated agent registration was possible

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-12T06:00:11.000Z ##

🟠 CVE-2026-59795 - High (8.1)

In JetBrains TeamCity before 2026.1.2 stored XSS via unauthenticated agent registration was possible

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-56765
(9.8 CRITICAL)

EPSS: 0.35%

updated 2026-07-10T17:56:00.910000

2 posts

Vikunja before 2.2.1 contains an authorization flaw where the LinkSharing.ReadAll endpoint exposes share hashes to users with read access, enabling permission escalation to admin-level shares. The GetTaskAttachment endpoint performs permission checks against user-supplied task IDs but fetches attachments by sequential ID without verifying ownership, allowing attackers to download and delete all fi

thehackerwire@mastodon.social at 2026-07-12T07:01:00.000Z ##

🔴 CVE-2026-56765 - Critical (9.8)

Vikunja before 2.2.1 contains an authorization flaw where the LinkSharing.ReadAll endpoint exposes share hashes to users with read access, enabling permission escalation to admin-level shares. The GetTaskAttachment endpoint performs permission che...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-12T07:01:00.000Z ##

🔴 CVE-2026-56765 - Critical (9.8)

Vikunja before 2.2.1 contains an authorization flaw where the LinkSharing.ReadAll endpoint exposes share hashes to users with read access, enabling permission escalation to admin-level shares. The GetTaskAttachment endpoint performs permission che...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-58143
(8.8 HIGH)

EPSS: 0.18%

updated 2026-07-10T17:56:00.910000

1 posts

Cotonti Siena 0.9.26 and earlier contains a cross-site request forgery vulnerability that allows unauthenticated attackers to modify administrator configuration by tricking a logged-in administrator into submitting a forged POST request to the admin.php config update handler, which never invokes the application's CSRF validation function. Attackers can disable the PFS module's file extension white

thehackerwire@mastodon.social at 2026-07-09T23:01:43.000Z ##

🟠 CVE-2026-58143 - High (8.8)

Cotonti Siena 0.9.26 and earlier contains a cross-site request forgery vulnerability that allows unauthenticated attackers to modify administrator configuration by tricking a logged-in administrator into submitting a forged POST request to the adm...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-15378
(9.3 CRITICAL)

EPSS: 0.42%

updated 2026-07-10T17:49:57.737000

4 posts

A flaw was found in the `guardrails-detectors` component. This vulnerability allows a remote attacker to perform a blind Server-Side Request Forgery (SSRF) by submitting a specially crafted XML Schema Definition (XSD) string. This can lead to unauthorized access to sensitive information, including credentials from cloud metadata services, Kubernetes API, internal MinIO, and other internal network

thehackerwire@mastodon.social at 2026-07-12T16:00:02.000Z ##

🔴 CVE-2026-15378 - Critical (9.3)

A flaw was found in the `guardrails-detectors` component. This vulnerability allows a remote attacker to perform a blind Server-Side Request Forgery (SSRF) by submitting a specially crafted XML Schema Definition (XSD) string. This can lead to unau...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-12T16:00:02.000Z ##

🔴 CVE-2026-15378 - Critical (9.3)

A flaw was found in the `guardrails-detectors` component. This vulnerability allows a remote attacker to perform a blind Server-Side Request Forgery (SSRF) by submitting a specially crafted XML Schema Definition (XSD) string. This can lead to unau...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

nyanbinary@infosec.exchange at 2026-07-10T18:53:22.000Z ##

(there is more, actually, lol access.redhat.com/security/cve )

##

offseq@infosec.exchange at 2026-07-10T10:30:25.000Z ##

Red Hat OpenShift AI hit by CRITICAL SSRF (CVE-2026-15378): guardrails-detectors flaw allows remote attackers to access cloud metadata, K8s API, and secrets via crafted XSD. Monitor for exploitation & restrict egress. radar.offseq.com/threat/cve-20 #OffSeq #CVE202615378 #RedHat #Infosec

##

CVE-2026-15143
(9.3 CRITICAL)

EPSS: 0.26%

updated 2026-07-10T17:49:57.737000

3 posts

A flaw was found in the file_type content detector of guardrails-detectors. This vulnerability allows a remote attacker to supply an arbitrary XML Schema Definition (XSD) string, which is processed without proper restrictions. This can lead to server-side requests to arbitrary URLs or local file reads, potentially resulting in sensitive information disclosure, such as cloud provider credentials or

thehackerwire@mastodon.social at 2026-07-12T01:00:00.000Z ##

🔴 CVE-2026-15143 - Critical (9.3)

A flaw was found in the file_type content detector of guardrails-detectors. This vulnerability allows a remote attacker to supply an arbitrary XML Schema Definition (XSD) string, which is processed without proper restrictions. This can lead to ser...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-12T01:00:00.000Z ##

🔴 CVE-2026-15143 - Critical (9.3)

A flaw was found in the file_type content detector of guardrails-detectors. This vulnerability allows a remote attacker to supply an arbitrary XML Schema Definition (XSD) string, which is processed without proper restrictions. This can lead to ser...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

nyanbinary@infosec.exchange at 2026-07-10T18:45:37.000Z ##

access.redhat.com/security/cve

A flaw was found in the file_type content detector of guardrails-detectors. This vulnerability allows a remote attacker to supply an arbitrary XML Schema Definition (XSD) string, which is processed without proper restrictions.

:neobot_giggle:

##

CVE-2026-61437
(7.8 HIGH)

EPSS: 0.13%

updated 2026-07-10T17:41:47.303000

2 posts

PraisonAI (pip package praisonaiagents) before 1.6.78 contains an unsafe dynamic module loading vulnerability in AgentFlow._resolve_pydantic_class (src/praisonai-agents/praisonaiagents/workflows/workflows.py). When a workflow step uses a string output_pydantic reference, the framework locates and imports a sibling tools.py from the workflow file's directory via importlib exec_module without sandbo

thehackerwire@mastodon.social at 2026-07-12T02:59:55.000Z ##

🟠 CVE-2026-61437 - High (7.8)

PraisonAI (pip package praisonaiagents) before 1.6.78 contains an unsafe dynamic module loading vulnerability in AgentFlow._resolve_pydantic_class (src/praisonai-agents/praisonaiagents/workflows/workflows.py). When a workflow step uses a string ou...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-12T02:59:55.000Z ##

🟠 CVE-2026-61437 - High (7.8)

PraisonAI (pip package praisonaiagents) before 1.6.78 contains an unsafe dynamic module loading vulnerability in AgentFlow._resolve_pydantic_class (src/praisonai-agents/praisonaiagents/workflows/workflows.py). When a workflow step uses a string ou...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-55638
(8.6 HIGH)

EPSS: 0.37%

updated 2026-07-10T17:35:11.103000

2 posts

9Router is an AI router & token saver. Prior to 0.5.2, 9router protects /v1, /v1beta, /api/v1, and /api/v1beta in src/dashboardGuard.js but omits /codex before next.config.mjs rewrites /codex/* to /api/v1/responses. A remote unauthenticated attacker can send requests to /codex/* to bypass the API-key gate and cause the server to make upstream provider calls using operator-stored LLM provider crede

thehackerwire@mastodon.social at 2026-07-11T19:00:19.000Z ##

🟠 CVE-2026-55638 - High (8.6)

9Router is an AI router & token saver. Prior to 0.5.2, 9router protects /v1, /v1beta, /api/v1, and /api/v1beta in src/dashboardGuard.js but omits /codex before next.config.mjs rewrites /codex/* to /api/v1/responses. A remote unauthenticated attack...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T19:00:19.000Z ##

🟠 CVE-2026-55638 - High (8.6)

9Router is an AI router & token saver. Prior to 0.5.2, 9router protects /v1, /v1beta, /api/v1, and /api/v1beta in src/dashboardGuard.js but omits /codex before next.config.mjs rewrites /codex/* to /api/v1/responses. A remote unauthenticated attack...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-55500
(9.9 CRITICAL)

EPSS: 0.69%

updated 2026-07-10T17:25:46.957000

1 posts

9Router is an AI router & token saver. Prior to 0.4.80, the /api/settings/database endpoint allows full database export (containing all credentials, API keys, OAuth tokens, and settings) and full database import (complete overwrite) without any authentication requirement beyond the ALWAYS_PROTECTED middleware check, which only validates JWT or CLI token. This issue is fixed in version 0.4.80.

thehackerwire@mastodon.social at 2026-07-10T17:00:11.000Z ##

🔴 CVE-2026-55500 - Critical (9.9)

9Router is an AI router & token saver. Prior to 0.4.80, the /api/settings/database endpoint allows full database export (containing all credentials, API keys, OAuth tokens, and settings) and full database import (complete overwrite) without any au...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40008
(9.8 CRITICAL)

EPSS: 0.33%

updated 2026-07-10T16:16:30.343000

2 posts

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Apache IoTDB. The pipe processor reads a fully qualified Java class name and instantiates it using Class.forName().newInstance() without any validation or allowlisting. This issue affects Apache IoTDB: from 1.0.0 before 2.0.10. Users are recommended to upgrade to version 2.0.10, which fixes the i

thehackerwire@mastodon.social at 2026-07-12T17:00:39.000Z ##

🔴 CVE-2026-40008 - Critical (9.8)

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Apache IoTDB.
The pipe processor reads a fully
qualified Java class name and
instantiates it using Class.forName().newInstance() without any
valida...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-12T17:00:39.000Z ##

🔴 CVE-2026-40008 - Critical (9.8)

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Apache IoTDB.
The pipe processor reads a fully
qualified Java class name and
instantiates it using Class.forName().newInstance() without any
valida...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40007
(7.5 HIGH)

EPSS: 0.28%

updated 2026-07-10T16:16:30.140000

2 posts

Uncontrolled Recursion, Uncontrolled Resource Consumption vulnerability in Apache IoTDB. When pipe_air_gap_receiver_enabled=true, the IoTDB AirGap receiver's readLength method calls itself recursively each time it recognises the E-language prefix in socket data, with no depth limit. An unauthenticated attacker can send a stream of repeated E-language prefixes that drives the recursion arbitrarily

thehackerwire@mastodon.social at 2026-07-12T17:00:27.000Z ##

🟠 CVE-2026-40007 - High (7.5)

Uncontrolled Recursion, Uncontrolled Resource Consumption vulnerability in Apache IoTDB.
When pipe_air_gap_receiver_enabled=true, the IoTDB AirGap receiver's
readLength method calls itself recursively each time it recognises the
E-language prefix ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-12T17:00:27.000Z ##

🟠 CVE-2026-40007 - High (7.5)

Uncontrolled Recursion, Uncontrolled Resource Consumption vulnerability in Apache IoTDB.
When pipe_air_gap_receiver_enabled=true, the IoTDB AirGap receiver's
readLength method calls itself recursively each time it recognises the
E-language prefix ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40006
(7.5 HIGH)

EPSS: 0.32%

updated 2026-07-10T16:16:29.893000

2 posts

Memory Allocation with Excessive Size Value, Allocation of Resources Without Limits or Throttling, Missing Authentication for Critical Function vulnerability in Apache IoTDB. When pipe_air_gap_receiver_enabled=true, the IoTDB AirGap pipe receiver accepts raw TCP connections on port 9780 with no authentication. The readLength method reads an attacker-controlled 32-bit integer from the socket and re

thehackerwire@mastodon.social at 2026-07-12T16:00:22.000Z ##

🟠 CVE-2026-40006 - High (7.5)

Memory Allocation with Excessive Size Value, Allocation of Resources Without Limits or Throttling, Missing Authentication for Critical Function vulnerability in Apache IoTDB.
When pipe_air_gap_receiver_enabled=true, the IoTDB AirGap pipe receiver
...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-12T16:00:22.000Z ##

🟠 CVE-2026-40006 - High (7.5)

Memory Allocation with Excessive Size Value, Allocation of Resources Without Limits or Throttling, Missing Authentication for Critical Function vulnerability in Apache IoTDB.
When pipe_air_gap_receiver_enabled=true, the IoTDB AirGap pipe receiver
...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40005
(9.1 CRITICAL)

EPSS: 0.35%

updated 2026-07-10T16:16:29.703000

2 posts

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache IoTDB. An attacker can write arbitrary files anywhere the IoTDB process has write permissions with unsafe API. This issue affects Apache IoTDB: from 1.0.0 before 2.0.10. Users are recommended to upgrade to version 2.0.10, which fixes the issue.

thehackerwire@mastodon.social at 2026-07-12T16:00:12.000Z ##

🔴 CVE-2026-40005 - Critical (9.1)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache IoTDB.
An attacker can write arbitrary files anywhere the IoTDB process has write permissions with unsafe API.

This issue affects Apache IoTDB...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-12T16:00:12.000Z ##

🔴 CVE-2026-40005 - Critical (9.1)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache IoTDB.
An attacker can write arbitrary files anywhere the IoTDB process has write permissions with unsafe API.

