| CVE | CVSS | EPSS | Posts | Repos | Nuclei | Updated | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-60471 | 5.5 | 0.00% | 2 | 0 | 2026-06-24T21:30:43 | A use-after-free in the gf_filter_pid_reconfigure_task_discard function (/filter | |
| CVE-2026-48939 | 0 | 0.40% | 1 | 0 | 2026-06-24T19:17:11.143000 | A vulnerability in the iCagenda extension for Joomla allows the upload of arbitr | |
| CVE-2026-48908 | 0 | 0.61% | 1 | 4 | 2026-06-24T19:17:11.037000 | A vulnerability in SP Page Builder for Joomla allows unauthenticated users to up | |
| CVE-2026-20230 | 8.6 | 25.85% | 4 | 2 | 2026-06-24T18:33:41 | A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco U | |
| CVE-2026-55200 | 8.1 | 0.91% | 5 | 1 | 2026-06-24T17:17:29.693000 | libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write | |
| CVE-2026-10735 | 7.5 | 0.20% | 1 | 2 | 2026-06-24T15:31:43 | Multiple Shapedsmart-post-show-pro WordPress plugin before 4.0.2, Real Testimoni | |
| CVE-2026-32174 | 7.7 | 0.37% | 1 | 0 | 2026-06-24T15:19:03.857000 | Improper authentication in Azure Bot Service allows an authorized attacker to el | |
| CVE-2026-34908 | 10.0 | 2.10% | 5 | 1 | 2026-06-24T14:50:41.720000 | A malicious actor with access to the network could exploit an Improper Access Co | |
| CVE-2026-34909 | 10.0 | 1.82% | 4 | 0 | 2026-06-24T14:49:53.287000 | A malicious actor with access to the network could exploit a Path Traversal vuln | |
| CVE-2026-34910 | 10.0 | 81.84% | 4 | 0 | template | 2026-06-24T14:49:47.237000 | A malicious actor with access to the network could exploit an Improper Input Val |
| CVE-2026-12850 | 9.1 | 1.72% | 1 | 0 | 2026-06-24T14:17:30.287000 | Multiple OS command injection vulnerabilities exist in the libNetSetObj.so funct | |
| CVE-2026-12417 | 9.8 | 0.45% | 1 | 1 | 2026-06-24T09:30:46 | The SignUp & SignIn plugin for WordPress is vulnerable to Authentication Bypass | |
| CVE-2026-12416 | 9.8 | 0.36% | 1 | 1 | 2026-06-24T09:30:46 | The Invoice Generator plugin for WordPress is vulnerable to Account Takeover via | |
| CVE-2026-12851 | 9.1 | 1.68% | 1 | 0 | 2026-06-24T06:31:51 | Multiple OS command injection vulnerabilities exist in the libNetSetObj.so funct | |
| CVE-2026-47647 | 9.9 | 0.44% | 1 | 0 | 2026-06-24T05:17:28.903000 | Improper access control in Microsoft Dynamics 365 allows an authorized attacker | |
| CVE-2026-44914 | 7.2 | 0.39% | 1 | 0 | 2026-06-24T05:17:28.290000 | Apache NiFi 1.12.0 through 2.9.0 are missing authorization when replacing Proces | |
| CVE-2025-67038 | 9.8 | 1.13% | 8 | 0 | 2026-06-24T05:17:25.670000 | An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module exec | |
| CVE-2026-11807 | 9.6 | 0.36% | 1 | 0 | 2026-06-24T03:31:40 | A missing authorization vulnerability was found in the Event-Driven Ansible (EDA | |
| CVE-2026-54317 | 7.6 | 0.19% | 1 | 0 | 2026-06-23T19:34:58.770000 | Home Assistant is open source home automation software that puts local control a | |
| CVE-2026-7664 | 9.8 | 0.28% | 1 | 0 | 2026-06-23T19:17:12.450000 | IBM Langflow OSS 1.0.0 through 1.8.4 could allow unauthenticated attackers to ac | |
| CVE-2026-48979 | 7.5 | 0.27% | 1 | 0 | 2026-06-23T16:04:55.583000 | PHP Standard Library (PSL) is set of APIs covering async, collections, networkin | |
| CVE-2026-12866 | 9.8 | 0.45% | 1 | 0 | 2026-06-23T15:42:30.483000 | All versions of the package expr-eval are vulnerable to Code Execution via the t | |
| CVE-2026-44727 | 0 | 0.24% | 1 | 0 | 2026-06-23T15:37:54.137000 | Jupyter Server is the backend for Jupyter web applications. Prior to 2.20, the n | |
| CVE-2026-10521 | 7.2 | 0.31% | 3 | 0 | 2026-06-23T09:32:28 | An high privileged remote attacker can access a hidden configuration method, tha | |
| CVE-2026-11374 | 9.0 | 1.24% | 1 | 0 | 2026-06-23T09:32:28 | In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and | |
| CVE-2026-6645 | 0 | 0.14% | 1 | 0 | 2026-06-23T05:17:05.117000 | An insecure process execution vulnerability exists in the pc-printer-updater.exe | |
| CVE-2026-11833 | None | 0.22% | 1 | 0 | 2026-06-23T03:31:48 | Overview: A vulnerability has been found in FAST/TOOLS and CI Server. The web s | |
| CVE-2026-11551 | 9.8 | 0.62% | 2 | 3 | 2026-06-23T03:16:40.677000 | The Branda plugin for WordPress is vulnerable to privilege escalation via accoun | |
| CVE-2026-8461 | 8.8 | 0.39% | 4 | 3 | 2026-06-22T20:31:03.510000 | An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specificall | |
| CVE-2026-12044 | 8.8 | 0.51% | 1 | 0 | 2026-06-22T20:23:26.770000 | SQL injection in pgAdmin 4 across every dialog template that renders ``COMMENT O | |
| CVE-2026-11717 | 0 | 0.19% | 1 | 0 | 2026-06-22T20:18:53.300000 | An authentication bypass vulnerability exists in the generic opaque token valida | |
| CVE-2026-12581 | 7.5 | 0.30% | 1 | 0 | 2026-06-22T20:17:59.447000 | EasyFlow .NET developed by Digiwin has a Session Fixation vulnerability. If unau | |
| CVE-2026-54414 | 9.8 | 0.72% | 1 | 0 | 2026-06-22T20:17:59.447000 | FileRise before 3.16.0 is vulnerable to path traversal in the shared-folder uplo | |
| CVE-2026-55199 | 5.9 | 0.37% | 1 | 0 | 2026-06-22T18:43:49.900000 | libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication d | |
| CVE-2026-56382 | 7.2 | 0.49% | 1 | 0 | 2026-06-22T18:40:05.833000 | Craft CMS (composer package craftcms/cms) versions >= 5.5.0 and <= 5.9.13 contai | |
| CVE-2026-8157 | 8.8 | 0.24% | 1 | 0 | 2026-06-22T18:38:02.507000 | The Vitepos WordPress plugin before 3.4.2 does not properly restrict the roles | |
| CVE-2026-10789 | 9.6 | 0.29% | 1 | 0 | 2026-06-22T18:34:24 | A maliciously crafted webpage, when visited by a user with Autodesk Fusion Deskt | |
| CVE-2026-56448 | 0 | 0.29% | 1 | 0 | 2026-06-22T18:16:50.207000 | A path traversal vulnerability exists in AIL Framework before the release contai | |
| CVE-2026-41950 | 6.5 | 0.33% | 2 | 0 | 2026-06-22T18:16:37.293000 | Dify before version 1.14.0 contains an authorization bypass vulnerability that a | |
| CVE-2026-41948 | 9.4 | 0.51% | 2 | 0 | 2026-06-22T18:16:37.033000 | Dify version 1.14.1 and prior contain a path traversal vulnerability that allows | |
| CVE-2026-41947 | 9.1 | 0.45% | 2 | 0 | 2026-06-22T18:16:36.883000 | Dify before version 1.14.2 contains an authorization bypass vulnerability that a | |
| CVE-2026-9843 | 8.1 | 0.66% | 1 | 0 | 2026-06-22T16:43:14.450000 | The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress i | |
| CVE-2026-10561 | 10.0 | 0.53% | 1 | 0 | 2026-06-22T15:30:52 | IBM Langflow OSS 1.0.0 through 1.9.3 has an vulnerability due to an improper iso | |
| CVE-2026-7166 | None | 0.38% | 1 | 0 | 2026-06-22T15:30:46 | Vulnerability involving the exposure of sensitive data provided without adequate | |
| CVE-2026-20181 | 9.1 | 0.75% | 2 | 0 | 2026-06-22T14:31:46.277000 | A vulnerability in Cisco ISE and ISE-PIC could allow an authenticated, remote at | |
| CVE-2026-54104 | 8.8 | 0.40% | 2 | 0 | 2026-06-22T14:17:41.693000 | The U.S. Government Accountability Office (GAO) Electronic Protest Docketing Sys | |
| CVE-2026-12806 | 8.8 | 0.46% | 1 | 0 | 2026-06-21T21:31:04 | A vulnerability has been found in Edimax BR-6478AC V2 1.23. The impacted element | |
| CVE-2026-56394 | 6.5 | 0.34% | 1 | 0 | 2026-06-21T15:31:31 | Craft CMS from 4.0.0-RC1 contains an authenticated path traversal vulnerability | |
| CVE-2026-56265 | 9.8 | 0.43% | 1 | 0 | 2026-06-21T15:31:31 | Crawl4AI before 0.8.7 contains an authentication bypass vulnerability due to a h | |
| CVE-2026-12786 | 7.8 | 0.11% | 1 | 0 | 2026-06-21T09:30:57 | A vulnerability has been found in Ezbsystems UltraISO Premium Edition up to 9.76 | |
| CVE-2026-12784 | 7.8 | 0.11% | 1 | 0 | 2026-06-21T09:30:51 | A weakness has been identified in IM-Magic Partition Resizer up to 7.9.0. This a | |
| CVE-2026-12781 | 7.8 | 0.11% | 1 | 0 | 2026-06-21T09:30:50 | A vulnerability was identified in EaseUS Partition Master up to 14.5. The affect | |
| CVE-2026-12782 | 7.8 | 0.11% | 1 | 0 | 2026-06-21T09:30:50 | A security flaw has been discovered in EaseUS Partition Master up to 14.5. The i | |
| CVE-2026-56099 | 5.3 | 0.36% | 1 | 0 | 2026-06-21T09:30:50 | OpenBSD before commit 6a23123 (2026-06-18) contains an out-of-bounds read vulner | |
| CVE-2025-20701 | 8.8 | 4.19% | 1 | 0 | 2026-06-21T09:30:49 | In the Airoha Bluetooth audio SDK, there is a possible way to pair Bluetooth aud | |
| CVE-2026-12779 | 7.8 | 0.11% | 1 | 0 | 2026-06-21T06:32:15 | A vulnerability was found in AOMEI Dynamic Disk Manager up to 10.10.1. This issu | |
| CVE-2026-12780 | 7.8 | 0.11% | 1 | 0 | 2026-06-21T06:32:14 | A vulnerability was determined in AOMEI Backupper up to 8.3.0. Impacted is an un | |
| CVE-2026-12774 | 6.3 | 0.21% | 1 | 0 | 2026-06-21T06:32:14 | A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affe | |
| CVE-2026-5366 | 9.9 | 0.57% | 1 | 0 | 2026-06-20T18:31:35 | Prefect version 3.6.23 is vulnerable to remote code execution due to improper ha | |
| CVE-2022-50972 | 9.8 | 0.63% | 1 | 0 | 2026-06-20T15:32:32 | WooCommerce 7.1.0 contains a remote code execution vulnerability that allows att | |
| CVE-2026-48909 | None | 0.80% | 1 | 1 | 2026-06-20T15:32:23 | SP LMS (com_splms) < 4.1.4 by JoomShaper deserializes user-controlled cookie dat | |
| CVE-2026-11912 | 7.5 | 0.43% | 1 | 1 | 2026-06-20T09:33:32 | The Simple File List plugin for WordPress is vulnerable to arbitrary file modifi | |
| CVE-2026-11911 | 7.5 | 0.78% | 1 | 0 | 2026-06-20T09:33:32 | The Simple File List plugin for WordPress is vulnerable to arbitrary file deleti | |
| CVE-2026-56082 | 7.5 | 0.24% | 1 | 0 | 2026-06-20T00:34:15 | Capgo (Cap-go/capgo) before 12.128.2 contains an improper access control vulnera | |
| CVE-2026-56081 | 9.1 | 0.35% | 2 | 0 | 2026-06-20T00:34:14 | Cap-go before 12.128.2 contains an authentication logic flaw that lets an attack | |
| CVE-2026-56073 | 9.4 | 0.19% | 1 | 0 | 2026-06-20T00:34:08 | Cap-go before 12.128.2 contains an authentication bypass vulnerability in OTP ve | |
| CVE-2026-42824 | 6.5 | 7.64% | 1 | 0 | 2026-06-19T21:16:42.893000 | Missing authentication for critical function in M365 Copilot allows an unauthori | |
| CVE-2026-50195 | None | 0.00% | 1 | 0 | 2026-06-19T19:35:24 | ## Impact containerd's CRI checkpoint import process contains a vulnerability wh | |
| CVE-2026-8713 | 9.1 | 1.19% | 1 | 0 | 2026-06-19T06:32:02 | The Avada (Fusion) Builder plugin for WordPress is vulnerable to arbitrary file | |
| CVE-2026-7515 | 9.8 | 0.89% | 1 | 2 | 2026-06-19T06:32:02 | The BetterDocs Pro plugin for WordPress is vulnerable to Local File Inclusion in | |
| CVE-2026-40624 | 9.8 | 0.62% | 1 | 0 | 2026-06-19T00:31:46 | Improper input validation in AVer PTC500S, PTC115, PTC500+, and PTC115+ cameras | |
| CVE-2026-12048 | 9.3 | 0.31% | 1 | 0 | 2026-06-19T00:31:46 | Stored cross-site scripting in pgAdmin 4's error-rendering and plan-node-renderi | |
| CVE-2026-47633 | 7.5 | 0.58% | 1 | 0 | 2026-06-19T00:31:41 | Exposure of sensitive information to an unauthorized actor in Cost Management In | |
| CVE-2026-54130 | 9.8 | 0.50% | 1 | 0 | 2026-06-19T00:31:41 | Missing authentication for critical function in M365 Copilot allows an unauthori | |
| CVE-2026-11409 | 7.2 | 2.79% | 1 | 0 | 2026-06-18T21:33:34 | An authenticated OS command injection vulnerability exists in the IPv6 PPPoE con | |
| CVE-2026-11410 | 7.2 | 2.79% | 1 | 0 | 2026-06-18T21:33:34 | An authenticated OS command injection vulnerability exists in the BigPond Cable | |
| CVE-2026-55203 | 7.5 | 0.29% | 1 | 0 | 2026-06-18T18:35:31 | HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vul | |
| CVE-2026-54103 | 9.8 | 0.43% | 3 | 0 | 2026-06-18T18:35:31 | The U.S. Government Accountability Office (GAO) Electronic Protest Docketing Sys | |
| CVE-2026-54390 | 9.8 | 0.33% | 1 | 0 | 2026-06-18T18:35:31 | JTL Shop versions 5.2.0 through 5.7.1 contains a server-side template injection | |
| CVE-2026-20253 | 9.8 | 92.10% | 11 | 3 | template | 2026-06-18T18:35:18 | In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform |
| CVE-2026-42530 | 8.1 | 2.39% | 5 | 3 | 2026-06-18T04:16:48.520000 | NGINX Open Source has a vulnerability in the ngx_http_v3_module module. When NGI | |
| CVE-2026-42055 | 8.1 | 1.82% | 4 | 1 | 2026-06-18T04:16:48.367000 | NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_proxy_v2_m | |
| CVE-2026-54388 | 9.1 | 0.39% | 1 | 0 | 2026-06-17T21:34:45 | Tinyproxy through 1.11.3, fixed in commit 364cdb6, fails to reject requests cont | |
| CVE-2026-23243 | 7.8 | 0.12% | 1 | 0 | 2026-06-17T19:17:16.593000 | In the Linux kernel, the following vulnerability has been resolved: RDMA/umad: | |
| CVE-2026-50656 | 7.8 | 3.39% | 1 | 1 | 2026-06-17T19:10:40.163000 | Microsoft is aware of an elevation of privilege in the Microsoft Malware Protect | |
| CVE-2026-48907 | 9.8 | 80.42% | 2 | 9 | template | 2026-06-17T18:36:17 | A vulnerability in the JCE editor extension for Joomla allows the creation of ne |
| CVE-2026-20190 | 7.5 | 0.41% | 2 | 0 | 2026-06-17T18:36:07 | A vulnerability in Cisco ISE and ISE-PIC could allow an unauthenticated, remote | |
| CVE-2026-53876 | 7.2 | 1.79% | 1 | 0 | 2026-06-17T18:35:59 | RadiX AX6600 WiFi 6 Tri-Band Gaming Router contains an OS command injection vuln | |
| CVE-2026-5667 | 0 | 0.15% | 1 | 0 | 2026-06-17T16:21:32.403000 | Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Room Air Cond | |
| CVE-2026-20262 | 6.5 | 1.37% | 2 | 2 | 2026-06-17T13:20:04.900000 | A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN | |
| CVE-2026-9271 | 5.9 | 0.14% | 1 | 0 | 2026-06-17T11:04:59.717000 | Vulnerability Title | |
| CVE-2026-7473 | 5.8 | 0.84% | 1 | 1 | 2026-06-17T11:02:29.070000 | On affected platforms running Arista EOS where a tunnel decapsulation configurat | |
| CVE-2026-54420 | 8.5 | 1.26% | 1 | 4 | 2026-06-17T10:58:13.830000 | LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn bef | |
| CVE-2026-50751 | 9.3 | 71.05% | 1 | 8 | template | 2026-06-17T10:57:46.373000 | A logic flow weakness in Remote Access and Mobile Access certificate validation |
| CVE-2026-48970 | 8.1 | 0.32% | 1 | 0 | 2026-06-17T10:55:25.967000 | Unauthenticated Broken Authentication in Really Simple SSL <= 9.5.10 versions. | |
| CVE-2026-48558 | 10.0 | 0.72% | 1 | 0 | 2026-06-17T10:55:05.230000 | SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an aut | |
| CVE-2026-45504 | 8.8 | 0.43% | 2 | 1 | 2026-06-17T10:52:10.200000 | Server-side request forgery (ssrf) in Microsoft Exchange Server allows an author | |
| CVE-2026-20245 | 7.8 | 9.92% | 5 | 3 | 2026-06-17T10:17:19.370000 | A vulnerability in the CLI of Cisco Catalyst SD-WAN Controller, formerly SD-WAN | |
| CVE-2025-8088 | 8.8 | 85.78% | 1 | 31 | 2026-06-17T10:06:17.243000 | A path traversal vulnerability affecting the Windows version of WinRAR allows th | |
| CVE-2026-50874 | 8.1 | 1.12% | 1 | 0 | 2026-06-16T21:33:04 | An OS command injection vulnerability in the /manage/features/media component of | |
| CVE-2026-38065 | 9.8 | 1.34% | 1 | 0 | 2026-06-16T21:32:59 | Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the | |
| CVE-2026-53753 | 9.8 | 0.45% | 1 | 0 | 2026-06-16T20:13:08 | ### Summary The `_safe_eval_expression()` function in the computed fields featu | |
| CVE-2026-50871 | 9.8 | 1.57% | 1 | 0 | 2026-06-16T15:33:48 | An OS command injection vulnerability in the media archiving and export pipeline | |
| CVE-2026-12219 | 6.3 | 1.52% | 1 | 0 | 2026-06-15T06:31:46 | A flaw has been found in Yealink SIP-T46U 108.86.0.118. The impacted element is | |
| CVE-2026-12223 | 5.5 | 1.53% | 1 | 0 | 2026-06-15T06:31:41 | A vulnerability was identified in Yealink SIP-T46U 108.86.0.118. Affected by thi | |
| CVE-2026-12197 | 7.2 | 2.38% | 1 | 0 | 2026-06-15T00:31:55 | A security flaw has been discovered in Ruijie EG105G-P 2.340. The impacted eleme | |
| CVE-2026-10520 | 10.0 | 98.94% | 1 | 6 | template | 2026-06-11T21:31:50 | An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6 |
| CVE-2026-34182 | 9.1 | 0.24% | 1 | 0 | 2026-06-10T18:32:45 | Issue Summary: Cryptographic Message Services (CMS) processing fails to perform | |
| CVE-2026-25860 | 6.1 | 0.29% | 1 | 1 | 2026-06-10T00:31:50 | OpenClinic GA 5.351.19 contains a reflected cross-site scripting vulnerability i | |
| CVE-2026-26980 | 9.4 | 70.00% | 1 | 4 | template | 2026-06-08T23:22:35 | ### Impact A SQL injection vulnerability existed in Ghost's Content API that al |
| CVE-2026-45034 | None | 0.35% | 1 | 1 | 2026-06-08T23:00:17 | ## Summary CVE-2026-34084 was patched by the helper `File::prohibitWrappers`. T | |
| CVE-2026-8206 | 9.8 | 1.26% | 1 | 3 | 2026-06-02T06:30:33 | The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordP | |
| CVE-2026-47717 | 7.5 | 0.00% | 1 | 0 | template | 2026-05-27T22:51:19 | ### Summary The GET /api/project endpoint exposes sensitive project configurati |
| CVE-2026-39987 | 9.8 | 95.64% | 1 | 12 | template | 2026-04-27T16:30:09 | ## Summary Marimo (19.6k stars) has a Pre-Auth RCE vulnerability. The terminal |
| CVE-2026-41175 | 8.1 | 0.30% | 1 | 0 | 2026-04-24T20:52:07 | ### Impact Manipulating query parameters on Control Panel and REST API endpoint | |
| CVE-2026-4020 | 7.5 | 39.70% | 3 | 1 | template | 2026-03-31T03:31:35 | The Gravity SMTP plugin for WordPress is vulnerable to Sensitive Information Exp |
| CVE-2026-20971 | 7.8 | 0.13% | 2 | 0 | 2026-01-15T21:31:44 | Use After Free in PROCA driver prior to SMR Jan-2026 Release 1 allows local atta | |
| CVE-2024-40766 | 9.3 | 15.69% | 1 | 0 | 2025-10-22T00:33:06 | An improper access control vulnerability has been identified in the SonicWall So | |
| CVE-2014-9223 | None | 6.03% | 1 | 0 | 2025-04-12T12:44:27 | Multiple buffer overflows in AllegroSoft RomPager, as used in Huawei Home Gatewa | |
| CVE-2014-9222 | None | 63.50% | 1 | 2 | 2025-04-12T12:44:27 | AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products a | |
| CVE-2019-1003037 | 6.5 | 1.30% | 1 | 0 | 2023-12-14T18:25:14 | An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0 | |
| CVE-2013-6786 | None | 2.17% | 1 | 0 | 2023-01-28T05:02:55 | Cross-site scripting (XSS) vulnerability in Allegro RomPager before 4.51, as use | |
| CVE-2026-47729 | 0 | 0.00% | 4 | 1 | N/A | ||
| CVE-2026-50000 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-8932 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-53662 | 0 | 0.24% | 1 | 0 | N/A | ||
| CVE-2026-28496 | 0 | 1.89% | 1 | 0 | template | N/A | |
| CVE-2026-50160 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-12958 | 0 | 0.14% | 1 | 0 | N/A | ||
| CVE-2026-12957 | 0 | 0.12% | 1 | 0 | N/A | ||
| CVE-2026-10658 | 0 | 0.17% | 1 | 0 | N/A | ||
| CVE-2026-49287 | 0 | 0.27% | 1 | 0 | N/A | ||
| CVE-2026-9142 | 0 | 0.31% | 1 | 0 | N/A | ||
| CVE-2026-48773 | 0 | 0.36% | 1 | 0 | N/A | ||
| CVE-2025-60467 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2025-60474 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-48772 | 0 | 0.18% | 1 | 0 | N/A | ||
| CVE-2025-60473 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2025-60466 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2025-60465 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2025-60464 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-49252 | 0 | 0.27% | 1 | 0 | N/A | ||
| CVE-2026-49454 | 0 | 0.14% | 1 | 0 | N/A | ||
| CVE-2026-49257 | 0 | 0.50% | 1 | 0 | N/A | ||
| CVE-2026-55074 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-47846 | 0 | 0.34% | 1 | 0 | N/A |
updated 2026-06-24T21:30:43
2 posts
Security Advisory: CVE-2025-60471 - Use-After-Free in GPAC MP4Box PID Reconfiguration
Processing a crafted media file with MP4Box `-info` can trigger a heap use-after-free in `gf_filter_pid_reconfigure_task_discard()`, causing a crash and potential code execution.
