## Updated at UTC 2026-04-25T04:04:54.547956

Access data as JSON

CVE CVSS EPSS Posts Repos Nuclei Updated Description
CVE-2026-41433 8.4 0.00% 2 0 2026-04-25T03:16:04.950000 OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the Op
CVE-2026-41266 7.5 0.05% 2 0 2026-04-25T02:16:02.477000 Flowise is a drag & drop user interface to build a customized large language mod
CVE-2026-42171 7.8 0.00% 2 0 2026-04-24T22:16:01.540000 NSIS (Nullsoft Scriptable Install System) 3.06.1 before 3.12 sometimes uses the
CVE-2024-7399 8.8 71.00% 6 1 template 2026-04-24T21:33:00 Improper limitation of a pathname to a restricted directory vulnerability in Sam
CVE-2026-41044 8.8 0.06% 2 0 2026-04-24T21:32:00 Improper Input Validation, Improper Control of Generation of Code ('Code Injecti
CVE-2026-40466 8.8 0.06% 2 0 2026-04-24T21:32:00 Improper Input Validation, Improper Control of Generation of Code ('Code Injecti
CVE-2026-23902 8.1 0.02% 2 0 2026-04-24T21:32:00 Incorrect Authorization vulnerability in Apache DolphinScheduler allows authenti
CVE-2026-34415 9.8 0.19% 2 0 2026-04-24T21:32:00 Xerte Online Toolkits versions 3.15 and earlier contain an incomplete input vali
CVE-2026-41478 9.9 0.00% 2 0 2026-04-24T21:16:19.353000 Saltcorn is an extensible, open source, no-code database application builder. Pr
CVE-2026-41428 9.1 0.00% 2 0 2026-04-24T21:16:18.860000 Budibase is an open-source low-code platform. Prior to 3.35.4, the authenticated
CVE-2026-40575 9.1 0.08% 1 0 2026-04-24T21:11:10 ### Impact A configuration-dependent authentication bypass exists in OAuth2 Pro
CVE-2026-41324 7.5 0.04% 1 0 2026-04-24T21:02:13 ### Summary `basic-ftp@5.2.2` is vulnerable to denial of service through unbound
CVE-2026-41323 8.1 0.02% 1 0 2026-04-24T21:02:12 ## Summary Kyverno's apiCall feature in ClusterPolicy automatically attaches th
CVE-2026-41275 7.5 0.03% 2 0 2026-04-24T21:01:15 **Summary:** The password reset functionality on [cloud.flowiseai.com](http://cl
CVE-2026-41276 9.8 0.15% 2 0 2026-04-24T21:01:10 ZDI-CAN-28762: Flowise AccountService resetPassword Authentication Bypass Vulner
CVE-2026-41277 8.8 0.05% 2 0 2026-04-24T21:01:05 ### Summary A Mass Assignment vulnerability in the DocumentStore creation endpoi
CVE-2026-41278 7.5 0.04% 2 0 2026-04-24T21:00:59 ### Summary The `GET /api/v1/public-chatflows/:id` endpoint returns the full ch
CVE-2026-41268 7.7 0.17% 1 0 2026-04-24T20:58:07 ### Summary Flowise is vulnerable to a critical unauthenticated remote command
CVE-2026-41241 8.7 0.03% 1 0 2026-04-24T20:54:43 The organiser search in the pretalx backend rendered submission titles, speaker
CVE-2026-41230 8.5 0.04% 1 0 2026-04-24T20:54:08 ## Summary `DomainZones::add()` accepts arbitrary DNS record types without a wh
CVE-2026-41228 10.0 0.06% 1 0 2026-04-24T20:53:54 ## Summary The Froxlor API endpoint `Customers.update` (and `Admins.update`) do
CVE-2026-41175 8.1 0.05% 1 0 2026-04-24T20:52:07 ### Impact Manipulating query parameters on Control Panel and REST API endpoint
CVE-2026-41138 8.3 0.43% 1 0 2026-04-24T20:45:21 ## Description ### Summary “AirtableAgent” is an agent function provided by Fl
CVE-2026-41133 8.8 0.03% 1 0 2026-04-24T20:42:30 ### Summary pyLoad caches `role` and `permission` in the session at login and co
CVE-2026-41064 9.3 0.03% 1 0 2026-04-24T20:41:24 ### Summary The incomplete fix for AVideo's `test.php` adds `escapeshellarg` fo
CVE-2026-41059 8.2 0.13% 1 0 2026-04-24T20:40:59 ### Impact A configuration-dependent authentication bypass exists in OAuth2 Pro
CVE-2026-41492 9.8 0.00% 4 0 2026-04-24T20:16:28.470000 Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, Dgraphl
CVE-2024-57726 9.9 0.31% 6 0 2026-04-24T19:26:52.160000 SimpleHelp remote support software v5.5.7 and before has a vulnerability that al
CVE-2026-41327 9.1 0.00% 6 0 2026-04-24T19:17:12.407000 Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulner
CVE-2026-41273 8.2 0.09% 2 0 2026-04-24T19:17:11.530000 Flowise is a drag & drop user interface to build a customized large language mod
CVE-2026-33524 7.5 0.00% 2 0 2026-04-24T19:17:09.850000 Zserio is a framework for serializing structured data with a compact and efficie
CVE-2024-57728 7.2 1.17% 6 0 2026-04-24T18:31:38 SimpleHelp remote support software v5.5.7 and before allows admin users to uploa
CVE-2026-39920 9.8 0.00% 2 0 2026-04-24T18:31:18 BridgeHead FileStore versions prior to 24A (released in early 2024) expose the A
CVE-2025-29635 8.8 1.25% 7 0 2026-04-24T18:30:36 A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an
CVE-2026-41066 7.5 0.00% 2 0 2026-04-24T17:56:41.280000 lxml is a library for processing XML and HTML in the Python language. Prior to 6
CVE-2026-6912 8.8 0.00% 4 0 2026-04-24T17:56:41.280000 Improperly controlled modification of dynamically-determined object attributes i
CVE-2026-41068 7.7 0.03% 1 0 2026-04-24T17:16:21.240000 Kyverno is a policy engine designed for cloud native platform engineering teams.
CVE-2026-34063 7.5 0.04% 1 0 2026-04-24T17:12:23.350000 Nimiq's network-libp2p is a Nimiq network implementation based on libp2p. Prior
CVE-2026-33471 9.6 0.03% 2 0 2026-04-24T17:11:40.037000 nimiq-block contains block primitives to be used in Nimiq's Rust implementation.
CVE-2026-6919 9.6 0.03% 2 0 2026-04-24T16:39:50.947000 Use after free in DevTools in Google Chrome prior to 147.0.7727.117 allowed a re
CVE-2026-6920 9.6 0.07% 2 0 2026-04-24T16:39:41.147000 Out of bounds read in GPU in Google Chrome on Android prior to 147.0.7727.117 al
CVE-2026-41271 8.3 0.05% 2 0 2026-04-24T16:37:54.877000 Flowise is a drag & drop user interface to build a customized large language mod
CVE-2026-41279 7.5 0.04% 2 0 2026-04-24T16:31:36.040000 Flowise is a drag & drop user interface to build a customized large language mod
CVE-2026-41328 9.1 0.00% 2 0 2026-04-24T15:41:45 ## 1. Executive Summary A vulnerability has been found in Dgraph that gives an
CVE-2026-21728 7.5 0.01% 2 0 2026-04-24T15:33:39 Tempo queries with large limits can cause large memory allocations which can imp
CVE-2026-21515 10.0 0.00% 2 0 2026-04-24T15:32:39 Exposure of sensitive information to an unauthorized actor in Azure IOT Central
CVE-2026-41246 8.1 0.07% 1 0 2026-04-24T15:19:50 ### Impact Contour's [Cookie Rewriting](https://projectcontour.io/docs/1.33/con
CVE-2026-41137 8.8 0.62% 2 0 2026-04-24T15:15:47.703000 Flowise is a drag & drop user interface to build a customized large language mod
CVE-2026-41264 9.8 0.11% 2 0 2026-04-24T15:15:17.923000 Flowise is a drag & drop user interface to build a customized large language mod
CVE-2026-41265 9.8 0.06% 2 0 2026-04-24T15:15:09.260000 Flowise is a drag & drop user interface to build a customized large language mod
CVE-2026-41267 8.1 0.04% 1 0 2026-04-24T15:14:48.233000 Flowise is a drag & drop user interface to build a customized large language mod
CVE-2026-31952 7.6 0.06% 2 0 2026-04-24T14:50:56.203000 Xibo is an open source digital signage platform with a web content management sy
CVE-2026-33694 0 0.01% 1 0 2026-04-24T14:50:56.203000 This vulnerability allows an attacker to create a junction, enabling the deletio
CVE-2026-41316 8.1 0.08% 1 0 2026-04-24T14:50:56.203000 ERB is a templating system for Ruby. Ruby 2.7.0 (before ERB 2.2.0 was published
CVE-2026-41679 10.0 0.17% 2 1 2026-04-24T14:50:56.203000 Paperclip is a Node.js server and React UI that orchestrates a team of AI agents
CVE-2026-41229 9.1 0.04% 1 0 2026-04-24T14:50:56.203000 Froxlor is open source server administration software. Prior to version 2.3.6, `
CVE-2026-6887 9.8 0.08% 3 0 2026-04-24T14:50:56.203000 Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has
CVE-2025-62373 9.8 0.30% 1 0 2026-04-24T14:50:56.203000 Pipecat is an open-source Python framework for building real-time voice and mult
CVE-2026-40517 7.8 0.02% 1 0 2026-04-24T14:50:56.203000 radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB par
CVE-2026-34003 7.8 0.01% 2 0 2026-04-24T14:41:55.890000 A flaw was found in the X.Org X server's XKB key types request validation. A loc
CVE-2026-39087 9.8 0.25% 1 0 2026-04-24T14:41:55.890000 An issue in Ntfy ntfy.sh before v.2.21 allows a remote attacker to execute arbit
CVE-2026-31178 9.8 0.06% 1 0 2026-04-24T14:41:55.890000 An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allo
CVE-2026-32210 9.3 0.04% 1 0 2026-04-24T14:41:16.553000 Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an
CVE-2026-41336 7.8 0.01% 1 0 2026-04-24T14:40:53.523000 OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAW_B
CVE-2026-40630 9.8 0.09% 3 0 2026-04-24T14:40:12.517000 A vulnerability in  SenseLive X3050’s web management interface allows unauthor
CVE-2026-5367 8.6 0.00% 2 0 2026-04-24T14:39:28.770000 A flaw was found in OVN (Open Virtual Network). A remote attacker, by sending cr
CVE-2026-34310 7.5 0.03% 1 0 2026-04-24T14:25:32.370000 Vulnerability in the Oracle Financial Services Analytical Applications Infrastru
CVE-2026-22753 7.5 0.05% 1 0 2026-04-24T14:17:02.280000 Vulnerability in Spring Spring Security. If an application is using securityMatc
CVE-2026-40937 8.3 0.05% 1 0 2026-04-24T13:12:29.780000 RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-alph
CVE-2026-1950 9.8 0.04% 2 0 2026-04-24T09:30:36 Delta Electronics AS320T has No checking of the length of the buffer with the f
CVE-2026-1952 9.8 0.04% 3 0 2026-04-24T09:30:36 Delta Electronics AS320T has denial of service via the undocumented subfunction 
CVE-2026-1951 9.8 0.01% 2 0 2026-04-24T09:30:36 Delta Electronics AS320T has no checking of the length of the buffer with the di
CVE-2026-1949 9.8 0.02% 1 0 2026-04-24T06:31:23 Delta Electronics AS320T has incorrect calculation of the buffer size on the sta
CVE-2026-5364 8.1 0.11% 1 0 2026-04-24T06:31:23 The Drag and Drop File Upload for Contact Form 7 plugin for WordPress is vulnera
CVE-2026-27841 8.1 0.01% 2 0 2026-04-24T00:32:04 A vulnerability in SenseLive X3050's web management interface allows state-chang
CVE-2026-35064 7.5 0.05% 2 0 2026-04-24T00:32:04 A vulnerability in SenseLive X3050’s management ecosystem allows unauthenticated
CVE-2026-39462 8.1 0.04% 3 0 2026-04-24T00:32:04 A vulnerability exists in SenseLive X3050’s web management interface in which pa
CVE-2026-35503 9.8 0.06% 2 0 2026-04-24T00:32:04 A vulnerability in SenseLive X3050’s web management interface allows authenticat
CVE-2026-25775 9.8 0.07% 3 0 2026-04-24T00:32:03 A vulnerability in SenseLive X3050’s remote management service allows firmware r
CVE-2026-27843 9.1 0.07% 3 0 2026-04-24T00:32:03 A vulnerability exists in SenseLive X3050's web management interface that allows
CVE-2026-40623 8.1 0.03% 2 0 2026-04-24T00:32:03 A vulnerability in SenseLive X3050's web management interface allows critical sy
CVE-2026-40620 9.8 0.07% 3 0 2026-04-24T00:32:03 A vulnerability in SenseLive X3050’s embedded management service allows full adm
CVE-2026-41349 8.8 0.11% 1 0 2026-04-24T00:32:03 OpenClaw before 2026.3.28 contains an agentic consent bypass vulnerability allow
CVE-2026-41353 8.1 0.04% 1 0 2026-04-24T00:32:03 OpenClaw before 2026.3.22 contains an access control bypass vulnerability in the
CVE-2026-41352 8.8 0.37% 1 0 2026-04-24T00:32:03 OpenClaw before 2026.3.31 contains a remote code execution vulnerability where a
CVE-2026-24303 9.6 0.04% 2 0 2026-04-24T00:31:58 Improper access control in Microsoft Partner Center allows an authorized attacke
CVE-2026-26150 8.6 0.06% 2 0 2026-04-24T00:31:58 Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized a
CVE-2026-26210 9.8 0.04% 1 0 2026-04-24T00:31:58 KTransformers through 0.5.3 contains an unsafe deserialization vulnerability in
CVE-2026-32172 8.0 0.04% 1 0 2026-04-24T00:31:58 Uncontrolled search path element in Microsoft Power Apps allows an unauthorized
CVE-2026-33819 10.0 0.27% 1 0 2026-04-24T00:31:58 Deserialization of untrusted data in Microsoft Bing allows an unauthorized attac
CVE-2026-33102 9.3 0.04% 1 0 2026-04-24T00:31:58 Url redirection to untrusted site ('open redirect') in M365 Copilot allows an un
CVE-2026-40886 7.7 0.04% 1 0 2026-04-23T21:39:22 ### Summary An unchecked array index in the pod informer's `podGCFromPod()` fun
CVE-2026-31181 9.8 0.06% 1 0 2026-04-23T21:32:27 An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allo
CVE-2026-6942 9.8 0.27% 1 0 2026-04-23T21:31:30 radare2-mcp version 1.6.0 and earlier contains an os command injection vulnerabi
CVE-2026-31177 9.8 0.06% 1 0 2026-04-23T21:31:22 An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allo
CVE-2026-28950 6.2 0.01% 4 0 2026-04-23T21:31:21 A logging issue was addressed with improved data redaction. This issue is fixed
CVE-2026-33318 8.8 0.07% 2 0 2026-04-23T21:23:40 ### Summary Any authenticated user (including `BASIC` role) can escalate to `AD
CVE-2026-41135 7.5 0.10% 1 0 2026-04-23T19:41:18.127000 free5GC UDR is the Policy Control Function (PCF) for free5GC, an an open-source
CVE-2026-41461 8.5 0.04% 1 0 2026-04-23T18:33:26 SocialEngine versions 7.8.0 and prior contain a blind server-side request forger
CVE-2026-33999 7.8 0.01% 2 0 2026-04-23T18:33:25 A flaw was found in the X.Org X server. This integer underflow vulnerability, sp
CVE-2026-23751 9.8 0.16% 1 0 2026-04-23T18:33:25 Kofax Capture, now referred to as Tungsten Capture, version 6.0.0.0 (other versi
CVE-2026-40471 9.6 0.02% 1 0 2026-04-23T18:33:25 hackage-server lacked Cross-Site Request Forgery (CSRF) protection across its en
CVE-2026-40470 9.9 0.05% 1 0 2026-04-23T18:33:25 A critical XSS vulnerability affected hackage-server and hackage.haskell.org. H
CVE-2026-40472 9.9 0.05% 1 0 2026-04-23T18:33:23 In hackage-server, user-controlled metadata from .cabal files are rendered into
CVE-2026-35225 None 0.14% 1 0 2026-04-23T18:33:23 An unauthenticated remote attacker is able to exhaust all available TCP connecti
CVE-2026-34001 7.8 0.01% 2 0 2026-04-23T18:33:21 A flaw was found in the X.Org X server. This use-after-free vulnerability occurs
CVE-2026-41460 9.8 0.17% 1 0 2026-04-23T18:33:20 SocialEngine versions 7.8.0 and prior contain a SQL injection vulnerability in t
CVE-2026-3844 9.8 0.06% 4 3 2026-04-23T14:28:55.557000 The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads du
CVE-2026-39440 9.9 0.02% 1 0 2026-04-23T14:28:55.557000 Improper Control of Generation of Code ('Code Injection') vulnerability in Funne
CVE-2026-6903 7.5 0.03% 1 0 2026-04-23T12:31:45 The LabOne Web Server, backing the LabOne User Interface, contains insufficient
CVE-2026-6886 9.8 0.16% 1 0 2026-04-23T12:31:45 Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has
CVE-2026-6885 9.8 0.19% 1 0 2026-04-23T12:31:45 Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has
CVE-2026-34286 9.1 0.05% 2 0 2026-04-23T12:07:46.893000 Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion
CVE-2026-34287 9.1 0.05% 1 0 2026-04-23T12:07:28.307000 Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion
CVE-2026-41040 7.5 0.04% 2 0 2026-04-23T09:33:05 GROWI provided by GROWI, Inc. is vulnerable to a regular expression denial of se
CVE-2026-41455 8.5 0.03% 1 0 2026-04-23T00:31:19 WeKan before 8.35 contains a server-side request forgery vulnerability in webhoo
CVE-2026-41454 8.3 0.04% 1 0 2026-04-23T00:31:19 WeKan before 8.35 contains a missing authorization vulnerability in the Integrat
CVE-2026-33825 7.8 3.82% 3 3 2026-04-23T00:31:18 Insufficient granularity of access control in Microsoft Defender allows an autho
CVE-2026-41468 8.7 0.07% 1 0 2026-04-22T21:32:18 Beghelli Sicuro24 SicuroWeb embeds AngularJS 1.5.2, an end-of-life component con
CVE-2026-40372 9.1 0.04% 1 0 2026-04-22T21:24:26.997000 Improper verification of cryptographic signature in ASP.NET Core allows an unaut
CVE-2026-35231 7.5 0.03% 1 0 2026-04-22T21:24:26.997000 Vulnerability in the Oracle Financial Services Transaction Filtering product of
CVE-2026-34065 7.5 0.04% 1 0 2026-04-22T19:19:28 ### Impact An untrusted p2p peer can cause a node to panic by announcing an elec
CVE-2026-22754 7.5 0.03% 1 0 2026-04-22T18:32:53 Vulnerability in Spring Spring Security. If an application uses <sec:intercept-u
CVE-2026-35344 3.3 0.01% 1 0 2026-04-22T18:31:54 The dd utility in uutils coreutils suppresses errors during file truncation oper
CVE-2026-34309 8.1 0.03% 1 0 2026-04-22T18:31:42 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleS
CVE-2026-34291 8.7 0.05% 1 0 2026-04-22T15:32:43 Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (com
CVE-2026-34320 7.5 0.03% 1 0 2026-04-22T15:32:43 Vulnerability in the Oracle Financial Services Customer Screening product of Ora
CVE-2026-5398 8.4 0.01% 1 0 2026-04-22T15:32:43 The implementation of TIOCNOTTY failed to clear a back-pointer from the structur
CVE-2026-34290 7.5 0.04% 1 0 2026-04-22T15:32:42 Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion
CVE-2026-34305 7.5 0.03% 2 0 2026-04-22T15:31:41 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware
CVE-2026-34279 9.1 0.04% 1 0 2026-04-22T15:31:40 Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle E
CVE-2026-34297 7.5 0.04% 2 0 2026-04-22T15:31:40 Vulnerability in the Oracle HCM Common Architecture product of Oracle E-Business
CVE-2026-34285 9.1 0.05% 1 0 2026-04-22T15:31:39 Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion
CVE-2026-6022 7.5 0.04% 1 0 2026-04-22T09:31:40 In Progress® Telerik® UI for AJAX prior to 2026.1.421, RadAsyncUpload contains a
CVE-2026-6023 8.1 0.34% 1 0 2026-04-22T09:31:40 In Progress® Telerik® UI for AJAX versions 2024.4.1114 through 2026.1.421, the R
CVE-2026-6784 7.5 0.04% 1 0 2026-04-22T00:32:48 Memory safety bugs present in Firefox 149 and Thunderbird 149. Some of these bug
CVE-2026-41197 None 0.04% 1 0 2026-04-21T20:16:10 ## Description Noir programs can invoke external functions through foreign call
CVE-2026-40050 9.8 0.27% 4 0 2026-04-21T18:32:04 CrowdStrike has released security updates to address a critical unauthenticated
CVE-2026-5752 9.4 0.02% 2 0 2026-04-21T15:33:24 Sandbox Escape Vulnerability in Terrarium allows arbitrary code execution with r
CVE-2026-33626 7.5 0.03% 6 0 2026-04-21T15:04:13 ## Summary A Server-Side Request Forgery (SSRF) vulnerability exists in LMDeplo
CVE-2025-48700 6.1 20.00% 1 0 2026-04-21T13:00:03.373000 An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0 and 10.0 an
CVE-2026-40897 8.8 0.00% 2 0 2026-04-16T22:38:44 ### Impact This security vulnerability allowed executing arbitrary JavaScript vi
CVE-2026-34197 8.8 59.42% 2 9 template 2026-04-16T19:59:38.107000 Improper Input Validation, Improper Control of Generation of Code ('Code Injecti
CVE-2026-40882 7.6 0.06% 1 0 2026-04-15T21:17:56 ### Summary The Velbus asset import path parses attacker-controlled XML without
CVE-2026-32201 6.5 7.94% 1 1 2026-04-14T18:30:55 Improper input validation in Microsoft Office SharePoint allows an unauthorized
CVE-2026-33824 9.8 0.10% 1 2 2026-04-14T18:30:52 Double free in Windows IKE Extension allows an unauthorized attacker to execute
CVE-2026-34621 8.6 7.60% 1 5 2026-04-13T21:23:27 Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by a
CVE-2026-39987 None 45.53% 2 5 template 2026-04-09T19:06:18 ## Summary Marimo (19.6k stars) has a Pre-Auth RCE vulnerability. The terminal
CVE-2025-15467 8.8 0.70% 1 6 2026-03-19T19:16:19.230000 Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with malic
CVE-2026-30869 9.3 0.68% 1 0 2026-03-10T18:43:20 ### Summary A path traversal vulnerability in the `/export` endpoint allows an a
CVE-2018-25193 7.5 0.14% 1 0 2026-03-06T15:31:37 Mongoose Web Server 6.9 contains a denial of service vulnerability that allows r
CVE-2026-27966 9.8 0.23% 2 1 2026-02-27T15:47:29 # 1. Summary The CSV Agent node in Langflow hardcodes `allow_dangerous_code=Tr
CVE-2026-22039 10.0 0.02% 1 0 2026-01-29T03:31:32 ### Summary A critical authorization boundary bypass in namespaced Kyverno Poli
CVE-2024-21887 9.1 94.41% 1 12 template 2025-10-31T21:56:55.430000 A command injection vulnerability in web components of Ivanti Connect Secure (9.
CVE-2023-46805 8.2 94.37% 1 9 template 2025-10-22T00:34:00 An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 2
CVE-2025-59532 None 0.05% 1 1 2025-09-22T22:00:37 Due to a bug in the sandbox configuration logic, Codex CLI could treat a model-g
CVE-2023-20185 7.4 0.17% 2 0 2024-02-03T05:06:20 A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco
CVE-2026-41248 0 0.00% 4 0 N/A
CVE-2026-34078 0 0.04% 1 0 N/A
CVE-2026-41651 0 0.03% 8 5 N/A
CVE-2026-41429 0 0.00% 2 0 N/A
CVE-2026-41477 0 0.00% 2 0 N/A
CVE-2026-33662 0 0.00% 4 0 N/A
CVE-2026-33666 0 0.00% 4 0 N/A
CVE-2026-41421 0 0.00% 4 0 N/A
CVE-2026-6911 0 0.00% 4 0 N/A
CVE-2026-41419 0 0.00% 2 0 N/A
CVE-2026-41309 0 0.06% 1 0 N/A
CVE-2026-41564 0 0.03% 2 0 N/A
CVE-2026-41196 0 0.07% 1 0 N/A
CVE-2026-34002 0 0.00% 1 0 N/A
CVE-2026-34000 0 0.00% 1 0 N/A
CVE-2026-6786 0 0.05% 1 0 N/A
CVE-2026-6785 0 0.06% 1 0 N/A
CVE-2026-41167 0 0.08% 2 0 N/A
CVE-2026-33656 0 0.05% 1 1 N/A