This issue affects Apache IoTDB...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-15070
(8.8 HIGH)

EPSS: 0.26%

updated 2026-07-10T16:16:25.573000

1 posts

The Salon Booking System – Free Version plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 10.30.32. This is due to missing or incorrect nonce validation on the setCustomText function. This makes it possible for unauthenticated attackers to inject arbitrary PHP code into the web-accessible translate-constants.php file within the plugin directory,

thehackerwire@mastodon.social at 2026-07-10T05:00:11.000Z ##

🟠 CVE-2026-15070 - High (8.8)

The Salon Booking System – Free Version plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 10.30.32. This is due to missing or incorrect nonce validation on the setCustomText function. This mak...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-56690
(8.5 HIGH)

EPSS: 0.23%

updated 2026-07-10T15:45:33.663000

2 posts

Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure, Information exposure, and Unauthorized access.

thehackerwire@mastodon.social at 2026-07-12T15:00:56.000Z ##

🟠 CVE-2026-56690 - High (8.5)

Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnera...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-12T15:00:56.000Z ##

🟠 CVE-2026-56690 - High (8.5)

Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnera...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-56305
(8.3 HIGH)

EPSS: 0.36%

updated 2026-07-10T15:44:09.370000

2 posts

Capgo before 12.128.2 contains an authentication bypass vulnerability in the password change endpoint that allows attackers to change user passwords without requiring current password confirmation. Attackers with temporary session access can exploit this flaw to permanently lock out legitimate users and achieve full account takeover.

thehackerwire@mastodon.social at 2026-07-12T11:00:07.000Z ##

🟠 CVE-2026-56305 - High (8.3)

Capgo before 12.128.2 contains an authentication bypass vulnerability in the password change endpoint that allows attackers to change user passwords without requiring current password confirmation. Attackers with temporary session access can explo...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-12T11:00:07.000Z ##

🟠 CVE-2026-56305 - High (8.3)

Capgo before 12.128.2 contains an authentication bypass vulnerability in the password change endpoint that allows attackers to change user passwords without requiring current password confirmation. Attackers with temporary session access can explo...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-12595
(8.1 HIGH)

EPSS: 0.35%

updated 2026-07-10T15:43:30.330000

1 posts

The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via Unverified OAuth Email in all versions up to and including 6.2.3. The vulnerability exists in the loginpress_on_discord_login() Discord OAuth callback handler, which accepts the email field returned by Discord's /users/@me endpoint without ever checking that the profile's verified flag is true, then directly maps th

thehackerwire@mastodon.social at 2026-07-10T01:00:31.000Z ##

🟠 CVE-2026-12595 - High (8.1)

The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via Unverified OAuth Email in all versions up to and including 6.2.3. The vulnerability exists in the loginpress_on_discord_login() Discord OAuth callback handler, whic...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-61434
(8.8 HIGH)

EPSS: 0.58%

updated 2026-07-10T15:31:49

2 posts

PraisonAI versions before 4.6.78 contain an allowlist bypass vulnerability in shell command execution that allows attackers to execute restricted commands via find's built-in -exec, -execdir, and -delete actions. Attackers can craft find commands with these built-in actions to read blocked files, delete files, or execute non-allowlisted binaries without triggering shell metacharacter filters.

thehackerwire@mastodon.social at 2026-07-12T01:00:11.000Z ##

🟠 CVE-2026-61434 - High (8.8)

PraisonAI versions before 4.6.78 contain an allowlist bypass vulnerability in shell command execution that allows attackers to execute restricted commands via find's built-in -exec, -execdir, and -delete actions. Attackers can craft find commands ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-12T01:00:11.000Z ##

🟠 CVE-2026-61434 - High (8.8)

PraisonAI versions before 4.6.78 contain an allowlist bypass vulnerability in shell command execution that allows attackers to execute restricted commands via find's built-in -exec, -execdir, and -delete actions. Attackers can craft find commands ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-54469
(8.8 HIGH)

EPSS: 0.44%

updated 2026-07-10T15:31:48

2 posts

Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior, contain(s) a Deserialization of Untrusted Data vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.

thehackerwire@mastodon.social at 2026-07-12T12:00:13.000Z ##

🟠 CVE-2026-54469 - High (8.8)

Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior, contain(s) a Deserialization of Untrusted Data vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execu...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-12T12:00:13.000Z ##

🟠 CVE-2026-54469 - High (8.8)

Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior, contain(s) a Deserialization of Untrusted Data vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execu...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-38059
(7.5 HIGH)

EPSS: 0.59%

updated 2026-07-10T15:31:48

2 posts

The iDirect iQ200 exposes the /api/identity and /api/ REST API endpoints without authentication. An unauthenticated attacker with network access can retrieve sensitive device information including the serial number, Device ID (DID), Terminal Private Key identifier (TPK), MAC address, and exact firmware version. The DID and TPK are used for satellite network authentication in the iDirect platform,

thehackerwire@mastodon.social at 2026-07-12T11:59:54.000Z ##

🟠 CVE-2026-38059 - High (7.5)

The iDirect iQ200 exposes the /api/identity and /api/ REST API endpoints without authentication. An unauthenticated attacker with network access can retrieve sensitive device information including the serial number, Device ID (DID), Terminal Priva...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-12T11:59:54.000Z ##

🟠 CVE-2026-38059 - High (7.5)

The iDirect iQ200 exposes the /api/identity and /api/ REST API endpoints without authentication. An unauthenticated attacker with network access can retrieve sensitive device information including the serial number, Device ID (DID), Terminal Priva...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-38057
(8.1 HIGH)

EPSS: 0.31%

updated 2026-07-10T15:31:48

2 posts

The iDirect iQ200 does not validate CSRF tokens on state-changing API endpoints after authentication. The /api/reboot endpoint accepts POST requests authenticated solely by a session cookie that lacks the SameSite attribute. A remote attacker can host a malicious web page that, when visited by an authenticated administrator, automatically submits a cross-site POST request causing an immediate devi

thehackerwire@mastodon.social at 2026-07-12T11:00:31.000Z ##

🟠 CVE-2026-38057 - High (8.1)

The iDirect iQ200 does not validate CSRF tokens on state-changing API endpoints after authentication. The /api/reboot endpoint accepts POST requests authenticated solely by a session cookie that lacks the SameSite attribute. A remote attacker can ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-12T11:00:31.000Z ##

🟠 CVE-2026-38057 - High (8.1)

The iDirect iQ200 does not validate CSRF tokens on state-changing API endpoints after authentication. The /api/reboot endpoint accepts POST requests authenticated solely by a session cookie that lacks the SameSite attribute. A remote attacker can ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-29519
(8.2 HIGH)

EPSS: 0.39%

updated 2026-07-10T15:31:48

2 posts

Lucee CFML Server versions across the 5.3.x, 6.1.x, 6.2.x, and 7.0.x release lines contain a reflected cross-site scripting vulnerability in URL path parsing that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser by embedding HTML or JavaScript payloads within the request path. Attackers can craft a malicious URL containing injected script content that i

1 repos

https://github.com/L4V4D0/CVE-2026-29519-Lucee-Reflected-XSS

thehackerwire@mastodon.social at 2026-07-12T11:00:19.000Z ##

🟠 CVE-2026-29519 - High (8.2)

Lucee CFML Server versions across the 5.3.x, 6.1.x, 6.2.x, and 7.0.x release lines contain a reflected cross-site scripting vulnerability in URL path parsing that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim'...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-12T11:00:19.000Z ##

🟠 CVE-2026-29519 - High (8.2)

Lucee CFML Server versions across the 5.3.x, 6.1.x, 6.2.x, and 7.0.x release lines contain a reflected cross-site scripting vulnerability in URL path parsing that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim'...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-56279
(7.5 HIGH)

EPSS: 0.31%

updated 2026-07-10T15:31:48

2 posts

Capgo before 12.128.2 contains an information disclosure vulnerability in the get_orgs_v7(userid) RPC function that remains publicly invokable despite intended private access controls. Unauthenticated attackers can supply arbitrary user UUIDs to retrieve foreign users' organization membership, roles, management emails, and billing metadata.

thehackerwire@mastodon.social at 2026-07-12T07:01:21.000Z ##

🟠 CVE-2026-56279 - High (7.5)

Capgo before 12.128.2 contains an information disclosure vulnerability in the get_orgs_v7(userid) RPC function that remains publicly invokable despite intended private access controls. Unauthenticated attackers can supply arbitrary user UUIDs to r...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-12T07:01:21.000Z ##

🟠 CVE-2026-56279 - High (7.5)

Capgo before 12.128.2 contains an information disclosure vulnerability in the get_orgs_v7(userid) RPC function that remains publicly invokable despite intended private access controls. Unauthenticated attackers can supply arbitrary user UUIDs to r...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-56261
(8.6 HIGH)

EPSS: 0.37%

updated 2026-07-10T15:31:48

2 posts

Crawl4AI before 0.8.7 contains a server-side request forgery (SSRF) vulnerability in the Docker API server's /crawl/job and /llm/job endpoints, which accept webhook URLs without destination validation. An attacker can supply webhook URLs pointing to private or internal IP ranges, Docker networks, or cloud metadata endpoints (e.g. 169.254.169.254), causing the server to make requests to internal se

thehackerwire@mastodon.social at 2026-07-12T07:01:11.000Z ##

🟠 CVE-2026-56261 - High (8.6)

Crawl4AI before 0.8.7 contains a server-side request forgery (SSRF) vulnerability in the Docker API server's /crawl/job and /llm/job endpoints, which accept webhook URLs without destination validation. An attacker can supply webhook URLs pointing ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-12T07:01:11.000Z ##

🟠 CVE-2026-56261 - High (8.6)

Crawl4AI before 0.8.7 contains a server-side request forgery (SSRF) vulnerability in the Docker API server's /crawl/job and /llm/job endpoints, which accept webhook URLs without destination validation. An attacker can supply webhook URLs pointing ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-59796
(8.1 HIGH)

EPSS: 0.25%

updated 2026-07-10T15:31:48

2 posts

In JetBrains TeamCity before 2026.1.2 pipeline modification was possible due to improper permission checks

thehackerwire@mastodon.social at 2026-07-12T06:00:25.000Z ##

🟠 CVE-2026-59796 - High (8.1)

In JetBrains TeamCity before 2026.1.2 pipeline modification was possible due to improper permission checks

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-12T06:00:25.000Z ##

🟠 CVE-2026-59796 - High (8.1)

In JetBrains TeamCity before 2026.1.2 pipeline modification was possible due to improper permission checks

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-59793
(8.8 HIGH)

EPSS: 0.34%

updated 2026-07-10T15:31:48

2 posts

In JetBrains TeamCity before 2026.1.2 arbitrary file access was possible via the Perforce VCS integration

thehackerwire@mastodon.social at 2026-07-12T05:59:57.000Z ##

🟠 CVE-2026-59793 - High (8.8)

In JetBrains TeamCity before 2026.1.2 arbitrary file access was possible via the Perforce VCS integration

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-12T05:59:57.000Z ##

🟠 CVE-2026-59793 - High (8.8)

In JetBrains TeamCity before 2026.1.2 arbitrary file access was possible via the Perforce VCS integration

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-59792
(9.6 CRITICAL)

EPSS: 0.42%

updated 2026-07-10T15:31:48

2 posts

In JetBrains IntelliJ IDEA before 2026.1.4, 2026.2 code execution via path traversal in project workspace ID handling was possible

thehackerwire@mastodon.social at 2026-07-12T03:00:16.000Z ##

🔴 CVE-2026-59792 - Critical (9.6)

In JetBrains IntelliJ IDEA before 2026.1.4,
2026.2 code execution via path traversal in project workspace ID handling was possible

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-12T03:00:16.000Z ##

🔴 CVE-2026-59792 - Critical (9.6)

In JetBrains IntelliJ IDEA before 2026.1.4,
2026.2 code execution via path traversal in project workspace ID handling was possible

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-61444
(9.1 CRITICAL)

EPSS: 0.39%

updated 2026-07-10T15:31:48

2 posts

PraisonAI versions before 4.6.78 contain a code injection vulnerability in deploy/api.py where the agents_file parameter is directly interpolated into an f-string without sanitization. Attackers can inject arbitrary Python code that executes when the generated server code runs via subprocess.Popen().

thehackerwire@mastodon.social at 2026-07-12T03:00:04.000Z ##

🔴 CVE-2026-61444 - Critical (9.1)

PraisonAI versions before 4.6.78 contain a code injection vulnerability in deploy/api.py where the agents_file parameter is directly interpolated into an f-string without sanitization. Attackers can inject arbitrary Python code that executes when ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-12T03:00:04.000Z ##

🔴 CVE-2026-61444 - Critical (9.1)

PraisonAI versions before 4.6.78 contain a code injection vulnerability in deploy/api.py where the agents_file parameter is directly interpolated into an f-string without sanitization. Attackers can inject arbitrary Python code that executes when ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-11903
(8.0 HIGH)

EPSS: 0.23%

updated 2026-07-10T14:01:59.527000

1 posts

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Progress MOVEit Transfer (Ad Hoc module). This issue affects MOVEit Transfer: from 2026.0.0 before 2026.0.1, from 2025.1.0 before 2025.1.4, from 2025.0.0 before 2025.0.8.

CVE-2026-56689
(7.7 HIGH)

EPSS: 0.21%

updated 2026-07-10T12:31:56

2 posts

Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.

thehackerwire@mastodon.social at 2026-07-12T15:00:45.000Z ##

🟠 CVE-2026-56689 - High (7.7)

Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnera...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-12T15:00:45.000Z ##

🟠 CVE-2026-56689 - High (7.7)

Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnera...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-56688
(9.1 CRITICAL)

EPSS: 1.29%

updated 2026-07-10T12:31:56

3 posts

Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability during OS Repository processing to achieve arbitrary command execution as root, potentially leading to full appliance compromise and latera

thehackerwire@mastodon.social at 2026-07-12T15:00:35.000Z ##

🔴 CVE-2026-56688 - Critical (9.1)

Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-12T15:00:35.000Z ##

🔴 CVE-2026-56688 - Critical (9.1)

Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-07-10T13:30:28.000Z ##

Dell PowerFlex Manager <5.1.0.1 faces CRITICAL OS command injection (CVE-2026-56688, CVSS 9.1). High-priv attackers can execute root commands — full compromise risk. No patch yet. Limit admin remote access & monitor activity. radar.offseq.com/threat/cve-20 #OffSeq #Dell #Vuln #Infosec

##

CVE-2026-41880(CVSS UNKNOWN)

EPSS: 1.33%

updated 2026-07-10T12:31:56

1 posts

R-SOFT DMS is vulnerable to OS Command Injection in the Optical Character Recognition (OCR) module. Multiple command execution functions accept user-controllable file paths without proper sanitization before passing them to the system shell via SSH. In current infrastructure the URL encoding neutralizes the injection during the standard web upload flow. An authenticated attacker who is able to tri

offseq@infosec.exchange at 2026-07-10T12:00:34.000Z ##

CVE-2026-41880 | CRITICAL OS Command Injection in R-SOFT SERWIS DMS OCR module. Authenticated users can execute root commands via crafted uploads. Patched in v3.19-2862/3.17-2580. Upgrade now: radar.offseq.com/threat/cve-20 #OffSeq #infosec #vulnerability #CVE202641880

##

CVE-2026-54423
(8.2 HIGH)

EPSS: 0.52%

updated 2026-07-10T09:31:36

1 posts

In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the send_raw step to send arbitrary IPMI commands to a node, bypassing Ironic's access control.

thehackerwire@mastodon.social at 2026-07-10T04:59:50.000Z ##

🟠 CVE-2026-54423 - High (8.2)

In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the send_raw step to send arbitrary IPMI commands to a node, bypassing Ironic's access control.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-15300
(9.1 CRITICAL)

EPSS: 0.35%

updated 2026-07-10T06:31:33

1 posts

The GEO my WP plugin for WordPress was vulnerable to SQL Injection via the 'distance', 'lat', and 'lng' parameters in versions up to, and including, 4.5.4. The values were read from $_SERVER['QUERY_STRING'] via parse_str() (bypassing wp_magic_quotes, which does not cover $_SERVER), then passed through bare esc_sql() before being interpolated into unquoted numeric positions in the proximity-search

offseq@infosec.exchange at 2026-07-10T06:00:25.000Z ##

SQL Injection vuln (CRITICAL, CVE-2026-15300) in GEO my WP <=4.5.4 lets attackers exploit 'distance', 'lat', 'lng' via query string. Upgrade to 4.5.5 for numeric validation & input casting. radar.offseq.com/threat/cve-20 #OffSeq #WordPress #Security #CVE202615300

##

CVE-2026-14894
(9.8 CRITICAL)

EPSS: 0.52%

updated 2026-07-10T06:31:28

2 posts

The Super Forms – Drag & Drop Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 6.3.313 via the submit_form function. This is due to missing file type validation and the absence of any capability check on the submit_form nopriv AJAX handler, whose only barrier is a session nonce freely obtainable by unauthenticated visitors via a separat

1 repos

https://github.com/1beelze/CVE-2026-14894

thehackerwire@mastodon.social at 2026-07-10T04:59:59.000Z ##

🔴 CVE-2026-14894 - Critical (9.8)

The Super Forms – Drag & Drop Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 6.3.313 via the submit_form function. This is due to missing file type validation and the absence of any...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-07-10T04:30:25.000Z ##

CVE-2026-14894 (CRITICAL, CVSS 9.8): Arbitrary file upload in Super Forms – Drag & Drop Form Builder <=6.3.313 enables unauthenticated RCE. Restrict plugin use & monitor for uploads. Await vendor patch. radar.offseq.com/threat/cve-20 #OffSeq #WordPress #Infosec #Vulnerability

##

CVE-2026-14544
(9.8 CRITICAL)

EPSS: 0.51%

updated 2026-07-10T05:16:28.067000

1 posts

A flaw was found in HPLIP (HP Linux Imaging and Printing Software). This vulnerability, an incomplete fix for CVE-2026-8631, may allow a remote attacker to escalate privileges or achieve arbitrary code execution. This can occur through an integer overflow in the hpcups processing path when handling specially crafted print data.