Summary:
The `gf_filter_pid_reconfigure_task_discard()` function in `filter_core/filter_pid.c` can access a freed Packet ID (PID) object during filter reconfiguration cleanup. When MP4Box processes a specially crafted file with malformed MPEG-2 TS packet data, broken PMT descriptors, unsupported stream types, and invalid packet structure, the vulnerable path may free a PID instance through `gf_filter_pid_inst_swap()` and later dereference it during reconfiguration task discard.
AddressSanitizer reports a `heap-use-after-free` at `filter_core/filter_pid.c:1346`, with a `READ of size 8` from a freed 336-byte heap region.
CWE:
CWE-416 - Use After Free
Affected Component:
```
filter_core/filter_pid.c:1346
Function: gf_filter_pid_reconfigure_task_discard()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
The issue was reproduced on:
```
GPAC version: 2.5-DEV-rev1570-g6208015df-master
Commit: 6208015dff3a6735a26e413c484c714666eb3ea2
```
Builds before the fix commit `48b0f505679ee41004cb521ac3b76b610650c0cb` should be considered affected if they contain the vulnerable PID reconfiguration cleanup path.
Attack Conditions:
An attacker supplies a crafted media file that is processed by MP4Box through the info/import path. The issue can be reproduced locally with:
```
./MP4Box -info 33_gf_filter_pid_reconfigure_task_discard_filter_core_filter_pid_c_1346
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious file, or an automated media workflow invokes MP4Box on attacker-controlled input.
The prepared CVSS vector in the local BDU data is:
```
AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
```
Impact:
The immediate observed impact is Denial of Service due to process termination. Because the vulnerability is a heap use-after-free, memory corruption and potential arbitrary code execution are possible.
Fix / mitigation status:
The issue was fixed in GPAC commit:
```
48b0f505679ee41004cb521ac3b76b610650c0cb
```
Users should update to a GPAC build containing this commit or later. The affected PID reconfiguration path should ensure that PID object lifetime remains valid before discard logic accesses the object.
References:
- Issue: https://github.com/gpac/gpac/issues/3282
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/33/33_gf_filter_pid_reconfigure_task_discard_filter_core_filter_pid_c_1346
- Fix: https://github.com/gpac/gpac/commit/48b0f505679ee41004cb521ac3b76b610650c0cb
- CVE record: https://www.cve.org/CVERecord?id=CVE-2025-60471
Credit
Alexander A. Shvedov (@sigdevel)
#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
##Security Advisory: CVE-2025-60471 - Use-After-Free in GPAC MP4Box PID Reconfiguration
Processing a crafted MPEG-2 TS file with MP4Box `-info` can trigger a heap use-after-free in `gf_filter_pid_reconfigure_task_discard()`, causing a crash and potential code execution.
Summary:
The `gf_filter_pid_reconfigure_task_discard()` function in `filter_core/filter_pid.c` can access a freed `pid_inst` structure during PID reconfiguration task disposal. When MP4Box processes a specially crafted MPEG-2 Transport Stream file containing broken PMT descriptors, missing packet sync markers, unsupported stream types, and invalid packet data, a PID instance can be freed by `gf_filter_pid_inst_swap_delete()` and later accessed in `gf_filter_pid_reconfigure_task_discard()`.
AddressSanitizer reports a `heap-use-after-free` at `filter_core/filter_pid.c:1341`, with a `READ of size 8` from a freed 336-byte heap region.
CWE:
CWE-416 - Use After Free
Affected Component:
```
filter_core/filter_pid.c:1341
Function: gf_filter_pid_reconfigure_task_discard()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
The issue was reproduced on:
```
GPAC version: 2.5-DEV-rev1557-g62714f27c-master
Commit: 62714f27c64a3d1eb7e880f9eed2d38673cb43ce
```
The MITRE response states that GPAC Project/MP4Box before `26.02.0` is affected. Local MITRE data also describes affected GPAC MP4Box 2.4 and earlier, including development branches that contain the vulnerable PID reconfiguration lifecycle handling.
Builds before the fix commit `868c6801c226e9964cace54cfd5a759f152780b4` should be considered affected if they contain the vulnerable path.
Attack Conditions:
An attacker supplies a crafted MPEG-2 TS file with corrupted PMT descriptors and invalid packet data. The issue can be reproduced locally with:
```
./MP4Box -info 31_gf_filter_pid_reconfigure_task_discard_filter_core_filter_pid_c_1341
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious file, or an automated media workflow invokes MP4Box on attacker-controlled input.
Impact:
The immediate observed impact is Denial of Service due to process termination. Because the vulnerability is a heap use-after-free, memory corruption and potential arbitrary code execution are possible.
Fix / mitigation status:
The issue was fixed in GPAC commit:
```
868c6801c226e9964cace54cfd5a759f152780b4
```
Users should update to a GPAC build containing this commit or later. The affected filter PID reconfiguration path should ensure that PID instance lifetime is valid before task discard logic accesses the object.
References:
- Issue: https://github.com/gpac/gpac/issues/3279
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/31/31_gf_filter_pid_reconfigure_task_discard_filter_core_filter_pid_c_1341
- Fix: https://github.com/gpac/gpac/commit/868c6801c226e9964cace54cfd5a759f152780b4
- CVE record: https://www.cve.org/CVERecord?id=CVE-2025-60471
Credit
Alexander A. Shvedov (@sigdevel)
#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
##updated 2026-06-24T19:17:11.143000
1 posts
CVE-2026-48939 (CRITICAL): iCagenda for Joomla (v1.0.0-3.9.14, 4.0.0-4.0.7) allows unauthenticated PHP file upload & execution. No patch yet — disable or restrict access, use WAF to block. Full site/server compromise risk. Details: https://radar.offseq.com/threat/cve-2026-48939-cwe-284-improper-access-control-in--bc923bedc1d1c47e #OffSeq #Joomla #infosec
##updated 2026-06-24T19:17:11.037000
1 posts
4 repos
https://github.com/ogenich/CVE-2026-48908
https://github.com/gagaltotal/CVE-2026-48908-SP-Page-Builder-Joomla
CRITICAL vuln (CVSS 10) in Joomla SP Page Builder (1.0.0 – 6.6.1): CVE-2026-48908 enables unauthenticated PHP uploads, risking full compromise. No patch yet — restrict/disable extension, monitor activity. Details: https://radar.offseq.com/threat/cve-2026-48908-cwe-284-improper-access-control-in--a8937f9d4a0573e0 #OffSeq #Joomla #CVE #AppSec
##updated 2026-06-24T18:33:41
4 posts
2 repos
#Cisco #UnifiedCM flaw CVE-2026-20230 now exploited in attacks
###Cisco #UnifiedCM flaw CVE-2026-20230 now exploited in attacks
##Falha crítica em servidores da Cisco está a ser ativamente explorada. A vulnerabilidade CVE-2026-20230 afeta o Unified Communications Manager e a Session Management Edition, exigindo ação imediata dos administradores de sistemas em Portugal. ⚠️
##Cisco Unified CM flaw CVE-2026-20230 now exploited in attacks
A high-severity SSRF vulnerability, tracked as CVE-2026-20230, in Cisco Unified Communications Manager Server is now being exploited in attacks.
🔗️ [Bleepingcomputer] https://link.is.it/Y4BXYl
##updated 2026-06-24T17:17:29.693000
5 posts
1 repos
"No way to prevent this" say users of only language where this regularly happens
https://xeiaso.net/shitposts/no-way-to-prevent-this/memory-safety/CVE-2026-55200/
"No way to prevent this" say u...
"No way to prevent this" say users of only language where this regularly happens
##Ah sinon, si vous utilisez du logiciel, vous allez être piraté. Cette fois, c'est SSH (CVE-2026-55200).
https://www.cve.org/CVERecord?id=CVE-2026-55200
For example it seems Debian stable is currently affected: https://security-tracker.debian.org/tracker/CVE-2026-55200
##libssh2 Vulnerabilities Enable Remote Code Execution and Denial of Service
libssh2 disclosed two vulnerabilities, including a critical out-of-bounds write (CVE-2026-55200) and a high-severity denial of service (CVE-2026-55199), affecting versions up to 1.11.1. These flaws allow malicious servers to execute code on connecting clients or cause resource exhaustion.
**Plan to update libssh2 to a patched build as soon as a fixed release is available. In the meantime audit your tools (curl/libcurl, PHP ssh2 extension, monitoring utilities, IoT firmware) for the vulnerable library versions up to 1.11.1. Only connect to SSH servers you trust and isolate sensitive management interfaces so they're reachable from trusted networks only, since a malicious server can now attack your client.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/libssh2-vulnerabilities-enable-remote-code-execution-and-denial-of-service-k-v-c-g-d/gD2P6Ple2L
updated 2026-06-24T15:31:43
1 posts
2 repos
CVE-2026-10735 (CRITICAL): smart-post-show-pro 4.0.1 for WordPress shipped with malicious code via compromised update server. Unauth attackers can exfiltrate creds & control sites. Remove/disable affected plugin & monitor for IOCs. https://radar.offseq.com/threat/cve-2026-10735-cwe-912-hidden-functionality-in-sma-322a51684018935f #OffSeq #WordPress #SupplyChain
##updated 2026-06-24T15:19:03.857000
1 posts
CVE-2026-32174: HIGH severity improper authentication in Microsoft Azure AI Bot Service (CVSS 7.7). Privilege escalation possible for authorized users. Microsoft has issued a server-side fix. No active exploits. Details: https://radar.offseq.com/threat/cve-2026-32174-cwe-287-improper-authentication-in--3888a626d33fd2e5 #OffSeq #Azure #Vuln #CloudSec
##updated 2026-06-24T14:50:41.720000
5 posts
1 repos
CRITICAL UniFi OS vulnerabilities (CVE-2026-34908/09/10) allow remote, unauthenticated attackers to bypass auth and execute commands (pre-5.0.8). Exploited in the wild. Patch ASAP: https://radar.offseq.com/threat/critical-ubiquiti-vulnerabilities-in-attackers-cro-da638630474e46d7 #OffSeq #infosec #Ubiquiti #vulnerability
##CISA Repoers Active Exploitation of Three Critical Ubiquiti UniFi OS Vulnerabilities
CISA added three critical Ubiquiti UniFi OS vulnerabilities (CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910) to its Known Exploited Vulnerabilities Catalog due to active exploitation. These flaws allow unauthenticated attackers to gain full control over network gateways and consoles through command injection and improper access controls.
**Now this advisory is urgent, since the flaws are actively exploited. Make sure all your UniFi devices (UDM, UNVR, UCG gateways, Cloud Keys, etc.) are isolated from the internet and accessible only from trusted networks. Immediately update UniFi OS to the latest patched version for your model (5.1.12+ for most hardware, 5.0.8 for UniFi OS Server, 4.0.14 for Express).**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/cisa-adds-three-critical-ubiquiti-unifi-os-vulnerabilities-to-kev-catalog-w-v-n-9-t/gD2P6Ple2L
CISA has updated the KEV catalogue:
- CVE-2026-34908: Ubiquiti UniFi OS Improper Access Control Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-34908
- CVE-2026-34909: Ubiquiti UniFi OS Path Traversal Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-34909
- CVE-2026-34910: Ubiquiti UniFi OS Improper Input Validation Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-34910
- CVE-2025-67038:
Lantronix EDS5000 Code Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-67038 #CISA #infosec #vulnerability
🚨 [CISA-2026:0623] CISA Adds 4 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0623)
CISA has added 4 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2025-67038 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-67038)
- Name: Lantronix EDS5000 Code Injection Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Lantronix
- Product: EDS5000
- Notes: https://ltrxdev.atlassian.net/wiki/spaces/LTRXTS/pages/2538438657/Latest+Firmware+for+the+EDS5000+series+EDS5008+EDS5016+EDS5032 ; BOD 26-04: https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk ; Forensics Triage Requirements: https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk ; https://nvd.nist.gov/vuln/detail/CVE-2025-67038
⚠️ CVE-2026-34908 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34908)
- Name: Ubiquiti UniFi OS Improper Access Control Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Ubiquiti
- Product: UniFi OS
- Notes: https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b ; BOD 26-04: https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk ; Forensics Triage Requirements: https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk ; https://nvd.nist.gov/vuln/detail/CVE-2026-34908
⚠️ CVE-2026-34909 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34909)
- Name: Ubiquiti UniFi OS Path Traversal Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Ubiquiti
- Product: UniFi OS
- Notes: https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b ; BOD 26-04: https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk ; Forensics Triage Requirements: https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk ; https://nvd.nist.gov/vuln/detail/CVE-2026-34909
⚠️ CVE-2026-34910 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34910)
- Name: Ubiquiti UniFi OS Improper Input Validation Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Ubiquiti
- Product: UniFi OS
- Notes: https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b ; BOD 26-04: https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk ; Forensics Triage Requirements: https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk ; https://nvd.nist.gov/vuln/detail/CVE-2026-34910
#ZEN #SecDB #InfoSec #CVE #CISA_KEV #cisa_20260623 #cisa20260623 #cve_2025_67038 #cve_2026_34908 #cve_2026_34909 #cve_2026_34910 #cve202567038 #cve202634908 #cve202634909 #cve202634910
##CVE ID: CVE-2026-34908
Vendor: Ubiquiti
Product: UniFi OS
Date Added: 2026-06-23
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-34908
updated 2026-06-24T14:49:53.287000
4 posts
CISA Repoers Active Exploitation of Three Critical Ubiquiti UniFi OS Vulnerabilities
CISA added three critical Ubiquiti UniFi OS vulnerabilities (CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910) to its Known Exploited Vulnerabilities Catalog due to active exploitation. These flaws allow unauthenticated attackers to gain full control over network gateways and consoles through command injection and improper access controls.