CVE-2026-41433
(8.4 HIGH)

EPSS: 0.00%

updated 2026-04-25T03:16:04.950000

2 posts

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From 0.4.0 to before 0.8.0, a flaw in the Java agent injection path allows a local attacker controlling a Java workload to overwrite arbitrary host files when Java injection is enabled and OBI is running with elevated privileges. The injector trusted TMPDIR from the target process and used unsafe

thehackerwire@mastodon.social at 2026-04-24T20:59:49.000Z ##

🟠 CVE-2026-41433 - High (8.4)

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From 0.4.0 to before 0.8.0, a flaw in the Java agent injection path allows a local attacker controlling a Java workload to overwrite arbitrary ho...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T20:59:49.000Z ##

🟠 CVE-2026-41433 - High (8.4)

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From 0.4.0 to before 0.8.0, a flaw in the Java agent injection path allows a local attacker controlling a Java workload to overwrite arbitrary ho...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41266
(7.5 HIGH)

EPSS: 0.05%

updated 2026-04-25T02:16:02.477000

2 posts

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, /api/v1/public-chatbotConfig/:id ep exposes sensitive data including API keys, HTTP authorization headers and internal configuration without any authentication. An attacker with knowledge just of a chatflow UUID can retrieve credentials stored in password type fields and HTTP headers, leading t

thehackerwire@mastodon.social at 2026-04-25T01:10:46.000Z ##

🟠 CVE-2026-41266 - High (7.5)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, /api/v1/public-chatbotConfig/:id ep exposes sensitive data including API keys, HTTP authorization headers and internal configuration without a...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-25T01:10:46.000Z ##

🟠 CVE-2026-41266 - High (7.5)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, /api/v1/public-chatbotConfig/:id ep exposes sensitive data including API keys, HTTP authorization headers and internal configuration without a...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-42171
(7.8 HIGH)

EPSS: 0.00%

updated 2026-04-24T22:16:01.540000

2 posts

NSIS (Nullsoft Scriptable Install System) 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTEM, allowing local attackers to gain privileges (if they can cause my_GetTempFileName to return 0, as shown in the references).

thehackerwire@mastodon.social at 2026-04-24T22:59:49.000Z ##

🟠 CVE-2026-42171 - High (7.8)

NSIS (Nullsoft Scriptable Install System) 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTEM, allowing local attackers to gain privileges (if they can cause my_GetTempFileName to return 0, as shown in the referenc...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T22:59:49.000Z ##

🟠 CVE-2026-42171 - High (7.8)

NSIS (Nullsoft Scriptable Install System) 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTEM, allowing local attackers to gain privileges (if they can cause my_GetTempFileName to return 0, as shown in the referenc...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2024-7399
(8.8 HIGH)

EPSS: 71.00%

updated 2026-04-24T21:33:00

6 posts

Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority.

Nuclei template

1 repos

https://github.com/davidxbors/CVE-2024-7399-POC

secdb at 2026-04-24T20:00:16.913Z ##

🚨 [CISA-2026:0424] CISA Adds 4 Known Exploited Vulnerabilities to Catalog (secdb.nttzen.cloud/security-ad)

CISA has added 4 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2024-57726 (secdb.nttzen.cloud/cve/detail/)
- Name: SimpleHelp Missing Authorization Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SimpleHelp
- Product: SimpleHelp
- Notes: simple-help.com/kb---security- ; nvd.nist.gov/vuln/detail/CVE-2

⚠️ CVE-2024-57728 (secdb.nttzen.cloud/cve/detail/)
- Name: SimpleHelp Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SimpleHelp
- Product: SimpleHelp
- Notes: simple-help.com/kb---security- ; nvd.nist.gov/vuln/detail/CVE-2

⚠️ CVE-2024-7399 (secdb.nttzen.cloud/cve/detail/)
- Name: Samsung MagicINFO 9 Server Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Samsung
- Product: MagicINFO 9 Server
- Notes: security.samsungtv.com/securit ; nvd.nist.gov/vuln/detail/CVE-2

⚠️ CVE-2025-29635 (secdb.nttzen.cloud/cve/detail/)
- Name: D-Link DIR-823X Command Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: D-Link
- Product: DIR-823X
- Notes: supportannouncement.us.dlink.c ; nvd.nist.gov/vuln/detail/CVE-2

##

cisakevtracker@mastodon.social at 2026-04-24T18:01:08.000Z ##

CVE ID: CVE-2024-7399
Vendor: Samsung
Product: MagicINFO 9 Server
Date Added: 2026-04-24
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

AAKL at 2026-04-24T17:29:17.855Z ##

Broadcom has a new advisory for a critical vulnerability:

Common Components and Services for z/OS 15.0 Vulnerability in CCS Apache Tomcat support.broadcom.com/web/ecx/s

CISA has updated the KEV catalogue:

- CVE-2024-57726: SimpleHelp Missing Authorization Vulnerability cve.org/CVERecord?id=CVE-2024-

- CVE-2024-57728: SimpleHelp Path Traversal Vulnerability cve.org/CVERecord?id=CVE-2024-

- CVE-2024-7399: Samsung MagicINFO 9 Server Path Traversal Vulnerability cve.org/CVERecord?id=CVE-2024-

- CVE-2025-29635: D-Link DIR-823X Command Injection Vulnerability cve.org/CVERecord?id=CVE-2025-

Cisco has two advisories for high-severity vulnerabilities:

- CVE-2023-20185: Cisco ACI Multi-Site CloudSec Encryption Information Disclosure Vulnerability sec.cloudapps.cisco.com/securi

- Informational, updated today: Continued Evolution of Persistence Mechanism Against Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense sec.cloudapps.cisco.com/securi @TalosSecurity

##

secdb@infosec.exchange at 2026-04-24T20:00:16.000Z ##

🚨 [CISA-2026:0424] CISA Adds 4 Known Exploited Vulnerabilities to Catalog (secdb.nttzen.cloud/security-ad)

CISA has added 4 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2024-57726 (secdb.nttzen.cloud/cve/detail/)
- Name: SimpleHelp Missing Authorization Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SimpleHelp
- Product: SimpleHelp
- Notes: simple-help.com/kb---security- ; nvd.nist.gov/vuln/detail/CVE-2

⚠️ CVE-2024-57728 (secdb.nttzen.cloud/cve/detail/)
- Name: SimpleHelp Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SimpleHelp
- Product: SimpleHelp
- Notes: simple-help.com/kb---security- ; nvd.nist.gov/vuln/detail/CVE-2

⚠️ CVE-2024-7399 (secdb.nttzen.cloud/cve/detail/)
- Name: Samsung MagicINFO 9 Server Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Samsung
- Product: MagicINFO 9 Server
- Notes: security.samsungtv.com/securit ; nvd.nist.gov/vuln/detail/CVE-2

⚠️ CVE-2025-29635 (secdb.nttzen.cloud/cve/detail/)
- Name: D-Link DIR-823X Command Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: D-Link
- Product: DIR-823X
- Notes: supportannouncement.us.dlink.c ; nvd.nist.gov/vuln/detail/CVE-2

#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260424 #cisa20260424 #cve_2024_57726 #cve_2024_57728 #cve_2024_7399 #cve_2025_29635 #cve202457726 #cve202457728 #cve20247399 #cve202529635

##

cisakevtracker@mastodon.social at 2026-04-24T18:01:08.000Z ##

CVE ID: CVE-2024-7399
Vendor: Samsung
Product: MagicINFO 9 Server
Date Added: 2026-04-24
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

AAKL@infosec.exchange at 2026-04-24T17:29:17.000Z ##

Broadcom has a new advisory for a critical vulnerability:

Common Components and Services for z/OS 15.0 Vulnerability in CCS Apache Tomcat support.broadcom.com/web/ecx/s #Broadcom #Apache

CISA has updated the KEV catalogue:

- CVE-2024-57726: SimpleHelp Missing Authorization Vulnerability cve.org/CVERecord?id=CVE-2024-

- CVE-2024-57728: SimpleHelp Path Traversal Vulnerability cve.org/CVERecord?id=CVE-2024-

- CVE-2024-7399: Samsung MagicINFO 9 Server Path Traversal Vulnerability cve.org/CVERecord?id=CVE-2024-

- CVE-2025-29635: D-Link DIR-823X Command Injection Vulnerability cve.org/CVERecord?id=CVE-2025- #CISA #Samsung #DLink

Cisco has two advisories for high-severity vulnerabilities:

- CVE-2023-20185: Cisco ACI Multi-Site CloudSec Encryption Information Disclosure Vulnerability sec.cloudapps.cisco.com/securi

- Informational, updated today: Continued Evolution of Persistence Mechanism Against Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense sec.cloudapps.cisco.com/securi @TalosSecurity #Cisco #infosec #vulnerability

##

CVE-2026-41044
(8.8 HIGH)

EPSS: 0.06%

updated 2026-04-24T21:32:00

2 posts

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All. An authenticated attacker can use the admin web console page to construct a malicious broker name that bypasses name validation to include an xbean binding that can be later used by a VM transport to load a remote Spring XML applicatio

thehackerwire@mastodon.social at 2026-04-24T20:10:20.000Z ##

🟠 CVE-2026-41044 - High (8.8)

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All.

An authenticated attacker can use the admin web console page to construct a malici...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T20:10:20.000Z ##

🟠 CVE-2026-41044 - High (8.8)

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All.

An authenticated attacker can use the admin web console page to construct a malici...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40466
(8.8 HIGH)

EPSS: 0.06%

updated 2026-04-24T21:32:00

2 posts

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. An authenticated attacker may bypass the fix in CVE-2026-34197 by adding a connector using an HTTP Discovery transport via BrokerView.addNetworkConnector or BrokerView.addConnector through Jolokia if the activemq-http module is on th

thehackerwire@mastodon.social at 2026-04-24T20:10:11.000Z ##

🟠 CVE-2026-40466 - High (8.8)

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ.

An authenticated attacker may bypass the fix in CVE-2026-34197 by adding a conne...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T20:10:11.000Z ##

🟠 CVE-2026-40466 - High (8.8)

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ.