DailyCyberSecurity@infosec.exchange at 2026-07-09T06:06:47.000Z ##

A critical HPLIP vulnerability, CVE-2026-14544 (CVSS 9.8), lets a remote attacker gain arbitrary code execution via crafted print data. Patch now.

#HPLIP #LinuxSecurity #RCE #CVE #hpcups #CyberSecurity #Vulnerability #InfoSec

securityonline.info/hplip-vuln

##

CVE-2026-12597
(8.1 HIGH)

EPSS: 0.42%

updated 2026-07-10T00:31:34

1 posts

The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via the GitHub OAuth callback in versions up to, and including, 6.2.3. The vulnerability exists in the loginpress_on_github_login() function, which blindly trusts the first element (profile[0]['email']) of the array returned by GitHub's /user/emails endpoint as an account-binding identifier without verifying that the em

thehackerwire@mastodon.social at 2026-07-10T01:59:48.000Z ##

🟠 CVE-2026-12597 - High (8.1)

The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via the GitHub OAuth callback in versions up to, and including, 6.2.3. The vulnerability exists in the loginpress_on_github_login() function, which blindly trusts the f...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-58123
(9.8 CRITICAL)

EPSS: 0.93%

updated 2026-07-10T00:31:34

2 posts

Hermes WebUI before 0.51.788 contains an unauthenticated remote code execution vulnerability that allows remote attackers to execute arbitrary shell commands by accessing the embedded terminal API endpoints without credentials. Attackers can create a session, attach a PTY shell, and write arbitrary commands through the terminal input endpoint to achieve full command execution as the server process

offseq@infosec.exchange at 2026-07-10T01:30:25.000Z ##

CVE-2026-58123 | CRITICAL RCE in nesquena hermes-webui <0.51.788: Unauthenticated attackers can execute arbitrary shell commands via terminal API in 4 HTTP requests. Restrict endpoint access until patch confirmed. radar.offseq.com/threat/cve-20 #OffSeq #RCE #infosec #CVE

##

thehackerwire@mastodon.social at 2026-07-09T23:01:33.000Z ##

🔴 CVE-2026-58123 - Critical (9.8)

Hermes WebUI before 0.51.788 contains an unauthenticated remote code execution vulnerability that allows remote attackers to execute arbitrary shell commands by accessing the embedded terminal API endpoints without credentials. Attackers can creat...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-57026
(7.5 HIGH)

EPSS: 0.46%

updated 2026-07-10T00:31:33

1 posts

An Improper Validation of Syntactic Correctness of Input vulnerability in the SIP plugin of Juniper Networks Junos OS on MX Series with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).If the SIP ALG is enabled on an affected device, the processing of a malformed SIP invite packet will cause a flow processing daemon (flowd) crash and restart.

thehackerwire@mastodon.social at 2026-07-10T05:01:21.000Z ##

🟠 CVE-2026-57026 - High (7.5)

An Improper Validation of Syntactic Correctness of Input vulnerability in the SIP plugin of Juniper Networks Junos OS on MX Series with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).If the...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-57023
(7.5 HIGH)

EPSS: 0.46%

updated 2026-07-10T00:31:33

1 posts

An Improper Validation of Specified Quantity in Input vulnerability in the TCP proxy plugin of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an unauthenticated, network-based attacker to cause a complete Denial of Service (DoS). When TCP proxy is engaged in a flow session, to support ALGs, Advanced Anti-Malware, ICAP or UTM, a TCP packet with specifically malformed TCP h

thehackerwire@mastodon.social at 2026-07-10T05:01:09.000Z ##

🟠 CVE-2026-57023 - High (7.5)

An Improper Validation of Specified Quantity in Input vulnerability in the TCP proxy plugin of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an unauthenticated, network-based attacker to cause a complete Denial of Service...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-58122
(9.1 CRITICAL)

EPSS: 0.29%

updated 2026-07-10T00:31:33

2 posts

Hermes WebUI before 0.51.307 contains an authentication bypass vulnerability that allows unauthenticated remote attackers to circumvent local-origin IP restrictions on onboarding endpoints by supplying a spoofed X-Forwarded-For header with a loopback address. Attackers can exploit this bypass to perform server-side request forgery against internal services including cloud metadata endpoints, overw

offseq@infosec.exchange at 2026-07-10T00:00:36.000Z ##

CVE-2026-58122 (CRITICAL): Hermes WebUI <0.51.307 lets remote attackers bypass local IP restrictions via spoofed X-Forwarded-For — enabling SSRF, config overwrite, and OAuth token theft. Restrict header spoofing & monitor access. radar.offseq.com/threat/cve-20 #OffSeq #CVE202658122 #infosec #SSRF

##

thehackerwire@mastodon.social at 2026-07-09T23:01:20.000Z ##

🔴 CVE-2026-58122 - Critical (9.1)

Hermes WebUI before 0.51.307 contains an authentication bypass vulnerability that allows unauthenticated remote attackers to circumvent local-origin IP restrictions on onboarding endpoints by supplying a spoofed X-Forwarded-For header with a loopb...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-46215
(7.8 HIGH)

EPSS: 0.13%

updated 2026-07-09T21:31:14

1 posts

In the Linux kernel, the following vulnerability has been resolved: drm: Set old handle to NULL before prime swap in change_handle There was a potential race condition in change_handle. The ioctl briefly had a single object with two idr entries; a concurrent gem_close could delete the object and remove one of the handles while leaving the other one dangling, which could subsequently be dereferen

2 repos

https://github.com/0xCyberstan/CVE-2026-46215-POC

https://github.com/bluedragonsecurity/CVE-2026-46215-EXPLOIT

CVE-2026-44825
(8.1 HIGH)

EPSS: 0.53%

updated 2026-07-09T20:59:06

1 posts

Hardcoded credentials in the Basic Authentication setup tool (bin/solr auth enable) in Apache Solr versions 9.4.0 through 9.10.1 and 10.0.0 allows a remote attacker to gain full administrative access to the cluster via publicly known default credentials installed silently alongside the user-specified account. As an immediate workaround without upgrading, delete the template users (superadmin, ad

2 repos

https://github.com/shinthink/solrradar

https://github.com/gagaltotal/CVE-2026-44825-Apache-Solr-Scanner

DarkWebInformer@infosec.exchange at 2026-07-09T19:09:07.000Z ##

💥 CVE-2026-44825: A scanner for Apache Solr instances that may be affected by CVE-2026-44825, related to Velocity Template Remote Code Execution (RCE) conditions.

GitHub: github.com/gagaltotal/CVE-2026

##

CVE-2026-13698
(7.5 HIGH)

EPSS: 0.55%

updated 2026-07-09T15:32:20

1 posts

A memory leak in OpenVPN version 2.5.0 through 2.5.11, 2.6.0 through 2.6.20 and 2.7_alpha1 through 2.7.4 allows remote attackers with a valid tls-crypt-v2 client key to potentially cause a denial of service

cryptostorm@infosec.exchange at 2026-07-10T13:32:09.000Z ##

v4.01 of our Windows client is at cryptostorm.is/windows#widget

See attached for client-side fixes.

Servers were updated to OpenVPN 2.7.5 on the 2nd, and v4.01 bundles 2.7.5, so we're good on CVE-2026-12996, CVE-2026-13117, CVE-2026-12932, and CVE-2026-13698.

##

CVE-2026-15128
(6.1 MEDIUM)

EPSS: 0.14%

updated 2026-07-09T12:31:30

1 posts

Inappropriate implementation in Forms in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: High)

offseq@infosec.exchange at 2026-07-09T06:00:29.000Z ##

CVE-2026-15128 (HIGH): Google Chrome <150.0.7871.115 vulnerable to remote UXSS via crafted HTML. Patch available — update now to block script injection. Details: radar.offseq.com/threat/cve-20 #OffSeq #Chrome #Vuln #PatchTuesday #InfoSec

##

CVE-2026-9253
(7.2 HIGH)

EPSS: 0.20%

updated 2026-07-09T12:30:35

1 posts

The WP Cost Estimation & Payment Forms Builder (E&P Forms) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'customerInfos' parameter in all versions up to, and including, 10.5.97 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesse

offseq@infosec.exchange at 2026-07-09T13:30:50.000Z ##

CVE-2026-9253: WP Cost Estimation & Payment Forms Builder ≤10.5.97 has a HIGH severity stored XSS via 'customerInfos'. Unauthenticated attackers can inject scripts. Patch status unconfirmed — restrict plugin use for now. radar.offseq.com/threat/cve-20 #OffSeq #WordPress #Vuln #XSS

##

CVE-2026-14245
(9.8 CRITICAL)

EPSS: 0.59%

updated 2026-07-09T09:30:40

1 posts

The miniOrange OTP Login, Verification and SMS Notifications plugin for WordPress is vulnerable to Authentication Bypass leading to Administrator Account Takeover in all versions up to, and including, 5.5.1. This is due to the `um_reset_password_process_hook()` function performing no server-side verification that the OTP validation step was completed, and relying solely on a public `form_nonce` no

offseq@infosec.exchange at 2026-07-09T09:00:26.000Z ##

CVE-2026-14245: CRITICAL vuln in miniOrange OTP Login ≤5.5.1. Auth bypass allows admin takeover if Ultimate Member Password Reset Form is enabled. Disable that integration or enforce phone-only reset until patched. radar.offseq.com/threat/cve-20 #OffSeq #WordPress #Infosec #Vuln

##

CVE-2026-43499
(7.8 HIGH)

EPSS: 0.12%

updated 2026-07-09T00:32:11

4 posts

In the Linux kernel, the following vulnerability has been resolved: rtmutex: Use waiter::task instead of current in remove_waiter() remove_waiter() is used by the slowlock paths, but it is also used for proxy-lock rollback in rt_mutex_start_proxy_lock() when invoked from futex_requeue(). In the latter case waiter::task is not current, but remove_waiter() operates on current for the dequeue oper

9 repos

https://github.com/HORKimhab/CVE-2026-43499

https://github.com/inforcqb/CVE-2026-43499-pja110

https://github.com/dmcdtc/openvz-cve-patch-2026

https://github.com/caspy123/CVE-2026-43499

https://github.com/tc3650/CVE-2026-43499-armv7

https://github.com/x-spy/CVE-2026-43499-popsicle

https://github.com/0xBlackash/CVE-2026-43499

https://github.com/pubglite55/oppo-ghostlock

https://github.com/MobiusM/CVE-2026-43499

cyberveille@mastobot.ping.moi at 2026-07-11T16:00:21.000Z ##

📢 GhostLock (CVE-2026-43499) : stack-UAF dans le noyau Linux depuis 15 ans, exploit stable à 97%
📝 ## 🔍 Contexte

Publié le 7 juillet 2026 par Nebula Security (nebusec.ai), cet article de recherche détaille **GhostLock (CVE-2026-43499)...
📖 cyberveille : cyberveille.ch/posts/2026-07-1
🌐 source : nebusec.ai/research/ionstack-p
#CVE_2026_43499 #GhostLock #Cyberveille

##

autobrain@arram.senta-la.cloud at 2026-07-10T14:23:23.000Z ##

Postei no BR-Linux to avisando, e é sobre bug novo/velho.

VULNERABILIDADE GHOSTLOCK PERMITE QUE USUÁRIOS LOCAIS VIREM ROOT

A vulnerabilidade CVE-2026-43499, batizada de GhostLock, é um bug de sincronização divulgado esta semana, que ficou oculto por 15 anos no kernel Linux, e expõe a acesso root por usuários locais.

br-linux.org/2026/01/vulnerabi

##

schwerdtfegr.wordpress.com@schwerdtfegr.wordpress.com at 2026-07-10T12:46:19.000Z ##

Aber linux ist doch sicherer als windohs

Eine seit 2011 bestehende Schwachstelle im Linux-Kernel sorgt gerade für Aufsehen: CVE-2026-43499, von Sicherheitsforschern »GhostLock« getauft, steckt im rtmutex/futex-Subsystem und lässt sich mit hoher Zuverlässigkeit zur Rechteausweitung missbrauchen […] Der Bug betrifft praktisch jede Linux-Distribution der letzten 15 Jahre, ein funktionierender Root-Exploit mit rund 97 % Erfolgsquote kursiert bereits, und ein Proof-of-Concept ist öffentlich auf GitHub einsehbar. Zusätzlich lässt sich damit auch aus Containern ausbrechen – für Docker- und Kubernetes-Hosts also doppelt relevant

Huj, fuffzehn jahre alt. Der kleine verkacker im kernel ist ja fast volljährig geworden, bis ihn mal jemand bemerkt hat… und etwas im kontäjhner laufenzulassen, ist auch kein schutz.

Spielt eure sicherheitsaktualisierungen ein!

#Epic #Fail #Link #Linux #Linuxnews #Security ##

StevenSaus@faithcollapsing.com at 2026-07-10T01:31:05.000Z ##

15-Year-Old Linux Kernel GhostLock Flaw Lets Local Users Gain Root

CVE-2026-43499, dubbed GhostLock by Nebula Security, exposes a long-standing Linux kernel futex bug that can lead to local root access.