**Now this advisory is urgent, since the flaws are actively exploited. Make sure all your UniFi devices (UDM, UNVR, UCG gateways, Cloud Keys, etc.) are isolated from the internet and accessible only from trusted networks. Immediately update UniFi OS to the latest patched version for your model (5.1.12+ for most hardware, 5.0.8 for UniFi OS Server, 4.0.14 for Express).**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/cisa-adds-three-critical-ubiquiti-unifi-os-vulnerabilities-to-kev-catalog-w-v-n-9-t/gD2P6Ple2L
CISA has updated the KEV catalogue:
- CVE-2026-34908: Ubiquiti UniFi OS Improper Access Control Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-34908
- CVE-2026-34909: Ubiquiti UniFi OS Path Traversal Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-34909
- CVE-2026-34910: Ubiquiti UniFi OS Improper Input Validation Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-34910
- CVE-2025-67038:
Lantronix EDS5000 Code Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-67038 #CISA #infosec #vulnerability
🚨 [CISA-2026:0623] CISA Adds 4 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0623)
CISA has added 4 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2025-67038 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-67038)
- Name: Lantronix EDS5000 Code Injection Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Lantronix
- Product: EDS5000
- Notes: https://ltrxdev.atlassian.net/wiki/spaces/LTRXTS/pages/2538438657/Latest+Firmware+for+the+EDS5000+series+EDS5008+EDS5016+EDS5032 ; BOD 26-04: https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk ; Forensics Triage Requirements: https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk ; https://nvd.nist.gov/vuln/detail/CVE-2025-67038
⚠️ CVE-2026-34908 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34908)
- Name: Ubiquiti UniFi OS Improper Access Control Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Ubiquiti
- Product: UniFi OS
- Notes: https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b ; BOD 26-04: https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk ; Forensics Triage Requirements: https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk ; https://nvd.nist.gov/vuln/detail/CVE-2026-34908
⚠️ CVE-2026-34909 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34909)
- Name: Ubiquiti UniFi OS Path Traversal Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Ubiquiti
- Product: UniFi OS
- Notes: https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b ; BOD 26-04: https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk ; Forensics Triage Requirements: https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk ; https://nvd.nist.gov/vuln/detail/CVE-2026-34909
⚠️ CVE-2026-34910 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34910)
- Name: Ubiquiti UniFi OS Improper Input Validation Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Ubiquiti
- Product: UniFi OS
- Notes: https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b ; BOD 26-04: https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk ; Forensics Triage Requirements: https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk ; https://nvd.nist.gov/vuln/detail/CVE-2026-34910
#ZEN #SecDB #InfoSec #CVE #CISA_KEV #cisa_20260623 #cisa20260623 #cve_2025_67038 #cve_2026_34908 #cve_2026_34909 #cve_2026_34910 #cve202567038 #cve202634908 #cve202634909 #cve202634910
##CVE ID: CVE-2026-34909
Vendor: Ubiquiti
Product: UniFi OS
Date Added: 2026-06-23
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-34909
updated 2026-06-24T14:49:47.237000
4 posts
CISA Repoers Active Exploitation of Three Critical Ubiquiti UniFi OS Vulnerabilities
CISA added three critical Ubiquiti UniFi OS vulnerabilities (CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910) to its Known Exploited Vulnerabilities Catalog due to active exploitation. These flaws allow unauthenticated attackers to gain full control over network gateways and consoles through command injection and improper access controls.
**Now this advisory is urgent, since the flaws are actively exploited. Make sure all your UniFi devices (UDM, UNVR, UCG gateways, Cloud Keys, etc.) are isolated from the internet and accessible only from trusted networks. Immediately update UniFi OS to the latest patched version for your model (5.1.12+ for most hardware, 5.0.8 for UniFi OS Server, 4.0.14 for Express).**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/cisa-adds-three-critical-ubiquiti-unifi-os-vulnerabilities-to-kev-catalog-w-v-n-9-t/gD2P6Ple2L
CISA has updated the KEV catalogue:
- CVE-2026-34908: Ubiquiti UniFi OS Improper Access Control Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-34908
- CVE-2026-34909: Ubiquiti UniFi OS Path Traversal Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-34909
- CVE-2026-34910: Ubiquiti UniFi OS Improper Input Validation Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-34910
- CVE-2025-67038:
Lantronix EDS5000 Code Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-67038 #CISA #infosec #vulnerability
🚨 [CISA-2026:0623] CISA Adds 4 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0623)
CISA has added 4 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2025-67038 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-67038)
- Name: Lantronix EDS5000 Code Injection Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Lantronix
- Product: EDS5000
- Notes: https://ltrxdev.atlassian.net/wiki/spaces/LTRXTS/pages/2538438657/Latest+Firmware+for+the+EDS5000+series+EDS5008+EDS5016+EDS5032 ; BOD 26-04: https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk ; Forensics Triage Requirements: https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk ; https://nvd.nist.gov/vuln/detail/CVE-2025-67038
⚠️ CVE-2026-34908 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34908)
- Name: Ubiquiti UniFi OS Improper Access Control Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Ubiquiti
- Product: UniFi OS
- Notes: https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b ; BOD 26-04: https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk ; Forensics Triage Requirements: https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk ; https://nvd.nist.gov/vuln/detail/CVE-2026-34908
⚠️ CVE-2026-34909 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34909)
- Name: Ubiquiti UniFi OS Path Traversal Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Ubiquiti
- Product: UniFi OS
- Notes: https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b ; BOD 26-04: https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk ; Forensics Triage Requirements: https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk ; https://nvd.nist.gov/vuln/detail/CVE-2026-34909
⚠️ CVE-2026-34910 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34910)
- Name: Ubiquiti UniFi OS Improper Input Validation Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Ubiquiti
- Product: UniFi OS
- Notes: https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b ; BOD 26-04: https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk ; Forensics Triage Requirements: https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk ; https://nvd.nist.gov/vuln/detail/CVE-2026-34910
#ZEN #SecDB #InfoSec #CVE #CISA_KEV #cisa_20260623 #cisa20260623 #cve_2025_67038 #cve_2026_34908 #cve_2026_34909 #cve_2026_34910 #cve202567038 #cve202634908 #cve202634909 #cve202634910
##CVE ID: CVE-2026-34910
Vendor: Ubiquiti
Product: UniFi OS
Date Added: 2026-06-23
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-34910
updated 2026-06-24T14:17:30.287000
1 posts
CVE-2026-12850: CRITICAL OS command injection in GeoVision GV-I/O Box 4E v2.09 via libNetSetObj.so allows remote code execution. No patch — restrict access to DVRSearch & Network.cgi. Details: https://radar.offseq.com/threat/cve-2026-12850-cwe-78-improper-neutralization-of-s-4e66118ac7829bb3 #OffSeq #ICS #infosec #vulnerability
##updated 2026-06-24T09:30:46
1 posts
1 repos
pravel SignUp & SignIn (<=1.0.0) has a CRITICAL flaw (CVE-2026-12417): unauthenticated attackers can reset any WordPress user password, including admins. Remove or disable plugin until patch. https://radar.offseq.com/threat/cve-2026-12417-cwe-640-weak-password-recovery-mech-5dce018195eb2855 #OffSeq #WordPress #Vuln #CVE202612417
##updated 2026-06-24T09:30:46
1 posts
1 repos
CRITICAL (CVSS 9.8): CVE-2026-12416 impacts pravel Invoice Generator ≤1.0.0. Weak password reset lets unauthenticated attackers reset any user’s password, including admins. Restrict access or disable plugin. https://radar.offseq.com/threat/cve-2026-12416-cwe-640-weak-password-recovery-mech-e09858a3967d35a9 #OffSeq #WordPress #CVE #infosec
##updated 2026-06-24T06:31:51
1 posts
CVE-2026-12851: CRITICAL OS command injection in GeoVision GV-I/O Box 4E v2.09 via DVRSearch/Network.cgi allows remote code execution. Patch status pending — restrict access & monitor endpoints. https://radar.offseq.com/threat/cve-2026-12851-cwe-78-improper-neutralization-of-s-3964552d83f5f479 #OffSeq #Vulnerability #IoTSecurity #CVE #Security
##updated 2026-06-24T05:17:28.903000
1 posts
CVE-2026-47647 (CRITICAL, CVSS 9.9) affects Microsoft Dynamics 365: improper access control lets authorized users escalate privileges over the network. Fix applied by Microsoft server-side — admins should confirm updates. Details: https://radar.offseq.com/threat/cve-2026-47647-cwe-284-improper-access-control-in--2000e43e6c3db613 #OffSeq #Microsoft #Infosec #CVE
##updated 2026-06-24T05:17:28.290000
1 posts
CVE-2026-44914: HIGH severity in Apache NiFi (1.12.0 – 2.9.0). Missing authorization lets users with write access add restricted components. Upgrade to 2.9.0 or enforce specific controls. https://radar.offseq.com/threat/cve-2026-44914-cwe-862-missing-authorization-in-ap-41e3d5d03a56632c #OffSeq #NiFi #Vuln #Infosec
##updated 2026-06-24T05:17:25.670000
8 posts
CISA Reports Active Exploitation of Lantronix Flaws
CISA flagged an actively exploited critical flaw (CVE-2025-67038) in Lantronix EDS5000 v2.1.0.0R3 devices: an unauthenticated OS command injection in the HTTP RPC module that lets attackers gain root access and fully compromise the equipment.
**Make sure all Lantronix EDS5000 devices are isolated from the internet and accessible only from trusted networks, since this flaw lets attackers gain full root control without any login. Check your inventory for version 2.1.0.0R3, apply the latest firmware update from Lantronix, and because attackers can survive patches by creating rogue admin accounts, audit for unknown accounts and rotate any stored secrets after patching.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/cisa-adds-critical-ubiquiti-and-lantronix-flaws-to-kev-catalog-following-active-exploitation-o-d-j-f-r/gD2P6Ple2L
For the Boardroom: A critical unauthenticated code injection flaw (CVE-2025-67038) in Lantronix EDS5000 servers is under active exploitation. Read the full C-SUITE threat advisory on mitigating this operational risk. Ping the word 'ok' mike@thecybermind.co to upgrade your intel. https://thecybermind.co/jpul
#CyberSec #RiskManagement
CISA Warns of Active Exploitation of Lantronix EDS5000 Flaw
A critical code-injection flaw, CVE-2025-67038, has been discovered in Lantronix EDS5000 Series devices, allowing attackers to inject arbitrary OS commands with root privileges due to a lack of input sanitization in the HTTP RPC module. This vulnerability has a CVSS score of 9.8, indicating a high severity level.
#LantronixEds5000 #Cve202567038 #CodeInjection #IotVulnerabilities #EmergingThreats
##CISA Reports Active Exploitation of Lantronix Flaws
CISA flagged an actively exploited critical flaw (CVE-2025-67038) in Lantronix EDS5000 v2.1.0.0R3 devices: an unauthenticated OS command injection in the HTTP RPC module that lets attackers gain root access and fully compromise the equipment.
**Make sure all Lantronix EDS5000 devices are isolated from the internet and accessible only from trusted networks, since this flaw lets attackers gain full root control without any login. Check your inventory for version 2.1.0.0R3, apply the latest firmware update from Lantronix, and because attackers can survive patches by creating rogue admin accounts, audit for unknown accounts and rotate any stored secrets after patching.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/cisa-adds-critical-ubiquiti-and-lantronix-flaws-to-kev-catalog-following-active-exploitation-o-d-j-f-r/gD2P6Ple2L
For the Boardroom: A critical unauthenticated code injection flaw (CVE-2025-67038) in Lantronix EDS5000 servers is under active exploitation. Read the full C-SUITE threat advisory on mitigating this operational risk. Ping the word 'ok' mike@thecybermind.co to upgrade your intel. https://thecybermind.co/jpul
#CyberSec #RiskManagement
CISA has updated the KEV catalogue:
- CVE-2026-34908: Ubiquiti UniFi OS Improper Access Control Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-34908
- CVE-2026-34909: Ubiquiti UniFi OS Path Traversal Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-34909
- CVE-2026-34910: Ubiquiti UniFi OS Improper Input Validation Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-34910
- CVE-2025-67038:
Lantronix EDS5000 Code Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-67038 #CISA #infosec #vulnerability
🚨 [CISA-2026:0623] CISA Adds 4 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0623)
CISA has added 4 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2025-67038 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-67038)
- Name: Lantronix EDS5000 Code Injection Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Lantronix
- Product: EDS5000
- Notes: https://ltrxdev.atlassian.net/wiki/spaces/LTRXTS/pages/2538438657/Latest+Firmware+for+the+EDS5000+series+EDS5008+EDS5016+EDS5032 ; BOD 26-04: https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk ; Forensics Triage Requirements: https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk ; https://nvd.nist.gov/vuln/detail/CVE-2025-67038
⚠️ CVE-2026-34908 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34908)
- Name: Ubiquiti UniFi OS Improper Access Control Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Ubiquiti
- Product: UniFi OS
- Notes: https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b ; BOD 26-04: https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk ; Forensics Triage Requirements: https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk ; https://nvd.nist.gov/vuln/detail/CVE-2026-34908
⚠️ CVE-2026-34909 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34909)
- Name: Ubiquiti UniFi OS Path Traversal Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Ubiquiti
- Product: UniFi OS
- Notes: https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b ; BOD 26-04: https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk ; Forensics Triage Requirements: https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk ; https://nvd.nist.gov/vuln/detail/CVE-2026-34909
⚠️ CVE-2026-34910 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34910)
- Name: Ubiquiti UniFi OS Improper Input Validation Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Ubiquiti
- Product: UniFi OS
- Notes: https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b ; BOD 26-04: https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk ; Forensics Triage Requirements: https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk ; https://nvd.nist.gov/vuln/detail/CVE-2026-34910
#ZEN #SecDB #InfoSec #CVE #CISA_KEV #cisa_20260623 #cisa20260623 #cve_2025_67038 #cve_2026_34908 #cve_2026_34909 #cve_2026_34910 #cve202567038 #cve202634908 #cve202634909 #cve202634910
##CVE ID: CVE-2025-67038
Vendor: Lantronix
Product: EDS5000
Date Added: 2026-06-23
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-67038
updated 2026-06-24T03:31:40
1 posts
CVE-2026-11807 (CRITICAL, CVSS 9.6) affects Red Hat Ansible Automation Platform 2.5: missing authorization in EDA websocket API lets any authenticated user access plaintext credentials. Patch immediately. https://radar.offseq.com/threat/cve-2026-11807-missing-authorization-in-red-hat-re-1c4967af375a0bf5 #OffSeq #RedHat #Ansible #Vuln
##updated 2026-06-23T19:34:58.770000
1 posts
CVE-2026-54317 - Authentication Bypass in Home Assistant. Konnected integration exposes an unauthenticated HTTP endpoint allowing unauthorized write requests. CVSS 7.6. Update to 2026.6.0 immediately. #CVE #HomeAssistant #infosec
##updated 2026-06-23T19:17:12.450000
1 posts
CVE-2026-7664 (CRITICAL, CVSS 9.8): IBM Langflow OSS 1.0.0 – 1.8.4 has an improper auth flaw in MCP endpoint, allowing unauthenticated access to protected resources. Patch status unknown — monitor IBM advisories. https://radar.offseq.com/threat/cve-2026-7664-cwe-287-improper-authentication-in-i-c216bd5b6f57089f #OffSeq #CVE #IBM #infosec
##updated 2026-06-23T16:04:55.583000
1 posts
CVE-2026-48979 - HTTP/2 request smuggling in PHP standard library (PSL). Unvalidated DATA frame bytes allow content overflow. CVSS 7.5. No patch yet; disable PSL H2 servers or upgrade if fix released. #CVE #PHP #infosec
##updated 2026-06-23T15:42:30.483000
1 posts
CVE-2026-12866 | CRITICAL severity in expr-eval (all versions): Arbitrary code execution via toJSFunction() API. No patch yet — avoid untrusted input. Risk: full app compromise. Details: https://radar.offseq.com/threat/cve-2026-12866-code-execution-in-expr-eval-90f740bedba0af48 #OffSeq #infosec #security #CVE202612866
##updated 2026-06-23T15:37:54.137000
1 posts
CVE-2026-44727: CRITICAL XSS in jupyter_server <2.20. Malicious notebooks can lead to cookie theft & remote code execution due to missing CSP sandboxing. Upgrade to 2.20+ to secure your server. Details: https://radar.offseq.com/threat/cve-2026-44727-cwe-79-improper-neutralization-of-i-2f84cbe7cd47cddc #OffSeq #XSS #Jupyter #Security
##updated 2026-06-23T09:32:28
3 posts
CVE-2026-10521 (HIGH, CVSS 8.6) in mbCONNECT24: Remote attackers with high privileges can access hidden configs, risking full system compromise. No patch yet — restrict access & monitor vendor updates. https://radar.offseq.com/threat/cve-2026-10521-cwe-425-direct-request-forced-brows-d20bd7167efa941e #OffSeq #Vulnerability #ICS #Security
###OT #Advisory VDE-2026-070
Helmholz: Authenticated unintended access to critical program parameters in myREX24V2/myREX24V2.virtual
There is a vulnerability in myREX24V2/myREX24V2.virtual that allows an authenticated remote attacker to access a hidden configuration method, that should not be accessible by any user, to modify critical program parameters.
#CVE CVE-2026-10521
https://certvde.com/en/advisories/vde-2026-070/
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-070.json
###OT #Advisory VDE-2026-068
MB connect line: Authenticated unintended access to critical program parameters in mbCONNECT24/mymbCONNECT24
There is a vulnerability in mbCONNECT24/mymbCONNECT24 that allows an authenticated remote attacker to access a hidden configuration method, that should not be accessible by any user, to modify critical program parameters.
#CVE CVE-2026-10521
https://certvde.com/en/advisories/vde-2026-068/
#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-068.json
##updated 2026-06-23T09:32:28
1 posts
Zoho ManageEngine ADSelfService Plus hit by CRITICAL CVE-2026-11374: predictable SSO tickets enable unauthenticated account takeover. No patch yet — monitor advisories and review exposure. https://radar.offseq.com/threat/cve-2026-11374-cwe-340-generation-of-predictable-n-3400726b0246539c #OffSeq #Zoho #Vuln #SSO #Infosec
##updated 2026-06-23T05:17:05.117000
1 posts
CVE-2026-6645 (HIGH, CVSS 7.3) affects PaperCut Print Deploy for Windows. Insecure search path in pc-printer-updater.exe lets local attackers execute malicious code as SYSTEM. Audit directories & monitor for suspicious files. https://radar.offseq.com/threat/cve-2026-6645-cwe-427-uncontrolled-search-path-ele-06fc150344a496a3 #OffSeq #CVE20266645 #infosec
##updated 2026-06-23T03:31:48
1 posts
Yokogawa FAST/TOOLS & CI Server (R9.01 – R10.04, R1.01 – R1.04) affected by HIGH severity CVE-2026-11833 (CVSS 8.2): config data sent in cleartext 🛡️. Limit access, monitor advisories. https://radar.offseq.com/threat/cve-2026-11833-cwe-319-cleartext-transmission-of-s-bc44d4c0b280a67c #OffSeq #ICS #Vuln #Cybersecurity
##updated 2026-06-23T03:16:40.677000
2 posts
3 repos
https://github.com/Polosss/By-Poloss..-..CVE-2026-11551-PoC
🔴 CVE-2026-11551 - Critical (9.8)
The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.29. This is due to the plugin not properly validating a user's identity prior to updating their password. This mak...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-11551/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##CVE-2026-11551: CRITICAL (CVSS 9.8) privilege escalation in wpmudev Branda ≤3.4.29. Weak password recovery lets unauthenticated attackers reset admin passwords. No patch. Restrict or disable plugin, monitor activity. https://radar.offseq.com/threat/cve-2026-11551-cwe-640-weak-password-recovery-mech-4f398affc6b799d5 #OffSeq #WordPress #Vuln #BlueTeam
##updated 2026-06-22T20:31:03.510000
4 posts
3 repos
https://github.com/HORKimhab/CVE-2026-8461
PixelSmash CVE-2026-8461: The Tiny Video File Flaw That Could Give Attackers Control Over FFmpeg Systems + Video
Introduction: When a Simple Video Preview Becomes a Security Threat Modern technology depends heavily on invisible software layers that most users never notice. Every time a computer creates a video thumbnail, a media server organizes a library, or an artificial intelligence system analyzes a clip, powerful multimedia engines are working silently in the…
##PixelSmash Vulnerability in FFmpeg Enables Remote Code Execution
FFmpeg version 8.1.2 patches a high-severity heap overflow (CVE-2026-8461) in the MagicYUV decoder that allows attackers to execute arbitrary code via malicious video files. The flaw impacts a wide range of media applications, including Jellyfin and Nextcloud.
