FediSecfeeds

CVE	CVSS	EPSS	Posts	Repos	Nuclei	Updated	Description
CVE-2026-10165	8.8	0.00%	2	0		2026-05-31T04:16:19.510000	A vulnerability was identified in Edimax BR-6478AC 1.23. The impacted element is
CVE-2026-10162	8.8	0.00%	4	0		2026-05-31T03:16:15.660000	A flaw has been found in TRENDnet TEW-432BRP 3.10B20. This vulnerability affects
CVE-2026-10161	8.8	0.00%	2	0		2026-05-31T03:16:15.503000	A vulnerability was detected in TRENDnet TEW-432BRP 3.10B20. This affects the fu
CVE-2026-10160	8.8	0.00%	2	0		2026-05-31T03:16:14.430000	A security vulnerability has been detected in TRENDnet TEW-432BRP 3.10B20. Affec
CVE-2026-10159	8.8	0.00%	2	0		2026-05-31T02:16:34.290000	A weakness has been identified in TRENDnet TEW-432BRP 3.10B20. Affected by this
CVE-2026-10158	8.8	0.00%	2	0		2026-05-31T02:16:34.107000	A security flaw has been discovered in TRENDnet TEW-432BRP 3.10B20. Affected is
CVE-2026-10124	8.8	0.00%	2	0		2026-05-30T18:31:11	A vulnerability was determined in Shibby Tomato up to 1.28. Affected is the func
CVE-2026-10121	8.8	0.00%	2	0		2026-05-30T18:31:11	A flaw has been found in TRENDnet TEW-432BRP 3.10B20. The impacted element is th
CVE-2026-10126	8.8	0.00%	4	0		2026-05-30T17:16:21.060000	A security flaw has been discovered in Edimax BR-6478AC 1.23. Affected by this i
CVE-2026-10125	8.8	0.00%	2	0		2026-05-30T16:17:04.910000	A vulnerability was identified in Edimax BR-6478AC 1.23. Affected by this vulner
CVE-2026-10123	8.8	0.00%	2	0		2026-05-30T16:17:04.580000	A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. This impacts the funct
CVE-2026-10122	8.8	0.00%	2	0		2026-05-30T16:17:04.420000	A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. This affects the
CVE-2026-10120	8.8	0.00%	2	0		2026-05-30T15:16:15.173000	A vulnerability was detected in TRENDnet TEW-432BRP 3.10B20. The affected elemen
CVE-2026-10119	8.8	0.00%	2	0		2026-05-30T14:16:24.513000	A security vulnerability has been detected in TRENDnet TEW-432BRP 3.10B20. Impac
CVE-2026-7459	7.5	0.06%	4	0		2026-05-30T12:30:31	The Simple History – Track, Log, and Audit WordPress Changes plugin for WordPres
CVE-2026-7465	8.8	0.22%	4	1		2026-05-30T12:30:31	The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for W
CVE-2026-9757	7.5	0.09%	2	0		2026-05-30T10:16:23.980000	The GEO my WP plugin for WordPress is vulnerable to SQL Injection via the 'swlat
CVE-2026-10112	2.4	0.03%	2	0		2026-05-30T08:16:16.180000	A vulnerability has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0. Affec
CVE-2026-10110	7.3	0.03%	2	1		2026-05-30T07:16:27.813000	A vulnerability was detected in code-projects Student Details Management System
CVE-2026-10044	7.5	0.05%	1	0		2026-05-30T04:17:05.463000	Usagi-org ai-goofish-monitor contains an unauthenticated arbitrary file read vul
CVE-2026-35671	8.8	0.04%	1	0		2026-05-30T02:16:17.737000	phpMyFAQ before 4.1.3 contains an insecure direct object reference vulnerability
CVE-2026-9831	6.3	0.05%	2	0		2026-05-30T00:30:31	A race condition in the shared Extreme Platform ONE IAM Gateway API-key authenti
CVE-2026-44697	8.6	0.04%	2	0		2026-05-29T21:57:08	## Summary A remote, unauthenticated denial-of-service vulnerability in `Batch.
CVE-2026-42941	8.3	0.01%	2	0		2026-05-29T21:31:30	The Danelec MacGregor Voyage Data Recorder device includes a default username a
CVE-2026-49366	7.8	0.00%	1	0		2026-05-29T21:31:30	In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via fi
CVE-2026-49372	7.5	0.00%	1	0		2026-05-29T21:31:30	In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build st
CVE-2026-48557	8.8	0.10%	1	0		2026-05-29T21:31:25	Spatie Laravel Media Library before version 11.23.0 contains a file upload restr
CVE-2026-49368	8.7	0.01%	2	0		2026-05-29T21:31:23	In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification tem
CVE-2026-49374	7.6	0.00%	1	0		2026-05-29T21:31:23	In JetBrains TeamCity before 2026.1 improper permission checks exposed build con
CVE-2026-49367	8.0	0.00%	1	0		2026-05-29T21:31:22	In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via th
CVE-2026-42929	8.3	0.01%	2	0		2026-05-29T21:31:21	Danelec MacGregor Voyage Data Recorder includes default accounts with hard-coded
CVE-2026-5343	7.4	0.03%	1	0		2026-05-29T21:31:18	Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal SAM
CVE-2026-46821	7.7	0.03%	1	0		2026-05-29T20:49:23.327000	Vulnerability in the Oracle Financials Common Modules product of Oracle E-Busine
CVE-2026-10105	8.3	0.03%	2	0		2026-05-29T20:25:00.760000	agno 2.6.5 contains a SQL injection vulnerability in the ClickHouse vector datab
CVE-2026-45628	9.6	0.05%	2	0		2026-05-29T20:25:00.760000	Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.29.2 and ear
CVE-2026-45625	9.9	0.05%	2	0		2026-05-29T20:25:00.760000	Arcane is an interface for managing Docker containers, images, networks, and vol
CVE-2026-45661	9.9	0.08%	2	0		2026-05-29T20:25:00.760000	Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.5 and ear
CVE-2026-45631	10.0	0.07%	2	0		2026-05-29T20:25:00.760000	Dokploy is a free, self-hostable Platform as a Service (PaaS). From 0.27.0 to be
CVE-2026-44285	7.7	0.03%	2	0		2026-05-29T20:23:16.083000	FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, a Server-Side R
CVE-2026-44422	7.5	0.05%	2	0		2026-05-29T20:22:37.383000	FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0
CVE-2026-47123	7.5	0.01%	1	0		2026-05-29T20:21:38.773000	FreeScout is a free help desk and shared inbox built with PHP's Laravel framewor
CVE-2026-9998	8.3	0.07%	3	0		2026-05-29T20:18:44.250000	Integer overflow in Skia in Google Chrome prior to 148.0.7778.216 allowed a remo
CVE-2026-44648	7.5	0.02%	2	1		2026-05-29T20:17:38.110000	SillyTavern is a locally installed user interface that allows users to interact
CVE-2026-47740	8.1	0.03%	2	0		2026-05-29T20:17:38.110000	Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Multiple Filament
CVE-2026-47744	9.9	0.03%	1	0		2026-05-29T20:17:38.110000	Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, two distinct autho
CVE-2026-0257	9.1	41.50%	20	4		2026-05-29T20:16:21.803000	Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of
CVE-2026-9051	9.1	0.03%	1	0		2026-05-29T19:16:28.800000	There is an authentication bypass vulnerability in the NI SystemLink Enterprise
CVE-2026-46835	7.5	0.04%	1	0		2026-05-29T18:32:28	Vulnerability in the Net Service component of Oracle Database Server. Supported
CVE-2026-46834	7.5	0.04%	1	0		2026-05-29T18:32:27	Vulnerability in the Net Service component of Oracle Database Server. Supported
CVE-2026-10108	7.5	0.18%	2	0		2026-05-29T18:31:42	xiaomusic v0.5.7 contains an unauthenticated path traversal vulnerability in the
CVE-2026-10107	7.7	0.03%	2	0		2026-05-29T18:31:42	MoviePilot v2 contains a server-side request forgery vulnerability in the image
CVE-2026-5768	8.8	0.03%	1	0		2026-05-29T18:31:42	The Frontier X2 device allows unauthenticated BLE read/write access to critical
CVE-2026-7786	9.8	0.04%	1	0		2026-05-29T18:31:42	Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Con
CVE-2026-32905	8.3	0.04%	1	0		2026-05-29T18:31:42	OpenClaw before 2026.5.4 contains an authorization bypass vulnerability in the b
CVE-2026-35630	8.0	0.04%	1	0		2026-05-29T18:31:42	OpenClaw before 2026.5.18 contains an authorization bypass vulnerability in QQBo
CVE-2026-10065	8.8	0.04%	1	0		2026-05-29T18:31:41	A weakness has been identified in Shibby Tomato 1.28. This vulnerability affects
CVE-2026-46840	10.0	0.04%	1	1		2026-05-29T18:31:20	Vulnerability in Oracle REST Data Services (component: Backend-as-a-Service). S
CVE-2026-46839	9.9	0.04%	1	0		2026-05-29T18:31:20	Vulnerability in Oracle REST Data Services (component: Core). Supported version
CVE-2026-9999	8.8	0.08%	3	1		2026-05-29T18:17:18.940000	Inappropriate implementation in ANGLE in Google Chrome on Mac prior to 148.0.777
CVE-2026-6824	8.4	0.04%	1	0		2026-05-29T18:17:13.147000	A stored cross-site scripting (XSS) vulnerability exists in certain 1xxx series
CVE-2026-5386	9.1	0.05%	1	0		2026-05-29T18:17:12.867000	The affected KMW CCTV Security Cameras are vulnerable to a critical unauthentica
CVE-2026-45615	8.2	0.06%	1	0		2026-05-29T18:17:10.163000	mouse07410/asn1c is an ASN.1 compiler. In 1.4 and earlier, a memory safety vulne
CVE-2026-44962	9.9	0.05%	1	0		2026-05-29T16:33:43.467000	Plesk contains an XPath injection vulnerability in the APS Application Catalog s
CVE-2026-35674	8.8	0.04%	1	0		2026-05-29T16:29:34.540000	OpenClaw before 2026.5.18 contains a scope bypass vulnerability in the Gateway c
CVE-2026-10069	7.5	0.05%	2	0		2026-05-29T16:29:11.350000	A vulnerability has been found in Shibby Tomato 1.28. The impacted element is an
CVE-2026-10067	8.8	0.04%	1	0		2026-05-29T16:29:11.350000	A vulnerability was detected in Shibby Tomato 1.28. Impacted is the function sub
CVE-2026-10066	8.8	0.04%	1	0		2026-05-29T16:29:11.350000	A security vulnerability has been detected in Shibby Tomato up to 1.28. This iss
CVE-2026-44698	8.3	0.02%	1	0		2026-05-29T16:25:57.843000	Home Assistant is open source home automation software that puts local control a
CVE-2026-45323	9.6	0.04%	1	0		2026-05-29T16:25:57.843000	MeshCore Card provides MeshCore Lovelace card for Home Assistant. Prior to 0.3.3
CVE-2026-32847	7.5	0.08%	1	0		2026-05-29T16:19:35.753000	DeepCode through commit c991dc2 contains a path traversal vulnerability in the S
CVE-2026-46837	8.8	0.04%	1	0		2026-05-29T16:16:30.673000	Vulnerability in the Oracle Flow Manufacturing product of Oracle E-Business Suit
CVE-2026-10062	8.8	0.04%	2	0		2026-05-29T15:42:56.873000	A vulnerability was determined in TRENDnet TEW-432BRP 3.10B20. Affected by this
CVE-2026-9809	7.6	0.02%	2	0		2026-05-29T15:39:34.620000	A stored Cross-Site Scripting (XSS) vulnerability exists in the Projects compone
CVE-2026-4944	8.8	0.09%	1	0		2026-05-29T15:39:34.620000	vllm-project/vllm version 0.14.1 contains a vulnerability where the `trust_remot
CVE-2026-45348	8.7	0.03%	1	0		2026-05-29T15:39:34.620000	pyLoad is a free and open-source download manager written in Python. Prior to 0.
CVE-2026-10042	9.8	0.36%	2	0		2026-05-29T15:30:43	manga-image-translator contains a remote code execution vulnerability in the sha
CVE-2026-10063	8.8	0.04%	2	0		2026-05-29T15:30:43	A vulnerability was identified in TRENDnet TEW-432BRP 3.10B20. Affected by this
CVE-2026-4290	9.1	0.04%	2	0		2026-05-29T15:30:43	The WP Travel Pro plugin for WordPress is vulnerable to arbitrary user deletion
CVE-2026-10071	9.8	0.19%	2	0		2026-05-29T15:30:38	DreamMaker developed by Interinfo has an Arbitrary File Upload vulnerability, al
CVE-2026-44887	9.8	0.21%	1	0		2026-05-29T15:29:42.387000	Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to
CVE-2026-10073	7.5	0.10%	2	0		2026-05-29T15:11:03.853000	DreamMaker developed by Interinfo has an Arbitrary File Read vulnerability, allo
CVE-2026-45039	9.8	0.04%	1	0		2026-05-29T15:11:03.853000	RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta
CVE-2026-45578	8.8	0.05%	1	0		2026-05-29T15:06:44.207000	WWBN AVideo is an open source video platform. In 29.0 and earlier, there is a cl
CVE-2026-45707	8.1	0.03%	1	0		2026-05-29T15:06:44.207000	n8n-MCP is an MCP server that provides AI assistants access to n8n node document
CVE-2026-44882	8.1	0.04%	1	0		2026-05-29T15:06:44.207000	Portainer Community Edition is a lightweight service delivery platform for conta
CVE-2026-48527	8.7	0.03%	2	0		2026-05-29T14:07:52	## Summary HaxCMS is affected by a stored cross-site scripting (XSS) vulnerabil
CVE-2025-11993	8.8	0.08%	2	0		2026-05-29T13:09:05.450000	The WooCommerce Infinite Scroll and Ajax Pagination plugin for WordPress is vuln
CVE-2026-8732	9.8	0.07%	5	2		2026-05-29T13:09:05.450000	The WP Maps Pro plugin for WordPress is vulnerable to Privilege Escalation via A
CVE-2026-3655	9.8	0.26%	3	0		2026-05-29T13:09:05.450000	The OTP Login With Phone Number, OTP Verification plugin for WordPress is vulner
CVE-2026-6075	8.1	0.04%	2	0		2026-05-29T13:09:05.450000	The Media Library Assistant plugin for WordPress is vulnerable to Cross-Site Req
CVE-2026-42965	7.7	0.03%	2	0		2026-05-29T12:31:29	A flaw was found in the OpenShift Router. A user with EndpointSlice write access
CVE-2026-10056	7.5	0.08%	2	0		2026-05-29T09:16:17.147000	CORS misconfiguration in the REST API of Network Optix Nx Witness VMS before ver
CVE-2026-8070	None	0.01%	1	0		2026-05-29T03:31:14	Incorrect permission assignment for a critical resource in Armoury Crate allows
CVE-2026-7480	None	0.01%	1	0		2026-05-29T03:31:13	An Incorrect Permission Assignment for Critical Resource vulnerability in ASUS S
CVE-2026-45344	8.1	0.16%	1	0		2026-05-29T02:44:14.130000	LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, the s
CVE-2026-49128	7.5	0.11%	1	0		2026-05-29T00:39:36	Music Player Daemon (MPD) before version 0.24.11 contains a path traversal vulne
CVE-2026-8809	9.8	0.19%	1	0		2026-05-29T00:38:45	The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privi
CVE-2026-49127	8.6	0.06%	1	0		2026-05-29T00:38:32	Music Player Daemon (MPD) before version 0.24.11 contains a stack buffer overflo
CVE-2026-47179	7.7	0.05%	1	0		2026-05-28T22:39:26	## Summary `ProjectService.GetProjectFileContent` returns the contents of any D
CVE-2026-39929	7.5	0.11%	1	0		2026-05-28T22:16:58.693000	Lakeside SysTrack Agent versions prior to 11.2.1.28, 11.3.0.38, 11.4.0.24, 11.5.
CVE-2026-46833	9.0	0.04%	1	0		2026-05-28T21:32:11	Vulnerability in the Net Service component of Oracle Database Server. Supported
CVE-2026-47331	7.8	0.01%	1	0		2026-05-28T21:32:10	Ubuntu Linux 6.8 contains AppArmor SAUCE patches which fail to acquire a lock wh
CVE-2026-47333	7.8	0.01%	1	0		2026-05-28T21:32:10	Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which can potentia
CVE-2026-9645	9.9	0.05%	1	0		2026-05-28T21:16:34.950000	Exposed methods allow authenticated users to create and execute arbitrary JavaSc
CVE-2026-47760	8.7	0.03%	1	0		2026-05-28T19:19:03.740000	TinyMCE is an open source rich text editor. From 6.8.0 to before 7.1.0, TinyMCE
CVE-2026-45296	7.7	0.03%	1	0		2026-05-28T18:40:37.990000	OpenReplay is a self-hosted session replay suite. Prior to 1.26.0, OpenReplay's
CVE-2026-45311	9.6	0.04%	1	0		2026-05-28T18:40:37.990000	CodeWhale is a DeepSeek + MiMo coding agent in terminal. From 0.3.0 to 0.8.23, t
CVE-2026-38703	9.8	0.17%	1	0		2026-05-28T18:30:39	A command injection vulnerability exists in the ZeroTier VPN feature of InHand N
CVE-2026-38702	9.8	0.17%	1	0		2026-05-28T18:30:39	A command injection vulnerability exists in the Admin Access feature of InHand N
CVE-2026-38704	9.8	0.17%	1	0		2026-05-28T18:30:39	A command injection vulnerability exists in the WireGuard VPN feature of InHand
CVE-2026-38707	9.8	0.17%	1	0		2026-05-28T18:30:39	A command injection vulnerability exists in the IPSec VPN feature of InHand Netw
CVE-2026-9095	8.1	0.04%	1	0		2026-05-28T18:16:36.320000	Casdoor versions 2.362.0 and earlier map SAML assertions to user sessions withou
CVE-2026-35675	8.2	0.11%	1	0		2026-05-28T14:20:34	### Summary An authentication bypass vulnerability in phpMyFAQ allows any unauth
CVE-2026-44635	7.5	0.05%	1	0		2026-05-28T14:16:20.450000	Kysely is a type-safe TypeScript SQL query builder. From 0.26.0 to 0.28.16, Defa
CVE-2026-7862	8.6	0.04%	1	0		2026-05-28T13:45:25.260000	The Eupago Gateway For Woocommerce WordPress plugin before 4.7.2 does not proper
CVE-2026-9227	8.8	0.14%	1	0		2026-05-28T09:31:27	The GutenBee – Gutenberg Blocks plugin for WordPress is vulnerable to Arbitrary
CVE-2026-4408	9.0	0.23%	2	0		2026-05-28T09:31:27	A flaw was found in Samba. A remote attacker can exploit a misconfiguration in S
CVE-2026-6455	8.1	0.04%	1	0		2026-05-28T09:31:26	The WP Contact Form 7 DB Handler plugin for WordPress is vulnerable to Cross-Sit
CVE-2026-45332	7.5	0.04%	1	0		2026-05-27T21:32:32	### Summary A Broken Access Control vulnerability allows an unauthenticated at
CVE-2026-48027	9.8	26.85%	1	0		2026-05-27T20:34:24.850000	Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious ver
CVE-2026-42197	8.7	0.03%	1	0		2026-05-27T20:16:36.260000	RELATE is a web-based courseware package. Versions prior to commit 555f0efb1c5bd
CVE-2026-45088	7.5	0.03%	1	0		2026-05-27T19:49:48.143000	Dalfox is a powerful open-source XSS scanner and utility focused on automation.
CVE-2026-45047	7.5	0.08%	1	0		2026-05-27T18:16:24.150000	bird-lg-go is a BIRD looking glass in Go. Prior to 1.4.5, the apiHandler (and si
CVE-2026-46372	8.5	2.59%	2	0	template	2026-05-27T06:01:20	## Resolution SillyTavern 1.18.0 added a generic server-side request filter (Pr
CVE-2026-43284	7.8	38.45%	1	34		2026-05-26T18:32:39	In the Linux kernel, the following vulnerability has been resolved: xfrm: esp:
CVE-2026-26980	9.4	56.66%	1	5	template	2026-05-26T15:16:24.310000	Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 all
CVE-2026-45659	8.8	0.62%	1	2		2026-05-26T13:30:30	Deserialization of untrusted data in Microsoft Office SharePoint allows an autho
CVE-2026-47125	8.8	0.04%	1	0		2026-05-23T00:16:58	## Summary The `PUT /api/environments/{id}/templates/variables` endpoint, which
CVE-2026-45498	4.0	4.11%	1	1		2026-05-20T18:31:35	Microsoft Defender Denial of Service Vulnerability
CVE-2026-41091	7.8	6.98%	1	2		2026-05-20T18:31:35	Improper link resolution before file access ('link following') in Microsoft Defe
CVE-2026-31431	7.8	2.23%	4	100		2026-05-18T18:32:28	In the Linux kernel, the following vulnerability has been resolved: crypto: alg
CVE-2026-45716	8.8	0.03%	1	0		2026-05-18T17:42:25	## Summary The `POST /api/global/users/onboard` endpoint is protected by `works
CVE-2026-45697	9.8	0.10%	1	0		2026-05-18T17:23:40	### Impact - Unauthenticated users could submit crafted values into Hidden field
CVE-2026-45627	8.2	0.03%	2	0		2026-05-18T14:19:29	## Summary The unauthenticated `GET /api/app-images/logo` endpoint reflects a u
CVE-2026-46510	8.2	0.04%	1	0		2026-05-18T13:28:33	## Summary `form-data-objectizer` walks bracket-notation form keys (e.g. `name[
CVE-2026-44850	8.5	0.03%	1	0		2026-05-16T05:57:22	## Summary Portainer offers an environment-level **Disable bind mounts for non-
CVE-2026-46509	8.2	0.04%	1	0		2026-05-14T20:55:25	### Impact Prototype pollution is possible when property paths contain `__proto_
CVE-2026-45374	9.6	0.04%	1	0		2026-05-14T20:29:53	### Summary The `task_create` tool spawns durable sub-agents that inherit two i
CVE-2026-20182	10.0	77.32%	1	3	template	2026-05-14T18:33:03	May 2026: This security advisory provides the details and fix information for a
CVE-2026-44973	8.1	0.05%	1	0		2026-05-14T18:25:39	### Impact Multiple path traversal issues exist across different components of `
CVE-2026-45321	9.6	17.05%	1	12		2026-05-13T16:25:19	## Summary On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicio
CVE-2026-43898	10.0	0.05%	1	0		2026-05-13T15:26:02	### Summary Sandbox-defined functions expose `Function.caller`, allowing sandbox
CVE-2026-28910	3.3	0.01%	1	0		2026-05-13T00:49:16	This issue was addressed with improved permissions checking. This issue is fixed
CVE-2026-44650	9.1	0.08%	2	0		2026-05-12T22:23:47	## Summary `POST /api/extensions/delete` endpoint accepts `extensionName: "."`
CVE-2026-44649	9.8	0.07%	2	0		2026-05-12T22:23:33	## Resolution SillyTavern 1.18.0 now includes a configuration option to limit w
CVE-2026-40369	7.8	0.01%	1	4		2026-05-12T18:30:50	Untrusted pointer dereference in Windows Kernel allows an authorized attacker to
CVE-2026-39987	9.8	82.17%	4	11	template	2026-04-23T20:15:29.690000	marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE
CVE-2026-33825	7.8	7.07%	1	5		2026-04-23T19:05:04.173000	Insufficient granularity of access control in Microsoft Defender allows an autho
CVE-2010-3035	7.5	5.30%	1	0		2026-04-22T15:40:53.840000	Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle
CVE-2026-40933	9.9	0.07%	4	0		2026-04-16T21:18:18	### Summary Due to unsafe serialization of stdio commands in the MCP adapter, an
CVE-2024-32980	9.1	0.19%	1	0		2026-04-15T00:35:42.020000	Spin is the developer tool for building and running serverless applications powe
CVE-2024-8310	9.8	0.04%	1	0		2026-04-15T00:35:42.020000	OPW Fuel Management Systems SiteSentinel could allow an attacker to bypass auth
CVE-2024-55884	9.0	0.80%	1	0		2026-04-15T00:35:42.020000	In the Mullvad VPN client 2024.6 (Desktop), 2024.8 (iOS), and 2024.8-beta1 (Andr
CVE-2026-35616	9.8	41.17%	2	8	template	2026-04-06T18:33:04	A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through
CVE-2026-4565	8.8	0.10%	1	2		2026-04-03T11:31:50.243000	A vulnerability was detected in Tenda AC21 16.03.08.16. Impacted is the function
CVE-2026-3172	8.1	0.06%	2	0		2026-02-25T21:31:25	Buffer overflow in parallel HNSW index build in pgvector 0.6.0 through 0.8.1 all
CVE-2026-20127	10.0	54.80%	1	7		2026-02-25T18:31:45	A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controlle
CVE-2026-24061	9.8	91.12%	1	66	template	2026-02-11T15:40:42.937000	telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "
CVE-2025-10158	4.3	0.06%	1	0		2025-11-18T15:30:54	A malicious client acting as the receiver of an rsync file transfer can trigger
CVE-2023-20269	5.0	0.88%	2	0		2025-10-28T13:59:45.003000	A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appl
CVE-2023-20198	10.0	94.01%	1	35	template	2025-10-28T13:59:32.787000	Cisco is providing an update for the ongoing investigation into observed exploit
CVE-2020-3259	7.5	69.73%	1	0		2025-10-28T13:57:45.773000	A vulnerability in the web services interface of Cisco Adaptive Security Applian
CVE-2025-20362	6.5	46.78%	1	1	template	2025-10-22T00:34:26	A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security
CVE-2022-20821	6.5	8.84%	1	0		2025-10-22T00:33:40	A vulnerability in the health check RPM of Cisco IOS XR Software could allow an
CVE-2024-20353	8.6	17.38%	2	1		2025-10-22T00:33:02	A vulnerability in the management and VPN web servers for Cisco Adaptive Securit
CVE-2020-3433	7.8	4.46%	2	1		2025-10-22T00:33:02	A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConn
CVE-2020-3153	6.5	25.09%	2	3		2025-10-22T00:32:53	A vulnerability in the installer component of Cisco AnyConnect Secure Mobility C
CVE-2019-15271	8.8	5.60%	2	0		2025-10-22T00:31:49	A vulnerability in the web-based management interface of certain Cisco Small Bus
CVE-2019-1385	7.8	0.49%	4	0		2025-10-22T00:31:48	An elevation of privilege vulnerability exists when the Windows AppX Deployment
CVE-2018-0179	5.9	2.03%	1	0		2025-10-22T00:31:32	Multiple vulnerabilities in the Login Enhancements (Login Block) feature of Cisc
CVE-2024-20844	8.4	0.10%	1	0		2025-02-07T17:52:20.117000	Out-of-bounds write vulnerability while parsing remaining codewords in libsavsac
CVE-2024-3120	9.0	3.38%	1	0		2025-02-03T18:31:45	A stack-buffer overflow vulnerability exists in all versions of sngrep since v1.
CVE-2025-0066	9.9	0.09%	1	0		2025-01-14T03:31:48	Under certain conditions SAP NetWeaver AS for ABAP and ABAP Platform (Internet C
CVE-2021-24084	5.5	3.49%	2	2		2024-11-21T05:52:19.237000	Windows Mobile Device Management Information Disclosure Vulnerability
CVE-2024-45694	9.8	2.49%	1	0		2024-09-17T18:40:07.243000	The web service of certain models of D-Link wireless routers contains a Stack-ba
CVE-2024-7261	9.8	27.88%	1	0		2024-09-13T19:39:40.570000	The improper neutralization of special elements in the parameter "host" in the C
CVE-2024-42395	9.8	0.27%	2	0		2024-08-12T18:30:47	There is a vulnerability in the AP Certificate Management Service which could al
CVE-2024-27143	9.8	0.19%	1	0		2024-07-04T06:35:02	Toshiba printers use SNMP for configuration. Using the private community, it is
CVE-2026-9558	0	0.20%	2	0			N/A
CVE-2026-9559	0	0.21%	2	0			N/A
CVE-2026-45312	0	0.05%	2	0			N/A
CVE-2026-48095	0	0.00%	3	1			N/A
CVE-2026-45629	0	0.23%	2	0			N/A
CVE-2026-47187	0	0.00%	2	0			N/A
CVE-2025-60486	0	0.00%	2	0			N/A
CVE-2025-60485	0	0.00%	2	0			N/A
CVE-2026-45633	0	0.24%	2	0			N/A
CVE-2026-45632	0	0.04%	2	0			N/A
CVE-2026-45630	0	0.18%	2	0			N/A
CVE-2026-44421	0	0.05%	2	0			N/A
CVE-2026-44420	0	0.02%	2	0			N/A
CVE-2026-45372	0	0.04%	2	0			N/A
CVE-2025-55664	0	0.00%	1	0			N/A
CVE-2026-48710	0	0.03%	1	3			N/A
CVE-2025-60481	0	0.00%	1	0			N/A
CVE-2025-60483	0	0.00%	1	0			N/A
CVE-2025-60495	0	0.00%	1	0			N/A
CVE-2026-45663	0	0.23%	1	0			N/A
CVE-2026-45662	0	0.21%	1	0			N/A
CVE-2025-60477	0	0.00%	1	0			N/A
CVE-2026-45555	0	0.02%	1	0			N/A
CVE-2026-48116	0	0.05%	1	0			N/A
CVE-2026-47761	0	0.03%	1	0			N/A
CVE-2026-47759	0	0.03%	1	0			N/A
CVE-2026-49238	0	0.02%	1	0			N/A
CVE-2026-27771	0	0.00%	1	2	template		N/A

