| CVE | CVSS | EPSS | Posts | Repos | Nuclei | Updated | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-26990 | 8.8 | 0.00% | 2 | 0 | 2026-02-20T02:16:54.870000 | LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Ve | |
| CVE-2026-26980 | 9.4 | 0.00% | 2 | 0 | 2026-02-20T02:16:54.213000 | Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 all | |
| CVE-2026-26065 | 0 | 0.00% | 2 | 0 | 2026-02-20T02:16:53.730000 | calibre is a cross-platform e-book manager for viewing, converting, editing, and | |
| CVE-2026-26975 | 8.8 | 0.00% | 4 | 0 | 2026-02-20T01:16:00.273000 | Music Assistant is an open-source media library manager that integrates streamin | |
| CVE-2025-30411 | 10.0 | 0.00% | 4 | 0 | 2026-02-20T01:15:59.493000 | Sensitive data disclosure and manipulation due to improper authentication. The f | |
| CVE-2026-23544 | 8.8 | 0.02% | 2 | 0 | 2026-02-20T00:32:59 | Deserialization of Untrusted Data vulnerability in codetipi Valenti valenti allo | |
| CVE-2026-23542 | 9.8 | 0.02% | 2 | 0 | 2026-02-20T00:32:59 | Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Restaurant g | |
| CVE-2026-21535 | 8.2 | 0.00% | 2 | 0 | 2026-02-20T00:31:59 | Improper access control in Microsoft Teams allows an unauthorized attacker to di | |
| CVE-2026-26321 | 7.5 | 0.00% | 2 | 0 | 2026-02-19T23:16:25.180000 | OpenClaw is a personal AI assistant. Prior to OpenClaw version 2026.2.14, the Fe | |
| CVE-2026-0573 | 9.0 | 0.10% | 2 | 0 | 2026-02-19T22:49:21.843000 | An URL redirection vulnerability was identified in GitHub Enterprise Server that | |
| CVE-2026-23549 | 9.8 | 0.02% | 2 | 0 | 2026-02-19T22:16:41.930000 | Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage | |
| CVE-2025-13590 | 9.1 | 0.21% | 2 | 0 | 2026-02-19T22:11:44 | A malicious actor with administrative privileges can upload an arbitrary file to | |
| CVE-2026-27013 | 7.6 | 0.00% | 2 | 0 | 2026-02-19T21:57:27 | fabric.js applies `escapeXml()` to text content during SVG export (`src/shapes/T | |
| CVE-2026-26280 | 8.4 | 0.00% | 2 | 0 | 2026-02-19T21:57:03 | ### Summary A command injection vulnerability in the `wifiNetworks()` function a | |
| CVE-2026-26267 | 7.5 | 0.00% | 2 | 0 | 2026-02-19T21:56:47 | ### Impact The `#[contractimpl]` macro contains a bug in how it wires up functi | |
| CVE-2026-27476 | 9.8 | 0.00% | 2 | 0 | 2026-02-19T21:30:57 | RustFly 2.0.0 contains a command injection vulnerability in its remote UI contro | |
| CVE-2026-27052 | 7.5 | 0.05% | 2 | 0 | 2026-02-19T21:30:46 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP | |
| CVE-2026-25378 | 7.6 | 0.02% | 2 | 0 | 2026-02-19T21:30:45 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2026-26016 | None | 0.00% | 2 | 0 | 2026-02-19T21:30:31 | ### Summary A missing authorization check in multiple controllers allows any us | |
| CVE-2026-24834 | None | 0.00% | 2 | 0 | 2026-02-19T21:30:21 | ### Summary An issue in Kata with Cloud Hypervisor allows a user of the contain | |
| CVE-2026-25242 | None | 0.19% | 2 | 1 | 2026-02-19T21:23:41 | Security Advisory:Unauthenticated File Upload in Gogs Vulnerability Type: Unauth | |
| CVE-2026-25232 | None | 0.03% | 2 | 0 | 2026-02-19T21:14:58 | ## Summary An access control bypass vulnerability in Gogs web interface allows | |
| CVE-2026-24708 | 8.2 | 0.04% | 3 | 0 | 2026-02-19T20:28:05 | An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 3 | |
| CVE-2025-14009 | 10.0 | 0.40% | 4 | 0 | 2026-02-19T20:27:45 | A critical vulnerability exists in the NLTK downloader component of nltk/nltk, a | |
| CVE-2026-26318 | 8.8 | 0.00% | 2 | 0 | 2026-02-19T20:25:44.063000 | systeminformation is a System and OS information library for node.js. Versions p | |
| CVE-2026-26278 | 7.5 | 0.00% | 2 | 0 | 2026-02-19T20:25:43.717000 | fast-xml-parser allows users to validate XML, parse XML to JS object, or build X | |
| CVE-2025-70148 | 7.5 | 0.09% | 2 | 0 | 2026-02-19T20:25:24.843000 | Missing authentication and authorization in print_membership_card.php in CodeAst | |
| CVE-2026-25474 | 7.5 | 0.02% | 2 | 0 | 2026-02-19T20:13:13.640000 | OpenClaw is a personal AI assistant. In versions 2026.1.30 and below, if channel | |
| CVE-2026-26030 | 10.0 | 0.00% | 6 | 0 | 2026-02-19T19:34:15 | ### Impact: An RCE vulnerability has been identified in Microsoft Semantic Kerne | |
| CVE-2026-25940 | 8.1 | 0.00% | 4 | 0 | 2026-02-19T19:32:48 | ### Impact User control of properties and methods of the Acroform module allows | |
| CVE-2026-27475 | 8.1 | 0.00% | 2 | 0 | 2026-02-19T19:22:30.720000 | SPIP before 4.4.9 allows Insecure Deserialization in the public area through the | |
| CVE-2026-25418 | 7.6 | 0.02% | 2 | 0 | 2026-02-19T19:22:28.717000 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2026-2648 | 8.8 | 0.06% | 2 | 0 | 2026-02-19T18:35:27.370000 | Heap buffer overflow in PDFium in Google Chrome prior to 145.0.7632.109 allowed | |
| CVE-2026-2409 | None | 0.00% | 2 | 0 | 2026-02-19T18:32:10 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2026-1581 | 7.5 | 0.00% | 2 | 0 | 2026-02-19T18:32:09 | The wpForo Forum plugin for WordPress is vulnerable to time-based SQL Injection | |
| CVE-2026-2232 | 7.5 | 0.00% | 2 | 0 | 2026-02-19T18:32:09 | The Product Table and List Builder for WooCommerce Lite plugin for WordPress is | |
| CVE-2026-26337 | 8.2 | 0.00% | 2 | 0 | 2026-02-19T18:32:08 | Hyland Alfresco Transformation Service allows unauthenticated attackers to achie | |
| CVE-2026-26362 | 8.1 | 0.04% | 6 | 0 | 2026-02-19T18:32:08 | Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Relative Path Travers | |
| CVE-2025-71250 | 8.1 | 0.00% | 4 | 0 | 2026-02-19T18:32:08 | SPIP before 4.4.9 allows Insecure Deserialization in the public area through the | |
| CVE-2026-26358 | 8.8 | 0.05% | 10 | 0 | 2026-02-19T18:32:07 | Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Missing Authorization | |
| CVE-2025-12107 | 10.0 | 0.30% | 2 | 0 | 2026-02-19T18:32:07 | Due to the use of a vulnerable third-party Velocity template engine, a malicious | |
| CVE-2025-8350 | 9.8 | 0.07% | 2 | 0 | 2026-02-19T18:32:07 | Execution After Redirect (EAR), Missing Authentication for Critical Function vul | |
| CVE-2026-26359 | 8.8 | 0.04% | 2 | 0 | 2026-02-19T18:32:06 | Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of | |
| CVE-2025-9953 | 9.8 | 0.03% | 2 | 0 | 2026-02-19T18:32:06 | Authorization Bypass Through User-Controlled SQL Primary Key vulnerability in DA | |
| CVE-2026-26360 | 8.1 | 0.05% | 8 | 0 | 2026-02-19T18:32:05 | Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of | |
| CVE-2026-1994 | 9.8 | 0.05% | 4 | 0 | 2026-02-19T18:32:03 | The s2Member plugin for WordPress is vulnerable to privilege escalation via acco | |
| CVE-2025-4521 | 8.8 | 0.04% | 2 | 0 | 2026-02-19T18:32:02 | The IDonate – Blood Donation, Request And Donor Management System plugin for Wor | |
| CVE-2025-4960 | 7.8 | 0.01% | 2 | 0 | 2026-02-19T18:32:02 | The com.epson.InstallNavi.helper tool, deployed with the EPSON printer driver in | |
| CVE-2026-0926 | 9.8 | 0.19% | 4 | 0 | 2026-02-19T18:32:02 | The Prodigy Commerce plugin for WordPress is vulnerable to Local File Inclusion | |
| CVE-2025-13851 | 9.8 | 0.06% | 2 | 0 | 2026-02-19T18:32:01 | The Buyent Classified plugin for WordPress (bundled with Buyent theme) is vulner | |
| CVE-2026-0912 | 8.8 | 0.04% | 2 | 0 | 2026-02-19T18:32:01 | The Toret Manager plugin for WordPress is vulnerable to unauthorized modificatio | |
| CVE-2025-12707 | 7.5 | 0.07% | 2 | 0 | 2026-02-19T18:31:53 | The Library Management System plugin for WordPress is vulnerable to SQL Injectio | |
| CVE-2025-12882 | 9.8 | 0.06% | 2 | 0 | 2026-02-19T18:31:53 | The Clasifico Listing plugin for WordPress is vulnerable to privilege escalation | |
| CVE-2025-12845 | 8.8 | 0.05% | 2 | 0 | 2026-02-19T18:31:52 | The Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluen | |
| CVE-2025-13563 | 9.8 | 0.06% | 2 | 0 | 2026-02-19T18:31:50 | The Lizza LMS Pro plugin for WordPress is vulnerable to Privilege Escalation in | |
| CVE-2026-26339 | 9.8 | 0.00% | 4 | 0 | 2026-02-19T18:25:00.133000 | Hyland Alfresco Transformation Service allows unauthenticated attackers to achie | |
| CVE-2026-26336 | 7.5 | 0.00% | 2 | 0 | 2026-02-19T17:24:50.943000 | Hyland Alfresco allows unauthenticated attackers to read arbitrary files from pr | |
| CVE-2025-71243 | 9.8 | 0.00% | 2 | 1 | 2026-02-19T16:27:12.303000 | The 'Saisies pour formulaire' (Saisies) plugin for SPIP versions 5.4.0 through 5 | |
| CVE-2025-65791 | 9.8 | 0.27% | 2 | 1 | 2026-02-19T15:53:43.903000 | ZoneMinder v1.36.34 is vulnerable to Command Injection in web/views/image.php. T | |
| CVE-2025-11754 | 7.5 | 0.04% | 2 | 0 | 2026-02-19T15:53:02.850000 | The GDPR Cookie Consent plugin for WordPress is vulnerable to unauthorized acces | |
| CVE-2025-12821 | 8.8 | 0.05% | 2 | 0 | 2026-02-19T15:53:02.850000 | The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery | |
| CVE-2025-13603 | 8.8 | 0.04% | 2 | 0 | 2026-02-19T15:53:02.850000 | The WP AUDIO GALLERY plugin for WordPress is vulnerable to Unauthorized Arbitrar | |
| CVE-2026-0974 | 8.8 | 0.21% | 2 | 0 | 2026-02-19T15:53:02.850000 | The Orderable – WordPress Restaurant Online Ordering System and Food Ordering Pl | |
| CVE-2026-2686 | 9.8 | 0.15% | 4 | 0 | 2026-02-19T15:53:02.850000 | A security vulnerability has been detected in SECCN Dingcheng G10 3.1.0.181203. | |
| CVE-2026-27175 | 9.8 | 0.49% | 4 | 0 | 2026-02-19T15:53:02.850000 | MajorDoMo (aka Major Domestic Module) is vulnerable to unauthenticated OS comman | |
| CVE-2026-27180 | 9.8 | 0.09% | 4 | 1 | 2026-02-19T15:53:02.850000 | MajorDoMo (aka Major Domestic Module) is vulnerable to unauthenticated remote co | |
| CVE-2026-0874 | 7.8 | 0.01% | 2 | 0 | 2026-02-19T15:53:02.850000 | A maliciously crafted CATPART file, when parsed through certain Autodesk product | |
| CVE-2026-1405 | 9.8 | 0.15% | 2 | 0 | 2026-02-19T15:52:39.260000 | The Slider Future plugin for WordPress is vulnerable to arbitrary file uploads d | |
| CVE-2026-22267 | 8.1 | 0.04% | 4 | 0 | 2026-02-19T15:52:39.260000 | Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Incorre | |
| CVE-2026-25755 | 8.1 | 0.00% | 2 | 0 | 2026-02-19T15:52:39.260000 | jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control | |
| CVE-2026-27179 | 8.2 | 0.06% | 2 | 0 | 2026-02-19T00:30:37 | MajorDoMo (aka Major Domestic Module) contains an unauthenticated SQL injection | |
| CVE-2026-27182 | 8.4 | 0.12% | 2 | 0 | 2026-02-19T00:30:37 | Saturn Remote Mouse Server contains a command injection vulnerability that allow | |
| CVE-2026-27181 | 7.5 | 0.02% | 2 | 0 | 2026-02-19T00:30:37 | MajorDoMo (aka Major Domestic Module) allows unauthenticated arbitrary module un | |
| CVE-2026-2649 | 8.8 | 0.03% | 4 | 0 | 2026-02-19T00:30:30 | Integer overflow in V8 in Google Chrome prior to 145.0.7632.109 allowed a remote | |
| CVE-2026-2650 | 8.8 | 0.03% | 4 | 0 | 2026-02-19T00:30:30 | Heap buffer overflow in Media in Google Chrome prior to 145.0.7632.109 allowed a | |
| CVE-2026-27174 | 9.8 | 0.32% | 4 | 0 | 2026-02-19T00:30:30 | MajorDoMo (aka Major Domestic Module) allows unauthenticated remote code executi | |
| CVE-2019-25360 | 9.8 | 0.18% | 1 | 0 | 2026-02-19T00:30:29 | Aida64 Engineer 6.10.5200 contains a buffer overflow vulnerability in the CSV lo | |
| CVE-2026-22860 | 7.5 | 0.04% | 2 | 0 | 2026-02-18T23:49:03 | ## Summary `Rack::Directory`’s path check used a string prefix match on the exp | |
| CVE-2025-45769 | 6.5 | 0.01% | 2 | 0 | 2026-02-18T22:16:24.073000 | php-jwt v6.11.0 was discovered to contain weak encryption. NOTE: this issue has | |
| CVE-2025-70146 | 9.1 | 0.25% | 2 | 0 | 2026-02-18T21:32:26 | Missing authentication in multiple administrative action scripts under /admin/ i | |
| CVE-2026-1435 | 9.8 | 0.05% | 6 | 0 | 2026-02-18T21:32:25 | Not properly invalidated session vulnerability in Graylog Web Interface, version | |
| CVE-2025-1272 | 7.8 | 0.01% | 2 | 2 | 2026-02-18T21:31:34 | The Linux Kernel lockdown mode for kernel versions starting on 6.12 and above fo | |
| CVE-2026-0875 | 7.8 | 0.01% | 2 | 0 | 2026-02-18T21:31:34 | A maliciously crafted MODEL file, when parsed through certain Autodesk products, | |
| CVE-2025-70064 | 8.8 | 0.08% | 2 | 0 | 2026-02-18T21:31:23 | PHPGurukul Hospital Management System v4.0 contains a Privilege Escalation vulne | |
| CVE-2025-70149 | 9.8 | 0.03% | 2 | 0 | 2026-02-18T21:31:23 | CodeAstro Membership Management System 1.0 is vulnerable to SQL Injection in pri | |
| CVE-2025-70147 | 7.5 | 0.14% | 2 | 0 | 2026-02-18T21:31:23 | Missing authentication in /admin/student.php and /admin/teacher.php in ProjectWo | |
| CVE-2026-22769 | 10.0 | 28.78% | 28 | 0 | 2026-02-18T20:01:15.983000 | Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a | |
| CVE-2026-0714 | 6.8 | 0.01% | 4 | 0 | 2026-02-18T18:31:27 | A physical attack vulnerability exists in certain Moxa industrial computers usin | |
| CVE-2021-22175 | 9.8 | 74.08% | 6 | 0 | template | 2026-02-18T18:31:26 | When requests to the internal network for webhooks are enabled, a server-side re |
| CVE-2026-2507 | 7.5 | 0.08% | 4 | 0 | 2026-02-18T18:30:51 | When BIG-IP AFM or BIG-IP DDoS is provisioned, undisclosed traffic can cause TMM | |
| CVE-2025-70150 | 9.8 | 0.11% | 2 | 0 | 2026-02-18T18:30:47 | CodeAstro Membership Management System 1.0 contains a missing authentication vul | |
| CVE-2025-70998 | 9.8 | 0.11% | 4 | 0 | 2026-02-18T18:30:39 | UTT HiPER 810 / nv810v4 router firmware v1.5.0-140603 was discovered to contain | |
| CVE-2025-61982 | 7.8 | 0.02% | 2 | 0 | 2026-02-18T18:30:38 | An arbitrary code execution vulnerability exists in the Code Stream directive fu | |
| CVE-2025-65715 | 7.8 | 0.02% | 4 | 0 | 2026-02-18T17:52:22.253000 | An issue in the code-runner.executorMap setting of Visual Studio Code Extensions | |
| CVE-2026-2577 | 10.0 | 0.06% | 1 | 0 | 2026-02-18T17:52:22.253000 | The WhatsApp bridge component in Nanobot binds the WebSocket server to all netwo | |
| CVE-2026-1670 | 9.8 | 0.04% | 8 | 0 | 2026-02-18T17:51:53.510000 | The affected products are vulnerable to an unauthenticated API endpoint exposure | |
| CVE-2026-27099 | 8.0 | 0.04% | 6 | 0 | 2026-02-18T17:51:53.510000 | Jenkins 2.483 through 2.550 (both inclusive), LTS 2.492.1 through 2.541.1 (both | |
| CVE-2026-1426 | 8.8 | 0.09% | 4 | 0 | 2026-02-18T17:51:53.510000 | The Advanced AJAX Product Filters plugin for WordPress is vulnerable to PHP Obje | |
| CVE-2025-33239 | 7.8 | 0.02% | 2 | 0 | 2026-02-18T17:51:53.510000 | NVIDIA Megatron Bridge contains a vulnerability in a data merging tutorial, wher | |
| CVE-2025-33250 | 7.8 | 0.07% | 2 | 0 | 2026-02-18T17:51:53.510000 | NVIDIA NeMo Framework contains a vulnerability where an attacker could cause rem | |
| CVE-2025-33243 | 7.8 | 0.28% | 2 | 0 | 2026-02-18T17:51:53.510000 | NVIDIA NeMo Framework contains a vulnerability where an attacker could cause rem | |
| CVE-2025-60037 | 7.8 | 0.18% | 2 | 0 | 2026-02-18T17:51:53.510000 | A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an a | |
| CVE-2025-33253 | 7.8 | 0.27% | 2 | 0 | 2026-02-18T17:51:53.510000 | NVIDIA NeMo Framework contains a vulnerability where an attacker could cause rem | |
| CVE-2026-1714 | 8.6 | 0.06% | 1 | 0 | 2026-02-18T17:51:53.510000 | The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All | |
| CVE-2025-13689 | 8.8 | 0.03% | 1 | 0 | 2026-02-18T17:51:53.510000 | IBM DataStage on Cloud Pak for Data could allow an authenticated user to execute | |
| CVE-2026-1368 | 7.5 | 0.02% | 2 | 0 | 2026-02-18T15:32:29 | The Video Conferencing with Zoom WordPress plugin before 4.6.6 contains an AJAX | |
| CVE-2026-2329 | None | 0.09% | 7 | 0 | 2026-02-18T15:31:35 | An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP | |
| CVE-2025-33251 | 7.8 | 0.07% | 2 | 0 | 2026-02-18T15:31:34 | NVIDIA NeMo Framework contains a vulnerability where an attacker could cause rem | |
| CVE-2025-33245 | 8.0 | 0.23% | 2 | 0 | 2026-02-18T15:31:34 | NVIDIA NeMo Framework contains a vulnerability where malicious data could cause | |
| CVE-2025-33241 | 7.8 | 0.28% | 2 | 0 | 2026-02-18T15:31:33 | NVIDIA NeMo Framework contains a vulnerability where an attacker could cause rem | |
| CVE-2025-33240 | 7.8 | 0.02% | 2 | 0 | 2026-02-18T15:31:33 | NVIDIA Megatron Bridge contains a vulnerability in a data shuffling tutorial, wh | |
| CVE-2025-33236 | 7.8 | 0.02% | 2 | 0 | 2026-02-18T15:31:33 | NVIDIA NeMo Framework contains a vulnerability where malicious data created by a | |
| CVE-2025-33249 | 7.8 | 0.02% | 2 | 0 | 2026-02-18T15:31:33 | NVIDIA NeMo Framework for all platforms contains a vulnerability in a voice-prep | |
| CVE-2025-33246 | 7.8 | 0.05% | 2 | 0 | 2026-02-18T15:31:33 | NVIDIA NeMo Framework for all platforms contains a vulnerability in the ASR Eval | |
| CVE-2025-60038 | 7.8 | 0.18% | 2 | 0 | 2026-02-18T15:31:33 | A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an a | |
| CVE-2025-60036 | 7.8 | 0.18% | 2 | 0 | 2026-02-18T15:31:33 | A vulnerability has been identified in the UA.Testclient utility, which is inclu | |
| CVE-2025-60035 | 7.8 | 0.18% | 2 | 0 | 2026-02-18T15:31:33 | A vulnerability has been identified in the OPC.Testclient utility, which is incl | |
| CVE-2025-33252 | 7.8 | 0.27% | 2 | 0 | 2026-02-18T15:31:33 | NVIDIA NeMo Framework contains a vulnerability where an attacker could cause rem | |
| CVE-2026-22048 | 7.1 | 0.04% | 1 | 0 | 2026-02-18T15:31:25 | StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9.0.12 and 12.0 | |
| CVE-2026-23599 | 7.8 | 0.01% | 2 | 0 | 2026-02-18T15:31:25 | A local privilege-escalation vulnerability has been discovered in the HPE Aruba | |
| CVE-2024-7694 | 7.2 | 1.38% | 2 | 0 | 2026-02-18T13:46:48.840000 | ThreatSonar Anti-Ransomware from TeamT5 does not properly validate the content o | |
| CVE-2026-2495 | 7.5 | 0.08% | 4 | 0 | 2026-02-18T09:32:07 | The WPNakama – Team and multi-Client Collaboration, Editorial and Project Manage | |
| CVE-2026-1937 | 9.8 | 0.04% | 3 | 0 | 2026-02-18T09:32:06 | The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to | |
| CVE-2026-2576 | 7.5 | 0.07% | 1 | 0 | 2026-02-18T06:30:25 | The Business Directory Plugin – Easy Listing Directories for WordPress plugin fo | |
| CVE-2026-26119 | 8.8 | 0.06% | 3 | 0 | 2026-02-18T00:30:22 | Improper authentication in Windows Admin Center allows an authorized attacker to | |
| CVE-2026-26324 | 7.5 | 0.00% | 2 | 0 | 2026-02-17T21:42:42 | ### Summary OpenClaw's SSRF protection could be bypassed using full-form IPv4-m | |
| CVE-2026-26322 | 7.6 | 0.00% | 2 | 0 | 2026-02-17T21:42:17 | ## Summary The Gateway tool accepted a tool-supplied `gatewayUrl` without suffic | |
| CVE-2026-26319 | 7.5 | 0.00% | 2 | 0 | 2026-02-17T21:40:47 | ## Summary In affected versions, OpenClaw's optional `@openclaw/voice-call` plu | |
| CVE-2026-26316 | 7.5 | 0.00% | 2 | 0 | 2026-02-17T21:33:51 | ### Summary In affected versions, the optional BlueBubbles iMessage channel plu | |
| CVE-2026-2441 | 8.8 | 0.53% | 21 | 3 | 2026-02-17T21:32:21 | Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote a | |
| CVE-2026-23647 | 9.8 | 0.26% | 2 | 0 | 2026-02-17T21:32:21 | Glory RBG-100 recycler systems using the ISPK-08 software component contain hard | |
| CVE-2008-0015 | 8.8 | 80.64% | 2 | 0 | 2026-02-17T21:32:16 | Stack-based buffer overflow in the CComVariant::ReadFromStream function in the A | |
| CVE-2020-7796 | 9.8 | 93.55% | 2 | 0 | template | 2026-02-17T21:32:16 | Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zi |
| CVE-2026-26275 | 7.5 | 0.00% | 2 | 0 | 2026-02-17T21:29:37 | ### Impact An issue was discovered in `httpsig-hyper` where Digest header verif | |
| CVE-2025-65716 | 8.8 | 0.05% | 4 | 0 | 2026-02-17T15:32:42 | An issue in Visual Studio Code Extensions Markdown Preview Enhanced v0.8.18 allo | |
| CVE-2025-65717 | 9.1 | 0.03% | 2 | 1 | 2026-02-17T15:32:42 | An issue in Visual Studio Code Extensions Live Server v5.7.9 allows attackers to | |
| CVE-2026-2447 | 8.8 | 0.04% | 6 | 0 | 2026-02-17T15:32:41 | Heap buffer overflow in libvpx. This vulnerability affects Firefox < 147.0.4, Fi | |
| CVE-2026-1731 | 9.8 | 49.74% | 4 | 3 | template | 2026-02-17T13:40:10.320000 | BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote |
| CVE-2026-20841 | 7.8 | 0.09% | 3 | 10 | 2026-02-12T20:16:05.143000 | Improper neutralization of special elements used in a command ('command injectio | |
| CVE-2026-24061 | 9.8 | 76.94% | 1 | 61 | template | 2026-02-11T15:40:42.937000 | telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a " |
| CVE-2026-21509 | 7.8 | 9.21% | 2 | 9 | 2026-02-10T15:30:22 | Reliance on untrusted inputs in a security decision in Microsoft Office allows a | |
| CVE-2025-14831 | 5.3 | 0.04% | 1 | 0 | 2026-02-09T15:30:37 | A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) | |
| CVE-2026-24423 | 9.8 | 22.65% | 1 | 1 | 2026-02-06T18:30:29 | SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated | |
| CVE-2021-39935 | 7.5 | 54.31% | 2 | 0 | 2026-02-03T18:30:29 | An issue has been discovered in GitLab CE/EE affecting all versions starting fro | |
| CVE-2026-1281 | 9.8 | 43.87% | 6 | 2 | 2026-01-30T00:31:29 | A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve | |
| CVE-2026-1340 | 9.8 | 32.27% | 3 | 2 | 2026-01-30T00:31:28 | A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve | |
| CVE-2025-15467 | 9.8 | 0.92% | 2 | 4 | 2026-01-29T15:31:31 | Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AE | |
| CVE-2026-23760 | 9.8 | 55.75% | 1 | 2 | template | 2026-01-27T18:33:14 | SmarterTools SmarterMail versions prior to build 9511 contain an authentication |
| CVE-2025-6571 | 6.0 | 0.02% | 2 | 0 | 2025-11-11T09:30:36 | A 3rd-party component exposed its password in process arguments, allowing for lo | |
| CVE-2025-7676 | None | 0.02% | 2 | 0 | 2025-07-28T18:31:29 | DLL hijacking of all PE32 executables when run on Windows for ARM64 CPU architec | |
| CVE-2025-29969 | 7.5 | 0.28% | 2 | 1 | 2025-05-13T18:31:00 | Time-of-check time-of-use (toctou) race condition in Windows Fundamentals allows | |
| CVE-2021-22214 | 6.8 | 93.52% | 2 | 4 | template | 2024-11-21T05:49:43.477000 | When requests to the internal network for webhooks are enabled, a server-side re |