**Update FFmpeg to version 8.1.2 or later immediately to close the PixelSmash flaw (CVE-2026-8461), and update any apps that bundle it like Jellyfin, Nextcloud, Kodi, or OBS. If you can't update right away, restrict file uploads to trusted users only and isolate any servers that automatically scan or process media files.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/pixelsmash-vulnerability-in-ffmpeg-enables-remote-code-execution-p-9-m-z-b/gD2P6Ple2L
Foi descoberta uma vulnerabilidade crítica na biblioteca FFmpeg, denominada PixelSmash, que pode permitir a execução remota de código em servidores Jellyfin e causar a negação de serviço em plataformas como Kodi. A falha, identificada como CVE-2026-8461, recebeu uma pontuação de gravidade significativa. 💻
##FFmpeg MagicYUV decoder CRITICAL heap out-of-bounds bug (CVE-2026-8461): AVI/MKV/MOV files can trigger DoS or RCE in apps like Jellyfin, Nextcloud. Patch to 8.1.2 ASAP. https://radar.offseq.com/threat/ffmpeg-fixes-pixelsmash-flaw-in-widely-used-video--5ccb783d6ccf419b #OffSeq #FFmpeg #CVE20268461 #infosec
##updated 2026-06-22T20:23:26.770000
1 posts
🟠 CVE-2026-12044 - High (8.8)
SQL injection in pgAdmin 4 across every dialog template that renders ``COMMENT ON ... IS ''`` for a user-supplied description field. The Jinja templates for Domains (and their constraints), Foreign Tables, Languages, and Event Triggers, plus the V...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-12044/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-22T20:18:53.300000
1 posts
CVE-2026-11717: CRITICAL vuln in googleapis/mcp-toolbox v1.0.0. Improper auth check lets tokens without 'active' field bypass controls — unauthorized access risk. Patch unconfirmed, monitor advisories: https://radar.offseq.com/threat/cve-2026-11717-cwe-287-improper-authentication-in--13893f570bf80e27 #OffSeq #CVE202611717 #OAuth2 #CloudSecurity
##updated 2026-06-22T20:17:59.447000
1 posts
CVE-2026-12581 (HIGH): Digiwin EasyFlow .NET is exposed to session fixation — attackers can hijack user sessions after login. No patch yet; apply session controls & monitor activity. Details: https://radar.offseq.com/threat/cve-2026-12581-cwe-384-session-fixation-in-digiwin-3cbe5111cc31a62c #OffSeq #vulnerability #infosec #security
##updated 2026-06-22T20:17:59.447000
1 posts
CVE-2026-54414: Critical path traversal in FileRise <3.16.0 allows attackers with a valid shared-folder upload link to write files outside the intended dir — can lead to admin takeover & RCE. Patch to 3.16.0+ ASAP. https://radar.offseq.com/threat/cve-2026-54414-cwe-22-improper-limitation-of-a-pat-b161bf82d6c29f3c #OffSeq #vuln #FileRise
##updated 2026-06-22T18:43:49.900000
1 posts
libssh2 Vulnerabilities Enable Remote Code Execution and Denial of Service
libssh2 disclosed two vulnerabilities, including a critical out-of-bounds write (CVE-2026-55200) and a high-severity denial of service (CVE-2026-55199), affecting versions up to 1.11.1. These flaws allow malicious servers to execute code on connecting clients or cause resource exhaustion.
**Plan to update libssh2 to a patched build as soon as a fixed release is available. In the meantime audit your tools (curl/libcurl, PHP ssh2 extension, monitoring utilities, IoT firmware) for the vulnerable library versions up to 1.11.1. Only connect to SSH servers you trust and isolate sensitive management interfaces so they're reachable from trusted networks only, since a malicious server can now attack your client.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/libssh2-vulnerabilities-enable-remote-code-execution-and-denial-of-service-k-v-c-g-d/gD2P6Ple2L
updated 2026-06-22T18:40:05.833000
1 posts
CVE-2026-56382: HIGH severity RCE in Craft CMS (5.5.0 – 5.9.13). Authenticated admins can inject code via FieldsController, leaking sensitive env vars. Patch now by upgrading to 5.9.14+. https://radar.offseq.com/threat/cve-2026-56382-improper-control-of-generation-of-c-a60c46eab20e347b #OffSeq #CraftCMS #RCE #Vuln
##updated 2026-06-22T18:38:02.507000
1 posts
Vitepos WordPress plugin <3.4.2 has a HIGH severity privilege escalation vuln (CVE-2026-8157). Auth users with custom Vitepos roles can become admins via REST API. Restrict API access & monitor for patches. https://radar.offseq.com/threat/cve-2026-8157-cwe-269-improper-privilege-managemen-ad086b248eb210ce #OffSeq #WordPress #CVE20268157 #Infosec
##updated 2026-06-22T18:34:24
1 posts
CVE-2026-10789: CRITICAL code injection in Autodesk Fusion MCP ext (v2703.1.11). Visiting a crafted page can lead to arbitrary code execution with user rights. Update guidance pending. https://radar.offseq.com/threat/cve-2026-10789-cwe-94-improper-control-of-generati-267c2476d8e09380 #OffSeq #Vulnerability #Autodesk #CVE2026_10789
##updated 2026-06-22T18:16:50.207000
1 posts
CVE-2026-56448 (HIGH, CVSS 8.3) in ail framework v0: Authenticated users can exploit path traversal to access files beyond intended dirs. Restrict permissions & monitor file access until patch is released. https://radar.offseq.com/threat/cve-2026-56448-cwe-22-improper-limitation-of-a-pat-b86f90bac29cd4fa #OffSeq #CyberSecurity #Vuln #PathTraversal
##updated 2026-06-22T18:16:37.293000
2 posts
⚠️ CRITICAL: Data Exposure Flaws Threaten Dify AI Platform Used by 1 Million Apps
Four critical vulnerabilities in Dify AI platform (CVE-2026-41947, CVE-2026-41948, CVE-2026-41950) enable unauthorized access to private chats, cross-tenant document theft, and lateral API calls across multi-tenant environments. The platform powers 1 million applications, making this a widespread s…
##⚠️ CRITICAL: Data Exposure Flaws Threaten Dify AI Platform Used by 1 Million Apps
Four critical vulnerabilities in Dify AI platform (CVE-2026-41947, CVE-2026-41948, CVE-2026-41950) enable unauthorized access to private chats, cross-tenant document theft, and lateral API calls across multi-tenant environments. The platform powers 1 million applications, making this a widespread s…
##updated 2026-06-22T18:16:37.033000
2 posts
⚠️ CRITICAL: Data Exposure Flaws Threaten Dify AI Platform Used by 1 Million Apps
Four critical vulnerabilities in Dify AI platform (CVE-2026-41947, CVE-2026-41948, CVE-2026-41950) enable unauthorized access to private chats, cross-tenant document theft, and lateral API calls across multi-tenant environments. The platform powers 1 million applications, making this a widespread s…
##⚠️ CRITICAL: Data Exposure Flaws Threaten Dify AI Platform Used by 1 Million Apps
Four critical vulnerabilities in Dify AI platform (CVE-2026-41947, CVE-2026-41948, CVE-2026-41950) enable unauthorized access to private chats, cross-tenant document theft, and lateral API calls across multi-tenant environments. The platform powers 1 million applications, making this a widespread s…
##updated 2026-06-22T18:16:36.883000
2 posts
⚠️ CRITICAL: Data Exposure Flaws Threaten Dify AI Platform Used by 1 Million Apps
Four critical vulnerabilities in Dify AI platform (CVE-2026-41947, CVE-2026-41948, CVE-2026-41950) enable unauthorized access to private chats, cross-tenant document theft, and lateral API calls across multi-tenant environments. The platform powers 1 million applications, making this a widespread s…
##⚠️ CRITICAL: Data Exposure Flaws Threaten Dify AI Platform Used by 1 Million Apps
Four critical vulnerabilities in Dify AI platform (CVE-2026-41947, CVE-2026-41948, CVE-2026-41950) enable unauthorized access to private chats, cross-tenant document theft, and lateral API calls across multi-tenant environments. The platform powers 1 million applications, making this a widespread s…
##updated 2026-06-22T16:43:14.450000
1 posts
CVE-2026-9843: HIGH severity (CVSS 8.1) path traversal in crmperks Database for Contact Form 7, WPforms, Elementor forms (≤1.5.1). Unauthenticated file deletion possible if admin interacts with malicious entries. Restrict access, monitor logs. https://radar.offseq.com/threat/cve-2026-9843-cwe-22-improper-limitation-of-a-path-a3dfc4d21233784d #OffSeq #WordPress #CVE20269843 #BlueTeam
##updated 2026-06-22T15:30:52
1 posts
IBM Langflow OSS v1.0.0 – 1.9.3 hit by CRITICAL code injection (CVE-2026-10561, CVSS 10). Auth bypass enables unauth'd RCE & total compromise. No patch yet — track IBM advisories for updates. https://radar.offseq.com/threat/cve-2026-10561-cwe-94-improper-control-of-generati-066ce4d0e72e70d2 #OffSeq #Infosec #CVE202610561
##updated 2026-06-22T15:30:46
1 posts
Gaudire Assassin game hit by CRITICAL vuln (CVE-2026-7166, CVSS 9.2): API & DB leak emails, phone numbers, and sensitive user info (including minors). No auth needed. Restrict access & monitor for fixes. https://radar.offseq.com/threat/cve-2026-7166-cwe-200-exposure-of-sensitive-inform-03389a53b48f2bff #OffSeq #CVE20267166 #infosec #dataleak
##updated 2026-06-22T14:31:46.277000
2 posts
New advisory.
This relates to critical CVE-2026-20181 and CVE-2026-20190 vulnerabilities, published on the 17th.
Cisco: CRITICAL: Cisco Identity Services Engine Remote Code Execution and Information Disclosure Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-G5WP8vv @TalosSecurity #Cisco #infosec #vulnerability
##Cisco Patches Critical Root RCE and Credential Theft Flaws in ISE
Cisco patched a critical root RCE vulnerability (CVE-2026-20181) and a high-severity information disclosure flaw (CVE-2026-20190) in its Identity Services Engine. These vulnerabilities allow authenticated root access or theft of hashed credentials.
**Make sure your Cisco ISE and ISE-PIC systems are isolated from the internet and reachable only from trusted management networks. Apply the latest patches immediately (ISE 3.3 Patch 11, 3.4 Patch 6, or 3.5 Patch 3) and for the 3.5 command-execution fix, request the hotfix from Cisco TAC now. Don't wait for Patch 4 in August 2026.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/cisco-patches-critical-root-rce-and-credential-theft-flaws-in-ise-o-v-f-q-7/gD2P6Ple2L
updated 2026-06-22T14:17:41.693000
2 posts
updated 2026-06-21T21:31:04
1 posts
CVE-2026-12806: HIGH severity buffer overflow in Edimax BR-6478AC V2 (fw 1.23). Remote exploitation possible, no patch available. Limit access & watch for updates. https://radar.offseq.com/threat/cve-2026-12806-buffer-overflow-in-edimax-br-6478ac-e0054e5a0ac822a3 #OffSeq #Vulnerability #RouterSecurity #Infosec
##updated 2026-06-21T15:31:31
1 posts
CVE-2026-56394: HIGH severity path traversal in Craft CMS 4.0.0-RC1 & 5.0.0-RC1. Authenticated attackers can read local files via assets/icon endpoint. Restrict access & monitor activity. No patch yet. https://radar.offseq.com/threat/cve-2026-56394-improper-limitation-of-a-pathname-t-139f3a46ea00069e #OffSeq #CraftCMS #Vuln #PathTraversal
##updated 2026-06-21T15:31:31
1 posts
Go fuck some shit up, y'all: https://db.gcve.eu/vuln/cve-2026-56265
##updated 2026-06-21T09:30:57
1 posts
UltraISO Premium Edition ≤9.76 hit by HIGH severity vuln (CVE-2026-12786) in bootpt64.sys — local attackers can bypass kernel access controls. No patch yet. Restrict local access & monitor activity. https://radar.offseq.com/threat/cve-2026-12786-improper-access-controls-in-ezbsyst-f7dadfd56c360b89 #OffSeq #Vulnerability #InfoSec #UltraISO
##updated 2026-06-21T09:30:51
1 posts
CVE-2026-12784 | HIGH severity in IM-Magic Partition Resizer ≤7.9.0: improper access controls in MDA_NTDRV.sys kernel driver. Local exploit is public. Restrict access or remove vulnerable versions. https://radar.offseq.com/threat/cve-2026-12784-improper-access-controls-in-im-magi-c8e575e26aa27402 #OffSeq #Vulnerability #SysSec #CVE2026
##updated 2026-06-21T09:30:50
1 posts
CVE-2026-12781 (HIGH, CVSS 8.5) found in EaseUS Partition Master 14.0 – 14.5: improper access controls in kernel driver epmntdrv.sys enable local privilege escalation. Upgrade to latest version ASAP. https://radar.offseq.com/threat/cve-2026-12781-improper-access-controls-in-easeus--0c0fae83fd7ebb81 #OffSeq #Vulnerability #PrivilegeEscalation #CyberSecurity
##updated 2026-06-21T09:30:50
1 posts
CVE-2026-12782: HIGH severity vuln in EaseUS Partition Master (14.0 – 14.5). Improper access in kernel driver (EUEDKEPM.sys), local attack, public exploit out. Upgrade ASAP. Details: https://radar.offseq.com/threat/cve-2026-12782-improper-access-controls-in-easeus--1339881f4c691ee7 #OffSeq #Vulnerability #InfoSec #CVE202612782
##updated 2026-06-21T09:30:50
1 posts
OpenBSD MPLS kernel stack leaks remotely (CVE-2026-56099) https://pop.argus-systems.ai/advisory/adv-040.html
##updated 2026-06-21T09:30:49
1 posts
Apple Patches Beats Studio Buds Eavesdropping Flaw
Apple patched a high-severity flaw (CVE-2025-20701) in Beats Studio Buds that allowed nearby attackers to eavesdrop via the microphone.
**Update your Beats Studio Buds firmware immediately to version 1B211 to prevent unauthorized microphone access.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/apple-patches-beats-studio-buds-eavesdropping-flaw-4-l-h-1-u/gD2P6Ple2L
updated 2026-06-21T06:32:15
1 posts
AOMEI Dynamic Disk Manager ≤10.10.1: CVE-2026-12779 (HIGH, CVSS 8.5) allows local privilege abuse via improper access controls in ddmdrv.sys. Exploit is public, no patch available. Restrict access & monitor systems. https://radar.offseq.com/threat/cve-2026-12779-improper-access-controls-in-aomei-d-5bbdcb6786a305ad #OffSeq #CVE202612779 #vuln #cybersecurity
##updated 2026-06-21T06:32:14
1 posts
CVE-2026-12780: HIGH severity vuln in AOMEI Backupper ≤8.3.0. Local attackers can abuse improper access controls in amwrtdrv.sys for potential privilege escalation. No patch available — limit local access & watch for updates. https://radar.offseq.com/threat/cve-2026-12780-improper-access-controls-in-aomei-b-bd5bc4597d816b66 #OffSeq #Vuln #AOMEI
##updated 2026-06-21T06:32:14
1 posts
CVE-2026-12774: SSRF in BerriAI litellm v1.82.0 – 1.82.2 (MEDIUM, CVSS 5.3). Remote attackers can manipulate server requests via _execute_with_mcp_client. No patch yet — monitor vendor advisories. https://radar.offseq.com/threat/cve-2026-12774-server-side-request-forgery-in-berr-96b3ed54597a7e96 #OffSeq #Infosec #SSRF #Vuln
##updated 2026-06-20T18:31:35
1 posts
CVE-2026-5366 (CRITICAL, CVSS 9.9): prefecthq/prefect 3.6.23 lets users with deployment creation rights inject git flags via commit_sha/directories in GitRepository, enabling remote code exec. Restrict permissions & monitor updates. https://radar.offseq.com/threat/cve-2026-5366-cwe-94-improper-control-of-generatio-ef5838b1259ff631 #OffSeq #CVE20265366 #infosec
##updated 2026-06-20T15:32:32
1 posts
If your WooCommerce store is running below version 7.1.0, I'd update it today. CVE-2022-50972 carries a CVSS score of 9.8 out of 10 — meaning an attacker can gain full admin control, access every customer record, and wipe your database entirely. No patch exists for older versions. Updating is the only viable option right now.
#WordPress #WooCommerce #SecurityHardening #CVE #WordPressSecurity
https://wpguy.uk/blog/critical-vulnerability-in-woocommerce-woocommerce-woocommerce-710-unfixed/
##updated 2026-06-20T15:32:23
1 posts
1 repos
JoomShaper SP LMS for Joomla (v1.0.0 – 4.1.3) hit by CRITICAL vuln (CVE-2026-48909): unsafe cookie deserialization enables unauth RCE. No patch yet — restrict access & monitor traffic. Details: https://radar.offseq.com/threat/cve-2026-48909-cwe-502-deserialization-of-untruste-b0460f6997894c12 #OffSeq #Joomla #CVE #infosec
##updated 2026-06-20T09:33:32
1 posts
1 repos
CVE-2026-11912: HIGH severity vulnerability in eemitch Simple File List ≤6.3.7 lets unauthenticated attackers modify/delete server files due to missing auth checks. No patch yet — restrict or disable plugin. https://radar.offseq.com/threat/cve-2026-11912-cwe-862-missing-authorization-in-ee-9819171d864aac20 #OffSeq #WordPress #vuln
##updated 2026-06-20T09:33:32
1 posts
CVE-2026-11911: HIGH severity path traversal in eemitch Simple File List (≤6.3.7). Unauth attackers can delete files via exposed AJAX action, risking RCE. Restrict admin-ajax.php or disable plugin. Details: https://radar.offseq.com/threat/cve-2026-11911-cwe-22-improper-limitation-of-a-pat-c1bb6257a58c2645 #OffSeq #WordPress #Security
##updated 2026-06-20T00:34:15
1 posts
🟠 CVE-2026-56082 - High (7.5)
Capgo (Cap-go/capgo) before 12.128.2 contains an improper access control vulnerability in the SECURITY DEFINER PostgREST RPC function public.record_build_time, which is granted to the anon role and callable with only the public Supabase publishabl...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-56082/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-20T00:34:14
2 posts
CRITICAL: Cap-go capgo (<12.128.2) hit by CVE-2026-56081. Attackers can register with victim emails pre-verification, enable 2FA, and fully take over accounts — including org policy control. No patch confirmed. Monitor new signups. https://radar.offseq.com/threat/cve-2026-56081-weak-password-recovery-mechanism-fo-0cc6e5efaf2e4722 #OffSeq #CVE202656081 #Infosec
##🔴 CVE-2026-56081 - Critical (9.1)
Cap-go before 12.128.2 contains an authentication logic flaw that lets an attacker register and control an account bound to a victim's email address before that email is verified. By enabling two-factor authentication on the pre-registered account...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-56081/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-20T00:34:08
1 posts
CVE-2026-56073 (CRITICAL) affects Cap-go capgo <12.128.2: Insufficient data authenticity checks allow OTP bypass, enabling attackers to activate 2FA & take over accounts. No patch yet — monitor vendor updates. https://radar.offseq.com/threat/cve-2026-56073-insufficient-verification-of-data-a-d7403d6896f5b084 #OffSeq #CVE #Infosec #AppSec
##updated 2026-06-19T21:16:42.893000
1 posts
⚪️ Critical Copilot bug allowed theft of two-factor authentication codes
🗨️ In early June, Microsoft engineers announced that they had fixed a critical vulnerability, CVE-2026-42824. Now specialists from Varonis have revealed the details of this issue and described an attack that has been dubbed SearchLeak. As it turned out, the vulnerability…
##updated 2026-06-19T19:35:24
1 posts
containerd released 2.3.2, 2.2.5, 2.1.9, 2.0.10 and 1.7.33 on June 18, fixing five CVEs in the CRI plugin that AWS reported. CVE-2026-50195 lets a poisoned checkpoint import swap an image reference; companion flaws cover CDI annotation smuggling and host-root command execution during restore and image pulls. If you run Kubernetes on containerd, which of these branches do you still ship?