#kernel #linux-&-open-source-news #software #vulnerability
linuxiac.com/15-year-old-linux

##

CVE-2026-11405
(9.8 CRITICAL)

EPSS: 0.67%

updated 2026-07-08T15:32:52

4 posts

The web server binary /bin/httpd contains a hidden backdoor authentication mechanism in the login() function at 004c88b8. - The function contains a normal authentication path using MD5/hash-based password verification (prod_encode64/PasswordToMd5/check_rand_key). - After normal authentication fails, it calls GetValue("sys.rzadmin.password") to read a backdoor password from the device configuratio

1 repos

https://github.com/HORKimhab/CVE-2026-11405

cyberveille@mastobot.ping.moi at 2026-07-11T17:00:21.000Z ##

📢 Backdoor d'authentification cachée dans plusieurs firmwares Tenda (CVE-2026-11405)
📝 ## 🔍 Contexte

Le CERT/CC (Carnegie Mellon University) a publié le 6 juillet 2026 la note de vulnérabilité **VU#213560** concernant la découverte d'une **backdoor d'authent...
📖 cyberveille : cyberveille.ch/posts/2026-07-1
🌐 source : kb.cert.org/vuls/id/213560
#CVE_2026_11405 #IOC #Cyberveille

##

cyberveille@mastobot.ping.moi at 2026-07-11T17:00:21.000Z ##

📢 Backdoor d'authentification cachée dans plusieurs firmwares Tenda (CVE-2026-11405)
📝 ## 🔍 Contexte

Le CERT/CC (Carnegie Mellon University) a publié le 6 juillet 2026 la note de vulnérabilité **VU#213560** concernant la découverte d'une **backdoor d'authent...
📖 cyberveille : cyberveille.ch/posts/2026-07-1
🌐 source : kb.cert.org/vuls/id/213560
#CVE_2026_11405 #IOC #Cyberveille

##

beyondmachines1@infosec.exchange at 2026-07-10T12:01:43.000Z ##

Tenda Routers Contain Undocumented Authentication Backdoor

Tenda routers contain a hardcoded authentication backdoor (CVE-2026-11405) that allows attackers to gain full administrative control by bypassing standard login credentials. The vulnerability is not patched, and the vendor has not yet responded to the disclosure.

**If you use Tenda routers check your firmware version. If it's one of FH1201, W15E, AC10, AC5, AC6, immediately disable remote web management interface or at least isolate it from the internet. Only manage the device from your trusted local network. Since this backdoor is built into the firmware and Tenda has not released a fix, if there is no patch plan to replace these routers soon. As an extra step, change LAN IP address from the default to make them harder for attackers to find.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

beyondmachines1@infosec.exchange at 2026-07-10T10:01:43.000Z ##

CERT/CC Warns of Unpatched Admin Backdoor in Tenda Router Firmware

CERT/CC warned that several Tenda firmware versions contain an undocumented authentication backdoor that can give attackers administrative access to affected devices. The flaw, tracked as CVE-2026-11405, remains unpatched and could allow attackers to modify device settings, disable security features, or take full control of the device.

**Check your network for affected Tenda devices and reduce exposure immediately. No patch is available, so disable remote web management, block untrusted access to the router’s web interface, and change the default LAN IP address to reduce discovery by automated scanners.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

CVE-2026-56290
(9.8 CRITICAL)

EPSS: 2.91%

updated 2026-07-08T13:37:08.977000

4 posts

The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.

3 repos

https://github.com/Jenderal92/CVE-2026-56290

https://github.com/sagsooz/PageBuilderCK-CVE-2026-56290-Exploit

https://github.com/shinthink/pbck-exploit

thecybermind at 2026-07-11T12:14:27.847Z ##

Critical Alert: Joomlack Page Builder CVE-2026-56290 allows unauthenticated attackers to upload PHP web shells and achieve full RCE. Protect your Joomla site now with our forensic deep-dive, detection queries, and hardening protocols. Don’t wait—patch today. thecybermind.co/6r3l

##

thecybermind@infosec.exchange at 2026-07-11T12:14:27.000Z ##

Critical Alert: Joomlack Page Builder CVE-2026-56290 allows unauthenticated attackers to upload PHP web shells and achieve full RCE. Protect your Joomla site now with our forensic deep-dive, detection queries, and hardening protocols. Don’t wait—patch today. thecybermind.co/6r3l

#CyberSecurity #Joomlack #InfoSec

##

thecybermind@infosec.exchange at 2026-07-10T20:33:50.000Z ##

Critical Alert: Joomlack Page Builder CVE-2026-56290 allows for unauthorized access control bypasses. Secure your perimeter now with our latest forensic deep-dive, featuring detection queries and hardening protocols. Don’t wait for the breach—patch today

thecybermind.co/w06o

##

thecybermind@infosec.exchange at 2026-07-10T17:29:31.000Z ##

Critical alert for Adobe ColdFusion users: CVE-2026-56290 allows for potential RCE. Our latest forensic deep-dive breaks down the technical impact and provides the hardening steps you need to secure your production environment. Don't wait for the breach—patch today.

thecybermind.co/2026/07/10/cve

##

CVE-2026-53359
(0 None)

EPSS: 0.18%

updated 2026-07-08T05:16:27.990000

1 posts

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix shadow paging use-after-free due to unexpected role Commit 0cb2af2ea66ad ("KVM: x86: Fix shadow paging use-after-free due to unexpected GFN") fixed a shadow paging mismatch between stored and computed GFNs; the bug could be triggered by changing a PDE mapping from outside the guest, and then deleting a memslot. Th

5 repos

https://github.com/Aoripus-LTD/Januscape-Hotfix

https://github.com/0xBlackash/CVE-2026-53359

https://github.com/chuzhongyun/CVE-2026-53359-Kernel-Fix

https://github.com/xj2268-TA/KVM-Januscape

https://github.com/HORKimhab/CVE-2026-53359

cedric@fosstodon.org at 2026-07-10T17:53:33.000Z ##

🆕 Vulnerability-Lookup now imports Microsoft CSAF VEX documents from MSRC — joining the Red Hat VEX feed as a vendor VEX enrichment source.

Per-CVE VEX statements (product status, severity) are attached directly to CVE records, visible on the vulnerability page and via the API with the full CSAF documents.

Example with both Red Hat and Microsoft VEX:
vulnerability.circl.lu/vuln/CV

#VEX #CSAF #VulnerabilityManagement #CVE #OpenSource

##

CVE-2026-59706
(9.3 CRITICAL)

EPSS: 0.26%

updated 2026-07-08T00:38:03

1 posts

mem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and allow server-side request forgery via attacker-controlled ollama_base_url parameter. Unauthenticated attackers can retrieve stored secrets like OpenAI API keys via GET /api/v1/config/ or trigger SSRF attacks by setting ollama_base_url to internal addresses like cloud IMDS via PUT /api/v1/config/mem0/llm en

cR0w@infosec.exchange at 2026-07-09T13:31:54.000Z ##

I keep hearing how AI and LLMs are the future but they sure keep feeling like shitty applications from 20 years ago.

nvd.nist.gov/vuln/detail/CVE-2

mem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and allow server-side request forgery via attacker-controlled ollama_base_url parameter. Unauthenticated attackers can retrieve stored secrets like OpenAI API keys via GET /api/v1/config/ or trigger SSRF attacks by setting ollama_base_url to internal addresses like cloud IMDS via PUT /api/v1/config/mem0/llm endpoint.

##

CVE-2026-55255
(8.4 HIGH)

EPSS: 0.47%

updated 2026-07-07T22:14:37

3 posts

## Summary Insecure Direct Object Reference (IDOR) vulnerability in `/api/v1/responses` endpoint allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in the request. ## Details The vulnerability exists in the `get_flow_by_id_or_endpoint_name` helper function in [`src/backend/base/langflow/helpers/flow.py` (lines 399-414)](https://gith

1 repos

https://github.com/rootdirective-sec/CVE-2026-55255-Lab

thecybermind at 2026-07-11T07:37:42.169Z ##

Executive Alert: Langflow CVE-2026-55255 allows unauthorized flow execution, compromising tenant isolation. Our latest CSUITE Brief details the strategic remediation and hardening protocols required to secure your enterprise environment. Protect your perimeter today. thecybermind.co/4dix

##

thecybermind@infosec.exchange at 2026-07-11T07:37:42.000Z ##

Executive Alert: Langflow CVE-2026-55255 allows unauthorized flow execution, compromising tenant isolation. Our latest CSUITE Brief details the strategic remediation and hardening protocols required to secure your enterprise environment. Protect your perimeter today. thecybermind.co/4dix

#CyberSecurity #Langflow

##

thecybermind@infosec.exchange at 2026-07-10T22:55:39.000Z ##

Alert: Langflow CVE-2026-55255 allows authenticated attackers to execute arbitrary flows by manipulating flow IDs. Secure your tenant isolation now with our latest forensic deep-dive, featuring detection queries and hardening protocols. thecybermind.co/4912

#CyberSecurity #Langflow

##

CVE-2026-48282
(10.0 CRITICAL)

EPSS: 28.58%

updated 2026-07-07T21:32:33

7 posts

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.

Nuclei template

2 repos

https://github.com/imbas007/CVE-2026-48282

https://github.com/g0thamRabb1t/CVE-2026-48282-coldfusion-rds-detection

mastokukei@social.josko.org at 2026-07-12T09:01:51.000Z ##

**PostgreSQL optimizations**: Scaling PgBouncer, partition pruning, and strict tables in SQLite.
- **Arduino and IoT libraries**: New releases for ESP32/ESP8266 (e.g., VCAN2515, WCB_Client, AutoPlex7).
- **Security vulnerabilities**: ColdFusion path traversal (CVE-2026-48282), Visual Studio supply-chain attacks, and GitHub token issues.
- **Retro computing and hardware**: NetBSD drivers (Rendition Verite V2100), MSX-DOS tools, and LisaFPGA (Apple Lisa recreation). [2/2]

##

netsecio@mastodon.social at 2026-07-11T17:45:56.000Z ##

📰 Patch Now: Critical Adobe ColdFusion RCE Flaw (CVE-2026-48282) Under Active Exploitation

🚨 CRITICAL FLAW: Adobe ColdFusion vulnerability (CVE-2026-48282) with a 9.8 CVSS score is being actively exploited. Unauthenticated RCE allows full server takeover. Patch immediately! #Adobe #ColdFusion #CyberSecurity #RCE

🌐 cyber[.]netsecops[.]io

🔗 cyber.netsecops.io/articles/cr

##

thecybermind at 2026-07-11T13:56:20.461Z ##

Executive Alert: Adobe ColdFusion CVE-2026-48282 allows path traversal attacks, creating significant security gaps. Our latest CSUITE Brief details the governance and hardening required to protect your enterprise. thecybermind.co/t3pk

##

thecybermind@infosec.exchange at 2026-07-11T13:56:20.000Z ##

Executive Alert: Adobe ColdFusion CVE-2026-48282 allows path traversal attacks, creating significant security gaps. Our latest CSUITE Brief details the governance and hardening required to protect your enterprise. thecybermind.co/t3pk

#CyberSecurity #ColdFusion #InfoSec #BoardGovernance

##

thecybermind@infosec.exchange at 2026-07-10T17:29:31.000Z ##

Critical alert for Adobe ColdFusion users: CVE-2026-56290 allows for potential RCE. Our latest forensic deep-dive breaks down the technical impact and provides the hardening steps you need to secure your production environment. Don't wait for the breach—patch today.

thecybermind.co/2026/07/10/cve

##

hackmag@infosec.exchange at 2026-07-09T20:30:03.000Z ##

⚪️ Critical Adobe ColdFusion bug already exploited in attacks

🗨️ Attackers began exploiting a fresh vulnerability in Adobe ColdFusion (CVE-2026-48282) about two hours after information about it was published. The developers fixed the issue last week and strongly recommended that administrators install the updates as soon as possible. The CVE-2026-48282…

🔗 hackmag.com/news/adobe-coldfus

#news

##

thecybermind@infosec.exchange at 2026-07-09T09:49:38.000Z ##

⚠️ Actively Exploited: CVE-2026-48282 (CVSS 10.0) in Adobe ColdFusion. CISA KEV deadline is July 10. We just dropped the paywall on our TS-MAN runbook. Get the exact Splunk, Sentinel, and CrowdStrike queries to hunt this unauthenticated RCE right now. 👇
thecybermind.co/1m24

##

CVE-2026-40138
(8.1 HIGH)

EPSS: 0.42%

updated 2026-07-07T16:16:38.780000

1 posts

A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. Improper validation of authentication data may allow a network-positioned attacker to bypass access controls and gain unauthorized access to the appliance, including accounts with elevated privileges. Exploitation requires a specific authentication configur

halildeniz@mastodon.social at 2026-07-12T15:53:44.000Z ##

Deep dive into CVE-2026-40138! Discover how this critical pre-authentication bypass vulnerability impacts BeyondTrust RS & PRA solutions, how the exploit works under the hood, and immediate remediation steps to secure your enterprise.

👉 denizhalil.com/2026/07/10/cve-

#CVE202640138 #BeyondTrust #CyberSecurity

##

CVE-2026-24014
(9.8 CRITICAL)

EPSS: 0.51%

updated 2026-07-06T21:31:39

1 posts

Apache IoTDB DataNode’s internal RPC interface for creating Trigger instances uses the uploaded Trigger JAR name to build a file path without sufficient validation. If the internal DataNode RPC port is exposed to an untrusted network, an attacker may use path traversal sequences in the JAR name to write files outside the intended Trigger installation directory. This could allow arbitrary file writ

DailyCyberSecurity@infosec.exchange at 2026-07-11T01:37:57.000Z ##

Three Apache IoTDB vulnerabilities include a critical path traversal (CVE-2026-24014) and an authentication bypass. Upgrade to 2.0.8 now.