| CVE-2023-51781 | 7.0 | 0.02% | 1 | 0 | 2024-01-27T05:05:43 | An issue was discovered in the Linux kernel before 6.6.8. atalk_ioctl in net/app | |
| CVE-2001-0144 | None | 61.72% | 2 | 0 | 2023-01-30T05:05:25 | CORE SDI SSH1 CRC-32 compensation attack detector allows remote attackers to exe | |
| CVE-2025-30416 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2025-30412 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2025-30410 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-26959 | 0 | 0.00% | 4 | 0 | N/A | ||
| CVE-2026-26202 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-26200 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-25548 | 0 | 0.27% | 2 | 0 | N/A | ||
| CVE-2025-41725 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-2239 | 0 | 0.00% | 1 | 0 | N/A |
updated 2026-02-20T02:16:54.870000
2 posts
🟠 CVE-2026-26990 - High (8.8)
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below have a Time-Based Blind SQL Injection vulnerability in address-search.inc.php via the address parameter. When a crafted subnet prefix is suppl...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26990/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26990 - High (8.8)
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below have a Time-Based Blind SQL Injection vulnerability in address-search.inc.php via the address parameter. When a crafted subnet prefix is suppl...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26990/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T02:16:54.213000
2 posts
🔴 CVE-2026-26980 - Critical (9.4)
Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26980/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-26980 - Critical (9.4)
Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26980/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T02:16:53.730000
2 posts
⚠️ CRITICAL vuln: calibre <9.3.0 (CVE-2026-26065) allows arbitrary file writes via path traversal in PDB reader. Risks: code execution, DoS. Patch to 9.3.0+ ASAP! No known exploits yet. https://radar.offseq.com/threat/cve-2026-26065-cwe-22-improper-limitation-of-a-pat-53326093 #OffSeq #Vuln #Calibre #InfoSec
##⚠️ CRITICAL vuln: calibre <9.3.0 (CVE-2026-26065) allows arbitrary file writes via path traversal in PDB reader. Risks: code execution, DoS. Patch to 9.3.0+ ASAP! No known exploits yet. https://radar.offseq.com/threat/cve-2026-26065-cwe-22-improper-limitation-of-a-pat-53326093 #OffSeq #Vuln #Calibre #InfoSec
##updated 2026-02-20T01:16:00.273000
4 posts
🎵 CVE-2026-26975: HIGH severity RCE in Music Assistant server <2.7.0. Unauthenticated attackers can write arbitrary files via playlist update API — root compromise possible if running as root. Upgrade to 2.7.0+ now! https://radar.offseq.com/threat/cve-2026-26975-cwe-73-external-control-of-file-nam-f0001b29 #OffSeq #Vuln #RCE #MusicAssistant
##🟠 CVE-2026-26975 - High (8.8)
Music Assistant is an open-source media library manager that integrates streaming services with connected speakers. Versions 2.6.3 and below allow unauthenticated network-adjacent attackers to execute arbitrary code on affected installations. The ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26975/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🎵 CVE-2026-26975: HIGH severity RCE in Music Assistant server <2.7.0. Unauthenticated attackers can write arbitrary files via playlist update API — root compromise possible if running as root. Upgrade to 2.7.0+ now! https://radar.offseq.com/threat/cve-2026-26975-cwe-73-external-control-of-file-nam-f0001b29 #OffSeq #Vuln #RCE #MusicAssistant
##🟠 CVE-2026-26975 - High (8.8)
Music Assistant is an open-source media library manager that integrates streaming services with connected speakers. Versions 2.6.3 and below allow unauthenticated network-adjacent attackers to execute arbitrary code on affected installations. The ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26975/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T01:15:59.493000
4 posts
🔴 CVE-2025-30411 - Critical (10)
Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, Windows) before build 41800.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-30411/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-30411 - Critical (10)
Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, Windows) before build 41800.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-30411/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-30411 - Critical (10)
Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, Windows) before build 41800.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-30411/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-30411 - Critical (10)
Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, Windows) before build 41800.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-30411/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T00:32:59
2 posts
🟠 CVE-2026-23544 - High (8.8)
Deserialization of Untrusted Data vulnerability in codetipi Valenti valenti allows Object Injection.This issue affects Valenti: from n/a through <= 5.6.3.5.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23544/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-23544 - High (8.8)
Deserialization of Untrusted Data vulnerability in codetipi Valenti valenti allows Object Injection.This issue affects Valenti: from n/a through <= 5.6.3.5.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23544/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T00:32:59
2 posts
🔴 CVE-2026-23542 - Critical (9.8)
Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Object Injection.This issue affects Grand Restaurant: from n/a through <= 7.0.10.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23542/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-23542 - Critical (9.8)
Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Object Injection.This issue affects Grand Restaurant: from n/a through <= 7.0.10.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23542/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T00:31:59
2 posts
🟠 CVE-2026-21535 - High (8.2)
Improper access control in Microsoft Teams allows an unauthorized attacker to disclose information over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21535/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21535 - High (8.2)
Improper access control in Microsoft Teams allows an unauthorized attacker to disclose information over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21535/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T23:16:25.180000
2 posts
🟠 CVE-2026-26321 - High (7.5)
OpenClaw is a personal AI assistant. Prior to OpenClaw version 2026.2.14, the Feishu extension previously allowed `sendMediaFeishu` to treat attacker-controlled `mediaUrl` values as local filesystem paths and read them directly. If an attacker can...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26321/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26321 - High (7.5)
OpenClaw is a personal AI assistant. Prior to OpenClaw version 2026.2.14, the Feishu extension previously allowed `sendMediaFeishu` to treat attacker-controlled `mediaUrl` values as local filesystem paths and read them directly. If an attacker can...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26321/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T22:49:21.843000
2 posts
🔴 CVE-2026-0573 - Critical (9)
An URL redirection vulnerability was identified in GitHub Enterprise Server that allowed attacker-controlled redirects to leak sensitive authorization tokens. The repository_pages API insecurely followed HTTP redirects when fetching artifact URLs,...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0573/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-0573 - Critical (9)
An URL redirection vulnerability was identified in GitHub Enterprise Server that allowed attacker-controlled redirects to leak sensitive authorization tokens. The repository_pages API insecurely followed HTTP redirects when fetching artifact URLs,...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0573/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T22:16:41.930000
2 posts
🔴 CVE-2026-23549 - Critical (9.8)
Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Object Injection.This issue affects WpEvently: from n/a through <= 5.1.1.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23549/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-23549 - Critical (9.8)
Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Object Injection.This issue affects WpEvently: from n/a through <= 5.1.1.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23549/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T22:11:44
2 posts
🔴 CVE-2025-13590 - Critical (9.1)
A malicious actor with administrative privileges can upload an arbitrary file to a user-controlled location within the deployment via a system REST API. Successful uploads may lead to remote code execution.
By leveraging the vulnerability, a ma...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-13590/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-13590 - Critical (9.1)
A malicious actor with administrative privileges can upload an arbitrary file to a user-controlled location within the deployment via a system REST API. Successful uploads may lead to remote code execution.
By leveraging the vulnerability, a ma...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-13590/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T21:57:27
2 posts
🟠 CVE-2026-27013 - High (7.6)
Fabric.js is a Javascript HTML5 canvas library. Prior to version 7.2.0, Fabric.js applies `escapeXml()` to text content during SVG export (`src/shapes/Text/TextSVGExportMixin.ts:186`) but fails to apply it to other user-controlled string values th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27013/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27013 - High (7.6)
Fabric.js is a Javascript HTML5 canvas library. Prior to version 7.2.0, Fabric.js applies `escapeXml()` to text content during SVG export (`src/shapes/Text/TextSVGExportMixin.ts:186`) but fails to apply it to other user-controlled string values th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27013/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T21:57:03
2 posts
🟠 CVE-2026-26280 - High (8.4)
systeminformation is a System and OS information library for node.js. In versions prior to 5.30.8, a command injection vulnerability in the `wifiNetworks()` function allows an attacker to execute arbitrary OS commands via an unsanitized network in...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26280/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26280 - High (8.4)
systeminformation is a System and OS information library for node.js. In versions prior to 5.30.8, a command injection vulnerability in the `wifiNetworks()` function allows an attacker to execute arbitrary OS commands via an unsanitized network in...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26280/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T21:56:47
2 posts
🟠 CVE-2026-26267 - High (7.5)
soroban-sdk is a Rust SDK for Soroban contracts. Prior to versions 22.0.10, 23.5.2, and 25.1.1, the `#[contractimpl]` macro contains a bug in how it wires up function calls. `#[contractimpl]` generates code that uses `MyContract::value()` style ca...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26267/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26267 - High (7.5)
soroban-sdk is a Rust SDK for Soroban contracts. Prior to versions 22.0.10, 23.5.2, and 25.1.1, the `#[contractimpl]` macro contains a bug in how it wires up function calls. `#[contractimpl]` generates code that uses `MyContract::value()` style ca...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26267/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T21:30:57
2 posts
🔴 CVE-2026-27476 - Critical (9.8)
RustFly 2.0.0 contains a command injection vulnerability in its remote UI control mechanism that accepts hex-encoded instructions over UDP port 5005 without proper sanitization. Attackers can send crafted hex-encoded payloads containing system com...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27476/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-27476 - Critical (9.8)
RustFly 2.0.0 contains a command injection vulnerability in its remote UI control mechanism that accepts hex-encoded instructions over UDP port 5005 without proper sanitization. Attackers can send crafted hex-encoded payloads containing system com...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27476/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T21:30:46
2 posts
🟠 CVE-2026-27052 - High (7.5)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in villatheme Sales Countdown Timer for WooCommerce and WordPress sctv-sales-countdown-timer allows PHP Local File Inclusion.This...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27052/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27052 - High (7.5)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in villatheme Sales Countdown Timer for WooCommerce and WordPress sctv-sales-countdown-timer allows PHP Local File Inclusion.This...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27052/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T21:30:45
2 posts
🟠 CVE-2026-25378 - High (7.6)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Blind SQL Injection.This issue affects Nelio AB Testing: from n/a through <= 8.2.4.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25378/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25378 - High (7.6)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Blind SQL Injection.This issue affects Nelio AB Testing: from n/a through <= 8.2.4.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25378/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T21:30:31
2 posts
⚠️ CRITICAL: Pterodactyl Panel <1.12.1 has an auth bypass (CVE-2026-26016). Wings node token = full access to all servers, data loss risk. Upgrade to 1.12.1 ASAP & secure tokens! https://radar.offseq.com/threat/cve-2026-26016-cwe-639-authorization-bypass-throug-e8901bb1 #OffSeq #Pterodactyl #CVE202626016 #Vulnerability
##⚠️ CRITICAL: Pterodactyl Panel <1.12.1 has an auth bypass (CVE-2026-26016). Wings node token = full access to all servers, data loss risk. Upgrade to 1.12.1 ASAP & secure tokens! https://radar.offseq.com/threat/cve-2026-26016-cwe-639-authorization-bypass-throug-e8901bb1 #OffSeq #Pterodactyl #CVE202626016 #Vulnerability
##updated 2026-02-19T21:30:21
2 posts
🔴 CVE-2026-24834 - Critical (9.3)
Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In versions prior to 3.27.0, an issue in Kata with Cloud Hypervisor allows a user of the container ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24834/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-24834 - Critical (9.3)
Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In versions prior to 3.27.0, an issue in Kata with Cloud Hypervisor allows a user of the container ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24834/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T21:23:41
2 posts
1 repos
🔴 CVE-2026-25242 - Critical (9.8)
Gogs is an open source self-hosted Git service. Versions 0.13.4 and below expose unauthenticated file upload endpoints by default. When the global RequireSigninView setting is disabled (default), any remote user can upload arbitrary files to the s...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25242/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-25242 - Critical (9.8)
Gogs is an open source self-hosted Git service. Versions 0.13.4 and below expose unauthenticated file upload endpoints by default. When the global RequireSigninView setting is disabled (default), any remote user can upload arbitrary files to the s...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25242/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T21:14:58
2 posts
🟠 CVE-2026-25232 - High (8.8)
Gogs is an open source self-hosted Git service. Versions 0.13.4 and below have an access control bypass vulnerability which allows any repository collaborator with Write permissions to delete protected branches (including the default branch) by se...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25232/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25232 - High (8.8)
Gogs is an open source self-hosted Git service. Versions 0.13.4 and below have an access control bypass vulnerability which allows any repository collaborator with Write permissions to delete protected branches (including the default branch) by se...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25232/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T20:28:05
3 posts
🟠 CVE-2026-24708 - High (8.2)
An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qem...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24708/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-24708 - High (8.2)
An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qem...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24708/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T20:27:45
4 posts
🔴 CVE-2025-14009 - Critical (10)
A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting all versions. The _unzip_iter function in nltk/downloader.py uses zipfile.extractall() without performing path validation or security checks. This allows atta...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-14009/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-14009 - Critical (10)
A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting all versions. The _unzip_iter function in nltk/downloader.py uses zipfile.extractall() without performing path validation or security checks. This allows atta...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-14009/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-14009 - Critical (10)
A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting all versions. The _unzip_iter function in nltk/downloader.py uses zipfile.extractall() without performing path validation or security checks. This allows atta...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-14009/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-14009 - Critical (10)
A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting all versions. The _unzip_iter function in nltk/downloader.py uses zipfile.extractall() without performing path validation or security checks. This allows atta...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-14009/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T20:25:44.063000
2 posts
🟠 CVE-2026-26318 - High (8.8)
systeminformation is a System and OS information library for node.js. Versions prior to 5.31.0 are vulnerable to command injection via unsanitized `locate` output in `versions()`. Version 5.31.0 fixes the issue.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26318/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26318 - High (8.8)
systeminformation is a System and OS information library for node.js. Versions prior to 5.31.0 are vulnerable to command injection via unsanitized `locate` output in `versions()`. Version 5.31.0 fixes the issue.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26318/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T20:25:43.717000
2 posts
🟠 CVE-2026-26278 - High (7.5)
fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 4.1.3 through 5.3.5, the XML parser can be forced to do an unlimited amount of entity expa...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26278/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26278 - High (7.5)
fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 4.1.3 through 5.3.5, the XML parser can be forced to do an unlimited amount of entity expa...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26278/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T20:25:24.843000
2 posts
🟠 CVE-2025-70148 - High (7.5)
Missing authentication and authorization in print_membership_card.php in CodeAstro Membership Management System 1.0 allows unauthenticated attackers to access membership card data of arbitrary users via direct requests with a manipulated id parame...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70148/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-70148 - High (7.5)
Missing authentication and authorization in print_membership_card.php in CodeAstro Membership Management System 1.0 allows unauthenticated attackers to access membership card data of arbitrary users via direct requests with a manipulated id parame...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70148/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T20:13:13.640000
2 posts
🟠 CVE-2026-25474 - High (7.5)
OpenClaw is a personal AI assistant. In versions 2026.1.30 and below, if channels.telegram.webhookSecret is not set when in Telegram webhook mode, OpenClaw may accept webhook HTTP requests without verifying Telegram’s secret token header. In dep...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25474/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25474 - High (7.5)
OpenClaw is a personal AI assistant. In versions 2026.1.30 and below, if channels.telegram.webhookSecret is not set when in Telegram webhook mode, OpenClaw may accept webhook HTTP requests without verifying Telegram’s secret token header. In dep...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25474/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T19:34:15
6 posts
Unbelievable.... https://digg.com/cybersecurity/yCL5Ang/critical-alert-cve-2026-26030-microsoft
##⚠️ CRITICAL RCE: CVE-2026-26030 in Microsoft Semantic Kernel (<1.39.4) lets remote attackers execute code via InMemoryVectorStore filter. Upgrade to 1.39.4+ ASAP or avoid this component in prod. Details: https://radar.offseq.com/threat/cve-2026-26030-cwe-94-improper-control-of-generati-8c490551
#OffSeq #CVE #infosec #Python #AIsecurity
🔴 CVE-2026-26030 - Critical (9.9)
Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execution vulnerability in versions prior to 1.39.4, specifically within the `InMemoryVectorStore` filter functionality. The problem has been fixed in version `python-1.39....