CVE-2026-10165
(8.8 HIGH)

EPSS: 0.00%

updated 2026-05-31T04:16:19.510000

2 posts

A vulnerability was identified in Edimax BR-6478AC 1.23. The impacted element is the function formWanTcpipSetup of the file /goform/formWanTcpipSetup of the component POST Request Handler. Such manipulation of the argument pppUserName leads to stack-based buffer overflow. The attack may be performed from remote. The exploit is publicly available and might be used.

offseq at 2026-05-31T04:30:24.123Z ##

🚨 CVE-2026-10165: HIGH severity stack buffer overflow in Edimax BR-6478AC (fw 1.23). Remote, unauthenticated exploit — public PoC out. No patch yet. Restrict access, monitor POSTs to formWanTcpipSetup. https://radar.offseq.com/threat/cve-2026-10165-stack-based-buffer-overflow-in-edim-0d2b8b03 #OffSeq #Vulnerability #RouterSecurity

##

offseq@infosec.exchange at 2026-05-31T04:30:24.000Z ##

🚨 CVE-2026-10165: HIGH severity stack buffer overflow in Edimax BR-6478AC (fw 1.23). Remote, unauthenticated exploit — public PoC out. No patch yet. Restrict access, monitor POSTs to formWanTcpipSetup. https://radar.offseq.com/threat/cve-2026-10165-stack-based-buffer-overflow-in-edim-0d2b8b03 #OffSeq #Vulnerability #RouterSecurity

##

CVE-2026-10162
(8.8 HIGH)

EPSS: 0.00%

updated 2026-05-31T03:16:15.660000

4 posts

A flaw has been found in TRENDnet TEW-432BRP 3.10B20. This vulnerability affects the function formSetPassword of the file /goform/formSetPassword. Executing a manipulation of the argument webpage can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been published and may be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As

thehackerwire@mastodon.social at 2026-05-31T04:00:16.000Z ##

🟠 CVE-2026-10162 - High (8.8)

A flaw has been found in TRENDnet TEW-432BRP 3.10B20. This vulnerability affects the function formSetPassword of the file /goform/formSetPassword. Executing a manipulation of the argument webpage can lead to stack-based buffer overflow. The attack...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-10162/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq at 2026-05-31T03:00:24.212Z ##

🚨 CVE-2026-10162: HIGH-severity stack-based buffer overflow in TRENDnet TEW-432BRP (3.10B20). Remotely exploitable, low privileges needed. No patch — device is EOL. Replace or restrict remote access! Exploit available. More: https://radar.offseq.com/threat/cve-2026-10162-stack-based-buffer-overflow-in-tren-f3a99a60 #OffSeq #Vulnerability #RouterSecurity

##

thehackerwire@mastodon.social at 2026-05-31T04:00:16.000Z ##

🟠 CVE-2026-10162 - High (8.8)

A flaw has been found in TRENDnet TEW-432BRP 3.10B20. This vulnerability affects the function formSetPassword of the file /goform/formSetPassword. Executing a manipulation of the argument webpage can lead to stack-based buffer overflow. The attack...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-10162/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-05-31T03:00:24.000Z ##

🚨 CVE-2026-10162: HIGH-severity stack-based buffer overflow in TRENDnet TEW-432BRP (3.10B20). Remotely exploitable, low privileges needed. No patch — device is EOL. Replace or restrict remote access! Exploit available. More: https://radar.offseq.com/threat/cve-2026-10162-stack-based-buffer-overflow-in-tren-f3a99a60 #OffSeq #Vulnerability #RouterSecurity

##

CVE-2026-10161
(8.8 HIGH)

EPSS: 0.00%

updated 2026-05-31T03:16:15.503000

2 posts

A vulnerability was detected in TRENDnet TEW-432BRP 3.10B20. This affects the function formResetStatistic of the file /goform/formResetStatistic. Performing a manipulation of the argument status_statistic results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used. The vendor explains: "This product has been EOL for 15 years (since 2009).

thehackerwire@mastodon.social at 2026-05-31T04:00:04.000Z ##

🟠 CVE-2026-10161 - High (8.8)

A vulnerability was detected in TRENDnet TEW-432BRP 3.10B20. This affects the function formResetStatistic of the file /goform/formResetStatistic. Performing a manipulation of the argument status_statistic results in stack-based buffer overflow. Th...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-10161/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-31T04:00:04.000Z ##

🟠 CVE-2026-10161 - High (8.8)

A vulnerability was detected in TRENDnet TEW-432BRP 3.10B20. This affects the function formResetStatistic of the file /goform/formResetStatistic. Performing a manipulation of the argument status_statistic results in stack-based buffer overflow. Th...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-10161/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-10160
(8.8 HIGH)

EPSS: 0.00%

updated 2026-05-31T03:16:14.430000

2 posts

A security vulnerability has been detected in TRENDnet TEW-432BRP 3.10B20. Affected by this issue is the function formSetEnableWizard of the file /goform/formSetEnableWizard. Such manipulation of the argument start_wizard leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor explains: "This product has been EO

thehackerwire@mastodon.social at 2026-05-31T04:00:25.000Z ##

🟠 CVE-2026-10160 - High (8.8)

A security vulnerability has been detected in TRENDnet TEW-432BRP 3.10B20. Affected by this issue is the function formSetEnableWizard of the file /goform/formSetEnableWizard. Such manipulation of the argument start_wizard leads to stack-based buff...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-10160/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-31T04:00:25.000Z ##

🟠 CVE-2026-10160 - High (8.8)

A security vulnerability has been detected in TRENDnet TEW-432BRP 3.10B20. Affected by this issue is the function formSetEnableWizard of the file /goform/formSetEnableWizard. Such manipulation of the argument start_wizard leads to stack-based buff...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-10160/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-10159
(8.8 HIGH)

EPSS: 0.00%

updated 2026-05-31T02:16:34.290000

2 posts

A weakness has been identified in TRENDnet TEW-432BRP 3.10B20. Affected by this vulnerability is the function formSysLog of the file /goform/formSysLog. This manipulation of the argument current_page causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor explains: "This product has been E

thehackerwire@mastodon.social at 2026-05-31T03:00:13.000Z ##

🟠 CVE-2026-10159 - High (8.8)

A weakness has been identified in TRENDnet TEW-432BRP 3.10B20. Affected by this vulnerability is the function formSysLog of the file /goform/formSysLog. This manipulation of the argument current_page causes stack-based buffer overflow. The attack ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-10159/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-31T03:00:13.000Z ##

🟠 CVE-2026-10159 - High (8.8)

A weakness has been identified in TRENDnet TEW-432BRP 3.10B20. Affected by this vulnerability is the function formSysLog of the file /goform/formSysLog. This manipulation of the argument current_page causes stack-based buffer overflow. The attack ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-10159/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-10158
(8.8 HIGH)

EPSS: 0.00%

updated 2026-05-31T02:16:34.107000

2 posts

A security flaw has been discovered in TRENDnet TEW-432BRP 3.10B20. Affected is the function formPortFw of the file /goform/formPortFw. The manipulation of the argument server_name results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The vendor explains: "This product has been EOL for 15 years

thehackerwire@mastodon.social at 2026-05-31T03:00:03.000Z ##

🟠 CVE-2026-10158 - High (8.8)

A security flaw has been discovered in TRENDnet TEW-432BRP 3.10B20. Affected is the function formPortFw of the file /goform/formPortFw. The manipulation of the argument server_name results in stack-based buffer overflow. It is possible to launch t...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-10158/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-31T03:00:03.000Z ##

🟠 CVE-2026-10158 - High (8.8)

A security flaw has been discovered in TRENDnet TEW-432BRP 3.10B20. Affected is the function formPortFw of the file /goform/formPortFw. The manipulation of the argument server_name results in stack-based buffer overflow. It is possible to launch t...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-10158/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-10124
(8.8 HIGH)

EPSS: 0.00%

updated 2026-05-30T18:31:11

2 posts

A vulnerability was determined in Shibby Tomato up to 1.28. Affected is the function rip_zebra_read_ipv4 of the file /usr/sbin/ripd of the component Zserv Handler. Executing a manipulation can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. This project is superseded by FreshTomato. This vulnerability o

thehackerwire@mastodon.social at 2026-05-30T17:00:59.000Z ##

🟠 CVE-2026-10124 - High (8.8)

A vulnerability was determined in Shibby Tomato up to 1.28. Affected is the function rip_zebra_read_ipv4 of the file /usr/sbin/ripd of the component Zserv Handler. Executing a manipulation can lead to stack-based buffer overflow. It is possible to...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-10124/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-30T17:00:59.000Z ##

🟠 CVE-2026-10124 - High (8.8)

A vulnerability was determined in Shibby Tomato up to 1.28. Affected is the function rip_zebra_read_ipv4 of the file /usr/sbin/ripd of the component Zserv Handler. Executing a manipulation can lead to stack-based buffer overflow. It is possible to...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-10124/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-10121
(8.8 HIGH)

EPSS: 0.00%

updated 2026-05-30T18:31:11

2 posts

A flaw has been found in TRENDnet TEW-432BRP 3.10B20. The impacted element is the function formSetUrlFilter of the file /goform/formSetUrlFilter. This manipulation of the argument keyword_list/keyword causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor explains: "This product has been EOL for 15 years (si

thehackerwire@mastodon.social at 2026-05-30T17:00:03.000Z ##

🟠 CVE-2026-10121 - High (8.8)

A flaw has been found in TRENDnet TEW-432BRP 3.10B20. The impacted element is the function formSetUrlFilter of the file /goform/formSetUrlFilter. This manipulation of the argument keyword_list/keyword causes stack-based buffer overflow. The attack...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-10121/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-30T17:00:03.000Z ##

🟠 CVE-2026-10121 - High (8.8)

A flaw has been found in TRENDnet TEW-432BRP 3.10B20. The impacted element is the function formSetUrlFilter of the file /goform/formSetUrlFilter. This manipulation of the argument keyword_list/keyword causes stack-based buffer overflow. The attack...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-10121/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-10126
(8.8 HIGH)

EPSS: 0.00%

updated 2026-05-30T17:16:21.060000

4 posts

A security flaw has been discovered in Edimax BR-6478AC 1.23. Affected by this issue is the function formQoS of the file /goform/formQoS of the component POST Request Handler. The manipulation of the argument selSSID results in buffer overflow. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks.

offseq at 2026-05-31T01:30:25.358Z ##

🔎 CVE-2026-10126: HIGH severity buffer overflow in Edimax BR-6478AC v1.23. Remote code execution or DoS possible; public exploit released. Restrict remote mgmt access & watch for vendor patches. https://radar.offseq.com/threat/cve-2026-10126-buffer-overflow-in-edimax-br-6478ac-b8a1eb66 #OffSeq #Vuln #IoTSecurity #Infosec

##

thehackerwire@mastodon.social at 2026-05-30T20:00:32.000Z ##

🟠 CVE-2026-10126 - High (8.8)

A security flaw has been discovered in Edimax BR-6478AC 1.23. Affected by this issue is the function formQoS of the file /goform/formQoS of the component POST Request Handler. The manipulation of the argument selSSID results in buffer overflow. Th...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-10126/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-05-31T01:30:25.000Z ##

🔎 CVE-2026-10126: HIGH severity buffer overflow in Edimax BR-6478AC v1.23. Remote code execution or DoS possible; public exploit released. Restrict remote mgmt access & watch for vendor patches. https://radar.offseq.com/threat/cve-2026-10126-buffer-overflow-in-edimax-br-6478ac-b8a1eb66 #OffSeq #Vuln #IoTSecurity #Infosec

##

thehackerwire@mastodon.social at 2026-05-30T20:00:32.000Z ##

🟠 CVE-2026-10126 - High (8.8)

A security flaw has been discovered in Edimax BR-6478AC 1.23. Affected by this issue is the function formQoS of the file /goform/formQoS of the component POST Request Handler. The manipulation of the argument selSSID results in buffer overflow. Th...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-10126/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-10125
(8.8 HIGH)

EPSS: 0.00%

updated 2026-05-30T16:17:04.910000

2 posts

A vulnerability was identified in Edimax BR-6478AC 1.23. Affected by this vulnerability is the function formPPPoESetup of the file /goform/formPPPoESetup of the component POST Request Handler. The manipulation of the argument pppUserName leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit is publicly available and might be used.

thehackerwire@mastodon.social at 2026-05-30T17:01:09.000Z ##

🟠 CVE-2026-10125 - High (8.8)

A vulnerability was identified in Edimax BR-6478AC 1.23. Affected by this vulnerability is the function formPPPoESetup of the file /goform/formPPPoESetup of the component POST Request Handler. The manipulation of the argument pppUserName leads to ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-10125/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-30T17:01:09.000Z ##

🟠 CVE-2026-10125 - High (8.8)

A vulnerability was identified in Edimax BR-6478AC 1.23. Affected by this vulnerability is the function formPPPoESetup of the file /goform/formPPPoESetup of the component POST Request Handler. The manipulation of the argument pppUserName leads to ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-10125/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-10123
(8.8 HIGH)

EPSS: 0.00%

updated 2026-05-30T16:17:04.580000

2 posts

A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. This impacts the function formSetDomainFilter of the file /goform/formSetDomainFilter. Performing a manipulation of the argument blocked_domain/permitted_domain/blocked_domain_list/permitted_domain_list results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made public and could be used.

thehackerwire@mastodon.social at 2026-05-30T17:00:22.000Z ##

🟠 CVE-2026-10123 - High (8.8)

A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. This impacts the function formSetDomainFilter of the file /goform/formSetDomainFilter. Performing a manipulation of the argument blocked_domain/permitted_domain/blocked_domain_list/permitte...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-10123/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-30T17:00:22.000Z ##

🟠 CVE-2026-10123 - High (8.8)

A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. This impacts the function formSetDomainFilter of the file /goform/formSetDomainFilter. Performing a manipulation of the argument blocked_domain/permitted_domain/blocked_domain_list/permitte...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-10123/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-10122
(8.8 HIGH)

EPSS: 0.00%

updated 2026-05-30T16:17:04.420000

2 posts

A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. This affects the function formSetProtocolFilter of the file /goform/formSetProtocolFilter. Such manipulation of the argument protocol_name leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The vendor explains: "This product has been EOL for 15 ye

thehackerwire@mastodon.social at 2026-05-30T17:00:13.000Z ##

🟠 CVE-2026-10122 - High (8.8)

A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. This affects the function formSetProtocolFilter of the file /goform/formSetProtocolFilter. Such manipulation of the argument protocol_name leads to stack-based buffer overflow. The att...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-10122/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-30T17:00:13.000Z ##

🟠 CVE-2026-10122 - High (8.8)

A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. This affects the function formSetProtocolFilter of the file /goform/formSetProtocolFilter. Such manipulation of the argument protocol_name leads to stack-based buffer overflow. The att...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-10122/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-10120
(8.8 HIGH)

EPSS: 0.00%

updated 2026-05-30T15:16:15.173000

2 posts

A vulnerability was detected in TRENDnet TEW-432BRP 3.10B20. The affected element is the function formSetFirewallRule of the file /goform/formSetFirewallRule. The manipulation of the argument firewall_name results in stack-based buffer overflow. The attack can be executed remotely. The exploit is now public and may be used. The vendor explains: "This product has been EOL for 15 years (since 2009).

thehackerwire@mastodon.social at 2026-05-30T16:00:34.000Z ##

🟠 CVE-2026-10120 - High (8.8)

A vulnerability was detected in TRENDnet TEW-432BRP 3.10B20. The affected element is the function formSetFirewallRule of the file /goform/formSetFirewallRule. The manipulation of the argument firewall_name results in stack-based buffer overflow. T...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-10120/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-30T16:00:34.000Z ##

🟠 CVE-2026-10120 - High (8.8)

A vulnerability was detected in TRENDnet TEW-432BRP 3.10B20. The affected element is the function formSetFirewallRule of the file /goform/formSetFirewallRule. The manipulation of the argument firewall_name results in stack-based buffer overflow. T...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-10120/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-10119
(8.8 HIGH)

EPSS: 0.00%

updated 2026-05-30T14:16:24.513000

2 posts

A security vulnerability has been detected in TRENDnet TEW-432BRP 3.10B20. Impacted is the function formSetMACFilter of the file /goform/formSetMACFilter. The manipulation of the argument filter_name leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor explains: "This product has been EOL for 15 yea

thehackerwire@mastodon.social at 2026-05-30T16:00:44.000Z ##

🟠 CVE-2026-10119 - High (8.8)

A security vulnerability has been detected in TRENDnet TEW-432BRP 3.10B20. Impacted is the function formSetMACFilter of the file /goform/formSetMACFilter. The manipulation of the argument filter_name leads to stack-based buffer overflow. Remote ex...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-10119/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-30T16:00:44.000Z ##

🟠 CVE-2026-10119 - High (8.8)

A security vulnerability has been detected in TRENDnet TEW-432BRP 3.10B20. Impacted is the function formSetMACFilter of the file /goform/formSetMACFilter. The manipulation of the argument filter_name leads to stack-based buffer overflow. Remote ex...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-10119/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-7459
(7.5 HIGH)

EPSS: 0.06%

updated 2026-05-30T12:30:31

4 posts

The Simple History – Track, Log, and Audit WordPress Changes plugin for WordPress is vulnerable to authenticated (Subscriber+) account takeover in all versions up to, and including, 5.26.0 via the event reaction endpoints (react_to_event() / unreact_to_event()). The endpoints register get_items_permissions_check() as their permission_callback, which only verifies the requester is logged in and doe

thehackerwire@mastodon.social at 2026-05-30T16:01:42.000Z ##

🟠 CVE-2026-7459 - High (7.5)

The Simple History – Track, Log, and Audit WordPress Changes plugin for WordPress is vulnerable to authenticated (Subscriber+) account takeover in all versions up to, and including, 5.26.0 via the event reaction endpoints (react_to_event() / unr...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7459/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq at 2026-05-30T10:30:23.736Z ##

🔎 HIGH severity: CVE-2026-7459 in Simple History WP plugin allows Subscriber users to seize admin accounts if experimental features are enabled. Disable this option and monitor for vendor fixes. Affects ≤5.26.0. Read: https://radar.offseq.com/threat/cve-2026-7459-cwe-640-weak-password-recovery-mecha-7aa34cab #OffSeq #WordPress #CVE20267459

##

thehackerwire@mastodon.social at 2026-05-30T16:01:42.000Z ##

🟠 CVE-2026-7459 - High (7.5)

The Simple History – Track, Log, and Audit WordPress Changes plugin for WordPress is vulnerable to authenticated (Subscriber+) account takeover in all versions up to, and including, 5.26.0 via the event reaction endpoints (react_to_event() / unr...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7459/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-05-30T10:30:23.000Z ##

🔎 HIGH severity: CVE-2026-7459 in Simple History WP plugin allows Subscriber users to seize admin accounts if experimental features are enabled. Disable this option and monitor for vendor fixes. Affects ≤5.26.0. Read: https://radar.offseq.com/threat/cve-2026-7459-cwe-640-weak-password-recovery-mecha-7aa34cab #OffSeq #WordPress #CVE20267459