#ApacheIoTDB #PathTraversal #AuthBypass #CVE #IoTSecurity #InfoSec

securityonline.info/apache-iot

##

CVE-2026-54771
(8.1 HIGH)

EPSS: 0.39%

updated 2026-07-06T20:42:19

1 posts

## Summary A Langroid application exposing a chat interface to untrusted users may allow direct tool invocation via raw JSON payloads, even when tools are registered with `use=False, handle=True`. ## Details `enable_message(..., use=False, handle=True)` only prevents the LLM from being instructed to generate the tool. The tool dispatch path in `agent_response()` → `handle_message()` → `get_tool

thehackerwire@mastodon.social at 2026-07-10T01:00:20.000Z ##

🟠 CVE-2026-54771 - High (8.1)

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.3, a Langroid application exposing a chat interface to untrusted users may allow direct tool invocation via raw JSON payloads, even when tools ar...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-54769
(10.0 CRITICAL)

EPSS: 0.91%

updated 2026-07-06T20:42:02

1 posts

### Advisory Details **Title**: Sandbox Escape to Remote Code Execution via Incomplete `eval()` Mitigation in TableChatAgent **Description**: ### Summary Langroid is vulnerable to a critical Sandbox Escape leading to Remote Code Execution (RCE) in its `TableChatAgent` and `VectorStore` capabilities. When these agents evaluate LLM-generated tool messages with `full_eval=True`, they attempt to sand

thehackerwire@mastodon.social at 2026-07-10T01:00:09.000Z ##

🔴 CVE-2026-54769 - Critical (10)

Langroid is a framework for building large-language-model-powered applications. Versions prior to 0.65.2 are vulnerable to a critical Sandbox Escape leading to Remote Code Execution (RCE) in its `TableChatAgent` and `VectorStore` capabilities. Whe...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-13753
(7.5 HIGH)

EPSS: 0.27%

updated 2026-07-06T20:16:29.737000

1 posts

A missing authorization vulnerability exists in the embedded webserver of HP Deskjet 2800 Series Printers running firmware version <=TBP1CN2612AR. An unauthenticated attacker with network access can send GET requests to multiple exposed administrative API endpoints and retrieve sensitive configuration data such as plaintext Wi‑Fi Direct credentials, unique device identity information, and other ad

DailyCyberSecurity@infosec.exchange at 2026-07-10T08:55:33.000Z ##

CVE-2026-13753 exposes a missing authorization vulnerability in HP Deskjet 2800 printers. Unauthenticated attackers can extract sensitive Wi-Fi credentials.

#CVE202613753 #HPDeskjet #CyberSecurity #Vulnerability #PrinterSecurity

securityonline.info/cve-2026-1

##

CVE-2026-13768
(10.0 CRITICAL)

EPSS: 0.56%

updated 2026-07-06T19:42:32.890000

1 posts

Gardyn devices expose a privileged iothubowner key. Access to this key will allow a malicious user to invoke an IoTHub Registry Manager function which returns connection information for all Gardyn Home Kit and Studio devices. Access to this key also allows a malicious user to execute arbitrary commands on a specific connected device and may allow the malicious user to pivot to other devices on the

2 repos

https://github.com/J4ck3LSyN-Gen2/CVE-2026-13768

https://github.com/MichaelAdamGroberman/CVE-2026-13768

CVE-2026-23537
(9.1 CRITICAL)

EPSS: 0.57%

updated 2026-07-02T12:32:04

1 posts

A vulnerability has been identified in the Feast Feature Server’s `/save-document` endpoint that allows an unauthenticated remote attacker to write arbitrary JSON files to the server's filesystem. Although the system attempts to restrict file locations, these protections can be bypassed, enabling an attacker to overwrite vital application configurations or startup scripts. Because this flaw requir

DailyCyberSecurity@infosec.exchange at 2026-07-09T13:34:38.000Z ##

A critical Feast Feature Server flaw (CVE-2026-23537) lets unauthenticated attackers perform arbitrary file write and risk remote code execution. Act now.

#Feast #FeatureStore #MachineLearning #ArbitraryFileWrite #RCE #CVE202623537 #CyberSecurity

securityonline.info/feast-feat

##

CVE-2026-41851
(5.3 MEDIUM)

EPSS: 0.36%

updated 2026-06-27T21:16:30.420000

1 posts

Applications which accept user-supplied Spring Expression Language (SpEL) expressions may be vulnerable to a Denial of Service (DoS) attack if the evaluation of a SpEL expression triggers unbounded cache growth. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.

nurkiewicz@fosstodon.org at 2026-07-10T14:39:10.000Z ##

A decade of #Spring SpEL CVEs: CVE-2026-41852, CVE-2026-41851, CVE-2026-41850, CVE-2026-41849, CVE-2026-41729, CVE-2026-41719, CVE-2026-41717, CVE-2025-41253, CVE-2024-38808, CVE-2023-20861, CVE-2022-22980, CVE-2022-22963, CVE-2022-22950, CVE-2022-22947, CVE-2018-1273, CVE-2018-1260, CVE-2017-8046, CVE-2016-4977. RCE, DoS, you name it

##

CVE-2017-8046
(9.8 CRITICAL)

EPSS: 74.36%

updated 2026-06-26T18:44:14.703000

1 posts

Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code.

Nuclei template

10 repos

https://github.com/m3ssap0/SpringBreakVulnerableApp

https://github.com/guanjivip/CVE-2017-8046

https://github.com/sj/spring-data-rest-CVE-2017-8046

https://github.com/jsotiro/VulnerableSpringDataRest

https://github.com/jkutner/spring-break-cve-2017-8046

https://github.com/bkhablenko/CVE-2017-8046

https://github.com/m3ssap0/spring-break_cve-2017-8046

https://github.com/Soontao/CVE-2017-8046-DEMO

https://github.com/FixYourFace/SpringBreakPoC

https://github.com/cved-sources/cve-2017-8046

nurkiewicz@fosstodon.org at 2026-07-10T14:39:10.000Z ##

A decade of #Spring SpEL CVEs: CVE-2026-41852, CVE-2026-41851, CVE-2026-41850, CVE-2026-41849, CVE-2026-41729, CVE-2026-41719, CVE-2026-41717, CVE-2025-41253, CVE-2024-38808, CVE-2023-20861, CVE-2022-22980, CVE-2022-22963, CVE-2022-22950, CVE-2022-22947, CVE-2018-1273, CVE-2018-1260, CVE-2017-8046, CVE-2016-4977. RCE, DoS, you name it

##

CVE-2026-57589
(7.4 HIGH)

EPSS: 0.12%

updated 2026-06-25T03:31:50

1 posts

sys/kern/sysv_sem.c in OpenBSD through 7.9 has a use-after-free allowing local privilege escalation to root. This is a context switch use-after-free after tsleep in sys_semget().

benoit@benoit.jp.net at 2026-07-09T10:48:05.000Z ##

OpenBSD has a use-after-free allowing local privilege escalation to root

nvd.nist.gov/vuln/detail/cve-2

##

CVE-2026-44795
(8.5 HIGH)

EPSS: 1.00%

updated 2026-06-22T20:43:39

2 posts

### Impact There's an unsafe YAML processing vulnerability that bypasses safe deserialization. This impacts users when when performing: * CloudFormation deployments * CloudFoundry Baking The usage of a non-safe constructor use allows arbitrary loading of Java classes leading to RCE. ### Patches 2025.3.3, 2026.0.3 and 2025.4.4. ### Workarounds Disable the CloudFormation system and cloudfoundry

thehackerwire@mastodon.social at 2026-07-11T13:00:14.000Z ##

🟠 CVE-2026-44795 - High (8.8)

Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to 2026.1.0, 2026.0.3, 2025.4.4, and 2025.3.3, unsafe YAML processing bypasses safe deserialization when using CloudFormation deployments or CloudFoundry baking. The use ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T13:00:14.000Z ##

🟠 CVE-2026-44795 - High (8.8)

Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to 2026.1.0, 2026.0.3, 2025.4.4, and 2025.3.3, unsafe YAML processing bypasses safe deserialization when using CloudFormation deployments or CloudFoundry baking. The use ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-54003(CVSS UNKNOWN)

EPSS: 0.55%

updated 2026-06-18T15:04:58

1 posts

### TL;DR This vulnerability affects Kirby sites that have no configured user accounts and are running on publicly accessible servers behind a reverse proxy that sets the `Forwarded: for=...`, `X-Client-IP`, or `X-Real-IP` request header. It was possible to install the Panel (= create the first admin user) in these setups even from remote IP addresses. **This vulnerability is of critical severi

offseq@infosec.exchange at 2026-07-10T03:00:25.000Z ##

CVE-2026-54003 (CRITICAL, CVSS 9.1): getkirby Kirby CMS sites w/o users & behind certain reverse proxies risk remote admin creation via trusted IP headers. Upgrade to 4.9.4/5.4.4+ ASAP. More: radar.offseq.com/threat/cve-20 #OffSeq #Vulnerability #KirbyCMS #InfoSec

##

CVE-2026-55229
(7.5 HIGH)

EPSS: 0.36%

updated 2026-06-18T13:04:55

2 posts

**Summary** Server-Side Request Forgery (SSRF) vulnerability affecting the `/forms/libreoffice/convert` endpoint in Gotenberg v8.33.0 running with the default configuration. By uploading a specially crafted DOCX document, an attacker can cause LibreOffice to automatically retrieve external resources during document conversion. As a result, outbound requests are made from the server hosting Gote

thehackerwire@mastodon.social at 2026-07-11T13:00:25.000Z ##

🟠 CVE-2026-55229 - High (7.5)

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.34.0, Gotenberg's /forms/libreoffice/convert endpoint allows a specially crafted document to cause LibreOffice to automatically retrieve external HTTP(S) resources and local fil...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T13:00:25.000Z ##

🟠 CVE-2026-55229 - High (7.5)

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.34.0, Gotenberg's /forms/libreoffice/convert endpoint allows a specially crafted document to cause LibreOffice to automatically retrieve external HTTP(S) resources and local fil...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-55405
(7.6 HIGH)

EPSS: 0.35%

updated 2026-06-17T18:39:57

2 posts

### Summary The MariaDB and pgvector embedding stores build metadata-filter SQL by string-concatenating filter **keys** (and, in MariaDB, string **values**) directly into the query without adequate escaping. A crafted metadata key in `EmbeddingSearchRequest.filter()` can break out of its SQL context and inject arbitrary SQL into the statements executed by the stores' search and `removeAll(Filter)`

thehackerwire@mastodon.social at 2026-07-11T13:59:54.000Z ##

🟠 CVE-2026-55405 - High (7.6)

LangChain4j is a Java library for building LLM-powered applications on the JVM. Prior to 1.2.1-beta8, 1.5.1-beta11, 1.11.8-beta19, and 1.16.3-beta26, the MariaDB and pgvector embedding stores build metadata-filter SQL by string-concatenating filt...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T13:59:54.000Z ##

🟠 CVE-2026-55405 - High (7.6)

LangChain4j is a Java library for building LLM-powered applications on the JVM. Prior to 1.2.1-beta8, 1.5.1-beta11, 1.11.8-beta19, and 1.16.3-beta26, the MariaDB and pgvector embedding stores build metadata-filter SQL by string-concatenating filt...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5027
(8.8 HIGH)

EPSS: 31.41%

updated 2026-06-17T10:58:17.977000

2 posts

The 'POST /api/v2/files' endpoint does not sanitize the 'filename' parameter from the multipart form data, allowing an attacker to write files to arbitrary locations on the filesystem using path traversal sequences ('../').

Nuclei template

6 repos

https://github.com/HORKimhab/-CVE-2026-5027

https://github.com/EQSTLab/CVE-2026-5027

https://github.com/yahiahamza/CVE-2026-5027

https://github.com/0xBlackash/CVE-2026-5027

https://github.com/Layer-6/CVE-2026-5027-Langflow

https://github.com/min8282/CVE-2026-5027

CVE-2026-48611
(9.8 CRITICAL)

EPSS: 2.86%

updated 2026-06-17T10:55:09.423000

1 posts

Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or enabled leading to unauthorized access in default installations.

Nuclei template

3 repos

https://github.com/citruscitruscitruscitruscitrusci/CVE-2026-48611-poc

https://github.com/Diznev/CVE-2026-48611-EXPLOIT

https://github.com/wanmywan/CVE-2026-48611-phpBB

pentesttools@infosec.exchange at 2026-07-09T14:32:07.000Z ##

Here we go. Product updates - the June edition.

This month your coverage got a LOT wider.

80 new detections landed in the Network Scanner, including pre-auth RCE in Oracle PeopleSoft and an auth bypass in Palo Alto PAN-OS. If any are in your scope, you know where to look.

The rest of June:

🌐 Our research team found two authentication flaws in phpBB, one buried in the code for over a decade. There's a working PoC for each, and the Network Scanner now detects the most critical one - CVE-2026-48611 (9.4).

🤖 AI where it earns its place in the Website Scanner and URL Fuzzer: smarter logins, deeper crawling, fewer fake 200 pages.

🎯 the XSS Exploiter now gives you two delivery options: script tag or fetch plus eval.

🔌 API: a new info_text key on /scans tells you why a scan didn't start.

☁️ We're now on the Microsoft Azure Marketplace, so you can add us to your existing Azure billing.

Our colleague Stefan Perju walks you through all of it in the video.

Until next time: stay sharp. Stay human.

Everything that shipped can be found in the change-log: pentest-tools.com/change-log

The phpBB PoCs and full write-up: pentest-tools.com/research/php

#offensivesecurity #vulnerabilitymanagement #infosec #penetrationtesting

##

CVE-2026-47291
(9.8 CRITICAL)

EPSS: 21.51%

updated 2026-06-17T10:54:28.290000

7 posts

Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.

2 repos

https://github.com/dhmosfunk/CVE-2026-49160-CVE-2026-47291-HTTP.sys

https://github.com/ManagerEmpty/CVE-2026-47291-httpsys

_r_netsec at 2026-07-12T14:43:05.107Z ##

CVE-2026-47291: Windows Critical Unauthenticated Remote Code Execution in HTTP.sys byteray-ai.github.io/drift-cor

##

_r_netsec@infosec.exchange at 2026-07-12T14:43:05.000Z ##

CVE-2026-47291: Windows Critical Unauthenticated Remote Code Execution in HTTP.sys byteray-ai.github.io/drift-cor

##

thezdi@infosec.exchange at 2026-07-10T14:05:00.000Z ##

Our research team is back looking at CVE-2026-47291 - a CVSS 9.8 RCE bug in #Windows HTTP.sys. They show root cause and look at why detection may be just as hard as exploitation. zerodayinitiative.com/blog/202

##

thezdi@infosec.exchange at 2026-07-10T00:44:21.000Z ##

Our research team is back looking at CVE-2026-47291 - a CVSS 9.8 RCE bug in #Windows HTTP.sys. They show root cause and look at why detection may be just as hard as exploitation. zerodayinitiative.com/blog/202

##

thezdi@infosec.exchange at 2026-07-10T00:44:08.000Z ##

Our research team is back looking at CVE-2026-47291 - a CVSS 9.8 RCE bug in #Windows HTTP.sys. They show root cause and look at why detection may be just as hard as exploitation. zerodayinitiative.com/blog/202

##

thezdi@infosec.exchange at 2026-07-10T00:44:02.000Z ##

Our research team is back looking at CVE-2026-47291 - a CVSS 9.8 RCE bug in #Windows HTTP.sys. They show root cause and look at why detection may be just as hard as exploitation. zerodayinitiative.com/blog/202

##

thezdi@infosec.exchange at 2026-07-10T00:43:54.000Z ##

Our research team is back looking at CVE-2026-47291 - a CVSS 9.8 RCE bug in #Windows HTTP.sys. They show root cause and look at why detection may be just as hard as exploitation. zerodayinitiative.com/blog/202

##

CVE-2025-41253
(7.5 HIGH)

EPSS: 0.45%

updated 2026-06-17T09:22:40.703000

1 posts

The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An application should be considered vulnerable when all the following are true: * The application is using Spring Cloud Gateway Server Webflux (Spring Cloud Gateway Server WebMVC is not vulnerable). * An admin or untrusted third

nurkiewicz@fosstodon.org at 2026-07-10T14:39:10.000Z ##

A decade of #Spring SpEL CVEs: CVE-2026-41852, CVE-2026-41851, CVE-2026-41850, CVE-2026-41849, CVE-2026-41729, CVE-2026-41719, CVE-2026-41717, CVE-2025-41253, CVE-2024-38808, CVE-2023-20861, CVE-2022-22980, CVE-2022-22963, CVE-2022-22950, CVE-2022-22947, CVE-2018-1273, CVE-2018-1260, CVE-2017-8046, CVE-2016-4977. RCE, DoS, you name it

##

CVE-2022-22980
(9.8 CRITICAL)

EPSS: 16.90%

updated 2026-06-17T04:29:17.273000

1 posts

A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized.