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26030/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Unbelievable.... https://digg.com/cybersecurity/yCL5Ang/critical-alert-cve-2026-26030-microsoft
##⚠️ CRITICAL RCE: CVE-2026-26030 in Microsoft Semantic Kernel (<1.39.4) lets remote attackers execute code via InMemoryVectorStore filter. Upgrade to 1.39.4+ ASAP or avoid this component in prod. Details: https://radar.offseq.com/threat/cve-2026-26030-cwe-94-improper-control-of-generati-8c490551
#OffSeq #CVE #infosec #Python #AIsecurity
🔴 CVE-2026-26030 - Critical (9.9)
Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execution vulnerability in versions prior to 1.39.4, specifically within the `InMemoryVectorStore` filter functionality. The problem has been fixed in version `python-1.39....
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26030/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T19:32:48
4 posts
🟠 CVE-2026-25940 - High (8.1)
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25940/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ HIGH severity: CVE-2026-25940 in jsPDF (<4.2.0) allows arbitrary PDF object injection via Acroform, leading to code execution on user interaction. Patch to 4.2.0+ & sanitize inputs now! https://radar.offseq.com/threat/cve-2026-25940-cwe-116-improper-encoding-or-escapi-3b5e393d #OffSeq #jsPDF #vuln #AppSec
##🟠 CVE-2026-25940 - High (8.1)
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25940/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ HIGH severity: CVE-2026-25940 in jsPDF (<4.2.0) allows arbitrary PDF object injection via Acroform, leading to code execution on user interaction. Patch to 4.2.0+ & sanitize inputs now! https://radar.offseq.com/threat/cve-2026-25940-cwe-116-improper-encoding-or-escapi-3b5e393d #OffSeq #jsPDF #vuln #AppSec
##updated 2026-02-19T19:22:30.720000
2 posts
🟠 CVE-2026-27475 - High (8.1)
SPIP before 4.4.9 allows Insecure Deserialization in the public area through the table_valeur filter and the DATA iterator, which accept serialized data. An attacker who can place malicious serialized content (a pre-condition requiring prior acces...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27475/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27475 - High (8.1)
SPIP before 4.4.9 allows Insecure Deserialization in the public area through the table_valeur filter and the DATA iterator, which accept serialized data. An attacker who can place malicious serialized content (a pre-condition requiring prior acces...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27475/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T19:22:28.717000
2 posts
🟠 CVE-2026-25418 - High (7.6)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bitpressadmin Bit Form bit-form allows SQL Injection.This issue affects Bit Form: from n/a through <= 2.21.10.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25418/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25418 - High (7.6)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bitpressadmin Bit Form bit-form allows SQL Injection.This issue affects Bit Form: from n/a through <= 2.21.10.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25418/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T18:35:27.370000
2 posts
🟠 CVE-2026-2648 - High (8.8)
Heap buffer overflow in PDFium in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to perform an out of bounds memory write via a crafted PDF file. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2648/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2648 - High (8.8)
Heap buffer overflow in PDFium in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to perform an out of bounds memory write via a crafted PDF file. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2648/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T18:32:10
2 posts
🚨 CRITICAL: CVE-2026-2409 in Delinea Cloud Suite (<25.2 HF1) enables remote SQL Injection by low-priv users — risking sensitive data. Patch urgently, validate inputs, and monitor DB activity! https://radar.offseq.com/threat/cve-2026-2409-cwe-89-improper-neutralization-of-sp-62e3fd17 #OffSeq #SQLInjection #Delinea #Vuln
##🚨 CRITICAL: CVE-2026-2409 in Delinea Cloud Suite (<25.2 HF1) enables remote SQL Injection by low-priv users — risking sensitive data. Patch urgently, validate inputs, and monitor DB activity! https://radar.offseq.com/threat/cve-2026-2409-cwe-89-improper-neutralization-of-sp-62e3fd17 #OffSeq #SQLInjection #Delinea #Vuln
##updated 2026-02-19T18:32:09
2 posts
🟠 CVE-2026-1581 - High (7.5)
The wpForo Forum plugin for WordPress is vulnerable to time-based SQL Injection via the 'wpfob' parameter in all versions up to, and including, 2.4.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation o...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1581/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-1581 - High (7.5)
The wpForo Forum plugin for WordPress is vulnerable to time-based SQL Injection via the 'wpfob' parameter in all versions up to, and including, 2.4.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation o...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1581/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T18:32:09
2 posts
🟠 CVE-2026-2232 - High (7.5)
The Product Table and List Builder for WooCommerce Lite plugin for WordPress is vulnerable to time-based SQL Injection via the 'search' parameter in all versions up to, and including, 4.6.2 due to insufficient escaping on the user supplied paramet...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2232/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2232 - High (7.5)
The Product Table and List Builder for WooCommerce Lite plugin for WordPress is vulnerable to time-based SQL Injection via the 'search' parameter in all versions up to, and including, 4.6.2 due to insufficient escaping on the user supplied paramet...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2232/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T18:32:08
2 posts
🟠 CVE-2026-26337 - High (8.2)
Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve both arbitrary file read and server-side request forgery through the absolute path traversal.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26337/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26337 - High (8.2)
Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve both arbitrary file read and server-side request forgery through the absolute path traversal.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26337/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T18:32:08
6 posts
🟠 CVE-2026-26362 - High (8.1)
Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Relative Path Traversal vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized modification of critical system fi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26362/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26362 - High (8.1)
Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Relative Path Traversal vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized modification of critical system fi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26362/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26362 - High (8.1)
Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Relative Path Traversal vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized modification of critical system fi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26362/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26362 - High (8.1)
Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Relative Path Traversal vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized modification of critical system fi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26362/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26362 - High (8.1)
Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Relative Path Traversal vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized modification of critical system fi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26362/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26362 - High (8.1)
Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Relative Path Traversal vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized modification of critical system fi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26362/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T18:32:08
4 posts
🟠 CVE-2025-71250 - High (8.1)
SPIP before 4.4.9 allows Insecure Deserialization in the public area through the table_valeur filter and the DATA iterator, which accept serialized data. An attacker who can place malicious serialized content (a pre-condition requiring prior acces...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71250/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-71250 - High (8.1)
SPIP before 4.4.9 allows Insecure Deserialization in the public area through the table_valeur filter and the DATA iterator, which accept serialized data. An attacker who can place malicious serialized content (a pre-condition requiring prior acces...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71250/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-71250 - High (8.1)
SPIP before 4.4.9 allows Insecure Deserialization in the public area through the table_valeur filter and the DATA iterator, which accept serialized data. An attacker who can place malicious serialized content (a pre-condition requiring prior acces...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71250/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-71250 - High (8.1)
SPIP before 4.4.9 allows Insecure Deserialization in the public area through the table_valeur filter and the DATA iterator, which accept serialized data. An attacker who can place malicious serialized content (a pre-condition requiring prior acces...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71250/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T18:32:07
10 posts
🟠 CVE-2026-26358 - High (8.8)
Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26358/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26358 - High (8.8)
Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26358/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26358 - High (8.8)
Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26358/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚩 CVE-2026-26358 (HIGH): Dell Unisphere for PowerMax 10.2 has a missing auth check. Remote low-priv users can access restricted storage functions. Restrict access, enforce MFA, and monitor logs. No patch yet. https://radar.offseq.com/threat/cve-2026-26358-cwe-862-missing-authorization-in-de-3cb4a373 #OffSeq #Dell #Vuln #InfoSec
##🔒 CVE-2026-26358: HIGH severity flaw in Dell Unisphere for PowerMax v10.2 allows remote low-priv attackers to bypass authorization — potential access to sensitive storage functions. Restrict access & monitor systems. Patch ASAP when available. https://radar.offseq.com/threat/cve-2026-26358-cwe-862-missing-authorization-in-de-3cb4a373 #OffSeq #Vuln #Dell
##🟠 CVE-2026-26358 - High (8.8)
Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26358/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26358 - High (8.8)
Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26358/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26358 - High (8.8)
Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26358/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚩 CVE-2026-26358 (HIGH): Dell Unisphere for PowerMax 10.2 has a missing auth check. Remote low-priv users can access restricted storage functions. Restrict access, enforce MFA, and monitor logs. No patch yet. https://radar.offseq.com/threat/cve-2026-26358-cwe-862-missing-authorization-in-de-3cb4a373 #OffSeq #Dell #Vuln #InfoSec
##🔒 CVE-2026-26358: HIGH severity flaw in Dell Unisphere for PowerMax v10.2 allows remote low-priv attackers to bypass authorization — potential access to sensitive storage functions. Restrict access & monitor systems. Patch ASAP when available. https://radar.offseq.com/threat/cve-2026-26358-cwe-862-missing-authorization-in-de-3cb4a373 #OffSeq #Vuln #Dell
##updated 2026-02-19T18:32:07
2 posts
🔴 CVE-2025-12107 - Critical (10)
Due to the use of a vulnerable third-party Velocity template engine, a malicious actor with admin privilege may inject and execute arbitrary template syntax within server-side templates.
Successful exploitation of this vulnerability could allow...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-12107/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-12107 - Critical (10)
Due to the use of a vulnerable third-party Velocity template engine, a malicious actor with admin privilege may inject and execute arbitrary template syntax within server-side templates.
Successful exploitation of this vulnerability could allow...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-12107/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T18:32:07
2 posts
🔴 CVE-2025-8350 - Critical (9.8)
Execution After Redirect (EAR), Missing Authentication for Critical Function vulnerability in Inrove Software and Internet Services BiEticaret CMS allows Authentication Bypass, HTTP Response Splitting.This issue affects BiEticaret CMS: from 2.1.13...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-8350/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-8350 - Critical (9.8)
Execution After Redirect (EAR), Missing Authentication for Critical Function vulnerability in Inrove Software and Internet Services BiEticaret CMS allows Authentication Bypass, HTTP Response Splitting.This issue affects BiEticaret CMS: from 2.1.13...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-8350/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T18:32:06
2 posts
🟠 CVE-2026-26359 - High (8.8)
Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the ability to overwrite arbitra...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26359/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26359 - High (8.8)
Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the ability to overwrite arbitra...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26359/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T18:32:06
2 posts
🔴 CVE-2025-9953 - Critical (9.8)
Authorization Bypass Through User-Controlled SQL Primary Key vulnerability in DATABASE Software Training Consulting Ltd. Databank Accreditation Software allows SQL Injection.This issue affects Databank Accreditation Software: through 19022026.
NO...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-9953/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-9953 - Critical (9.8)
Authorization Bypass Through User-Controlled SQL Primary Key vulnerability in DATABASE Software Training Consulting Ltd. Databank Accreditation Software allows SQL Injection.This issue affects Databank Accreditation Software: through 19022026.
NO...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-9953/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T18:32:05
8 posts
🟠 CVE-2026-26360 - High (8.1)
Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability to delete arbitrary files.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26360/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26360 - High (8.1)
Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability to delete arbitrary files.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26360/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🛑 HIGH severity: Dell Unisphere for PowerMax v10.2 (CVE-2026-26360) has a network-based vulnerability — low-priv attackers can remotely delete files, risking data & availability. Restrict access, monitor logs, back up configs. https://radar.offseq.com/threat/cve-2026-26360-cwe-73-external-control-of-file-nam-58de98ef #OffSeq #Dell #Vuln #StorageSecurity
##🔒 HIGH severity: Dell Unisphere for PowerMax 10.2 is vulnerable (CVE-2026-26360) to external control of file name/path. Remote, low privilege attackers could delete arbitrary files. Watch for patches! https://radar.offseq.com/threat/cve-2026-26360-cwe-73-external-control-of-file-nam-58de98ef #OffSeq #Dell #Vuln #Infosec
##🟠 CVE-2026-26360 - High (8.1)
Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability to delete arbitrary files.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26360/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26360 - High (8.1)
Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability to delete arbitrary files.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26360/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🛑 HIGH severity: Dell Unisphere for PowerMax v10.2 (CVE-2026-26360) has a network-based vulnerability — low-priv attackers can remotely delete files, risking data & availability. Restrict access, monitor logs, back up configs. https://radar.offseq.com/threat/cve-2026-26360-cwe-73-external-control-of-file-nam-58de98ef #OffSeq #Dell #Vuln #StorageSecurity
##🔒 HIGH severity: Dell Unisphere for PowerMax 10.2 is vulnerable (CVE-2026-26360) to external control of file name/path. Remote, low privilege attackers could delete arbitrary files. Watch for patches! https://radar.offseq.com/threat/cve-2026-26360-cwe-73-external-control-of-file-nam-58de98ef #OffSeq #Dell #Vuln #Infosec
##updated 2026-02-19T18:32:03
4 posts
🔴 CVE-2026-1994 - Critical (9.8)
The s2Member plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 260127. This is due to the plugin not properly validating a user's identity prior to updating their password. This m...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1994/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CVE-2026-1994 (CRITICAL, CVSS 9.8): All s2Member WordPress plugin versions up to 260127 allow unauthenticated password resets — admin takeover possible! Disable plugin, enforce MFA, audit accounts. No patch yet. https://radar.offseq.com/threat/cve-2026-1994-cwe-269-improper-privilege-managemen-8fe39267 #OffSeq #WordPress #Vuln
##🔴 CVE-2026-1994 - Critical (9.8)
The s2Member plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 260127. This is due to the plugin not properly validating a user's identity prior to updating their password. This m...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1994/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CVE-2026-1994 (CRITICAL, CVSS 9.8): All s2Member WordPress plugin versions up to 260127 allow unauthenticated password resets — admin takeover possible! Disable plugin, enforce MFA, audit accounts. No patch yet. https://radar.offseq.com/threat/cve-2026-1994-cwe-269-improper-privilege-managemen-8fe39267 #OffSeq #WordPress #Vuln
##updated 2026-02-19T18:32:02
2 posts
🟠 CVE-2025-4521 - High (8.8)
The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the idonate_donor_profile() function in versions 2.1.5 to 2.1.9. This makes it poss...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-4521/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-4521 - High (8.8)
The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the idonate_donor_profile() function in versions 2.1.5 to 2.1.9. This makes it poss...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-4521/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T18:32:02
2 posts
🟠 CVE-2025-4960 - High (7.8)
The com.epson.InstallNavi.helper tool, deployed with the EPSON printer driver installer, contains a local privilege escalation vulnerability due to multiple flaws in its implementation. It fails to properly authenticate clients over the XPC protoc...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-4960/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-4960 - High (7.8)
The com.epson.InstallNavi.helper tool, deployed with the EPSON printer driver installer, contains a local privilege escalation vulnerability due to multiple flaws in its implementation. It fails to properly authenticate clients over the XPC protoc...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-4960/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T18:32:02
4 posts
🔴 CVE-2026-0926 - Critical (9.8)
The Prodigy Commerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.2.9 via the 'parameters[template_name]' parameter. This makes it possible for unauthenticated attackers to include and read arb...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0926/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CVE-2026-0926 (CRITICAL): Prodigy Commerce plugin for WordPress allows unauth LFI & RCE via 'parameters[template_name]'. All versions affected, no patch yet. Disable plugin, monitor file uploads, and audit systems. https://radar.offseq.com/threat/cve-2026-0926-cwe-98-improper-control-of-filename--2995b72c #OffSeq #WordPress #Vuln
##🔴 CVE-2026-0926 - Critical (9.8)
The Prodigy Commerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.2.9 via the 'parameters[template_name]' parameter. This makes it possible for unauthenticated attackers to include and read arb...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0926/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CVE-2026-0926 (CRITICAL): Prodigy Commerce plugin for WordPress allows unauth LFI & RCE via 'parameters[template_name]'. All versions affected, no patch yet. Disable plugin, monitor file uploads, and audit systems. https://radar.offseq.com/threat/cve-2026-0926-cwe-98-improper-control-of-filename--2995b72c #OffSeq #WordPress #Vuln
##updated 2026-02-19T18:32:01
2 posts
🔴 CVE-2025-13851 - Critical (9.8)
The Buyent Classified plugin for WordPress (bundled with Buyent theme) is vulnerable to privilege escalation via user registration in all versions up to, and including, 1.0.7. This is due to the plugin not validating or restricting the user role d...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-13851/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-13851 - Critical (9.8)
The Buyent Classified plugin for WordPress (bundled with Buyent theme) is vulnerable to privilege escalation via user registration in all versions up to, and including, 1.0.7. This is due to the plugin not validating or restricting the user role d...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-13851/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T18:32:01
2 posts
🟠 CVE-2026-0912 - High (8.8)
The Toret Manager plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'trman_save_option' function and on the 'trman_save_option_items' in all versi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0912/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-0912 - High (8.8)
The Toret Manager plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'trman_save_option' function and on the 'trman_save_option_items' in all versi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0912/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T18:31:53
2 posts
🟠 CVE-2025-12707 - High (7.5)
The Library Management System plugin for WordPress is vulnerable to SQL Injection via the 'bid' parameter in all versions up to, and including, 3.2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-12707/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-12707 - High (7.5)
The Library Management System plugin for WordPress is vulnerable to SQL Injection via the 'bid' parameter in all versions up to, and including, 3.2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-12707/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T18:31:53
2 posts
🔴 CVE-2025-12882 - Critical (9.8)
The Clasifico Listing plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0. This is due to the plugin allowing users who are registering new accounts to set their own role by supplying the 'listing_user_...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-12882/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-12882 - Critical (9.8)
The Clasifico Listing plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0. This is due to the plugin allowing users who are registering new accounts to set their own role by supplying the 'listing_user_...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-12882/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T18:31:52
2 posts
🟠 CVE-2025-12845 - High (8.8)
The Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent plugin for WordPress is vulnerable to unauthorized access of data that leads to privilege escalation due to a missing capability check on the get_table_data() fu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-12845/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-12845 - High (8.8)
The Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent plugin for WordPress is vulnerable to unauthorized access of data that leads to privilege escalation due to a missing capability check on the get_table_data() fu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-12845/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T18:31:50
2 posts
🔴 CVE-2025-13563 - Critical (9.8)
The Lizza LMS Pro plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the 'lizza_lms_pro_register_user_front_end' function not restricting what user roles a user can register with....
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-13563/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-13563 - Critical (9.8)
The Lizza LMS Pro plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the 'lizza_lms_pro_register_user_front_end' function not restricting what user roles a user can register with....