##updated 2026-06-19T06:32:02
1 posts
CVE-2026-8713: CRITICAL path traversal (CVSS 9.1) in Avada (Fusion) Builder ≤3.15.3. Unauthenticated file deletion possible; RCE risk if wp-config.php is removed. Restrict access, monitor usage, check vendor for fixes. https://radar.offseq.com/threat/cve-2026-8713-cwe-22-improper-limitation-of-a-path-82beab53eaced0fc #OffSeq #WordPress #Infosec
##updated 2026-06-19T06:32:02
1 posts
2 repos
CVE-2026-7515 | CRITICAL LFI in BetterDocs Pro ≤3.8.0: Unauthenticated attackers can execute arbitrary PHP via doc_style, risking full server compromise. Patch status unknown — check vendor. https://radar.offseq.com/threat/cve-2026-7515-cwe-98-improper-control-of-filename--18dc28a9a40e8b75 #OffSeq #WordPress #Vulnerability #CVE20267515
##updated 2026-06-19T00:31:46
1 posts
🔴 CVE-2026-40624 - Critical (9.8)
Improper input validation in AVer PTC500S, PTC115, PTC500+, and PTC115+
cameras may allow a remote, unauthenticated attacker to achieve
arbitrary code execution via a specially crafted web request.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40624/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-19T00:31:46
1 posts
🔴 CVE-2026-12048 - Critical (9.3)
Stored cross-site scripting in pgAdmin 4's error-rendering and plan-node-rendering paths. Text returned by a PostgreSQL server (ErrorResponse messages, including object names quoted back inside relation-does-not-exist errors and inside EXPLAIN Rec...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-12048/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-19T00:31:41
1 posts
Microsoft Cost Management is affected by CVE-2026-47633 (HIGH, CVSS 7.5) — remote attackers can access sensitive info with no auth or user interaction. Patch available: https://radar.offseq.com/threat/cve-2026-47633-cwe-200-exposure-of-sensitive-infor-9882c245b9fe08eb #OffSeq #Microsoft #CVE #BlueTeam
##updated 2026-06-19T00:31:41
1 posts
Microsoft 365 Copilot hit by CVE-2026-54130 (CRITICAL, CVSS 9.8): Missing authentication lets attackers disclose info over the network. Official fix deployed — verify your cloud service is updated. 📢 https://radar.offseq.com/threat/cve-2026-54130-cwe-306-missing-authentication-for--8486327e51e4c768 #OffSeq #Microsoft365 #CVE #CloudSecurity
##updated 2026-06-18T21:33:34
1 posts
📈 CVE Published in last days (2026-06-15 - 2026-06-15)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs:
Severity:
- Critical: 374
- High: 827
- Medium: 471
- Low: 67
- None: 235
Status:
- : 204
- Analyzed: 394
- Awaiting Analysis: 88
- Deferred: 744
- Modified: 35
- Received: 417
- Rejected: 14
- Undergoing Analysis: 78
CISA KEVs:
- CISA-2026:0615 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0615)
- CISA-2026:0616 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0616)
- CISA-2026:0618 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0618)
Top CNAs:
- Patchstack: 489
- Oracle: 240
- N/A: 204
- VulnCheck: 202
- GitHub, Inc.: 133
- MITRE: 84
- Wordfence: 64
- VulDB: 49
- Mozilla Corporation: 44
- Google Devices: 39
Top Affected Products:
- UNKNOWN: 1471
- Google Android: 55
- Mozilla Thunderbird: 42
- Mozilla Firefox: 42
- Google Chrome: 33
- Oracle Webcenter Content: 32
- Openclaw: 27
- Oracle Jd Edwards Enterpriseone Tools: 14
- Oracle Enterprise Manager Base Platform: 14
- Oracle Weblogic Server: 13
Top EPSS Score:
- CVE-2026-11409 - 2.79 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-11409)
- CVE-2026-11410 - 2.79 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-11410)
- CVE-2026-12197 - 2.38 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-12197)
- CVE-2026-53876 - 1.79 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-53876)
- CVE-2026-50871 - 1.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-50871)
- CVE-2026-12223 - 1.53 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-12223)
- CVE-2026-12219 - 1.52 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-12219)
- CVE-2026-38065 - 1.35 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-38065)
- CVE-2026-20262 - 1.15 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20262)
- CVE-2026-50874 - 1.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-50874)
updated 2026-06-18T21:33:34
1 posts
📈 CVE Published in last days (2026-06-15 - 2026-06-15)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs:
Severity:
- Critical: 374
- High: 827
- Medium: 471
- Low: 67
- None: 235
Status:
- : 204
- Analyzed: 394
- Awaiting Analysis: 88
- Deferred: 744
- Modified: 35
- Received: 417
- Rejected: 14
- Undergoing Analysis: 78
CISA KEVs:
- CISA-2026:0615 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0615)
- CISA-2026:0616 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0616)
- CISA-2026:0618 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0618)
Top CNAs:
- Patchstack: 489
- Oracle: 240
- N/A: 204
- VulnCheck: 202
- GitHub, Inc.: 133
- MITRE: 84
- Wordfence: 64
- VulDB: 49
- Mozilla Corporation: 44
- Google Devices: 39
Top Affected Products:
- UNKNOWN: 1471
- Google Android: 55
- Mozilla Thunderbird: 42
- Mozilla Firefox: 42
- Google Chrome: 33
- Oracle Webcenter Content: 32
- Openclaw: 27
- Oracle Jd Edwards Enterpriseone Tools: 14
- Oracle Enterprise Manager Base Platform: 14
- Oracle Weblogic Server: 13
Top EPSS Score:
- CVE-2026-11409 - 2.79 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-11409)
- CVE-2026-11410 - 2.79 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-11410)
- CVE-2026-12197 - 2.38 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-12197)
- CVE-2026-53876 - 1.79 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-53876)
- CVE-2026-50871 - 1.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-50871)
- CVE-2026-12223 - 1.53 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-12223)
- CVE-2026-12219 - 1.52 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-12219)
- CVE-2026-38065 - 1.35 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-38065)
- CVE-2026-20262 - 1.15 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20262)
- CVE-2026-50874 - 1.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-50874)
updated 2026-06-18T18:35:31
1 posts
:blobcat_thisisfine:
https://nvd.nist.gov/vuln/detail/CVE-2026-55203
sev:CRIT 9.0 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N
##HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgi_conn structure's drl field that allows buffer misparse as new FCGI record headers. When contentLength is 65535 and paddingLength is 1 or more, the drl field wraps to 0, causing incorrect record consumption and allowing malicious FastCGI backends to desynchronize the FCGI framing parser, potentially causing request routing errors, response smuggling, or memory safety issues.
updated 2026-06-18T18:35:31
3 posts
lol. lmao.
https://nvd.nist.gov/vuln/detail/CVE-2026-54103
##The U.S. Government Accountability Office (GAO) Electronic Protest Docketing System (EPDS) and Civilian Board of Contract Appeals (CBCA) Electronic Docketing System (EDS) does not authenticate password change requests to the '/update-profile/N' API endpoint. A remote, unauthenticated attacker could change an arbitrary user's password.
https://db.gcve.eu/vuln/cve-2026-54103
https://db.gcve.eu/vuln/cve-2026-54104
:blobcatthinkingglare:
##CVE-2026-54103 (CRITICAL, CVSS 9.8): GAO EPDS & CBCA EDS lack authentication on password change API, enabling remote takeover. No patch yet. Restrict access, monitor logs. Details: https://radar.offseq.com/threat/cve-2026-54103-cwe-306-missing-authentication-for--c02db531e70d9ca2 #OffSeq #Vuln #CVE202654103 #GovSec
##updated 2026-06-18T18:35:31
1 posts
CRITICAL: CVE-2026-54390 in JTL Shop (5.2.0 – 5.7.1) enables unauthenticated template injection. Attackers can extract secrets; RCE possible in 5.4.0+. No patch yet — restrict access & monitor logs. https://radar.offseq.com/threat/cve-2026-54390-improper-neutralization-of-special--56e42e7fa37d20ee #OffSeq #CVE202654390 #infosec #websecurity
##updated 2026-06-18T18:35:18
11 posts
3 repos
https://github.com/0xBlackash/CVE-2026-20253
https://github.com/watchtowrlabs/watchTowr-vs-Splunk-CVE-2026-20253
⚠️ CRITICAL: CISA: Splunk Enterprise flaw actively exploited, patch by Sunday
CVE-2026-20253 in Splunk Enterprise is actively exploited in the wild, allowing attackers to create or truncate arbitrary files on vulnerable systems. Federal agencies are mandated to patch by Sunday. Any organization running unpatched Splunk Enterprise is at immediate risk of file manipulation and…
##⚠️ CRITICAL: Splunk Enterprise Vulnerability Exploited in Attacks Days After Disclosure
CVE-2026-20253 is a critical unauthenticated RCE in Splunk Enterprise being actively exploited in the wild. Attackers can create or truncate arbitrary files via the PostgreSQL sidecar service. All Splunk Enterprise instances are at risk and federal agencies have been mandated to patch by June 21st.
##Splunk Enterprise PostgreSQL Sidecar Vulnerability Exploited in the Wild
A critical, actively exploited vulnerability (CVE-2026-20253) in Splunk Enterprise allows anyone on the network to bypass authentication and manipulate files, leading to potential system takeover. Patches are available in versions 10.4.0, 10.2.4, and 10.0.7.
**Check your versions and patch Splunk Enterprise to 10.4.0, 10.2.4, or 10.0.7 immediately. If you cannot patch today, mitigate the risk right now by disabling the PostgreSQL sidecar service. Finally, verify your network architecture: ensure Splunk Web (port 8000) and management ports are restricted by a firewall, placed on an isolated network segment, and only accessible remotely via a VPN.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/splunk-enterprise-postgresql-sidecar-vulnerability-exploited-in-the-wild-h-u-h-s-6/gD2P6Ple2L
Here's a summary of recent geopolitical, technology, and cybersecurity news:
Geopolitical: Western allies pledged $4B military aid to Ukraine (June 18). US-Iran talks stalled, and a Lebanon ceasefire was agreed. France emphasized tech sovereignty, ditching US vendors.
Technology: Anthropic's Fable 5 AI model returned with restricted access after a government-forced shutdown.
Cybersecurity: An unpatchable 'usbliter8' exploit impacts Apple A12/A13 chips. A critical Splunk Enterprise vulnerability (CVE-2026-20253) is actively exploited; CISA urged urgent patching (June 19).
##CVE-2026-20253 Splunk Vulnerability. Active exploitation is confirmed. CROs and Boards must prioritize this directive to secure enterprise assets and prevent privilege escalation. Review our latest C-SUITE intelligence brief now. https://thecybermind.co/xo4x
##Latest Geopolitical: An interim US-Iran agreement aims to de-escalate tensions and reopen the Strait of Hormuz, while Moscow endured its largest Ukrainian drone attack, hitting an oil refinery.
Technology: Anthropic's Claude Fable 5 AI is back online after a six-day shutdown, as Google makes Gemini 2.5 Flash its default model.
Cybersecurity: CISA issued alerts for an actively exploited Splunk vulnerability (CVE-2026-20253) and widespread Fortinet "FortiBleed" attacks. Accenture also acquired key OT security firms.
##ACTIVE THREAT: CVE-2026-20253 Splunk Enterprise vulnerability is being exploited in the wild. Our latest TSUITE Brief provides a full SQL injection defense playbook, including n8n automation triggers for your SOC. Secure your infrastructure now. https://thecybermind.co/2yn5
##📢 CVE-2026-20253 : RCE pré-authentifiée dans Splunk Enterprise via le service PostgreSQL Sidecar
📝 ## 🔍 Contexte
Le 12 juin 2026, watchTowr Labs (Piotr Bazy...
📖 cyberveille : https://cyberveille.ch/posts/2026-06-18-cve-2026-20253-rce-pre-authentifiee-dans-splunk-enterprise-via-le-service-postgresql-sidecar/
🌐 source : https://labs.watchtowr.com/why-use-app-level-auth-when-every-database-has-auth-splunk-enterprise-cve-2026-20253-pre-auth-rce
#CVE_2026_20253 #IOC #Cyberveille
CVE ID: CVE-2026-20253
Vendor: Splunk
Product: Enterprise
Date Added: 2026-06-18
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-20253
🚨 [CISA-2026:0618] CISA Adds One Known Exploited Vulnerability to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0618)
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2026-20253 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20253)
- Name: Splunk Enterprise Missing Authentication for Critical Function Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Splunk
- Product: Enterprise
- Notes: https://advisory.splunk.com/advisories/SVD-2026-0603 ; BOD 26-04: https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk ; Forensics Triage Requirements: https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk ; https://nvd.nist.gov/vuln/detail/CVE-2026-20253
#ZEN #SecDB #InfoSec #CVE #CISA_KEV #cisa_20260618 #cisa20260618 #cve_2026_20253 #cve202620253
##CISA has added one vulnerability to the KEV catalogue.
- CVE-2026-20253: Splunk Enterprise Missing Authentication for Critical Function Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-20253#CISA #infosec #vulnerability
##updated 2026-06-18T04:16:48.520000
5 posts
3 repos
https://github.com/HORKimhab/CVE-2026-42530
⚪️ NGINX Patches Two Critical RCE Vulnerabilities
🗨️ F5 developers have released out-of-band patches for two critical issues in NGINX that, under certain conditions, allowed remote execution of arbitrary code. The vulnerabilities have been assigned identifiers CVE-2026-42530 and CVE-2026-42055, and each received a CVSS score of 9.2. They…
##Use-after-free in the QPACK encoder of nginx HTTP/3 - CVE-2026-42530 https://cystack.net/vi/research/cve-2026-42530-nginx-en
##@c0dec0dec0de RCEs this time, not DoS. CVE-2026-42530 & CVE-2026-42055
##F5 Patches Critical Remote Code Execution Flaws in NGINX Open Source and Plus
F5 addressed two critical vulnerabilities (CVE-2026-42530 and CVE-2026-42055) in NGINX that allow unauthenticated remote code execution or denial-of-service. The flaws affect NGINX Open Source, NGINX Plus, and several related gateway and controller products.
**If you run NGINX (Open Source, Plus, Ingress Controller, Gateway Fabric, Instance Manager, or App Protect WAF), update immediately to the fixed versions F5 released: NGINX Open Source 1.31.2 or 1.30.3, and NGINX Plus 37.0.2.1 or R36 P6. If you can't patch right away, temporarily disable HTTP/3 by removing "quic" from all listen directives, and remove the "ignore_invalid_headers off" directive or shrink "large_client_header_buffers" to block these attacks until you update.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/f5-patches-critical-remote-code-execution-flaws-in-nginx-open-source-and-plus-q-l-g-f-a/gD2P6Ple2L
⚠️ CRITICAL: F5 Patches Critical, High-Severity NGINX Vulnerabilities
F5 released patches for critical unauthenticated RCE and DoS vulnerabilities in NGINX (CVE-2026-42530, CVE-2026-42055) affecting NGINX Plus, Controller, and related products. Attackers can exploit heap buffer overflows and use-after-free flaws without credentials to crash services or execute arbitr…
##updated 2026-06-18T04:16:48.367000
4 posts
1 repos
⚪️ NGINX Patches Two Critical RCE Vulnerabilities
🗨️ F5 developers have released out-of-band patches for two critical issues in NGINX that, under certain conditions, allowed remote execution of arbitrary code. The vulnerabilities have been assigned identifiers CVE-2026-42530 and CVE-2026-42055, and each received a CVSS score of 9.2. They…
##@c0dec0dec0de RCEs this time, not DoS. CVE-2026-42530 & CVE-2026-42055
##F5 Patches Critical Remote Code Execution Flaws in NGINX Open Source and Plus
F5 addressed two critical vulnerabilities (CVE-2026-42530 and CVE-2026-42055) in NGINX that allow unauthenticated remote code execution or denial-of-service. The flaws affect NGINX Open Source, NGINX Plus, and several related gateway and controller products.
**If you run NGINX (Open Source, Plus, Ingress Controller, Gateway Fabric, Instance Manager, or App Protect WAF), update immediately to the fixed versions F5 released: NGINX Open Source 1.31.2 or 1.30.3, and NGINX Plus 37.0.2.1 or R36 P6. If you can't patch right away, temporarily disable HTTP/3 by removing "quic" from all listen directives, and remove the "ignore_invalid_headers off" directive or shrink "large_client_header_buffers" to block these attacks until you update.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/f5-patches-critical-remote-code-execution-flaws-in-nginx-open-source-and-plus-q-l-g-f-a/gD2P6Ple2L
⚠️ CRITICAL: F5 Patches Critical, High-Severity NGINX Vulnerabilities
F5 released patches for critical unauthenticated RCE and DoS vulnerabilities in NGINX (CVE-2026-42530, CVE-2026-42055) affecting NGINX Plus, Controller, and related products. Attackers can exploit heap buffer overflows and use-after-free flaws without credentials to crash services or execute arbitr…
##updated 2026-06-17T21:34:45
1 posts
Three critical Tinyproxy request smuggling vulnerabilities, including CVE-2026-54388, expose networks to severe attacks. Update your proxy servers immediately.
#Tinyproxy #RequestSmuggling #CVE202654388 #CVE202655202 #CVE202654387
https://securityonline.info/tinyproxy-request-smuggling-cve/
updated 2026-06-17T19:17:16.593000
1 posts
CRITICAL kernel vulnerabilities in RHEL 7 ELS (e.g., CVE-2026-23243) risk DoS, memory corruption, and network/filesystem instability. Update & reboot required per RHSA-2026:27729. https://radar.offseq.com/threat/red-hat-security-advisory-kernel-security-bug-fix--c9a5a31cd7574f36 #OffSeq #Linux #RedHat #Infosec
##updated 2026-06-17T19:10:40.163000
1 posts
1 repos
Geopolitical tensions escalate as US-Iran talks stall amidst renewed Israel-Hezbollah strikes and Trump's Strait of Hormuz threats; Iran reportedly closed the waterway. In technology, Anthropic's Fable 5 AI models remain offline due to a US export ban. Cybersecurity alerts include active exploitation of Microsoft Defender zero-day (CVE-2026-50656), Cisco SD-WAN, and Splunk flaws.
##updated 2026-06-17T18:36:17
2 posts
9 repos
https://github.com/wearehackers160/CVE-2026-48907
https://github.com/ywh-jfellus/CVE-2026-48907
https://github.com/0xgh057r3c0n/CVE-2026-48907
https://github.com/87achrafg-stack/CVE-2026-48907
https://github.com/HORKimhab/CVE-2026-48907
https://github.com/g0thamRabb1t/joomla-jce-cve-2026-48907-detection
https://github.com/0xBlackash/CVE-2026-48907
https://github.com/webshellseo8/CVE-2026-48907-Unauthenticated-RCE-in-JCE
CVE-2026-48907 and LiteSpeed cPanel Plugin Flaws Come Under Active Attack
Attackers are exploiting CVE-2026-48907 in Joomla JCE and a LiteSpeed cPanel plugin flaw, enabling PHP code execution and privilege escalation.
🔗️ [Thecyberexpress] https://link.is.it/SGbmfn
##⚠️ CRITICAL: Joomla, LiteSpeed Vulnerabilities Exploited in Attacks
Attackers are actively exploiting CVE-2026-48907 in Joomla Content Editor (JCE) to upload malicious PHP files and execute arbitrary code on all versions before 2.9.99.5. CVE-2026-54420 in LiteSpeed's cPanel plugin allows privilege escalation to root on shared hosting environments. Both vulnerabilit…
##updated 2026-06-17T18:36:07
2 posts
New advisory.
This relates to critical CVE-2026-20181 and CVE-2026-20190 vulnerabilities, published on the 17th.