An authenticated attacker may bypass the fix in CVE-2026-34197 by adding a conne...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-23902
(8.1 HIGH)

EPSS: 0.02%

updated 2026-04-24T21:32:00

2 posts

Incorrect Authorization vulnerability in Apache DolphinScheduler allows authenticated users with system login permissions to use tenants that are not defined on the platform during workflow execution. This issue affects Apache DolphinScheduler versions prior to 3.4.1.  Users are recommended to upgrade to version 3.4.1, which fixes this issue.

thehackerwire@mastodon.social at 2026-04-24T20:10:02.000Z ##

🟠 CVE-2026-23902 - High (8.1)

Incorrect Authorization vulnerability in Apache DolphinScheduler allows authenticated users with system login permissions to use tenants that are not defined on the platform during workflow execution.

This issue affects Apache DolphinScheduler ve...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T20:10:02.000Z ##

🟠 CVE-2026-23902 - High (8.1)

Incorrect Authorization vulnerability in Apache DolphinScheduler allows authenticated users with system login permissions to use tenants that are not defined on the platform during workflow execution.

This issue affects Apache DolphinScheduler ve...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-34415
(9.8 CRITICAL)

EPSS: 0.19%

updated 2026-04-24T21:32:00

2 posts

Xerte Online Toolkits versions 3.15 and earlier contain an incomplete input validation vulnerability in the elFinder connector endpoint that fails to block PHP-executable extensions .php4 due to an incorrect regex pattern. Unauthenticated attackers can exploit this flaw combined with authentication bypass and path traversal vulnerabilities to upload malicious PHP code, rename it with a .php4 exten

Matchbook3469@mastodon.social at 2026-04-24T17:07:16.000Z ##

🚨 New security advisory:

CVE-2026-34415 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
yazoul.net/advisory/cve/cve-20

#Cybersecurity #VulnerabilityManagement #CyberSec

##

offseq@infosec.exchange at 2026-04-23T07:30:27.000Z ##

⚠️ CRITICAL: xerteonlinetoolkits ≤3.15 has incomplete input validation in elFinder — .php4 files can be uploaded & executed, enabling unauth RCE. Restrict endpoint, monitor uploads, apply custom filters. Patch status unknown. CVE-2026-34415 radar.offseq.com/threat/cve-20 #OffSeq #Vuln #RCE

##

CVE-2026-41478
(9.9 CRITICAL)

EPSS: 0.00%

updated 2026-04-24T21:16:19.353000

2 posts

Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.6, 1.5.6, and 1.6.0-beta.5, a SQL injection vulnerability in Saltcorn’s mobile-sync routes allows any authenticated low-privilege user with read access to at least one table to inject arbitrary SQL through sync parameters. This can lead to full database exfiltration, including admin password hashes and confi

thehackerwire@mastodon.social at 2026-04-24T21:59:50.000Z ##

🔴 CVE-2026-41478 - Critical (9.9)

Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.6, 1.5.6, and 1.6.0-beta.5, a SQL injection vulnerability in Saltcorn’s mobile-sync routes allows any authenticated low-privilege user with read access to...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T21:59:50.000Z ##

🔴 CVE-2026-41478 - Critical (9.9)

Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.6, 1.5.6, and 1.6.0-beta.5, a SQL injection vulnerability in Saltcorn’s mobile-sync routes allows any authenticated low-privilege user with read access to...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41428
(9.1 CRITICAL)

EPSS: 0.00%

updated 2026-04-24T21:16:18.860000

2 posts

Budibase is an open-source low-code platform. Prior to 3.35.4, the authenticated middleware uses unanchored regular expressions to match public (no-auth) endpoint patterns against ctx.request.url. Since ctx.request.url in Koa includes the query string, an attacker can access any protected endpoint by appending a public endpoint path as a query parameter. For example, POST /api/global/users/search?

thehackerwire@mastodon.social at 2026-04-24T20:41:28.000Z ##

🔴 CVE-2026-41428 - Critical (9.1)

Budibase is an open-source low-code platform. Prior to 3.35.4, the authenticated middleware uses unanchored regular expressions to match public (no-auth) endpoint patterns against ctx.request.url. Since ctx.request.url in Koa includes the query st...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T20:41:28.000Z ##

🔴 CVE-2026-41428 - Critical (9.1)

Budibase is an open-source low-code platform. Prior to 3.35.4, the authenticated middleware uses unanchored regular expressions to match public (no-auth) endpoint patterns against ctx.request.url. Since ctx.request.url in Koa includes the query st...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40575
(9.1 CRITICAL)

EPSS: 0.08%

updated 2026-04-24T21:11:10

1 posts

### Impact A configuration-dependent authentication bypass exists in OAuth2 Proxy. Deployments are affected when all of the following are true: * OAuth2 Proxy is configured with `--reverse-proxy` * and at least one rule is defined with `--skip_auth_routes` or the legacy `--skip-auth-regex` OAuth2 Proxy may trust a client-supplied `X-Forwarded-Uri` header when `--reverse-proxy` is enabled and `

thehackerwire@mastodon.social at 2026-04-22T21:15:34.000Z ##

🔴 CVE-2026-40575 - Critical (9.1)

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 may trust a client-supplied `X-Forwarded-Uri` header when `--reverse-proxy` is enabled and `--skip-auth-regex` or `--skip-auth-route...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41324
(7.5 HIGH)

EPSS: 0.04%

updated 2026-04-24T21:02:13

1 posts

### Summary `basic-ftp@5.2.2` is vulnerable to denial of service through unbounded memory growth while processing directory listings from a remote FTP server. A malicious or compromised server can send an extremely large or never-ending listing response to `Client.list()`, causing the client process to consume memory until it becomes unstable or crashes. ### Details The issue is in the package's

thehackerwire@mastodon.social at 2026-04-24T05:45:43.000Z ##

🟠 CVE-2026-41324 - High (7.5)

basic-ftp is an FTP client for Node.js. Versions prior to 5.3.0 are vulnerable to denial of service through unbounded memory growth while processing directory listings from a remote FTP server. A malicious or compromised server can send an extreme...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41323
(8.1 HIGH)

EPSS: 0.02%

updated 2026-04-24T21:02:12

1 posts

## Summary Kyverno's apiCall feature in ClusterPolicy automatically attaches the admission controller's ServiceAccount token to outgoing HTTP requests. The service URL has no validation — it can point anywhere, including attacker-controlled servers. Since the admission controller SA has permissions to patch webhook configurations, a stolen token leads to full cluster compromise. ## Affected vers

thehackerwire@mastodon.social at 2026-04-24T05:45:33.000Z ##

🟠 CVE-2026-41323 - High (8.1)

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.18.0-rc1, 1.17.2-rc1, and 1.16.4, Kyverno's apiCall feature in ClusterPolicy automatically attaches the admission controller's ServiceAccount toke...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41275
(7.5 HIGH)

EPSS: 0.03%

updated 2026-04-24T21:01:15

2 posts

**Summary:** The password reset functionality on [cloud.flowiseai.com](http://cloud.flowiseai.com/) sends a reset password link over the unsecured HTTP protocol instead of HTTPS. This behavior introduces the risk of a man-in-the-middle (MITM) attack, where an attacker on the same network as the user (e.g., public Wi-Fi) can intercept the reset link and gain unauthorized access to the victim’s acco

thehackerwire@mastodon.social at 2026-04-25T01:00:25.000Z ##

🟠 CVE-2026-41275 - High (7.5)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the password reset functionality on cloud.flowiseai.com sends a reset password link over the unsecured HTTP protocol instead of HTTPS. This be...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-25T01:00:25.000Z ##

🟠 CVE-2026-41275 - High (7.5)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the password reset functionality on cloud.flowiseai.com sends a reset password link over the unsecured HTTP protocol instead of HTTPS. This be...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41276
(9.8 CRITICAL)

EPSS: 0.15%

updated 2026-04-24T21:01:10

2 posts

ZDI-CAN-28762: Flowise AccountService resetPassword Authentication Bypass Vulnerability -- ABSTRACT ------------------------------------- Trend Micro's Zero Day Initiative has identified a vulnerability affecting the following products: Flowise - Flowise -- VULNERABILITY DETAILS ------------------------ * Version tested: 3.0.12 * Installer file: hxxps://github.com/FlowiseAI/Flowise * Platform

thehackerwire@mastodon.social at 2026-04-25T01:00:36.000Z ##

🔴 CVE-2026-41276 - Critical (9.8)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, this vulnerability allows remote attackers to bypass authentication on affected installations of FlowiseAI Flowise. Authentication is not requ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-25T01:00:36.000Z ##

🔴 CVE-2026-41276 - Critical (9.8)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, this vulnerability allows remote attackers to bypass authentication on affected installations of FlowiseAI Flowise. Authentication is not requ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41277
(8.8 HIGH)

EPSS: 0.05%

updated 2026-04-24T21:01:05

2 posts

### Summary A Mass Assignment vulnerability in the DocumentStore creation endpoint allows authenticated users to control the primary key (id) and internal state fields of DocumentStore entities. Because the service uses repository.save() with a client-supplied primary key, the POST create endpoint behaves as an implicit UPSERT operation. This enables overwriting existing DocumentStore objects. I

thehackerwire@mastodon.social at 2026-04-25T01:00:46.000Z ##

🟠 CVE-2026-41277 - High (8.8)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Mass Assignment vulnerability in the DocumentStore creation endpoint allows authenticated users to control the primary key (id) and internal...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-25T01:00:46.000Z ##

🟠 CVE-2026-41277 - High (8.8)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Mass Assignment vulnerability in the DocumentStore creation endpoint allows authenticated users to control the primary key (id) and internal...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41278
(7.5 HIGH)

EPSS: 0.04%

updated 2026-04-24T21:00:59

2 posts

### Summary The `GET /api/v1/public-chatflows/:id` endpoint returns the full chatflow object **without sanitization** for public chatflows. Docker validation revealed this is worse than initially assessed: the `sanitizeFlowDataForPublicEndpoint` function does NOT exist in the released v3.0.13 Docker image. Both `public-chatflows` AND `public-chatbotConfig` return completely raw flowData including

thehackerwire@mastodon.social at 2026-04-25T01:10:26.000Z ##

🟠 CVE-2026-41278 - High (7.5)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GET /api/v1/public-chatflows/:id endpoint returns the full chatflow object without sanitization for public chatflows. Docker validation re...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-25T01:10:26.000Z ##

🟠 CVE-2026-41278 - High (7.5)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GET /api/v1/public-chatflows/:id endpoint returns the full chatflow object without sanitization for public chatflows. Docker validation re...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41268
(7.7 HIGH)

EPSS: 0.17%

updated 2026-04-24T20:58:07

1 posts

### Summary Flowise is vulnerable to a critical unauthenticated remote command execution (RCE) vulnerability. It can be exploited via a parameter override bypass using the `FILE-STORAGE::` keyword combined with a `NODE_OPTIONS` environment variable injection. This allows for the execution of arbitrary system commands with root privileges within the containerized Flowise instance, requiring only a

thehackerwire@mastodon.social at 2026-04-23T20:30:20.000Z ##

🟠 CVE-2026-41268 - High (7.7)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise is vulnerable to a critical unauthenticated remote command execution (RCE) vulnerability. It can be exploited via a parameter override...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41241
(8.7 HIGH)

EPSS: 0.03%

updated 2026-04-24T20:54:43

1 posts

The organiser search in the pretalx backend rendered submission titles, speaker display names, and user names/emails into the result dropdown using `innerHTML` string interpolation. Any user who controls one of those fields (which includes any registered user whose display name is looked up by an administrator) could include HTML or JavaScript that would execute in an organiser's browser when the

thehackerwire@mastodon.social at 2026-04-23T19:32:29.000Z ##

🟠 CVE-2026-41241 - High (8.7)

pretalx is a conference planning tool. Prior to 2026.1.0, The organiser search in the pretalx backend rendered submission titles, speaker display names, and user names/emails into the result dropdown using innerHTML string interpolation. Any user ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41230
(8.5 HIGH)

EPSS: 0.04%

updated 2026-04-24T20:54:08

1 posts

## Summary `DomainZones::add()` accepts arbitrary DNS record types without a whitelist and does not sanitize newline characters in the `content` field. When a DNS type not covered by the if/elseif validation chain is submitted (e.g., `NAPTR`, `PTR`, `HINFO`), content validation is entirely bypassed. Embedded newline characters in the content survive `trim()` processing, are stored in the database

thehackerwire@mastodon.social at 2026-04-23T19:44:22.000Z ##

🟠 CVE-2026-41230 - High (8.5)

Froxlor is open source server administration software. Prior to version 2.3.6, `DomainZones::add()` accepts arbitrary DNS record types without a whitelist and does not sanitize newline characters in the `content` field. When a DNS type not covered...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41228
(10.0 CRITICAL)

EPSS: 0.06%

updated 2026-04-24T20:53:54

1 posts

## Summary The Froxlor API endpoint `Customers.update` (and `Admins.update`) does not validate the `def_language` parameter against the list of available language files. An authenticated customer can set `def_language` to a path traversal payload (e.g., `../../../../../var/customers/webs/customer1/evil`), which is stored in the database. On subsequent requests, `Language::loadLanguage()` construc

thehackerwire@mastodon.social at 2026-04-23T19:44:04.000Z ##

🔴 CVE-2026-41228 - Critical (9.9)

Froxlor is open source server administration software. Prior to version 2.3.6, the Froxlor API endpoint `Customers.update` (and `Admins.update`) does not validate the `def_language` parameter against the list of available language files. An authen...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41175
(8.1 HIGH)

EPSS: 0.05%

updated 2026-04-24T20:52:07

1 posts

### Impact Manipulating query parameters on Control Panel and REST API endpoints, or arguments in GraphQL queries, could result in the loss of content, assets, and user accounts. The Control Panel requires authentication with minimal permissions in order to exploit. e.g. "view entries" permission to delete entries, or "view users" permission to delete users, etc. The REST and GraphQL API exploi

thehackerwire@mastodon.social at 2026-04-22T23:00:56.000Z ##

🟠 CVE-2026-41175 - High (8.1)

Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.20 and 6.13.0, manipulating query parameters on Control Panel and REST API endpoints, or arguments in GraphQL queries, could result in the loss of conten...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41138
(8.3 HIGH)

EPSS: 0.43%

updated 2026-04-24T20:45:21

1 posts

## Description ### Summary “AirtableAgent” is an agent function provided by FlowiseAI that retrieves search results by accessing private datasets from airtable.com. “AirtableAgent” uses Python, along with `Pyodide` and `Pandas`, to get and return results. The user’s input is directly applied to the question parameter within the prompt template and it is reflected to the Python code without any

thehackerwire@mastodon.social at 2026-04-23T20:30:29.000Z ##

🟠 CVE-2026-41138 - High (8.3)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, there is a remote code execution vulnerability in AirtableAgent.ts caused by lack of input verification when using Pandas. The user’s input ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41133
(8.8 HIGH)

EPSS: 0.03%

updated 2026-04-24T20:42:30

1 posts

### Summary pyLoad caches `role` and `permission` in the session at login and continues to authorize requests using these cached values, even after an admin changes the user's role/permissions in the database. As a result, an already logged-in user can keep old (revoked) privileges until logout/session expiry, enabling continued privileged actions. This is a core authorization/session-consistenc

thehackerwire@mastodon.social at 2026-04-22T21:14:24.000Z ##

🟠 CVE-2026-41133 - High (8.8)

pyLoad is a free and open-source download manager written in Python. Versions up to and including 0.5.0b3.dev97 cache `role` and `permission` in the session at login and continues to authorize requests using these cached values, even after an admi...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41064
(9.3 CRITICAL)

EPSS: 0.03%

updated 2026-04-24T20:41:24

1 posts

### Summary The incomplete fix for AVideo's `test.php` adds `escapeshellarg` for wget but leaves the `file_get_contents` and `curl` code paths unsanitized, and the URL validation regex `/^http/` accepts strings like `httpevil.com`. ### Affected Package - **Ecosystem:** Other - **Package:** AVideo - **Affected versions:** < commit 1e6cf03e93b5 - **Patched versions:** >= commit 1e6cf03e93b5 ###

thehackerwire@mastodon.social at 2026-04-22T21:15:22.000Z ##

🔴 CVE-2026-41064 - Critical (9.3)

WWBN AVideo is an open source video platform. In versions up to and including 29.0, an incomplete fix for AVideo's `test.php` adds `escapeshellarg` for wget but leaves the `file_get_contents` and `curl` code paths unsanitized, and the URL validati...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41059
(8.2 HIGH)

EPSS: 0.13%

updated 2026-04-24T20:40:59

1 posts

### Impact A configuration-dependent authentication bypass exists in OAuth2 Proxy. Deployments are affected when all of the following are true: * Use of `skip_auth_routes` or the legacy `skip_auth_regex` * Use of patterns that can be widened by attacker-controlled suffixes, such as `^/foo/.*/bar$` causing potential exposure of `/foo/secret` * Protected upstream applications that interpret `#

thehackerwire@mastodon.social at 2026-04-22T21:59:51.000Z ##

🟠 CVE-2026-41059 - High (8.2)

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 have a configuration-dependent authentication bypass. Deployments are affected when all of the following are true: Use of `skip_auth...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41492
(9.8 CRITICAL)

EPSS: 0.00%

updated 2026-04-24T20:16:28.470000

4 posts

Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, Dgraphl exposes the process command line through the unauthenticated /debug/vars endpoint on Alpha. Because the admin token is commonly supplied via the --security "token=..." startup flag, an unauthenticated attacker can retrieve that token and replay it in the X-Dgraph-AuthToken header to access admin-only endpoints. This is

offseq at 2026-04-25T01:30:29.932Z ##

⚠️ CRITICAL: dgraph-io Dgraph (< 25.3.3) leaks admin tokens via unauthenticated /debug/vars endpoint. Attackers can gain admin access! Patch to 25.3.3+ ASAP. CVE-2026-41492 | More: radar.offseq.com/threat/cve-20

##

thehackerwire@mastodon.social at 2026-04-24T19:41:02.000Z ##

🔴 CVE-2026-41492 - Critical (9.8)

Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, Dgraphl exposes the process command line through the unauthenticated /debug/vars endpoint on Alpha. Because the admin token is commonly supplied via the --security "token=..."...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-04-25T01:30:29.000Z ##

⚠️ CRITICAL: dgraph-io Dgraph (< 25.3.3) leaks admin tokens via unauthenticated /debug/vars endpoint. Attackers can gain admin access! Patch to 25.3.3+ ASAP. CVE-2026-41492 | More: radar.offseq.com/threat/cve-20 #OffSeq #CVE202641492 #Dgraph #Vulnerability

##

thehackerwire@mastodon.social at 2026-04-24T19:41:02.000Z ##

🔴 CVE-2026-41492 - Critical (9.8)

Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, Dgraphl exposes the process command line through the unauthenticated /debug/vars endpoint on Alpha. Because the admin token is commonly supplied via the --security "token=..."...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2024-57726
(9.9 CRITICAL)

EPSS: 0.31%

updated 2026-04-24T19:26:52.160000

6 posts

SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role.

secdb at 2026-04-24T20:00:16.913Z ##

🚨 [CISA-2026:0424] CISA Adds 4 Known Exploited Vulnerabilities to Catalog (secdb.nttzen.cloud/security-ad)

CISA has added 4 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2024-57726 (secdb.nttzen.cloud/cve/detail/)
- Name: SimpleHelp Missing Authorization Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SimpleHelp
- Product: SimpleHelp
- Notes: simple-help.com/kb---security- ; nvd.nist.gov/vuln/detail/CVE-2

⚠️ CVE-2024-57728 (secdb.nttzen.cloud/cve/detail/)
- Name: SimpleHelp Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SimpleHelp
- Product: SimpleHelp
- Notes: simple-help.com/kb---security- ; nvd.nist.gov/vuln/detail/CVE-2

⚠️ CVE-2024-7399 (secdb.nttzen.cloud/cve/detail/)
- Name: Samsung MagicINFO 9 Server Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Samsung
- Product: MagicINFO 9 Server
- Notes: security.samsungtv.com/securit ; nvd.nist.gov/vuln/detail/CVE-2

⚠️ CVE-2025-29635 (secdb.nttzen.cloud/cve/detail/)
- Name: D-Link DIR-823X Command Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: D-Link
- Product: DIR-823X
- Notes: supportannouncement.us.dlink.c ; nvd.nist.gov/vuln/detail/CVE-2

##

cisakevtracker@mastodon.social at 2026-04-24T18:01:38.000Z ##

CVE ID: CVE-2024-57726
Vendor: SimpleHelp
Product: SimpleHelp
Date Added: 2026-04-24
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

AAKL at 2026-04-24T17:29:17.855Z ##

Broadcom has a new advisory for a critical vulnerability:

Common Components and Services for z/OS 15.0 Vulnerability in CCS Apache Tomcat support.broadcom.com/web/ecx/s

CISA has updated the KEV catalogue:

- CVE-2024-57726: SimpleHelp Missing Authorization Vulnerability cve.org/CVERecord?id=CVE-2024-

- CVE-2024-57728: SimpleHelp Path Traversal Vulnerability cve.org/CVERecord?id=CVE-2024-

- CVE-2024-7399: Samsung MagicINFO 9 Server Path Traversal Vulnerability cve.org/CVERecord?id=CVE-2024-

- CVE-2025-29635: D-Link DIR-823X Command Injection Vulnerability cve.org/CVERecord?id=CVE-2025-

Cisco has two advisories for high-severity vulnerabilities:

- CVE-2023-20185: Cisco ACI Multi-Site CloudSec Encryption Information Disclosure Vulnerability sec.cloudapps.cisco.com/securi

- Informational, updated today: Continued Evolution of Persistence Mechanism Against Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense sec.cloudapps.cisco.com/securi @TalosSecurity

##

secdb@infosec.exchange at 2026-04-24T20:00:16.000Z ##

🚨 [CISA-2026:0424] CISA Adds 4 Known Exploited Vulnerabilities to Catalog (secdb.nttzen.cloud/security-ad)

CISA has added 4 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2024-57726 (secdb.nttzen.cloud/cve/detail/)
- Name: SimpleHelp Missing Authorization Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SimpleHelp
- Product: SimpleHelp
- Notes: simple-help.com/kb---security- ; nvd.nist.gov/vuln/detail/CVE-2

⚠️ CVE-2024-57728 (secdb.nttzen.cloud/cve/detail/)
- Name: SimpleHelp Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SimpleHelp
- Product: SimpleHelp
- Notes: simple-help.com/kb---security- ; nvd.nist.gov/vuln/detail/CVE-2

⚠️ CVE-2024-7399 (secdb.nttzen.cloud/cve/detail/)
- Name: Samsung MagicINFO 9 Server Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Samsung
- Product: MagicINFO 9 Server
- Notes: security.samsungtv.com/securit ; nvd.nist.gov/vuln/detail/CVE-2

⚠️ CVE-2025-29635 (secdb.nttzen.cloud/cve/detail/)
- Name: D-Link DIR-823X Command Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: D-Link
- Product: DIR-823X
- Notes: supportannouncement.us.dlink.c ; nvd.nist.gov/vuln/detail/CVE-2

#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260424 #cisa20260424 #cve_2024_57726 #cve_2024_57728 #cve_2024_7399 #cve_2025_29635 #cve202457726 #cve202457728 #cve20247399 #cve202529635

##

cisakevtracker@mastodon.social at 2026-04-24T18:01:38.000Z ##

CVE ID: CVE-2024-57726
Vendor: SimpleHelp
Product: SimpleHelp
Date Added: 2026-04-24
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

AAKL@infosec.exchange at 2026-04-24T17:29:17.000Z ##

Broadcom has a new advisory for a critical vulnerability:

Common Components and Services for z/OS 15.0 Vulnerability in CCS Apache Tomcat support.broadcom.com/web/ecx/s #Broadcom #Apache

CISA has updated the KEV catalogue:

- CVE-2024-57726: SimpleHelp Missing Authorization Vulnerability cve.org/CVERecord?id=CVE-2024-

- CVE-2024-57728: SimpleHelp Path Traversal Vulnerability cve.org/CVERecord?id=CVE-2024-

- CVE-2024-7399: Samsung MagicINFO 9 Server Path Traversal Vulnerability cve.org/CVERecord?id=CVE-2024-

- CVE-2025-29635: D-Link DIR-823X Command Injection Vulnerability cve.org/CVERecord?id=CVE-2025- #CISA #Samsung #DLink

Cisco has two advisories for high-severity vulnerabilities:

- CVE-2023-20185: Cisco ACI Multi-Site CloudSec Encryption Information Disclosure Vulnerability sec.cloudapps.cisco.com/securi

- Informational, updated today: Continued Evolution of Persistence Mechanism Against Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense sec.cloudapps.cisco.com/securi @TalosSecurity #Cisco #infosec #vulnerability

##

CVE-2026-41327
(9.1 CRITICAL)

EPSS: 0.00%

updated 2026-04-24T19:17:12.407000

6 posts

Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default configuration where ACL is not enabled. The attack is a single HTTP POST to /mutate?commitNow=true containing a crafted cond field in an upsert mutation. The con

offseq at 2026-04-25T03:00:27.929Z ##

🚨 CRITICAL vuln: CVE-2026-41327 in dgraph-io dgraph (<25.3.3). Unauthenticated attacker can exfiltrate all DB data with a crafted POST via upsert mutation. Upgrade to 25.3.3+ or enable ACL ASAP! radar.offseq.com/threat/cve-20

##

thehackerwire@mastodon.social at 2026-04-24T19:44:11.000Z ##

🔴 CVE-2026-41327 - Critical (9.1)

Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default configur...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T19:41:35.000Z ##

🔴 CVE-2026-41327 - Critical (9.1)

Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default configur...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-04-25T03:00:27.000Z ##

🚨 CRITICAL vuln: CVE-2026-41327 in dgraph-io dgraph (<25.3.3). Unauthenticated attacker can exfiltrate all DB data with a crafted POST via upsert mutation. Upgrade to 25.3.3+ or enable ACL ASAP! radar.offseq.com/threat/cve-20 #OffSeq #Vuln #GraphQL #DataLeak

##

thehackerwire@mastodon.social at 2026-04-24T19:44:11.000Z ##

🔴 CVE-2026-41327 - Critical (9.1)

Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default configur...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T19:41:35.000Z ##

🔴 CVE-2026-41327 - Critical (9.1)

Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default configur...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41273
(8.2 HIGH)

EPSS: 0.09%

updated 2026-04-24T19:17:11.530000

2 posts

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise contains an authentication bypass vulnerability that allows an unauthenticated attacker to obtain OAuth 2.0 access tokens associated with a public chatflow. By accessing a public chatflow configuration endpoint, an attacker can retrieve internal workflow data, including OAuth credential

thehackerwire@mastodon.social at 2026-04-25T01:11:29.000Z ##

🟠 CVE-2026-41273 - High (8.2)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise contains an authentication bypass vulnerability that allows an unauthenticated attacker to obtain OAuth 2.0 access tokens associated w...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-25T01:11:29.000Z ##

🟠 CVE-2026-41273 - High (8.2)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise contains an authentication bypass vulnerability that allows an unauthenticated attacker to obtain OAuth 2.0 access tokens associated w...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33524
(7.5 HIGH)

EPSS: 0.00%

updated 2026-04-24T19:17:09.850000

2 posts

Zserio is a framework for serializing structured data with a compact and efficient way with low overhead. Prior to 2.18.1, a crafted payload as small as 4-5 bytes can force memory allocations of up to 16 GB, crashing any process with an OOM error (Denial of Service). This vulnerability is fixed in 2.18.1.

thehackerwire@mastodon.social at 2026-04-24T19:41:46.000Z ##

🟠 CVE-2026-33524 - High (7.5)

Zserio is a framework for serializing structured data with a compact and efficient way with low overhead. Prior to 2.18.1, a crafted payload as small as 4-5 bytes can force memory allocations of up to 16 GB, crashing any process with an OOM error ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T19:41:46.000Z ##

🟠 CVE-2026-33524 - High (7.5)

Zserio is a framework for serializing structured data with a compact and efficient way with low overhead. Prior to 2.18.1, a crafted payload as small as 4-5 bytes can force memory allocations of up to 16 GB, crashing any process with an OOM error ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2024-57728
(7.2 HIGH)

EPSS: 1.17%

updated 2026-04-24T18:31:38

6 posts

SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user.

secdb at 2026-04-24T20:00:16.913Z ##

🚨 [CISA-2026:0424] CISA Adds 4 Known Exploited Vulnerabilities to Catalog (secdb.nttzen.cloud/security-ad)

CISA has added 4 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2024-57726 (secdb.nttzen.cloud/cve/detail/)
- Name: SimpleHelp Missing Authorization Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SimpleHelp
- Product: SimpleHelp
- Notes: simple-help.com/kb---security- ; nvd.nist.gov/vuln/detail/CVE-2

⚠️ CVE-2024-57728 (secdb.nttzen.cloud/cve/detail/)
- Name: SimpleHelp Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SimpleHelp
- Product: SimpleHelp
- Notes: simple-help.com/kb---security- ; nvd.nist.gov/vuln/detail/CVE-2

⚠️ CVE-2024-7399 (secdb.nttzen.cloud/cve/detail/)
- Name: Samsung MagicINFO 9 Server Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Samsung
- Product: MagicINFO 9 Server
- Notes: security.samsungtv.com/securit ; nvd.nist.gov/vuln/detail/CVE-2

⚠️ CVE-2025-29635 (secdb.nttzen.cloud/cve/detail/)
- Name: D-Link DIR-823X Command Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: D-Link
- Product: DIR-823X
- Notes: supportannouncement.us.dlink.c ; nvd.nist.gov/vuln/detail/CVE-2

##

cisakevtracker@mastodon.social at 2026-04-24T18:01:23.000Z ##

CVE ID: CVE-2024-57728
Vendor: SimpleHelp
Product: SimpleHelp
Date Added: 2026-04-24
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

AAKL at 2026-04-24T17:29:17.855Z ##

Broadcom has a new advisory for a critical vulnerability:

Common Components and Services for z/OS 15.0 Vulnerability in CCS Apache Tomcat support.broadcom.com/web/ecx/s

CISA has updated the KEV catalogue:

- CVE-2024-57726: SimpleHelp Missing Authorization Vulnerability cve.org/CVERecord?id=CVE-2024-

- CVE-2024-57728: SimpleHelp Path Traversal Vulnerability cve.org/CVERecord?id=CVE-2024-

- CVE-2024-7399: Samsung MagicINFO 9 Server Path Traversal Vulnerability cve.org/CVERecord?id=CVE-2024-

- CVE-2025-29635: D-Link DIR-823X Command Injection Vulnerability cve.org/CVERecord?id=CVE-2025-

Cisco has two advisories for high-severity vulnerabilities:

- CVE-2023-20185: Cisco ACI Multi-Site CloudSec Encryption Information Disclosure Vulnerability sec.cloudapps.cisco.com/securi

- Informational, updated today: Continued Evolution of Persistence Mechanism Against Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense sec.cloudapps.cisco.com/securi @TalosSecurity

##

secdb@infosec.exchange at 2026-04-24T20:00:16.000Z ##

🚨 [CISA-2026:0424] CISA Adds 4 Known Exploited Vulnerabilities to Catalog (secdb.nttzen.cloud/security-ad)

CISA has added 4 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2024-57726 (secdb.nttzen.cloud/cve/detail/)
- Name: SimpleHelp Missing Authorization Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SimpleHelp
- Product: SimpleHelp
- Notes: simple-help.com/kb---security- ; nvd.nist.gov/vuln/detail/CVE-2

⚠️ CVE-2024-57728 (secdb.nttzen.cloud/cve/detail/)
- Name: SimpleHelp Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SimpleHelp
- Product: SimpleHelp
- Notes: simple-help.com/kb---security- ; nvd.nist.gov/vuln/detail/CVE-2

⚠️ CVE-2024-7399 (secdb.nttzen.cloud/cve/detail/)
- Name: Samsung MagicINFO 9 Server Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Samsung
- Product: MagicINFO 9 Server
- Notes: security.samsungtv.com/securit ; nvd.nist.gov/vuln/detail/CVE-2

⚠️ CVE-2025-29635 (secdb.nttzen.cloud/cve/detail/)
- Name: D-Link DIR-823X Command Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: D-Link
- Product: DIR-823X
- Notes: supportannouncement.us.dlink.c ; nvd.nist.gov/vuln/detail/CVE-2

#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260424 #cisa20260424 #cve_2024_57726 #cve_2024_57728 #cve_2024_7399 #cve_2025_29635 #cve202457726 #cve202457728 #cve20247399 #cve202529635

##

cisakevtracker@mastodon.social at 2026-04-24T18:01:23.000Z ##

CVE ID: CVE-2024-57728
Vendor: SimpleHelp
Product: SimpleHelp
Date Added: 2026-04-24
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

AAKL@infosec.exchange at 2026-04-24T17:29:17.000Z ##

Broadcom has a new advisory for a critical vulnerability:

Common Components and Services for z/OS 15.0 Vulnerability in CCS Apache Tomcat support.broadcom.com/web/ecx/s #Broadcom #Apache

CISA has updated the KEV catalogue:

- CVE-2024-57726: SimpleHelp Missing Authorization Vulnerability cve.org/CVERecord?id=CVE-2024-

- CVE-2024-57728: SimpleHelp Path Traversal Vulnerability cve.org/CVERecord?id=CVE-2024-

- CVE-2024-7399: Samsung MagicINFO 9 Server Path Traversal Vulnerability cve.org/CVERecord?id=CVE-2024-

- CVE-2025-29635: D-Link DIR-823X Command Injection Vulnerability cve.org/CVERecord?id=CVE-2025- #CISA #Samsung #DLink

Cisco has two advisories for high-severity vulnerabilities:

- CVE-2023-20185: Cisco ACI Multi-Site CloudSec Encryption Information Disclosure Vulnerability sec.cloudapps.cisco.com/securi

- Informational, updated today: Continued Evolution of Persistence Mechanism Against Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense sec.cloudapps.cisco.com/securi @TalosSecurity #Cisco #infosec #vulnerability

##

CVE-2026-39920
(9.8 CRITICAL)

EPSS: 0.00%

updated 2026-04-24T18:31:18

2 posts

BridgeHead FileStore versions prior to 24A (released in early 2024) expose the Apache Axis2 administration module on network-accessible endpoints with default credentials that allows unauthenticated remote attackers to execute arbitrary OS commands. Attackers can authenticate to the admin console using default credentials, upload a malicious Java archive as a web service, and execute arbitrary com

thehackerwire@mastodon.social at 2026-04-24T20:07:25.000Z ##

🔴 CVE-2026-39920 - Critical (9.8)

BridgeHead FileStore versions prior to 24A (released in early 2024) expose the Apache Axis2 administration module on network-accessible endpoints with default credentials that allows unauthenticated remote attackers to execute arbitrary OS command...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T20:07:25.000Z ##

🔴 CVE-2026-39920 - Critical (9.8)

BridgeHead FileStore versions prior to 24A (released in early 2024) expose the Apache Axis2 administration module on network-accessible endpoints with default credentials that allows unauthenticated remote attackers to execute arbitrary OS command...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-29635
(8.8 HIGH)

EPSS: 1.25%

updated 2026-04-24T18:30:36

7 posts

A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting via the corresponding function, triggering remote command execution.

secdb at 2026-04-24T20:00:16.913Z ##

🚨 [CISA-2026:0424] CISA Adds 4 Known Exploited Vulnerabilities to Catalog (secdb.nttzen.cloud/security-ad)

CISA has added 4 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2024-57726 (secdb.nttzen.cloud/cve/detail/)
- Name: SimpleHelp Missing Authorization Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SimpleHelp
- Product: SimpleHelp
- Notes: simple-help.com/kb---security- ; nvd.nist.gov/vuln/detail/CVE-2