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-13563/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T18:25:00.133000
4 posts
🔴 CVE-2026-26339 - Critical (9.8)
Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve remote code execution through the argument injection vulnerability, which exists in the document processing functionality.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26339/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔎 CRITICAL: CVE-2026-26339 in Hyland Alfresco Transformation Service (Enterprise) enables unauthenticated SSRF → RCE. Restrict access, monitor for abuse, patch ASAP. All versions at risk. https://radar.offseq.com/threat/cve-2026-26339-cwe-918-server-side-request-forgery-f1de4ab8 #OffSeq #CVE202626339 #SSRF #RCE #Alfresco
##🔴 CVE-2026-26339 - Critical (9.8)
Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve remote code execution through the argument injection vulnerability, which exists in the document processing functionality.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26339/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔎 CRITICAL: CVE-2026-26339 in Hyland Alfresco Transformation Service (Enterprise) enables unauthenticated SSRF → RCE. Restrict access, monitor for abuse, patch ASAP. All versions at risk. https://radar.offseq.com/threat/cve-2026-26339-cwe-918-server-side-request-forgery-f1de4ab8 #OffSeq #CVE202626339 #SSRF #RCE #Alfresco
##updated 2026-02-19T17:24:50.943000
2 posts
🟠 CVE-2026-26336 - High (7.5)
Hyland Alfresco allows unauthenticated attackers to read arbitrary files from protected directories (like WEB-INF) via the "/share/page/resource/" endpoint, thus leading to the disclosure of sensitive configuration files.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26336/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26336 - High (7.5)
Hyland Alfresco allows unauthenticated attackers to read arbitrary files from protected directories (like WEB-INF) via the "/share/page/resource/" endpoint, thus leading to the disclosure of sensitive configuration files.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26336/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T16:27:12.303000
2 posts
1 repos
🔴 CVE-2025-71243 - Critical (9.8)
The 'Saisies pour formulaire' (Saisies) plugin for SPIP versions 5.4.0 through 5.11.0 contains a critical Remote Code Execution (RCE) vulnerability. An attacker can exploit this vulnerability to execute arbitrary code on the server. Users should i...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71243/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-71243 - Critical (9.8)
The 'Saisies pour formulaire' (Saisies) plugin for SPIP versions 5.4.0 through 5.11.0 contains a critical Remote Code Execution (RCE) vulnerability. An attacker can exploit this vulnerability to execute arbitrary code on the server. Users should i...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71243/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T15:53:43.903000
2 posts
1 repos
🔴 CVE-2025-65791 - Critical (9.8)
ZoneMinder v1.36.34 is vulnerable to Command Injection in web/views/image.php. The application passes unsanitized user input directly to the exec() function.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-65791/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-65791 - Critical (9.8)
ZoneMinder v1.36.34 is vulnerable to Command Injection in web/views/image.php. The application passes unsanitized user input directly to the exec() function.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-65791/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T15:53:02.850000
2 posts
🟠 CVE-2025-11754 - High (7.5)
The GDPR Cookie Consent plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'gdpr/v1/settings' REST API endpoint in all versions up to, and including, 4.1.2. This makes it possible for unauthe...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-11754/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-11754 - High (7.5)
The GDPR Cookie Consent plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'gdpr/v1/settings' REST API endpoint in all versions up to, and including, 4.1.2. This makes it possible for unauthe...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-11754/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T15:53:02.850000
2 posts
🟠 CVE-2025-12821 - High (8.8)
The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 0.2.5.6 to 0.2.6.1. This is due to missing or incorrect nonce validation on the newsblogger_install_and_activate_plugin() function. This makes it possible...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-12821/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-12821 - High (8.8)
The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 0.2.5.6 to 0.2.6.1. This is due to missing or incorrect nonce validation on the newsblogger_install_and_activate_plugin() function. This makes it possible...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-12821/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T15:53:02.850000
2 posts
🟠 CVE-2025-13603 - High (8.8)
The WP AUDIO GALLERY plugin for WordPress is vulnerable to Unauthorized Arbitrary File Read in all versions up to, and including, 2.0. This is due to insufficient capability checks and lack of nonce verification on the "wpag_htaccess_callback" fun...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-13603/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-13603 - High (8.8)
The WP AUDIO GALLERY plugin for WordPress is vulnerable to Unauthorized Arbitrary File Read in all versions up to, and including, 2.0. This is due to insufficient capability checks and lack of nonce verification on the "wpag_htaccess_callback" fun...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-13603/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T15:53:02.850000
2 posts
🟠 CVE-2026-0974 - High (8.8)
The Orderable – WordPress Restaurant Online Ordering System and Food Ordering Plugin plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the 'install_plugin' function in all versions up to,...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0974/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-0974 - High (8.8)
The Orderable – WordPress Restaurant Online Ordering System and Food Ordering Plugin plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the 'install_plugin' function in all versions up to,...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0974/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T15:53:02.850000
4 posts
🚨 CRITICAL: CVE-2026-2686 in SECCN Dingcheng G10 (v3.1.0.181203) enables unauthenticated remote OS command injection via the 'User' param in /cgi-bin/session_login.cgi. Exploit code is public. Restrict access & monitor! https://radar.offseq.com/threat/cve-2026-2686-os-command-injection-in-seccn-dingch-6d02b310 #OffSeq #CVE20262686 #IoTSec
##🔴 CVE-2026-2686 - Critical (9.8)
A security vulnerability has been detected in SECCN Dingcheng G10 3.1.0.181203. This impacts the function qq of the file /cgi-bin/session_login.cgi. The manipulation of the argument User leads to os command injection. The attack is possible to be ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2686/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CRITICAL: CVE-2026-2686 in SECCN Dingcheng G10 (v3.1.0.181203) enables unauthenticated remote OS command injection via the 'User' param in /cgi-bin/session_login.cgi. Exploit code is public. Restrict access & monitor! https://radar.offseq.com/threat/cve-2026-2686-os-command-injection-in-seccn-dingch-6d02b310 #OffSeq #CVE20262686 #IoTSec
##🔴 CVE-2026-2686 - Critical (9.8)
A security vulnerability has been detected in SECCN Dingcheng G10 3.1.0.181203. This impacts the function qq of the file /cgi-bin/session_login.cgi. The manipulation of the argument User leads to os command injection. The attack is possible to be ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2686/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T15:53:02.850000
4 posts
MajorDoMo (all versions) faces a CRITICAL OS command injection (CVE-2026-27175, CVSS 9.2). Unauthenticated RCE via rc/index.php & cycle_execs.php. No patch yet — restrict endpoints, sanitize input, and monitor activity! https://radar.offseq.com/threat/cve-2026-27175-improper-neutralization-of-special--9a0f14bf #OffSeq #CVE202627175 #Infosec
##🔴 CVE-2026-27175 - Critical (9.8)
MajorDoMo (aka Major Domestic Module) is vulnerable to unauthenticated OS command injection via rc/index.php. The $param variable from user input is interpolated into a command string within double quotes without sanitization via escapeshellarg()....
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27175/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##MajorDoMo (all versions) faces a CRITICAL OS command injection (CVE-2026-27175, CVSS 9.2). Unauthenticated RCE via rc/index.php & cycle_execs.php. No patch yet — restrict endpoints, sanitize input, and monitor activity! https://radar.offseq.com/threat/cve-2026-27175-improper-neutralization-of-special--9a0f14bf #OffSeq #CVE202627175 #Infosec
##🔴 CVE-2026-27175 - Critical (9.8)
MajorDoMo (aka Major Domestic Module) is vulnerable to unauthenticated OS command injection via rc/index.php. The $param variable from user input is interpolated into a command string within double quotes without sanitization via escapeshellarg()....
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27175/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T15:53:02.850000
4 posts
1 repos
https://github.com/mbanyamer/CVE-2026-27180-MajorDoMo-unauthenticated-RCE
🔴 CVE-2026-27180 - Critical (9.8)
MajorDoMo (aka Major Domestic Module) is vulnerable to unauthenticated remote code execution through supply chain compromise via update URL poisoning. The saverestore module exposes its admin() method through the /objects/?module=saverestore endpo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27180/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CRITICAL: CVE-2026-27180 in sergejey MajorDoMo allows unauthenticated RCE via poisoned update URLs. Attackers can deploy arbitrary PHP files to webroot with 2 GETs. Patch urgently! https://radar.offseq.com/threat/cve-2026-27180-download-of-code-without-integrity--99709b79 #OffSeq #CVE #infosec #remotecodeexecution
##🔴 CVE-2026-27180 - Critical (9.8)
MajorDoMo (aka Major Domestic Module) is vulnerable to unauthenticated remote code execution through supply chain compromise via update URL poisoning. The saverestore module exposes its admin() method through the /objects/?module=saverestore endpo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27180/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CRITICAL: CVE-2026-27180 in sergejey MajorDoMo allows unauthenticated RCE via poisoned update URLs. Attackers can deploy arbitrary PHP files to webroot with 2 GETs. Patch urgently! https://radar.offseq.com/threat/cve-2026-27180-download-of-code-without-integrity--99709b79 #OffSeq #CVE #infosec #remotecodeexecution
##updated 2026-02-19T15:53:02.850000
2 posts
🟠 CVE-2026-0874 - High (7.8)
A maliciously crafted CATPART file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0874/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-0874 - High (7.8)
A maliciously crafted CATPART file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0874/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T15:52:39.260000
2 posts
🔴 CVE-2026-1405 - Critical (9.8)
The Slider Future plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'slider_future_handle_image_upload' function in all versions up to, and including, 1.0.5. This makes it possible for unauthen...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1405/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-1405 - Critical (9.8)
The Slider Future plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'slider_future_handle_image_upload' function in all versions up to, and including, 1.0.5. This makes it possible for unauthen...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1405/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T15:52:39.260000
4 posts
🟠 CVE-2026-22267 - High (8.1)
Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22267/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔔 CVE-2026-22267 (HIGH): Dell PowerProtect Data Manager <19.22 lets remote low-priv users escalate privileges. Urgently restrict remote access, enforce least privilege, and monitor logs. No patch yet. https://radar.offseq.com/threat/cve-2026-22267-cwe-266-incorrect-privilege-assignm-254d0ded #OffSeq #CyberSecurity #Vuln #Dell
##🟠 CVE-2026-22267 - High (8.1)
Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22267/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔔 CVE-2026-22267 (HIGH): Dell PowerProtect Data Manager <19.22 lets remote low-priv users escalate privileges. Urgently restrict remote access, enforce least privilege, and monitor logs. No patch yet. https://radar.offseq.com/threat/cve-2026-22267-cwe-266-incorrect-privilege-assignm-254d0ded #OffSeq #CyberSecurity #Vuln #Dell
##updated 2026-02-19T15:52:39.260000
2 posts
🟠 CVE-2026-25755 - High (8.1)
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the argument of the `addJS` method allows an attacker to inject arbitrary PDF objects into the generated document. By crafting a payload that escapes the JavaScript...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25755/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25755 - High (8.1)
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the argument of the `addJS` method allows an attacker to inject arbitrary PDF objects into the generated document. By crafting a payload that escapes the JavaScript...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25755/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T00:30:37
2 posts
🟠 CVE-2026-27179 - High (8.2)
MajorDoMo (aka Major Domestic Module) contains an unauthenticated SQL injection vulnerability in the commands module. The commands_search.inc.php file directly interpolates the $_GET['parent'] parameter into multiple SQL queries without sanitizati...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27179/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27179 - High (8.2)
MajorDoMo (aka Major Domestic Module) contains an unauthenticated SQL injection vulnerability in the commands module. The commands_search.inc.php file directly interpolates the $_GET['parent'] parameter into multiple SQL queries without sanitizati...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27179/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T00:30:37
2 posts
🟠 CVE-2026-27182 - High (8.4)
Saturn Remote Mouse Server contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands by sending specially crafted UDP JSON frames to port 27000. Attackers on the local network can send malformed...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27182/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27182 - High (8.4)
Saturn Remote Mouse Server contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands by sending specially crafted UDP JSON frames to port 27000. Attackers on the local network can send malformed...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27182/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T00:30:37
2 posts
🟠 CVE-2026-27181 - High (7.5)
MajorDoMo (aka Major Domestic Module) allows unauthenticated arbitrary module uninstallation through the market module. The market module's admin() method reads gr('mode') from $_REQUEST and assigns it to $this->mode at the start of execution, mak...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27181/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27181 - High (7.5)
MajorDoMo (aka Major Domestic Module) allows unauthenticated arbitrary module uninstallation through the market module. The market module's admin() method reads gr('mode') from $_REQUEST and assigns it to $this->mode at the start of execution, mak...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27181/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T00:30:30
4 posts
🛑 CVE-2026-2649: HIGH severity integer overflow in Chrome V8 pre-145.0.7632.109 lets remote attackers trigger heap corruption via crafted HTML. Update ASAP to patch! https://radar.offseq.com/threat/cve-2026-2649-integer-overflow-in-google-chrome-1776d2df #OffSeq #Chrome #Vuln #Security
##🟠 CVE-2026-2649 - High (8.8)
Integer overflow in V8 in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2649/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🛑 CVE-2026-2649: HIGH severity integer overflow in Chrome V8 pre-145.0.7632.109 lets remote attackers trigger heap corruption via crafted HTML. Update ASAP to patch! https://radar.offseq.com/threat/cve-2026-2649-integer-overflow-in-google-chrome-1776d2df #OffSeq #Chrome #Vuln #Security
##🟠 CVE-2026-2649 - High (8.8)
Integer overflow in V8 in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2649/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T00:30:30
4 posts
⚠️ CVE-2026-2650: HIGH severity heap buffer overflow in Google Chrome before 145.0.7632.109. Remote attackers can exploit via malicious HTML for code execution. Patch ASAP! https://radar.offseq.com/threat/cve-2026-2650-heap-buffer-overflow-in-google-chrom-0bc72c99 #OffSeq #Chrome #Vuln #CVE20262650
##🟠 CVE-2026-2650 - High (8.8)
Heap buffer overflow in Media in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2650/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CVE-2026-2650: HIGH severity heap buffer overflow in Google Chrome before 145.0.7632.109. Remote attackers can exploit via malicious HTML for code execution. Patch ASAP! https://radar.offseq.com/threat/cve-2026-2650-heap-buffer-overflow-in-google-chrom-0bc72c99 #OffSeq #Chrome #Vuln #CVE20262650
##🟠 CVE-2026-2650 - High (8.8)
Heap buffer overflow in Media in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2650/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T00:30:30
4 posts
🔴 CRITICAL: CVE-2026-27174 in MajorDoMo enables unauth RCE via vulnerable PHP handler — no user interaction needed. Full system compromise possible. Restrict panel access, patch, & monitor logs. Details: https://radar.offseq.com/threat/cve-2026-27174-improper-control-of-generation-of-c-e7d5bad6 #OffSeq #CVE202627174 #RCE #HomeAutomation #Infosec
##🔴 CVE-2026-27174 - Critical (9.8)
MajorDoMo (aka Major Domestic Module) allows unauthenticated remote code execution via the admin panel's PHP console feature. An include order bug in modules/panel.class.php causes execution to continue past a redirect() call that lacks an exit st...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27174/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CRITICAL: CVE-2026-27174 in MajorDoMo enables unauth RCE via vulnerable PHP handler — no user interaction needed. Full system compromise possible. Restrict panel access, patch, & monitor logs. Details: https://radar.offseq.com/threat/cve-2026-27174-improper-control-of-generation-of-c-e7d5bad6 #OffSeq #CVE202627174 #RCE #HomeAutomation #Infosec
##🔴 CVE-2026-27174 - Critical (9.8)
MajorDoMo (aka Major Domestic Module) allows unauthenticated remote code execution via the admin panel's PHP console feature. An include order bug in modules/panel.class.php causes execution to continue past a redirect() call that lacks an exit st...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27174/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T00:30:29
1 posts
⛔ New security advisory:
CVE-2019-25360 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://yazoul.net/advisory/cve/cve-2019-25360
updated 2026-02-18T23:49:03
2 posts
🟠 CVE-2026-22860 - High (7.5)
Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, `Rack::Directory`’s path check used a string prefix match on the expanded path. A request like `/../root_example/` can escape the configured root if the ta...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22860/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-22860 - High (7.5)
Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, `Rack::Directory`’s path check used a string prefix match on the expanded path. A request like `/../root_example/` can escape the configured root if the ta...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22860/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-18T22:16:24.073000
2 posts
If you're using firebase/php-jwt v6, surprise!
GitHub Advisory GHSA for CVE-2025-45769 ignores NVD "Disputed" status, blocks all php-jwt v6 users.
Details here:
##If you're using firebase/php-jwt v6, surprise!
GitHub Advisory GHSA for CVE-2025-45769 ignores NVD "Disputed" status, blocks all php-jwt v6 users.
Details here:
##updated 2026-02-18T21:32:26
2 posts
🔴 CVE-2025-70146 - Critical (9.1)
Missing authentication in multiple administrative action scripts under /admin/ in ProjectWorlds Online Time Table Generator 1.0 allows remote attackers to perform unauthorized administrative operations (e.g.,adding records, deleting records) via d...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70146/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-70146 - Critical (9.1)
Missing authentication in multiple administrative action scripts under /admin/ in ProjectWorlds Online Time Table Generator 1.0 allows remote attackers to perform unauthorized administrative operations (e.g.,adding records, deleting records) via d...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70146/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-18T21:32:25
6 posts
⛔ New security advisory:
CVE-2026-1435 affects Graylog Graylog.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://yazoul.net/advisory/cve/cve-2026-1435
🔴 CVE-2026-1435 - Critical (9.8)
Not properly invalidated session vulnerability in Graylog Web Interface, version 2.2.3, due to incorrect management of session invalidation after new logins. The application generates a new 'sessionId' each time a user authenticates, but does not ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1435/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CVE-2026-1435 (CRITICAL): Graylog Web Interface 2.2.3 fails to expire old sessions, enabling token reuse & unauthorized access. Restrict access, enable MFA, and monitor sessions until patch is released. Details: https://radar.offseq.com/threat/cve-2026-1435-cwe-613-insufficient-session-expirat-34761982 #OffSeq #Graylog #Vuln #Security
##⛔ New security advisory:
CVE-2026-1435 affects Graylog Graylog.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://yazoul.net/advisory/cve/cve-2026-1435
🔴 CVE-2026-1435 - Critical (9.8)
Not properly invalidated session vulnerability in Graylog Web Interface, version 2.2.3, due to incorrect management of session invalidation after new logins. The application generates a new 'sessionId' each time a user authenticates, but does not ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1435/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CVE-2026-1435 (CRITICAL): Graylog Web Interface 2.2.3 fails to expire old sessions, enabling token reuse & unauthorized access. Restrict access, enable MFA, and monitor sessions until patch is released. Details: https://radar.offseq.com/threat/cve-2026-1435-cwe-613-insufficient-session-expirat-34761982 #OffSeq #Graylog #Vuln #Security
##updated 2026-02-18T21:31:34
2 posts
2 repos
🟠 CVE-2025-1272 - High (7.7)
The Linux Kernel lockdown mode for kernel versions starting on 6.12 and above for Fedora Linux has the lockdown mode disabled without any warning. This may allow an attacker to gain access to sensitive information such kernel memory mappings, I/O ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-1272/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-1272 - High (7.7)
The Linux Kernel lockdown mode for kernel versions starting on 6.12 and above for Fedora Linux has the lockdown mode disabled without any warning. This may allow an attacker to gain access to sensitive information such kernel memory mappings, I/O ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-1272/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-18T21:31:34
2 posts
🟠 CVE-2026-0875 - High (7.8)
A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code i...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0875/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-0875 - High (7.8)
A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code i...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0875/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-18T21:31:23
2 posts
🟠 CVE-2025-70064 - High (8.8)
PHPGurukul Hospital Management System v4.0 contains a Privilege Escalation vulnerability. A low-privileged user (Patient) can directly access the Administrator Dashboard and all sub-modules (e.g., User Logs, Doctor Management) by manually browsing...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70064/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-70064 - High (8.8)
PHPGurukul Hospital Management System v4.0 contains a Privilege Escalation vulnerability. A low-privileged user (Patient) can directly access the Administrator Dashboard and all sub-modules (e.g., User Logs, Doctor Management) by manually browsing...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70064/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-18T21:31:23
2 posts
🔴 CVE-2025-70149 - Critical (9.8)
CodeAstro Membership Management System 1.0 is vulnerable to SQL Injection in print_membership_card.php via the ID parameter.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70149/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-70149 - Critical (9.8)
CodeAstro Membership Management System 1.0 is vulnerable to SQL Injection in print_membership_card.php via the ID parameter.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70149/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-18T21:31:23
2 posts
🟠 CVE-2025-70147 - High (7.5)
Missing authentication in /admin/student.php and /admin/teacher.php in ProjectWorlds Online Time Table Generator 1.0 allows remote attackers to obtain sensitive information (including plaintext password field values) via direct HTTP GET requests t...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70147/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-70147 - High (7.5)
Missing authentication in /admin/student.php and /admin/teacher.php in ProjectWorlds Online Time Table Generator 1.0 allows remote attackers to obtain sensitive information (including plaintext password field values) via direct HTTP GET requests t...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70147/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-18T20:01:15.983000
28 posts
🚨 [CISA-2026:0218] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0218)
CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2021-22175 (https://secdb.nttzen.cloud/cve/detail/CVE-2021-22175)
- Name: GitLab Server-Side Request Forgery (SSRF) Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: GitLab
- Product: GitLab
- Notes: https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22175.json ; https://nvd.nist.gov/vuln/detail/CVE-2021-22175
⚠️ CVE-2026-22769 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-22769)
- Name: Dell RecoverPoint for Virtual Machines (RP4VMs) Use of Hard-coded Credentials Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Dell
- Product: RecoverPoint for Virtual Machines (RP4VMs)
- Notes: https://www.dell.com/support/kbdoc/en-us/000426773/dsa-2026-079 ; https://www.dell.com/support/kbdoc/en-us/000426742/recoverpoint-for-vms-apply-the-remediation-script-for-dsa ; https://cloud.google.com/blog/topics/threat-intelligence/unc6201-exploiting-dell-recoverpoint-zero-day ; https://nvd.nist.gov/vuln/detail/CVE-2026-22769
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260218 #cisa20260218 #cve_2021_22175 #cve_2026_22769 #cve202122175 #cve202622769
##The issue, officially named CVE-2026-22769, involves hardcoded credentials. This means the software came with a built-in username and password that could not be easily changed.
5/10
One overlooked line of code let hackers waltz into critical federal systems, forcing a rare emergency patch order. How did hardcoded passwords cause such chaos?
##CVE-2026-22769 (CVSS 10.0) in Dell RecoverPoint for VMs is under confirmed exploitation.
Attribution: UNC6201 (linked to Silk Typhoon)
Malware: BRICKSTORM (evolving) → GRIMBOLT
Vector: Hard-coded credentials
Impact Layer: VMware-integrated DR appliances
This is a high-leverage target:
- Elevated privileges
- Direct integration with hypervisors & storage
- Influence over replicated datasets
- Potential long-term espionage dwell time
CISA has mandated immediate patching for federal agencies.
Key takeaway: Recovery infrastructure is now an active battlefield.
How are you validating integrity of replicated VM copies?
Comment below.
Source: https://therecord.media/fed-agencies-ordered-to-patch-dell-bug-after-exploitation-warning
Follow TechNadu for threat intelligence updates.
Share within your security teams.