8 repos

https://github.com/W01fh4cker/Serein

https://github.com/trganda/CVE-2022-22980

https://github.com/Eliasdekiniweek/CVE-2022-22980

https://github.com/Vulnmachines/Spring_cve-2022-22980

https://github.com/kuron3k0/Spring-Data-Mongodb-Example

https://github.com/murataydemir/CVE-2022-22980

https://github.com/li8u99/Spring-Data-Mongodb-Demo

https://github.com/jweny/cve-2022-22980

nurkiewicz@fosstodon.org at 2026-07-10T14:39:10.000Z ##

A decade of #Spring SpEL CVEs: CVE-2026-41852, CVE-2026-41851, CVE-2026-41850, CVE-2026-41849, CVE-2026-41729, CVE-2026-41719, CVE-2026-41717, CVE-2025-41253, CVE-2024-38808, CVE-2023-20861, CVE-2022-22980, CVE-2022-22963, CVE-2022-22950, CVE-2022-22947, CVE-2018-1273, CVE-2018-1260, CVE-2017-8046, CVE-2016-4977. RCE, DoS, you name it

##

CVE-2016-4977
(8.8 HIGH)

EPSS: 79.18%

updated 2026-06-17T00:48:32.683000

1 posts

When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for response_type.

2 repos

https://github.com/tpt11fb/SpringVulScan

https://github.com/N0b1e6/CVE-2016-4977-POC

nurkiewicz@fosstodon.org at 2026-07-10T14:39:10.000Z ##

A decade of #Spring SpEL CVEs: CVE-2026-41852, CVE-2026-41851, CVE-2026-41850, CVE-2026-41849, CVE-2026-41729, CVE-2026-41719, CVE-2026-41717, CVE-2025-41253, CVE-2024-38808, CVE-2023-20861, CVE-2022-22980, CVE-2022-22963, CVE-2022-22950, CVE-2022-22947, CVE-2018-1273, CVE-2018-1260, CVE-2017-8046, CVE-2016-4977. RCE, DoS, you name it

##

CVE-2026-50656
(7.8 HIGH)

EPSS: 3.39%

updated 2026-06-16T21:31:57

3 posts

Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender publicly referred to as &quot;RoguePlanet &quot;. We are working to provide a high quality security update that addresses this vulnerability. We will provide information in this CVE when the update is available.

2 repos

https://github.com/0xBlackash/CVE-2026-50656

https://github.com/g0thamRabb1t/CVE-2026-50656-rogueplanet-validation

jbhall56@infosec.exchange at 2026-07-09T12:24:14.000Z ##

The vulnerability, tracked as CVE-2026-50656 (CVSS score: 7.8), is a privilege escalation issue in the Microsoft Malware Protection Engine ("mpengine.dll"), which provides scanning, detection, and cleaning capabilities for its antivirus and antispyware software. thehackernews.com/2026/07/micr

##

DailyCyberSecurity@infosec.exchange at 2026-07-09T09:33:44.000Z ##

Microsoft patched the RoguePlanet Microsoft Defender zero-day, CVE-2026-50656, a race condition that grants SYSTEM privileges. A public PoC exists.

#MicrosoftDefender #RoguePlanet #ZeroDay #CVE #PrivilegeEscalation #Windows #InfoSec #PatchNow

securityonline.info/rogueplane

##

cyberveille@mastobot.ping.moi at 2026-07-09T09:30:12.000Z ##

📢 Microsoft corrige la zero-day RoguePlanet (CVE-2026-50656) dans Microsoft Defender
📝 ## 🗓️ Contexte

Source : BleepingComputer, publié le 9 juillet 2026.
📖 cyberveille : cyberveille.ch/posts/2026-07-0
🌐 source : bleepingcomputer.com/news/micr
#CVE_2026_50656 #IOC #Cyberveille

##

CVE-2026-41717
(8.1 HIGH)

EPSS: 0.33%

updated 2026-06-10T00:31:59

1 posts

Spring Data MongoDB contains a SpEL (Spring Expression Language) expression injection vulnerability. The issue occurs during parameter binding when a user-defined repository query method is annotated with @Query and utilizes a capture-all placeholder. Affected versions: Spring Data MongoDB 5.0.0 through 5.0.5; 4.5.0 through 4.5.11; 4.4.0 through 4.4.14; 4.3.0 through 4.3.16; 4.2.0 through 4.2.15;

nurkiewicz@fosstodon.org at 2026-07-10T14:39:10.000Z ##

A decade of #Spring SpEL CVEs: CVE-2026-41852, CVE-2026-41851, CVE-2026-41850, CVE-2026-41849, CVE-2026-41729, CVE-2026-41719, CVE-2026-41717, CVE-2025-41253, CVE-2024-38808, CVE-2023-20861, CVE-2022-22980, CVE-2022-22963, CVE-2022-22950, CVE-2022-22947, CVE-2018-1273, CVE-2018-1260, CVE-2017-8046, CVE-2016-4977. RCE, DoS, you name it

##

CVE-2026-41729
(8.1 HIGH)

EPSS: 0.39%

updated 2026-06-10T00:31:59

1 posts

Spring Data REST is vulnerable to SpEL expression injection through map-typed properties when processing JSON Patch (application/json-patch+json) requests. When a persistent entity exposes a Map-typed property, the JSON Pointer path segment used as the map key is embedded directly into a SpEL expression without sanitization or validation. Affected versions: Spring Data REST 3.7.0 through 3.7.19;

1 repos

https://github.com/daehyuh/CVE-2026-41729

nurkiewicz@fosstodon.org at 2026-07-10T14:39:10.000Z ##

A decade of #Spring SpEL CVEs: CVE-2026-41852, CVE-2026-41851, CVE-2026-41850, CVE-2026-41849, CVE-2026-41729, CVE-2026-41719, CVE-2026-41717, CVE-2025-41253, CVE-2024-38808, CVE-2023-20861, CVE-2022-22980, CVE-2022-22963, CVE-2022-22950, CVE-2022-22947, CVE-2018-1273, CVE-2018-1260, CVE-2017-8046, CVE-2016-4977. RCE, DoS, you name it

##

CVE-2026-41719
(6.4 MEDIUM)

EPSS: 0.20%

updated 2026-06-10T00:31:59

1 posts

A SpEL Injection vulnerability exists in the Spring Data KeyValue if unsanitized user input is passed as Sort into a repository query method that delegates evaluation to the SpelPropertyComparator. Affected versions: Spring Data KeyValue / Spring Data Redis 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14; 3.3.0 through 3.3.16; 3.2.0 through 3.2.15; 3.1.0 through 3.1.14; 3.0.0 thro

nurkiewicz@fosstodon.org at 2026-07-10T14:39:10.000Z ##

A decade of #Spring SpEL CVEs: CVE-2026-41852, CVE-2026-41851, CVE-2026-41850, CVE-2026-41849, CVE-2026-41729, CVE-2026-41719, CVE-2026-41717, CVE-2025-41253, CVE-2024-38808, CVE-2023-20861, CVE-2022-22980, CVE-2022-22963, CVE-2022-22950, CVE-2022-22947, CVE-2018-1273, CVE-2018-1260, CVE-2017-8046, CVE-2016-4977. RCE, DoS, you name it

##

CVE-2026-40639
(5.7 MEDIUM)

EPSS: 0.12%

updated 2026-06-09T21:32:37

1 posts

Dell Client Platform BIOS contains a Weak Encoding for Password vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Elevation of Privileges.

netsecio@mastodon.social at 2026-07-12T14:01:18.000Z ##

📰 Critical Dell BIOS Flaw Allows Plaintext Password Recovery in Milliseconds

🔒 Critical Dell BIOS flaw (CVE-2026-40639) allows instant recovery of admin passwords from SPI flash due to weak XOR encryption. Affects numerous Latitude, XPS & Wyse models. Physical access is all that's needed. Patch now! #Dell #BIOS #Vulnerabilit...

🌐 cyber[.]netsecops[.]io

🔗 cyber.netsecops.io/articles/de

##

CVE-2026-41852
(3.7 LOW)

EPSS: 0.16%

updated 2026-06-09T06:32:07

1 posts

A vulnerability in Spring Expression Language (SpEL) evaluation logic allows for arbitrary zero-argument method invocation, even within restricted or read-only contexts, which may allow an attacker to invoke unintended application logic. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.

nurkiewicz@fosstodon.org at 2026-07-10T14:39:10.000Z ##

A decade of #Spring SpEL CVEs: CVE-2026-41852, CVE-2026-41851, CVE-2026-41850, CVE-2026-41849, CVE-2026-41729, CVE-2026-41719, CVE-2026-41717, CVE-2025-41253, CVE-2024-38808, CVE-2023-20861, CVE-2022-22980, CVE-2022-22963, CVE-2022-22950, CVE-2022-22947, CVE-2018-1273, CVE-2018-1260, CVE-2017-8046, CVE-2016-4977. RCE, DoS, you name it

##

CVE-2026-41850
(7.5 HIGH)

EPSS: 0.36%

updated 2026-06-09T06:32:06

1 posts

Applications that evaluate user-supplied Spring Expression Language (SpEL) expressions are vulnerable to an Algorithmic Denial of Service (DoS). By providing a specially crafted expression, an attacker can trigger excessive resource consumption during evaluation, leading to application degradation or unavailability. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.

nurkiewicz@fosstodon.org at 2026-07-10T14:39:10.000Z ##

A decade of #Spring SpEL CVEs: CVE-2026-41852, CVE-2026-41851, CVE-2026-41850, CVE-2026-41849, CVE-2026-41729, CVE-2026-41719, CVE-2026-41717, CVE-2025-41253, CVE-2024-38808, CVE-2023-20861, CVE-2022-22980, CVE-2022-22963, CVE-2022-22950, CVE-2022-22947, CVE-2018-1273, CVE-2018-1260, CVE-2017-8046, CVE-2016-4977. RCE, DoS, you name it

##

CVE-2026-41849
(7.5 HIGH)

EPSS: 0.26%

updated 2026-06-09T06:32:06

1 posts

An integer overflow vulnerability exists in the evaluation logic of the Spring Expression Language (SpEL). An attacker can exploit this by supplying a specially crafted SpEL expression that triggers excessive resource consumption, resulting in a Denial of Service (DoS). Affected versions: Spring Framework 5.3.0 through 5.3.48.

nurkiewicz@fosstodon.org at 2026-07-10T14:39:10.000Z ##

A decade of #Spring SpEL CVEs: CVE-2026-41852, CVE-2026-41851, CVE-2026-41850, CVE-2026-41849, CVE-2026-41729, CVE-2026-41719, CVE-2026-41717, CVE-2025-41253, CVE-2024-38808, CVE-2023-20861, CVE-2022-22980, CVE-2022-22963, CVE-2022-22950, CVE-2022-22947, CVE-2018-1273, CVE-2018-1260, CVE-2017-8046, CVE-2016-4977. RCE, DoS, you name it

##

CVE-2026-1207(CVSS UNKNOWN)

EPSS: 9.44%

updated 2026-06-05T16:24:43

2 posts

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. Raster lookups on ``RasterField`` (only implemented on PostGIS) allows remote attackers to inject SQL via the band index parameter. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Tarek Nakkouch for reporting this issu

Nuclei template

1 repos

https://github.com/sw0rd1ight/CVE-2026-1207

netsecio@mastodon.social at 2026-07-11T17:45:46.000Z ##

📰 Patch Now: High-Severity Django SQL Injection Flaw (CVE-2026-1207) Now Actively Exploited

⚠️ Active Exploitation Alert: A high-severity SQL injection flaw in Django's GeoDjango module (CVE-2026-1207) is now being attacked in the wild. Affects apps using a PostGIS backend. Patch immediately to protect your database! #Django #CyberSecurity ...

🌐 cyber[.]netsecops[.]io

🔗 cyber.netsecops.io/articles/dj

##

DailyCyberSecurity@infosec.exchange at 2026-07-10T02:57:10.000Z ##

CVE-2026-1207 is a Django SQL injection flaw (CVSS 8.3) in PostGIS raster lookups. Canada's CCCS says it is exploited in the wild. Patch now.

#Django #SQLInjection #CVE20261207 #PostGIS #InfoSec

securityonline.info/django-sql

##

CVE-2026-31694
(7.8 HIGH)

EPSS: 0.13%

updated 2026-06-01T18:32:31

1 posts

In the Linux kernel, the following vulnerability has been resolved: fuse: reject oversized dirents in page cache fuse_add_dirent_to_cache() computes a serialized dirent size from the server-controlled namelen field and copies the dirent into a single page-cache page. The existing logic only checks whether the dirent fits in the remaining space of the current page and advances to a fresh page if

1 repos

https://github.com/0xCyberstan/CVE-2026-31694-POC

DailyCyberSecurity@infosec.exchange at 2026-07-10T08:02:48.000Z ##

Public PoC and full details are out for CVE-2026-31694, a Linux kernel FUSE page cache overflow that gives local privilege escalation to root. Patch now.

#LinuxKernel #FUSE #CVE202631694 #PrivilegeEscalation #InfoSec

securityonline.info/linux-kern

##

CVE-2026-38431
(9.8 CRITICAL)

EPSS: 0.39%

updated 2026-05-06T18:31:37

1 posts

ERPNext v15.103.1 and before is vulnerable to Server-Side Template Injection (SSTI). An attacker with permission to create or edit email templates can inject template expressions that are executed on the server when the template is rendered.

beyondmachines1@infosec.exchange at 2026-07-10T13:01:43.000Z ##

ERPNext Patches Critical Server-Side Template Injection Vulnerability

ERPNext addressed a critical server-side template injection vulnerability (CVE-2026-38431) that allows authenticated attackers to execute arbitrary SQL queries and gain full access to the application database.