Cisco: CRITICAL: Cisco Identity Services Engine Remote Code Execution and Information Disclosure Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-G5WP8vv @TalosSecurity #Cisco #infosec #vulnerability
##Cisco Patches Critical Root RCE and Credential Theft Flaws in ISE
Cisco patched a critical root RCE vulnerability (CVE-2026-20181) and a high-severity information disclosure flaw (CVE-2026-20190) in its Identity Services Engine. These vulnerabilities allow authenticated root access or theft of hashed credentials.
**Make sure your Cisco ISE and ISE-PIC systems are isolated from the internet and reachable only from trusted management networks. Apply the latest patches immediately (ISE 3.3 Patch 11, 3.4 Patch 6, or 3.5 Patch 3) and for the 3.5 command-execution fix, request the hotfix from Cisco TAC now. Don't wait for Patch 4 in August 2026.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/cisco-patches-critical-root-rce-and-credential-theft-flaws-in-ise-o-v-f-q-7/gD2P6Ple2L
updated 2026-06-17T18:35:59
1 posts
📈 CVE Published in last days (2026-06-15 - 2026-06-15)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs:
Severity:
- Critical: 374
- High: 827
- Medium: 471
- Low: 67
- None: 235
Status:
- : 204
- Analyzed: 394
- Awaiting Analysis: 88
- Deferred: 744
- Modified: 35
- Received: 417
- Rejected: 14
- Undergoing Analysis: 78
CISA KEVs:
- CISA-2026:0615 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0615)
- CISA-2026:0616 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0616)
- CISA-2026:0618 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0618)
Top CNAs:
- Patchstack: 489
- Oracle: 240
- N/A: 204
- VulnCheck: 202
- GitHub, Inc.: 133
- MITRE: 84
- Wordfence: 64
- VulDB: 49
- Mozilla Corporation: 44
- Google Devices: 39
Top Affected Products:
- UNKNOWN: 1471
- Google Android: 55
- Mozilla Thunderbird: 42
- Mozilla Firefox: 42
- Google Chrome: 33
- Oracle Webcenter Content: 32
- Openclaw: 27
- Oracle Jd Edwards Enterpriseone Tools: 14
- Oracle Enterprise Manager Base Platform: 14
- Oracle Weblogic Server: 13
Top EPSS Score:
- CVE-2026-11409 - 2.79 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-11409)
- CVE-2026-11410 - 2.79 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-11410)
- CVE-2026-12197 - 2.38 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-12197)
- CVE-2026-53876 - 1.79 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-53876)
- CVE-2026-50871 - 1.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-50871)
- CVE-2026-12223 - 1.53 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-12223)
- CVE-2026-12219 - 1.52 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-12219)
- CVE-2026-38065 - 1.35 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-38065)
- CVE-2026-20262 - 1.15 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20262)
- CVE-2026-50874 - 1.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-50874)
updated 2026-06-17T16:21:32.403000
1 posts
CVE-2026-5667: Unauthenticated Remote Control of Mitsubishi MAC-577IF-2E WiFi Adapters via Probe Request Reconnaissance https://innerfirez.github.io/posts/the-secret-life-of-probe-requests/
##updated 2026-06-17T13:20:04.900000
2 posts
2 repos
https://github.com/HORKimhab/CVE-2026-20262
https://github.com/fevar54/CVE-2026-20262-Cisco-Catalyst-SD-WAN-Manager-Arbitrary-File-Write-
⚪️ Cisco Patches Zero‑Day Vulnerability in SD‑WAN
🗨️ Cisco specialists have released patches for vulnerability CVE-2026-20262 in Catalyst SD-WAN Manager (formerly SD-WAN vManage). According to the company, the issue has already been exploited in real-world attacks and allowed attackers to escalate privileges to the root level. Since the…
##📈 CVE Published in last days (2026-06-15 - 2026-06-15)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs:
Severity:
- Critical: 374
- High: 827
- Medium: 471
- Low: 67
- None: 235
Status:
- : 204
- Analyzed: 394
- Awaiting Analysis: 88
- Deferred: 744
- Modified: 35
- Received: 417
- Rejected: 14
- Undergoing Analysis: 78
CISA KEVs:
- CISA-2026:0615 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0615)
- CISA-2026:0616 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0616)
- CISA-2026:0618 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0618)
Top CNAs:
- Patchstack: 489
- Oracle: 240
- N/A: 204
- VulnCheck: 202
- GitHub, Inc.: 133
- MITRE: 84
- Wordfence: 64
- VulDB: 49
- Mozilla Corporation: 44
- Google Devices: 39
Top Affected Products:
- UNKNOWN: 1471
- Google Android: 55
- Mozilla Thunderbird: 42
- Mozilla Firefox: 42
- Google Chrome: 33
- Oracle Webcenter Content: 32
- Openclaw: 27
- Oracle Jd Edwards Enterpriseone Tools: 14
- Oracle Enterprise Manager Base Platform: 14
- Oracle Weblogic Server: 13
Top EPSS Score:
- CVE-2026-11409 - 2.79 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-11409)
- CVE-2026-11410 - 2.79 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-11410)
- CVE-2026-12197 - 2.38 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-12197)
- CVE-2026-53876 - 1.79 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-53876)
- CVE-2026-50871 - 1.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-50871)
- CVE-2026-12223 - 1.53 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-12223)
- CVE-2026-12219 - 1.52 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-12219)
- CVE-2026-38065 - 1.35 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-38065)
- CVE-2026-20262 - 1.15 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20262)
- CVE-2026-50874 - 1.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-50874)
updated 2026-06-17T11:04:59.717000
1 posts
updated 2026-06-17T11:02:29.070000
1 posts
1 repos
https://github.com/fevar54/CVE-2026-7473---Arista-EOS-Tunnel-Decapsulation-Bypass
🚨 New CSUITE Brief: Arista EOS vulnerability CVE-2026-7473 requires immediate executive oversight. Understand the organizational risk and the strategic governance required to protect your infrastructure. Read the full risk assessment here: https://thecybermind.co/tugq
##updated 2026-06-17T10:58:13.830000
1 posts
4 repos
https://github.com/HORKimhab/CVE-2026-54420
https://github.com/mahfuzreham/litespeed-cpanel-cve-2026-54420-fix
https://github.com/fevar54/CVE-2026-54420-LiteSpeed-Symlink-Exploit
https://github.com/Resellnom/litespeed-cpanel-cve-2026-54420-fix
⚠️ CRITICAL: Joomla, LiteSpeed Vulnerabilities Exploited in Attacks
Attackers are actively exploiting CVE-2026-48907 in Joomla Content Editor (JCE) to upload malicious PHP files and execute arbitrary code on all versions before 2.9.99.5. CVE-2026-54420 in LiteSpeed's cPanel plugin allows privilege escalation to root on shared hosting environments. Both vulnerabilit…
##updated 2026-06-17T10:57:46.373000
1 posts
8 repos
https://github.com/watchtowrlabs/watchTowr-vs-Check-Point-CVE-2026-50751
https://github.com/WadesWeaponShed/CVE-2026-50751-Mitigation-Scripts
https://github.com/hlkysipv/CVE-2026-50751-Check-Point-IKEv1-Authentication-Bypass
https://github.com/WadesWeaponShed/CheckPoint-CVE-Webscanner
https://github.com/0xBlackash/CVE-2026-50751
https://github.com/bolubey/CVE-2026-50751
https://github.com/fernstedt/CVE-2026-50751
https://github.com/fevar54/CVE-2026-50751---Check-Point-IKEv1-Authentication-Bypass-Exploit
Marking Your Own Homework (Check Point Remote Access VPN IKEv1 Authentication Bypass CVE-2026-50751) https://labs.watchtowr.com/marking-your-own-homework-check-point-remote-access-vpn-ikev1-authentication-bypass-cve-2026-50751/
##updated 2026-06-17T10:55:25.967000
1 posts
Really Simple Security below 9.5.10.1 has a high-severity vulnerability (CVE-2026-48970, disclosed 15 June 2026) that requires no admin credentials to exploit. I find it particularly concerning given this plugin exists specifically to harden WordPress security. If your site is running an older version, update it now.
##updated 2026-06-17T10:55:05.230000
1 posts
📢 ~14 000 serveurs SimpleHelp exposés via un contournement d'authentification critique (CVE-2026-48558)
📝 📰 **Source** : CybersecurityNews.com — **Date de publication** : 16 juin 2026
...
📖 cyberveille : https://cyberveille.ch/posts/2026-06-18-14-000-serveurs-simplehelp-exposes-via-un-contournement-d-authentification-critique-cve-2026-48558/
🌐 source : https://cybersecuritynews.com/simplehelp-servers-exposed-authentication-bypass-disclosure/
#CVE_2026_48558 #IOC #Cyberveille
updated 2026-06-17T10:52:10.200000
2 posts
1 repos
CVE-2026-45504 Microsoft Exchange SSRF via File Read https://hawktrace.com/blog/CVE-2026-45504/
##CVE-2026-45504 Microsoft Exchange SSRF via File Read https://hawktrace.com/blog/CVE-2026-45504/
##updated 2026-06-17T10:17:19.370000
5 posts
3 repos
https://github.com/0xBlackash/CVE-2026-20245
https://github.com/HORKimhab/CVE-2026-20245
https://github.com/fevar54/CVE-2026-20245---Cisco-SD-WAN-Privilege-Escalation-Exploit
Mandiant Exposes Cisco SD-WAN Zero-Day Attacks' Root Access Methods
Cisco's SD-WAN system was exploited in active attacks using a high-severity flaw, allowing hackers to create a rogue root account and take full control of targeted devices. This vulnerability, tracked as CVE-2026-20245, was triggered through a simple tenant-upload feature in the command-line interface.
#CiscoSdwan #ZeroDay #Cve202620245 #CommandInjection #RootAccess
##Mandiant reveals how Cisco SD-WAN zero-day attacks gained root access
New details have been revealed on how hackers exploited a Cisco Catalyst SD-WAN vulnerability tracked as CVE-2026-20245 in zero-day attacks to...
🔗️ [Bleepingcomputer] https://link.is.it/gbIA4V
##Mandiant reveals how Cisco SD-WAN zero-day attacks gained root access
New details have been revealed on how hackers exploited a Cisco Catalyst SD-WAN vulnerability tracked as CVE-2026-20245 in zero-day attacks to...
🔗️ [Bleepingcomputer] https://link.is.it/gbIA4V
##New.
Mandiant: Zero-Day Exploitation of Vulnerability (CVE-2026-20245) in Cisco Catalyst SD-WAN Manager https://cloud.google.com/blog/topics/threat-intelligence/zero-day-exploitation-cisco-catalyst-sd-wan-manager #Google
Microsoft:
StealC and Amadey: Breaking down infostealers and the cybercrime services that deliver them https://www.microsoft.com/en-us/security/blog/2026/06/24/stealc-and-amadey-breaking-down-infostealers-and-the-cybercrime-services-that-deliver-them/
Kaspersky:
StrikeShark: investigating a new campaign delivering Cobalt Strike through SharkLoader https://securelist.com/strikeshark-campaign/120326/ @Kaspersky
Symantec: Backdoor.Mistic: New Backdoor May be Linked to Ransomware Access Broker https://www.security.com/threat-intelligence/new-mistic-backdoor-modelorat
Picus:
The ShinyHunters Domino Effect: One Breach, Hundreds of Victims https://www.picussecurity.com/resource/blog/the-shinyhunters-domino-effect-one-breach-hundreds-of-victims
Proofpoint:
StealC You Later: Proofpoint and IBM X-Force Support Operation Endgame Disruptions https://www.proofpoint.com/us/blog/threat-insight/stealc-you-later-proofpoint-and-ibm-x-force-support-operation-endgame #threatresearch #cybercrime #Microsoft #infosec #threatintelligence #Cisco #vulnerability #zeroday #ransomware
##updated 2026-06-17T10:06:17.243000
1 posts
31 repos
https://github.com/Shinkirou789/Cve-2025-8088-WinRar-vulnerability
https://github.com/hbesljx/CVE-2025-8088-EXP
https://github.com/AdityaBhatt3010/CVE-2025-8088-WinRAR-Zero-Day-Path-Traversal
https://github.com/0xAbolfazl/CVE-2025-8088-WinRAR-PathTraversal-PoC
https://github.com/travisbgreen/cve-2025-8088
https://github.com/aldisakti2/CVE-2025-8088-BUILDER-Winrar-Tool
https://github.com/xi0onamdev/WinRAR-CVE-2025-8088-Exploitation-Toolkit
https://github.com/kitsuneshade/WinRAR-Exploit-Tool---Rust-Edition
https://github.com/Syrins/CVE-2025-8088-Winrar-Tool-Gui
https://github.com/sxyrxyy/CVE-2025-8088-WinRAR-Proof-of-Concept-PoC-Exploit-
https://github.com/nuky-alt/CVE-2025-8088
https://github.com/walidpyh/CVE-2025-8088
https://github.com/hexsecteam/CVE-2025-8088-Winrar-Tool
https://github.com/undefined-name12/CVE-2025-8088-Winrar
https://github.com/pentestfunctions/CVE-2025-8088-Multi-Document
https://github.com/lennertdefauw/CVE-2025-8088
https://github.com/techcorp/CVE-2025-8088-Exploit
https://github.com/DeepBlue-dot/CVE-2025-8088-WinRAR-Startup-PoC
https://github.com/jordan922/CVE-2025-8088
https://github.com/ghostn4444/CVE-2025-8088
https://github.com/IsmaelCosma/CVE-2025-8088
https://github.com/ilhamrzr/RAR-Anomaly-Inspector
https://github.com/papcaii2004/CVE-2025-8088-WinRAR-builder
https://github.com/pescada-dev/-CVE-2025-8088
https://github.com/onlytoxi/CVE-2025-8088-Winrar-Tool
https://github.com/knight0x07/WinRAR-CVE-2025-8088-PoC-RAR
https://github.com/nhattanhh/CVE-2025-8088
https://github.com/shaheeryasirofficial/CVE-2025-8088
https://github.com/starfallreverie/winrar-exploit
https://github.com/pentestfunctions/best-CVE-2025-8088
https://github.com/pexlexity/WinRAR-CVE-2025-8088-Path-Traversal-PoC
Russian APTs Still Exploiting Patched WinRAR Flaw CVE-2025-8088 https://securityaffairs.com/193476/apt/russian-apts-still-exploiting-patched-winrar-flaw-cve-2025-8088.html
##updated 2026-06-16T21:33:04
1 posts
📈 CVE Published in last days (2026-06-15 - 2026-06-15)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs:
Severity:
- Critical: 374
- High: 827
- Medium: 471
- Low: 67
- None: 235
Status:
- : 204
- Analyzed: 394
- Awaiting Analysis: 88
- Deferred: 744
- Modified: 35
- Received: 417
- Rejected: 14
- Undergoing Analysis: 78
CISA KEVs:
- CISA-2026:0615 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0615)
- CISA-2026:0616 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0616)
- CISA-2026:0618 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0618)
Top CNAs:
- Patchstack: 489
- Oracle: 240
- N/A: 204
- VulnCheck: 202
- GitHub, Inc.: 133
- MITRE: 84
- Wordfence: 64
- VulDB: 49
- Mozilla Corporation: 44
- Google Devices: 39
Top Affected Products:
- UNKNOWN: 1471
- Google Android: 55
- Mozilla Thunderbird: 42
- Mozilla Firefox: 42
- Google Chrome: 33
- Oracle Webcenter Content: 32
- Openclaw: 27
- Oracle Jd Edwards Enterpriseone Tools: 14
- Oracle Enterprise Manager Base Platform: 14
- Oracle Weblogic Server: 13
Top EPSS Score:
- CVE-2026-11409 - 2.79 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-11409)
- CVE-2026-11410 - 2.79 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-11410)
- CVE-2026-12197 - 2.38 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-12197)
- CVE-2026-53876 - 1.79 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-53876)
- CVE-2026-50871 - 1.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-50871)
- CVE-2026-12223 - 1.53 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-12223)
- CVE-2026-12219 - 1.52 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-12219)
- CVE-2026-38065 - 1.35 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-38065)
- CVE-2026-20262 - 1.15 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20262)
- CVE-2026-50874 - 1.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-50874)
updated 2026-06-16T21:32:59
1 posts
📈 CVE Published in last days (2026-06-15 - 2026-06-15)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs:
Severity:
- Critical: 374
- High: 827
- Medium: 471
- Low: 67
- None: 235
Status:
- : 204
- Analyzed: 394
- Awaiting Analysis: 88
- Deferred: 744
- Modified: 35
- Received: 417
- Rejected: 14
- Undergoing Analysis: 78
CISA KEVs:
- CISA-2026:0615 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0615)
- CISA-2026:0616 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0616)
- CISA-2026:0618 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0618)
Top CNAs:
- Patchstack: 489
- Oracle: 240
- N/A: 204
- VulnCheck: 202
- GitHub, Inc.: 133
- MITRE: 84
- Wordfence: 64
- VulDB: 49
- Mozilla Corporation: 44
- Google Devices: 39
Top Affected Products:
- UNKNOWN: 1471
- Google Android: 55
- Mozilla Thunderbird: 42
- Mozilla Firefox: 42
- Google Chrome: 33
- Oracle Webcenter Content: 32
- Openclaw: 27
- Oracle Jd Edwards Enterpriseone Tools: 14
- Oracle Enterprise Manager Base Platform: 14
- Oracle Weblogic Server: 13
Top EPSS Score:
- CVE-2026-11409 - 2.79 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-11409)
- CVE-2026-11410 - 2.79 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-11410)
- CVE-2026-12197 - 2.38 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-12197)
- CVE-2026-53876 - 1.79 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-53876)
- CVE-2026-50871 - 1.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-50871)
- CVE-2026-12223 - 1.53 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-12223)
- CVE-2026-12219 - 1.52 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-12219)
- CVE-2026-38065 - 1.35 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-38065)
- CVE-2026-20262 - 1.15 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20262)
- CVE-2026-50874 - 1.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-50874)
updated 2026-06-16T20:13:08
1 posts
CVE-2026-53753: CRITICAL code injection in unclecode crawl4ai (<0.8.7). Unauthenticated RCE via /crawl POST request due to insufficient AST validation. Patch to 0.8.7 ASAP. https://radar.offseq.com/threat/cve-2026-53753-cwe-94-improper-control-of-generati-9d9fc678b9a0404e #OffSeq #CVE202653753 #infosec #vuln
##updated 2026-06-16T15:33:48
1 posts
📈 CVE Published in last days (2026-06-15 - 2026-06-15)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs:
Severity:
- Critical: 374
- High: 827
- Medium: 471
- Low: 67
- None: 235
Status:
- : 204
- Analyzed: 394
- Awaiting Analysis: 88
- Deferred: 744
- Modified: 35
- Received: 417
- Rejected: 14
- Undergoing Analysis: 78
CISA KEVs:
- CISA-2026:0615 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0615)
- CISA-2026:0616 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0616)
- CISA-2026:0618 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0618)
Top CNAs:
- Patchstack: 489
- Oracle: 240
- N/A: 204
- VulnCheck: 202
- GitHub, Inc.: 133
- MITRE: 84
- Wordfence: 64
- VulDB: 49
- Mozilla Corporation: 44
- Google Devices: 39
Top Affected Products:
- UNKNOWN: 1471
- Google Android: 55
- Mozilla Thunderbird: 42
- Mozilla Firefox: 42
- Google Chrome: 33
- Oracle Webcenter Content: 32
- Openclaw: 27
- Oracle Jd Edwards Enterpriseone Tools: 14
- Oracle Enterprise Manager Base Platform: 14
- Oracle Weblogic Server: 13
Top EPSS Score:
- CVE-2026-11409 - 2.79 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-11409)
- CVE-2026-11410 - 2.79 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-11410)
- CVE-2026-12197 - 2.38 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-12197)
- CVE-2026-53876 - 1.79 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-53876)
- CVE-2026-50871 - 1.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-50871)
- CVE-2026-12223 - 1.53 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-12223)