#Infosec #ThreatIntelligence #ZeroDay #CISAAlert #VMwareSecurity #CyberEspionage #BlueTeam #RedTeam #APT #SecurityOperations #DigitalForensics
Cette faille critique dans Dell RecoverPoint est exploitée depuis mi-2024 https://www.it-connect.fr/dell-recoverpoint-faille-critique-cve-2026-22769/ #ActuCybersécurité #Cybersécurité #Dell
##⚠️ Dell RecoverPoint for VMs Zero-Day CVE-2026-22769 Exploited Since Mid-2024
https://thehackernews.com/2026/02/dell-recoverpoint-for-vms-zero-day-cve.html
##Dell warns of a max-severity flaw (CVE-2026-22769) in RecoverPoint for VMs, already exploited for root access in the wild. 🔓💻 Security teams are urged to patch or apply mitigations immediately. Details: https://cyberinsider.com/dell-warns-of-max-severity-flaw-in-recoverpoint-exploited-by-hackers/ #cybersecurity #infosec #Dell #Newz
##Fed agencies ordered to patch Dell bug by Saturday after exploitation warning
Dell and Google released notices on Tuesday about CVE-2026-22769, warning that a sophisticated Chinese actor has been targeting the bug since at...
🔗️ [Therecord] https://link.is.it/stSZK0
##Critical Dell RecoverPoint Exploit Exposed Since 2024
A zero-day Dell RecoverPoint exploit, CVE-2026-22769, has been actively exploited since mid-2024. Patch immediately to avoid data breaches.
Read more: https://thefinancialstandard.com/dell-recoverpoint-exploit/
##Hackers Exploit Dell RecoverPoint Zero-Day to Deploy Stealthy Backdoor
A critical flaw in Dell RecoverPoint for Virtual Machines (CVE-2026-22769) is actively exploited by threat actor using hard-coded credentials to deploy backdoors.
**If you are using Dell RecoverPoint, this is important! Check your Dell RecoverPoint versions and plan a very quick update to 6.0.3.1 HF1 patch to remove the hard-coded admin credentials. Ensure these appliances are isolated from the internet.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/unc6201-exploits-dell-recoverpoint-zero-day-to-deploy-stealthy-grimbolt-backdoor-v-5-i-5-6/gD2P6Ple2L
CVE ID: CVE-2026-22769
Vendor: Dell
Product: RecoverPoint for Virtual Machines (RP4VMs)
Date Added: 2026-02-18
Notes: https://www.dell.com/support/kbdoc/en-us/000426773/dsa-2026-079 ; https://www.dell.com/support/kbdoc/en-us/000426742/recoverpoint-for-vms-apply-the-remediation-script-for-dsa ; https://cloud.google.com/blog/topics/threat-intelligence/unc6201-exploiting-dell-recoverpoint-zero-day ; https://nvd.nist.gov/vuln/detail/CVE-2026-22769
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-22769
🚨 Mandiant have identified zero-day exploitation of a high-risk vulnerability in Dell RecoverPoint for Virtual Machines, tracked as CVE-2026-22769.
RecoverPoint can be detected using this Nuclei template:
https://github.com/projectdiscovery/nuclei-templates/pull/15377/changes
Very limited exposure to the internet.
Dell recommends upgrading to version 6.0.3.1 HF1 or later. Mitigations are also available.
Mandiant report:
https://cloud.google.com/blog/topics/threat-intelligence/unc6201-exploiting-dell-recoverpoint-zero-day
China-Linked APT Exploits Critical Dell RecoverPoint Zero-Day for Over a Year + Video
Introduction In a stark warning to enterprise security teams, researchers from Mandiant and Google’s Threat Intelligence Group (GTIG) have revealed that a China-linked advanced persistent threat (APT) group quietly exploited a severe zero-day vulnerability in Dell RecoverPoint for Virtual Machines since mid-2024. The flaw, now tracked as CVE-2026-22769, carries the highest severity…
##The activity involves the exploitation of CVE-2026-22769 (CVSS score: 10.0), a case of hard-coded credentials affecting versions prior to 6.0.3.1 HF1. Other products, including RecoverPoint Classic, are not vulnerable to the flaw. https://thehackernews.com/2026/02/dell-recoverpoint-for-vms-zero-day-cve.html
##🚨 [CISA-2026:0218] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0218)
CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2021-22175 (https://secdb.nttzen.cloud/cve/detail/CVE-2021-22175)
- Name: GitLab Server-Side Request Forgery (SSRF) Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: GitLab
- Product: GitLab
- Notes: https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22175.json ; https://nvd.nist.gov/vuln/detail/CVE-2021-22175
⚠️ CVE-2026-22769 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-22769)
- Name: Dell RecoverPoint for Virtual Machines (RP4VMs) Use of Hard-coded Credentials Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Dell
- Product: RecoverPoint for Virtual Machines (RP4VMs)
- Notes: https://www.dell.com/support/kbdoc/en-us/000426773/dsa-2026-079 ; https://www.dell.com/support/kbdoc/en-us/000426742/recoverpoint-for-vms-apply-the-remediation-script-for-dsa ; https://cloud.google.com/blog/topics/threat-intelligence/unc6201-exploiting-dell-recoverpoint-zero-day ; https://nvd.nist.gov/vuln/detail/CVE-2026-22769
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260218 #cisa20260218 #cve_2021_22175 #cve_2026_22769 #cve202122175 #cve202622769
##One overlooked line of code let hackers waltz into critical federal systems, forcing a rare emergency patch order. How did hardcoded passwords cause such chaos?
##CVE-2026-22769 (CVSS 10.0) in Dell RecoverPoint for VMs is under confirmed exploitation.
Attribution: UNC6201 (linked to Silk Typhoon)
Malware: BRICKSTORM (evolving) → GRIMBOLT
Vector: Hard-coded credentials
Impact Layer: VMware-integrated DR appliances
This is a high-leverage target:
- Elevated privileges
- Direct integration with hypervisors & storage
- Influence over replicated datasets
- Potential long-term espionage dwell time
CISA has mandated immediate patching for federal agencies.
Key takeaway: Recovery infrastructure is now an active battlefield.
How are you validating integrity of replicated VM copies?
Comment below.
Source: https://therecord.media/fed-agencies-ordered-to-patch-dell-bug-after-exploitation-warning
Follow TechNadu for threat intelligence updates.
Share within your security teams.
#Infosec #ThreatIntelligence #ZeroDay #CISAAlert #VMwareSecurity #CyberEspionage #BlueTeam #RedTeam #APT #SecurityOperations #DigitalForensics
Cette faille critique dans Dell RecoverPoint est exploitée depuis mi-2024 https://www.it-connect.fr/dell-recoverpoint-faille-critique-cve-2026-22769/ #ActuCybersécurité #Cybersécurité #Dell
##Dell warns of a max-severity flaw (CVE-2026-22769) in RecoverPoint for VMs, already exploited for root access in the wild. 🔓💻 Security teams are urged to patch or apply mitigations immediately. Details: https://cyberinsider.com/dell-warns-of-max-severity-flaw-in-recoverpoint-exploited-by-hackers/ #cybersecurity #infosec #Dell #Newz
##Fed agencies ordered to patch Dell bug by Saturday after exploitation warning
Dell and Google released notices on Tuesday about CVE-2026-22769, warning that a sophisticated Chinese actor has been targeting the bug since at...
🔗️ [Therecord] https://link.is.it/stSZK0
##Critical Dell RecoverPoint Exploit Exposed Since 2024
A zero-day Dell RecoverPoint exploit, CVE-2026-22769, has been actively exploited since mid-2024. Patch immediately to avoid data breaches.
Read more: https://thefinancialstandard.com/dell-recoverpoint-exploit/
##Hackers Exploit Dell RecoverPoint Zero-Day to Deploy Stealthy Backdoor
A critical flaw in Dell RecoverPoint for Virtual Machines (CVE-2026-22769) is actively exploited by threat actor using hard-coded credentials to deploy backdoors.
**If you are using Dell RecoverPoint, this is important! Check your Dell RecoverPoint versions and plan a very quick update to 6.0.3.1 HF1 patch to remove the hard-coded admin credentials. Ensure these appliances are isolated from the internet.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/unc6201-exploits-dell-recoverpoint-zero-day-to-deploy-stealthy-grimbolt-backdoor-v-5-i-5-6/gD2P6Ple2L
CVE ID: CVE-2026-22769
Vendor: Dell
Product: RecoverPoint for Virtual Machines (RP4VMs)
Date Added: 2026-02-18
Notes: https://www.dell.com/support/kbdoc/en-us/000426773/dsa-2026-079 ; https://www.dell.com/support/kbdoc/en-us/000426742/recoverpoint-for-vms-apply-the-remediation-script-for-dsa ; https://cloud.google.com/blog/topics/threat-intelligence/unc6201-exploiting-dell-recoverpoint-zero-day ; https://nvd.nist.gov/vuln/detail/CVE-2026-22769
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-22769
🚨 Mandiant have identified zero-day exploitation of a high-risk vulnerability in Dell RecoverPoint for Virtual Machines, tracked as CVE-2026-22769.
RecoverPoint can be detected using this Nuclei template:
https://github.com/projectdiscovery/nuclei-templates/pull/15377/changes
Very limited exposure to the internet.
Dell recommends upgrading to version 6.0.3.1 HF1 or later. Mitigations are also available.
Mandiant report:
https://cloud.google.com/blog/topics/threat-intelligence/unc6201-exploiting-dell-recoverpoint-zero-day
The activity involves the exploitation of CVE-2026-22769 (CVSS score: 10.0), a case of hard-coded credentials affecting versions prior to 6.0.3.1 HF1. Other products, including RecoverPoint Classic, are not vulnerable to the flaw. https://thehackernews.com/2026/02/dell-recoverpoint-for-vms-zero-day-cve.html
##📢 Zero‑day critique sur Dell RecoverPoint for VMs (CVE-2026-22769) exploitée par UNC6201 avec le backdoor GRIMBOLT
📝 Sel...
📖 cyberveille : https://cyberveille.ch/posts/2026-02-18-zero-day-critique-sur-dell-recoverpoint-for-vms-cve-2026-22769-exploitee-par-unc6201-avec-le-backdoor-grimbolt/
🌐 source : https://cloud.google.com/blog/topics/threat-intelligence/unc6201-exploiting-dell-recoverpoint-zero-day?hl=en
#CVE_2026_22769 #Dell_RecoverPoint_for_Virtual_Machines #Cyberveille
Zero-Day in Dell RecoverPoint Exploited by Chinese Hacker Group
A critical zero-day vulnerability, tracked as CVE-2026-22769, is being actively exploited in Dell Technologies’ RecoverPoint for Virtual Machines....
🔗️ [Thecyberexpress] https://link.is.it/FOr0Id
##CRITICAL: CVE-2026-22769 in Dell RecoverPoint for VMs (≤5.3 SP4 P1) lets unauthenticated attackers gain root via hardcoded creds. Patch or mitigate ASAP! 🛡️ https://radar.offseq.com/threat/cve-2026-22769-cwe-798-use-of-hard-coded-credentia-cad7841a #OffSeq #Vulnerability #Dell #InfoSec
##updated 2026-02-18T18:31:27
4 posts
[CVE-2026-0714] TPM-sniffing LUKS Keys on an Embedded Device
https://www.cyloq.se/en/research/cve-2026-0714-tpm-sniffing-luks-keys-on-an-embedded-device
##[CVE-2026-0714] TPM-sniffing LUKS Keys on an Embedded Device https://www.cyloq.se/en/research/cve-2026-0714-tpm-sniffing-luks-keys-on-an-embedded-device
##[CVE-2026-0714] TPM-sniffing LUKS Keys on an Embedded Device
https://www.cyloq.se/en/research/cve-2026-0714-tpm-sniffing-luks-keys-on-an-embedded-device
##[CVE-2026-0714] TPM-sniffing LUKS Keys on an Embedded Device https://www.cyloq.se/en/research/cve-2026-0714-tpm-sniffing-luks-keys-on-an-embedded-device
##updated 2026-02-18T18:31:26
6 posts
🚨 [CISA-2026:0218] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0218)
CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2021-22175 (https://secdb.nttzen.cloud/cve/detail/CVE-2021-22175)
- Name: GitLab Server-Side Request Forgery (SSRF) Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: GitLab
- Product: GitLab
- Notes: https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22175.json ; https://nvd.nist.gov/vuln/detail/CVE-2021-22175
⚠️ CVE-2026-22769 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-22769)
- Name: Dell RecoverPoint for Virtual Machines (RP4VMs) Use of Hard-coded Credentials Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Dell
- Product: RecoverPoint for Virtual Machines (RP4VMs)
- Notes: https://www.dell.com/support/kbdoc/en-us/000426773/dsa-2026-079 ; https://www.dell.com/support/kbdoc/en-us/000426742/recoverpoint-for-vms-apply-the-remediation-script-for-dsa ; https://cloud.google.com/blog/topics/threat-intelligence/unc6201-exploiting-dell-recoverpoint-zero-day ; https://nvd.nist.gov/vuln/detail/CVE-2026-22769
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260218 #cisa20260218 #cve_2021_22175 #cve_2026_22769 #cve202122175 #cve202622769
##Gitlab vulnerability CVE-2021-22175 got added to the CISA KEV. But this vuln is just a more complete patch to CVE-2021-22214. Likewise CVE-2021-39935 covers even more case where the CI Lint function could be used without authentication. In fact, the exploit code identical for all vulnerabilites. CVE-2021-39935 was already on the list, CVE-2021-22175 got added today and CVE-2021-22214 is still missing.
##CVE ID: CVE-2021-22175
Vendor: GitLab
Product: GitLab
Date Added: 2026-02-18
Notes: https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22175.json ; https://nvd.nist.gov/vuln/detail/CVE-2021-22175
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2021-22175
🚨 [CISA-2026:0218] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0218)
CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2021-22175 (https://secdb.nttzen.cloud/cve/detail/CVE-2021-22175)
- Name: GitLab Server-Side Request Forgery (SSRF) Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: GitLab
- Product: GitLab
- Notes: https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22175.json ; https://nvd.nist.gov/vuln/detail/CVE-2021-22175
⚠️ CVE-2026-22769 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-22769)
- Name: Dell RecoverPoint for Virtual Machines (RP4VMs) Use of Hard-coded Credentials Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Dell
- Product: RecoverPoint for Virtual Machines (RP4VMs)
- Notes: https://www.dell.com/support/kbdoc/en-us/000426773/dsa-2026-079 ; https://www.dell.com/support/kbdoc/en-us/000426742/recoverpoint-for-vms-apply-the-remediation-script-for-dsa ; https://cloud.google.com/blog/topics/threat-intelligence/unc6201-exploiting-dell-recoverpoint-zero-day ; https://nvd.nist.gov/vuln/detail/CVE-2026-22769
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260218 #cisa20260218 #cve_2021_22175 #cve_2026_22769 #cve202122175 #cve202622769
##Gitlab vulnerability CVE-2021-22175 got added to the CISA KEV. But this vuln is just a more complete patch to CVE-2021-22214. Likewise CVE-2021-39935 covers even more case where the CI Lint function could be used without authentication. In fact, the exploit code identical for all vulnerabilites. CVE-2021-39935 was already on the list, CVE-2021-22175 got added today and CVE-2021-22214 is still missing.
##CVE ID: CVE-2021-22175
Vendor: GitLab
Product: GitLab
Date Added: 2026-02-18
Notes: https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22175.json ; https://nvd.nist.gov/vuln/detail/CVE-2021-22175
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2021-22175
updated 2026-02-18T18:30:51
4 posts
🟠 CVE-2026-2507 - High (7.5)
When BIG-IP AFM or BIG-IP DDoS is provisioned, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2507/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2507 - High (7.5)
When BIG-IP AFM or BIG-IP DDoS is provisioned, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2507/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2507 - High (7.5)
When BIG-IP AFM or BIG-IP DDoS is provisioned, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2507/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2507 - High (7.5)
When BIG-IP AFM or BIG-IP DDoS is provisioned, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2507/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-18T18:30:47
2 posts
🔴 CVE-2025-70150 - Critical (9.8)
CodeAstro Membership Management System 1.0 contains a missing authentication vulnerability in delete_members.php that allows unauthenticated attackers to delete arbitrary member records via the id parameter.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70150/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-70150 - Critical (9.8)
CodeAstro Membership Management System 1.0 contains a missing authentication vulnerability in delete_members.php that allows unauthenticated attackers to delete arbitrary member records via the id parameter.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70150/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-18T18:30:39
4 posts
🔴 CVE-2025-70998 - Critical (9.8)
UTT HiPER 810 / nv810v4 router firmware v1.5.0-140603 was discovered to contain insecure default credentials for the telnet service, possibly allowing a remote attacker to gain root access via a crafted script.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70998/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-70998 - Critical (9.8)
UTT HiPER 810 / nv810v4 router firmware v1.5.0-140603 was discovered to contain insecure default credentials for the telnet service, possibly allowing a remote attacker to gain root access via a crafted script.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70998/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-70998 - Critical (9.8)
UTT HiPER 810 / nv810v4 router firmware v1.5.0-140603 was discovered to contain insecure default credentials for the telnet service, possibly allowing a remote attacker to gain root access via a crafted script.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70998/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-70998 - Critical (9.8)
UTT HiPER 810 / nv810v4 router firmware v1.5.0-140603 was discovered to contain insecure default credentials for the telnet service, possibly allowing a remote attacker to gain root access via a crafted script.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70998/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-18T18:30:38
2 posts
🟠 CVE-2025-61982 - High (7.8)
An arbitrary code execution vulnerability exists in the Code Stream directive functionality of OpenCFD OpenFOAM 2506. A specially crafted OpenFOAM simulation file can lead to arbitrary code execution. An attacker can provide a malicious file to tr...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-61982/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-61982 - High (7.8)
An arbitrary code execution vulnerability exists in the Code Stream directive functionality of OpenCFD OpenFOAM 2506. A specially crafted OpenFOAM simulation file can lead to arbitrary code execution. An attacker can provide a malicious file to tr...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-61982/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-18T17:52:22.253000
4 posts
🟠 CVE-2025-65715 - High (7.8)
An issue in the code-runner.executorMap setting of Visual Studio Code Extensions Code Runner v0.12.2 allows attackers to execute arbitrary code when opening a crafted workspace.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-65715/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##The security issues impact Code Runner (CVE-2025-65715), Markdown Preview Enhanced (CVE-2025-65716), Markdown Preview Enhanced (CVE-2025-65717), and Microsoft Live Preview (no identifier assigned). https://www.bleepingcomputer.com/news/security/flaws-in-popular-vscode-extensions-expose-developers-to-attacks/
##🟠 CVE-2025-65715 - High (7.8)
An issue in the code-runner.executorMap setting of Visual Studio Code Extensions Code Runner v0.12.2 allows attackers to execute arbitrary code when opening a crafted workspace.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-65715/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##The security issues impact Code Runner (CVE-2025-65715), Markdown Preview Enhanced (CVE-2025-65716), Markdown Preview Enhanced (CVE-2025-65717), and Microsoft Live Preview (no identifier assigned). https://www.bleepingcomputer.com/news/security/flaws-in-popular-vscode-extensions-expose-developers-to-attacks/
##updated 2026-02-18T17:52:22.253000
1 posts
🔴 New security advisory:
CVE-2026-2577 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://advisory.yazoul.net/cve/cve-2026-2577
updated 2026-02-18T17:51:53.510000
8 posts
Critical Authentication Bypass in Honeywell CCTVs Poses Severe Security Risk + Video
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning regarding a recently discovered vulnerability affecting Honeywell CCTV devices. This flaw, tracked as CVE-2026-1670, carries a CVSS score of 9.8, indicating its extreme severity. Experts caution that it could allow attackers to hijack accounts, access live camera feeds, and potentially…
##A single overlooked API flaw lets hackers hijack Honeywell CCTV cameras without even logging in—just how easy is it to take over a surveillance system? The answer is unsettling
##Critical Authentication Bypass in Honeywell CCTV Products Allows Remote Account Takeover
Honeywell reports a critical vulnerability (CVE-2026-1670) in several CCTV models that allows unauthenticated attackers to take over accounts by changing the password recovery email via an exposed API.
**Make sure your CCTV cameras are isolated from the internet and accessible from trusted networks only. Then check your Honeywell CCTV firmware versions and contact their support for patches.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-authentication-bypass-in-honeywell-cctv-products-allows-remote-account-takeover-4-q-2-4-4/gD2P6Ple2L
A single overlooked API flaw lets hackers hijack Honeywell CCTV cameras without even logging in—just how easy is it to take over a surveillance system? The answer is unsettling
##Critical Authentication Bypass in Honeywell CCTV Products Allows Remote Account Takeover
Honeywell reports a critical vulnerability (CVE-2026-1670) in several CCTV models that allows unauthenticated attackers to take over accounts by changing the password recovery email via an exposed API.