⚠️ CVE-2024-57728 (secdb.nttzen.cloud/cve/detail/)
- Name: SimpleHelp Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SimpleHelp
- Product: SimpleHelp
- Notes: simple-help.com/kb---security- ; nvd.nist.gov/vuln/detail/CVE-2

⚠️ CVE-2024-7399 (secdb.nttzen.cloud/cve/detail/)
- Name: Samsung MagicINFO 9 Server Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Samsung
- Product: MagicINFO 9 Server
- Notes: security.samsungtv.com/securit ; nvd.nist.gov/vuln/detail/CVE-2

⚠️ CVE-2025-29635 (secdb.nttzen.cloud/cve/detail/)
- Name: D-Link DIR-823X Command Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: D-Link
- Product: DIR-823X
- Notes: supportannouncement.us.dlink.c ; nvd.nist.gov/vuln/detail/CVE-2

##

cisakevtracker@mastodon.social at 2026-04-24T18:00:52.000Z ##

CVE ID: CVE-2025-29635
Vendor: D-Link
Product: DIR-823X
Date Added: 2026-04-24
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

netsecio@mastodon.social at 2026-04-24T17:50:14.000Z ##

📰 Mirai Botnet Exploits Critical Flaw in Discontinued D-Link Routers for DDoS Attacks

🚨 A new Mirai botnet campaign is exploiting a critical RCE flaw (CVE-2025-29635) in discontinued D-Link routers. The devices are EoL and will not be patched. Disconnect them now to prevent them from joining a DDoS botnet! #Mirai #Botnet #IoT #DLink

🔗 cyber.netsecops.io/articles/mi

##

AAKL at 2026-04-24T17:29:17.855Z ##

Broadcom has a new advisory for a critical vulnerability:

Common Components and Services for z/OS 15.0 Vulnerability in CCS Apache Tomcat support.broadcom.com/web/ecx/s

CISA has updated the KEV catalogue:

- CVE-2024-57726: SimpleHelp Missing Authorization Vulnerability cve.org/CVERecord?id=CVE-2024-

- CVE-2024-57728: SimpleHelp Path Traversal Vulnerability cve.org/CVERecord?id=CVE-2024-

- CVE-2024-7399: Samsung MagicINFO 9 Server Path Traversal Vulnerability cve.org/CVERecord?id=CVE-2024-

- CVE-2025-29635: D-Link DIR-823X Command Injection Vulnerability cve.org/CVERecord?id=CVE-2025-

Cisco has two advisories for high-severity vulnerabilities:

- CVE-2023-20185: Cisco ACI Multi-Site CloudSec Encryption Information Disclosure Vulnerability sec.cloudapps.cisco.com/securi

- Informational, updated today: Continued Evolution of Persistence Mechanism Against Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense sec.cloudapps.cisco.com/securi @TalosSecurity

##

secdb@infosec.exchange at 2026-04-24T20:00:16.000Z ##

🚨 [CISA-2026:0424] CISA Adds 4 Known Exploited Vulnerabilities to Catalog (secdb.nttzen.cloud/security-ad)

CISA has added 4 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2024-57726 (secdb.nttzen.cloud/cve/detail/)
- Name: SimpleHelp Missing Authorization Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SimpleHelp
- Product: SimpleHelp
- Notes: simple-help.com/kb---security- ; nvd.nist.gov/vuln/detail/CVE-2

⚠️ CVE-2024-57728 (secdb.nttzen.cloud/cve/detail/)
- Name: SimpleHelp Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SimpleHelp
- Product: SimpleHelp
- Notes: simple-help.com/kb---security- ; nvd.nist.gov/vuln/detail/CVE-2

⚠️ CVE-2024-7399 (secdb.nttzen.cloud/cve/detail/)
- Name: Samsung MagicINFO 9 Server Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Samsung
- Product: MagicINFO 9 Server
- Notes: security.samsungtv.com/securit ; nvd.nist.gov/vuln/detail/CVE-2

⚠️ CVE-2025-29635 (secdb.nttzen.cloud/cve/detail/)
- Name: D-Link DIR-823X Command Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: D-Link
- Product: DIR-823X
- Notes: supportannouncement.us.dlink.c ; nvd.nist.gov/vuln/detail/CVE-2

#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260424 #cisa20260424 #cve_2024_57726 #cve_2024_57728 #cve_2024_7399 #cve_2025_29635 #cve202457726 #cve202457728 #cve20247399 #cve202529635

##

cisakevtracker@mastodon.social at 2026-04-24T18:00:52.000Z ##

CVE ID: CVE-2025-29635
Vendor: D-Link
Product: DIR-823X
Date Added: 2026-04-24
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

AAKL@infosec.exchange at 2026-04-24T17:29:17.000Z ##

Broadcom has a new advisory for a critical vulnerability:

Common Components and Services for z/OS 15.0 Vulnerability in CCS Apache Tomcat support.broadcom.com/web/ecx/s #Broadcom #Apache

CISA has updated the KEV catalogue:

- CVE-2024-57726: SimpleHelp Missing Authorization Vulnerability cve.org/CVERecord?id=CVE-2024-

- CVE-2024-57728: SimpleHelp Path Traversal Vulnerability cve.org/CVERecord?id=CVE-2024-

- CVE-2024-7399: Samsung MagicINFO 9 Server Path Traversal Vulnerability cve.org/CVERecord?id=CVE-2024-

- CVE-2025-29635: D-Link DIR-823X Command Injection Vulnerability cve.org/CVERecord?id=CVE-2025- #CISA #Samsung #DLink

Cisco has two advisories for high-severity vulnerabilities:

- CVE-2023-20185: Cisco ACI Multi-Site CloudSec Encryption Information Disclosure Vulnerability sec.cloudapps.cisco.com/securi

- Informational, updated today: Continued Evolution of Persistence Mechanism Against Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense sec.cloudapps.cisco.com/securi @TalosSecurity #Cisco #infosec #vulnerability

##

CVE-2026-41066
(7.5 HIGH)

EPSS: 0.00%

updated 2026-04-24T17:56:41.280000

2 posts

lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration (with resolve_entities=True) allows untrusted XML input to read local files. Setting the resolve_entities option explicitly to resolve_entities='internal' or resolve_entities=False disables the local file access. This vulnerability is fixed in 6.1.0.

thehackerwire@mastodon.social at 2026-04-24T19:44:51.000Z ##

🟠 CVE-2026-41066 - High (7.5)

lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration (with resolve_entities=True) allows untrusted XML input to read local files. Setting the resolve_ent...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T19:44:51.000Z ##

🟠 CVE-2026-41066 - High (7.5)

lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration (with resolve_entities=True) allows untrusted XML input to read local files. Setting the resolve_ent...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6912
(8.8 HIGH)

EPSS: 0.00%

updated 2026-04-24T17:56:41.280000

4 posts

Improperly controlled modification of dynamically-determined object attributes in the Cognito User Pool configuration in AWS Ops Wheel before PR #165 allows remote authenticated users to escalate to deployment admin privileges and manage Cognito user accounts via a crafted UpdateUserAttributes API call that sets the custom:deployment_admin attribute. To remediate this issue, users should redeploy

thehackerwire@mastodon.social at 2026-04-24T19:42:23.000Z ##

🟠 CVE-2026-6912 - High (8.8)

Improperly controlled modification of dynamically-determined object attributes in the Cognito User Pool configuration in AWS Ops Wheel before PR #165 allows remote authenticated users to escalate to deployment admin privileges and manage Cognito u...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

awssecurityfeed at 2026-04-24T17:00:01.107Z ##

Issue with AWS Ops Wheel (CVE-2026-6911 and CVE-2026-6912

Bulletin ID: 2026-018-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/04/24 09:15 AM PDT
Description:
AWS Ops Wheel is an open-source tool that helps teams make random selections using a virtua...

aws.amazon.com/security/securi

##

thehackerwire@mastodon.social at 2026-04-24T19:42:23.000Z ##

🟠 CVE-2026-6912 - High (8.8)

Improperly controlled modification of dynamically-determined object attributes in the Cognito User Pool configuration in AWS Ops Wheel before PR #165 allows remote authenticated users to escalate to deployment admin privileges and manage Cognito u...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

awssecurityfeed@infosec.exchange at 2026-04-24T17:00:01.000Z ##

Issue with AWS Ops Wheel (CVE-2026-6911 and CVE-2026-6912

Bulletin ID: 2026-018-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/04/24 09:15 AM PDT
Description:
AWS Ops Wheel is an open-source tool that helps teams make random selections using a virtua...

aws.amazon.com/security/securi

#aws #security

##

CVE-2026-41068
(7.7 HIGH)

EPSS: 0.03%

updated 2026-04-24T17:16:21.240000

1 posts

Kyverno is a policy engine designed for cloud native platform engineering teams. The patch for CVE-2026-22039 fixed cross-namespace privilege escalation in Kyverno's `apiCall` context by validating the `URLPath` field. However, the ConfigMap context loader has the identical vulnerability — the `configMap.namespace` field accepts any namespace with zero validation, allowing a namespace admin to rea

thehackerwire@mastodon.social at 2026-04-24T05:45:52.000Z ##

🟠 CVE-2026-41068 - High (7.7)

Kyverno is a policy engine designed for cloud native platform engineering teams. The patch for CVE-2026-22039 fixed cross-namespace privilege escalation in Kyverno's `apiCall` context by validating the `URLPath` field. However, the ConfigMap conte...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-34063
(7.5 HIGH)

EPSS: 0.04%

updated 2026-04-24T17:12:23.350000

1 posts

Nimiq's network-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, `network-libp2p` discovery uses a libp2p `ConnectionHandler` state machine. the handler assumes there is at most one inbound and one outbound discovery substream per connection. if a remote peer opens/negotiate the discovery protocol substream a second time on the same connection, the handler hits a `

thehackerwire@mastodon.social at 2026-04-22T21:00:08.000Z ##

🟠 CVE-2026-34063 - High (7.5)

Nimiq's network-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, `network-libp2p` discovery uses a libp2p `ConnectionHandler` state machine. the handler assumes there is at most one inbound and one outbound discove...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33471
(9.6 CRITICAL)

EPSS: 0.03%

updated 2026-04-24T17:11:40.037000

2 posts

nimiq-block contains block primitives to be used in Nimiq's Rust implementation. `SkipBlockProof::verify` computes its quorum check using `BitSet.len()`, then iterates `BitSet` indices and casts each `usize` index to `u16` (`slot as u16`) for slot lookup. Prior to version 1.3.0, if an attacker can get a `SkipBlockProof` verified where `MultiSignature.signers` contains out-of-range indices spaced b

offseq@infosec.exchange at 2026-04-23T00:00:39.000Z ##

🔥 CRITICAL vuln in nimiq-block (<1.3.0): Flawed input validation in SkipBlockProof::verify lets attackers bypass PoS quorum using crafted indices. Patch in v1.3.0 — upgrade ASAP! CVE-2026-33471 radar.offseq.com/threat/cve-20 #OffSeq #Rust #Security #Blockchain

##

thehackerwire@mastodon.social at 2026-04-22T20:59:59.000Z ##

🔴 CVE-2026-33471 - Critical (9.6)

nimiq-block contains block primitives to be used in Nimiq's Rust implementation. `SkipBlockProof::verify` computes its quorum check using `BitSet.len()`, then iterates `BitSet` indices and casts each `usize` index to `u16` (`slot as u16`) for slot...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6919
(9.6 CRITICAL)

EPSS: 0.03%

updated 2026-04-24T16:39:50.947000

2 posts

Use after free in DevTools in Google Chrome prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

thehackerwire@mastodon.social at 2026-04-25T02:00:12.000Z ##

🔴 CVE-2026-6919 - Critical (9.6)

Use after free in DevTools in Google Chrome prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-25T02:00:12.000Z ##

🔴 CVE-2026-6919 - Critical (9.6)

Use after free in DevTools in Google Chrome prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6920
(9.6 CRITICAL)

EPSS: 0.07%

updated 2026-04-24T16:39:41.147000

2 posts

Out of bounds read in GPU in Google Chrome on Android prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Matchbook3469@mastodon.social at 2026-04-24T23:08:14.000Z ##

🔴 New security advisory:

CVE-2026-6920 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
yazoul.net/advisory/cve/cve-20

#CVE #PatchNow #InfoSecCommunity

##

thehackerwire@mastodon.social at 2026-04-23T19:00:44.000Z ##

🟠 CVE-2026-6920 - High (7.5)

Out of bounds read in GPU in Google Chrome on Android prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41271
(8.3 HIGH)

EPSS: 0.05%

updated 2026-04-24T16:37:54.877000

2 posts

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery (SSRF) vulnerability exists in FlowiseAI's POST/GET API Chain components that allows unauthenticated attackers to force the server to make arbitrary HTTP requests to internal and external systems. By injecting malicious prompt templates, attackers can bypass the in

thehackerwire@mastodon.social at 2026-04-25T01:11:19.000Z ##

🟠 CVE-2026-41271 - High (8.3)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery (SSRF) vulnerability exists in FlowiseAI's POST/GET API Chain components that allows unauthenticated attackers t...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-25T01:11:19.000Z ##

🟠 CVE-2026-41271 - High (8.3)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery (SSRF) vulnerability exists in FlowiseAI's POST/GET API Chain components that allows unauthenticated attackers t...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41279
(7.5 HIGH)

EPSS: 0.04%

updated 2026-04-24T16:31:36.040000

2 posts

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the text-to-speech generation endpoint (POST /api/v1/text-to-speech/generate) is whitelisted (no auth) and accepts a credentialId directly in the request body. When called without a chatflowId, the endpoint uses the provided credentialId to decrypt the stored credential (e.g., OpenAI or ElevenL

thehackerwire@mastodon.social at 2026-04-25T01:10:36.000Z ##

🟠 CVE-2026-41279 - High (7.5)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the text-to-speech generation endpoint (POST /api/v1/text-to-speech/generate) is whitelisted (no auth) and accepts a credentialId directly in ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-25T01:10:36.000Z ##

🟠 CVE-2026-41279 - High (7.5)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the text-to-speech generation endpoint (POST /api/v1/text-to-speech/generate) is whitelisted (no auth) and accepts a credentialId directly in ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41328
(9.1 CRITICAL)

EPSS: 0.00%

updated 2026-04-24T15:41:45

2 posts

## 1. Executive Summary A vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default configuration where ACL is not enabled. The attack requires two HTTP POSTs to port 8080. The first sets up a schema predicate with `@unique @index(exact) @lang` via `/alter` (also unauthenticated in default

thehackerwire@mastodon.social at 2026-04-24T19:41:36.000Z ##

🔴 CVE-2026-41328 - Critical (9.1)

Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default configur...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T19:41:36.000Z ##

🔴 CVE-2026-41328 - Critical (9.1)

Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default configur...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-21728
(7.5 HIGH)

EPSS: 0.01%

updated 2026-04-24T15:33:39

2 posts

Tempo queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy. Mitigation can be done by setting max_result_limit in the search config, e.g. to 262144 (2^18).

thehackerwire@mastodon.social at 2026-04-24T22:00:34.000Z ##

🟠 CVE-2026-21728 - High (7.5)

Tempo queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy.

Mitigation can be done by setting max_result_limit in the search config, e.g. to 262144 (2^...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T22:00:34.000Z ##

🟠 CVE-2026-21728 - High (7.5)

Tempo queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy.