**If you run ERPNext, update immediately to a version later than 15.103.1. Until you've updated, remove email template editing rights from every account that doesn't absolutely need them. After patching keep those rights limited to a few highly trusted admins only.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

CVE-2025-3248(CVSS UNKNOWN)

EPSS: 99.99%

updated 2025-11-05T20:12:46

3 posts

Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.

Nuclei template

27 repos

https://github.com/get-xor/coreweave-demo-2026-05

https://github.com/min8282/CVE-2025-3248

https://github.com/r0otk3r/CVE-2025-3248

https://github.com/ill-deed/Langflow-CVE-2025-3248-Multi-target

https://github.com/0-d3y/langflow-rce-exploit

https://github.com/Kiraly07/Demo_CVE-2025-3248

https://github.com/imbas007/CVE-2025-3248

https://github.com/zapstiko/CVE-2025-3248

https://github.com/dennisec/CVE-2025-3248

https://github.com/nebari-playground/langflow-cve-2025-3248

https://github.com/Vip3rLi0n/CVE-2025-3248

https://github.com/tiemio/RCE-CVE-2025-3248

https://github.com/peiqiF4ck/WebFrameworkTools-5.5-enhance

https://github.com/dennisec/Mass-CVE-2025-3248

https://github.com/PuddinCat/CVE-2025-3248-POC

https://github.com/bambooqj/cve-2025-3248

https://github.com/b0ySie7e/CVE-2025-3248-POC

https://github.com/Praison001/CVE-2025-3248

https://github.com/vigilante-1337/CVE-2025-3248

https://github.com/0xgh057r3c0n/CVE-2025-3248

https://github.com/EQSTLab/CVE-2025-3248

https://github.com/ynsmroztas/CVE-2025-3248-Langflow-RCE

https://github.com/wand3rlust/CVE-2025-3248

https://github.com/xuemian168/CVE-2025-3248

https://github.com/drackyjr/cve-2025-3248-exploit

https://github.com/12-test-12/CVE-2025-3248

https://github.com/verylazytech/CVE-2025-3248

CVE-2022-22963
(9.8 CRITICAL)

EPSS: 99.94%

updated 2025-10-22T19:18:03

1 posts

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.

Nuclei template

38 repos

https://github.com/Shayz614/CVE-2022-22963

https://github.com/Kirill89/CVE-2022-22963-PoC

https://github.com/k3rwin/spring-cloud-function-rce

https://github.com/Qualys/spring4scanwin

https://github.com/J0ey17/CVE-2022-22963_Reverse-Shell-Exploit

https://github.com/lemmyz4n3771/CVE-2022-22963-PoC

https://github.com/charis3306/CVE-2022-22963

https://github.com/puckiestyle/CVE-2022-22963

https://github.com/viemsr/Spring_Cloud_Function_memshell

https://github.com/SealPaPaPa/SpringCloudFunction-Research

https://github.com/mebibite/springhound

https://github.com/twseptian/cve-2022-22963

https://github.com/hktalent/spring-spel-0day-poc

https://github.com/AabyssZG/SpringBoot-Scan

https://github.com/randallbanner/Spring-Cloud-Function-Vulnerability-CVE-2022-22963-RCE

https://github.com/G01d3nW01f/CVE-2022-22963

https://github.com/nikn0laty/RCE-in-Spring-Cloud-CVE-2022-22963

https://github.com/AayushmanThapaMagar/CVE-2022-22963

https://github.com/SourM1lk/CVE-2022-22963-Exploit

https://github.com/gunzf0x/CVE-2022-22963

https://github.com/WuliRuler/SBSCAN

https://github.com/darryk10/CVE-2022-22963

https://github.com/stevemats/Spring0DayCoreExploit

https://github.com/tpt11fb/SpringVulScan

https://github.com/RanDengShiFu/CVE-2022-22963

https://github.com/75ACOL/CVE-2022-22963

https://github.com/BearClaw96/CVE-2022-22963-Poc-Bearcules

https://github.com/xmqaq/CVE-2022-22963

https://github.com/jschauma/check-springshell

https://github.com/cyberager/CVE-2022-22963

https://github.com/Mustafa1986/CVE-2022-22963

https://github.com/dinosn/CVE-2022-22963

https://github.com/west-wind/Spring4Shell-Detection

https://github.com/kh4sh3i/Spring-CVE

https://github.com/iliass-dahman/CVE-2022-22963-POC

https://github.com/jrbH4CK/CVE-2022-22963

https://github.com/me2nuk/CVE-2022-22963

https://github.com/XuCcc/VulEnv

nurkiewicz@fosstodon.org at 2026-07-10T14:39:10.000Z ##

A decade of #Spring SpEL CVEs: CVE-2026-41852, CVE-2026-41851, CVE-2026-41850, CVE-2026-41849, CVE-2026-41729, CVE-2026-41719, CVE-2026-41717, CVE-2025-41253, CVE-2024-38808, CVE-2023-20861, CVE-2022-22980, CVE-2022-22963, CVE-2022-22950, CVE-2022-22947, CVE-2018-1273, CVE-2018-1260, CVE-2017-8046, CVE-2016-4977. RCE, DoS, you name it

##

CVE-2024-38808
(4.3 MEDIUM)

EPSS: 0.54%

updated 2025-06-18T17:46:29

1 posts

In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition. Older, unsupported versions are also affected. Specifically, an application is vulnerable when the following is true: * The application evaluates user-supplied SpEL

nurkiewicz@fosstodon.org at 2026-07-10T14:39:10.000Z ##

A decade of #Spring SpEL CVEs: CVE-2026-41852, CVE-2026-41851, CVE-2026-41850, CVE-2026-41849, CVE-2026-41729, CVE-2026-41719, CVE-2026-41717, CVE-2025-41253, CVE-2024-38808, CVE-2023-20861, CVE-2022-22980, CVE-2022-22963, CVE-2022-22950, CVE-2022-22947, CVE-2018-1273, CVE-2018-1260, CVE-2017-8046, CVE-2016-4977. RCE, DoS, you name it

##

CVE-2023-20861
(6.5 MEDIUM)

EPSS: 0.97%

updated 2025-02-25T18:40:06

1 posts

In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.

nurkiewicz@fosstodon.org at 2026-07-10T14:39:10.000Z ##

A decade of #Spring SpEL CVEs: CVE-2026-41852, CVE-2026-41851, CVE-2026-41850, CVE-2026-41849, CVE-2026-41729, CVE-2026-41719, CVE-2026-41717, CVE-2025-41253, CVE-2024-38808, CVE-2023-20861, CVE-2022-22980, CVE-2022-22963, CVE-2022-22950, CVE-2022-22947, CVE-2018-1273, CVE-2018-1260, CVE-2017-8046, CVE-2016-4977. RCE, DoS, you name it

##

CVE-2018-1260
(9.8 CRITICAL)

EPSS: 8.35%

updated 2024-05-14T17:55:42

1 posts

Spring Security OAuth versions prior to 2.3.3, prior to 2.2.2, prior to 2.1.2, and prior to 2.0.15 contain a remote code execution vulnerability. An attacker can craft an authorization request to the authorization endpoint that can lead to remote code execution when the resource owner is forwarded to the approval endpoint.

1 repos

https://github.com/shoucheng3/SpringSource__spring-security-oauth_CVE-2018-1260_2-3-2-RELEASE

nurkiewicz@fosstodon.org at 2026-07-10T14:39:10.000Z ##

A decade of #Spring SpEL CVEs: CVE-2026-41852, CVE-2026-41851, CVE-2026-41850, CVE-2026-41849, CVE-2026-41729, CVE-2026-41719, CVE-2026-41717, CVE-2025-41253, CVE-2024-38808, CVE-2023-20861, CVE-2022-22980, CVE-2022-22963, CVE-2022-22950, CVE-2022-22947, CVE-2018-1273, CVE-2018-1260, CVE-2017-8046, CVE-2016-4977. RCE, DoS, you name it

##

CVE-2018-1273
(9.8 CRITICAL)

EPSS: 95.65%

updated 2024-03-20T14:20:44

1 posts

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request paylo

Nuclei template

8 repos

https://github.com/cved-sources/cve-2018-1273

https://github.com/AabyssZG/SpringBoot-Scan

https://github.com/WuliRuler/SBSCAN

https://github.com/jas502n/cve-2018-1273

https://github.com/wearearima/poc-cve-2018-1273

https://github.com/knqyf263/CVE-2018-1273

https://github.com/hdgokani/CVE-2018-1273

https://github.com/webr0ck/poc-cve-2018-1273

nurkiewicz@fosstodon.org at 2026-07-10T14:39:10.000Z ##

A decade of #Spring SpEL CVEs: CVE-2026-41852, CVE-2026-41851, CVE-2026-41850, CVE-2026-41849, CVE-2026-41729, CVE-2026-41719, CVE-2026-41717, CVE-2025-41253, CVE-2024-38808, CVE-2023-20861, CVE-2022-22980, CVE-2022-22963, CVE-2022-22950, CVE-2022-22947, CVE-2018-1273, CVE-2018-1260, CVE-2017-8046, CVE-2016-4977. RCE, DoS, you name it

##

CVE-2022-22947
(10.0 CRITICAL)

EPSS: 98.25%

updated 2023-07-24T19:30:19

1 posts

In Spring Cloud Gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed, and unsecured. A remote attacker could make a maliciously crafted request resulting in arbitrary remote execution on the remote host.

Nuclei template

69 repos

https://github.com/bysinks/CVE-2022-22947

https://github.com/Vancomycin-g/CVE-2022-22947

https://github.com/scopion/CVE-2022-22947-exp

https://github.com/Wrong-pixel/CVE-2022-22947-exp

https://github.com/nanaao/CVE-2022-22947-POC

https://github.com/22ke/CVE-2022-22947

https://github.com/Enokiy/cve-2022-22947-spring-cloud-gateway

https://github.com/scopion/cve-2022-22947

https://github.com/BerMalBerIst/CVE-2022-22947

https://github.com/fbion/CVE-2022-22947

https://github.com/cc3305/CVE-2022-22947

https://github.com/Wrin9/CVE-2022-22947

https://github.com/dingxiao77/-cve-2022-22947-

https://github.com/AabyssZG/SpringBoot-Scan

https://github.com/twseptian/cve-2022-22947

https://github.com/Sumitpathania03/CVE-2022-22947

https://github.com/sentryCyberSec/sentryCyberSec.github.io

https://github.com/Jun-5heng/CVE-2022-22947

https://github.com/ciri3/spring-cloud-gateway-cve-2022-22947-report

https://github.com/kkx600/Burp_VulPscan

https://github.com/0x7eTeam/CVE-2022-22947

https://github.com/stayfoolish777/CVE-2022-22947-POC

https://github.com/24-2021/EXP-POC

https://github.com/SecNN/CVE-2022-22947_Rce_Exp

https://github.com/hh-hunter/cve-2022-22947-docker

https://github.com/aesm1p/CVE-2022-22947-POC-Reproduce

https://github.com/WuliRuler/SBSCAN

https://github.com/SanderSchepers1993/CyberSec2026

https://github.com/sagaryadav8742/springcloudRCE

https://github.com/wjl110/Spring_CVE_2022_22947

https://github.com/LY613313/CVE-2022-22947

https://github.com/mrknow001/CVE-2022-22947

https://github.com/darkb1rd/cve-2022-22947

https://github.com/tpt11fb/SpringVulScan

https://github.com/B0rn2d/Spring-Cloud-Gateway-Nacos

https://github.com/Nathaniel1025/CVE-2022-22947

https://github.com/talentsec/Spring-Cloud-Gateway-CVE-2022-22947

https://github.com/flying0er/CVE-2022-22947-goby

https://github.com/Vulnmachines/spring-cve-2022-22947

https://github.com/Summer177/Spring-Cloud-Gateway-CVE-2022-22947

https://github.com/qq87234770/CVE-2022-22947

https://github.com/Tas9er/SpringCloudGatewayRCE

https://github.com/skysliently/CVE-2022-22947-pb-ai

https://github.com/tangxiaofeng7/CVE-2022-22947-Spring-Cloud-Gateway

https://github.com/anansec/CVE-2022-22947_EXP

https://github.com/4nNns/CVE-2022-22947

https://github.com/MoCh3n/CVE-2022-22947-Spring-Cloud-Gateway-SpelRCE

https://github.com/k3rwin/spring-cloud-gateway-rce

https://github.com/Arrnitage/CVE-2022-22947_exp

https://github.com/YutuSec/SpEL

https://github.com/kmahyyg/CVE-2022-22947

https://github.com/PaoPaoLong-lab/Spring-CVE-2022-22947-

https://github.com/entr0pie/demo-cve-2022-22947

https://github.com/Bin4xin/bin4xin.github.io

https://github.com/dbgee/CVE-2022-22947

https://github.com/nu0l/cve-2022-22947

https://github.com/Greetdawn/CVE-2022-22947

https://github.com/SiJiDo/CVE-2022-22947

https://github.com/0730Nophone/CVE-2022-22947-

https://github.com/Zh0um1/CVE-2022-22947

https://github.com/whwlsfb/cve-2022-22947-godzilla-memshell

https://github.com/superneilcn/SpringExploitGUI

https://github.com/lucksec/Spring-Cloud-Gateway-CVE-2022-22947

https://github.com/Le1a/CVE-2022-22947

https://github.com/hunzi0/CVE-2022-22947-Rce_POC

https://github.com/XuCcc/VulEnv

https://github.com/crowsec-edtech/CVE-2022-22947

https://github.com/shoucheng3/spring-cloud__spring-cloud-gateway_CVE-2022-22947_3-0-6

https://github.com/viemsr/spring_cloud_gateway_memshell

nurkiewicz@fosstodon.org at 2026-07-10T14:39:10.000Z ##

A decade of #Spring SpEL CVEs: CVE-2026-41852, CVE-2026-41851, CVE-2026-41850, CVE-2026-41849, CVE-2026-41729, CVE-2026-41719, CVE-2026-41717, CVE-2025-41253, CVE-2024-38808, CVE-2023-20861, CVE-2022-22980, CVE-2022-22963, CVE-2022-22950, CVE-2022-22947, CVE-2018-1273, CVE-2018-1260, CVE-2017-8046, CVE-2016-4977. RCE, DoS, you name it

##

CVE-2022-22950
(6.5 MEDIUM)

EPSS: 35.83%

updated 2023-03-28T22:26:11

1 posts

In Spring Framework versions 5.3.0 - 5.3.16, 5.2.0.RELEASE - 5.2.19.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.

nurkiewicz@fosstodon.org at 2026-07-10T14:39:10.000Z ##

A decade of #Spring SpEL CVEs: CVE-2026-41852, CVE-2026-41851, CVE-2026-41850, CVE-2026-41849, CVE-2026-41729, CVE-2026-41719, CVE-2026-41717, CVE-2025-41253, CVE-2024-38808, CVE-2023-20861, CVE-2022-22980, CVE-2022-22963, CVE-2022-22950, CVE-2022-22947, CVE-2018-1273, CVE-2018-1260, CVE-2017-8046, CVE-2016-4977. RCE, DoS, you name it

##

netsecio@mastodon.social at 2026-07-12T14:01:39.000Z ##

📰 Critical Gitea Docker Flaw Actively Exploited for Unauthorized Access

🔥 CRITICAL Gitea flaw (CVE-2026-20896, CVSS 9.8) is actively exploited! Insecure default in Docker images allows unauthenticated attackers to become admin. Update immediately or harden your proxy config! #Gitea #Vulnerability #DevSecOps

🌐 cyber[.]netsecops[.]io

🔗 cyber.netsecops.io/articles/cr

##

linuxmint_hun@mastodon.social at 2026-07-10T11:49:28.000Z ##

Kibertámadók már 13 nappal a bejelentés után vizsgálják a Gitea Docker sebezhetőséget (CVE-2026-20896)

linuxmint.hu/hir/2026/07/kiber

##

CVE-2026-53486
(0 None)

EPSS: 0.00%

2 posts

N/A

DailyCyberSecurity at 2026-07-12T13:01:49.853Z ##

A decompress npm vulnerability (CVE-2026-53486, CVSS 9.1) lets crafted archives write files outside the target folder via path traversal. Patch now.

securityonline.info/decompress

##

DailyCyberSecurity@infosec.exchange at 2026-07-12T13:01:49.000Z ##

A decompress npm vulnerability (CVE-2026-53486, CVSS 9.1) lets crafted archives write files outside the target folder via path traversal. Patch now.