##

CVE-2026-7465
(8.8 HIGH)

EPSS: 0.22%

updated 2026-05-30T12:30:31

4 posts

The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.19.25. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server. Exploitation requires a two-block payload embedded in post content: the first block registers a fake

1 repos

https://github.com/endangcamon/CVE-2026-7465-POC

thehackerwire@mastodon.social at 2026-05-30T16:00:53.000Z ##

🟠 CVE-2026-7465 - High (8.8)

The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.19.25. This makes it possible for authenticated attackers, with Contributor-l...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7465/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq at 2026-05-30T12:00:24.545Z ##

🚨 CVE-2026-7465 (HIGH): Spectra Gutenberg Blocks plugin for WordPress lets Contributor+ users execute arbitrary server code via crafted block payloads. No patch yet — restrict access & monitor advisories. https://radar.offseq.com/threat/cve-2026-7465-cwe-269-improper-privilege-managemen-61ef37c5 #OffSeq #WordPress #Infosec #Vuln

##

thehackerwire@mastodon.social at 2026-05-30T16:00:53.000Z ##

🟠 CVE-2026-7465 - High (8.8)

The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.19.25. This makes it possible for authenticated attackers, with Contributor-l...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7465/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-05-30T12:00:24.000Z ##

🚨 CVE-2026-7465 (HIGH): Spectra Gutenberg Blocks plugin for WordPress lets Contributor+ users execute arbitrary server code via crafted block payloads. No patch yet — restrict access & monitor advisories. https://radar.offseq.com/threat/cve-2026-7465-cwe-269-improper-privilege-managemen-61ef37c5 #OffSeq #WordPress #Infosec #Vuln

##

CVE-2026-9757
(7.5 HIGH)

EPSS: 0.09%

updated 2026-05-30T10:16:23.980000

2 posts

The GEO my WP plugin for WordPress is vulnerable to SQL Injection via the 'swlatlng' and 'nelatlng' parameters in all versions up to, and including, 4.5.5 The parameters are read from $_SERVER['QUERY_STRING'] via parse_str() (bypassing WordPress's wp_magic_quotes protection, which only covers $_POST/$_GET/$_COOKIE/$_REQUEST), then each is split on ',' via explode() and the resulting fragments are

thehackerwire@mastodon.social at 2026-05-30T16:01:33.000Z ##

🟠 CVE-2026-9757 - High (7.5)

The GEO my WP plugin for WordPress is vulnerable to SQL Injection via the 'swlatlng' and 'nelatlng' parameters in all versions up to, and including, 4.5.5 The parameters are read from $_SERVER['QUERY_STRING'] via parse_str() (bypassing WordPress's...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-9757/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-30T16:01:33.000Z ##

🟠 CVE-2026-9757 - High (7.5)

The GEO my WP plugin for WordPress is vulnerable to SQL Injection via the 'swlatlng' and 'nelatlng' parameters in all versions up to, and including, 4.5.5 The parameters are read from $_SERVER['QUERY_STRING'] via parse_str() (bypassing WordPress's...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-9757/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-10112
(2.4 LOW)

EPSS: 0.03%

updated 2026-05-30T08:16:16.180000

2 posts

A vulnerability has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0. Affected is an unknown function of the component Dashboard Page. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not

offseq at 2026-05-30T09:00:24.741Z ##

⚠️ XSS vuln (MEDIUM, CVSS 4.8) in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0 — CVE-2026-10112. 'Name' param on Dashboard Page unsanitized, allowing script injection. No patch yet — use input validation/output encoding. https://radar.offseq.com/threat/cve-2026-10112-cross-site-scripting-in-sambitraj-s-ee88cf56 #OffSeq #XSS #AppSec #Vulnerability

##

offseq@infosec.exchange at 2026-05-30T09:00:24.000Z ##

⚠️ XSS vuln (MEDIUM, CVSS 4.8) in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0 — CVE-2026-10112. 'Name' param on Dashboard Page unsanitized, allowing script injection. No patch yet — use input validation/output encoding. https://radar.offseq.com/threat/cve-2026-10112-cross-site-scripting-in-sambitraj-s-ee88cf56 #OffSeq #XSS #AppSec #Vulnerability

##

CVE-2026-10110
(7.3 HIGH)

EPSS: 0.03%

updated 2026-05-30T07:16:27.813000

2 posts

updated 2026-05-29T21:57:08

2 posts

## Summary A remote, unauthenticated denial-of-service vulnerability in `Batch.Decompress` (`data/batch/batch.go`) allows any peer that participates in a topic served by `MultiDataInterceptor` to allocate multi-gigabyte heaps on the receiving node from a sub-50 KiB gossip payload. A single packet is sufficient to OOM-kill a validator with conventional memory provisioning. Fleet-wide application a

thehackerwire@mastodon.social at 2026-05-30T20:00:55.000Z ##

🟠 CVE-2026-44697 - High (8.6)

Klever-Go is the Go implementation of the Klever blockchain protocol. Prior to 1.7.17, a remote, unauthenticated denial-of-service vulnerability in Batch.Decompress (data/batch/batch.go) allows any peer that participates in a topic served by Multi...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44697/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-30T20:00:55.000Z ##

🟠 CVE-2026-44697 - High (8.6)

Klever-Go is the Go implementation of the Klever blockchain protocol. Prior to 1.7.17, a remote, unauthenticated denial-of-service vulnerability in Batch.Decompress (data/batch/batch.go) allows any peer that participates in a topic served by Multi...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44697/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-42941
(8.3 HIGH)

EPSS: 0.01%

updated 2026-05-29T21:31:30

2 posts

The Danelec MacGregor Voyage Data Recorder device includes a default username and password, with no enforced password change.

thehackerwire@mastodon.social at 2026-05-30T03:00:00.000Z ##

🟠 CVE-2026-42941 - High (8.3)

The Danelec MacGregor Voyage Data Recorder

device includes a default username and password, with no enforced password change.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42941/

updated 2026-05-29T21:31:23

2 posts

In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible

thehackerwire@mastodon.social at 2026-05-29T22:00:29.000Z ##

🟠 CVE-2026-49368 - High (8.7)

In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible

updated 2026-05-29T21:31:21

2 posts

Danelec MacGregor Voyage Data Recorder includes default accounts with hard-coded credentials.

thehackerwire@mastodon.social at 2026-05-30T01:00:23.000Z ##

🟠 CVE-2026-42929 - High (8.3)

Danelec MacGregor Voyage Data Recorder
includes default accounts with hard-coded credentials.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42929/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-30T01:00:23.000Z ##

🟠 CVE-2026-42929 - High (8.3)

Danelec MacGregor Voyage Data Recorder
includes default accounts with hard-coded credentials.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42929/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5343
(7.4 HIGH)

EPSS: 0.03%

updated 2026-05-29T21:31:18

1 posts

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal SAML SSO - Service Provider allows Privilege Escalation. This issue affects SAML SSO - Service Provider: from 0.0.0 before 3.1.4.

offseq@infosec.exchange at 2026-05-29T00:00:34.000Z ##

⚠️ HIGH severity: CVE-2026-5343 in Drupal SAML SSO - Service Provider (pre-3.1.4) allows privilege escalation via improper exception checks. No patch or exploits yet. Monitor advisories for updates. https://radar.offseq.com/threat/cve-2026-5343-cwe-754-improper-check-for-unusual-o-7182465d #OffSeq #Drupal #Vuln #SAML

##

CVE-2026-46821
(7.7 HIGH)

EPSS: 0.03%

updated 2026-05-29T20:49:23.327000

1 posts

Vulnerability in the Oracle Financials Common Modules product of Oracle E-Business Suite (component: Common Components). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financials Common Modules. While the vulnerability is in Oracle Financials Common Modules, attacks may sig

thehackerwire@mastodon.social at 2026-05-29T01:00:00.000Z ##

🟠 CVE-2026-46821 - High (7.7)

Vulnerability in the Oracle Financials Common Modules product of Oracle E-Business Suite (component: Common Components). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-46821/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-10105
(8.3 HIGH)

EPSS: 0.03%

updated 2026-05-29T20:25:00.760000

2 posts

agno 2.6.5 contains a SQL injection vulnerability in the ClickHouse vector database backend that allows attackers to inject arbitrary SQL expressions by supplying malicious metadata keys and values to the delete_by_metadata() method. Attackers can exploit the unsafe f-string interpolation in clickhousedb.py to delete all rows, target specific rows, or extract information through error-based or bli

thehackerwire@mastodon.social at 2026-05-30T20:01:05.000Z ##

🟠 CVE-2026-10105 - High (8.3)

agno 2.6.5 contains a SQL injection vulnerability in the ClickHouse vector database backend that allows attackers to inject arbitrary SQL expressions by supplying malicious metadata keys and values to the delete_by_metadata() method. Attackers can...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-10105/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-30T20:01:05.000Z ##

🟠 CVE-2026-10105 - High (8.3)

agno 2.6.5 contains a SQL injection vulnerability in the ClickHouse vector database backend that allows attackers to inject arbitrary SQL expressions by supplying malicious metadata keys and values to the delete_by_metadata() method. Attackers can...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-10105/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-45628
(9.6 CRITICAL)

EPSS: 0.05%

updated 2026-05-29T20:25:00.760000

2 posts

Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.29.2 and earlier, Dokploy constructs shell commands using JavaScript template literals and executes them via child_process.exec() (which runs through /bin/sh -c). User-supplied branch names, repository URLs, and Docker credentials are interpolated directly into these commands without escaping. This requires an authenticated user w

thehackerwire@mastodon.social at 2026-05-30T16:01:52.000Z ##

🔴 CVE-2026-45628 - Critical (9.6)

Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.29.2 and earlier, Dokploy constructs shell commands using JavaScript template literals and executes them via child_process.exec() (which runs through /bin/sh -c). User-supplied br...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45628/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-30T16:01:52.000Z ##

🔴 CVE-2026-45628 - Critical (9.6)

Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.29.2 and earlier, Dokploy constructs shell commands using JavaScript template literals and executes them via child_process.exec() (which runs through /bin/sh -c). User-supplied br...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45628/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-45625
(9.9 CRITICAL)

EPSS: 0.05%

updated 2026-05-29T20:25:00.760000

2 posts

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.0, Arcane's huma-based REST API exposes nine endpoints under /api/customize/git-repositories and /api/git-repositories/sync for managing GitOps source repositories and their stored credentials. Eight of those endpoints (list, create, get, update, delete, test, listBranches, browseFiles) never call t

thehackerwire@mastodon.social at 2026-05-30T05:00:02.000Z ##

🔴 CVE-2026-45625 - Critical (9.9)

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.0, Arcane's huma-based REST API exposes nine endpoints under /api/customize/git-repositories and /api/git-repositories/sync for managing GitOps sou...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45625/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-30T05:00:02.000Z ##

🔴 CVE-2026-45625 - Critical (9.9)

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.0, Arcane's huma-based REST API exposes nine endpoints under /api/customize/git-repositories and /api/git-repositories/sync for managing GitOps sou...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45625/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-45661
(9.9 CRITICAL)

EPSS: 0.08%

updated 2026-05-29T20:25:00.760000

2 posts

Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.5 and earlier, a critical path traversal vulnerability exists in Dokploy v0.26.5 that allows authenticated users to write arbitrary files to the filesystem during application deployment. When combined with Dokploy's remote server deployment feature, this vulnerability enables arbitrary file write to remote server filesystems, a

thehackerwire@mastodon.social at 2026-05-30T04:00:30.000Z ##

🔴 CVE-2026-45661 - Critical (9.9)

Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.5 and earlier, a critical path traversal vulnerability exists in Dokploy v0.26.5 that allows authenticated users to write arbitrary files to the filesystem during application d...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45661/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-30T04:00:30.000Z ##

🔴 CVE-2026-45661 - Critical (9.9)

Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.5 and earlier, a critical path traversal vulnerability exists in Dokploy v0.26.5 that allows authenticated users to write arbitrary files to the filesystem during application d...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45661/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-45631
(10.0 CRITICAL)

EPSS: 0.07%

updated 2026-05-29T20:25:00.760000

2 posts

Dokploy is a free, self-hostable Platform as a Service (PaaS). From 0.27.0 to before 0.29.3, a hardcoded BETTER_AUTH_SECRET fallback ("better-auth-secret-123456789") lets an unauthenticated attacker forge email verification JWTs, trigger auto-sign-in as admin, and execute commands on the host via the built-in SSH terminal. This vulnerability is fixed in 0.29.3.

thehackerwire@mastodon.social at 2026-05-30T03:00:24.000Z ##

🔴 CVE-2026-45631 - Critical (10)

Dokploy is a free, self-hostable Platform as a Service (PaaS). From 0.27.0 to before 0.29.3, a hardcoded BETTER_AUTH_SECRET fallback ("better-auth-secret-123456789") lets an unauthenticated attacker forge email verification JWTs, trigger auto-sign...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45631/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-30T03:00:24.000Z ##

🔴 CVE-2026-45631 - Critical (10)

Dokploy is a free, self-hostable Platform as a Service (PaaS). From 0.27.0 to before 0.29.3, a hardcoded BETTER_AUTH_SECRET fallback ("better-auth-secret-123456789") lets an unauthenticated attacker forge email verification JWTs, trigger auto-sign...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45631/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-44285
(7.7 HIGH)

EPSS: 0.03%

updated 2026-05-29T20:23:16.083000

2 posts

FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, a Server-Side Request Forgery (SSRF) vulnerability allows an authenticated attacker to bypass the global isInternalAddress network protection and make arbitrary HTTP GET requests to internal network services. This is achieved by exploiting an incomplete fix in the dataset preview endpoint /api/core/dataset/file/getPreviewChunks when

thehackerwire@mastodon.social at 2026-05-29T21:01:10.000Z ##

🟠 CVE-2026-44285 - High (7.7)

FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, a Server-Side Request Forgery (SSRF) vulnerability allows an authenticated attacker to bypass the global isInternalAddress network protection and make arbitrary HTTP GET requests to ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44285/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-29T21:01:10.000Z ##

🟠 CVE-2026-44285 - High (7.7)

FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, a Server-Side Request Forgery (SSRF) vulnerability allows an authenticated attacker to bypass the global isInternalAddress network protection and make arbitrary HTTP GET requests to ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44285/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-44422
(7.5 HIGH)

EPSS: 0.05%

updated 2026-05-29T20:22:37.383000

2 posts

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's RDPEAR NDR parser accepts one non-null NDR pointer ref-id for multiple logical pointer fields without tracking the pointed object's expected NDR type or ownership. When the same ref-id is reused across two pointer fields, the parser assigns the same heap object to both output fields. The generic destructor

thehackerwire@mastodon.social at 2026-05-29T22:00:19.000Z ##

🟠 CVE-2026-44422 - High (7.5)

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's RDPEAR NDR parser accepts one non-null NDR pointer ref-id for multiple logical pointer fields without tracking the pointed object's expected NDR type or ow...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44422/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-29T22:00:19.000Z ##

🟠 CVE-2026-44422 - High (7.5)

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's RDPEAR NDR parser accepts one non-null NDR pointer ref-id for multiple logical pointer fields without tracking the pointed object's expected NDR type or ow...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44422/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-47123
(7.5 HIGH)

EPSS: 0.01%

updated 2026-05-29T20:21:38.773000

1 posts

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.220, the email processing pipeline in FreeScout's FetchEmails command has two code paths for identifying agent (user) replies based on In-Reply-To / References headers. The notification reply path (notify-{thread_id}-{user_id}-...) extracts thread_id and user_id directly from the Message-ID without HMAC

thehackerwire@mastodon.social at 2026-05-29T21:00:03.000Z ##

🟠 CVE-2026-47123 - High (7.5)

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.220, the email processing pipeline in FreeScout's FetchEmails command has two code paths for identifying agent (user) replies based on In-Reply-To / Re...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-47123/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-9998
(8.3 HIGH)

EPSS: 0.07%

updated 2026-05-29T20:18:44.250000

3 posts

Integer overflow in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

thehackerwire@mastodon.social at 2026-05-31T03:00:53.000Z ##

🟠 CVE-2026-9998 - High (8.3)

Integer overflow in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-9998/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-31T03:00:53.000Z ##

🟠 CVE-2026-9998 - High (8.3)

Integer overflow in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-9998/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-05-29T06:00:24.000Z ##

🛡️ HIGH severity: Chrome <148.0.7778.216 has an integer overflow (CVE-2026-9998) in Skia. Potential sandbox escape if renderer is compromised. Patch ASAP! More info: https://radar.offseq.com/threat/cve-2026-9998-integer-overflow-in-google-chrome-20eb53d9 #OffSeq #Chrome #Vuln #Infosec

##

CVE-2026-44648
(7.5 HIGH)

EPSS: 0.02%

updated 2026-05-29T20:17:38.110000

2 posts

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern relies on cookie-session for authentication, storing all session data (user handle, permissions) in a signed cookie. The endpoints POST /api/users/change-password and POST /api/users/recov

1 repos

https://github.com/zzzm0919/CVE-2026-44648

thehackerwire@mastodon.social at 2026-05-29T23:00:33.000Z ##

🟠 CVE-2026-44648 - High (7.5)

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern relies on cookie-session for authen...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44648/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-29T23:00:33.000Z ##

🟠 CVE-2026-44648 - High (7.5)

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern relies on cookie-session for authen...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44648/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-47740
(8.1 HIGH)

EPSS: 0.03%

updated 2026-05-29T20:17:38.110000

2 posts

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Multiple Filament actions on the admin Order detail and Order shipments table were callable by an authenticated low-privilege user without the permission required to mutate orders. The order detail actions cancel, mark paid, mark complete, capture payment, archive, and start processing were callable with the read-only read_orders permis

thehackerwire@mastodon.social at 2026-05-29T23:00:24.000Z ##

🟠 CVE-2026-47740 - High (8.1)

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Multiple Filament actions on the admin Order detail and Order shipments table were callable by an authenticated low-privilege user without the permission required to mutate orders. The ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-47740/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-29T23:00:24.000Z ##

🟠 CVE-2026-47740 - High (8.1)

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Multiple Filament actions on the admin Order detail and Order shipments table were callable by an authenticated low-privilege user without the permission required to mutate orders. The ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-47740/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-47744
(9.9 CRITICAL)

EPSS: 0.03%

updated 2026-05-29T20:17:38.110000

1 posts

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, two distinct authorization defects in the team settings allowed any authenticated panel user to take over the RBAC system. Settings/Team/Index had no mount() authorization. Any authenticated user could load the page and use its public actions to create new roles and delete other users, including administrators. Settings/Team/RolePermiss

thehackerwire@mastodon.social at 2026-05-29T20:01:03.000Z ##

🔴 CVE-2026-47744 - Critical (9.9)

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, two distinct authorization defects in the team settings allowed any authenticated panel user to take over the RBAC system. Settings/Team/Index had no mount() authorization. Any authenti...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-47744/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-0257
(9.1 CRITICAL)

EPSS: 41.50%

updated 2026-05-29T20:16:21.803000

20 posts

Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection. Panorama and Cloud NGFW are not impacted by these issues.

4 repos

https://github.com/sfewer-r7/CVE-2026-0257

https://github.com/akashsingh0454/CVE-2026-0257-PoC

https://github.com/HORKimhab/CVE-2026-0257

https://github.com/0xBlackash/CVE-2026-0257

securitycyber at 2026-05-31T01:09:26.750Z ##

A new authentication bypass vulnerability (CVE-2026-0257) in PAN-OS is being actively exploited in the wild. The flaw lets attackers establish VPN connections without valid credentials. This is not a theoretical risk or a proof of concept — real attacks are happening right now, and the window to respond is already closing.

More at https://securitycyber.uk
Mastodon: https://infosec.exchange/@securitycyber
LinkedIn: https://www.linkedin.com/in/charlie-collins-sec
Bluesky: https://bsky.app/profile/securitycyberuk.bsky.social
Substack: https://securitycyber.substack.com
Discord: https://discord.gg/securitycyber

Recommended: https://www.hackthebox.com for practice, https://portswigger.net/web-security for free labs

##

securitycyber at 2026-05-31T00:56:26.490Z ##

PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Is Being Actively Exploited

Palo Alto Networks has confirmed that CVE-2026-0257, an authentication bypass vulnerability in PAN-OS GlobalProtect, is under active exploitation in the wild. The flaw carries a CVSS score of 7.

More at https://securitycyber.uk
Mastodon: https://infosec.exchange/@securitycyber
LinkedIn: https://www.linkedin.com/in/charlie-collins-sec
Bluesky: https://bsky.app/profile/securitycyberuk.bsky.social
Substack: https://securitycyber.substack.com
Discord: https://discord.gg/securitycyber

Recommended: https://www.hackthebox.com for practice, https://portswigger.net/web-security for free labs

##

securitycyber at 2026-05-31T00:39:13.122Z ##

A new authentication bypass vulnerability (CVE-2026-0257, CVE-2026-0257) is being actively exploited in the wild. The target: PAN-OS, Prisma Access, VPN. This is not a theoretical risk — attackers are already leveraging it.

This is not the first time a critical authentication bypass has been found in PAN-OS, Prisma Access, VPN.

More at https://securitycyber.uk
Mastodon: https://infosec.exchange/@securitycyber
LinkedIn: https://www.linkedin.com/in/charlie-collins-sec
Bluesky: https://bsky.app/profile/securitycyberuk.bsky.social
Substack: https://securitycyber.substack.com
Discord: https://discord.gg/securitycyber

Recommended: https://www.hackthebox.com for practice, https://portswigger.net/web-security for free labs

##

undercodenews@mastodon.social at 2026-05-30T21:46:10.000Z ##

Global VPN Security Shockwave: Active Exploitation of Palo Alto Networks CVE-2026-0257 Raises Critical Enterprise Alarm + Video

Introduction: Silent Breach Vector Emerging in Global VPN Infrastructure A newly disclosed and actively exploited vulnerability affecting enterprise VPN infrastructure has triggered urgent concern across cybersecurity circles. Security researchers and incident responders are now tracking real-world attacks targeting a flaw in Palo Alto…

https://undercodenews.com/global-vpn-security-shockwave-active-exploitation-of-palo-alto-networks-cve-2026-0257-raises-critical-enterprise-alarm-video/?utm_source=mastodon&utm_medium=jetpack_social

##

const_data@mastodon.social at 2026-05-30T20:58:02.000Z ##

#infosec #vulnerability #vpn

Rapid7 observó la explotación de la vulnerabilidad de omisión de autenticación de PAN-OS GlobalProtect (CVE-2026-0257).

https://www.rapid7.com/blog/post/etr-rapid7-observed-exploitation-of-pan-os-globalprotect-authentication-bypass-vulnerability-cve-2026-0257/

##

netsecio@mastodon.social at 2026-05-30T18:24:08.000Z ##

📰 Actively Exploited PAN-OS Flaw (CVE-2026-0257) Allows VPN Hijack, CISA Adds to KEV

🚨 ACTIVE EXPLOITATION: A PAN-OS flaw (CVE-2026-0257) in GlobalProtect is being exploited to bypass auth & hijack VPNs. CISA has added it to the KEV catalog. Patch now! #CVE #Vulnerability #PaloAltoNetworks

🌐 cyber[.]netsecops[.]io

🔗 https://cyber.netsecops.io/articles/palo-alto-networks-pan-os-vulnerability-under-active-exploitation/?utm_source=mastodon&utm_medium=social&utm_campaign=daily

##

oversecurity@mastodon.social at 2026-05-30T18:20:22.000Z ##

Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks

Palo Alto Networks is warning that hackers are now exploiting a PAN-OS GlobalProtect authentication bypass flaw, tracked as CVE-2026-0257, in...

🔗️ [Bleepingcomputer] https://link.is.it/TMUu85

##

Analyst207@mastodon.social at 2026-05-30T18:20:10.000Z ##

Hackers Exploit Palo Alto GlobalProtect VPN Auth Bypass Flaw in Attacks

Hackers are actively exploiting a critical flaw in Palo Alto's GlobalProtect VPN, known as CVE-2026-0257, to gain unauthorized access to corporate networks. This alarming vulnerability allows attackers to bypass security restrictions and establish fake VPN connections.

https://osintsights.com/hackers-exploit-palo-alto-globalprotect-vpn-auth-bypass-flaw-in-attacks?utm_source=mastodon&utm_medium=social

#PaloAlto #Globalprotect #VpnAuthBypass #Cve20260257 #Panos

##

Matchbook3469@mastodon.social at 2026-05-30T17:06:09.000Z ##

🚨 THREAT INTELLIGENCE

PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation

Vulnerability | CRITICAL
CVEs: CVE-2026-0257

Palo Alto Networks has warned that a recently disclosed medium-severity security flaw impacting PAN-OS and Prisma Access has come under active...