Mitigation can be done by setting max_result_limit in the search config, e.g. to 262144 (2^...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-21515
(10.0 CRITICAL)

EPSS: 0.00%

updated 2026-04-24T15:32:39

2 posts

Exposure of sensitive information to an unauthorized actor in Azure IOT Central allows an authorized attacker to elevate privileges over a network.

thehackerwire@mastodon.social at 2026-04-24T20:07:44.000Z ##

🔴 CVE-2026-21515 - Critical (9.9)

Exposure of sensitive information to an unauthorized actor in Azure IOT Central allows an authorized attacker to elevate privileges over a network.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T20:07:44.000Z ##

🔴 CVE-2026-21515 - Critical (9.9)

Exposure of sensitive information to an unauthorized actor in Azure IOT Central allows an authorized attacker to elevate privileges over a network.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41246
(8.1 HIGH)

EPSS: 0.07%

updated 2026-04-24T15:19:50

1 posts

### Impact Contour's [Cookie Rewriting](https://projectcontour.io/docs/1.33/config/cookie-rewriting/) feature is vulnerable to Lua code injection. An attacker with RBAC permissions to create or modify `HTTPProxy` resources can craft a malicious value in the following fields that results in arbitrary code execution in the Envoy proxy: - `spec.routes[].cookieRewritePolicies[].pathRewrite.value` -

thehackerwire@mastodon.social at 2026-04-23T19:32:39.000Z ##

🟠 CVE-2026-41246 - High (8.1)

Contour is a Kubernetes ingress controller using Envoy proxy. From v1.19.0 to before v1.33.4, v1.32.5, and v1.31.6, Contour's Cookie Rewriting feature is vulnerable to Lua code injection. An attacker with RBAC permissions to create or modify HTTPP...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41137
(8.8 HIGH)

EPSS: 0.62%

updated 2026-04-24T15:15:47.703000

2 posts

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, The CSVAgent allows providing a custom Pandas CSV read code. Due to lack of sanitization, an attacker can provide a command injection payload that will get interpolated and executed by the server. This vulnerability is fixed in 3.1.0.

thehackerwire@mastodon.social at 2026-04-25T01:11:39.000Z ##

🟠 CVE-2026-41137 - High (8.8)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, The CSVAgent allows providing a custom Pandas CSV read code. Due to lack of sanitization, an attacker can provide a command injection payload ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-25T01:11:39.000Z ##

🟠 CVE-2026-41137 - High (8.8)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, The CSVAgent allows providing a custom Pandas CSV read code. Due to lack of sanitization, an attacker can provide a command injection payload ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41264
(9.8 CRITICAL)

EPSS: 0.11%

updated 2026-04-24T15:15:17.923000

2 posts

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the specific flaw exists within the run method of the CSV_Agents class. The issue results from the lack of proper sandboxing when evaluating an LLM generated python script. An attacker can leverage this vulnerability to execute code in the context of the user running the server. Using prompt in

thehackerwire@mastodon.social at 2026-04-25T01:59:53.000Z ##

🔴 CVE-2026-41264 - Critical (9.8)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the specific flaw exists within the run method of the CSV_Agents class. The issue results from the lack of proper sandboxing when evaluating a...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-25T01:59:53.000Z ##

🔴 CVE-2026-41264 - Critical (9.8)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the specific flaw exists within the run method of the CSV_Agents class. The issue results from the lack of proper sandboxing when evaluating a...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41265
(9.8 CRITICAL)

EPSS: 0.06%

updated 2026-04-24T15:15:09.260000

2 posts

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the specific flaw exists within the run method of the Airtable_Agents class. The issue results from the lack of proper sandboxing when evaluating an LLM generated python script. Using prompt injection techniques, an unauthenticated attacker with the ability to send prompts to a chatflow using t

thehackerwire@mastodon.social at 2026-04-25T02:00:02.000Z ##

🔴 CVE-2026-41265 - Critical (9.8)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the specific flaw exists within the run method of the Airtable_Agents class. The issue results from the lack of proper sandboxing when evaluat...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-25T02:00:02.000Z ##

🔴 CVE-2026-41265 - Critical (9.8)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the specific flaw exists within the run method of the Airtable_Agents class. The issue results from the lack of proper sandboxing when evaluat...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41267
(8.1 HIGH)

EPSS: 0.04%

updated 2026-04-24T15:14:48.233000

1 posts

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, an improper mass assignment (JSON injection) vulnerability in the account registration endpoint of Flowise Cloud allows unauthenticated attackers to inject server-managed fields and nested objects during account creation. This enables client-controlled manipulation of ownership metadata, timest

thehackerwire@mastodon.social at 2026-04-23T20:30:10.000Z ##

🟠 CVE-2026-41267 - High (8.1)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, an improper mass assignment (JSON injection) vulnerability in the account registration endpoint of Flowise Cloud allows unauthenticated attack...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-31952
(7.6 HIGH)

EPSS: 0.06%

updated 2026-04-24T14:50:56.203000

2 posts

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Versions 1.7 through 4.4.0 have an SQL injection vulnerability in the API routes inside the CMS responsible for Filtering DataSets. This allows an authenticated user to to obtain and modify arbitrary data from the Xibo database by injecting specially crafted values in to the AP

thehackerwire@mastodon.social at 2026-04-24T23:01:52.000Z ##

🟠 CVE-2026-31952 - High (7.6)

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Versions 1.7 through 4.4.0 have an SQL injection vulnerability in the API routes inside the CMS responsible for Filtering Dat...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T23:01:52.000Z ##

🟠 CVE-2026-31952 - High (7.6)

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Versions 1.7 through 4.4.0 have an SQL injection vulnerability in the API routes inside the CMS responsible for Filtering Dat...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33694
(0 None)

EPSS: 0.01%

updated 2026-04-24T14:50:56.203000

1 posts

This vulnerability allows an attacker to create a junction, enabling the deletion of arbitrary files with SYSTEM privileges. As a result, this condition potentially facilitates arbitrary code execution, whereby an attacker may exploit the vulnerability to execute malicious code with elevated SYSTEM privileges.

offseq@infosec.exchange at 2026-04-24T10:30:39.000Z ##

🛡️ CrowdStrike LogScale CRITICAL vuln (CVE-2026-40050): unauth path traversal — remote file read risk for self-hosted users. Tenable Nessus for Windows: HIGH vuln (CVE-2026-33694), file deletion & privilege escalation. Patch ASAP! radar.offseq.com/threat/vulner #OffSeq #Vuln #CrowdStrike #Tenable

##

CVE-2026-41316
(8.1 HIGH)

EPSS: 0.08%

updated 2026-04-24T14:50:56.203000

1 posts

ERB is a templating system for Ruby. Ruby 2.7.0 (before ERB 2.2.0 was published on rubygems.org) introduced an `@_init` instance variable guard in `ERB#result` and `ERB#run` to prevent code execution when an ERB object is reconstructed via `Marshal.load` (deserialization). However, three other public methods that also evaluate `@src` via `eval()` were not given the same guard: `ERB#def_method`, `E

thehackerwire@mastodon.social at 2026-04-24T03:57:15.000Z ##

🟠 CVE-2026-41316 - High (8.1)

ERB is a templating system for Ruby. Ruby 2.7.0 (before ERB 2.2.0 was published on rubygems.org) introduced an `@_init` instance variable guard in `ERB#result` and `ERB#run` to prevent code execution when an ERB object is reconstructed via `Marsha...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41679
(10.0 CRITICAL)

EPSS: 0.17%

updated 2026-04-24T14:50:56.203000

2 posts

Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Prior to version 2026.416.0, an unauthenticated attacker can achieve full remote code execution on any network-accessible Paperclip instance running in `authenticated` mode with default configuration. No user interaction, no credentials, just the target's address. The chain consists of six API calls

1 repos

https://github.com/bartfroklage/cve-2026-41679

thehackerwire@mastodon.social at 2026-04-23T21:45:06.000Z ##

🔴 CVE-2026-41679 - Critical (10)

Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Prior to version 2026.416.0, an unauthenticated attacker can achieve full remote code execution on any network-accessible Paperclip instance runnin...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-04-23T01:30:28.000Z ##

🚨 CRITICAL: CVE-2026-41679 in Paperclip (<2026.416.0) enables unauthenticated remote code execution via API chain — no user creds needed. Upgrade to 2026.416.0+ ASAP! Full details: radar.offseq.com/threat/cve-20 #OffSeq #CVE202641679 #infosec #rce

##

CVE-2026-41229
(9.1 CRITICAL)

EPSS: 0.04%

updated 2026-04-24T14:50:56.203000

1 posts

Froxlor is open source server administration software. Prior to version 2.3.6, `PhpHelper::parseArrayToString()` writes string values into single-quoted PHP string literals without escaping single quotes. When an admin with `change_serversettings` permission adds or updates a MySQL server via the API, the `privileged_user` parameter (which has no input validation) is written unescaped into `lib/us

thehackerwire@mastodon.social at 2026-04-23T19:44:13.000Z ##

🔴 CVE-2026-41229 - Critical (9.1)

Froxlor is open source server administration software. Prior to version 2.3.6, `PhpHelper::parseArrayToString()` writes string values into single-quoted PHP string literals without escaping single quotes. When an admin with `change_serversettings`...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6887
(9.8 CRITICAL)

EPSS: 0.08%

updated 2026-04-24T14:50:56.203000

3 posts

Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

thehackerwire@mastodon.social at 2026-04-23T19:43:27.000Z ##

🔴 CVE-2026-6887 - Critical (9.8)

Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-23T19:42:45.000Z ##

🔴 CVE-2026-6887 - Critical (9.8)

Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-04-23T10:30:28.000Z ##

🚨 CRITICAL SQL Injection (CVE-2026-6887) in BorG SPM 2007: unauthenticated remote attackers can manipulate databases. No patch, product EOL. Isolate or discontinue use ASAP. Details: radar.offseq.com/threat/cve-20 #OffSeq #SQLInjection #Vuln #InfoSec

##

CVE-2025-62373
(9.8 CRITICAL)

EPSS: 0.30%

updated 2026-04-24T14:50:56.203000

1 posts

Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. Versions 0.0.41 through 0.0.93 have a vulnerability in `LivekitFrameSerializer` – an optional, non-default, undocumented frame serializer class (now deprecated) intended for LiveKit integration. The class's `deserialize()` method uses Python's `pickle.loads()` on data received from WebSock

thehackerwire@mastodon.social at 2026-04-23T19:37:32.000Z ##

🔴 CVE-2025-62373 - Critical (9.8)

Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. Versions 0.0.41 through 0.0.93 have a vulnerability in `LivekitFrameSerializer` – an optional, non-default, undocumented frame serializ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40517
(7.8 HIGH)

EPSS: 0.02%

updated 2026-04-24T14:50:56.203000

1 posts

radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's print_gvars() function that allows attackers to execute arbitrary commands by crafting a malicious PDB file with newline characters in symbol names. Attackers can inject arbitrary radare2 commands through unsanitized symbol name interpolation in the flag rename command, which are then executed when a user runs th

thehackerwire@mastodon.social at 2026-04-22T23:00:16.000Z ##

🟠 CVE-2026-40517 - High (7.8)

radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's print_gvars() function that allows attackers to execute arbitrary commands by crafting a malicious PDB file with newline characters in symbol names. Attackers ca...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-34003
(7.8 HIGH)

EPSS: 0.01%

updated 2026-04-24T14:41:55.890000

2 posts

A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could send a specially crafted request to the X server, leading to an out-of-bounds memory access vulnerability. This could result in the disclosure of sensitive information or cause the server to crash, leading to a Denial of Service (DoS). In certain configurations, higher impact outcomes may be possible.

thehackerwire@mastodon.social at 2026-04-23T19:39:00.000Z ##

🟠 CVE-2026-34003 - High (7.8)

A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could send a specially crafted request to the X server, leading to an out-of-bounds memory access vulnerability. This could result in the disclosure of sen...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

XLibreDev@mastodon.social at 2026-04-22T23:15:26.000Z ##

We released the #XLibre Xserver 25.0.0.22 and 25.1.4 on Apr 21 containing #security fixes for CVE-2026-33999, CVE-2026-34000, CVE-2026-34001, CVE-2026-34002, and CVE-2026-34003 of the X.Org Server. We recommend everyone update ASAP. #CVE github.com/X11Libre/xserver/re

##

CVE-2026-39087
(9.8 CRITICAL)

EPSS: 0.25%

updated 2026-04-24T14:41:55.890000

1 posts

An issue in Ntfy ntfy.sh before v.2.21 allows a remote attacker to execute arbitrary code via the parseActions function

thehackerwire@mastodon.social at 2026-04-23T19:36:14.000Z ##

🔴 CVE-2026-39087 - Critical (9.8)

An issue in Ntfy ntfy.sh before v.2.21 allows a remote attacker to execute arbitrary code via the parseActions function

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-31178
(9.8 CRITICAL)

EPSS: 0.06%

updated 2026-04-24T14:41:55.890000

1 posts

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunMaxAlive parameter to /cgi-bin/cstecgi.cgi.

thehackerwire@mastodon.social at 2026-04-23T19:33:55.000Z ##

🔴 CVE-2026-31178 - Critical (9.8)

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunMaxAlive parameter to /cgi-bin/cstecgi.cgi.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32210
(9.3 CRITICAL)

EPSS: 0.04%

updated 2026-04-24T14:41:16.553000

1 posts

Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofing over a network.

thehackerwire@mastodon.social at 2026-04-23T23:06:15.000Z ##

🔴 CVE-2026-32210 - Critical (9.3)

Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofing over a network.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41336
(7.8 HIGH)

EPSS: 0.01%

updated 2026-04-24T14:40:53.523000

1 posts

OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAW_BUNDLED_HOOKS_DIR environment variable, enabling loading of attacker-controlled hook code. Attackers can replace trusted default-on bundled hooks from untrusted workspaces to execute arbitrary code.

thehackerwire@mastodon.social at 2026-04-23T22:26:18.000Z ##

🟠 CVE-2026-41336 - High (7.8)

OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAW_BUNDLED_HOOKS_DIR environment variable, enabling loading of attacker-controlled hook code. Attackers can replace trusted default-on bundled hooks from untrusted workspa...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40630
(9.8 CRITICAL)

EPSS: 0.09%

updated 2026-04-24T14:40:12.517000

3 posts

A vulnerability in  SenseLive X3050’s web management interface allows unauthorized access to certain configuration endpoints due to improper access control enforcement. An attacker with network access to the device may be able to bypass the intended authentication mechanism and directly interact with sensitive configuration functions.

thehackerwire@mastodon.social at 2026-04-24T22:05:38.000Z ##

🔴 CVE-2026-40630 - Critical (9.8)

A vulnerability in 
SenseLive

X3050’s web management interface allows unauthorized access to certain configuration endpoints due to improper access control enforcement. An attacker with network access to the device may be able to bypass the i...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T22:05:38.000Z ##

🔴 CVE-2026-40630 - Critical (9.8)

A vulnerability in 
SenseLive

X3050’s web management interface allows unauthorized access to certain configuration endpoints due to improper access control enforcement. An attacker with network access to the device may be able to bypass the i...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-04-24T00:00:38.000Z ##

🚨 CRITICAL: SenseLive X3050 v1.523 is vulnerable to authentication bypass (CVE-2026-40630) via alternate paths. No fix yet — restrict device network access and monitor closely. radar.offseq.com/threat/cve-20 #OffSeq #CVE202640630 #IoTSecurity #VulnAlert

##

CVE-2026-5367
(8.6 HIGH)

EPSS: 0.00%

updated 2026-04-24T14:39:28.770000

2 posts

A flaw was found in OVN (Open Virtual Network). A remote attacker, by sending crafted DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SOLICIT packets with an inflated Client ID length, could cause the ovn-controller to read beyond the bounds of a packet. This out-of-bounds read can lead to the disclosure of sensitive information stored in heap memory, which is then returned to the attacker's

thehackerwire@mastodon.social at 2026-04-24T20:07:35.000Z ##

🟠 CVE-2026-5367 - High (8.6)

A flaw was found in OVN (Open Virtual Network). A remote attacker, by sending crafted DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SOLICIT packets with an inflated Client ID length, could cause the ovn-controller to read beyond the bounds...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T20:07:35.000Z ##

🟠 CVE-2026-5367 - High (8.6)

A flaw was found in OVN (Open Virtual Network). A remote attacker, by sending crafted DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SOLICIT packets with an inflated Client ID length, could cause the ovn-controller to read beyond the bounds...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-34310
(7.5 HIGH)

EPSS: 0.03%

updated 2026-04-24T14:25:32.370000

1 posts

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastruc

thehackerwire@mastodon.social at 2026-04-22T23:01:17.000Z ##

🟠 CVE-2026-34310 - High (7.5)

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploita...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-22753
(7.5 HIGH)

EPSS: 0.05%

updated 2026-04-24T14:17:02.280000

1 posts

Vulnerability in Spring Spring Security. If an application is using securityMatchers(String) and a PathPatternRequestMatcher.Builder bean to prepend a servlet path, matching requests to that filter chain may fail and its related security components will not be exercised as intended by the application. This can lead to the authentication, authorization, and other security controls being rendered in

thehackerwire@mastodon.social at 2026-04-22T21:01:05.000Z ##

🟠 CVE-2026-22753 - High (7.5)

Vulnerability in Spring Spring Security. If an application is using securityMatchers(String) and a PathPatternRequestMatcher.Builder bean to prepend a servlet path, matching requests to that filter chain may fail and its related security compo...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40937
(8.3 HIGH)

EPSS: 0.05%

updated 2026-04-24T13:12:29.780000

1 posts

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-alpha.94, all four notification target admin API endpoints in `rustfs/src/admin/handlers/event.rs` use a `check_permissions` helper that validates authentication only (access key + session token), without performing any admin-action authorization via `validate_admin_request`. Every other admin handler in the codebase corre

thehackerwire@mastodon.social at 2026-04-22T21:23:52.000Z ##

🟠 CVE-2026-40937 - High (8.3)

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-alpha.94, all four notification target admin API endpoints in `rustfs/src/admin/handlers/event.rs` use a `check_permissions` helper that validates authentication only (acc...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-1950
(9.8 CRITICAL)

EPSS: 0.04%

updated 2026-04-24T09:30:36

2 posts

Delta Electronics AS320T has No checking of the length of the buffer with the file name vulnerability.

thehackerwire@mastodon.social at 2026-04-24T22:00:53.000Z ##

🔴 CVE-2026-1950 - Critical (9.8)

Delta Electronics AS320T has
No checking of the length of the buffer with the file name vulnerability.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T22:00:53.000Z ##

🔴 CVE-2026-1950 - Critical (9.8)

Delta Electronics AS320T has
No checking of the length of the buffer with the file name vulnerability.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-1952
(9.8 CRITICAL)

EPSS: 0.04%

updated 2026-04-24T09:30:36

3 posts

Delta Electronics AS320T has denial of service via the undocumented subfunction vulnerability.

thehackerwire@mastodon.social at 2026-04-24T22:00:44.000Z ##

🔴 CVE-2026-1952 - Critical (9.8)

Delta Electronics AS320T has denial of service via the undocumented subfunction vulnerability.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T22:00:44.000Z ##

🔴 CVE-2026-1952 - Critical (9.8)

Delta Electronics AS320T has denial of service via the undocumented subfunction vulnerability.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-04-24T09:00:27.000Z ##

⚠️ CRITICAL: CVE-2026-1952 in DeltaWW AS320T (CVSS 9.8) enables denial of service via hidden subfunction (CWE-912). Vendor patch is available for this cloud-hosted service — confirm your instance is protected. radar.offseq.com/threat/cve-20 #OffSeq #DeltaWW #Vuln #CloudSecurity

##

CVE-2026-1951
(9.8 CRITICAL)

EPSS: 0.01%

updated 2026-04-24T09:30:36

2 posts

Delta Electronics AS320T has no checking of the length of the buffer with the directory name vulnerability.

thehackerwire@mastodon.social at 2026-04-24T08:14:12.000Z ##

🔴 CVE-2026-1951 - Critical (9.8)

Delta Electronics AS320T has no checking of the length of the buffer with the directory name

vulnerability.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-04-24T07:30:26.000Z ##