#decompress #npm #CVE202653486 #PathTraversal #NodeJS #CyberSecurity

securityonline.info/decompress

##

CVE-2026-53657
(0 None)

EPSS: 0.20%

2 posts

N/A

thehackerwire@mastodon.social at 2026-07-11T21:00:01.000Z ##

🟠 CVE-2026-53657 - High (8.2)

Lima launches Linux virtual machines, typically on macOS, for running containerd. Prior to 2.1.3, on an instance of Lima running with the qemu driver, an arbitrary user in the VM could access /run/lima-guestagent.sock when the guest agent is enabl...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T21:00:01.000Z ##

🟠 CVE-2026-53657 - High (8.2)

Lima launches Linux virtual machines, typically on macOS, for running containerd. Prior to 2.1.3, on an instance of Lima running with the qemu driver, an arbitrary user in the VM could access /run/lima-guestagent.sock when the guest agent is enabl...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-55687
(0 None)

EPSS: 0.39%

2 posts

N/A

thehackerwire@mastodon.social at 2026-07-11T19:59:55.000Z ##

🟠 CVE-2026-55687 - High (7.5)

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. Versions 6.0.1, 5.5.4, 5.4.4, 5.3.5, and possibly prior contain an out-of-bounds write in jpeg_parse_dqt_marker() in components/esp_driver_jpeg/jpeg_parse_marker.c because th...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T19:59:55.000Z ##

🟠 CVE-2026-55687 - High (7.5)

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. Versions 6.0.1, 5.5.4, 5.4.4, 5.3.5, and possibly prior contain an out-of-bounds write in jpeg_parse_dqt_marker() in components/esp_driver_jpeg/jpeg_parse_marker.c because th...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-55641
(0 None)

EPSS: 0.25%

2 posts

N/A

thehackerwire@mastodon.social at 2026-07-11T19:00:30.000Z ##

🟠 CVE-2026-55641 - High (8.2)

9Router is an AI router & token saver. Prior to 0.5.2, 9router determines whether a /v1 LLM proxy request is local by reading the client-controlled Host header, allowing a remote unauthenticated attacker to send Host: localhost and bypass API-key ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T19:00:30.000Z ##

🟠 CVE-2026-55641 - High (8.2)

9Router is an AI router & token saver. Prior to 0.5.2, 9router determines whether a /v1 LLM proxy request is local by reading the client-controlled Host header, allowing a remote unauthenticated attacker to send Host: localhost and bypass API-key ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-56675
(0 None)

EPSS: 0.32%

2 posts

N/A

thehackerwire@mastodon.social at 2026-07-11T19:00:09.000Z ##

🟠 CVE-2026-56675 - High (8.3)

9Router is an AI router & token saver. Prior to 0.5.2, 9router treats loopback requests as trusted and allows /v1/* access without an API key, so a same-host reverse proxy that forwards public traffic to the backend through 127.0.0.1 causes src/da...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T19:00:09.000Z ##

🟠 CVE-2026-56675 - High (8.3)

9Router is an AI router & token saver. Prior to 0.5.2, 9router treats loopback requests as trusted and allows /v1/* access without an API key, so a same-host reverse proxy that forwards public traffic to the backend through 127.0.0.1 causes src/da...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-56668
(0 None)

EPSS: 0.23%

2 posts

N/A

thehackerwire@mastodon.social at 2026-07-11T18:00:20.000Z ##

🟠 CVE-2026-56668 - High (8.1)

ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL's OAuth2 Token Exchange endpoint for urn:ietf:params:oauth:grant-type:token-exchange does not verify that the subject token belongs to the requesting client or that r...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T18:00:20.000Z ##

🟠 CVE-2026-56668 - High (8.1)

ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL's OAuth2 Token Exchange endpoint for urn:ietf:params:oauth:grant-type:token-exchange does not verify that the subject token belongs to the requesting client or that r...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-55516
(0 None)

EPSS: 0.22%

2 posts

N/A

thehackerwire@mastodon.social at 2026-07-11T17:00:20.000Z ##

🟠 CVE-2026-55516 - High (7.7)

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, PATCH or PUT /api/v1/maintenances/{maintenance_id} checks access to the current maintenance record and asset but then fills attacker-controlled fields including asset_id without re...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T17:00:20.000Z ##

🟠 CVE-2026-55516 - High (7.7)

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, PATCH or PUT /api/v1/maintenances/{maintenance_id} checks access to the current maintenance record and asset but then fills attacker-controlled fields including asset_id without re...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-59151
(0 None)

EPSS: 0.30%

2 posts

N/A

thehackerwire@mastodon.social at 2026-07-11T17:00:08.000Z ##

🔴 CVE-2026-59151 - Critical (9.6)

Prowler is a cloud security platform. Prior to 5.30.3, Prowler's SAML authentication flow trusted the email domain asserted in a SAMLResponse when deciding which tenant should receive the final token, and the ACS finish logic in api/src/backend/ap...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T17:00:08.000Z ##

🔴 CVE-2026-59151 - Critical (9.6)

Prowler is a cloud security platform. Prior to 5.30.3, Prowler's SAML authentication flow trusted the email domain asserted in a SAMLResponse when deciding which tenant should receive the final token, and the ACS finish logic in api/src/backend/ap...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-55377
(0 None)

EPSS: 0.26%

2 posts

N/A

thehackerwire@mastodon.social at 2026-07-11T14:00:15.000Z ##

🟠 CVE-2026-55377 - High (8.1)

Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's Account Center step-up check accepted any active verification record that belonged to the current user and had isVerified === true. A WebAuthn regi...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T14:00:15.000Z ##

🟠 CVE-2026-55377 - High (8.1)

Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's Account Center step-up check accepted any active verification record that belonged to the current user and had isVerified === true. A WebAuthn regi...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-52747
(0 None)

EPSS: 0.46%

2 posts

N/A

thehackerwire@mastodon.social at 2026-07-11T12:00:07.000Z ##

🟠 CVE-2026-52747 - High (8.6)

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Prior to 3.0.16, the multipart/form-data request body parser in libmodsecurity silently removes embedded line breaks from non-file form-...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T12:00:07.000Z ##

🟠 CVE-2026-52747 - High (8.6)

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Prior to 3.0.16, the multipart/form-data request body parser in libmodsecurity silently removes embedded line breaks from non-file form-...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-49213
(0 None)

EPSS: 0.32%

2 posts

N/A

thehackerwire@mastodon.social at 2026-07-11T11:59:58.000Z ##

🟠 CVE-2026-49213 - High (8.1)

TypeBot is a chatbot builder tool. Prior to 3.17.2, Typebot's shared SSRF validator in packages/lib/src/ssrf/validateHttpReqUrl.ts can be bypassed with the IPv6 unspecified address :: because validateIPAddress blocks local, metadata, and private r...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-11T11:59:58.000Z ##

🟠 CVE-2026-49213 - High (8.1)

TypeBot is a chatbot builder tool. Prior to 3.17.2, Typebot's shared SSRF validator in packages/lib/src/ssrf/validateHttpReqUrl.ts can be bypassed with the IPv6 unspecified address :: because validateIPAddress blocks local, metadata, and private r...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-57220
(0 None)

EPSS: 0.43%

2 posts

N/A

hugovalters@mastodon.social at 2026-07-11T09:00:34.000Z ##

CVE-2026-57220 - DoS in RabbitMQ. Unauthenticated remote client can consume broker memory via oversized stream frames. CVSS 7.5. Update to 4.2.6 now. #CVE #RabbitMQ #infosec

valtersit.com/cve/CVE-2026-572

##

thehackerwire@mastodon.social at 2026-07-10T22:00:14.000Z ##

🟠 CVE-2026-57220 - High (7.5)

RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, the RabbitMQ stream listener does not enforce the configured stream frame-size limit while assembling frames during authentication and before Tune negotiation, allowing an unauthenticat...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-55175
(0 None)

EPSS: 0.61%

1 posts

N/A

thehackerwire@mastodon.social at 2026-07-11T00:00:44.000Z ##

🟠 CVE-2026-55175 - High (7.5)

Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to versions 2026.1.1, 2026.0.3, 2025.4.4, and 2025.3.4 on their respective release lines, Kustomize bake operations allow unsafe YAML tag processing in rosco manifests. T...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-55213
(0 None)

EPSS: 0.34%

1 posts

N/A

thehackerwire@mastodon.social at 2026-07-10T22:01:23.000Z ##

🟠 CVE-2026-55213 - High (7.5)

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit edd7a120bfc4af11ac0cbebce2a43cc1f93f9af1, when h2o processes a QPACK instruction sent from the peer over HTTP/3, lib/http3/qpack.c might allocate an on-stack buffe...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-55659
(0 None)

EPSS: 0.27%

1 posts

N/A

thehackerwire@mastodon.social at 2026-07-10T22:01:13.000Z ##

🟠 CVE-2026-55659 - High (7.7)

Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, several server-rendered Grist pages embedded user-controlled values into the page and into inline scripts without fully escaping them, allowing cross-site scripti...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-55879
(0 None)

EPSS: 0.27%

1 posts

N/A

thehackerwire@mastodon.social at 2026-07-10T22:01:03.000Z ##

🔴 CVE-2026-55879 - Critical (9.3)

OpenReplay is a self-hosted session replay suite. From 1.24.0 before 1.25.0, the OpenReplay tracking SDK accepts custom event names and captured page URLs from any visitor using a public project key, stores them in ClickHouse without output encodi...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-55789
(0 None)

EPSS: 0.30%

1 posts

N/A

thehackerwire@mastodon.social at 2026-07-10T21:00:24.000Z ##

🟠 CVE-2026-55789 - High (8.5)

Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's self-hosted SAML application IdP built the signed SAML response and assertion by string-substituting user-controlled profile attributes such as nam...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-54149
(0 None)

EPSS: 0.38%

1 posts

N/A

thehackerwire@mastodon.social at 2026-07-10T17:00:21.000Z ##

🟠 CVE-2026-54149 - High (8.8)

MaxKB is an open-source AI assistant for enterprise. Prior to 2.10.0-lts, MaxKB tool import functionality in apps/tools/serializers/tool.py and MCP referencing mode in apps/application/chat_pipeline/step/chat_step/impl/base_chat_step.py do not con...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-13117
(0 None)

EPSS: 0.00%

1 posts

N/A

cryptostorm@infosec.exchange at 2026-07-10T13:32:09.000Z ##

v4.01 of our Windows client is at cryptostorm.is/windows#widget

See attached for client-side fixes.

Servers were updated to OpenVPN 2.7.5 on the 2nd, and v4.01 bundles 2.7.5, so we're good on CVE-2026-12996, CVE-2026-13117, CVE-2026-12932, and CVE-2026-13698.

##

CVE-2026-12932
(0 None)

EPSS: 0.00%

1 posts

N/A

cryptostorm@infosec.exchange at 2026-07-10T13:32:09.000Z ##

v4.01 of our Windows client is at cryptostorm.is/windows#widget

See attached for client-side fixes.

Servers were updated to OpenVPN 2.7.5 on the 2nd, and v4.01 bundles 2.7.5, so we're good on CVE-2026-12996, CVE-2026-13117, CVE-2026-12932, and CVE-2026-13698.

##

CVE-2026-12996
(0 None)

EPSS: 0.00%

1 posts

N/A

cryptostorm@infosec.exchange at 2026-07-10T13:32:09.000Z ##

v4.01 of our Windows client is at cryptostorm.is/windows#widget

See attached for client-side fixes.

Servers were updated to OpenVPN 2.7.5 on the 2nd, and v4.01 bundles 2.7.5, so we're good on CVE-2026-12996, CVE-2026-13117, CVE-2026-12932, and CVE-2026-13698.

##

CVE-2026-59834
(0 None)

EPSS: 0.38%

1 posts

N/A

thehackerwire@mastodon.social at 2026-07-10T03:01:04.000Z ##

🟠 CVE-2026-59834 - High (7.5)

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the block search endpoint POST /api/search/fullTextSearchBlock concatenates attacker-controlled paths values into SQL predicates used by non-SQL search modes, allowing ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-59832
(0 None)

EPSS: 0.32%

1 posts

N/A

thehackerwire@mastodon.social at 2026-07-10T03:00:55.000Z ##

🟠 CVE-2026-59832 - High (7.7)

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the /snippets/*filepath route handler serveSnippets in kernel/server/serve.go joins a single-decoded request path with the snippets directory without subpath containmen...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-54433
(0 None)

EPSS: 0.00%

1 posts

N/A

CVE-2026-57155
(0 None)

EPSS: 0.00%

1 posts

N/A

Visit counter For Websites