Full analysis:
https://www.yazoul.net/news/article/pan-os-globalprotect-authentication-bypass-cve-2026-0257-under-active-exploitati

#ThreatIntel #Malware #SecurityOps

##

undercodenews@mastodon.social at 2026-05-30T11:53:13.000Z ##

Critical Security Flashpoint: Palo Alto Networks Zero-Day CVE-2026-0257 Actively Exploited as Ransomware Waves Hit US Wholesale Sector + Video

Urgent Cybersecurity Introduction: A Dual-Front Digital Crisis Emerging The cybersecurity landscape is once again under intense pressure as two separate but equally disruptive incidents collide in the threat ecosystem. On one side, Palo Alto Networks has confirmed active exploitation of a critical vulnerability tracked as…

https://undercodenews.com/critical-security-flashpoint-palo-alto-networks-zero-day-cve-2026-0257-actively-exploited-as-ransomware-waves-hit-us-wholesale-sector-video/?utm_source=mastodon&utm_medium=jetpack_social

##

secdb at 2026-05-30T11:15:27.285Z ##

🚨 [CISA-2026:0529] CISA Adds One Known Exploited Vulnerability to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0529)

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2026-0257 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-0257)
- Name: Palo Alto Networks PAN-OS Authentication Bypass Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Palo Alto Networks
- Product: PAN-OS
- Notes: https://security.paloaltonetworks.com/CVE-2026-0257 ; https://nvd.nist.gov/vuln/detail/CVE-2026-0257

#ZEN #SecDB #InfoSec #CVE #CISA_KEV #cisa_20260529 #cisa20260529 #cve_2026_0257 #cve20260257

##

Analyst207@mastodon.social at 2026-05-30T08:20:14.000Z ##

Palo Alto Networks Warns of Active Exploitation of GlobalProtect Flaw

Palo Alto Networks has issued a warning about a critical GlobalProtect flaw, CVE-2026-0257, that is being actively exploited, allowing attackers to bypass security restrictions and establish unauthorized VPN connections. This vulnerability affects specific PAN-OS and Prisma Access deployments with certain…

https://osintsights.com/palo-alto-networks-warns-of-active-exploitation-of-globalprotect-flaw?utm_source=mastodon&utm_medium=social

#PaloAltoNetworks #Globalprotect #Cve20260257 #VpnExploitation #AuthenticationBypass

##

bugxhunter at 2026-05-30T06:01:24.686Z ##

🏛️ Palo Alto Networks PAN-OS Authentication Bypass Vulnerability

📝 CISA added CVE-2026-0257 to its KEV Catalog due to active exploitation, posing risks to...

https://www.cisa.gov/news-events/alerts/2026/05/29/cisa-adds-one-known-exploited-vulnerability-catalog

📰 Alerts

#GovSec #CVE #ZeroDay

##

securitycyber@infosec.exchange at 2026-05-31T01:09:26.000Z ##

A new authentication bypass vulnerability (CVE-2026-0257) in PAN-OS is being actively exploited in the wild. The flaw lets attackers establish VPN connections without valid credentials. This is not a theoretical risk or a proof of concept — real attacks are happening right now, and the window to respond is already closing.

More at https://securitycyber.uk
Mastodon: https://infosec.exchange/@securitycyber
LinkedIn: https://www.linkedin.com/in/charlie-collins-sec
Bluesky: https://bsky.app/profile/securitycyberuk.bsky.social
Substack: https://securitycyber.substack.com
Discord: https://discord.gg/securitycyber

Recommended: https://www.hackthebox.com for practice, https://portswigger.net/web-security for free labs

##

securitycyber@infosec.exchange at 2026-05-31T00:56:26.000Z ##

PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Is Being Actively Exploited

Palo Alto Networks has confirmed that CVE-2026-0257, an authentication bypass vulnerability in PAN-OS GlobalProtect, is under active exploitation in the wild. The flaw carries a CVSS score of 7.

More at https://securitycyber.uk
Mastodon: https://infosec.exchange/@securitycyber
LinkedIn: https://www.linkedin.com/in/charlie-collins-sec
Bluesky: https://bsky.app/profile/securitycyberuk.bsky.social
Substack: https://securitycyber.substack.com
Discord: https://discord.gg/securitycyber

Recommended: https://www.hackthebox.com for practice, https://portswigger.net/web-security for free labs

##

securitycyber@infosec.exchange at 2026-05-31T00:39:13.000Z ##

A new authentication bypass vulnerability (CVE-2026-0257, CVE-2026-0257) is being actively exploited in the wild. The target: PAN-OS, Prisma Access, VPN. This is not a theoretical risk — attackers are already leveraging it.

This is not the first time a critical authentication bypass has been found in PAN-OS, Prisma Access, VPN.

More at https://securitycyber.uk
Mastodon: https://infosec.exchange/@securitycyber
LinkedIn: https://www.linkedin.com/in/charlie-collins-sec
Bluesky: https://bsky.app/profile/securitycyberuk.bsky.social
Substack: https://securitycyber.substack.com
Discord: https://discord.gg/securitycyber

Recommended: https://www.hackthebox.com for practice, https://portswigger.net/web-security for free labs

##

oversecurity@mastodon.social at 2026-05-30T18:20:22.000Z ##

Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks

Palo Alto Networks is warning that hackers are now exploiting a PAN-OS GlobalProtect authentication bypass flaw, tracked as CVE-2026-0257, in...

🔗️ [Bleepingcomputer] https://link.is.it/TMUu85

##

secdb@infosec.exchange at 2026-05-30T11:15:27.000Z ##

🚨 [CISA-2026:0529] CISA Adds One Known Exploited Vulnerability to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0529)

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2026-0257 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-0257)
- Name: Palo Alto Networks PAN-OS Authentication Bypass Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Palo Alto Networks
- Product: PAN-OS
- Notes: https://security.paloaltonetworks.com/CVE-2026-0257 ; https://nvd.nist.gov/vuln/detail/CVE-2026-0257

#ZEN #SecDB #InfoSec #CVE #CISA_KEV #cisa_20260529 #cisa20260529 #cve_2026_0257 #cve20260257

##

bugxhunter@infosec.exchange at 2026-05-30T06:01:24.000Z ##

updated 2026-05-29T18:31:42

2 posts

xiaomusic v0.5.7 contains an unauthenticated path traversal vulnerability in the GET /music/{file_path:path} endpoint that allows unauthenticated attackers to read arbitrary files outside the intended music directory by exploiting an incomplete path prefix check. Attackers can request files from sibling directories whose names share the music_path prefix by crafting traversal sequences, bypassing

thehackerwire@mastodon.social at 2026-05-30T21:00:33.000Z ##

🟠 CVE-2026-10108 - High (7.5)

xiaomusic v0.5.7 contains an unauthenticated path traversal vulnerability in the GET /music/{file_path:path} endpoint that allows unauthenticated attackers to read arbitrary files outside the intended music directory by exploiting an incomplete pa...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-10108/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-30T21:00:33.000Z ##

🟠 CVE-2026-10108 - High (7.5)

xiaomusic v0.5.7 contains an unauthenticated path traversal vulnerability in the GET /music/{file_path:path} endpoint that allows unauthenticated attackers to read arbitrary files outside the intended music directory by exploiting an incomplete pa...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-10108/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-10107
(7.7 HIGH)

EPSS: 0.03%

updated 2026-05-29T18:31:42

2 posts

MoviePilot v2 contains a server-side request forgery vulnerability in the image proxy endpoint that allows authenticated attackers to request arbitrary URLs by supplying a resource_token cookie and a URL whose domain matches the assembled allowlist. Attackers can bypass internal network protections because the SecurityUtils.is_safe_url function performs only domain-membership checking without bloc

thehackerwire@mastodon.social at 2026-05-30T20:01:16.000Z ##

🟠 CVE-2026-10107 - High (7.7)

MoviePilot v2 contains a server-side request forgery vulnerability in the image proxy endpoint that allows authenticated attackers to request arbitrary URLs by supplying a resource_token cookie and a URL whose domain matches the assembled allowlis...

updated 2026-05-29T18:31:20

1 posts

Vulnerability in Oracle REST Data Services (component: Backend-as-a-Service). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle REST Data Services. While the vulnerability is in Oracle REST Data Services, attacks may significantly impact additional products (scope change). S

1 repos

https://github.com/fangbarristerbar/CVE-2026-46840-ORDS-RCE

thehackerwire@mastodon.social at 2026-05-29T00:00:22.000Z ##

🔴 CVE-2026-46840 - Critical (10)

Vulnerability in Oracle REST Data Services (component: Backend-as-a-Service). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Ora...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-46840/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-46839
(9.9 CRITICAL)

🟠 CVE-2026-10062 - High (8.8)

A vulnerability was determined in TRENDnet TEW-432BRP 3.10B20. Affected by this vulnerability is the function formSetRoute of the file /goform/formSetRoute. This manipulation of the argument ip/mask/gateway causes stack-based buffer overflow. The ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-10062/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-30T22:00:46.000Z ##

🟠 CVE-2026-10062 - High (8.8)

A vulnerability was determined in TRENDnet TEW-432BRP 3.10B20. Affected by this vulnerability is the function formSetRoute of the file /goform/formSetRoute. This manipulation of the argument ip/mask/gateway causes stack-based buffer overflow. The ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-10062/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-9809
(7.6 HIGH)

EPSS: 0.02%

updated 2026-05-29T15:39:34.620000

2 posts

A stored Cross-Site Scripting (XSS) vulnerability exists in the Projects component of Mautic 7. When displaying project tags and popovers on administrative detail views (such as campaigns, emails, or forms), user-supplied project names are rendered without proper sanitization. An authenticated user with permissions to create or edit projects can exploit this to inject malicious script payloads. Wh

thehackerwire@mastodon.social at 2026-05-31T00:00:29.000Z ##

🟠 CVE-2026-9809 - High (7.6)

A stored Cross-Site Scripting (XSS) vulnerability exists in the Projects component of Mautic 7. When displaying project tags and popovers on administrative detail views (such as campaigns, emails, or forms), user-supplied project names are rendere...

updated 2026-05-29T15:30:43

2 posts

manga-image-translator contains a remote code execution vulnerability in the shared API server mode due to unsafe deserialization of untrusted pickle data in the share.py module, where the /execute/{method_name} and /simple_execute/{method_name} endpoints deserialize attacker-controlled HTTP request bodies using pickle.loads(). A remote attacker can supply a crafted pickle payload to these endpoin

thehackerwire@mastodon.social at 2026-05-30T22:01:05.000Z ##

🔴 CVE-2026-10042 - Critical (9.8)

manga-image-translator contains a remote code execution vulnerability in the shared API server mode due to unsafe deserialization of untrusted pickle data in the share.py module, where the /execute/{method_name} and /simple_execute/{method_name} e...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-10042/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-30T22:01:05.000Z ##

🔴 CVE-2026-10042 - Critical (9.8)

manga-image-translator contains a remote code execution vulnerability in the shared API server mode due to unsafe deserialization of untrusted pickle data in the share.py module, where the /execute/{method_name} and /simple_execute/{method_name} e...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-10042/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-10063
(8.8 HIGH)

EPSS: 0.04%

updated 2026-05-29T15:30:43

2 posts

A vulnerability was identified in TRENDnet TEW-432BRP 3.10B20. Affected by this issue is the function formWPS of the file /goform/formWPS. Such manipulation of the argument peerPin leads to stack-based buffer overflow. The attack may be performed from remote. The exploit is publicly available and might be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item

thehackerwire@mastodon.social at 2026-05-30T22:00:55.000Z ##

🟠 CVE-2026-10063 - High (8.8)

A vulnerability was identified in TRENDnet TEW-432BRP 3.10B20. Affected by this issue is the function formWPS of the file /goform/formWPS. Such manipulation of the argument peerPin leads to stack-based buffer overflow. The attack may be performed ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-10063/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-30T22:00:55.000Z ##

🟠 CVE-2026-10063 - High (8.8)

A vulnerability was identified in TRENDnet TEW-432BRP 3.10B20. Affected by this issue is the function formWPS of the file /goform/formWPS. Such manipulation of the argument peerPin leads to stack-based buffer overflow. The attack may be performed ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-10063/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4290
(9.1 CRITICAL)

EPSS: 0.04%

updated 2026-05-29T15:30:43

2 posts

The WP Travel Pro plugin for WordPress is vulnerable to arbitrary user deletion via the /wp-json/wp-travel/v1/travel-guide/{user_id} REST API endpoint in all versions up to, and including, 10.6.0. This is due to the check_permission() callback unconditionally returning true and the Database::delete() method passing the user ID directly to wp_delete_user() without any role validation. This makes it

thehackerwire@mastodon.social at 2026-05-30T21:00:52.000Z ##

🔴 CVE-2026-4290 - Critical (9.1)

The WP Travel Pro plugin for WordPress is vulnerable to arbitrary user deletion via the /wp-json/wp-travel/v1/travel-guide/{user_id} REST API endpoint in all versions up to, and including, 10.6.0. This is due to the check_permission() callback unc...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4290/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-30T21:00:52.000Z ##

🔴 CVE-2026-4290 - Critical (9.1)

The WP Travel Pro plugin for WordPress is vulnerable to arbitrary user deletion via the /wp-json/wp-travel/v1/travel-guide/{user_id} REST API endpoint in all versions up to, and including, 10.6.0. This is due to the check_permission() callback unc...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4290/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-10071
(9.8 CRITICAL)

EPSS: 0.19%

updated 2026-05-29T15:30:38

2 posts

DreamMaker developed by Interinfo has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

thehackerwire@mastodon.social at 2026-05-30T23:00:57.000Z ##

🔴 CVE-2026-10071 - Critical (9.8)

DreamMaker developed by Interinfo has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-10071/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-30T23:00:57.000Z ##

🔴 CVE-2026-10071 - Critical (9.8)

DreamMaker developed by Interinfo has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-10071/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-44887
(9.8 CRITICAL)

EPSS: 0.21%

updated 2026-05-29T15:29:42.387000

1 posts

Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's web-based configuration editor allows arbitrary Python code to be injected into pialert.conf. Since the background scan daemon loads this file via Python's exec(), injected code executes as the daemon process. With web protection disabled (the default configuration), no authentication is require

thehackerwire@mastodon.social at 2026-05-28T16:01:00.000Z ##

🔴 CVE-2026-44887 - Critical (9.8)

Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's web-based configuration editor allows arbitrary Python code to be injected into pialert.conf. Since the background scan daemon loads this file ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44887/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-10073
(7.5 HIGH)

EPSS: 0.10%

updated 2026-05-29T15:11:03.853000

2 posts

DreamMaker developed by Interinfo has an Arbitrary File Read vulnerability, allowing unauthenticated local attackers to exploit Relative Path Traversal to download arbitrary system files.

thehackerwire@mastodon.social at 2026-05-30T23:00:38.000Z ##

🟠 CVE-2026-10073 - High (7.5)

DreamMaker developed by Interinfo has an Arbitrary File Read vulnerability, allowing unauthenticated local attackers to exploit Relative Path Traversal to download arbitrary system files.

updated 2026-05-29T14:07:52

2 posts

## Summary HaxCMS is affected by a stored cross-site scripting (XSS) vulnerability in the `/system/api/saveNode` endpoint. An authenticated user with a permission to edit pages can bypass the HTML sanitizer by injecting an event handler attribute without whitespace before the attribute name. For example, the sanitizer misses: ```html <a href="#"onclick="alert('kn1ph')">click me</a> ``` The imp

thehackerwire@mastodon.social at 2026-05-30T23:00:47.000Z ##

🟠 CVE-2026-48527 - High (8.7)

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions up to and including 26.0.0 are affected by a stored cross-site scripting (XSS) vulnerability in the `/system/api/saveNode` endpoint. An authenticated user with a permiss...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-48527/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-30T23:00:47.000Z ##

🟠 CVE-2026-48527 - High (8.7)

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions up to and including 26.0.0 are affected by a stored cross-site scripting (XSS) vulnerability in the `/system/api/saveNode` endpoint. An authenticated user with a permiss...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-48527/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-11993
(8.8 HIGH)

EPSS: 0.08%

updated 2026-05-29T13:09:05.450000

2 posts

The WooCommerce Infinite Scroll and Ajax Pagination plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.8 via the 'settings' parameter in the 'import_settings' function. This is due to deserialization of untrusted data supplied via the import configuration feature without capability checks. This makes it possible for authenticated attackers, with Subs

thehackerwire@mastodon.social at 2026-05-31T03:00:43.000Z ##

🟠 CVE-2025-11993 - High (8.8)

The WooCommerce Infinite Scroll and Ajax Pagination plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.8 via the 'settings' parameter in the 'import_settings' function. This is due to deserialization...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-11993/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-31T03:00:43.000Z ##

🟠 CVE-2025-11993 - High (8.8)

The WooCommerce Infinite Scroll and Ajax Pagination plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.8 via the 'settings' parameter in the 'import_settings' function. This is due to deserialization...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-11993/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-8732
(9.8 CRITICAL)

EPSS: 0.07%

updated 2026-05-29T13:09:05.450000

5 posts

The WP Maps Pro plugin for WordPress is vulnerable to Privilege Escalation via Administrator Account Creation in all versions up to, and including, 6.1.0. This is due to the wpgmp_temp_access_ajax AJAX action being registered with wp_ajax_nopriv_ and protected only by a nonce check using the fc-call-nonce nonce, which is publicly embedded into every frontend page via wp_localize_script as the nonc

2 repos

https://github.com/Jenderal92/CVE-2026-8732

https://github.com/xShadow-Here/CVE-2026-8732

thehackerwire@mastodon.social at 2026-05-31T02:00:14.000Z ##

🔴 CVE-2026-8732 - Critical (9.8)

The WP Maps Pro plugin for WordPress is vulnerable to Privilege Escalation via Administrator Account Creation in all versions up to, and including, 6.1.0. This is due to the wpgmp_temp_access_ajax AJAX action being registered with wp_ajax_nopriv_ ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-8732/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

beyondmachines1 at 2026-05-30T15:01:08.155Z ##

Critical WP Maps Pro Vulnerability Allows Unauthenticated Administrator Takeover

WP Maps Pro versions 6.1.0 and earlier contain a critical vulnerability (CVE-2026-8732) that allows unauthenticated attackers to create administrator accounts and take full control of WordPress sites.

**If you use the WP Maps Pro WordPress plugin, this is urgent. Update to version 6.1.1 immediately to patch this critical flaw that lets attackers create admin accounts on your site. Also, audit your WordPress user list for any suspicious admin accounts (especially ones tied to support@flippercode.com) and remove them.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-wp-maps-pro-vulnerability-allows-unauthenticated-administrator-takeover-e-g-t-g-s/gD2P6Ple2L

##

thehackerwire@mastodon.social at 2026-05-31T02:00:14.000Z ##

🔴 CVE-2026-8732 - Critical (9.8)

The WP Maps Pro plugin for WordPress is vulnerable to Privilege Escalation via Administrator Account Creation in all versions up to, and including, 6.1.0. This is due to the wpgmp_temp_access_ajax AJAX action being registered with wp_ajax_nopriv_ ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-8732/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

beyondmachines1@infosec.exchange at 2026-05-30T15:01:08.000Z ##

Critical WP Maps Pro Vulnerability Allows Unauthenticated Administrator Takeover

WP Maps Pro versions 6.1.0 and earlier contain a critical vulnerability (CVE-2026-8732) that allows unauthenticated attackers to create administrator accounts and take full control of WordPress sites.

**If you use the WP Maps Pro WordPress plugin, this is urgent. Update to version 6.1.1 immediately to patch this critical flaw that lets attackers create admin accounts on your site. Also, audit your WordPress user list for any suspicious admin accounts (especially ones tied to support@flippercode.com) and remove them.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-wp-maps-pro-vulnerability-allows-unauthenticated-administrator-takeover-e-g-t-g-s/gD2P6Ple2L

##

offseq@infosec.exchange at 2026-05-29T07:30:25.000Z ##

🚨 CVE-2026-8732: WP Maps Pro ≤6.1.0 has a CRITICAL flaw (CVSS 9.8). Unauthenticated attackers can create admin accounts via an AJAX action protected only by a public nonce. Full site takeover risk. Disable or remove plugin until patched. https://radar.offseq.com/threat/cve-2026-8732-cwe-306-missing-authentication-for-c-c3324188 #OffSeq #WordPress #Vuln

##

CVE-2026-3655
(9.8 CRITICAL)

EPSS: 0.26%

updated 2026-05-29T13:09:05.450000

3 posts

The OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass in versions 1.8.50 through 1.8.60. This is due to the Firebase verification flow in the `lwp_ajax_register` AJAX handler not binding the Firebase session to the phone number supplied in the request. The `idehweb_lwp_activate_through_firebase()` function validates that a Firebase OTP sessio

thehackerwire@mastodon.social at 2026-05-31T02:00:02.000Z ##

🔴 CVE-2026-3655 - Critical (9.8)

The OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass in versions 1.8.50 through 1.8.60. This is due to the Firebase verification flow in the `lwp_ajax_register` AJAX handler not binding the ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3655/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-31T02:00:02.000Z ##

🔴 CVE-2026-3655 - Critical (9.8)

The OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass in versions 1.8.50 through 1.8.60. This is due to the Firebase verification flow in the `lwp_ajax_register` AJAX handler not binding the ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3655/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-05-29T09:00:37.000Z ##

CVE-2026-3655 (CRITICAL, CVSS 9.8): glboy OTP Login plugin (v1.8.50 – 1.8.60) suffers from improper authentication via Firebase OTP. Attackers can log in as any user/admin. Patch now! https://radar.offseq.com/threat/cve-2026-3655-cwe-287-improper-authentication-in-g-98c0dba0 #OffSeq #WordPress #Infosec #Vulnerability

##

CVE-2026-6075
(8.1 HIGH)

EPSS: 0.04%

updated 2026-05-29T13:09:05.450000

2 posts

The Media Library Assistant plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.35 This is due to missing nonce verification on the bulk action handlers in the settings tab handlers. This makes it possible for unauthenticated attackers to trick an administrator into performing bulk delete, edit, or purge operations on plugin settings and attachment

thehackerwire@mastodon.social at 2026-05-31T01:00:27.000Z ##

🟠 CVE-2026-6075 - High (8.1)

The Media Library Assistant plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.35 This is due to missing nonce verification on the bulk action handlers in the settings tab handlers. This makes it p...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6075/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-31T01:00:27.000Z ##

🟠 CVE-2026-6075 - High (8.1)

The Media Library Assistant plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.35 This is due to missing nonce verification on the bulk action handlers in the settings tab handlers. This makes it p...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6075/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-42965
(7.7 HIGH)

EPSS: 0.03%

updated 2026-05-29T12:31:29

2 posts

A flaw was found in the OpenShift Router. A user with EndpointSlice write access can exploit this vulnerability by creating a Service backed by an FQDN (Fully Qualified Domain Name) EndpointSlice that resolves to a cloud metadata endpoint. This allows the router to proxy requests to the cloud metadata endpoint, leading to the disclosure of instance credentials and other sensitive metadata. This by

thehackerwire@mastodon.social at 2026-05-31T01:00:17.000Z ##

🟠 CVE-2026-42965 - High (7.7)

A flaw was found in the OpenShift Router. A user with EndpointSlice write access can exploit this vulnerability by creating a Service backed by an FQDN (Fully Qualified Domain Name) EndpointSlice that resolves to a cloud metadata endpoint. This al...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42965/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-31T01:00:17.000Z ##

🟠 CVE-2026-42965 - High (7.7)

A flaw was found in the OpenShift Router. A user with EndpointSlice write access can exploit this vulnerability by creating a Service backed by an FQDN (Fully Qualified Domain Name) EndpointSlice that resolves to a cloud metadata endpoint. This al...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42965/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-10056
(7.5 HIGH)