**Make sure your CCTV cameras are isolated from the internet and accessible from trusted networks only. Then check your Honeywell CCTV firmware versions and contact their support for patches.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-authentication-bypass-in-honeywell-cctv-products-allows-remote-account-takeover-4-q-2-4-4/gD2P6Ple2L
⚠️ CRITICAL: Honeywell I-HIB2PI-UL 2MP IP (6.1.22.1216) has CVE-2026-1670 (CWE-306) — missing auth on API enables remote attackers to change recovery emails and take over accounts. Patch or segment now! https://radar.offseq.com/threat/cve-2026-1670-cwe-306-missing-authentication-for-c-7263f78b #OffSeq #Honeywell #Vuln #OTSecurity
##🔴 CVE-2026-1670 - Critical (9.8)
The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the "forgot password" recovery email address.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1670/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-1670 - Critical (9.8)
The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the "forgot password" recovery email address.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1670/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-18T17:51:53.510000
6 posts
⚠️ HIGH severity: Jenkins 2.483-2.550 & LTS 2.492.1-2.541.1 hit by CVE-2026-27099 (stored XSS). Requires Agent/Configure or Agent/Disconnect permissions. Patch, restrict privileges, and review logs! https://radar.offseq.com/threat/cve-2026-27099-vulnerability-in-jenkins-project-je-f2bd90c0 #OffSeq #Jenkins #XSS #Security
##🟠 CVE-2026-27099 - High (8)
Jenkins 2.483 through 2.550 (both inclusive), LTS 2.492.1 through 2.541.1 (both inclusive) does not escape the user-provided description of the "Mark temporarily offline" offline cause, resulting in a stored cross-site scripting (XSS) vulnerabilit...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27099/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27099 - High (8)
Jenkins 2.483 through 2.550 (both inclusive), LTS 2.492.1 through 2.541.1 (both inclusive) does not escape the user-provided description of the "Mark temporarily offline" offline cause, resulting in a stored cross-site scripting (XSS) vulnerabilit...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27099/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ HIGH severity: Jenkins 2.483-2.550 & LTS 2.492.1-2.541.1 hit by CVE-2026-27099 (stored XSS). Requires Agent/Configure or Agent/Disconnect permissions. Patch, restrict privileges, and review logs! https://radar.offseq.com/threat/cve-2026-27099-vulnerability-in-jenkins-project-je-f2bd90c0 #OffSeq #Jenkins #XSS #Security
##🟠 CVE-2026-27099 - High (8)
Jenkins 2.483 through 2.550 (both inclusive), LTS 2.492.1 through 2.541.1 (both inclusive) does not escape the user-provided description of the "Mark temporarily offline" offline cause, resulting in a stored cross-site scripting (XSS) vulnerabilit...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27099/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27099 - High (8)
Jenkins 2.483 through 2.550 (both inclusive), LTS 2.492.1 through 2.541.1 (both inclusive) does not escape the user-provided description of the "Mark temporarily offline" offline cause, resulting in a stored cross-site scripting (XSS) vulnerabilit...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27099/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-18T17:51:53.510000
4 posts
🔒 CVE-2026-1426: HIGH severity PHP Object Injection in berocket Advanced AJAX Product Filters (WordPress, <=3.1.9.6). Requires Author access + Live Composer, and a gadget chain in another plugin/theme. Update or audit now! https://radar.offseq.com/threat/cve-2026-1426-cwe-502-deserialization-of-untrusted-d5d3ff22 #OffSeq #WordPress #PHP
##🟠 CVE-2026-1426 - High (8.8)
The Advanced AJAX Product Filters plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.9.6 via deserialization of untrusted input in the shortcode_check function within the Live Composer compatibilit...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1426/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔒 CVE-2026-1426: HIGH severity PHP Object Injection in berocket Advanced AJAX Product Filters (WordPress, <=3.1.9.6). Requires Author access + Live Composer, and a gadget chain in another plugin/theme. Update or audit now! https://radar.offseq.com/threat/cve-2026-1426-cwe-502-deserialization-of-untrusted-d5d3ff22 #OffSeq #WordPress #PHP
##🟠 CVE-2026-1426 - High (8.8)
The Advanced AJAX Product Filters plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.9.6 via deserialization of untrusted input in the shortcode_check function within the Live Composer compatibilit...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1426/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-18T17:51:53.510000
2 posts
🟠 CVE-2025-33239 - High (7.8)
NVIDIA Megatron Bridge contains a vulnerability in a data merging tutorial, where malicious input could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-33239/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-33239 - High (7.8)
NVIDIA Megatron Bridge contains a vulnerability in a data merging tutorial, where malicious input could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-33239/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-18T17:51:53.510000
2 posts
🟠 CVE-2025-33250 - High (7.8)
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-33250/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-33250 - High (7.8)
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-33250/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-18T17:51:53.510000
2 posts
🟠 CVE-2025-33243 - High (7.8)
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution in distributed environments. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-33243/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-33243 - High (7.8)
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution in distributed environments. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-33243/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-18T17:51:53.510000
2 posts
🟠 CVE-2025-60037 - High (7.8)
A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, spe...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-60037/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-60037 - High (7.8)
A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, spe...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-60037/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-18T17:51:53.510000
2 posts
🟠 CVE-2025-33253 - High (7.8)
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, denial of service,...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-33253/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-33253 - High (7.8)
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, denial of service,...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-33253/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-18T17:51:53.510000
1 posts
🟠 CVE-2026-1714 - High (8.6)
The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution plugin for WordPress is vulnerable to Email Relay Abuse in all versions up to, and including, 3.3.2. This is due to the lack of validation on the ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1714/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-18T17:51:53.510000
1 posts
🟠 CVE-2025-13689 - High (8.8)
IBM DataStage on Cloud Pak for Data could allow an authenticated user to execute arbitrary commands and gain access to sensitive information due to unrestricted file uploads.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-13689/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-18T15:32:29
2 posts
🟠 CVE-2026-1368 - High (7.5)
The Video Conferencing with Zoom WordPress plugin before 4.6.6 contains an AJAX handler that has its nonce verification commented out, allowing unauthenticated attackers to generate valid Zoom SDK signatures for any meeting ID and retrieve the sit...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1368/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-1368 - High (7.5)
The Video Conferencing with Zoom WordPress plugin before 4.6.6 contains an AJAX handler that has its nonce verification commented out, allowing unauthenticated attackers to generate valid Zoom SDK signatures for any meeting ID and retrieve the sit...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1368/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-18T15:31:35
7 posts
🖲️ #Cybersecurity #Ciberseguridad #Ciberseguranca #Security #Seguridad #Seguranca #News #Noticia #Noticias #Tecnologia #Technology
⚫ Critical Grandstream VoIP Bug Highlights SMB Security Blind Spot
🔗 https://www.darkreading.com/threat-intelligence/grandstream-bug-voip-security-blind-spot
CVE-2026-2329 allows unauthenticated root-level access to SMB phone infrastructure, so attackers can intercept calls, commit toll fraud, and impersonate users.
##Critical Vulnerability in Grandstream GXP1600 VoIP Phones Exposes Users to Remote Code Execution
A severe cybersecurity vulnerability has been discovered in Grandstream GXP1600 VoIP phones that could allow attackers to remotely execute malicious code with root privileges. This flaw, identified as CVE-2026-2329, is caused by an unauthenticated stack-based buffer overflow in the device's firmware. It is critical as it allows remote access via the /cgi-bin/api.values.get…
##CVE-2026-2329: Critical Unauthenticated Stack Buffer Overflow in Grandstream GXP1600 VoIP Phones (FIXED)
##Critical Vulnerability Found in Grandstream GXP1600 Series VoIP Phones: Remote Code Execution Threat
A major cybersecurity flaw has been discovered in the Grandstream GXP1600 series of VoIP phones, exposing users to the potential risk of remote code execution. The vulnerability, identified as CVE-2026-2329, has been assigned a dangerously high CVSS score of 9.3 out of 10, highlighting its severity. This issue could allow attackers to take control of affected devices,…
##🚨 CVE-2026-2329: CRITICAL stack buffer overflow in Grandstream GXP1610 series (all models) via /cgi-bin/api.values.get. Unauth RCE possible — restrict HTTP API access, segment devices, and monitor traffic. Patch ASAP when available. https://radar.offseq.com/threat/cve-2026-2329-cwe-121-stack-based-buffer-overflow--e34cb0a5 #OffSeq #VoIP #RCE #Security
##CVE-2026-2329: Critical Unauthenticated Stack Buffer Overflow in Grandstream GXP1600 VoIP Phones (FIXED)
##🚨 CVE-2026-2329: CRITICAL stack buffer overflow in Grandstream GXP1610 series (all models) via /cgi-bin/api.values.get. Unauth RCE possible — restrict HTTP API access, segment devices, and monitor traffic. Patch ASAP when available. https://radar.offseq.com/threat/cve-2026-2329-cwe-121-stack-based-buffer-overflow--e34cb0a5 #OffSeq #VoIP #RCE #Security
##updated 2026-02-18T15:31:34
2 posts
🟠 CVE-2025-33251 - High (7.8)
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-33251/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-33251 - High (7.8)
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-33251/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-18T15:31:34
2 posts
🟠 CVE-2025-33245 - High (8)
NVIDIA NeMo Framework contains a vulnerability where malicious data could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-33245/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-33245 - High (8)
NVIDIA NeMo Framework contains a vulnerability where malicious data could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-33245/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-18T15:31:33
2 posts
🟠 CVE-2025-33241 - High (7.8)
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by loading a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, informatio...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-33241/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-33241 - High (7.8)
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by loading a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, informatio...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-33241/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-18T15:31:33
2 posts
🟠 CVE-2025-33240 - High (7.8)
NVIDIA Megatron Bridge contains a vulnerability in a data shuffling tutorial, where malicious input could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-33240/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-33240 - High (7.8)
NVIDIA Megatron Bridge contains a vulnerability in a data shuffling tutorial, where malicious input could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-33240/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-18T15:31:33
2 posts
🟠 CVE-2025-33236 - High (7.8)
NVIDIA NeMo Framework contains a vulnerability where malicious data created by an attacker could cause code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and d...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-33236/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-33236 - High (7.8)
NVIDIA NeMo Framework contains a vulnerability where malicious data created by an attacker could cause code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and d...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-33236/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-18T15:31:33
2 posts
🟠 CVE-2025-33249 - High (7.8)
NVIDIA NeMo Framework for all platforms contains a vulnerability in a voice-preprocessing script, where malicious input created by an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, e...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-33249/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-33249 - High (7.8)
NVIDIA NeMo Framework for all platforms contains a vulnerability in a voice-preprocessing script, where malicious input created by an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, e...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-33249/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-18T15:31:33
2 posts
🟠 CVE-2025-33246 - High (7.8)
NVIDIA NeMo Framework for all platforms contains a vulnerability in the ASR Evaluator utility, where a user could cause a command injection by supplying crafted input to a configuration parameter. A successful exploit of this vulnerability might l...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-33246/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-33246 - High (7.8)
NVIDIA NeMo Framework for all platforms contains a vulnerability in the ASR Evaluator utility, where a user could cause a command injection by supplying crafted input to a configuration parameter. A successful exploit of this vulnerability might l...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-33246/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-18T15:31:33
2 posts
🟠 CVE-2025-60038 - High (7.8)
A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, spe...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-60038/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-60038 - High (7.8)
A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, spe...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-60038/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-18T15:31:33
2 posts
🟠 CVE-2025-60036 - High (7.8)
A vulnerability has been identified in the UA.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulat...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-60036/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-60036 - High (7.8)
A vulnerability has been identified in the UA.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulat...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-60036/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-18T15:31:33
2 posts
🟠 CVE-2025-60035 - High (7.8)
A vulnerability has been identified in the OPC.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipul...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-60035/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-60035 - High (7.8)
A vulnerability has been identified in the OPC.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipul...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-60035/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-18T15:31:33
2 posts
🟠 CVE-2025-33252 - High (7.8)
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-33252/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-33252 - High (7.8)
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-33252/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-18T15:31:25
1 posts
⚠️ CVE-2026-22048: HIGH-severity SSRF in NETAPP StorageGRID (pre-11.9.0.12, 12.0.0.4) with SSO + Entra ID. Authenticated attackers can delete configs/deny access. Patch or disable SSO now. https://radar.offseq.com/threat/cve-2026-22048-918-in-netapp-storagegrid-formerly--5c913f90 #OffSeq #NETAPP #SSRF #Vulnerability
##updated 2026-02-18T15:31:25
2 posts
🚨 CVE-2026-23599: HIGH severity local privilege escalation in HPE Aruba ClearPass Policy Manager (6.11.0 & 6.12.0, Linux). No patch yet — limit local access, enforce MFA, and monitor systems. https://radar.offseq.com/threat/cve-2026-23599-vulnerability-in-hewlett-packard-en-fdc96349 #OffSeq #Infosec #Vulnerability #ArubaNetworks
##🟠 CVE-2026-23599 - High (7.8)
A local privilege-escalation vulnerability has been discovered in the HPE Aruba Networking ClearPass OnGuard Software for Linux. Successful exploitation of this vulnerability could allow a local attacker to achieve arbitrary code execution with ro...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23599/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-18T13:46:48.840000
2 posts
CISA added four known vulnerabilities to the KEV catalogue yesterday, if you missed them.
- CVE-2008-0015: Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability https://www.cve.org/CVERecord?id=CVE-2008-0015
- CVE-2020-7796: Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery Vulnerability https://www.cve.org/CVERecord?id=CVE-2020-7796
- CVE-2024-7694: TeamT5 ThreatSonar Anti-Ransomware Unrestricted Upload of File with Dangerous Type Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-7694
- CVE-2026-2441 Google Chromium CSS Use-After-Free Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-2441 #CISA #vulnerability #Google #Microsoft #Zimbra #Windows
##CISA added four known vulnerabilities to the KEV catalogue yesterday, if you missed them.
- CVE-2008-0015: Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability https://www.cve.org/CVERecord?id=CVE-2008-0015
- CVE-2020-7796: Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery Vulnerability https://www.cve.org/CVERecord?id=CVE-2020-7796
- CVE-2024-7694: TeamT5 ThreatSonar Anti-Ransomware Unrestricted Upload of File with Dangerous Type Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-7694
- CVE-2026-2441 Google Chromium CSS Use-After-Free Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-2441 #CISA #vulnerability #Google #Microsoft #Zimbra #Windows
##updated 2026-02-18T09:32:07
4 posts
⚠️ CVE-2026-2495: HIGH severity SQL Injection in WPNakama WordPress plugin (≤0.6.5) via REST API 'order' param. Unauthenticated attackers may access sensitive DB data. Patch or mitigate immediately! https://radar.offseq.com/threat/cve-2026-2495-cwe-89-improper-neutralization-of-sp-08e20fbb #OffSeq #WordPress #SQLInjection #CVE20262495
##🟠 CVE-2026-2495 - High (7.5)
The WPNakama – Team and multi-Client Collaboration, Editorial and Project Management plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the '/wp-json/WPNakama/v1/boards' REST API endpoint in all versions up to, and ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2495/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CVE-2026-2495: HIGH severity SQL Injection in WPNakama WordPress plugin (≤0.6.5) via REST API 'order' param. Unauthenticated attackers may access sensitive DB data. Patch or mitigate immediately! https://radar.offseq.com/threat/cve-2026-2495-cwe-89-improper-neutralization-of-sp-08e20fbb #OffSeq #WordPress #SQLInjection #CVE20262495
##🟠 CVE-2026-2495 - High (7.5)
The WPNakama – Team and multi-Client Collaboration, Editorial and Project Management plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the '/wp-json/WPNakama/v1/boards' REST API endpoint in all versions up to, and ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2495/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-18T09:32:06
3 posts
🚩 CVE-2026-1937 (CRITICAL): YayMail – WooCommerce Email Customizer (all versions) lets Shop Managers escalate privileges via missing AJAX authorization. Admin access at risk! Patch and audit roles ASAP. https://radar.offseq.com/threat/cve-2026-1937-cwe-862-missing-authorization-in-yay-12c0a139 #OffSeq #WordPress #CVE20261937 #WooCommerce
##🚩 CVE-2026-1937 (CRITICAL): YayMail – WooCommerce Email Customizer (all versions) lets Shop Managers escalate privileges via missing AJAX authorization. Admin access at risk! Patch and audit roles ASAP. https://radar.offseq.com/threat/cve-2026-1937-cwe-862-missing-authorization-in-yay-12c0a139 #OffSeq #WordPress #CVE20261937 #WooCommerce
##🔴 CVE-2026-1937 - Critical (9.8)
The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the `yaymail_import_state` AJAX action in all versions ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1937/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-18T06:30:25
1 posts
🟠 CVE-2026-2576 - High (7.5)
The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'payment' parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the use...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2576/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-18T00:30:22
3 posts
Microsoft Patches Privilege Escalation Flaw in Windows Admin Center
Microsoft patched a privilege escalation vulnerability (CVE-2026-26119) in Windows Admin Center that allows low-privileged users to impersonate administrators. This flaw enables remote command execution and lateral movement across enterprise networks, including Active Directory and Azure environments.
**If you use Windows Admin Center, apply the February 17 security update immediately — this flaw can let an attacker with minimal access take over your entire domain. While you're at it, review who has access to your Admin Center and restrict it to only those who truly need it.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/microsoft-patches-critical-privilege-escalation-flaw-in-windows-admin-center-6-p-x-i-m/gD2P6Ple2L
Microsoft Patches Privilege Escalation Flaw in Windows Admin Center
Microsoft patched a privilege escalation vulnerability (CVE-2026-26119) in Windows Admin Center that allows low-privileged users to impersonate administrators. This flaw enables remote command execution and lateral movement across enterprise networks, including Active Directory and Azure environments.