- CVE-2026-12219 - 1.52 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-12219)
- CVE-2026-38065 - 1.35 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-38065)
- CVE-2026-20262 - 1.15 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20262)
- CVE-2026-50874 - 1.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-50874)
updated 2026-06-15T06:31:46
1 posts
📈 CVE Published in last days (2026-06-15 - 2026-06-15)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs:
Severity:
- Critical: 374
- High: 827
- Medium: 471
- Low: 67
- None: 235
Status:
- : 204
- Analyzed: 394
- Awaiting Analysis: 88
- Deferred: 744
- Modified: 35
- Received: 417
- Rejected: 14
- Undergoing Analysis: 78
CISA KEVs:
- CISA-2026:0615 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0615)
- CISA-2026:0616 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0616)
- CISA-2026:0618 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0618)
Top CNAs:
- Patchstack: 489
- Oracle: 240
- N/A: 204
- VulnCheck: 202
- GitHub, Inc.: 133
- MITRE: 84
- Wordfence: 64
- VulDB: 49
- Mozilla Corporation: 44
- Google Devices: 39
Top Affected Products:
- UNKNOWN: 1471
- Google Android: 55
- Mozilla Thunderbird: 42
- Mozilla Firefox: 42
- Google Chrome: 33
- Oracle Webcenter Content: 32
- Openclaw: 27
- Oracle Jd Edwards Enterpriseone Tools: 14
- Oracle Enterprise Manager Base Platform: 14
- Oracle Weblogic Server: 13
Top EPSS Score:
- CVE-2026-11409 - 2.79 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-11409)
- CVE-2026-11410 - 2.79 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-11410)
- CVE-2026-12197 - 2.38 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-12197)
- CVE-2026-53876 - 1.79 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-53876)
- CVE-2026-50871 - 1.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-50871)
- CVE-2026-12223 - 1.53 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-12223)
- CVE-2026-12219 - 1.52 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-12219)
- CVE-2026-38065 - 1.35 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-38065)
- CVE-2026-20262 - 1.15 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20262)
- CVE-2026-50874 - 1.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-50874)
updated 2026-06-15T06:31:41
1 posts
📈 CVE Published in last days (2026-06-15 - 2026-06-15)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs:
Severity:
- Critical: 374
- High: 827
- Medium: 471
- Low: 67
- None: 235
Status:
- : 204
- Analyzed: 394
- Awaiting Analysis: 88
- Deferred: 744
- Modified: 35
- Received: 417
- Rejected: 14
- Undergoing Analysis: 78
CISA KEVs:
- CISA-2026:0615 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0615)
- CISA-2026:0616 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0616)
- CISA-2026:0618 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0618)
Top CNAs:
- Patchstack: 489
- Oracle: 240
- N/A: 204
- VulnCheck: 202
- GitHub, Inc.: 133
- MITRE: 84
- Wordfence: 64
- VulDB: 49
- Mozilla Corporation: 44
- Google Devices: 39
Top Affected Products:
- UNKNOWN: 1471
- Google Android: 55
- Mozilla Thunderbird: 42
- Mozilla Firefox: 42
- Google Chrome: 33
- Oracle Webcenter Content: 32
- Openclaw: 27
- Oracle Jd Edwards Enterpriseone Tools: 14
- Oracle Enterprise Manager Base Platform: 14
- Oracle Weblogic Server: 13
Top EPSS Score:
- CVE-2026-11409 - 2.79 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-11409)
- CVE-2026-11410 - 2.79 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-11410)
- CVE-2026-12197 - 2.38 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-12197)
- CVE-2026-53876 - 1.79 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-53876)
- CVE-2026-50871 - 1.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-50871)
- CVE-2026-12223 - 1.53 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-12223)
- CVE-2026-12219 - 1.52 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-12219)
- CVE-2026-38065 - 1.35 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-38065)
- CVE-2026-20262 - 1.15 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20262)
- CVE-2026-50874 - 1.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-50874)
updated 2026-06-15T00:31:55
1 posts
📈 CVE Published in last days (2026-06-15 - 2026-06-15)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs:
Severity:
- Critical: 374
- High: 827
- Medium: 471
- Low: 67
- None: 235
Status:
- : 204
- Analyzed: 394
- Awaiting Analysis: 88
- Deferred: 744
- Modified: 35
- Received: 417
- Rejected: 14
- Undergoing Analysis: 78
CISA KEVs:
- CISA-2026:0615 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0615)
- CISA-2026:0616 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0616)
- CISA-2026:0618 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0618)
Top CNAs:
- Patchstack: 489
- Oracle: 240
- N/A: 204
- VulnCheck: 202
- GitHub, Inc.: 133
- MITRE: 84
- Wordfence: 64
- VulDB: 49
- Mozilla Corporation: 44
- Google Devices: 39
Top Affected Products:
- UNKNOWN: 1471
- Google Android: 55
- Mozilla Thunderbird: 42
- Mozilla Firefox: 42
- Google Chrome: 33
- Oracle Webcenter Content: 32
- Openclaw: 27
- Oracle Jd Edwards Enterpriseone Tools: 14
- Oracle Enterprise Manager Base Platform: 14
- Oracle Weblogic Server: 13
Top EPSS Score:
- CVE-2026-11409 - 2.79 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-11409)
- CVE-2026-11410 - 2.79 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-11410)
- CVE-2026-12197 - 2.38 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-12197)
- CVE-2026-53876 - 1.79 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-53876)
- CVE-2026-50871 - 1.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-50871)
- CVE-2026-12223 - 1.53 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-12223)
- CVE-2026-12219 - 1.52 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-12219)
- CVE-2026-38065 - 1.35 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-38065)
- CVE-2026-20262 - 1.15 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20262)
- CVE-2026-50874 - 1.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-50874)
updated 2026-06-11T21:31:50
1 posts
6 repos
https://github.com/error-inside/CVE-2026-10520
https://github.com/0xBlackash/CVE-2026-10520
https://github.com/gagaltotal/CVE-2026-10523-Ivanti-sentry
https://github.com/HORKimhab/CVE-2026-10520-10523
https://github.com/watchtowrlabs/watchTowr-vs-Ivanti-Sentry-RCE-CVE-2026-10520-CVE-2026-10523
More Evidence That Words Don't Mean What We Thought They Meant (Ivanti Sentry Pre-Auth OS Command Injection CVE-2026-10520) https://labs.watchtowr.com/more-evidence-that-words-dont-mean-what-we-thought-they-meant-ivanti-sentry-pre-auth-os-command-injection-cve-2026-10520/
##updated 2026-06-10T18:32:45
1 posts
this-is-fine dog of the week (from oss-sec):
https://blog.calif.io/p/how-to-format-a-ciphertext discusses how the issue that OpenSSL disclosed on June 9 as CVE-2026-34182 similarly affected the PKCS#7 / CMS parsing implementations from WolfSSL, Bouncy Castle, & GnuPG.
The common failure is accepting the sender provided length for the authentication tag, and not enforcing the minimum length specified in the RFC - allowing an attacker to specify a one-byte tag length and then use brute force to determine which of the 256 possible values matches the first byte of the actual tag.
##updated 2026-06-10T00:31:50
1 posts
1 repos
CVE-2026-25860 turn XSS to RCE https://www.partywave.site/show/research/cve-2026-25860-openclinic-ga-xss-to-rce
##updated 2026-06-08T23:22:35
1 posts
4 repos
https://github.com/Kulik-Labs-Development/Ghost-CMS-Code-Injection-Audit-CVE-2026-26980
https://github.com/EQSTLab/CVE-2026-26980
Ghost Stories: investigating an undocumented ClickFix C2 in Ghost CMS
Read-only research into an active campaign that exploits CVE-2026-26980 in Ghost CMS. Every result below comes from public GET requests. We did not...
🔗️ [Sicuranext] https://link.is.it/r78ZkS
##updated 2026-06-08T23:00:17
1 posts
1 repos
CVE-2026-45034: CRITICAL deserialization of untrusted data in PHPOffice PhpSpreadsheet allows RCE via phar stream wrappers. Patch to 1.30.5 to mitigate. PHP 7.x at highest risk. https://radar.offseq.com/threat/cve-2026-45034-cwe-502-deserialization-of-untruste-7ddc5d39407c5a37 #OffSeq #CVE202645034 #PHP #infosec
##updated 2026-06-02T06:30:33
1 posts
3 repos
https://github.com/Jenderal92/CVE-2026-8206
🚨 KTRYTYCZNA PODSTNOŚĆ WE WTYCZCE #WORDPRESS!
Jak podaje #Sekurak, we wtyczce #Kirki wykryto lukę, pozwalającą na przejęcie dowolnego konta, w tym administratora.
Jeśli masz to rozszerzenie, zaktualizuj je natychmiast do najnowszej wersji!
CVE-2026-8206
CVSS: 9.8
updated 2026-05-27T22:51:19
1 posts
🚨 CVE-2026-47717: Dive into my deep technical analysis of the FUXA SCADA API logic flaw that allows unauthenticated attackers to leak critical project configurations and operational data.
Read the full analysis here: 👇 https://denizhalil.com/2026/06/19/cve-2026-47717-fuxa-scada-data-disclosure/
##updated 2026-04-27T16:30:09
1 posts
12 repos
https://github.com/rootdirective-sec/CVE-2026-39987-Lab
https://github.com/mki9/CVE-2026-39987_exploit
https://github.com/0xdeadroot/CVE-2026-39987-marimo-rce
https://github.com/h3raklez/CVE-2026-39987
https://github.com/M3PH1569/CVE-2026-39987-POC
https://github.com/Nxploited/CVE-2026-39987
https://github.com/HORKimhab/CVE-2026-39987
https://github.com/Dhiaelhak-Rached/CVE-2026-39987-lab-or-marimo-cve-lab
https://github.com/0xBlackash/CVE-2026-39987
https://github.com/keraattin/CVE-2026-39987
Plataforma Marimo sofre falha crítica que permite acesso a servidores sem credenciais. A vulnerabilidade CVE-2026-39987 foi ativamente explorada em menos de dez horas após divulgação pública 🔒
##updated 2026-04-24T20:52:07
1 posts
CVE-2026-49287 - Supply chain risk in Statamic. Unaddressed incomplete fix from CVE-2026-41175. Sort param manipulation could delete content/assets. CVSS 7.4. No patch; review templates immediately. #CVE #Statamic #infosec
##updated 2026-03-31T03:31:35
3 posts
1 repos
Attackers Mass-Exploit Gravity SMTP Plugin to Steal WordPress API Keys
Attackers are mass-exploiting a sensitive information exposure vulnerability (CVE-2026-4020) in the Gravity SMTP WordPress plugin to steal API keys and system configuration data. Over 17 million exploit attempts have been blocked as threat actors target approximately 100,000 active installations.
**If you run the Gravity SMTP plugin for WordPress, update it to version 2.1.5 or later right away, since attackers are actively stealing API keys and credentials through older versions. After updating, rotate all your third-party email API keys and secrets (like Amazon SES, Google, Mailjet, Resend, and Zoho), and check your web server logs for any suspicious requests to the "mock-data" endpoint.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/attackers-mass-exploit-gravity-smtp-plugin-to-steal-wordpress-api-keys-n-j-k-i-b/gD2P6Ple2L
Hackers are mass-exploiting a Gravity SMTP flaw to steal API keys from 100,000 WordPress sites
https://thenextweb.com/news/gravity-smtp-wordpress-plugin-vulnerability-cve-2026-4020-api-keys-exploit?utm_source=flipboard&utm_medium=activitypub
Posted into Cybersecurity Today @cybersecurity-today-rhudaur
##Hackers are mass-exploiting a Gravity SMTP flaw to steal API keys from 100,000 WordPress sites
https://thenextweb.com/news/gravity-smtp-wordpress-plugin-vulnerability-cve-2026-4020-api-keys-exploit?utm_source=flipboard&utm_medium=activitypub
Posted into Sustainability @sustainability-thenextweb
##updated 2026-01-15T21:31:44
2 posts
CVE-2026-20971: Samsung Android kernel UAF affecting Galaxy S9-S25 https://lucidbitlabs.com/blog/when-defenses-become-attack-surface/
##La vulnerabilità UAF del kernel KNOX di Samsung espone milioni di dispositivi Galaxy.
La vulnerabilità KNOX di Samsung (CVE-2026-20971) è una UAF del kernel in PROCA/FIVE che può consentire la corruzione [della memoria] tramite una race condition; Samsung l'ha corretta nel gennaio 2026.
https://infosec.exchange/@securityaffairs/116801915008086780
##updated 2025-10-22T00:33:06
1 posts
CVE-2024-40766: The Patch Fixed the Bug. Nobody Fixed the Configuration. https://isc.sans.edu/diary/33094
##updated 2025-04-12T12:44:27
1 posts
#OT #Advisory VDE-2026-071
JUMO: Allegro RomPager webserver vulnerability in JUMO mTRONT, DICON touch, AQUIS touch devices
Multiple products from JUMO are affected by webserver vulnerability "CVE-2013-6786, CVE-2014-9222, CVE-2014-9223. This vulnerability leads to DOS of the device by using a misfortune cookie and reflected XSS attacks.
#CVE CVE-2014-9222, CVE-2013-6786, CVE-2014-9223
https://certvde.com/en/advisories/vde-2026-071/
#CSAF https://jumo.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-071.json
##updated 2025-04-12T12:44:27
1 posts
2 repos
#OT #Advisory VDE-2026-071
JUMO: Allegro RomPager webserver vulnerability in JUMO mTRONT, DICON touch, AQUIS touch devices
Multiple products from JUMO are affected by webserver vulnerability "CVE-2013-6786, CVE-2014-9222, CVE-2014-9223. This vulnerability leads to DOS of the device by using a misfortune cookie and reflected XSS attacks.
#CVE CVE-2014-9222, CVE-2013-6786, CVE-2014-9223
https://certvde.com/en/advisories/vde-2026-071/
#CSAF https://jumo.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-071.json
##updated 2023-12-14T18:25:14
1 posts
Ok, so. Originally CVE IDs where 4 digits. At some point in the mid '10s it went "4+ digits". There is a chance we'll require 6 digits this or next year.
Meanwhile, in 2019: Fuck it, we ball: https://nvd.nist.gov/vuln/detail/CVE-2019-1003037
##updated 2023-01-28T05:02:55
1 posts
#OT #Advisory VDE-2026-071
JUMO: Allegro RomPager webserver vulnerability in JUMO mTRONT, DICON touch, AQUIS touch devices
Multiple products from JUMO are affected by webserver vulnerability "CVE-2013-6786, CVE-2014-9222, CVE-2014-9223. This vulnerability leads to DOS of the device by using a misfortune cookie and reflected XSS attacks.
#CVE CVE-2014-9222, CVE-2013-6786, CVE-2014-9223
https://certvde.com/en/advisories/vde-2026-071/
#CSAF https://jumo.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-071.json
##Mythos discovers 'Squidbleed,' a memory leak thats gone undetected since Clinton
Mythos와 연구원 Lam Jun Rong이 29년간 발견되지 않았던 Squid 오픈소스 프록시 서버의 메모리 누수 취약점 'Squidbleed'(CVE-2026-47729)를 발견했다. 이 취약점은 FTP 디렉터리 리스트 파서의 버그로 인해 HTTP 요청 내 민감 정보가 공격자에게 노출될 수 있었으며, 1997년 코드 커밋에서 비롯되었다. Squid 7.6 버전에서 패치되었으며, FTP 기...
##Squidbleed : une faille vieille de 29 ans fait fuiter les identifiants des utilisateurs du proxy Squid https://www.it-connect.fr/squidbleed-faille-proxy-squid-cve-2026-47729/ #ActuCybersécurité #Cybersécurité #Vulnérabilité
##29-year-old bug in Squid that can leak internal memory, works in default configs
##Squidbleed (CVE-2026-47729) - Heartbleed-style vulnerability that leaks internal memory from every version of Squid Proxy, in its default configuration https://blog.calif.io/p/squidbleed-cve-2026-47729
##RE: https://social.freedom.press/@securedrop/116805553545070289
The low priority issue we disclosed today managed to get assigned CVE-2026-50000.
Didn't include this in the writeup, but just for the purpose of keeping score, this would likely not have happened if it was written in #Rust because mutability is part of the type system, so you don't end up accidentally mutating what should be an immutable object!
https://github.com/freedomofpress/securedrop/security/advisories/GHSA-78xq-8jf3-gpfx
##CVE-2026-8932 is the oldest #curl vulnerability reported so far. 25.25 years old. Shipped in releases since curl version 7.7, released on March 22 2001
Still rather benign and it probably hurt about three users, at most.
##immich-app suffers CRITICAL reflected XSS (CVE-2026-53662) in /auth/login (commits 4ffa26c9 – 4eb1003). Exploitation = persistent account takeover via API key minting. Update to commit 4eb1003 or later. https://radar.offseq.com/threat/cve-2026-53662-cwe-79-improper-neutralization-of-i-088d09407e2bf58b #OffSeq #CVE202653662 #XSS #infosec
##New.
"Today VulnCheck is disclosing CVE-2026-28496, an unauthenticated remote code execution chain in FOSSBilling, the open-source billing and client-management platform."
VulnCheck: CVE-2026-28496 - FOSSBilling Auth Bypass and Twig SSTI to Unauthenticated RCE https://www.vulncheck.com/blog/fossbilling-auth-bypass-ssti-rce @vulncheck #infosec #opensource #vulnerability
##CVE-2026-50160: Four Independent Weaknesses Combine Into a CVSS 10.0 Full Compromise in Hoppscotch https://www.offgridsec.com/blog-hoppscotch-cve-2026-50160.html
##CVE-2026-12957 and CVE-2026-12958 - Issues in Language Servers for AWS and Amazon Q Developer Plugins
Bulletin ID: 2026-047-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 06/23/2026 09:30 AM PDT
Description:
Language Servers for AWS provide the underlying language-server runtime that powers Amazon ...
https://aws.amazon.com/security/security-bulletins/rss/2026-047-aws/
##CVE-2026-12957 and CVE-2026-12958 - Issues in Language Servers for AWS and Amazon Q Developer Plugins
Bulletin ID: 2026-047-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 06/23/2026 09:30 AM PDT
Description:
Language Servers for AWS provide the underlying language-server runtime that powers Amazon ...
https://aws.amazon.com/security/security-bulletins/rss/2026-047-aws/
##Zephyr <=4.4.0 Bluetooth Host ISO path has CVE-2026-10658 (HIGH). Missing SDU header length checks can cause denial of service (kernel assert) or OOB reads if CONFIG_BT_ISO_RX is enabled. Evaluate mitigations now. https://radar.offseq.com/threat/cve-2026-10658-vulnerability-in-zephyrproject-rtos-9bbc3a2423f55b2a #OffSeq #Zephyr #CVE #Bluetooth
##CVE-2026-49287 - Supply chain risk in Statamic. Unaddressed incomplete fix from CVE-2026-41175. Sort param manipulation could delete content/assets. CVSS 7.4. No patch; review templates immediately. #CVE #Statamic #infosec
##NI grpc-device ≤2.17.0 hit by CRITICAL vuln (CVE-2026-9142, CVSS 9.1) 🛡️ Missing authentication when TLS isn't set & server exposed beyond loopback. Unauthenticated LAN access possible. Mitigate by enabling TLS & restricting binding. https://radar.offseq.com/threat/cve-2026-9142-cwe-306-missing-authentication-for-c-f718635a9d1e7a48 #OffSeq #NI #Vuln
##ProxySQL (2.0.18 – 3.0.8) hit by CRITICAL CVE-2026-48773: pre-auth heap memory corruption (CWE-787) allows remote unauthenticated attackers to trigger out-of-bounds write. Upgrade to 3.0.9 ASAP. https://radar.offseq.com/threat/cve-2026-48773-cwe-787-out-of-bounds-write-in-syso-7cef27326cf25a33 #OffSeq #ProxySQL #CVE202648773 #infosec
##Security Advisory: CVE-2025-60467 - Use-After-Free in GPAC MP4Box Filter PID Cleanup
A use-after-free vulnerability exists in GPAC MP4Box when processing a crafted MPEG-2 TS/MP4 file. The issue is triggered during filter teardown in `gf_filter_pid_inst_swap_delete_task()` and can cause MP4Box to crash.