EPSS: 0.08%

updated 2026-05-29T09:16:17.147000

2 posts

CORS misconfiguration in the REST API of Network Optix Nx Witness VMS before version 6.1.2, when running in the default Standard security mode, on Linux and Windows allows an unauthenticated remote attacker to steal the session token of an authenticated user and perform Administrator Account Takeover via a malicious cross-origin web page visited by the victim. The High security mode is not affecte

thehackerwire@mastodon.social at 2026-05-31T01:59:52.000Z ##

🟠 CVE-2026-10056 - High (7.5)

CORS misconfiguration in the REST API of Network Optix Nx Witness VMS before version 6.1.2, when running in the default Standard security mode, on Linux and Windows allows an unauthenticated remote attacker to steal the session token of an authent...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-10056/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-31T01:59:52.000Z ##

🟠 CVE-2026-10056 - High (7.5)

CORS misconfiguration in the REST API of Network Optix Nx Witness VMS before version 6.1.2, when running in the default Standard security mode, on Linux and Windows allows an unauthenticated remote attacker to steal the session token of an authent...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-10056/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-8070(CVSS UNKNOWN)

EPSS: 0.01%

updated 2026-05-29T03:31:14

1 posts

Incorrect permission assignment for a critical resource in Armoury Crate allows a local user to bypass the driver’s validation mechanism, resulting in unauthorized read and write access to physical memory.Refer to the ' Security Update for Armoury Crate App ' section on the ASUS Security Advisory for more information.

offseq@infosec.exchange at 2026-05-29T04:30:25.000Z ##

🔒 CVE-2026-8070 (HIGH): ASUS Armoury Crate lets local attackers bypass driver validation for physical memory access. Patch pending — restrict local access and monitor for abuse. Details: https://radar.offseq.com/threat/cve-2026-8070-cwe-732-incorrect-permission-assignm-933cba46 #OffSeq #Vulnerability #ASUS #InfoSec

##

CVE-2026-7480(CVSS UNKNOWN)

A command injection vulnerability exists in the WireGuard VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target devices.

cR0w@infosec.exchange at 2026-05-28T18:41:42.000Z ##

Anyone know anything about these router vulns? I'm especially interested in CVE-2026-38704, a command injection in the Wireguard function, and CVE-2026-38707, a command injection in the IPSEC function.

https://www.inhand.com/wp-content/uploads/InHand-PSA-2026-05_EN.pdf

##

CVE-2026-38707
(9.8 CRITICAL)

2 posts

A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper escaping of shell meta-characters. This vulnerability allows an attacker to achieve remote command execu

thehackerwire@mastodon.social at 2026-05-28T15:00:33.000Z ##

🔴 CVE-2026-4408 - Critical (9)

A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the cli...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4408/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-05-28T09:00:28.000Z ##

🚨 CRITICAL: CVE-2026-4408 in Red Hat Enterprise Linux 10 via Samba misconfig enables remote command execution if "check password script" uses %u. Audit your configs now! Details: https://radar.offseq.com/threat/cve-2026-4408-improper-neutralization-of-special-e-ffcecb34 #OffSeq #Linux #Samba #Infosec

##

CVE-2026-6455
(8.1 HIGH)

EPSS: 0.04%

updated 2026-05-28T09:31:26

thehackerwire@mastodon.social at 2026-05-29T23:00:14.000Z ##

🟠 CVE-2026-46372 - High (8.5)

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern exposes /api/search/searxng, which ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-46372/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-43284
(7.8 HIGH)

EPSS: 38.45%

updated 2026-05-26T18:32:39

1 posts

In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSG_SPLICE_PAGES can attach pages from a pipe directly to an skb. TCP marks such skbs with SKBFL_SHARED_FRAG after skb_splice_from_iter(), so later paths that may modify packet data can first make a private copy. The IPv4/IPv6 datagram append paths did not set this flag when

34 repos

https://github.com/grabesec/XCP_ng_CVE-2026-43284_tester

https://github.com/mym0us3r/DIRTY-FRAG-Detection-with-Wazuh-4.14.4

https://github.com/LucasPDiniz/CVE-2026-43284

https://github.com/haydenjames/dirty-frag-check

https://github.com/jayhutajulu1/CVE-2026-43284-DirtyFrag-PoC

https://github.com/infiniroot/ansible-mitigate-copyfail-dirtyfrag

https://github.com/ryan2929/CVE-2026-43284-

https://github.com/xd20111/CVE-2026-43284

https://github.com/ochebotar/copy-fail-CVE-2026-31431-detection-probe

https://github.com/AtlasVector/Dirty-Frag-CVE-2026-43284

https://github.com/ChernStepanov/DirtyFrag-for-dummies

https://github.com/AK777177/Dirty-Frag-Analysis

https://github.com/Percivalll/Dirty-Frag-Kubernetes-PoC

https://github.com/K3ysTr0K3R/CVE-2026-43284-CVE-2026-43500-EXPLOIT

https://github.com/FrosterDL/CVE-2026-43284

https://github.com/kuniyal08/Dirty-Frag-CVE-2026-43284

https://github.com/0xlane/pagecache-guard

https://github.com/XRSecCD/202605_dirty_frag

https://github.com/gagaltotal/CVE-2026-43284-CVE-2026-43500-scan

https://github.com/whosfault/CVE-2026-43284

https://github.com/attaattaatta/CVE-2026-43500

https://github.com/liamromanis101/DirtyFrag-Detector

https://github.com/6abc/Copy-Fail-CVE-2026-31431-dirty-frag-CVE-2026-43284

https://github.com/suominen/CVE-2026-43284

https://github.com/linnemanlabs/dirtyfrag-arm64

https://github.com/dixyes/dirtypatch

https://github.com/scriptzteam/Paranoid-Dirty-Frag-CVE-2026-43284

https://github.com/Aiyakami/rust_dirtyfrag

https://github.com/0xBlackash/CVE-2026-43284

https://github.com/metalx1993/dirtyfrag-patches

https://github.com/Koshmare-Blossom/DirtyFrag-go

https://github.com/krisiasty/vcheck

https://github.com/DylanClaudio/Reporte-de-Escalada-de-Privilegios-Local-Dirty-Frag

https://github.com/KaraZajac/DIRTYFAIL

cybersec_insights@cyberplace.social at 2026-05-30T21:15:33.000Z ##

🚨 Dirty Frag CVE-2026-43284: Linux Kernel LPE Under Active Attack

Actively exploited kernel vulnerability. Gets root via SSH, web shells, containers.

Analysis:
• Exploit technical breakdown
• Active exploitation status
• Detection strategies & IoCs
• Immediate mitigation steps

Full report → https://cyber.murati.net

#cybersecurity #infosec #Linux #LPE #kernelsecurity

##

CVE-2026-26980
(9.4 CRITICAL)

EPSS: 56.66%

updated 2026-05-26T15:16:24.310000

1 posts

Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1.

Nuclei template

5 repos

https://github.com/EQSTLab/CVE-2026-26980

https://github.com/dinosn/ghost-cve-2026-26980

https://github.com/Kulik-Labs-Development/Ghost-CMS-Code-Injection-Audit-CVE-2026-26980

https://github.com/ByteWraith1/CVE-2026-26980

https://github.com/vognik/CVE-2026-26980

benzogaga33@mamot.fr at 2026-05-28T09:20:03.000Z ##

Plus de 700 sites piratés : la faille critique de Ghost CMS qui sème la terreur sur le web https://goodtech.info/ghost-cms-faille-critique-cve-2026-26980-clickfix-piratage/ #Développement #Applications #Sécurité #Àlaune

##

CVE-2026-45659
(8.8 HIGH)

EPSS: 0.62%

updated 2026-05-26T13:30:30

1 posts

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

2 repos

https://github.com/mistbarbarianspot/CVE-2026-45659-SharePoint-RCE

https://github.com/HORKimhab/CVE-2026-45659

hackmag@infosec.exchange at 2026-05-28T15:00:03.000Z ##

⚪️ Microsoft Fixes RCE Vulnerability in SharePoint

🗨️ Microsoft engineers have released out-of-band patches for an RCE vulnerability in SharePoint Server (CVE-2026-45659). The issue has a CVSS score of 8.8 and affects SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016. Exploiting it only requires…

🔗 https://hackmag.com/news/cve-2026-45659?utm_source=mastodon&utm_medium=social&utm_campaign=repost_hackmag_to_socials

#news

##

CVE-2026-47125
(8.8 HIGH)

EPSS: 0.04%

updated 2026-05-23T00:16:58

1 posts

## Summary The `PUT /api/environments/{id}/templates/variables` endpoint, which writes the system-wide `.env.global` file used for variable substitution in every project's compose file, is missing an admin authorization check. Any authenticated non-admin user can call this endpoint with their bearer token or API key and overwrite the global environment variables that are merged into every project

thehackerwire@mastodon.social at 2026-05-29T19:00:21.000Z ##

🟠 CVE-2026-47125 - High (8.8)

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.2, the PUT /api/environments/{id}/templates/variables endpoint, which writes the system-wide .env.global file used for variable substitution in eve...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-47125/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-45498
(4.0 None)

EPSS: 4.11%

updated 2026-05-20T18:31:35

1 posts

Microsoft Defender Denial of Service Vulnerability

1 repos

https://github.com/ridhinva/defender-vulnerability-scanner

sayzard@mastodon.sayzard.org at 2026-05-30T10:44:59.000Z ##

[마이크로소프트, 깃허브 계정 차단 후 윈도우 제로데이 공개 비판

마이크로소프트가 보안 연구원 'Chaotic Eclipse'의 깃허브 계정을 차단한 후, 연구원이 윈도우 제로데이 취약점(6개, 그 중 3개는 이미 악용 중) 세부 정보를 공개한 것에 대해 갈등이 발생하고 있다. 마이크로소프트는 공동 취약점 공개(CVD) 프로세스 준수와 협력을 강조하며 무단 공개를 비판했으나, 연구원은 마이크로소프트의 대응을 모욕적이라며 추가 폭로(7월 14일 예고)를 예고했다. 깃허브는 연구원의 계정을 차단한 후에도 익스플로잇 코드가 재업로드되자 새 계정까지 차단했다. 주요 취약점 중 블루해머(CVE-2026-33825), 레드썬(CVE-2026-41091), 언디펜드(CVE-2026-45498)가 악용 중이다.

https://news.hada.io/topic?id=30020

#zeroday #microsoft #github #securityresearch #bugbounty

##

CVE-2026-41091
(7.8 HIGH)

EPSS: 6.98%

updated 2026-05-20T18:31:35

1 posts

Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized attacker to elevate privileges locally.

2 repos

https://github.com/ridhinva/defender-vulnerability-scanner

https://github.com/0xBlackash/CVE-2026-41091

sayzard@mastodon.sayzard.org at 2026-05-30T10:44:59.000Z ##

[마이크로소프트, 깃허브 계정 차단 후 윈도우 제로데이 공개 비판

마이크로소프트가 보안 연구원 'Chaotic Eclipse'의 깃허브 계정을 차단한 후, 연구원이 윈도우 제로데이 취약점(6개, 그 중 3개는 이미 악용 중) 세부 정보를 공개한 것에 대해 갈등이 발생하고 있다. 마이크로소프트는 공동 취약점 공개(CVD) 프로세스 준수와 협력을 강조하며 무단 공개를 비판했으나, 연구원은 마이크로소프트의 대응을 모욕적이라며 추가 폭로(7월 14일 예고)를 예고했다. 깃허브는 연구원의 계정을 차단한 후에도 익스플로잇 코드가 재업로드되자 새 계정까지 차단했다. 주요 취약점 중 블루해머(CVE-2026-33825), 레드썬(CVE-2026-41091), 언디펜드(CVE-2026-45498)가 악용 중이다.

https://news.hada.io/topic?id=30020

#zeroday #microsoft #github #securityresearch #bugbounty

##

CVE-2026-31431
(7.8 HIGH)

EPSS: 2.23%

updated 2026-05-18T18:32:28

4 posts

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just

100 repos

https://github.com/wuwu001/CVE-2026-31431-exploit

https://github.com/scriptzteam/Paranoid-Copy-Fail-CVE-2026-31431

https://github.com/sec17br/CVE-2026-31431-Copy-Fail

https://github.com/toxy4ny/copy-fail-exploit-on-c-redteam

https://github.com/wesmar/CVE-2026-31431

https://github.com/XsanFlip/CVE-2026-31431-Patch

https://github.com/cyber-joker/copy-fail-python

https://github.com/malwarekid/CVE-2026-31431

https://github.com/shadowabi/CVE-2026-31431-CopyFail-Universal-LPE

https://github.com/MrAriaNet/cPanel-Fix

https://github.com/MartinPham/copy-fail-CVE-2026-31431-php

https://github.com/ncmprbll/copy-fail-rs

https://github.com/Huchangzhi/autorootlinux

https://github.com/yxdm02/CVE-2026-31431

https://github.com/Aurillium/RootRemover

https://github.com/4xura/CVE-2026-31431-Copy-Fail

https://github.com/Sl4cK0TH/CVE-2026-31431-PoC

https://github.com/xn0kkx/CVE-2026-31431_CopyFail_LinuxKernel_LPE

https://github.com/kvakirsanov/CVE-2026-31431-live-process-code-injection

https://github.com/insomnisec/Detections-CVE-2026-31431

https://github.com/guiimoraes/CVE-2026-31431

https://github.com/Dullpurple-sloop726/CVE-2026-31431-Linux-Copy-Fail

https://github.com/sammwyy/copyfail-rs

https://github.com/Percivalll/Copy-Fail-CVE-2026-31431-Kubernetes-PoC

https://github.com/adysec/cve-2026-31431

https://github.com/b5null/CVE-2026-31431-C

https://github.com/Shotafry/CopyFail-Exploits-CVE-2026-31431

https://github.com/novysodope/copy-fail-CVE-2026-31431-C

https://github.com/iss4cf0ng/CVE-2026-31431-Linux-Copy-Fail

https://github.com/xeloxa/copyfail-exploit

https://github.com/Webhosting4U/Copy-Fail_Detect_and_mitigate_CVE-2026-31431

https://github.com/ExploitEoom/CVE-2026-31431

https://github.com/Smarttfoxx/copyfail

https://github.com/rvizx/CVE-2026-31431

https://github.com/Alfredooe/CVE-2026-31431

https://github.com/Koshmare-Blossom/Copyfail-sh

https://github.com/povzayd/CVE-2026-31431

https://github.com/Percivalll/Copy-Fail-CVE-2026-31431-Statically-PoC

https://github.com/AliHzSec/CVE-2026-31431

https://github.com/bootsareme/copyfail-deconstructed

https://github.com/Dabbleam/CVE-2026-31431-mitigation

https://github.com/luotian2/CVE-2026-31431

https://github.com/philfry/cve-2026-31431-ftrace

https://github.com/ben-slates/CVE-2026-31431-Exploit

https://github.com/bigwario/copy-fail-CVE-2026-31431-C

https://github.com/mahdi13830510/CVE-2026-31431-mitigation-suite

https://github.com/JuanBindez/CVE-2026-31431

https://github.com/sgkdev/page_inject

https://github.com/Iamliuxiaozhen/copy_fail

https://github.com/infiniroot/ansible-mitigate-copyfail-dirtyfrag

https://github.com/rippsec/CVE-2026-31431-Copy-Fail

https://github.com/M4xSec/CVE-2026-31431-RCE-Exploit

https://github.com/samanzamani/copy-fail-checker

https://github.com/suominen/CVE-2026-31431

https://github.com/gbonacini/CVE-2026-31431

https://github.com/Sndav/CVE-2026-31431-Advanced-Exploit

https://github.com/atgreen/block-copyfail

https://github.com/Xerxes-2/CVE-2026-31431-rs

https://github.com/lonelyor/CVE-2026-31431-exp

https://github.com/abdullaabdullazade/CVE-2026-31431

https://github.com/mrunalp/block-copyfail

https://github.com/badsectorlabs/copyfail-go

https://github.com/yandex-cloud-examples/yc-mk8s-copy-fail-mitigation

https://github.com/SeanRickerd/cve-2026-31431

https://github.com/sgkdev/ptrace_may_dream

https://github.com/liamromanis101/CVE-2026-31431-Copy-Fail---Vulnerability-Detection-Script

https://github.com/diemoeve/copyfail-rs

https://github.com/wvverez/CVE-2026-31431-Copy-Fail

https://github.com/sudoytang/copyfail-arm64

https://github.com/pascal-gujer/CVE-2026-31431

https://github.com/0xShe/CVE-2026-31431

https://github.com/ZephrFish/CopyFail-CVE-2026-31431

https://github.com/professional-slacker/alg_check

https://github.com/yuspring/cve-2026-31431-poc

https://github.com/krisiasty/vcheck

https://github.com/Crihexe/copy-fail-tiny-elf-CVE-2026-31431

https://github.com/KaraZajac/DIRTYFAIL

https://github.com/ErdemOzgen/copy-fail-cve-2026-31431

https://github.com/wgnet/wg.copyfail.patch

https://github.com/adityasingh108/CVE-2026-31431-Metasploit-exploit

https://github.com/kadir/copy-fail-CVE-2026-31431-IOC

https://github.com/jbnetwork-git/copy-fail-check

https://github.com/ochebotar/copy-fail-CVE-2026-31431-detection-probe

https://github.com/cozystack/copy-fail-blocker

https://github.com/KanbaraAkihito/CVE-2026-31431-copyfail-rs

https://github.com/EynaExp/Copy-Fail-CVE-2026-31431-modernized

https://github.com/RoflSecurity/copy_fail

https://github.com/rootsecdev/cve_2026_31431

https://github.com/AdityaBhatt3010/CVE-2026-31431

https://github.com/0xBlackash/CVE-2026-31431

https://github.com/desultory/CVE-2026-31431

https://github.com/darioomatos/cve-2026-31431-copyfail

https://github.com/theori-io/copy-fail-CVE-2026-31431

https://github.com/qi4L/CVE-2026-31431-Container-Escape

https://github.com/aestechno/cve-2026-31431-ansible

https://github.com/tgies/copy-fail-c

https://github.com/H1d3r/copy-fail_LPE_Interactive

https://github.com/beatbeast007/Linux-CopyFail-C-Version-CVE-2026-31431

https://github.com/Boos4721/copyfail-rs

https://github.com/painoob/Copy-Fail-Exploit-CVE-2026-31431

cybersec_insights@cyberplace.social at 2026-05-30T21:15:08.000Z ##

🚨 CVE-2026-31431: Copy Fail — Root on All Major Linux Distros

Critical Linux kernel vulnerability in memory copy mechanism. Unauthenticated privilege escalation.

Our analysis:
• Kernel-level exploit mechanics
• Affected distributions
• Mitigation strategies
• Detection indicators

Full report → https://cyber.murati.net

#cybersecurity #infosec #Linux #kernel #CVE

updated 2026-05-18T14:19:29

2 posts

## Summary The unauthenticated `GET /api/app-images/logo` endpoint reflects a user-supplied `color` query parameter into the body of an SVG document via `strings.ReplaceAll` with no escaping. The substitution lands inside a `<style>` element of the embedded `logo.svg`, allowing an attacker to close the style block and inject executable `<script>` content. Because the response is served as `image/

thehackerwire@mastodon.social at 2026-05-30T05:00:13.000Z ##

🟠 CVE-2026-45627 - High (8.2)

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.0, the unauthenticated GET /api/app-images/logo endpoint reflects a user-supplied color query parameter into the body of an SVG document via string...

updated 2026-05-14T18:33:03

1 posts

May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the was disclosed in February 2026. This new advisory is for a new vulnerability in the control connection handshaking. The section of this advisory includes Show Control Connections guidance to help with system checks.  A vulnerability in the peering authentica

Nuclei template

3 repos

https://github.com/Nxploited/CVE-2026-20182

https://github.com/portbuster1337/CVE-2026-20182

https://github.com/HORKimhab/CVE-2026-20182

AAKL@infosec.exchange at 2026-05-28T16:45:36.000Z ##

Cisco, posted yesterday:

CRITICAL: CVE-2026-20182: Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa2-v69WY2SW @TalosSecurity #Cisco #vulnerability #infosec

##

CVE-2026-44973
(8.1 HIGH)

EPSS: 0.05%

updated 2026-05-14T18:25:39

1 posts

### Impact Multiple path traversal issues exist across different components of `go-billy`. Insufficient path sanitization and boundary enforcement may allow crafted paths (e.g., using `..`) to escape intended base directories. While go-billy was not originally designed to provide a strong security boundary, some of these issues were inconsistent across some of the built-in implementations. This r

thehackerwire@mastodon.social at 2026-05-28T23:01:19.000Z ##

🟠 CVE-2026-44973 - High (8.1)

Billy is an interface filesystem abstraction for Go. Prior to 5.9.0, multiple path traversal issues exist across different components of go-billy. Insufficient path sanitization and boundary enforcement may allow crafted paths (e.g., using ..) to ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44973/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-45321
(9.6 CRITICAL)

EPSS: 17.05%

updated 2026-05-13T16:25:19

1 posts

## Summary On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 `@tanstack/*` packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for `TanStack/router`, but the publish workflow itself was not modified. The attacker chained three known vulnerability classes — a `pull_req

12 repos

https://github.com/digi4care/shai-scan

https://github.com/renewablehacking/CVE-2026-45321-Tanstack

https://github.com/Caixa-git/tanstack-shield

https://github.com/fabriziosalmi/tanstack-compromise-checker

https://github.com/Intrudify/mini-shai-hulud-scanner

https://github.com/nkopylov/tanscript-exploit-check

https://github.com/Breakingcircuitsllc/teampcp_shai_hulud.yar

https://github.com/prashanthnataraj/mini-shai-hulud-detector

https://github.com/Yomisana/are-you-get-tanstack-attack

https://github.com/ry-allan/tanstack-compromise-checker

https://github.com/qi-scape/scan-shai-hulud

https://github.com/shayr1/shai-hulud-scan

kev_Stalker@infosec.exchange at 2026-05-28T19:01:11.000Z ##

CVE-2026-45321 - Changed to Known Ransomware Status

TanStack Unspecified VulnerabilityVendor: TanStackProduct: TanStackTanStack contains an unspecified vulnerability that allowed malicious versions of the product to be published to the npm registry to publish credential-stealing malware under a trusted identity.Status changed from Unknown to Known for ransomware campaign usage.Flip detected on: May 28, 2026 at 18:00:35 UTCDate Added to KEV: https://nvd.nist.gov/vuln/detail/CVE-2026-45321

##

CVE-2026-43898
(10.0 CRITICAL)

EPSS: 0.05%

updated 2026-05-13T15:26:02

1 posts

### Summary Sandbox-defined functions expose `Function.caller`, allowing sandboxed code to recover the internal `LispType.Call` runtime callback. That callback can then be invoked with attacker-controlled fake context and obj values to extract blocked host statics, recover the real host Function constructor, and execute arbitrary host JavaScript. ### Details The vulnerability is in the property a

thehackerwire@mastodon.social at 2026-05-28T19:02:01.000Z ##

🔴 CVE-2026-43898 - Critical (10)

SandboxJS is a JavaScript sandboxing library. Prior to 0.9.6, sandbox-defined functions expose Function.caller, allowing sandboxed code to recover the internal LispType.Call runtime callback. That callback can then be invoked with attacker-control...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-43898/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-28910
(3.3 LOW)

EPSS: 0.01%

updated 2026-05-13T00:49:16

1 posts

This issue was addressed with improved permissions checking. This issue is fixed in macOS Tahoe 26.4. A malicious app may be able to access arbitrary files.

mysk@mastodon.social at 2026-05-28T14:04:21.000Z ##

We had lengthy discussions explaining the bug to Apple. It was clear to us the bug was new to Apple Product Security. After 5 months, they informed us that the report was treated as a duplicate and it was addressed.
We just got this update for CVE-2026-28910: No bounty

You can read the full blog post (aka charity work for a 4-trillion-dollar company) highlighting this bug here:

https://mysk.blog/2026/05/19/cve-2026-28910/

#apple #privacy #macos #infosec #security

##

CVE-2026-44650
(9.1 CRITICAL)

EPSS: 0.08%

updated 2026-05-12T22:23:47

2 posts

## Summary `POST /api/extensions/delete` endpoint accepts `extensionName: "."` which bypasses `sanitize-filename` validation, causing the entire user extensions directory to be recursively deleted. No authentication is required in the default configuration. ## Affected File `src/endpoints/extensions.js` (last modified: commit `3ad9b05e2`) ## Root Cause The validation check occurs **before**

thehackerwire@mastodon.social at 2026-05-30T01:00:13.000Z ##

🔴 CVE-2026-44650 - Critical (9.1)

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, POST /api/extensions/delete endpoint accepts ex...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44650/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-30T01:00:13.000Z ##

🔴 CVE-2026-44650 - Critical (9.1)

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, POST /api/extensions/delete endpoint accepts ex...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44650/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-44649
(9.8 CRITICAL)

EPSS: 0.07%

updated 2026-05-12T22:23:33

2 posts

## Resolution SillyTavern 1.18.0 now includes a configuration option to limit which IP addresses can authorize using SSO headers, limiting to just loopback addresses by default. A setting can be customized according to user's needs. Documentation: https://docs.sillytavern.app/administration/sso/ ## Summary SillyTavern accepts `Remote-User` (Authelia) and `X-Authentik-Username` (Authentik) HTTP

thehackerwire@mastodon.social at 2026-05-30T01:00:02.000Z ##

🔴 CVE-2026-44649 - Critical (9.8)

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern accepts Remote-User (Authelia) and ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44649/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-30T01:00:02.000Z ##

🔴 CVE-2026-44649 - Critical (9.8)

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern accepts Remote-User (Authelia) and ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44649/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40369
(7.8 HIGH)

EPSS: 0.01%

updated 2026-05-12T18:30:50

1 posts

Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.