**If you use Windows Admin Center, apply the February 17 security update immediately — this flaw can let an attacker with minimal access take over your entire domain. While you're at it, review who has access to your Admin Center and restrict it to only those who truly need it.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/microsoft-patches-critical-privilege-escalation-flaw-in-windows-admin-center-6-p-x-i-m/gD2P6Ple2L
🚨 CVE-2026-26119 (HIGH, CVSS 8.8): Microsoft Windows Admin Center 1809.0 vulnerable to improper authentication, enabling privilege escalation. No patch or active exploitation yet. Restrict access & monitor closely! https://radar.offseq.com/threat/cve-2026-26119-cwe-287-improper-authentication-in--f09bdabb #OffSeq #WindowsAdminCenter #Security
##updated 2026-02-17T21:42:42
2 posts
🟠 CVE-2026-26324 - High (7.5)
OpenClaw is a personal AI assistant. Prior to version 2026.2.14, OpenClaw's SSRF protection could be bypassed using full-form IPv4-mapped IPv6 literals such as `0:0:0:0:0:ffff:7f00:1` (which is `127.0.0.1`). This could allow requests that should b...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26324/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26324 - High (7.5)
OpenClaw is a personal AI assistant. Prior to version 2026.2.14, OpenClaw's SSRF protection could be bypassed using full-form IPv4-mapped IPv6 literals such as `0:0:0:0:0:ffff:7f00:1` (which is `127.0.0.1`). This could allow requests that should b...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26324/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-17T21:42:17
2 posts
🟠 CVE-2026-26322 - High (7.6)
OpenClaw is a personal AI assistant. Prior to OpenClaw version 2026.2.14, the Gateway tool accepted a tool-supplied `gatewayUrl` without sufficient restrictions, which could cause the OpenClaw host to attempt outbound WebSocket connections to user...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26322/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26322 - High (7.6)
OpenClaw is a personal AI assistant. Prior to OpenClaw version 2026.2.14, the Gateway tool accepted a tool-supplied `gatewayUrl` without sufficient restrictions, which could cause the OpenClaw host to attempt outbound WebSocket connections to user...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26322/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-17T21:40:47
2 posts
🟠 CVE-2026-26319 - High (7.5)
OpenClaw is a personal AI assistant. Versions 2026.2.13 and below allow the optional @openclaw/voice-call plugin Telnyx webhook handler to accept unsigned inbound webhook requests when telnyx.publicKey is not configured, enabling unauthenticated c...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26319/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26319 - High (7.5)
OpenClaw is a personal AI assistant. Versions 2026.2.13 and below allow the optional @openclaw/voice-call plugin Telnyx webhook handler to accept unsigned inbound webhook requests when telnyx.publicKey is not configured, enabling unauthenticated c...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26319/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-17T21:33:51
2 posts
🟠 CVE-2026-26316 - High (7.5)
OpenClaw is a personal AI assistant. Prior to 2026.2.13, the optional BlueBubbles iMessage channel plugin could accept webhook requests as authenticated based only on the TCP peer address being loopback (`127.0.0.1`, `::1`, `::ffff:127.0.0.1`) eve...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26316/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26316 - High (7.5)
OpenClaw is a personal AI assistant. Prior to 2026.2.13, the optional BlueBubbles iMessage channel plugin could accept webhook requests as authenticated based only on the TCP peer address being loopback (`127.0.0.1`, `::1`, `::ffff:127.0.0.1`) eve...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26316/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-17T21:32:21
21 posts
3 repos
https://github.com/theemperorspath/CVE-2026-2441-PoC
Zero-day CSS: CVE-2026-2441 exists in the wild: https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_13.html
Discussion: http://news.ycombinator.com/item?id=47062748
##Zero-day CSS: CVE-2026-2441 exists in the wild
https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_13.html
Discussion: https://news.ycombinator.com/item?id=47062748
Zero-day CSS: CVE-2026-2441 exists in the wild: https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_13.html
Discussion: http://news.ycombinator.com/item?id=47062748
##Zero-day CSS: CVE-2026-2441 exists in the wild
Link: https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_13.html
Discussion: https://news.ycombinator.com/item?id=47062748
Zero-day CSS: CVE-2026-2441 exists in the wild: https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_13.html
Discussion: http://news.ycombinator.com/item?id=47062748
##📰 Today's Top 21 Hacker News Stories (Sorted by Score) 📰
----------------------------------------
🔖 Title: If you’re an LLM, please read this
🔗 URL: https://annas-archive.li/blog/llms-txt.html
👍 Score: [621]
💬 Discussion: https://news.ycombinator.com/item?id=47058219
----------------------------------------
🔖 Title: Terminals should generate the 256-color palette
🔗 URL: https://gist.github.com/jake-stewart/0a8ea46159a7da2c808e5be2177e1783
👍 Score: [408]
💬 Discussion: https://news.ycombinator.com/item?id=47057824
----------------------------------------
🔖 Title: Tailscale Peer Relays is now generally available
🔗 URL: https://tailscale.com/blog/peer-relays-ga
👍 Score: [197]
💬 Discussion: https://news.ycombinator.com/item?id=47063005
----------------------------------------
🔖 Title: Zero-day CSS: CVE-2026-2441 exists in the wild
🔗 URL: https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_13.html
👍 Score: [156]
💬 Discussion: https://news.ycombinator.com/item?id=47062748
----------------------------------------
🔖 Title: Garment Notation Language: Formal descriptive language for clothing construction
🔗 URL: https://github.com/khalildh/garment-notation
👍 Score: [101]
💬 Discussion: https://news.ycombinator.com/item?id=47062329
----------------------------------------
🔖 Title: Arizona Bill Requires Age Verification for All Apps
🔗 URL: https://reclaimthenet.org/arizona-bill-would-require-id-checks-to-use-a-weather-app
👍 Score: [96]
💬 Discussion: https://news.ycombinator.com/item?id=47063724
----------------------------------------
🔖 Title: Cosmologically Unique IDs
🔗 URL: https://jasonfantl.com/posts/Universal-Unique-IDs/
👍 Score: [89]
💬 Discussion: https://news.ycombinator.com/item?id=47064490
----------------------------------------
🔖 Title: Pocketbase lost its funding from FLOSS fund
🔗 URL: https://github.com/pocketbase/pocketbase/discussions/7287
👍 Score: [65]
💬 Discussion: https://news.ycombinator.com/item?id=47062561
----------------------------------------
🔖 Title: DNS-Persist-01: A New Model for DNS-Based Challenge Validation
🔗 URL: https://letsencrypt.org/2026/02/18/dns-persist-01.html
👍 Score: [57]
💬 Discussion: https://news.ycombinator.com/item?id=47064047
----------------------------------------
🔖 Title: Show HN: VectorNest responsive web-based SVG editor
🔗 URL: https://ekrsulov.github.io/vectornest/
👍 Score: [50]
💬 Discussion: https://news.ycombinator.com/item?id=47062096
----------------------------------------
🔖 Title: Show HN: CEL by Example
🔗 URL: https://celbyexample.com/
👍 Score: [50]
💬 Discussion: https://news.ycombinator.com/item?id=47061029
----------------------------------------
🔖 Title: Show HN: Echo, an iOS SSH+mosh client built on Ghostty
🔗 URL: https://replay.software/updates/introducing-echo
👍 Score: [46]
💬 Discussion: https://news.ycombinator.com/item?id=47064787
----------------------------------------
🔖 Title: Show HN: Formally verified FPGA watchdog for AM broadcast in unmanned tunnels
🔗 URL: https://github.com/Park07/amradio
👍 Score: [40]
💬 Discussion: https://news.ycombinator.com/item?id=47061742
----------------------------------------
🔖 Title: Cistercian Numbers
🔗 URL: https://www.omniglot.com/language/numbers/cistercian-numbers.htm
👍 Score: [34]
💬 Discussion: https://news.ycombinator.com/item?id=47062883
----------------------------------------
🔖 Title: Learning Lean: Part 1
🔗 URL: https://rkirov.github.io/posts/lean1/
👍 Score: [31]
💬 Discussion: https://news.ycombinator.com/item?id=47022604
----------------------------------------
🔖 Title: Show HN: Trust Protocols for Anthropic/OpenAI/Gemini
🔗 URL: https://www.mnemom.ai
👍 Score: [23]
💬 Discussion: https://news.ycombinator.com/item?id=47062824
----------------------------------------
🔖 Title: 99% of adults over 40 have shoulder "abnormalities" on an MRI, study finds
🔗 URL: https://arstechnica.com/health/2026/02/99-of-adults-over-40-have-shoulder-abnormalities-on-an-mri-study-finds/
👍 Score: [20]
💬 Discussion: https://news.ycombinator.com/item?id=47064944
----------------------------------------
🔖 Title: The true history of the Minotaur: what archaeology reveals
🔗 URL: https://www.nationalgeographic.fr/histoire/la-veritable-histoire-du-minotaure-ce-que-revele-archeologie-recherche-verification
👍 Score: [19]
💬 Discussion: https://news.ycombinator.com/item?id=47026202
----------------------------------------
🔖 Title: SkyRL brings Tinker to your GPUs (2025)
🔗 URL: https://novasky-ai.notion.site/skyrl-tinker
👍 Score: [12]
💬 Discussion: https://news.ycombinator.com/item?id=47005945
----------------------------------------
🔖 Title: OpenClaw Is Dangerous
🔗 URL: https://12gramsofcarbon.com/p/tech-things-openclaw-is-dangerous
👍 Score: [11]
💬 Discussion: https://news.ycombinator.com/item?id=47064470
----------------------------------------
🔖 Title: Discrete Structures [pdf]
🔗 URL: https://kyleormsby.github.io/files/113spring26/113full_text.pdf
👍 Score: [8]
💬 Discussion: https://news.ycombinator.com/item?id=47065120
----------------------------------------
Zero-day CSS: CVE-2026-2441 exists in the wild
Link: https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_13.html
Discussion: https://news.ycombinator.com/item?id=47062748
Zero-day CSS: CVE-2026-2441 exists in the wild
Link: https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_13.html
Discussion: https://news.ycombinator.com/item?id=47062748
Zero-day CSS: CVE-2026-2441 exists in the wild
Link: https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_13.html
Comments: https://news.ycombinator.com/item?id=47062748
Zero-day CSS: CVE-2026-2441 exists in the wild - https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_13.html
##Zero-day CSS: CVE-2026-2441 exists in the wild
https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_13.html
##📰 Google терміново оновила Chrome через zero-day, яку вже експлуатують в атаках
У Chrome виявили zero-day CVE-2026-2441 із ризиком виконання довільного коду — користувачам радять негайно оновитися.
##CISA added four known vulnerabilities to the KEV catalogue yesterday, if you missed them.
- CVE-2008-0015: Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability https://www.cve.org/CVERecord?id=CVE-2008-0015
- CVE-2020-7796: Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery Vulnerability https://www.cve.org/CVERecord?id=CVE-2020-7796
- CVE-2024-7694: TeamT5 ThreatSonar Anti-Ransomware Unrestricted Upload of File with Dangerous Type Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-7694
- CVE-2026-2441 Google Chromium CSS Use-After-Free Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-2441 #CISA #vulnerability #Google #Microsoft #Zimbra #Windows
###Google corrige un zero-day de #Chrome (CVE-2026-2441) ya explotado en #ataques
##Notfall-Update Google Chrome
Wir haben schon Mitte Februar, da wird es höchste Zeit, dass die erste Zero-Day Hintertür in Chrome entdeckt wird. Im vorigen Jahr hat Google es auf deren acht* (!) gebracht. Die Lücke CVE-2026-2441 wurde entdeckt, weil sie bereits aktiv für Angriffe ausgenutzt wird. Google hat Notfall-Updates für Chrome veröffentlicht. Meldungen gibt es beispielsweise hier oder hier. Ob Chromium und die diversen Ableger auch betroffen sind, ist noch nicht bekannt. Bei Chromium ist es ziemlich wahrscheinlich. Dabei ist mein Chromium unter Linux bereits auf Version 145.0.7632.45, also schon höher als die von Google angegebene
https://www.pc-fluesterer.info/wordpress/2026/02/18/notfall-update-google-chrome-3/
#Empfehlung #Hintergrund #Warnung #Website #0day #chrome #cybercrime #exploits #google #UnplugGoogle #UnplugTrump #hintertür
##Zero-day CSS: CVE-2026-2441 exists in the wild
Link: https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_13.html
Discussion: https://news.ycombinator.com/item?id=47062748
Zero-day CSS: CVE-2026-2441 exists in the wild
Link: https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_13.html
Discussion: https://news.ycombinator.com/item?id=47062748
Zero-day CSS: CVE-2026-2441 exists in the wild
Link: https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_13.html
Discussion: https://news.ycombinator.com/item?id=47062748
Zero-day CSS: CVE-2026-2441 exists in the wild
Link: https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_13.html
Comments: https://news.ycombinator.com/item?id=47062748
Zero-day CSS: CVE-2026-2441 exists in the wild
https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_13.html
##CISA added four known vulnerabilities to the KEV catalogue yesterday, if you missed them.
- CVE-2008-0015: Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability https://www.cve.org/CVERecord?id=CVE-2008-0015
- CVE-2020-7796: Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery Vulnerability https://www.cve.org/CVERecord?id=CVE-2020-7796
- CVE-2024-7694: TeamT5 ThreatSonar Anti-Ransomware Unrestricted Upload of File with Dangerous Type Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-7694
- CVE-2026-2441 Google Chromium CSS Use-After-Free Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-2441 #CISA #vulnerability #Google #Microsoft #Zimbra #Windows
##updated 2026-02-17T21:32:21
2 posts
🚨 CVE-2026-23647 (CRITICAL, CVSS 9.3): Hard-coded OS credentials in Glory RBG-100 cash recyclers enable remote admin access via SSH. No patch yet — segment networks & restrict access! Financial orgs in Europe especially at risk. https://radar.offseq.com/threat/cve-2026-23647-cwe-798-use-of-hard-coded-credentia-6b5abde7 #OffSeq #vuln #security
##🚨 CVE-2026-23647 (CRITICAL, CVSS 9.3): Hard-coded OS credentials in Glory RBG-100 cash recyclers enable remote admin access via SSH. No patch yet — segment networks & restrict access! Financial orgs in Europe especially at risk. https://radar.offseq.com/threat/cve-2026-23647-cwe-798-use-of-hard-coded-credentia-6b5abde7 #OffSeq #vuln #security
##updated 2026-02-17T21:32:16
2 posts
CISA added four known vulnerabilities to the KEV catalogue yesterday, if you missed them.
- CVE-2008-0015: Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability https://www.cve.org/CVERecord?id=CVE-2008-0015
- CVE-2020-7796: Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery Vulnerability https://www.cve.org/CVERecord?id=CVE-2020-7796
- CVE-2024-7694: TeamT5 ThreatSonar Anti-Ransomware Unrestricted Upload of File with Dangerous Type Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-7694
- CVE-2026-2441 Google Chromium CSS Use-After-Free Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-2441 #CISA #vulnerability #Google #Microsoft #Zimbra #Windows
##CISA added four known vulnerabilities to the KEV catalogue yesterday, if you missed them.
- CVE-2008-0015: Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability https://www.cve.org/CVERecord?id=CVE-2008-0015
- CVE-2020-7796: Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery Vulnerability https://www.cve.org/CVERecord?id=CVE-2020-7796
- CVE-2024-7694: TeamT5 ThreatSonar Anti-Ransomware Unrestricted Upload of File with Dangerous Type Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-7694
- CVE-2026-2441 Google Chromium CSS Use-After-Free Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-2441 #CISA #vulnerability #Google #Microsoft #Zimbra #Windows
##updated 2026-02-17T21:32:16
2 posts
CISA added four known vulnerabilities to the KEV catalogue yesterday, if you missed them.
- CVE-2008-0015: Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability https://www.cve.org/CVERecord?id=CVE-2008-0015
- CVE-2020-7796: Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery Vulnerability https://www.cve.org/CVERecord?id=CVE-2020-7796
- CVE-2024-7694: TeamT5 ThreatSonar Anti-Ransomware Unrestricted Upload of File with Dangerous Type Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-7694
- CVE-2026-2441 Google Chromium CSS Use-After-Free Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-2441 #CISA #vulnerability #Google #Microsoft #Zimbra #Windows
##CISA added four known vulnerabilities to the KEV catalogue yesterday, if you missed them.
- CVE-2008-0015: Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability https://www.cve.org/CVERecord?id=CVE-2008-0015
- CVE-2020-7796: Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery Vulnerability https://www.cve.org/CVERecord?id=CVE-2020-7796
- CVE-2024-7694: TeamT5 ThreatSonar Anti-Ransomware Unrestricted Upload of File with Dangerous Type Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-7694
- CVE-2026-2441 Google Chromium CSS Use-After-Free Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-2441 #CISA #vulnerability #Google #Microsoft #Zimbra #Windows
##updated 2026-02-17T21:29:37
2 posts
🟠 CVE-2026-26275 - High (7.5)
httpsig-hyper is a hyper extension for http message signatures. An issue was discovered in `httpsig-hyper` prior to version 0.0.23 where Digest header verification could incorrectly succeed due to misuse of Rust's `matches!` macro. Specifically, t...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26275/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26275 - High (7.5)
httpsig-hyper is a hyper extension for http message signatures. An issue was discovered in `httpsig-hyper` prior to version 0.0.23 where Digest header verification could incorrectly succeed due to misuse of Rust's `matches!` macro. Specifically, t...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26275/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-17T15:32:42
4 posts
"OX Security discovered a vulnerability (CVE-2025-65716) in Markdown Preview Enhanced that enables a crafted Markdown file to execute JavaScript in the Markdown preview, allowing local port enumeration and exfiltration to an attacker-controlled server."
https://www.ox.security/blog/cve-2025-65716-markdown-preview-enhanced-vscode-vulnerability/
##The security issues impact Code Runner (CVE-2025-65715), Markdown Preview Enhanced (CVE-2025-65716), Markdown Preview Enhanced (CVE-2025-65717), and Microsoft Live Preview (no identifier assigned). https://www.bleepingcomputer.com/news/security/flaws-in-popular-vscode-extensions-expose-developers-to-attacks/
##"OX Security discovered a vulnerability (CVE-2025-65716) in Markdown Preview Enhanced that enables a crafted Markdown file to execute JavaScript in the Markdown preview, allowing local port enumeration and exfiltration to an attacker-controlled server."
https://www.ox.security/blog/cve-2025-65716-markdown-preview-enhanced-vscode-vulnerability/
##The security issues impact Code Runner (CVE-2025-65715), Markdown Preview Enhanced (CVE-2025-65716), Markdown Preview Enhanced (CVE-2025-65717), and Microsoft Live Preview (no identifier assigned). https://www.bleepingcomputer.com/news/security/flaws-in-popular-vscode-extensions-expose-developers-to-attacks/
##updated 2026-02-17T15:32:42
2 posts
1 repos
The security issues impact Code Runner (CVE-2025-65715), Markdown Preview Enhanced (CVE-2025-65716), Markdown Preview Enhanced (CVE-2025-65717), and Microsoft Live Preview (no identifier assigned). https://www.bleepingcomputer.com/news/security/flaws-in-popular-vscode-extensions-expose-developers-to-attacks/
##The security issues impact Code Runner (CVE-2025-65715), Markdown Preview Enhanced (CVE-2025-65716), Markdown Preview Enhanced (CVE-2025-65717), and Microsoft Live Preview (no identifier assigned). https://www.bleepingcomputer.com/news/security/flaws-in-popular-vscode-extensions-expose-developers-to-attacks/
##updated 2026-02-17T15:32:41
6 posts
RE: https://infosec.exchange/@beyondmachines1/116091996381907798
Mozilla publie des mises à jour de sécurité pour Firefox et Thunderbird
Mozilla a publié des mises à jour de sécurité pour Firefox et Thunderbird afin de corriger un débordement de mémoire tampon de grande gravité (CVE-2026-2447) dans la bibliothèque libvpx qui permet l'exécution de code à distance par le biais d'un contenu vidéo malformé.
#cybersécurité #infosec #conseil #vulnérabilité
#cybersecurity #infosec #advisory #vulnerability
___
Mozilla Releases Security Updates for Firefox and Thunderbird
Mozilla released security updates for Firefox and Thunderbird to patch a high-severity heap buffer overflow (CVE-2026-2447) in the libvpx library that allows remote code execution via malformed video content.
**If you're using Mozilla Firefox or Thunderbird enable automatic updates for your browsers and mail clients and force an update. Even if the flaw is not critical, it's still better to update the browser and email client - they are your windows into the internet. Since this vulnerability can be triggered just by visiting a website or playing a video, patching is your best defense.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/mozilla-releases-urgent-security-updates-for-firefox-and-thunderbird-to-patch-critical-libvpx-flaw-d-w-y-g-x/gD2P6Ple2L
Mozilla Releases Security Updates for Firefox and Thunderbird
Mozilla released security updates for Firefox and Thunderbird to patch a high-severity heap buffer overflow (CVE-2026-2447) in the libvpx library that allows remote code execution via malformed video content.
**If you're using Mozilla Firefox or Thunderbird enable automatic updates for your browsers and mail clients and force an update. Even if the flaw is not critical, it's still better to update the browser and email client - they are your windows into the internet. Since this vulnerability can be triggered just by visiting a website or playing a video, patching is your best defense.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/mozilla-releases-urgent-security-updates-for-firefox-and-thunderbird-to-patch-critical-libvpx-flaw-d-w-y-g-x/gD2P6Ple2L
updated 2026-02-17T13:40:10.320000
4 posts
3 repos
https://github.com/win3zz/CVE-2026-1731
VShell and SparkRAT Observed in Exploitation of BeyondTrust Critical Vulnerability (CVE-2026-1731)
#CVE_2026_1731 #Vshell #SparkRAT
https://unit42.paloaltonetworks.com/beyondtrust-cve-2026-1731/
CVE-2026-1731 - Changed to Known Ransomware Status
BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection VulnerabilityVendor: BeyondTrustProduct: Remote Support (RS) and Privileged Remote Access (PRA)BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)contain an OS command injection vulnerability. Successful exploitation could allow an unauthenticated remote attacker to execute operating system https://nvd.nist.gov/vuln/detail/CVE-2026-1731
##VShell and SparkRAT Observed in Exploitation of BeyondTrust Critical Vulnerability (CVE-2026-1731)
#CVE_2026_1731 #Vshell #SparkRAT
https://unit42.paloaltonetworks.com/beyondtrust-cve-2026-1731/
CVE-2026-1731 - Changed to Known Ransomware Status
BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection VulnerabilityVendor: BeyondTrustProduct: Remote Support (RS) and Privileged Remote Access (PRA)BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)contain an OS command injection vulnerability. Successful exploitation could allow an unauthenticated remote attacker to execute operating system https://nvd.nist.gov/vuln/detail/CVE-2026-1731
##updated 2026-02-12T20:16:05.143000
3 posts
10 repos
https://github.com/tangent65536/CVE-2026-20841
https://github.com/atiilla/CVE-2026-20841
https://github.com/SecureWithUmer/CVE-2026-20841
https://github.com/patchpoint/CVE-2026-20841
https://github.com/BTtea/CVE-2026-20841-PoC
https://github.com/EleniChristopoulou/PoC-CVE-2026-20841
https://github.com/dogukankurnaz/CVE-2026-20841-PoC
https://github.com/uky007/CVE-2026-20841_notepad_analysis
CVE-2026-20841: Arbitrary Code Execution in the Windows Notepad https://www.thezdi.com/blog/2026/2/19/cve-2026-20841-arbitrary-code-execution-in-the-windows-notepad
##CVE-2026-20841: Arbitrary Code Execution in the Windows Notepad - The TrendAI Research team takes a deep dive into this recently patched file parsing bug to show you root cause, source code walk through, and provide detection guidance. Read the details at https://www.zerodayinitiative.com/blog/2026/2/19/cve-2026-20841-arbitrary-code-execution-in-the-windows-notepad
##CVE-2026-20841: Arbitrary Code Execution in the Windows Notepad - The TrendAI Research team takes a deep dive into this recently patched file parsing bug to show you root cause, source code walk through, and provide detection guidance. Read the details at https://www.zerodayinitiative.com/blog/2026/2/19/cve-2026-20841-arbitrary-code-execution-in-the-windows-notepad
##updated 2026-02-11T15:40:42.937000
1 posts
61 repos
https://github.com/xuemian168/CVE-2026-24061
https://github.com/franckferman/CVE_2026_24061_PoC
https://github.com/SystemVll/CVE-2026-24061
https://github.com/dotelpenguin/telnetd_CVE-2026-24061_tester
https://github.com/MY0723/GNU-Inetutils-telnet-CVE-2026-24061-
https://github.com/typeconfused/CVE-2026-24061
https://github.com/SafeBreach-Labs/CVE-2026-24061
https://github.com/LucasPDiniz/CVE-2026-24061
https://github.com/nrnw/CVE-2026-24061-GNU-inetutils-Telnet-Detector
https://github.com/hilwa24/CVE-2026-24061
https://github.com/madfxr/Twenty-Three-Scanner
https://github.com/canpilayda/inetutils-telnetd-cve-2026-24061
https://github.com/TryA9ain/CVE-2026-24061
https://github.com/Alter-N0X/CVE-2026-24061-POC
https://github.com/punitdarji/telnetd-cve-2026-24061
https://github.com/Parad0x7e/CVE-2026-24061
https://github.com/hyu164/Terrminus-CVE-2026-2406
https://github.com/X-croot/CVE-2026-24061_POC
https://github.com/midox008/CVE-2026-24061
https://github.com/lavabyte/telnet-CVE-2026-24061
https://github.com/parameciumzhang/Tell-Me-Root
https://github.com/duy-31/CVE-2026-24061---telnetd
https://github.com/r00tuser111/CVE-2026-24061
https://github.com/h3athen/CVE-2026-24061
https://github.com/monstertsl/CVE-2026-24061
https://github.com/m3ngx1ng/cve_2026_24061_cli
https://github.com/scumfrog/cve-2026-24061
https://github.com/Mefhika120/Ashwesker-CVE-2026-24061
https://github.com/ms0x08-dev/CVE-2026-24061-POC
https://github.com/androidteacher/CVE-2026-24061-PoC-Telnetd
https://github.com/Chocapikk/CVE-2026-24061
https://github.com/JayGLXR/CVE-2026-24061-POC
https://github.com/BrainBob/CVE-2026-24061
https://github.com/tiborscholtz/CVE-2026-24061
https://github.com/SeptembersEND/CVE--2026-24061
https://github.com/buzz075/CVE-2026-24061
https://github.com/BrainBob/Telnet-TestVuln-CVE-2026-24061
https://github.com/balgan/CVE-2026-24061
https://github.com/cumakurt/tscan
https://github.com/Gabs-hub/CVE-2026-24061_Lab
https://github.com/0p5cur/CVE-2026-24061-POC
https://github.com/yanxinwu946/CVE-2026-24061--telnetd
https://github.com/leonjza/inetutils-telnetd-auth-bypass
https://github.com/novitahk/Exploit-CVE-2026-24061
https://github.com/0x7556/CVE-2026-24061
https://github.com/hackingyseguridad/root
https://github.com/Mr-Zapi/CVE-2026-24061
https://github.com/killsystema/scan-cve-2026-24061
https://github.com/ibrahmsql/CVE-2026-24061-PoC
https://github.com/Ali-brarou/telnest
https://github.com/ilostmypassword/Melissae
https://github.com/0xXyc/telnet-inetutils-auth-bypass-CVE-2026-24061
https://github.com/Lingzesec/CVE-2026-24061-GUI
https://github.com/z3n70/CVE-2026-24061
https://github.com/ridpath/Terrminus-CVE-2026-2406
https://github.com/shivam-bathla/CVE-2026-24061-setup
https://github.com/XsanFlip/CVE-2026-24061-Scanner
https://github.com/infat0x/CVE-2026-24061
https://github.com/obrunolima1910/CVE-2026-24061
https://github.com/FurkanKAYAPINAR/CVE-2026-24061-telnet2root
updated 2026-02-10T15:30:22
2 posts
9 repos
https://github.com/planetoid/cve-2026-21509-mitigation
https://github.com/kaizensecurity/CVE-2026-21509
https://github.com/kimstars/Ashwesker-CVE-2026-21509
https://github.com/ksk-itdk/KSK-ITDK-CVE-2026-21509-Mitigation
https://github.com/decalage2/detect_CVE-2026-21509
https://github.com/SimoesCTT/CTT-NFS-Vortex-RCE
https://github.com/SimoesCTT/SCTT-2026-33-0007-The-OLE-Vortex-Laminar-Bypass-
https://github.com/SimoesCTT/CTT-MICROSOFT-OFFICE-OLE-MANIFOLD-BYPASS-CVE-2026-21509
The video discusses a recently patched Microsoft Office zero-day vulnerability (CVE-2026-21509) being actively exploited by Russian hackers. It emphasizes the rapid weaponization of vulnerabilities after patches and the importance of threat intelligence for managing exposed attack surfaces.