🔴 CRITICAL: CVE-2026-1951 stack-based buffer overflow in DeltaWW AS320T cloud service (CVSS 9.8). Remote attackers can gain full system control. Patch available — no exploits in the wild yet. Update now! radar.offseq.com/threat/cve-20 #OffSeq #Cybersecurity #Vuln

##

CVE-2026-1949
(9.8 CRITICAL)

EPSS: 0.02%

updated 2026-04-24T06:31:23

1 posts

Delta Electronics AS320T has incorrect calculation of the buffer size on the stack in the GET/PUT request handler of the web service.

thehackerwire@mastodon.social at 2026-04-24T06:42:15.000Z ##

🔴 CVE-2026-1949 - Critical (9.8)

Delta Electronics AS320T has incorrect calculation of the buffer size on the stack in the GET/PUT request handler of the web service.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5364
(8.1 HIGH)

EPSS: 0.11%

updated 2026-04-24T06:31:23

1 posts

The Drag and Drop File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up to, and including, 1.1.3. This is due to the plugin extracting the file extension before sanitization occurs and allowing the file type parameter to be controlled by the attacker rather than being restricted to administrator-configured values, which when combined with the fac

thehackerwire@mastodon.social at 2026-04-24T06:42:06.000Z ##

🟠 CVE-2026-5364 - High (8.1)

The Drag and Drop File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up to, and including, 1.1.3. This is due to the plugin extracting the file extension before sanitization occurs and allowing t...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-27841
(8.1 HIGH)

EPSS: 0.01%

updated 2026-04-24T00:32:04

2 posts

A vulnerability in SenseLive X3050's web management interface allows state-changing operations to be triggered without proper Cross-Site Request Forgery (CSRF) protections. Because the application does not enforce server-side validation of request origin or implement CSRF tokens, a malicious external webpage could cause a user's browser to submit unauthorized configuration requests to the device.

thehackerwire@mastodon.social at 2026-04-24T23:59:51.000Z ##

🟠 CVE-2026-27841 - High (8.1)

A vulnerability in SenseLive X3050's web management interface allows state-changing operations to be triggered without proper Cross-Site Request Forgery (CSRF) protections. Because the application does not enforce server-side validation of reque...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T23:59:51.000Z ##

🟠 CVE-2026-27841 - High (8.1)

A vulnerability in SenseLive X3050's web management interface allows state-changing operations to be triggered without proper Cross-Site Request Forgery (CSRF) protections. Because the application does not enforce server-side validation of reque...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-35064
(7.5 HIGH)

EPSS: 0.05%

updated 2026-04-24T00:32:04

2 posts

A vulnerability in SenseLive X3050’s management ecosystem allows unauthenticated discovery of deployed units through the vendor’s management protocol, enabling identification of device presence, identifiers, and management interfaces without requiring credentials. Because discovery functions are exposed by the underlying service rather than gated by authentication, an attacker on the same network

thehackerwire@mastodon.social at 2026-04-24T23:02:01.000Z ##

🟠 CVE-2026-35064 - High (7.5)

A vulnerability in SenseLive X3050’s management ecosystem allows unauthenticated discovery of deployed units through the vendor’s management protocol, enabling identification of device presence, identifiers, and management interfaces without...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T23:02:01.000Z ##

🟠 CVE-2026-35064 - High (7.5)

A vulnerability in SenseLive X3050’s management ecosystem allows unauthenticated discovery of deployed units through the vendor’s management protocol, enabling identification of device presence, identifiers, and management interfaces without...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-39462
(8.1 HIGH)

EPSS: 0.04%

updated 2026-04-24T00:32:04

3 posts

A vulnerability exists in SenseLive X3050’s web management interface in which password updates are not reliably applied due to improper handling of credential changes on the backend. After the device undergoes a factory restore using the SenseLive Config 2.0 tool, the interface may indicate that the password update was successful; however, the system may continue to accept the previous or default

thehackerwire@mastodon.social at 2026-04-24T22:05:56.000Z ##

🟠 CVE-2026-39462 - High (8.1)

A vulnerability exists in SenseLive X3050’s web management interface in which password updates are not reliably applied due to improper handling of credential changes on the backend. After the device undergoes a factory restore using the SenseL...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T22:05:56.000Z ##

🟠 CVE-2026-39462 - High (8.1)

A vulnerability exists in SenseLive X3050’s web management interface in which password updates are not reliably applied due to improper handling of credential changes on the backend. After the device undergoes a factory restore using the SenseL...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-04-24T06:00:26.000Z ##

CVE-2026-39462 (CRITICAL): SenseLive X3050 V1.523 lets attackers bypass password changes after factory reset — device may accept old or default creds. No fix yet. Limit reliance on resets and monitor for updates. radar.offseq.com/threat/cve-20 #OffSeq #IoTSecurity #CVE202639462

##

CVE-2026-35503
(9.8 CRITICAL)

EPSS: 0.06%

updated 2026-04-24T00:32:04

2 posts

A vulnerability in SenseLive X3050’s web management interface allows authentication logic to be performed entirely on the client side, relying on hardcoded values within browser-executed scripts rather than server-side verification. An attacker with access to the login page could retrieve these exposed parameters and gain unauthorized access to administrative functionality.

thehackerwire@mastodon.social at 2026-04-24T22:05:47.000Z ##

🔴 CVE-2026-35503 - Critical (9.8)

A vulnerability in SenseLive X3050’s web management interface allows authentication logic to be performed entirely on the client side, relying on hardcoded values within browser-executed scripts rather than server-side verification. An attacker...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T22:05:47.000Z ##

🔴 CVE-2026-35503 - Critical (9.8)

A vulnerability in SenseLive X3050’s web management interface allows authentication logic to be performed entirely on the client side, relying on hardcoded values within browser-executed scripts rather than server-side verification. An attacker...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-25775
(9.8 CRITICAL)

EPSS: 0.07%

updated 2026-04-24T00:32:03

3 posts

A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-related requests from any reachable host and does not verify user privileges, integrity of uploaded images, or the authenticity of provided firmware.

thehackerwire@mastodon.social at 2026-04-24T23:02:10.000Z ##

🔴 CVE-2026-25775 - Critical (9.8)

A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-related requests from any reachable host and d...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T23:02:10.000Z ##

🔴 CVE-2026-25775 - Critical (9.8)

A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-related requests from any reachable host and d...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-04-24T01:30:28.000Z ##

🔍 CVE-2026-25775: SenseLive X3050 (V1.523) critical vuln — remote firmware updates possible without auth! Patch unavailable. Restrict access & monitor for unauthorized firmware actions. radar.offseq.com/threat/cve-20 #OffSeq #IoTSecurity #CVE202625775

##

CVE-2026-27843
(9.1 CRITICAL)

EPSS: 0.07%

updated 2026-04-24T00:32:03

3 posts

A vulnerability exists in SenseLive X3050's web management interface that allows critical configuration parameters to be modified without sufficient authentication or server-side validation. By applying unsupported or disruptive values to recovery mechanisms and network settings, an attacker can induce a persistent lockout state. Because the device lacks a physical reset button, recovery requires

thehackerwire@mastodon.social at 2026-04-24T23:00:42.000Z ##

🔴 CVE-2026-27843 - Critical (9.1)

A vulnerability exists in SenseLive X3050's web management interface that allows critical configuration parameters to be modified without sufficient authentication or server-side validation. By applying unsupported or disruptive values to recover...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T23:00:42.000Z ##

🔴 CVE-2026-27843 - Critical (9.1)

A vulnerability exists in SenseLive X3050's web management interface that allows critical configuration parameters to be modified without sufficient authentication or server-side validation. By applying unsupported or disruptive values to recover...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-04-24T04:30:26.000Z ##

🚨 CVE-2026-27843: SenseLive X3050 (V1.523) CRITICAL vuln — missing auth lets attackers lock out users, causing full denial-of-service. No reset button; recovery needs console access. Restrict mgmt access & monitor configs. radar.offseq.com/threat/cve-20 #OffSeq #IoTSecurity #Vuln

##

CVE-2026-40623
(8.1 HIGH)

EPSS: 0.03%

updated 2026-04-24T00:32:03

2 posts

A vulnerability in SenseLive X3050's web management interface allows critical system and network configuration parameters to be modified without sufficient validation and safety controls. Due to inadequate enforcement of constraints on sensitive functions, parameters such as IP addressing, watchdog timers, reconnect intervals, and service ports can be set to unsupported or unsafe values. These con

thehackerwire@mastodon.social at 2026-04-24T23:00:32.000Z ##

🟠 CVE-2026-40623 - High (8.1)

A vulnerability in SenseLive X3050's web management interface allows critical system and network configuration parameters to be modified without sufficient validation and safety controls. Due to inadequate enforcement of constraints on sensitive...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T23:00:32.000Z ##

🟠 CVE-2026-40623 - High (8.1)

A vulnerability in SenseLive X3050's web management interface allows critical system and network configuration parameters to be modified without sufficient validation and safety controls. Due to inadequate enforcement of constraints on sensitive...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40620
(9.8 CRITICAL)

EPSS: 0.07%

updated 2026-04-24T00:32:03

3 posts

A vulnerability in SenseLive X3050’s embedded management service allows full administrative control to be established without any form of authentication or authorization on the SenseLive config application. The service accepts management connections from any reachable host, enabling unrestricted modification of critical configuration parameters, operational modes, and device state through a vendor

thehackerwire@mastodon.social at 2026-04-24T23:00:22.000Z ##

🔴 CVE-2026-40620 - Critical (9.8)

A vulnerability in SenseLive X3050’s embedded management service allows full administrative control to be established without any form of authentication or authorization on the SenseLive config application. The service accepts management conne...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T23:00:22.000Z ##

🔴 CVE-2026-40620 - Critical (9.8)

A vulnerability in SenseLive X3050’s embedded management service allows full administrative control to be established without any form of authentication or authorization on the SenseLive config application. The service accepts management conne...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-04-24T03:00:25.000Z ##

SenseLive X3050 V1.523 is at CRITICAL risk (CVE-2026-40620, CVSS 9.3): missing auth lets remote attackers gain admin access. No patch yet — restrict management access, monitor logs, and follow vendor updates. radar.offseq.com/threat/cve-20 #OffSeq #CVE202640620 #IoTSecurity

##

CVE-2026-41349
(8.8 HIGH)

EPSS: 0.11%

updated 2026-04-24T00:32:03

1 posts

OpenClaw before 2026.3.28 contains an agentic consent bypass vulnerability allowing LLM agents to silently disable execution approval via config.patch parameter. Remote attackers can exploit this to bypass security controls and execute unauthorized operations without user consent.

thehackerwire@mastodon.social at 2026-04-23T22:25:31.000Z ##

🟠 CVE-2026-41349 - High (8.8)

OpenClaw before 2026.3.28 contains an agentic consent bypass vulnerability allowing LLM agents to silently disable execution approval via config.patch parameter. Remote attackers can exploit this to bypass security controls and execute unauthorize...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41353
(8.1 HIGH)

EPSS: 0.04%

updated 2026-04-24T00:32:03

1 posts

OpenClaw before 2026.3.22 contains an access control bypass vulnerability in the allowProfiles feature that allows attackers to circumvent profile restrictions through persistent profile mutation and runtime profile selection. Remote attackers can exploit this by manipulating browser proxy profiles at runtime to access restricted profiles and bypass intended access controls.

thehackerwire@mastodon.social at 2026-04-23T22:25:21.000Z ##

🟠 CVE-2026-41353 - High (8.1)

OpenClaw before 2026.3.22 contains an access control bypass vulnerability in the allowProfiles feature that allows attackers to circumvent profile restrictions through persistent profile mutation and runtime profile selection. Remote attackers can...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41352
(8.8 HIGH)

EPSS: 0.37%

updated 2026-04-24T00:32:03

1 posts

OpenClaw before 2026.3.31 contains a remote code execution vulnerability where a device-paired node can bypass the node scope gate authentication mechanism. Attackers with device pairing credentials can execute arbitrary node commands on the host system without proper node pairing validation.

thehackerwire@mastodon.social at 2026-04-23T22:25:10.000Z ##

🟠 CVE-2026-41352 - High (8.8)

OpenClaw before 2026.3.31 contains a remote code execution vulnerability where a device-paired node can bypass the node scope gate authentication mechanism. Attackers with device pairing credentials can execute arbitrary node commands on the host ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-24303
(9.6 CRITICAL)

EPSS: 0.04%

updated 2026-04-24T00:31:58

2 posts

Improper access control in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.

thehackerwire@mastodon.social at 2026-04-25T00:00:10.000Z ##

🔴 CVE-2026-24303 - Critical (9.6)

Improper access control in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-25T00:00:10.000Z ##

🔴 CVE-2026-24303 - Critical (9.6)

Improper access control in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-26150
(8.6 HIGH)

EPSS: 0.06%

updated 2026-04-24T00:31:58

2 posts

Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.

thehackerwire@mastodon.social at 2026-04-25T00:00:00.000Z ##

🟠 CVE-2026-26150 - High (8.6)

Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-25T00:00:00.000Z ##

🟠 CVE-2026-26150 - High (8.6)

Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-26210
(9.8 CRITICAL)

EPSS: 0.04%

updated 2026-04-24T00:31:58

1 posts

KTransformers through 0.5.3 contains an unsafe deserialization vulnerability in the balance_serve backend mode where the scheduler RPC server binds a ZMQ ROUTER socket to all interfaces with no authentication and deserializes incoming messages using pickle.loads() without validation. Attackers can send a crafted pickle payload to the exposed ZMQ socket to execute arbitrary code on the server with

thehackerwire@mastodon.social at 2026-04-23T23:06:34.000Z ##

🔴 CVE-2026-26210 - Critical (9.8)

KTransformers through 0.5.3 contains an unsafe deserialization vulnerability in the balance_serve backend mode where the scheduler RPC server binds a ZMQ ROUTER socket to all interfaces with no authentication and deserializes incoming messages usi...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32172
(8.0 HIGH)

EPSS: 0.04%

updated 2026-04-24T00:31:58

1 posts

Uncontrolled search path element in Microsoft Power Apps allows an unauthorized attacker to execute code over a network.

thehackerwire@mastodon.social at 2026-04-23T23:06:24.000Z ##

🟠 CVE-2026-32172 - High (8)

Uncontrolled search path element in Microsoft Power Apps allows an unauthorized attacker to execute code over a network.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33819
(10.0 CRITICAL)

EPSS: 0.27%

updated 2026-04-24T00:31:58

1 posts

Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to execute code over a network.

thehackerwire@mastodon.social at 2026-04-23T22:26:43.000Z ##

🔴 CVE-2026-33819 - Critical (10)

Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to execute code over a network.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33102
(9.3 CRITICAL)

EPSS: 0.04%

updated 2026-04-24T00:31:58

1 posts

Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.

thehackerwire@mastodon.social at 2026-04-23T22:26:34.000Z ##

🔴 CVE-2026-33102 - Critical (9.3)

Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40886
(7.7 HIGH)

EPSS: 0.04%

updated 2026-04-23T21:39:22

1 posts

### Summary An unchecked array index in the pod informer's `podGCFromPod()` function causes a controller-wide panic when a workflow pod carries a malformed `workflows.argoproj.io/pod-gc-strategy` annotation. Because the panic occurs inside an informer goroutine (outside the controller's `recover()` scope), it crashes the entire controller process. The poisoned pod persists across restarts, causin

thehackerwire@mastodon.social at 2026-04-23T19:32:48.000Z ##

🟠 CVE-2026-40886 - High (7.7)

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 3.6.5 to 4.0.4, an unchecked array index in the pod informer's podGCFromPod() function causes a controller-wide panic when a work...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-31181
(9.8 CRITICAL)

EPSS: 0.06%

updated 2026-04-23T21:32:27

1 posts

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunServerAddr parameter to /cgi-bin/cstecgi.cgi.

thehackerwire@mastodon.social at 2026-04-23T19:34:03.000Z ##

🔴 CVE-2026-31181 - Critical (9.8)

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunServerAddr parameter to /cgi-bin/cstecgi.cgi.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6942
(9.8 CRITICAL)

EPSS: 0.27%

updated 2026-04-23T21:31:30

1 posts

radare2-mcp version 1.6.0 and earlier contains an os command injection vulnerability that allows remote attackers to execute arbitrary commands by bypassing the command filter through shell metacharacters in user-controlled input passed to r2_cmd_str(). Attackers can inject shell metacharacters through the jsonrpc interface parameters to achieve remote code execution on the host running radare2-mc

thehackerwire@mastodon.social at 2026-04-23T21:44:42.000Z ##

🔴 CVE-2026-6942 - Critical (9.8)

radare2-mcp version 1.6.0 and earlier contains an os command injection vulnerability that allows remote attackers to execute arbitrary commands by bypassing the command filter through shell metacharacters in user-controlled input passed to r2_cmd_...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-31177
(9.8 CRITICAL)

EPSS: 0.06%

updated 2026-04-23T21:31:22

1 posts

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunMinAlive parameter to /cgi-bin/cstecgi.cgi.

thehackerwire@mastodon.social at 2026-04-23T19:34:17.000Z ##

🔴 CVE-2026-31177 - Critical (9.8)

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunMinAlive parameter to /cgi-bin/cstecgi.cgi.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-28950
(6.2 MEDIUM)

EPSS: 0.01%

updated 2026-04-23T21:31:21

4 posts

A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.8 and iPadOS 18.7.8, iOS 26.4.2 and iPadOS 26.4.2. Notifications marked for deletion could be unexpectedly retained on the device.

netsecio@mastodon.social at 2026-04-24T17:50:01.000Z ##

📰 Apple Rushes Fix for iOS Flaw That Let FBI Recover Deleted Signal Messages

🚨 Apple issues emergency patch for iOS flaw (CVE-2026-28950) that let the FBI recover deleted Signal message notifications. The bug improperly stored notification data, undermining user privacy. Update your iPhone & iPad now! 📱🔒 #iOS #Privacy #In...