4 repos

https://github.com/ercihan/CVE-2026-40369

https://github.com/piffd0s/ntoskrnl-metadata

https://github.com/orinimron123/CVE-2026-40369-EXPLOIT

https://github.com/Joe1sn/CVE_2026_40369

kallisti@infosec.exchange at 2026-05-29T19:30:22.000Z ##

CVE-2026-40369 seems fun...

##

CVE-2026-39987
(9.8 CRITICAL)

EPSS: 82.17%

updated 2026-04-23T20:15:29.690000

4 posts

marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSocket endpoints (e.g., /ws) that correctly call validate_auth() for authentication, the /terminal/ws endpo

Nuclei template

11 repos

https://github.com/fevar54/marimo_CVE-2026-39987_RCE_PoC

https://github.com/keraattin/CVE-2026-39987

https://github.com/0xdeadroot/CVE-2026-39987-marimo-rce

https://github.com/mki9/CVE-2026-39987_exploit

https://github.com/HORKimhab/CVE-2026-39987

https://github.com/h3raklez/CVE-2026-39987

https://github.com/Nxploited/CVE-2026-39987

https://github.com/Dhiaelhak-Rached/CVE-2026-39987-lab-or-marimo-cve-lab

https://github.com/M3PH1569/CVE-2026-39987-POC

https://github.com/0xBlackash/CVE-2026-39987

https://github.com/rootdirective-sec/CVE-2026-39987-Lab

securitycyber at 2026-05-31T00:40:14.326Z ##

A new authentication bypass vulnerability (CVE-2026-39987, CVE-2026-39987) is being actively exploited in the wild. The target: LLM, Marimo. This is not a theoretical risk — attackers are already leveraging it.

This is not the first time a critical authentication bypass has been found in LLM, Marimo.

More at https://securitycyber.uk
Mastodon: https://infosec.exchange/@securitycyber
LinkedIn: https://www.linkedin.com/in/charlie-collins-sec
Bluesky: https://bsky.app/profile/securitycyberuk.bsky.social
Substack: https://securitycyber.substack.com
Discord: https://discord.gg/securitycyber

Recommended: https://www.hackthebox.com for practice, https://portswigger.net/web-security for free labs

##

Matchbook3469@mastodon.social at 2026-05-30T11:21:44.000Z ##

🔵 THREAT INTELLIGENCE

Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit

Vulnerability | CRITICAL
CVEs: CVE-2026-39987

An unknown threat actor has been observed using a large language model (LLM) agent to conduct post-compromise actions after obtaining initial access...

Full analysis:
https://www.yazoul.net/news/article/attackers-use-llm-agent-for-post-exploitation-after-marimo-cve-2026-39987-exploi

#CyberSecurity #APT #CyberNews

##

securitycyber@infosec.exchange at 2026-05-31T00:40:14.000Z ##

A new authentication bypass vulnerability (CVE-2026-39987, CVE-2026-39987) is being actively exploited in the wild. The target: LLM, Marimo. This is not a theoretical risk — attackers are already leveraging it.

This is not the first time a critical authentication bypass has been found in LLM, Marimo.

More at https://securitycyber.uk
Mastodon: https://infosec.exchange/@securitycyber
LinkedIn: https://www.linkedin.com/in/charlie-collins-sec
Bluesky: https://bsky.app/profile/securitycyberuk.bsky.social
Substack: https://securitycyber.substack.com
Discord: https://discord.gg/securitycyber

Recommended: https://www.hackthebox.com for practice, https://portswigger.net/web-security for free labs

##

LLMs@activitypub.awakari.com at 2026-05-29T14:39:00.000Z ## Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit TheHackerNews LLM-driven attackers exploited CVE-2026-39987 on May 10, 2026, to steal credentials and exfiltrate a ...

#Security #News

Origin | Interest | Match ##

CVE-2026-33825
(7.8 HIGH)

EPSS: 7.07%

updated 2026-04-23T19:05:04.173000

1 posts

Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.

5 repos

https://github.com/0xBlackash/CVE-2026-33825

https://github.com/Letlaka/redsun-bluehammer-undefend-detection-pack

https://github.com/Joe1sn/CVE-2026-33825

https://github.com/kaleth4/CVE-2026-33825

https://github.com/Bilal3755/Detecting_blue_hammer_vuln

sayzard@mastodon.sayzard.org at 2026-05-30T10:44:59.000Z ##

[마이크로소프트, 깃허브 계정 차단 후 윈도우 제로데이 공개 비판

마이크로소프트가 보안 연구원 'Chaotic Eclipse'의 깃허브 계정을 차단한 후, 연구원이 윈도우 제로데이 취약점(6개, 그 중 3개는 이미 악용 중) 세부 정보를 공개한 것에 대해 갈등이 발생하고 있다. 마이크로소프트는 공동 취약점 공개(CVD) 프로세스 준수와 협력을 강조하며 무단 공개를 비판했으나, 연구원은 마이크로소프트의 대응을 모욕적이라며 추가 폭로(7월 14일 예고)를 예고했다. 깃허브는 연구원의 계정을 차단한 후에도 익스플로잇 코드가 재업로드되자 새 계정까지 차단했다. 주요 취약점 중 블루해머(CVE-2026-33825), 레드썬(CVE-2026-41091), 언디펜드(CVE-2026-45498)가 악용 중이다.

https://news.hada.io/topic?id=30020

#zeroday #microsoft #github #securityresearch #bugbounty

##

CVE-2010-3035
(7.5 HIGH)

EPSS: 5.30%

updated 2026-04-22T15:40:53.840000

1 posts

Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers to cause a denial of service (peering reset) via a crafted prefix announcement, as demonstrated in the wild in August 2010 with attribute type code 99, aka Bug ID CSCti62211.

drmorrisj@mastodon.social at 2026-05-30T18:29:08.000Z ##

( ￣▽￣)
[DYNAMIC-IMPUTE] Patched CVE-2010-3035 -> Inferred CWE-20 (Mode: worst_case) -> Synthetic CVSS: 9.8
[DYNAMIC-IMPUTE] Patched CVE-2020-3259 -> Inferred CWE-200 (Mode: worst_case) -> Synthetic CVSS: 8.2
[DYNAMIC-IMPUTE] Patched CVE-2022-20821 -> Inferred CWE-20 (Mode: worst_case) -> Synthetic CVSS: 9.8
[DYNAMIC-IMPUTE] Patched CVE-2023-20198 -> Inferred CWE-420 (Mode: worst_case) -> Synthetic CVSS: 9.5
[DYNAMIC-IMPUTE] Patched CVE-2018-0179 -> Inferred CWE-399 (Mode: worst_case) -> ...

##

CVE-2026-40933
(9.9 CRITICAL)

EPSS: 0.07%

updated 2026-04-16T21:18:18

4 posts

### Summary Due to unsafe serialization of stdio commands in the MCP adapter, an authenticated attacker can add an MCP stdio server with an arbitrary command, achieving command execution. ### Details The vulnerability lies in a bug in the input sanitization from the “Custom MCP” configuration in http://localhost:3000/canvas - where any user can add a new MCP, when doing so - adding a new MCP usin

offseq at 2026-05-31T00:00:32.997Z ##

🚨 Exploit code for CRITICAL Flowise RCE (CVE-2026-40933) is public. Attackers can execute arbitrary code on self-hosted Flowise servers by tricking users into importing malicious chatflows. Restrict chatflow edits & imports until a patch lands. https://radar.offseq.com/threat/exploit-code-published-for-critical-flowise-rce-vu-ae84d042 #OffSeq #Flowise #RCE #infosec

##

netsecio@mastodon.social at 2026-05-30T18:24:16.000Z ##

📰 PoC Exploit Released for Critical 9.9 CVSS RCE Flaw in Flowise AI Platform

🔥 CRITICAL RCE in Flowise AI! A 9.9 CVSS flaw (CVE-2026-40933) allows takeover of self-hosted servers with one click. PoC exploit is public. Patch now! #RCE #Vulnerability #AI #Cybersecurity

🌐 cyber[.]netsecops[.]io

🔗 https://cyber.netsecops.io/articles/exploit-code-published-for-critical-rce-vulnerability-in-flowise-ai-platform/?utm_source=mastodon&utm_medium=social&utm_campaign=daily

##

offseq@infosec.exchange at 2026-05-31T00:00:32.000Z ##

🚨 Exploit code for CRITICAL Flowise RCE (CVE-2026-40933) is public. Attackers can execute arbitrary code on self-hosted Flowise servers by tricking users into importing malicious chatflows. Restrict chatflow edits & imports until a patch lands. https://radar.offseq.com/threat/exploit-code-published-for-critical-flowise-rce-vu-ae84d042 #OffSeq #Flowise #RCE #infosec

updated 2026-04-06T18:33:04

2 posts

A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.

Nuclei template

8 repos

https://github.com/BishopFox/CVE-2026-35616-check

https://github.com/HORKimhab/CVE-2026-35616

https://github.com/keraattin/CVE-2026-35616

https://github.com/fevar54/CVE-2026-35616-detector.py

https://github.com/fevar54/forticlient_ems_cve_2026_35616_poc.py

https://github.com/0xBlackash/CVE-2026-35616

https://github.com/Alaatk/CVE-2026-35616

https://github.com/wa6n3r/CVE-2026-35616

tierrasapiens@mastodon.social at 2026-05-31T00:01:08.000Z ##

🖲️ #Noticia de #CiberSeguridad #CiberGuerra #CiberAtaque #CiberNoticia
⚫ Explotan una vulnerabilidad de FortiClient EMS para distribuir malware (CVE-2026-35616)
🔗 http://blog.segu-info.com.ar/2026/05/explotan-una-vulnerabilidad-de.html

Los delincuentes están explotando una vulnerabilidad de omisión de
autenticación (CVE-2026-35616) en FortiClient Enterprise Management Server
(EMS) para distribuir un programa de robo de credenciales no documentado
llamado EKZ.

El atacante

##

jbhall56@infosec.exchange at 2026-05-29T12:28:02.000Z ##

The activity, observed by the cybersecurity company in May 2026, involves the exploitation of CVE-2026-35616 (CVSS score: 9.1), a critical pre-authentication API access bypass leading to privilege escalation. https://thehackernews.com/2026/05/threat-actors-exploit-critical.html

##

CVE-2026-4565
(8.8 HIGH)

EPSS: 0.10%

updated 2026-04-03T11:31:50.243000

1 posts

A vulnerability was detected in Tenda AC21 16.03.08.16. Impacted is the function formSetQosBand of the file /goform/SetNetControlList. Performing a manipulation of the argument list results in buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used.

2 repos

https://github.com/mistbarbarianspot/CVE-2026-45659-SharePoint-RCE

https://github.com/HORKimhab/CVE-2026-45659

hackmag@infosec.exchange at 2026-05-28T15:00:03.000Z ##

⚪️ Microsoft Fixes RCE Vulnerability in SharePoint

🗨️ Microsoft engineers have released out-of-band patches for an RCE vulnerability in SharePoint Server (CVE-2026-45659). The issue has a CVSS score of 8.8 and affects SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016. Exploiting it only requires…

🔗 https://hackmag.com/news/cve-2026-45659?utm_source=mastodon&utm_medium=social&utm_campaign=repost_hackmag_to_socials

#news

##

CVE-2026-3172
(8.1 HIGH)

EPSS: 0.06%

updated 2026-02-25T21:31:25

2 posts

Buffer overflow in parallel HNSW index build in pgvector 0.6.0 through 0.8.1 allows a database user to leak sensitive data from other relations or crash the database server.

mastokukei@social.josko.org at 2026-05-30T18:01:52.000Z ##

patches (CVE-2026-3172), pgvector fixes.
- **Rust ecosystem developments**: Zig 2026 updates (no-AI policy, GitHub migration), Rust 1.96 release, async runtime discussions, and idiomatic error handling.
- **Open-source security incidents**: GitHub "Megalodon" attack (5,500+ repos compromised), malicious npm packages (Laravel Lang, AntV), and supply chain risks.
- **Python/Django events and updates**: PyCon Italia 2026, DjangoCon US 2026 (Chicago, August 24–28), and talks on [2/3]

##

mastokukei@social.josko.org at 2026-05-30T09:01:59.000Z ##

other databases.
- **Rust ecosystem updates**: Rust 1.96 release, async runtime discussions, idiomatic error handling, GitHub migration, and no-AI policy adoption.
- **Open-source security incidents**: GitHub "Megalodon" attack (5,500+ repos compromised), malicious npm packages (e.g., Laravel Lang, AntV), and supply chain risks.
- **PostgreSQL updates**: PGConf.EU 2026 Call for Papers, security patches (CVE-2026-3172), pgvector fixes, and pgBackRest funding.
- **Vibe coding [2/3]

##

CVE-2026-20127
(10.0 CRITICAL)

EPSS: 54.80%

updated 2026-02-25T18:31:45

1 posts

A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. This vulnerability exists because the peering authentication mechanism in an affected system is not

7 repos

https://github.com/sfewer-r7/CVE-2026-20127

https://github.com/abrahamsurf/sdwan-scanner-CVE-2026-20127

https://github.com/gigachadusers/cve-2026-20127

https://github.com/randeepajayasekara/CVE-2026-20127

https://github.com/BugFor-Pings/CVE-2026-20127_EXP

https://github.com/zerozenxlabs/CVE-2026-20127---Cisco-SD-WAN-Preauth-RCE

https://github.com/yonathanpy/CVE-2026-20127-Cisco-SD-WAN-Preauth-RCE

drmorrisj@mastodon.social at 2026-05-30T18:30:57.000Z ##

(ノ-_-)ノ~┻━┻
Warning: CVE-2019-15271 (CWEs: ['CWE-502']) found no CAPEC relationships.
Warning: CVE-2020-3153 (CWEs: ['CWE-427']) found no CAPEC relationships.
Warning: CVE-2020-3433 (CWEs: ['CWE-427']) found no CAPEC relationships.
Warning: CVE-2023-20269 (CWEs: ['CWE-288', 'CWE-863']) found no CAPEC relationships.
Warning: CVE-2024-20353 (CWEs: ['CWE-835']) found no CAPEC relationships.
Warning: CVE-2025-20362 (CWEs: ['CWE-862']) found no CAPEC relationships.
Warning: CVE-2026-20127 (CWEs...

##

CVE-2026-24061
(9.8 CRITICAL)

EPSS: 91.12%

updated 2026-02-11T15:40:42.937000

1 posts

telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.

Nuclei template

66 repos

https://github.com/leonjza/inetutils-telnetd-auth-bypass

https://github.com/Lingzesec/CVE-2026-24061-GUI

https://github.com/r00tuser111/CVE-2026-24061

https://github.com/hackingyseguridad/root

https://github.com/JayGLXR/CVE-2026-24061-POC

https://github.com/SystemVll/CVE-2026-24061

https://github.com/buzz075/CVE-2026-24061

https://github.com/Mr-Zapi/CVE-2026-24061

https://github.com/Chocapikk/CVE-2026-24061

https://github.com/lavabyte/telnet-CVE-2026-24061

https://github.com/killsystema/scan-cve-2026-24061

https://github.com/0p5cur/CVE-2026-24061-POC

https://github.com/novitahk/Exploit-CVE-2026-24061

https://github.com/LucasPDiniz/CVE-2026-24061

https://github.com/MY0723/GNU-Inetutils-telnet-CVE-2026-24061-

https://github.com/h3athen/CVE-2026-24061

https://github.com/ibrahmsql/CVE-2026-24061-PoC

https://github.com/Remnant-DB/CVE-2026-24061

https://github.com/ekomsSavior/telnet_scan

https://github.com/BrainBob/CVE-2026-24061

https://github.com/dotelpenguin/telnetd_CVE-2026-24061_tester

https://github.com/shivam-bathla/CVE-2026-24061-setup

https://github.com/HD0x01/CVE-2026-24061-NSE

https://github.com/Gabs-hub/CVE-2026-24061_Lab

https://github.com/SafeBreach-Labs/CVE-2026-24061

https://github.com/tiborscholtz/CVE-2026-24061

https://github.com/balgan/CVE-2026-24061

https://github.com/0xBlackash/CVE-2026-24061

https://github.com/androidteacher/CVE-2026-24061-PoC-Telnetd

https://github.com/obrunolima1910/CVE-2026-24061

https://github.com/punitdarji/telnetd-cve-2026-24061

https://github.com/duy-31/CVE-2026-24061---telnetd

https://github.com/mbanyamer/CVE-2026-24061-GNU-Inetutils-telnetd-Remote-Authentication-Bypass-Root-Shell-

https://github.com/monstertsl/CVE-2026-24061

https://github.com/scumfrog/cve-2026-24061

https://github.com/m3ngx1ng/cve_2026_24061_cli

https://github.com/BrainBob/Telnet-TestVuln-CVE-2026-24061

https://github.com/X-croot/CVE-2026-24061_POC

https://github.com/ms0x08-dev/CVE-2026-24061-POC

https://github.com/parameciumzhang/Tell-Me-Root

https://github.com/canpilayda/inetutils-telnetd-cve-2026-24061

https://github.com/Ali-brarou/telnest

https://github.com/xuemian168/CVE-2026-24061

https://github.com/TryA9ain/CVE-2026-24061

https://github.com/midox008/CVE-2026-24061

https://github.com/0x7556/CVE-2026-24061

https://github.com/franckferman/CVE_2026_24061

https://github.com/FurkanKAYAPINAR/CVE-2026-24061-telnet2root

https://github.com/Parad0x7e/CVE-2026-24061

https://github.com/madfxr/Twenty-Three-Scanner

https://github.com/ridpath/Terrminus-CVE-2026-2406

https://github.com/z3n70/CVE-2026-24061

https://github.com/setuju/telnetd

https://github.com/cumakurt/tscan

https://github.com/hyu164/Terrminus-CVE-2026-2406

https://github.com/typeconfused/CVE-2026-24061

https://github.com/Mefhika120/Ashwesker-CVE-2026-24061

https://github.com/XsanFlip/CVE-2026-24061-Scanner

https://github.com/Alter-N0X/CVE-2026-24061-POC

https://github.com/0xXyc/telnet-inetutils-auth-bypass-CVE-2026-24061

https://github.com/SeptembersEND/CVE--2026-24061

https://github.com/przemytn/CVE-2026-24061

https://github.com/athack-ctf/chall2026-telneted

https://github.com/nrnw/CVE-2026-24061-GNU-inetutils-Telnet-Detector

https://github.com/infat0x/CVE-2026-24061

EPSS: 94.01%

updated 2025-10-28T13:59:32.787000

1 posts

Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list of fixed releases and adding the Software Checker. Our investigation has determined that the actors exploited two previously unknown issues. The attacker first exploited CVE-2023-20198 to gain initial access and issued a privilege 15 command

Nuclei template

35 repos

https://github.com/sohaibeb/CVE-2023-20198

https://github.com/djayaGit/cve-2023-20198-poc-cisco

https://github.com/W01fh4cker/CVE-2023-20198-RCE

https://github.com/sanan2004/CVE-2023-20198

https://github.com/IceBreakerCode/CVE-2023-20198

https://github.com/Shadow0ps/CVE-2023-20198-Scanner

https://github.com/AhmedMansour93/Event-ID-193-Rule-Name-SOC231-Cisco-IOS-XE-Web-UI-ZeroDay-CVE-2023-20198-

https://github.com/reket99/Cisco_CVE-2023-20198

https://github.com/RevoltSecurities/CVE-2023-20198

https://github.com/ohlawd/CVE-2023-20198

https://github.com/Pushkarup/CVE-2023-20198

https://github.com/alekos3/CVE_2023_20198_Detector

https://github.com/fox-it/cisco-ios-xe-implant-detection

https://github.com/raystr-atearedteam/CVE-2023-20198-checker

https://github.com/Gill-Singh-A/CVE-2023-20198-Exploit

https://github.com/Vulnmachines/Cisco_CVE-2023-20198

https://github.com/vulncheck-oss/cisco-ios-xe-implant-scanner

https://github.com/iveresk/cve-2023-20198

https://github.com/gustavorobertux/cisco-cve-2023-20198-checker

https://github.com/Tounsi007/CVE-2023-20198

https://github.com/Arshit01/CVE-2023-20198

https://github.com/smokeintheshell/CVE-2023-20198

https://github.com/mr-r3b00t/CVE-2023-20198-IOS-XE-Scanner

https://github.com/DOMINIC471/qub-network-security-cve-2023-20198

https://github.com/telly251/forwardnetworksdemo

https://github.com/G4sul1n/Cisco-IOS-XE-CVE-2023-20198

https://github.com/Atea-Redteam/CVE-2023-20198

https://github.com/ZephrFish/CVE-2023-20198-Checker

https://github.com/Religan/CVE-2023-20198

https://github.com/alekos3/CVE_2023_20198_Remediator

https://github.com/kacem-expereo/CVE-2023-20198

https://github.com/emomeni/Simple-Ansible-for-CVE-2023-20198

https://github.com/JoyGhoshs/CVE-2023-20198

https://github.com/securityphoenix/cisco-CVE-2023-20198-tester

https://github.com/netbell/CVE-2023-20198-Fix

drmorrisj@mastodon.social at 2026-05-30T18:29:08.000Z ##

( ￣▽￣)
[DYNAMIC-IMPUTE] Patched CVE-2010-3035 -> Inferred CWE-20 (Mode: worst_case) -> Synthetic CVSS: 9.8
[DYNAMIC-IMPUTE] Patched CVE-2020-3259 -> Inferred CWE-200 (Mode: worst_case) -> Synthetic CVSS: 8.2
[DYNAMIC-IMPUTE] Patched CVE-2022-20821 -> Inferred CWE-20 (Mode: worst_case) -> Synthetic CVSS: 9.8
[DYNAMIC-IMPUTE] Patched CVE-2023-20198 -> Inferred CWE-420 (Mode: worst_case) -> Synthetic CVSS: 9.5
[DYNAMIC-IMPUTE] Patched CVE-2018-0179 -> Inferred CWE-399 (Mode: worst_case) -> ...

##

CVE-2020-3259
(7.5 HIGH)

EPSS: 69.73%

updated 2025-10-28T13:57:45.773000

1 posts

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve memory contents on an affected device, which could lead to the disclosure of confidential information. The vulnerability is due to a buffer tracking issue when the software parses invalid URLs

drmorrisj@mastodon.social at 2026-05-30T18:29:08.000Z ##

( ￣▽￣)
[DYNAMIC-IMPUTE] Patched CVE-2010-3035 -> Inferred CWE-20 (Mode: worst_case) -> Synthetic CVSS: 9.8
[DYNAMIC-IMPUTE] Patched CVE-2020-3259 -> Inferred CWE-200 (Mode: worst_case) -> Synthetic CVSS: 8.2
[DYNAMIC-IMPUTE] Patched CVE-2022-20821 -> Inferred CWE-20 (Mode: worst_case) -> Synthetic CVSS: 9.8
[DYNAMIC-IMPUTE] Patched CVE-2023-20198 -> Inferred CWE-420 (Mode: worst_case) -> Synthetic CVSS: 9.5
[DYNAMIC-IMPUTE] Patched CVE-2018-0179 -> Inferred CWE-399 (Mode: worst_case) -> ...