https://www.youtube.com/watch?v=Ck8IPInn74A
The video discusses a recently patched Microsoft Office zero-day vulnerability (CVE-2026-21509) being actively exploited by Russian hackers. It emphasizes the rapid weaponization of vulnerabilities after patches and the importance of threat intelligence for managing exposed attack surfaces.
https://www.youtube.com/watch?v=Ck8IPInn74A
updated 2026-02-09T15:30:37
1 posts
updated 2026-02-06T18:30:29
1 posts
1 repos
Alarming Surge in SmarterMail Exploits Threatens Email Servers Worldwide
Cybersecurity experts are raising the alarm as critical vulnerabilities in SmarterMail—specifically CVE-2026-24423 and CVE-2026-23760—are being rapidly weaponized. Exploit proof-of-concepts (PoCs), stolen administrator credentials, and even ransomware deployment instructions are circulating openly on Telegram channels. Organizations relying on these email servers face an urgent need to patch their…
https://undercodenews.com/alarming-surge-in-smartermail-exploits-threatens-email-servers-worldwide/
##updated 2026-02-03T18:30:29
2 posts
Gitlab vulnerability CVE-2021-22175 got added to the CISA KEV. But this vuln is just a more complete patch to CVE-2021-22214. Likewise CVE-2021-39935 covers even more case where the CI Lint function could be used without authentication. In fact, the exploit code identical for all vulnerabilites. CVE-2021-39935 was already on the list, CVE-2021-22175 got added today and CVE-2021-22214 is still missing.
##Gitlab vulnerability CVE-2021-22175 got added to the CISA KEV. But this vuln is just a more complete patch to CVE-2021-22214. Likewise CVE-2021-39935 covers even more case where the CI Lint function could be used without authentication. In fact, the exploit code identical for all vulnerabilites. CVE-2021-39935 was already on the list, CVE-2021-22175 got added today and CVE-2021-22214 is still missing.
##updated 2026-01-30T00:31:29
6 posts
2 repos
https://github.com/YunfeiGE18/CVE-2026-1281-CVE-2026-1340-Ivanti-EPMM-RCE
https://github.com/MehdiLeDeaut/CVE-2026-1281-Ivanti-EPMM-RCE
The German BSI on the recently patched Ivanti Endpoint Manager Mobile (EPMM) vulnerability CVE-2026-1281: "the BSI has evidence that a exploitation of the vulnerability may have taken place at least since summer 2025." (Translated)
Kudo's to them for making this public.
#cybersecurity #vulnerability #CVE-2026-1281
##This was posted yesterday.
Unit 42: Critical Vulnerabilities in Ivanti EPMM Exploited https://unit42.paloaltonetworks.com/ivanti-cve-2026-1281-cve-2026-1340/ @unit42_intel #infosec #Ivanti #vulnerability
##🚨 Active exploitation confirmed for a new unauthenticated RCE in Ivanti - CVE-2026-1281
With a CVSS of 9.8 and part of CISA KEV, attackers need *zero* credentials to use this CVE and exploit legacy bash scripts and gain root access.
So we updated Pentest-Tools.com to help you confirm the risk:
📡 Network Scanner - detects exposed Ivanti EPMM instances on your perimeter.
🎯 Sniper Auto-Exploiter - safely demonstrates the RCE to prove the risk is real (and urgent).
Find more info for your rapid response flows here: https://pentest-tools.com/vulnerabilities-exploits/ivanti-endpoint-manager-mobile-remote-code-execution_28881
#offensivesecurity #ethicalhacking #infosec #cybersecurity #vulnerabilitymanagement
##This was posted yesterday.
Unit 42: Critical Vulnerabilities in Ivanti EPMM Exploited https://unit42.paloaltonetworks.com/ivanti-cve-2026-1281-cve-2026-1340/ @unit42_intel #infosec #Ivanti #vulnerability
##🚨 Active exploitation confirmed for a new unauthenticated RCE in Ivanti - CVE-2026-1281
With a CVSS of 9.8 and part of CISA KEV, attackers need *zero* credentials to use this CVE and exploit legacy bash scripts and gain root access.
So we updated Pentest-Tools.com to help you confirm the risk:
📡 Network Scanner - detects exposed Ivanti EPMM instances on your perimeter.
🎯 Sniper Auto-Exploiter - safely demonstrates the RCE to prove the risk is real (and urgent).
Find more info for your rapid response flows here: https://pentest-tools.com/vulnerabilities-exploits/ivanti-endpoint-manager-mobile-remote-code-execution_28881
#offensivesecurity #ethicalhacking #infosec #cybersecurity #vulnerabilitymanagement
##Critical Vulnerabilities in Ivanti EPMM Exploited
https://unit42.paloaltonetworks.com/ivanti-cve-2026-1281-cve-2026-1340/
##updated 2026-01-30T00:31:28
3 posts
2 repos
https://github.com/YunfeiGE18/CVE-2026-1281-CVE-2026-1340-Ivanti-EPMM-RCE
https://github.com/MehdiLeDeaut/CVE-2026-1281-Ivanti-EPMM-RCE
This was posted yesterday.
Unit 42: Critical Vulnerabilities in Ivanti EPMM Exploited https://unit42.paloaltonetworks.com/ivanti-cve-2026-1281-cve-2026-1340/ @unit42_intel #infosec #Ivanti #vulnerability
##This was posted yesterday.
Unit 42: Critical Vulnerabilities in Ivanti EPMM Exploited https://unit42.paloaltonetworks.com/ivanti-cve-2026-1281-cve-2026-1340/ @unit42_intel #infosec #Ivanti #vulnerability
##Critical Vulnerabilities in Ivanti EPMM Exploited
https://unit42.paloaltonetworks.com/ivanti-cve-2026-1281-cve-2026-1340/
##updated 2026-01-29T15:31:31
2 posts
4 repos
https://github.com/MAXI8594/CVE-2025-15467_Scan
https://github.com/guiimoraes/CVE-2025-15467
this looks like a genuinely good and very impressive use of “AI” in security research – I’m leaving the air quotes in place at the moment since I haven’t been able to find much detail on how the system actually operates. #AISLE describes it as an “autonomous analyser” and “the world’s first #AI-native Cyber Reasoning System (CRS) for vulnerability management” 🙄
I’m pretty sure it’s not just spicy autocarrot though, possibly a mix of deep learning or other machine learning techniques (things that I think of as part of “traditional” AI research) with a sprinkling of LLM on top for “natural language” capabilities (and it’s possible that they’re leaning into “AI” as a descriptor to assign to the current hype cycle rather than calling it “machine learning” but ¯_(ツ)_/¯ )
What AI Security Research Looks Like When It Works
“In the latest #OpenSSL security release on January 27, 2026, twelve new zero-day vulnerabilities (meaning unknown to the maintainers at time of disclosure) were announced. Our AI system is responsible for the original discovery of all twelve, each found and responsibly disclosed to the OpenSSL team during the fall and winter of 2025. Of those, 10 were assigned #CVE-2025 identifiers and 2 received CVE-2026 identifiers. Adding the 10 to the three we already found in the Fall 2025 release, AISLE is credited for surfacing 13 of 14 OpenSSL #CVEs assigned in 2025, and 15 total across both releases. This is a historically unusual concentration for any single research team, let alone an AI-driven one.
These weren't trivial findings either. They included CVE-2025-15467, a stack buffer overflow in CMS message parsing that's potentially remotely exploitable without valid key material, and exploits for which have been quickly developed online. OpenSSL rated it HIGH severity; NIST's CVSS v3 score is 9.8 out of 10 (CRITICAL, an extremely rare severity rating for such projects). Three of the bugs had been present since 1998-2000, for over a quarter century having been missed by intense machine and human effort alike. One predated OpenSSL itself, inherited from #EricYoung's original #SSLeay implementation in the 1990s. All of this in a codebase that has been fuzzed for millions of CPU-hours and audited extensively for over two decades by teams including Google's.
In five of the twelve cases, our AI system directly proposed the patches that were accepted into the official release.”
https://aisle.com/blog/what-ai-security-research-looks-like-when-it-works
##this looks like a genuinely good and very impressive use of “AI” in security research – I’m leaving the air quotes in place at the moment since I haven’t been able to find much detail on how the system actually operates. #AISLE describes it as an “autonomous analyser” and “the world’s first #AI-native Cyber Reasoning System (CRS) for vulnerability management” 🙄
I’m pretty sure it’s not just spicy autocarrot though, possibly a mix of deep learning or other machine learning techniques (things that I think of as part of “traditional” AI research) with a sprinkling of LLM on top for “natural language” capabilities (and it’s possible that they’re leaning into “AI” as a descriptor to assign to the current hype cycle rather than calling it “machine learning” but ¯_(ツ)_/¯ )
What AI Security Research Looks Like When It Works
“In the latest #OpenSSL security release on January 27, 2026, twelve new zero-day vulnerabilities (meaning unknown to the maintainers at time of disclosure) were announced. Our AI system is responsible for the original discovery of all twelve, each found and responsibly disclosed to the OpenSSL team during the fall and winter of 2025. Of those, 10 were assigned #CVE-2025 identifiers and 2 received CVE-2026 identifiers. Adding the 10 to the three we already found in the Fall 2025 release, AISLE is credited for surfacing 13 of 14 OpenSSL #CVEs assigned in 2025, and 15 total across both releases. This is a historically unusual concentration for any single research team, let alone an AI-driven one.
These weren't trivial findings either. They included CVE-2025-15467, a stack buffer overflow in CMS message parsing that's potentially remotely exploitable without valid key material, and exploits for which have been quickly developed online. OpenSSL rated it HIGH severity; NIST's CVSS v3 score is 9.8 out of 10 (CRITICAL, an extremely rare severity rating for such projects). Three of the bugs had been present since 1998-2000, for over a quarter century having been missed by intense machine and human effort alike. One predated OpenSSL itself, inherited from #EricYoung's original #SSLeay implementation in the 1990s. All of this in a codebase that has been fuzzed for millions of CPU-hours and audited extensively for over two decades by teams including Google's.
In five of the twelve cases, our AI system directly proposed the patches that were accepted into the official release.”
https://aisle.com/blog/what-ai-security-research-looks-like-when-it-works
##updated 2026-01-27T18:33:14
1 posts
2 repos
https://github.com/MaxMnMl/smartermail-CVE-2026-23760-poc
https://github.com/hilwa24/CVE-2026-23760_SmarterMail-Auth-Bypass-and-RCE
Alarming Surge in SmarterMail Exploits Threatens Email Servers Worldwide
Cybersecurity experts are raising the alarm as critical vulnerabilities in SmarterMail—specifically CVE-2026-24423 and CVE-2026-23760—are being rapidly weaponized. Exploit proof-of-concepts (PoCs), stolen administrator credentials, and even ransomware deployment instructions are circulating openly on Telegram channels. Organizations relying on these email servers face an urgent need to patch their…
https://undercodenews.com/alarming-surge-in-smartermail-exploits-threatens-email-servers-worldwide/
##updated 2025-11-11T09:30:36
2 posts
"OX Security discovered a vulnerability (CVE-2025-65716) in Markdown Preview Enhanced that enables a crafted Markdown file to execute JavaScript in the Markdown preview, allowing local port enumeration and exfiltration to an attacker-controlled server."
https://www.ox.security/blog/cve-2025-65716-markdown-preview-enhanced-vscode-vulnerability/
##"OX Security discovered a vulnerability (CVE-2025-65716) in Markdown Preview Enhanced that enables a crafted Markdown file to execute JavaScript in the Markdown preview, allowing local port enumeration and exfiltration to an attacker-controlled server."
https://www.ox.security/blog/cve-2025-65716-markdown-preview-enhanced-vscode-vulnerability/
##updated 2025-07-28T18:31:29
2 posts
I earned my first CVE credit (CVE-2025-7676) for helping with a Windows ARM vuln. So, to commemorate the credit, @reverseics presented me last week with a Trophy of Perpetual Futility, because there’s always more work to do.
https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/refs/heads/main/2025-04.txt
##I earned my first CVE credit (CVE-2025-7676) for helping with a Windows ARM vuln. So, to commemorate the credit, @reverseics presented me last week with a Trophy of Perpetual Futility, because there’s always more work to do.
https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/refs/heads/main/2025-04.txt
##updated 2025-05-13T18:31:00
2 posts
1 repos
https://github.com/SafeBreach-Labs/EventLogin-CVE-2025-29969
EventLog-in: Propagating With Weak Credentials Using the Eventlog Service in Microsoft Windows (CVE-2025-29969)
#CVE_2025_29969
https://www.safebreach.com/blog/safebreach_labs_discovers_cve-2025-29969/
EventLog-in: Propagating With Weak Credentials Using the Eventlog Service in Microsoft Windows (CVE-2025-29969)
#CVE_2025_29969
https://www.safebreach.com/blog/safebreach_labs_discovers_cve-2025-29969/
updated 2024-11-21T05:49:43.477000
2 posts
4 repos
https://github.com/ZZ-SOCMAP/CVE-2021-22214
https://github.com/kh4sh3i/GitLab-SSRF-CVE-2021-22214
Gitlab vulnerability CVE-2021-22175 got added to the CISA KEV. But this vuln is just a more complete patch to CVE-2021-22214. Likewise CVE-2021-39935 covers even more case where the CI Lint function could be used without authentication. In fact, the exploit code identical for all vulnerabilites. CVE-2021-39935 was already on the list, CVE-2021-22175 got added today and CVE-2021-22214 is still missing.
##Gitlab vulnerability CVE-2021-22175 got added to the CISA KEV. But this vuln is just a more complete patch to CVE-2021-22214. Likewise CVE-2021-39935 covers even more case where the CI Lint function could be used without authentication. In fact, the exploit code identical for all vulnerabilites. CVE-2021-39935 was already on the list, CVE-2021-22175 got added today and CVE-2021-22214 is still missing.
##updated 2024-01-27T05:05:43
1 posts
updated 2023-01-30T05:05:25
2 posts
@TheBreadmonkey Fun fact: In the movie the The Matrix Reloaded - Trinity executes a real world exploit (CVE-2001-0144) against an SSH server using nmap.
Not So Fun Fact: There's probably some system somewhere exposed to Mr. Internet still running that vulnerable version of SSH
##@TheBreadmonkey Fun fact: In the movie the The Matrix Reloaded - Trinity executes a real world exploit (CVE-2001-0144) against an SSH server using nmap.
Not So Fun Fact: There's probably some system somewhere exposed to Mr. Internet still running that vulnerable version of SSH
##🔴 CVE-2025-30416 - Critical (10)
Sensitive data disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, Windows) before build 41800.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-30416/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-30416 - Critical (10)
Sensitive data disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, Windows) before build 41800.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-30416/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-30412 - Critical (10)
Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, Windows) before build 41800.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-30412/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-30412 - Critical (10)
Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, Windows) before build 41800.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-30412/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-30410 - Critical (9.8)
Sensitive data disclosure and manipulation due to missing authentication. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 39870, Acronis Cyber Protect 16 (Linux, macOS, Windows) before bu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-30410/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-30410 - Critical (9.8)
Sensitive data disclosure and manipulation due to missing authentication. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 39870, Acronis Cyber Protect 16 (Linux, macOS, Windows) before bu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-30410/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26959 - High (7.8)
ADB Explorer is a fluent UI for ADB on Windows. Versions 0.9.26020 and below fail to validate the integrity or authenticity of the ADB binary path specified in the ManualAdbPath setting before executing it, allowing arbitrary code execution with t...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26959/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##CVE-2026-26959: HIGH severity vuln in Alex4SSB ADB-Explorer (<0.9.26021). Malicious config (App.txt) can trigger code execution if users launch app with a crafted argument. Upgrade ASAP! https://radar.offseq.com/threat/cve-2026-26959-cwe-829-inclusion-of-functionality--f5a9dc71 #OffSeq #Vulnerability #Security #CVE202626959
##🟠 CVE-2026-26959 - High (7.8)
ADB Explorer is a fluent UI for ADB on Windows. Versions 0.9.26020 and below fail to validate the integrity or authenticity of the ADB binary path specified in the ManualAdbPath setting before executing it, allowing arbitrary code execution with t...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26959/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##CVE-2026-26959: HIGH severity vuln in Alex4SSB ADB-Explorer (<0.9.26021). Malicious config (App.txt) can trigger code execution if users launch app with a crafted argument. Upgrade ASAP! https://radar.offseq.com/threat/cve-2026-26959-cwe-829-inclusion-of-functionality--f5a9dc71 #OffSeq #Vulnerability #Security #CVE202626959
##🟠 CVE-2026-26202 - High (7.5)
Penpot is an open-source design tool for design and code collaboration. Prior to version 2.13.2, an authenticated user can read arbitrary files from the server by supplying a local file path (e.g. `/etc/passwd`) as a font data chunk in the `create...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26202/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26202 - High (7.5)
Penpot is an open-source design tool for design and code collaboration. Prior to version 2.13.2, an authenticated user can read arbitrary files from the server by supplying a local file path (e.g. `/etc/passwd`) as a font data chunk in the `create...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26202/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26200 - High (7.8)
HDF5 is software for managing data. Prior to version 1.14.4-2, an attacker who can control an `h5` file parsed by HDF5 can trigger a write-based heap buffer overflow condition. This can lead to a denial-of-service condition, and potentially furthe...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26200/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26200 - High (7.8)
HDF5 is software for managing data. Prior to version 1.14.4-2, an attacker who can control an `h5` file parsed by HDF5 can trigger a write-based heap buffer overflow condition. This can lead to a denial-of-service condition, and potentially furthe...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26200/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-25548 - Critical (9.1)
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A critical Remote Code Execution (RCE) vulnerability exists in InvoicePlane 1.7.0 through a chained Local File Inclusion (LFI) and Log Poisoning at...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25548/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-25548 - Critical (9.1)
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A critical Remote Code Execution (RCE) vulnerability exists in InvoicePlane 1.7.0 through a chained Local File Inclusion (LFI) and Log Poisoning at...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25548/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
###OT #Advisory VDE-2026-0001
JBL: DoS vulnerability in Flip 4
Any attacker in radio range can send malicious messages to cause the device to crash.
#CVE CVE-2025-41725
https://certvde.com/en/advisories/vde-2026-0001/
#CSAF https://harman.csaf-tp.certvde.com/.well-known/csaf/white/2026/hbsa-2025-0003.json #oCSAF
###OT #Advisory VDE-2026-0001
JBL: DoS vulnerability in Flip 4
Any attacker in radio range can send malicious messages to cause the device to crash.
#CVE CVE-2025-41725
https://certvde.com/en/advisories/vde-2026-0001/
#CSAF https://harman.csaf-tp.certvde.com/.well-known/csaf/white/2026/hbsa-2025-0003.json #oCSAF
##