Summary:
AddressSanitizer confirms a heap-use-after-free in `filter_core/filter_pid.c:580`, where code reads from a PID instance object after it has already been freed during swap/delete cleanup.
The crafted file contains malformed MPEG-2 TS structures, including broken PMT descriptors and invalid PID metadata. While MP4Box processes the file with `-info`, the filter core performs PID instance cleanup. During this cleanup path, a PID instance is freed and later accessed again by `gf_filter_pid_inst_swap_delete_task()`.
CWE:
CWE-416 - Use After Free
Affected Component:
```
filter_core/filter_pid.c:580
Function: gf_filter_pid_inst_swap_delete_task()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
```
2.5-DEV-rev1593-gfe88c3545-master
Commit: fe88c3545aadd597b250ccf23271d5d3de50ccc8
```
Attack Conditions:
An attacker supplies a crafted input file that is processed by MP4Box. The issue can be reproduced locally with:
```
./MP4Box -info 39_gf_filter_pid_inst_swap_delete_task_filter_core_filter_pid_c_580
```
The prepared CVSS vector:
```
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
```
Impact:
denial of service via application crash; local triage notes also identify potential arbitrary code execution risk
Fix / mitigation status:
Users should update to a fixed GPAC release or apply the vendor-confirmed patch. Verify the final vendor fix commit before public release if the advisory is published independently.
References:
- Issue: https://github.com/gpac/gpac/issues/3290
- Fix: https://github.com/gpac/gpac/commit/aed9c94e92e8ba362ddb29c767c519478f46f195
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/39/39_gf_filter_pid_inst_swap_delete_task_filter_core_filter_pid_c_580
- CVE record: https://www.cve.org/CVERecord?id=CVE-2025-60467
Credit
Alexander A. Shvedov (@sigdevel)
#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
##Security Advisory: CVE-2025-60467 - Use-After-Free in GPAC MP4Box PID Swap Delete Task
Processing a crafted media file with MP4Box `-info` can trigger a heap use-after-free in `gf_filter_pid_inst_swap_delete_task()`, causing a crash and potential code execution.
Summary:
The `gf_filter_pid_inst_swap_delete_task()` function in `filter_core/filter_pid.c` can access a `GF_FilterPidInstance` object after it has already been freed by `gf_filter_pid_inst_swap_delete()`. Crafted input that exercises filter reconfiguration and deferred teardown paths can cause the scheduler to process a delete task with a stale pointer.
AddressSanitizer reports a `heap-use-after-free` at `filter_core/filter_pid.c:574`, with a `READ of size 4` from a previously freed 336-byte heap region.
CWE:
CWE-416 - Use After Free
Affected Component:
```
filter_core/filter_pid.c:574
Function: gf_filter_pid_inst_swap_delete_task()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
The issue was reproduced on:
```
GPAC version: 2.5-DEV-rev1570-g6208015df-master
Commit: 6208015dff3a6735a26e413c484c714666eb3ea2
```
The MITRE response states that GPAC Project/MP4Box before `26.02.0` is affected. Builds before the fix commit `976dacf65cb6986a4e4f350fb8d3ed0a17dc3a77` should be considered affected if they contain the vulnerable deferred PID swap delete task path.
Attack Conditions:
An attacker supplies a crafted media file or filter graph input that is processed by MP4Box through the info/import path and triggers PID reconfiguration and deferred teardown. The issue can be reproduced locally with:
```
./MP4Box -info 37_gf_filter_pid_inst_swap_delete_task_filter_core_filter_pid_c_574
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious file, or an automated media workflow invokes MP4Box on attacker-controlled input.
The prepared CVSS vector:
```
AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
```
Impact:
The immediate observed impact is Denial of Service due to process termination. Because the vulnerability is a heap use-after-free, memory corruption and potential arbitrary code execution are possible.
Fix / mitigation status:
The issue was fixed in GPAC commit:
```
976dacf65cb6986a4e4f350fb8d3ed0a17dc3a77
```
Users should update to a GPAC build containing this commit or later. The affected deferred task path should ensure that `GF_FilterPidInstance` lifetime remains valid before a scheduled delete task accesses it.
References:
- Issue: https://github.com/gpac/gpac/issues/3286
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/37/37_gf_filter_pid_inst_swap_delete_task_filter_core_filter_pid_c_574
- Fix: https://github.com/gpac/gpac/commit/976dacf65cb6986a4e4f350fb8d3ed0a17dc3a77
- CVE record: https://www.cve.org/CVERecord?id=CVE-2025-60467
Credit
Alexander A. Shvedov (@sigdevel)
#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
##Security Advisory: CVE-2025-60474 - Heap Buffer Overflow in GPAC MP4Box Media Import
A heap buffer overflow vulnerability exists in GPAC MP4Box when processing a crafted media file with the `-info` option. The issue occurs in `gf_media_import()` in `media_tools/media_import.c` and can be triggered by supplying a malformed input file to MP4Box.
Summary:
AddressSanitizer confirms an out-of-bounds read at `media_tools/media_import.c:1297`. The vulnerable code reads 1 byte at offset `[1]` from a 1-byte heap buffer allocated from an empty string via `strdup("")`, where only offset `[0]` is valid.
The crafted input reaches MP4Box media import handling and causes `gf_media_import()` to access memory immediately after a 1-byte heap allocation. The allocation originates from property handling for an empty string and is later read out of bounds during media import processing.
CWE:
CWE-122 - Heap-based Buffer Overflow
Affected Component:
```
media_tools/media_import.c:1297
Function: gf_media_import()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
```
2.5-DEV-rev1570-g6208015df-master
Commit: 6208015dff3a6735a26e413c484c714666eb3ea2
```
Attack Conditions:
An attacker supplies a crafted input file that is processed by MP4Box. The issue can be reproduced locally with:
```
./MP4Box -info 38_gf_media_import_media_tools_media_import_c_1297
```
The prepared CVSS vector:
```
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
```
Impact:
denial of service via application crash; local triage notes also identify potential code execution risk
Fix / mitigation status:
The issue was fixed in GPAC commit:
```
bd7fd6be546e0cd9e599c6b262c338c5f2ecec5c
```
Users should update to a GPAC build containing this commit or later.
References:
- Issue: https://github.com/gpac/gpac/issues/3287
- Fix: https://github.com/gpac/gpac/commit/bd7fd6be546e0cd9e599c6b262c338c5f2ecec5c
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/38/38_gf_media_import_media_tools_media_import_c_1297
- CVE record: https://www.cve.org/CVERecord?id=CVE-2025-60474
Credit
Alexander A. Shvedov (@sigdevel)
#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
##CVE-2026-48772 (CRITICAL): ProxySQL 2.0.0 – 3.0.8 lets attackers spoof source IPs via PROXY protocol v1, bypassing routing & ACLs. Upgrade to 3.0.9 or later. Restrict frontend port access. Details: https://radar.offseq.com/threat/cve-2026-48772-cwe-348-use-of-less-trusted-source--40b83fbf2f9ef184 #OffSeq #ProxySQL #CVE202648772 #Security
##Security Advisory: CVE-2025-60473 - NULL Pointer Dereference in GPAC MP4Box Filter Parent Chain
Processing a crafted media file with MP4Box `-info` can trigger a NULL pointer dereference in `gf_filter_in_parent_chain()`, causing a Denial of Service.
Summary:
The `gf_filter_in_parent_chain()` function in `filter_core/filter_pid.c` does not sufficiently validate a parent filter pointer before dereferencing it. When MP4Box processes a specially crafted media file with malformed MPEG-2 TS data and a corrupted PID/filter chain, the vulnerable path can attempt to read from address `0x000000000008`.
CWE:
CWE-476 - NULL Pointer Dereference
Affected Component:
```
filter_core/filter_pid.c:2145
Function: gf_filter_in_parent_chain()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
The issue was reproduced on:
```
GPAC version: 2.5-DEV-rev1570-g6208015df-master
Commit: 6208015dff3a6735a26e413c484c714666eb3ea2
```
The MITRE response states that GPAC Project/MP4Box before `26.02.0` is affected. Builds before the fix commit `b8d80b44718de10b101e1d7fc17c84d69feb092e` should be considered affected if they contain the vulnerable filter parent-chain validation path.
Attack Conditions:
An attacker supplies a crafted media file with malformed MPEG-2 TS packet data and a corrupted PID/filter chain. The issue can be reproduced locally with:
```
./MP4Box -info 36_gf_filter_in_parent_chain_filter_core_filter_pid_c_2145
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious file, or an automated media workflow invokes MP4Box on attacker-controlled input.
The prepared CVSS vector:
```
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
```
Impact:
The immediate observed impact is Denial of Service due to process termination. The local MITRE/BDU data also notes potential arbitrary code execution, although the available ASAN evidence shows a NULL pointer dereference crash.
Fix / mitigation status:
The issue was fixed in GPAC commit:
```
b8d80b44718de10b101e1d7fc17c84d69feb092e
```
Users should update to a GPAC build containing this commit or later. The affected filter graph code should validate parent filter pointers before dereferencing them during PID initialization.
References:
- Issue: https://github.com/gpac/gpac/issues/3285
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/36/36_gf_filter_in_parent_chain_filter_core_filter_pid_c_2145
- Fix: https://github.com/gpac/gpac/commit/b8d80b44718de10b101e1d7fc17c84d69feb092e
- CVE record: https://www.cve.org/CVERecord?id=CVE-2025-60473
Credit
Alexander A. Shvedov (@sigdevel)
#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
##Security Advisory: CVE-2025-60466 - Expired Pointer Dereference in GPAC MP4Box Packet Retrieval
Processing a crafted media file with MP4Box `-info` can trigger an expired pointer dereference in `gf_filter_pid_get_packet()`, causing a heap use-after-free crash and potential code execution.
Summary:
The `gf_filter_pid_get_packet()` function in `filter_core/filter_pid.c` may operate on an invalidated Packet ID (PID) object after it has been freed by `gf_filter_pid_del()`. When MP4Box processes a specially crafted media file through the filter graph, the `inspect` filter can request packets from a stale PID object, leading to access to freed heap memory.
CWE:
CWE-825 - Expired Pointer Dereference
Affected Component:
```
filter_core/filter_pid.c:6827
Function: gf_filter_pid_get_packet()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
The issue was reproduced on:
```
GPAC version: 2.5-DEV-rev1570-g6208015df-master
Commit: 6208015dff3a6735a26e413c484c714666eb3ea2
```
The MITRE response states that GPAC Project/MP4Box before `26.02.0` is affected. Builds before the fix commit `4a7ea06dd1b2cc65fe0dabc60189eb6bc814f7bb` should be considered affected if they contain the vulnerable PID packet retrieval path.
Attack Conditions:
An attacker supplies a crafted media file that is processed by MP4Box through the info/import path and drives the inspect/filter pipeline through PID deletion and packet retrieval paths. The issue can be reproduced locally with:
```
./MP4Box -info 35_gf_filter_pid_get_packet_filter_core_filter_pid_c_6827
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious file, or an automated media workflow invokes MP4Box on attacker-controlled input.
The prepared CVSS vector in the local BDU data is:
```
AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
```
Impact:
The immediate observed impact is Denial of Service due to process termination. Because the vulnerability is a heap use-after-free / expired pointer dereference, memory corruption and potential arbitrary code execution are possible.
Fix / mitigation status:
The issue was fixed in GPAC commit:
```
4a7ea06dd1b2cc65fe0dabc60189eb6bc814f7bb
```
Users should update to a GPAC build containing this commit or later. The fix adds checks to ignore tasks when PID or filter objects have been removed or finalized, preventing stale object use.
References:
- Issue: https://github.com/gpac/gpac/issues/3284
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/35/35_gf_filter_pid_get_packet_filter_core_filter_pid_c_6827
- Fix: https://github.com/gpac/gpac/commit/4a7ea06dd1b2cc65fe0dabc60189eb6bc814f7bb
- CVE record: https://www.cve.org/CVERecord?id=CVE-2025-60466
Credit
Alexander A. Shvedov (@sigdevel)
#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
##Security Advisory: CVE-2025-60465 - Use-After-Free in GPAC MP4Box PID Instance Swap
Processing a crafted media file with MP4Box `-info` can trigger a heap use-after-free in `gf_filter_pid_inst_swap()`, causing a crash and potential code execution.
Summary:
The `gf_filter_pid_inst_swap()` function in `filter_core/filter_pid.c` does not reset `ctx->pid_inst` to NULL after freeing the PID instance. Subsequent PID configuration and reconfiguration steps can reuse this dangling pointer, leading to access to freed heap memory.
CWE:
CWE-416 - Use After Free
Affected Component:
```
filter_core/filter_pid.c:633
Function: gf_filter_pid_inst_swap()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
The issue was reproduced on:
```
GPAC version: 2.5-DEV-rev1570-g6208015df-master
Commit: 6208015dff3a6735a26e413c484c714666eb3ea2
```
The MITRE response states that GPAC Project/MP4Box before `26.02.0` is affected. Builds before the fix commit `55b351bd078c950592544ab4c708a613c1725b9b` should be considered affected if they contain the vulnerable PID instance swap path.
Attack Conditions:
An attacker supplies a crafted media or MPEG-2 TS input that is processed by MP4Box through the info/import path and triggers filter PID reconfiguration. The issue can be reproduced locally with:
```
./MP4Box -info 34_gf_filter_pid_inst_swap_filter_core_filter_pid_c_633
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious file, or an automated media workflow invokes MP4Box on attacker-controlled input.
The prepared CVSS vector in the local BDU data is:
```
AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
```
Impact:
The immediate observed impact is Denial of Service due to process termination. Because the vulnerability is a heap use-after-free, memory corruption and potential arbitrary code execution are possible.
Fix / mitigation status:
The issue was fixed in GPAC commit:
```
55b351bd078c950592544ab4c708a613c1725b9b
```
Users should update to a GPAC build containing this commit or later. The affected PID instance swap path should clear `ctx->pid_inst` after freeing it and avoid later use of stale PID object pointers.
References:
- Issue: https://github.com/gpac/gpac/issues/3283
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/34/34_gf_filter_pid_inst_swap_filter_core_filter_pid_c_633
- Fix: https://github.com/gpac/gpac/commit/55b351bd078c950592544ab4c708a613c1725b9b
- CVE record: https://www.cve.org/CVERecord?id=CVE-2025-60465
Credit
Alexander A. Shvedov (@sigdevel)
#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
##Security Advisory: CVE-2025-60464 - Use-After-Free in GPAC MP4Box SEI State Handling
Processing a crafted MPEG-2 TS file with MP4Box `-info` can trigger a heap use-after-free in `gf_sei_load_from_state_internal()`, causing a crash and potential code execution.
Summary:
The `gf_sei_load_from_state_internal()` function in `filters/sei_load.c` can access codec/SEI state after the related heap buffer has been freed by the NALU demuxer setup path. When MP4Box processes a specially crafted MPEG-2 Transport Stream file containing malformed AVC/HEVC/VVC NAL units and corrupted PMT descriptors, `naludmx_configure_pid()` can release a state buffer that is later read during SEI state loading.
CWE:
CWE-416 - Use After Free
Affected Component:
```
filters/sei_load.c:225
Function: gf_sei_load_from_state_internal()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
The issue was reproduced on:
```
GPAC version: 2.5-DEV-rev1557-g62714f27c-master
Commit: 62714f27c64a3d1eb7e880f9eed2d38673cb43ce
```
The MITRE response states that GPAC Project/MP4Box before `26.02.0` is affected. Builds before the fix commit `8f404bd581e455267482f86272169a742f654b97` should be considered affected if they contain the vulnerable SEI state handling path.
Attack Conditions:
An attacker supplies a crafted MPEG-2 TS file containing malformed AVC/HEVC/VVC bitstream data, corrupted PMT descriptors, and invalid NAL/SEI state. The issue can be reproduced locally with:
```
./MP4Box -info 32_filters_sei_load_c_225_in_gf_sei_load_from_state_internal
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious file, or an automated media workflow invokes MP4Box on attacker-controlled input.
The prepared CVSS vector in the local BDU data is:
```
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
```
Impact:
The immediate observed impact is Denial of Service due to process termination. Because the vulnerability is a heap use-after-free, memory corruption and potential arbitrary code execution are possible.
Fix / mitigation status:
The issue was fixed in GPAC commit:
```
8f404bd581e455267482f86272169a742f654b97
```
Users should update to a GPAC build containing this commit or later. The affected SEI/NALU handling path should ensure state buffers remain valid before SEI parsing reads from them.
References:
- Issue: https://github.com/gpac/gpac/issues/3278
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/32/32_filters_sei_load_c_225_in_gf_sei_load_from_state_internal
- Fix: https://github.com/gpac/gpac/commit/8f404bd581e455267482f86272169a742f654b97
- CVE record: https://www.cve.org/CVERecord?id=CVE-2025-60464
Credit
Alexander A. Shvedov (@sigdevel)
#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
##deepstream.io <10.0.5 has a CRITICAL Prototype Pollution flaw (CVE-2026-49252, CVSS 9.9). Authenticated users with write access can escalate privileges. Patch to 10.0.5+ ASAP! https://radar.offseq.com/threat/cve-2026-49252-cwe-1321-improperly-controlled-modi-de9b0627d448856f #OffSeq #CVE202649252 #deepstreamio #infosec
##CVE-2026-49454: szTheory relyra (<1.2.0) has a CRITICAL SAML authentication flaw — improper signature verification lets attackers forge responses & impersonate users. Fixed in v1.2.0. Patch now! https://radar.offseq.com/threat/cve-2026-49454-cwe-287-improper-authentication-in--d880f0af884dcf13 #OffSeq #CVE202649454 #SAML #Elixir #InfoSec
##CVE-2026-49257: startreedata mcp-pinot <=3.0.1 has a CRITICAL auth bypass. MCP server exposes full read/write access to Pinot clusters on 0.0.0.0:8080. Upgrade to 3.1.0 ASAP. https://radar.offseq.com/threat/cve-2026-49257-cwe-306-missing-authentication-for--c0c28b77341e3a12 #OffSeq #Vulnerability #CVE202649257 #Infosec
##I'm more than 25 years into IT at this point, but this is a first for me. Not one I'm proud of, but one I take responsibility for:
My project ansible_jailexec (an Ansible connection plugin for FreeBSD Jails) had a bug that turned out to be a vulnerability. Improper Link Resolution Before File Access (CWE-59), a jail escape. It's been assigned CVE-2026-55074 so people can scan for it (I know it's bundled into Collections out there).
If you're running < 2.0.0: please upgrade. 2.0.0 fixes it.
Advisory: https://github.com/chofstede/ansible_jailexec/security/advisories/GHSA-cxgv-hp74-jj7r
Release: https://github.com/chofstede/ansible_jailexec/releases/tag/v2.0.0
Bitnami Cassandra container images (4.0.0, 4.1.0, 5.0.0) have a CRITICAL flaw (CVE-2026-47846): default cassandra:cassandra superuser may remain after custom admin setup. Update urgently! https://radar.offseq.com/threat/cve-2026-47846-cwe-798-use-of-hard-coded-credentia-ebcf63185c71b6d0 #OffSeq #Cassandra #Vuln #CloudSecurity
##