##

CVE-2025-20362
(6.5 MEDIUM)

EPSS: 46.78%

updated 2025-10-22T00:34:26

1 posts

A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to access restricted URL endpoints without authentication that should otherwise be inaccessible without authentication. This vulnerability is due to improper validation of user-supplied i

Nuclei template

1 repos

https://github.com/curtishoughton/CVE-2025-20362-Cisco-Scanner

drmorrisj@mastodon.social at 2026-05-30T18:30:57.000Z ##

(ノ-_-)ノ~┻━┻
Warning: CVE-2019-15271 (CWEs: ['CWE-502']) found no CAPEC relationships.
Warning: CVE-2020-3153 (CWEs: ['CWE-427']) found no CAPEC relationships.
Warning: CVE-2020-3433 (CWEs: ['CWE-427']) found no CAPEC relationships.
Warning: CVE-2023-20269 (CWEs: ['CWE-288', 'CWE-863']) found no CAPEC relationships.
Warning: CVE-2024-20353 (CWEs: ['CWE-835']) found no CAPEC relationships.
Warning: CVE-2025-20362 (CWEs: ['CWE-862']) found no CAPEC relationships.
Warning: CVE-2026-20127 (CWEs...

##

CVE-2022-20821
(6.5 MEDIUM)

https://github.com/shubham0d/CVE-2020-3153

https://github.com/goichot/CVE-2020-3153

https://github.com/raspberry-pie/CVE-2020-3153

drmorrisj@mastodon.social at 2026-05-30T18:31:59.000Z ##

orz
Filtering 40 nodes for attack surface...
[MATH-GUARD] Warning: CVE-2019-15271 isolated from CAPEC. Applying unmapped floor: 2.2
[MATH-GUARD] Warning: CVE-2020-3153 isolated from CAPEC. Applying unmapped floor: 1.6
[MATH-GUARD] Warning: CVE-2020-3433 isolated from CAPEC. Applying unmapped floor: 1.9
[MATH-GUARD] Warning: CVE-2023-20269 isolated from CAPEC. Applying unmapped floor: 1.2
[MATH-GUARD] Warning: CVE-2024-20353 isolated from CAPEC. Applying unmapped floor: 2.1
[MATH-GUARD] ...

##

drmorrisj@mastodon.social at 2026-05-30T18:30:57.000Z ##

(ノ-_-)ノ~┻━┻
Warning: CVE-2019-15271 (CWEs: ['CWE-502']) found no CAPEC relationships.
Warning: CVE-2020-3153 (CWEs: ['CWE-427']) found no CAPEC relationships.
Warning: CVE-2020-3433 (CWEs: ['CWE-427']) found no CAPEC relationships.
Warning: CVE-2023-20269 (CWEs: ['CWE-288', 'CWE-863']) found no CAPEC relationships.
Warning: CVE-2024-20353 (CWEs: ['CWE-835']) found no CAPEC relationships.
Warning: CVE-2025-20362 (CWEs: ['CWE-862']) found no CAPEC relationships.
Warning: CVE-2026-20127 (CWEs...

##

CVE-2019-15271
(8.8 HIGH)

EPSS: 5.60%

updated 2025-10-22T00:31:49

2 posts

A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The attacker must have either a valid credential or an active session token. The vulnerability is due to lack of input validation of the HTTP payload. An attacker could exploit this vulnerability by

drmorrisj@mastodon.social at 2026-05-30T18:31:59.000Z ##

orz
Filtering 40 nodes for attack surface...
[MATH-GUARD] Warning: CVE-2019-15271 isolated from CAPEC. Applying unmapped floor: 2.2
[MATH-GUARD] Warning: CVE-2020-3153 isolated from CAPEC. Applying unmapped floor: 1.6
[MATH-GUARD] Warning: CVE-2020-3433 isolated from CAPEC. Applying unmapped floor: 1.9
[MATH-GUARD] Warning: CVE-2023-20269 isolated from CAPEC. Applying unmapped floor: 1.2
[MATH-GUARD] Warning: CVE-2024-20353 isolated from CAPEC. Applying unmapped floor: 2.1
[MATH-GUARD] ...

##

drmorrisj@mastodon.social at 2026-05-30T18:30:57.000Z ##

(ノ-_-)ノ~┻━┻
Warning: CVE-2019-15271 (CWEs: ['CWE-502']) found no CAPEC relationships.
Warning: CVE-2020-3153 (CWEs: ['CWE-427']) found no CAPEC relationships.
Warning: CVE-2020-3433 (CWEs: ['CWE-427']) found no CAPEC relationships.
Warning: CVE-2023-20269 (CWEs: ['CWE-288', 'CWE-863']) found no CAPEC relationships.
Warning: CVE-2024-20353 (CWEs: ['CWE-835']) found no CAPEC relationships.
Warning: CVE-2025-20362 (CWEs: ['CWE-862']) found no CAPEC relationships.
Warning: CVE-2026-20127 (CWEs...

##

CVE-2019-1385
(7.8 HIGH)

EPSS: 0.49%

updated 2025-10-22T00:31:48

4 posts

An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges.The security update addresses the vulnerability by correcting how AppX Deployment Extensions manages p

briankrebs at 2026-05-30T14:24:48.101Z ##

This person has been a prolific bug finder for quite some time. Here's their public HackerOne profile: https://hackerone.com/halove23/hacktivity?type=user

Reading their Xitter timeline over the years is pretty interesting. They went from working w/ a lot of these bug bounty programs and giving MS time to fix stuff beyond the usual 90-day window to increasing frustration in dealing w/ vendors. I wish that were less of a common experience than it still is today, but some dynamics in this industry never seem to change.

Also just noticed something interesting. Back in 2019, MS was including hyperlinks to researchers in their advisories. In this advisory, they actually link to the researcher's shitposting Facebook profile, which has posts up until this month.

https://www.facebook.com/com.android.vending

https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2019-1385

##

briankrebs at 2026-05-30T03:02:29.837Z ##

RE: https://c.im/@cdarwin/116660769695837565

One reason that Microsoft might be issuing such harshly worded language here to describe the researcher may be that, according to Nightmare Eclipse, they until recently worked as a security researcher at Microsoft.

Scroll back far enough through their Xitter account (to June 2020) and you will see they claimed CVE-2019-1385 was theirs.

On July 1, 2021, Nightmare Eclipse complained that Microsoft failed to fix one of the weaknesses they reported in CVE-2021-24084. Microsoft credits both of these flaws to the same researcher, whose LinkedIn account says they are in Germany and worked full time at Microsoft from Sept. 2022 to June 2025.

For the record, I think @GossiTheDog called it that this person was a former MS employee.

https://x.com/ChaoticEclipse0/with_replies

##

briankrebs@infosec.exchange at 2026-05-30T14:24:48.000Z ##

This person has been a prolific bug finder for quite some time. Here's their public HackerOne profile: https://hackerone.com/halove23/hacktivity?type=user

Reading their Xitter timeline over the years is pretty interesting. They went from working w/ a lot of these bug bounty programs and giving MS time to fix stuff beyond the usual 90-day window to increasing frustration in dealing w/ vendors. I wish that were less of a common experience than it still is today, but some dynamics in this industry never seem to change.

Also just noticed something interesting. Back in 2019, MS was including hyperlinks to researchers in their advisories. In this advisory, they actually link to the researcher's shitposting Facebook profile, which has posts up until this month.

https://www.facebook.com/com.android.vending

https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2019-1385

##

briankrebs@infosec.exchange at 2026-05-30T03:02:29.000Z ##

RE: https://c.im/@cdarwin/116660769695837565

EPSS: 3.38%

updated 2025-02-03T18:31:45

1 posts

A stack-buffer overflow vulnerability exists in all versions of sngrep since v1.4.1. The flaw is due to inadequate bounds checking when copying 'Content-Length' and 'Warning' headers into fixed-size buffers in the sip_validate_packet and sip_parse_extra_headers functions within src/sip.c. This vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via cr

hugovalters@mastodon.social at 2026-05-30T23:12:47.000Z ##

CVE-2024-3120 - Critical buffer overflow in Sngrep (v1.4.1+). RCE/DoS via crafted SIP messages. CVSS 9.0. No patch available. Disable or restrict access immediately. #CVE #infosec #cybersecurity

https://www.valtersit.com/cve/CVE-2024-3120/

##

CVE-2025-0066
(9.9 CRITICAL)

EPSS: 0.09%

updated 2025-01-14T03:31:48

1 posts

Under certain conditions SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework) allows an attacker to access restricted information due to weak access controls. This can have a significant impact on the confidentiality, integrity, and availability of an application

hugovalters@mastodon.social at 2026-05-28T23:07:21.000Z ##

CVE-2025-0066 — Critical supply chain attack in SAP NetWeaver AS for ABAP. Weak access controls allow info disclosure, impacting confidentiality, integrity, and availability. CVSS 9.9. Unpatched. Act now to mitigate risk. #CVE #SAP #infosec

https://www.valtersit.com/cve/CVE-2025-0066/

##

CVE-2021-24084
(5.5 MEDIUM)

EPSS: 3.49%

updated 2024-11-21T05:52:19.237000

2 posts

Windows Mobile Device Management Information Disclosure Vulnerability

2 repos

https://github.com/exploitblizzard/WindowsMDM-LPE-0Day

https://github.com/Jeromeyoung/CVE-2021-24084

briankrebs at 2026-05-30T03:02:29.837Z ##

RE: https://c.im/@cdarwin/116660769695837565

One reason that Microsoft might be issuing such harshly worded language here to describe the researcher may be that, according to Nightmare Eclipse, they until recently worked as a security researcher at Microsoft.

Scroll back far enough through their Xitter account (to June 2020) and you will see they claimed CVE-2019-1385 was theirs.

On July 1, 2021, Nightmare Eclipse complained that Microsoft failed to fix one of the weaknesses they reported in CVE-2021-24084. Microsoft credits both of these flaws to the same researcher, whose LinkedIn account says they are in Germany and worked full time at Microsoft from Sept. 2022 to June 2025.

For the record, I think @GossiTheDog called it that this person was a former MS employee.

https://x.com/ChaoticEclipse0/with_replies

##

briankrebs@infosec.exchange at 2026-05-30T03:02:29.000Z ##

updated 2024-08-12T18:30:47

2 posts

There is a vulnerability in the AP Certificate Management Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.

hugovalters@mastodon.social at 2026-05-30T09:05:15.000Z ##

CVE-2024-42395 - Critical RCE in AP Certificate Management Service. Unauthenticated RCE, CVSS 9.8. Exploitation leads to full system compromise. Patch status unknown, monitor for updates urgently. #CVE #infosec #cybersecurity

https://www.valtersit.com/cve/CVE-2024-42395/

##

hugovalters@mastodon.social at 2026-05-30T09:05:15.000Z ##

CVE-2024-42395 - Critical RCE in AP Certificate Management Service. Unauthenticated RCE, CVSS 9.8. Exploitation leads to full system compromise. Patch status unknown, monitor for updates urgently. #CVE #infosec #cybersecurity

https://www.valtersit.com/cve/CVE-2024-42395/

##

CVE-2024-27143
(9.8 CRITICAL)

EPSS: 0.19%

updated 2024-07-04T06:35:02

1 posts

Toshiba printers use SNMP for configuration. Using the private community, it is possible to remotely execute commands as root on the remote printer. Using this vulnerability will allow any attacker to get a root access on a remote Toshiba printer. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability

hugovalters@mastodon.social at 2026-05-30T14:07:32.000Z ##

CVE-2024-27143 - Critical RCE in Toshiba printers via SNMP private community. Attackers can execute commands as root. CVSS 9.8. Unpatched. Update firmware immediately. #CVE #Toshiba #infosec

https://www.valtersit.com/cve/CVE-2024-27143/

##

CVE-2026-9558
(0 None)

EPSS: 0.20%

2 posts

N/A

thehackerwire@mastodon.social at 2026-05-31T01:00:06.000Z ##

🔴 CVE-2026-9558 - Critical (9.9)

A Server-Side Template Injection (SSTI) vulnerability exists in Mautic's theme engine. The platform renders uploaded Twig templates without a sandbox or strict function restrictions. Authenticated users with permissions to create or upload themes ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-9558/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-31T01:00:06.000Z ##

🔴 CVE-2026-9558 - Critical (9.9)

A Server-Side Template Injection (SSTI) vulnerability exists in Mautic's theme engine. The platform renders uploaded Twig templates without a sandbox or strict function restrictions. Authenticated users with permissions to create or upload themes ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-9558/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-9559
(0 None)

EPSS: 0.21%

2 posts

N/A

thehackerwire@mastodon.social at 2026-05-31T00:00:17.000Z ##

🔴 CVE-2026-9559 - Critical (9.9)

A path traversal vulnerability exists in the campaign import feature of Mautic 7. When extracting uploaded ZIP files during campaign imports, a flaw in the validation logic allows file paths to escape the intended temporary directories. An authent...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-9559/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-31T00:00:17.000Z ##

🔴 CVE-2026-9559 - Critical (9.9)

A path traversal vulnerability exists in the campaign import feature of Mautic 7. When extracting uploaded ZIP files during campaign imports, a flaw in the validation logic allows file paths to escape the intended temporary directories. An authent...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-9559/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-45312
(0 None)

EPSS: 0.05%

2 posts

N/A

thehackerwire@mastodon.social at 2026-05-31T00:00:06.000Z ##

🔴 CVE-2026-45312 - Critical (9.9)

RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In 0.24.0 and earlier, a Jinja2 template injection in the prompt generator (rag/prompts/generator.py) allows any authenticated user to execute arbitrary OS commands on the serv...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45312/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-31T00:00:06.000Z ##

🔴 CVE-2026-45312 - Critical (9.9)

RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In 0.24.0 and earlier, a Jinja2 template injection in the prompt generator (rag/prompts/generator.py) allows any authenticated user to execute arbitrary OS commands on the serv...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45312/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-48095
(0 None)

EPSS: 0.00%

3 posts

N/A

1 repos

https://github.com/HORKimhab/CVE-2026-48095

techokami@woof.tech at 2026-05-30T22:22:35.000Z ##

oh no https://socprime.com/blog/cve-2026-48095-7-zip-heap-overflow-flaw/
Fixed version is 26.01, the version of 7z on my Fedora 43 system is 25.01, do I need to upgrade to Fedora 44 to get the fix?

##

techokami@woof.tech at 2026-05-30T22:22:35.000Z ##

oh no https://socprime.com/blog/cve-2026-48095-7-zip-heap-overflow-flaw/
Fixed version is 26.01, the version of 7z on my Fedora 43 system is 25.01, do I need to upgrade to Fedora 44 to get the fix?

##

tomshw@mastodon.social at 2026-05-28T12:10:12.000Z ##

🔒 7-Zip ha corretto una falla critica, ma chi non aggiorna resta esposto: verifica la versione e installa subito l’ultima release. #Cybersecurity #7Zip

🔗 https://www.tomshw.it/hardware/7-zip-falla-cve-2026-48095-esecuzione-codice

##

CVE-2026-45629
(0 None)

EPSS: 0.23%

2 posts

N/A

thehackerwire@mastodon.social at 2026-05-30T17:01:19.000Z ##

🔴 CVE-2026-45629 - Critical (9.9)

Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.28.8 and earlier, authenticated OS command injection in the /listen-deployment WebSocket endpoint allows any organization member to execute arbitrary system commands on remote ser...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45629/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-30T17:01:19.000Z ##

🔴 CVE-2026-45629 - Critical (9.9)

Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.28.8 and earlier, authenticated OS command injection in the /listen-deployment WebSocket endpoint allows any organization member to execute arbitrary system commands on remote ser...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45629/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-47187
(0 None)

EPSS: 0.00%

2 posts

N/A

harrysintonen at 2026-05-30T12:30:51.658Z ##

CVE-2026-47187: Symlink escape - rogue SFTP server -> local file read/write
Severity: Critical (CVSS 9.3, CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N)
CWE: CWE-59 (Improper Link Resolution Before File Access)

A rogue SFTP server can return symlink targets (absolute paths or relative "../../../" escapes) that sshfs passes to the kernel unchanged. The kernel resolves them on the client's local filesystem, so an ordinary "cp" through the mountpoint can read local files back to the server or write server-controlled bytes to local files. transform_symlinks does not cover relative targets.

https://www.openwall.com/lists/oss-security/2026/05/30/3

#CVE_2026_47187

##

harrysintonen@infosec.exchange at 2026-05-30T12:30:51.000Z ##

CVE-2026-47187: Symlink escape - rogue SFTP server -> local file read/write
Severity: Critical (CVSS 9.3, CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N)
CWE: CWE-59 (Improper Link Resolution Before File Access)

A rogue SFTP server can return symlink targets (absolute paths or relative "../../../" escapes) that sshfs passes to the kernel unchanged. The kernel resolves them on the client's local filesystem, so an ordinary "cp" through the mountpoint can read local files back to the server or write server-controlled bytes to local files. transform_symlinks does not cover relative targets.

https://www.openwall.com/lists/oss-security/2026/05/30/3

#CVE_2026_47187

##

CVE-2025-60486
(0 None)

EPSS: 0.00%

2 posts

N/A

sigdevel at 2026-05-30T08:19:16.458Z ##

Security Advisory: CVE-2025-60486 - Use-After-Free in GPAC/MP4Box

Processing a crafted MPEG-2 Transport Stream file with corrupted PMT descriptors triggers a heap use-after-free in `dasher_process`, causing MP4Box to crash and potentially enabling arbitrary code execution.

Summary:
The `dasher_configure_pid` function in `filters/dasher.c` frees a PID context structure at line 976 when reconfiguring a stream. The freed pointer is not cleared, and `dasher_process` subsequently accesses the same memory at line 9445 during the next processing cycle. A crafted MPEG-2 TS file with repeated sync marker violations, broken PMT descriptors, and conflicting PIDs triggers this reconfiguration sequence, leading to a READ of 4 bytes into freed heap memory.

CWE:
CWE-416 - Use After Free

Affected Component:
```
filters/dasher.c:9445
Function: dasher_process()
```

Affected Product:
MP4Box (GPAC Multimedia Open Source Project)

Affected Version:
2.5-DEV-rev1665-g3f20eb0cd-master; commit `3f20eb0cd22116367c036e6ffe6ace299b38d686`. Any codebase equivalent to this commit that has not applied the fix commit is affected.

Attack Conditions:
An attacker supplies a crafted MPEG-2 TS file containing missing sync markers, corrupted PMT descriptor sizes, and conflicting PID assignments. Local access is required; the victim must invoke `MP4Box -dash 100 <crafted_file>` or any equivalent DASH segmentation command that triggers PID reconfiguration in the dasher module.

Impact:
The use-after-free (READ of size 4 at 316 bytes into a freed 1096-byte heap region) causes process termination, resulting in Denial of Service. Code execution cannot be ruled out; use-after-free vulnerabilities can allow an attacker to control freed memory contents and redirect execution flow.

Fix / mitigation status:
The fix ensures the stale PID context pointer in `dasher_configure_pid` is cleared after the region is freed so that `dasher_process` cannot access it. Users should upgrade to the release containing commit `e6d01820d7bf3967d931fedb379ee5f209bc133b` or apply that patch directly.

References

- Issue: https://github.com/gpac/gpac/issues/3314
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/53/53_dasher_process_filters_dasher_c_9445
- Fix: https://github.com/gpac/gpac/commit/e6d01820d7bf3967d931fedb379ee5f209bc133b

Credit
@sigdevel

#fuzzing #infosec #security #afl #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory

##

sigdevel@infosec.exchange at 2026-05-30T08:19:16.000Z ##

Security Advisory: CVE-2025-60486 - Use-After-Free in GPAC/MP4Box

Processing a crafted MPEG-2 Transport Stream file with corrupted PMT descriptors triggers a heap use-after-free in `dasher_process`, causing MP4Box to crash and potentially enabling arbitrary code execution.

Summary:
The `dasher_configure_pid` function in `filters/dasher.c` frees a PID context structure at line 976 when reconfiguring a stream. The freed pointer is not cleared, and `dasher_process` subsequently accesses the same memory at line 9445 during the next processing cycle. A crafted MPEG-2 TS file with repeated sync marker violations, broken PMT descriptors, and conflicting PIDs triggers this reconfiguration sequence, leading to a READ of 4 bytes into freed heap memory.

CWE:
CWE-416 - Use After Free

Affected Component:
```
filters/dasher.c:9445
Function: dasher_process()
```

Affected Product:
MP4Box (GPAC Multimedia Open Source Project)

Affected Version:
2.5-DEV-rev1665-g3f20eb0cd-master; commit `3f20eb0cd22116367c036e6ffe6ace299b38d686`. Any codebase equivalent to this commit that has not applied the fix commit is affected.

Attack Conditions:
An attacker supplies a crafted MPEG-2 TS file containing missing sync markers, corrupted PMT descriptor sizes, and conflicting PID assignments. Local access is required; the victim must invoke `MP4Box -dash 100 <crafted_file>` or any equivalent DASH segmentation command that triggers PID reconfiguration in the dasher module.

Impact:
The use-after-free (READ of size 4 at 316 bytes into a freed 1096-byte heap region) causes process termination, resulting in Denial of Service. Code execution cannot be ruled out; use-after-free vulnerabilities can allow an attacker to control freed memory contents and redirect execution flow.

Fix / mitigation status:
The fix ensures the stale PID context pointer in `dasher_configure_pid` is cleared after the region is freed so that `dasher_process` cannot access it. Users should upgrade to the release containing commit `e6d01820d7bf3967d931fedb379ee5f209bc133b` or apply that patch directly.

References

- Issue: https://github.com/gpac/gpac/issues/3314
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/53/53_dasher_process_filters_dasher_c_9445
- Fix: https://github.com/gpac/gpac/commit/e6d01820d7bf3967d931fedb379ee5f209bc133b

Credit
@sigdevel

#fuzzing #infosec #security #afl #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory

##

CVE-2025-60485
(0 None)

EPSS: 0.00%

2 posts

N/A

sigdevel at 2026-05-30T08:07:33.564Z ##

Security Advisory: CVE-2025-60485 - NULL Pointer Dereference in GPAC/MP4Box

Processing a crafted MP4 file with corrupted `esds` boxes and incomplete box structures triggers a NULL pointer dereference in `gf_isom_apple_set_tag_ex`, causing MP4Box to crash.

Summary:
The `gf_isom_apple_set_tag_ex` function in `isomedia/isom_write.c` is called during muxer tag setup to write Apple metadata tags into the output file. When the input MP4 contains an invalid `esds` descriptor (tag 3, truncated size) and an incomplete box structure, the function receives an unvalidated NULL pointer and dereferences it (READ at address 0x0) without a prior NULL check, terminating the process with SIGSEGV.

CWE:
CWE-476 - NULL Pointer Dereference

Affected Component:
```
isomedia/isom_write.c:6309
Function: gf_isom_apple_set_tag_ex()

filters/mux_isom.c:841
Function: mp4_mux_set_tags()
```

Affected Product:
MP4Box (GPAC Multimedia Open Source Project)

Affected Version:
2.5-DEV-rev1687-ge44a4e2b0-master; commit `e44a4e2b0d193566619ada71599e70255699da94`. Any codebase equivalent to this commit that has not applied the fix commit is affected.

Attack Conditions:
An attacker supplies a crafted MP4 file containing a corrupted `esds` box (invalid descriptor sizes) and incomplete box structures. Local access is required; the victim must invoke `MP4Box -add <crafted_file>` or any equivalent MP4Box operation that triggers the muxer PID setup and tag-writing path.

Impact:
The NULL pointer dereference (READ at address 0x000000000000) causes an immediate process crash, resulting in Denial of Service. No evidence of arbitrary code execution was observed; the faulting access is a NULL read that is not exploitable for control-flow hijacking.

Fix / mitigation status:
The fix adds a NULL check for the tag pointer before dereferencing it in `gf_isom_apple_set_tag_ex`. Users should upgrade to the release containing commit `4860a1a6f128ccc9ae37b4b738d22029f9672457` or apply that patch directly.

References

- Issue: https://github.com/gpac/gpac/issues/3323
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/52/52_gf_isom_apple_set_tag_ex_isomedia_isom_write_c_6309
- Fix: https://github.com/gpac/gpac/commit/4860a1a6f128ccc9ae37b4b738d22029f9672457

Credit
@sigdevel

#fuzzing #infosec #security #afl #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory

##

sigdevel@infosec.exchange at 2026-05-30T08:07:33.000Z ##

Security Advisory: CVE-2025-60485 - NULL Pointer Dereference in GPAC/MP4Box

Processing a crafted MP4 file with corrupted `esds` boxes and incomplete box structures triggers a NULL pointer dereference in `gf_isom_apple_set_tag_ex`, causing MP4Box to crash.

Summary:
The `gf_isom_apple_set_tag_ex` function in `isomedia/isom_write.c` is called during muxer tag setup to write Apple metadata tags into the output file. When the input MP4 contains an invalid `esds` descriptor (tag 3, truncated size) and an incomplete box structure, the function receives an unvalidated NULL pointer and dereferences it (READ at address 0x0) without a prior NULL check, terminating the process with SIGSEGV.

CWE:
CWE-476 - NULL Pointer Dereference

Affected Component:
```
isomedia/isom_write.c:6309
Function: gf_isom_apple_set_tag_ex()

filters/mux_isom.c:841
Function: mp4_mux_set_tags()
```

Affected Product:
MP4Box (GPAC Multimedia Open Source Project)

Affected Version:
2.5-DEV-rev1687-ge44a4e2b0-master; commit `e44a4e2b0d193566619ada71599e70255699da94`. Any codebase equivalent to this commit that has not applied the fix commit is affected.

Attack Conditions:
An attacker supplies a crafted MP4 file containing a corrupted `esds` box (invalid descriptor sizes) and incomplete box structures. Local access is required; the victim must invoke `MP4Box -add <crafted_file>` or any equivalent MP4Box operation that triggers the muxer PID setup and tag-writing path.

Impact:
The NULL pointer dereference (READ at address 0x000000000000) causes an immediate process crash, resulting in Denial of Service. No evidence of arbitrary code execution was observed; the faulting access is a NULL read that is not exploitable for control-flow hijacking.

Fix / mitigation status:
The fix adds a NULL check for the tag pointer before dereferencing it in `gf_isom_apple_set_tag_ex`. Users should upgrade to the release containing commit `4860a1a6f128ccc9ae37b4b738d22029f9672457` or apply that patch directly.

References

- Issue: https://github.com/gpac/gpac/issues/3323
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/52/52_gf_isom_apple_set_tag_ex_isomedia_isom_write_c_6309
- Fix: https://github.com/gpac/gpac/commit/4860a1a6f128ccc9ae37b4b738d22029f9672457

Credit
@sigdevel

#fuzzing #infosec #security #afl #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory

##

CVE-2026-45633
(0 None)

EPSS: 0.24%

2 posts

N/A

thehackerwire@mastodon.social at 2026-05-30T04:00:20.000Z ##

🔴 CVE-2026-45633 - Critical (9.9)

Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.6 and earlier, Dokploy contains a command injection vulnerability in the /docker-container-logs WebSocket endpoint. The tail and since parameters are not validated and are dire...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45633/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-30T04:00:20.000Z ##

🔴 CVE-2026-45633 - Critical (9.9)

Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.6 and earlier, Dokploy contains a command injection vulnerability in the /docker-container-logs WebSocket endpoint. The tail and since parameters are not validated and are dire...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45633/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-45632
(0 None)

EPSS: 0.04%

2 posts

N/A

thehackerwire@mastodon.social at 2026-05-30T04:00:08.000Z ##

🔴 CVE-2026-45632 - Critical (9.9)

Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.7 and earlier, the schedule router does not enforce organization/role checks. As a result, any authenticated user can create, update, run, or delete schedules belonging to othe...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45632/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-30T04:00:08.000Z ##

🔴 CVE-2026-45632 - Critical (9.9)

Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.7 and earlier, the schedule router does not enforce organization/role checks. As a result, any authenticated user can create, update, run, or delete schedules belonging to othe...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45632/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-45630
(0 None)

EPSS: 0.18%

2 posts

N/A

thehackerwire@mastodon.social at 2026-05-30T03:00:11.000Z ##

🔴 CVE-2026-45630 - Critical (9)

Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.28.8 and earlier, authenticated OS command injection in the application.updateTraefikConfig tRPC endpoint allows admin/owner users to execute arbitrary system commands on remote s...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45630/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-30T03:00:11.000Z ##

🔴 CVE-2026-45630 - Critical (9)

Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.28.8 and earlier, authenticated OS command injection in the application.updateTraefikConfig tRPC endpoint allows admin/owner users to execute arbitrary system commands on remote s...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45630/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-44421
(0 None)

EPSS: 0.05%

2 posts

N/A

thehackerwire@mastodon.social at 2026-05-29T22:00:09.000Z ##

🟠 CVE-2026-44421 - High (8.8)

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client by sending crafted RDPGFX PDUs. The bug is in gdi_CacheToSurface: it validates ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44421/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-29T22:00:09.000Z ##

🟠 CVE-2026-44421 - High (8.8)

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client by sending crafted RDPGFX PDUs. The bug is in gdi_CacheToSurface: it validates ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44421/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-44420
(0 None)

EPSS: 0.02%

2 posts

N/A

thehackerwire@mastodon.social at 2026-05-29T21:01:20.000Z ##

🟠 CVE-2026-44420 - High (8.8)

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP client can trigger a heap-buffer-overflow write in FreeRDP's server-side clipboard (cliprdr) channel by sending a CB_CLIP_CAPS PDU with a too-small c...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44420/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-29T21:01:20.000Z ##

🟠 CVE-2026-44420 - High (8.8)

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP client can trigger a heap-buffer-overflow write in FreeRDP's server-side clipboard (cliprdr) channel by sending a CB_CLIP_CAPS PDU with a too-small c...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44420/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-45372
(0 None)

EPSS: 0.04%

2 posts

N/A

thehackerwire@mastodon.social at 2026-05-29T21:01:00.000Z ##

🔴 CVE-2026-45372 - Critical (9.9)

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, when cpp-httplib's server parses an incoming request, it applies percent-decoding to every header value except Location and Referer. The validity ch...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45372/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-05-29T21:01:00.000Z ##

🔴 CVE-2026-45372 - Critical (9.9)

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, when cpp-httplib's server parses an incoming request, it applies percent-decoding to every header value except Location and Referer. The validity ch...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45372/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-55664
(0 None)

EPSS: 0.00%

1 posts

N/A

sigdevel@infosec.exchange at 2026-05-29T18:20:23.000Z ##

Security Advisory: CVE-2025-55664 - Heap-based Buffer Overflow in GPAC/MP4Box

Processing a crafted MPEG-2 Transport Stream file with corrupted packet structures triggers a heap buffer overflow in `m2tsdmx_send_packet`, causing MP4Box to crash and potentially enabling arbitrary code execution.

Summary:
The `m2tsdmx_send_packet` function in `filters/dmx_m2ts.c` performs a `memcpy` whose size argument is derived from stream-controlled data without validation. A crafted MPEG-2 TS file with missing sync markers, corrupted PMT descriptors, and PID conflicts can cause the size to wrap to 4294967295 (0xFFFFFFFF), triggering a `memcpy` that reads and writes 4 GB of heap memory starting one byte past the end of a 183-byte allocated region.

CWE:
CWE-122 - Heap-based Buffer Overflow

Affected Component

```
filters/dmx_m2ts.c:916
Function: m2tsdmx_send_packet()
```

Affected Product:
MP4Box (GPAC Multimedia Open Source Project)

Affected Version:
2.5-DEV-rev1644-g8e3b5e1dd-master; commit `8e3b5e1dde7b9ea041dbdc14456a5bb74a9851ea`. Any codebase equivalent to this commit that has not applied the fix commit is affected.

Attack Conditions:
An attacker supplies a specially crafted MPEG-2 TS file containing missing sync markers (0x47), corrupted PMT descriptor sizes, and conflicting PID assignments. Local access is required; the victim must invoke `MP4Box -dash 100 <crafted_file>` or any equivalent DASH segmentation command that triggers the MPEG-2 TS demuxer processing path.

Impact:
The heap buffer overflow (READ of size 4294967295, 1 byte past end of a 183-byte heap region) results in process termination, causing Denial of Service. Due to the write-capable nature of the oversized `memcpy`, arbitrary code execution cannot be ruled out.

Fix / mitigation status:
The fix adds size validation before the `memcpy` call in `m2tsdmx_send_packet` to reject stream-supplied sizes that exceed the allocated buffer. Users should upgrade to the release containing commit `9bd6a72c9efc0513dfd33b87498afc7658dabd26` or apply that patch directly.

References

- Issue: https://github.com/gpac/gpac/issues/3310
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/51/51_m2tsdmx_send_packet_filters_dmx_m2ts_c_916
- Fix: https://github.com/gpac/gpac/commit/9bd6a72c9efc0513dfd33b87498afc7658dabd26

Credit
@sigdevel

#fuzzing #infosec #security #afl #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory

##

CVE-2026-48710
(0 None)

EPSS: 0.03%

1 posts

N/A

3 repos

https://github.com/Bhanunamikaze/BadHost-CVE-2026-48710-Exploit

https://github.com/xtremebeing/starlette-host-header-lab

https://github.com/eris-ths/supply-chain-guard

lobsters@mastodon.social at 2026-05-29T18:00:16.000Z ##

CVE-2026-48710: A Maintainer's Perspective https://lobste.rs/s/xvdvko #python #security
https://marcelotryle.com/blog/2026/05/28/cve-2026-48710-a-maintainers-perspective/

##

CVE-2025-60481
(0 None)

EPSS: 0.00%

1 posts

N/A

sigdevel@infosec.exchange at 2026-05-29T17:58:24.000Z ##

Security Advisory: CVE-2025-60481 - Out-of-Bounds Read in GPAC/MP4Box

Processing a crafted AC-4 stream with an invalid `frame_rate_index` triggers an out-of-bounds read in `gf_odf_ac4_cfg_dsi_v1`, causing MP4Box to crash.

Summary:
The `gf_odf_ac4_cfg_dsi_v1` function in `odf/descriptors.c` uses a stream-supplied `frame_rate_index` to index into fixed-size lookup tables (`AC4_SAMPLE_DELTA_TABLE_48`, `AC4_MEDIA_TIMESCALE_48`). The function does not validate that the index is within bounds before performing the table lookup. A crafted AC-4 file carrying an out-of-range index (e.g., 15) causes an out-of-bounds read, ultimately resulting in a NULL dereference and process crash.

CWE:
CWE-125 - Out-of-bounds Read

Affected Component:

```
odf/descriptors.c:2179
Function: gf_odf_ac4_cfg_dsi_v1()
```

Affected Product:
MP4Box (GPAC Multimedia Open Source Project)

Affected Version:
2.5-DEV-rev1617-g856674b22-master; commit `856674b226d6cbe28a941ad223be38194cbf7d37`. Any codebase equivalent to this commit that has not applied the fix commit is affected.

Attack Conditions:
An attacker supplies a specially crafted AC-4 stream file containing an invalid `frame_rate_index` value. Local access is required; the victim must invoke `MP4Box -dash 100 <crafted_file>` or any equivalent DASH segmentation command that triggers the AC-4 configuration descriptor parsing path.

Impact:
The out-of-bounds read leads to an immediate process crash (SEGV READ at address 0x000000000000), resulting in Denial of Service. No evidence of arbitrary code execution was observed.

Fix / mitigation status:
The fix adds bounds validation for `frame_rate_index` before the fixed-size table lookups in `gf_odf_ac4_cfg_dsi_v1`. Users should upgrade to the release containing commit `13eb5b76560aaf7813b865a2ad433258478e2695` or apply that patch directly.

References

- Issue: https://github.com/gpac/gpac/issues/3303
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/50/50_gf_odf_ac4_cfg_dsi_v1_odf_descriptors_c_2179
- Fix: https://github.com/gpac/gpac/commit/13eb5b76560aaf7813b865a2ad433258478e2695

Credit
@sigdevel

#fuzzing #infosec #security #afl #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory

##

CVE-2025-60483
(0 None)

EPSS: 0.00%

1 posts

N/A

sigdevel@infosec.exchange at 2026-05-29T17:46:14.000Z ##

Security Advisory: CVE-2025-60483 - NULL Pointer Dereference in GPAC/MP4Box

Processing a crafted AC-4 stream triggers a NULL pointer dereference in `gf_ac4_pres_b_4_back_channels_present` when accessing presentation data with an invalid substream group index, causing MP4Box to crash.

Summary:
The `gf_ac4_pres_b_4_back_channels_present` function in `media_tools/av_parsers.c` accesses `pres->substream_groups` using an index derived from the stream. When a crafted AC-4 file specifies an invalid group index (e.g., group 4 that does not exist for presentation 0), the parser dereferences a NULL or near-NULL pointer at address 0x48 (72-byte struct offset) without first validating the pointer or the group index bounds. The process terminates with SIGSEGV.

CWE:
CWE-476 - NULL Pointer Dereference

Affected Component

```
media_tools/av_parsers.c:15703
Function: gf_ac4_pres_b_4_back_channels_present()
```

Affected Product:
MP4Box (GPAC Multimedia Open Source Project)

Affected Version:
2.5-DEV-rev1617-g856674b22-master; commit `856674b226d6cbe28a941ad223be38194cbf7d37`. Any codebase equivalent to this commit that has not applied the fix commit is affected.

Attack Conditions:
An attacker supplies a specially crafted AC-4 stream file containing an invalid substream group reference. Local access is required; the victim must invoke `MP4Box -dash 100 <crafted_file>` or any equivalent DASH segmentation command that triggers the AC-4 demuxer and presentation parsing path.

Impact:
The near-NULL pointer dereference (READ at address 0x000000000048) causes an immediate process crash, resulting in Denial of Service. No evidence of arbitrary code execution was observed; the faulting access is a near-NULL read that is not exploitable for control-flow hijacking.

Fix / mitigation status:
The fix adds bounds validation for the substream group index and a NULL check for the presentation pointer in `gf_ac4_pres_b_4_back_channels_present`. Users should upgrade to the release containing commit `13eb5b76560aaf7813b865a2ad433258478e2695` or apply that patch directly.

References

- Issue: https://github.com/gpac/gpac/issues/3302
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/49/49_gf_ac4_pres_b_4_back_channels_present_media_tools_av_parsers_c_15703
- Fix: https://github.com/gpac/gpac/commit/13eb5b76560aaf7813b865a2ad433258478e2695

Credit
@sigdevel

#fuzzing #infosec #security #afl #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory

##

CVE-2025-60495
(0 None)

EPSS: 0.00%

1 posts

N/A

sigdevel@infosec.exchange at 2026-05-29T17:32:43.000Z ##

Security Advisory: CVE-2025-60495 - NULL Pointer Dereference in GPAC/MP4Box

Processing a crafted MP4 file with an inconsistent video sample entry triggers a NULL pointer dereference in `gf_media_get_color_info`, causing MP4Box to crash.

Summary:
The `gf_media_get_color_info` function in `media_tools/isom_tools.c` inspects codec-specific boxes nested inside a video sample entry. When a sample entry type (e.g., `v210`) unexpectedly contains an unrelated box (e.g., an `avcC` AVC Decoder Configuration Box), the function dereferences a near-NULL pointer (READ at address 0x000000000008). No NULL-check is performed before the dereference, and the process terminates with SIGSEGV.

CWE:
CWE-476 - NULL Pointer Dereference

Affected Component

```
media_tools/isom_tools.c:979
Function: gf_media_get_color_info()
```

Affected Product:
MP4Box (GPAC Multimedia Open Source Project)

Affected Version:
2.5-DEV-rev1780-g50b5741f2-master; commit `50b5741f291126b610c59db433fc02e8a17f0c5d`. Any codebase equivalent to this commit that has not applied the fix commit is affected.

1 posts

N/A

sigdevel@infosec.exchange at 2026-05-29T15:07:16.000Z ##

Security Advisory: CVE-2025-60477 - NULL Pointer Dereference in GPAC/MP4Box

Processing a crafted MP4 file containing specially crafted metadata with special characters triggers a NULL pointer dereference in `gf_filter_pid_resolve_file_template_ex`, causing MP4Box to crash during DASH segmentation.

Summary:
The `gf_filter_pid_resolve_file_template_ex` function in `filter_core/filter_pid.c` resolves output file name templates during DASH packaging. When input file metadata contains excessively long URLs or HTML-like special characters, the function reaches a `strncmp()` call without verifying that one of its arguments is non-NULL. The resulting dereference of a NULL pointer (READ at address 0x0) terminates the process immediately.

CWE:
CWE-476 - NULL Pointer Dereference

Affected component:
```
filter_core/filter_pid.c:9045
Function: gf_filter_pid_resolve_file_template_ex()
```

Affected Product:
MP4Box (GPAC Multimedia Open Source Project)

1 posts

N/A

Nuclei template

2 repos

https://github.com/portbuster1337/CVE-2026-27771

https://github.com/HORKimhab/CVE-2026-27771

forgejo@floss.social at 2026-05-28T14:24:22.000Z ##

A security vulnerability labelled CVE-2026-27771 affecting Forgejo and Gitea is being widely reported recently.

Packages in Forgejo are visible to unauthenticated users if they are published under a public owner, as designed. It is not a security vulnerability, but a misunderstanding about the permissions and a good opportunity for users to review that they are not in a misconfigured state.

Please see the statement issued by the security team here for more details: https://codeberg.org/forgejo/website/issues/839#issuecomment-15980039

##

CVE-2026-10165(8.8 HIGH)

EPSS: 0.00%

CVE-2026-10162(8.8 HIGH)

EPSS: 0.00%

CVE-2026-10161(8.8 HIGH)

EPSS: 0.00%

CVE-2026-10160(8.8 HIGH)

EPSS: 0.00%

CVE-2026-10159(8.8 HIGH)

EPSS: 0.00%

CVE-2026-10158(8.8 HIGH)

EPSS: 0.00%

CVE-2026-10124(8.8 HIGH)

EPSS: 0.00%

CVE-2026-10121(8.8 HIGH)

EPSS: 0.00%

CVE-2026-10126(8.8 HIGH)

EPSS: 0.00%

CVE-2026-10125(8.8 HIGH)

EPSS: 0.00%

CVE-2026-10123(8.8 HIGH)

EPSS: 0.00%

CVE-2026-10122(8.8 HIGH)

EPSS: 0.00%

CVE-2026-10120(8.8 HIGH)

EPSS: 0.00%

CVE-2026-10119(8.8 HIGH)

EPSS: 0.00%

CVE-2026-7459(7.5 HIGH)

EPSS: 0.06%

CVE-2026-7465(8.8 HIGH)

EPSS: 0.22%

CVE-2026-9757(7.5 HIGH)

EPSS: 0.09%

CVE-2026-10112(2.4 LOW)

EPSS: 0.03%

CVE-2026-10110(7.3 HIGH)

EPSS: 0.03%

CVE-2026-10044(7.5 HIGH)

EPSS: 0.05%

CVE-2026-35671(8.8 HIGH)

EPSS: 0.04%

CVE-2026-9831(6.3 MEDIUM)

EPSS: 0.05%

CVE-2026-44697(8.6 HIGH)

EPSS: 0.04%

CVE-2026-42941(8.3 HIGH)

EPSS: 0.01%

CVE-2026-49366(7.8 HIGH)

EPSS: 0.00%

CVE-2026-49372(7.5 HIGH)

EPSS: 0.00%

CVE-2026-48557(8.8 HIGH)

EPSS: 0.10%

CVE-2026-49368(8.7 HIGH)

EPSS: 0.01%

CVE-2026-49374(7.6 HIGH)

EPSS: 0.00%

CVE-2026-49367(8.0 HIGH)

EPSS: 0.00%

CVE-2026-42929(8.3 HIGH)

EPSS: 0.01%

CVE-2026-5343(7.4 HIGH)

EPSS: 0.03%

CVE-2026-46821(7.7 HIGH)

EPSS: 0.03%

CVE-2026-10105(8.3 HIGH)

EPSS: 0.03%

CVE-2026-45628(9.6 CRITICAL)

EPSS: 0.05%

CVE-2026-45625(9.9 CRITICAL)

EPSS: 0.05%

CVE-2026-45661(9.9 CRITICAL)

EPSS: 0.08%

CVE-2026-45631(10.0 CRITICAL)

EPSS: 0.07%

CVE-2026-44285(7.7 HIGH)

EPSS: 0.03%

CVE-2026-44422(7.5 HIGH)

EPSS: 0.05%

CVE-2026-10165
(8.8 HIGH)

CVE-2026-10162
(8.8 HIGH)

CVE-2026-10161
(8.8 HIGH)

CVE-2026-10160
(8.8 HIGH)

CVE-2026-10159
(8.8 HIGH)

CVE-2026-10158
(8.8 HIGH)

CVE-2026-10124
(8.8 HIGH)

CVE-2026-10121
(8.8 HIGH)

CVE-2026-10126
(8.8 HIGH)

CVE-2026-10125
(8.8 HIGH)

CVE-2026-10123
(8.8 HIGH)

CVE-2026-10122
(8.8 HIGH)

CVE-2026-10120
(8.8 HIGH)

CVE-2026-10119
(8.8 HIGH)

CVE-2026-7459
(7.5 HIGH)

CVE-2026-7465
(8.8 HIGH)

CVE-2026-9757
(7.5 HIGH)

CVE-2026-10112
(2.4 LOW)

CVE-2026-10110
(7.3 HIGH)

CVE-2026-10044
(7.5 HIGH)

CVE-2026-35671
(8.8 HIGH)

CVE-2026-9831
(6.3 MEDIUM)

CVE-2026-44697
(8.6 HIGH)

CVE-2026-42941
(8.3 HIGH)

CVE-2026-49366
(7.8 HIGH)

CVE-2026-49372
(7.5 HIGH)

CVE-2026-48557
(8.8 HIGH)

CVE-2026-49368
(8.7 HIGH)

CVE-2026-49374
(7.6 HIGH)

CVE-2026-49367
(8.0 HIGH)

CVE-2026-42929
(8.3 HIGH)

CVE-2026-5343
(7.4 HIGH)

CVE-2026-46821
(7.7 HIGH)

CVE-2026-10105
(8.3 HIGH)

CVE-2026-45628
(9.6 CRITICAL)

CVE-2026-45625
(9.9 CRITICAL)

CVE-2026-45661
(9.9 CRITICAL)

CVE-2026-45631
(10.0 CRITICAL)

CVE-2026-44285
(7.7 HIGH)

CVE-2026-44422
(7.5 HIGH)

CVE-2026-47123
(7.5 HIGH)

CVE-2026-9998
(8.3 HIGH)

CVE-2026-44648
(7.5 HIGH)

CVE-2026-47740
(8.1 HIGH)

CVE-2026-47744
(9.9 CRITICAL)

CVE-2026-0257
(9.1 CRITICAL)

CVE-2026-9051
(9.1 CRITICAL)

CVE-2026-46835
(7.5 HIGH)

CVE-2026-46834
(7.5 HIGH)

CVE-2026-10108
(7.5 HIGH)

CVE-2026-10107
(7.7 HIGH)

CVE-2026-5768
(8.8 HIGH)

CVE-2026-7786
(9.8 CRITICAL)

CVE-2026-32905
(8.3 HIGH)

CVE-2026-35630
(8.0 HIGH)

CVE-2026-10065
(8.8 HIGH)

CVE-2026-46840
(10.0 CRITICAL)

CVE-2026-46839
(9.9 CRITICAL)

CVE-2026-9999
(8.8 HIGH)

CVE-2026-6824
(8.4 HIGH)

CVE-2026-5386
(9.1 CRITICAL)

CVE-2026-45615
(8.2 HIGH)

CVE-2026-44962
(9.9 CRITICAL)

CVE-2026-35674
(8.8 HIGH)

CVE-2026-10069
(7.5 HIGH)

CVE-2026-10067
(8.8 HIGH)

CVE-2026-10066
(8.8 HIGH)

CVE-2026-44698
(8.3 HIGH)

CVE-2026-45323
(9.6 CRITICAL)

CVE-2026-32847
(7.5 HIGH)

CVE-2026-46837
(8.8 HIGH)

CVE-2026-10062
(8.8 HIGH)

CVE-2026-9809
(7.6 HIGH)

CVE-2026-4944
(8.8 HIGH)

CVE-2026-45348
(8.7 HIGH)