🔗 cyber.netsecops.io/articles/ap

##

nemo@mas.to at 2026-04-24T02:35:04.000Z ##

Apple issues iOS/iPadOS 26.4.2 to fix a Notification Services bug (CVE-2026-28950) that could retain deleted-app notification previews — Signal says preserved fragments will be removed after users update. Install now: cyberinsider.com/apple-fixes-i 🔒📱 #iOS #Privacy #Security

##

technadu@infosec.exchange at 2026-04-23T13:12:29.000Z ##

Apple fixes iOS flaw exposing deleted messages via notification logs (CVE-2026-28950).

Even encrypted apps were impacted.
Patch now.

technadu.com/apple-patches-bug

#Infosec #iOS #Privacy

##

zaphodb@twitter.resolvt.net at 2026-04-22T21:59:04.000Z ##

support.apple.com/en-us/127002
Impact: Notifications marked for deletion could be unexpectedly retained on the device

Description: A logging issue was addressed with improved data redaction.

CVE-2026-28950

<3

##

CVE-2026-33318
(8.8 HIGH)

EPSS: 0.07%

updated 2026-04-23T21:23:40

2 posts

### Summary Any authenticated user (including `BASIC` role) can escalate to `ADMIN` on servers migrated from password authentication to OpenID Connect. Three weaknesses combine: `POST /account/change-password` has no authorization check, allowing any session to overwrite the password hash; the inactive password `auth` row is never removed on migration; and the login endpoint accepts a client-supp

thehackerwire@mastodon.social at 2026-04-24T03:56:59.000Z ##

🟠 CVE-2026-33318 - High (8.8)

Actual is a local-first personal finance tool. Prior to version 26.4.0, any authenticated user (including `BASIC` role) can escalate to `ADMIN` on servers migrated from password authentication to OpenID Connect. Three weaknesses combine: `POST /ac...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T03:56:32.000Z ##

🟠 CVE-2026-33318 - High (8.8)

Actual is a local-first personal finance tool. Prior to version 26.4.0, any authenticated user (including `BASIC` role) can escalate to `ADMIN` on servers migrated from password authentication to OpenID Connect. Three weaknesses combine: `POST /ac...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41135
(7.5 HIGH)

EPSS: 0.10%

updated 2026-04-23T19:41:18.127000

1 posts

free5GC UDR is the Policy Control Function (PCF) for free5GC, an an open-source project for 5th generation (5G) mobile core networks. A memory leak vulnerability in versions prior to 1.4.3 allows any unauthenticated attacker with network access to the PCF SBI interface to cause uncontrolled memory growth by sending repeated HTTP requests to the OAM endpoint. The root cause is a `router.Use()` call

thehackerwire@mastodon.social at 2026-04-22T21:15:11.000Z ##

🟠 CVE-2026-41135 - High (7.5)

free5GC UDR is the Policy Control Function (PCF) for free5GC, an an open-source project for 5th generation (5G) mobile core networks. A memory leak vulnerability in versions prior to 1.4.3 allows any unauthenticated attacker with network access to...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41461
(8.5 HIGH)

EPSS: 0.04%

updated 2026-04-23T18:33:26

1 posts

SocialEngine versions 7.8.0 and prior contain a blind server-side request forgery vulnerability in the /core/link/preview endpoint where user-supplied input passed via the uri request parameter is not sanitized before being used to construct outbound HTTP requests. Authenticated remote attackers can supply arbitrary URLs including internal network addresses and loopback addresses to cause the serv

thehackerwire@mastodon.social at 2026-04-23T19:40:00.000Z ##

🟠 CVE-2026-41461 - High (8.5)

SocialEngine versions 7.8.0 and prior contain a blind server-side request forgery vulnerability in the /core/link/preview endpoint where user-supplied input passed via the uri request parameter is not sanitized before being used to construct outbo...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33999
(7.8 HIGH)

EPSS: 0.01%

updated 2026-04-23T18:33:25

2 posts

A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of service (DoS) or other severe impacts.

thehackerwire@mastodon.social at 2026-04-23T19:38:41.000Z ##

🟠 CVE-2026-33999 - High (7.8)

A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-s...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

XLibreDev@mastodon.social at 2026-04-22T23:15:26.000Z ##

We released the #XLibre Xserver 25.0.0.22 and 25.1.4 on Apr 21 containing #security fixes for CVE-2026-33999, CVE-2026-34000, CVE-2026-34001, CVE-2026-34002, and CVE-2026-34003 of the X.Org Server. We recommend everyone update ASAP. #CVE github.com/X11Libre/xserver/re

##

CVE-2026-23751
(9.8 CRITICAL)

EPSS: 0.16%

updated 2026-04-23T18:33:25

1 posts

Kofax Capture, now referred to as Tungsten Capture, version 6.0.0.0 (other versions may be affected) exposes a deprecated .NET Remoting HTTP channel on port 2424 via the Ascent Capture Service that is accessible without authentication and uses a default, publicly known endpoint identifier. An unauthenticated remote attacker can exploit .NET Remoting object unmarshalling techniques to instantiate a

thehackerwire@mastodon.social at 2026-04-23T19:37:39.000Z ##

🔴 CVE-2026-23751 - Critical (9.8)

Kofax Capture, now referred to as Tungsten Capture, version 6.0.0.0 (other versions may be affected) exposes a deprecated .NET Remoting HTTP channel on port 2424 via the Ascent Capture Service that is accessible without authentication and uses a d...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40471
(9.6 CRITICAL)

EPSS: 0.02%

updated 2026-04-23T18:33:25

1 posts

hackage-server lacked Cross-Site Request Forgery (CSRF) protection across its endpoints. Scripts on foreign sites could trigger requests to hackage server, possibly abusing latent credentials to upload packages or perform other administrative actions. Some unauthenticated actions could also be abused (e.g. creating new user accounts).

thehackerwire@mastodon.social at 2026-04-23T19:36:33.000Z ##

🔴 CVE-2026-40471 - Critical (9.6)

hackage-server lacked Cross-Site Request Forgery (CSRF) protection across its endpoints. Scripts on foreign sites could trigger requests to hackage server, possibly abusing latent credentials to upload packages or perform other administrative acti...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40470
(9.9 CRITICAL)

EPSS: 0.05%

updated 2026-04-23T18:33:25

1 posts

A critical XSS vulnerability affected hackage-server and hackage.haskell.org. HTML and JavaScript files provided in source packages or via the documentation upload facility were served as-is on the main hackage.haskell.org domain. As a consequence, when a user with latent HTTP credentials browses to the package pages or documentation uploaded by a malicious package maintainer, their session can

thehackerwire@mastodon.social at 2026-04-23T19:36:23.000Z ##

🔴 CVE-2026-40470 - Critical (9.9)

A critical XSS vulnerability affected hackage-server and
hackage.haskell.org. HTML and JavaScript files provided in source
packages or via the documentation upload facility were served
as-is on the main hackage.haskell.org domain. As a consequen...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40472
(9.9 CRITICAL)

EPSS: 0.05%

updated 2026-04-23T18:33:23

1 posts

In hackage-server, user-controlled metadata from .cabal files are rendered into HTML href attributes without proper sanitization, enabling stored Cross-Site Scripting (XSS) attacks.

thehackerwire@mastodon.social at 2026-04-23T19:37:22.000Z ##

🔴 CVE-2026-40472 - Critical (9.9)

In hackage-server, user-controlled metadata from .cabal files are rendered into HTML
href attributes without proper sanitization, enabling stored
Cross-Site Scripting (XSS) attacks.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-35225(CVSS UNKNOWN)

EPSS: 0.14%

updated 2026-04-23T18:33:23

1 posts

An unauthenticated remote attacker is able to exhaust all available TCP connections in the CODESYS EtherNet/IP adapter stack, preventing legitimate clients from establishing new connections.

certvde@infosec.exchange at 2026-04-23T13:35:32.000Z ##

#OT #Advisory VDE-2026-040
CODESYS EtherNetIP - Improper timeout handling

CODESYS EtherNet/IP is an add‑on for the CODESYS Development System that provides a fully integrated EtherNet/IP protocol stack along with diagnostic capabilities. A flaw in the EtherNet/IP adapter protocol stack library results in a vulnerability within the generated application code. When an EtherNet/IP adapter is configured, this vulnerable protocol stack is downloaded to and executed by CODESYS Control runtime systems.
#CVE CVE-2026-35225

certvde.com/en/advisories/vde-
#oCSAF
#CSAF codesys.csaf-tp.certvde.com/.w

##

CVE-2026-34001
(7.8 HIGH)

EPSS: 0.01%

updated 2026-04-23T18:33:21

2 posts

A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence() function. An attacker with access to the X11 server can exploit this without user interaction, leading to a server crash and potentially enabling memory corruption. This could result in a denial of service or further compromise of the sy

thehackerwire@mastodon.social at 2026-04-23T19:38:51.000Z ##

🟠 CVE-2026-34001 - High (7.8)

A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence() function. An attacker with access to the X11 server can exploit this without user in...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

XLibreDev@mastodon.social at 2026-04-22T23:15:26.000Z ##

We released the #XLibre Xserver 25.0.0.22 and 25.1.4 on Apr 21 containing #security fixes for CVE-2026-33999, CVE-2026-34000, CVE-2026-34001, CVE-2026-34002, and CVE-2026-34003 of the X.Org Server. We recommend everyone update ASAP. #CVE github.com/X11Libre/xserver/re

##

CVE-2026-41460
(9.8 CRITICAL)

EPSS: 0.17%

updated 2026-04-23T18:33:20

1 posts

SocialEngine versions 7.8.0 and prior contain a SQL injection vulnerability in the /activity/index/get-memberall endpoint where user-supplied input passed via the text parameter is not sanitized before being incorporated into a SQL query. An unauthenticated remote attacker can exploit this vulnerability to read arbitrary data from the database, reset administrator account passwords, and gain unaut

thehackerwire@mastodon.social at 2026-04-23T19:39:51.000Z ##

🔴 CVE-2026-41460 - Critical (9.8)

SocialEngine versions 7.8.0 and prior contain a SQL injection vulnerability in the /activity/index/get-memberall endpoint where user-supplied input passed via the text parameter is not sanitized before being incorporated into a SQL query. An unaut...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-3844
(9.8 CRITICAL)

EPSS: 0.06%

updated 2026-04-23T14:28:55.557000

4 posts

The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetch_gravatar_from_remote' function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. The vulnerability can only be exploited

3 repos

https://github.com/im-hanzou/CVE-2026-3844

https://github.com/tausifzaman/CVE-2026-3844

https://github.com/0xgh057r3c0n/CVE-2026-3844

rswebsols@mastodon.social at 2026-04-24T18:16:55.000Z ##

Hackers Take Advantage of File Upload Vulnerability in Breeze Cache Plugin for WordPress #wordpress

Urgent security update: Hackers are exploiting a file upload vulnerability in Breeze Cache for WordPress (CVE-2026-3844), risking remote code execution. Upgrade to Breeze Cache 2.4.5 now or disable the Host Files Locally – Gravatars option to mitigate. Details: ift.tt/ZoIb1XJ

Source: ift.tt/ZoIb1XJ | Image: ift.tt/dtFh1AJ

##

beyondmachines1@infosec.exchange at 2026-04-24T11:01:09.000Z ##

Cloudways Patches Actively Exploited File Upload Flaw in Breeze Cache Plugin

Cloudways patched a critical vulnerability in the Breeze Cache WordPress plugin (CVE-2026-3844) that allows unauthenticated attackers to upload malicious files and execute remote code. The flaw is currently under active exploitation, but it requires a non-default setting to be enabled in order to be exploited.

**If you use the Breeze Cache WordPress plugin, update it to version 2.4.5 ASAP. If you can't update right away, disable the "Host Files Locally - Gravatars" setting as a temporary workaround until you can apply the update.**
#cybersecurity #infosec #attack #activeexploit
beyondmachines.net/event_detai

##

thehackerwire@mastodon.social at 2026-04-23T21:44:57.000Z ##

🔴 CVE-2026-3844 - Critical (9.8)

The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetch_gravatar_from_remote' function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-04-23T03:00:30.000Z ##

🚩 CVE-2026-3844 (CRITICAL): Breeze Cache ≤2.4.4 lets unauthenticated attackers upload arbitrary files via 'fetch_gravatar_from_remote' if "Host Files Locally - Gravatars" is enabled. RCE possible. Check settings & update! radar.offseq.com/threat/cve-20 #OffSeq #WordPress #infosec

##

CVE-2026-39440
(9.9 CRITICAL)

EPSS: 0.02%

updated 2026-04-23T14:28:55.557000

1 posts

Improper Control of Generation of Code ('Code Injection') vulnerability in Funnelforms LLC FunnelFormsPro allows Remote Code Inclusion.This issue affects FunnelFormsPro: from n/a through 3.8.1.

thehackerwire@mastodon.social at 2026-04-23T19:40:07.000Z ##

🔴 CVE-2026-39440 - Critical (9.9)

Improper Control of Generation of Code ('Code Injection') vulnerability in Funnelforms LLC FunnelFormsPro allows Remote Code Inclusion.This issue affects FunnelFormsPro: from n/a through 3.8.1.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6903
(7.5 HIGH)

EPSS: 0.03%

updated 2026-04-23T12:31:45

1 posts

The LabOne Web Server, backing the LabOne User Interface, contains insufficient input validation in its file access functionality. An unauthenticated attacker could exploit this vulnerability to read arbitrary files on the host system that are accessible to the operating system user running the LabOne software. Additionally, the Web Server does not sufficiently restrict cross-origin requests, whi

thehackerwire@mastodon.social at 2026-04-23T19:42:49.000Z ##

🟠 CVE-2026-6903 - High (7.5)

The LabOne Web Server, backing the LabOne User Interface, contains insufficient input validation in its file access functionality. An unauthenticated attacker could exploit this vulnerability to read arbitrary files on the host system that are acc...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6886
(9.8 CRITICAL)

EPSS: 0.16%

updated 2026-04-23T12:31:45

1 posts

Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a Authentication Bypass vulnerability, allowing unauthenticated remote attackers to log into the system as any user.

thehackerwire@mastodon.social at 2026-04-23T19:42:40.000Z ##

🔴 CVE-2026-6886 - Critical (9.8)

Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a Authentication Bypass vulnerability, allowing unauthenticated remote attackers to log into the system as any user.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6885
(9.8 CRITICAL)

EPSS: 0.19%

updated 2026-04-23T12:31:45

1 posts

Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

thehackerwire@mastodon.social at 2026-04-23T19:42:31.000Z ##

🔴 CVE-2026-6885 - Critical (9.8)

Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-34286
(9.1 CRITICAL)

EPSS: 0.05%

updated 2026-04-23T12:07:46.893000

2 posts

Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Identity Manager Connector. Successful attacks of this vulnerability can result in unauthorized creation, deletion o

thehackerwire@mastodon.social at 2026-04-22T23:46:54.000Z ##

🔴 CVE-2026-34286 - Critical (9.1)

Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network acc...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-22T23:31:03.000Z ##

🔴 CVE-2026-34286 - Critical (9.1)

Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network acc...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-34287
(9.1 CRITICAL)

EPSS: 0.05%

updated 2026-04-23T12:07:28.307000

1 posts

Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Identity Manager Connector. Successful attacks of this vulnerability can result in unauthorized creation, deletion o

thehackerwire@mastodon.social at 2026-04-22T23:31:06.000Z ##

🔴 CVE-2026-34287 - Critical (9.1)

Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network acc...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41040
(7.5 HIGH)

EPSS: 0.04%

updated 2026-04-23T09:33:05

2 posts

GROWI provided by GROWI, Inc. is vulnerable to a regular expression denial of service (ReDoS) via a crafted input string.

thehackerwire@mastodon.social at 2026-04-23T19:43:41.000Z ##

🟠 CVE-2026-41040 - High (7.5)

GROWI provided by GROWI, Inc. is vulnerable to a regular expression denial of service (ReDoS) via a crafted input string.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-23T19:43:04.000Z ##

🟠 CVE-2026-41040 - High (7.5)

GROWI provided by GROWI, Inc. is vulnerable to a regular expression denial of service (ReDoS) via a crafted input string.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41455
(8.5 HIGH)

EPSS: 0.03%

updated 2026-04-23T00:31:19

1 posts

WeKan before 8.35 contains a server-side request forgery vulnerability in webhook integration URL handling where the url schema field accepts any string without protocol restriction or destination validation. Attackers who can create or modify integrations can set webhook URLs to internal network addresses, causing the server to issue HTTP POST requests to attacker-controlled internal targets with

thehackerwire@mastodon.social at 2026-04-22T23:00:05.000Z ##

🟠 CVE-2026-41455 - High (8.5)

WeKan before 8.35 contains a server-side request forgery vulnerability in webhook integration URL handling where the url schema field accepts any string without protocol restriction or destination validation. Attackers who can create or modify in...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41454
(8.3 HIGH)

EPSS: 0.04%

updated 2026-04-23T00:31:19

1 posts

WeKan before 8.35 contains a missing authorization vulnerability in the Integration REST API endpoints that allows authenticated board members to perform administrative actions without proper privilege verification. Attackers can enumerate integrations including webhook URLs, create new integrations, modify or delete existing integrations, and manage integration activities by exploiting insufficie

thehackerwire@mastodon.social at 2026-04-22T22:59:54.000Z ##

🟠 CVE-2026-41454 - High (8.3)

WeKan before 8.35 contains a missing authorization vulnerability in the Integration REST API endpoints that allows authenticated board members to perform administrative actions without proper privilege verification. Attackers can enumerate integr...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33825
(7.8 HIGH)

EPSS: 3.82%

updated 2026-04-23T00:31:18

3 posts

Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.

3 repos

https://github.com/Letlaka/redsun-bluehammer-undefend-detection-pack

https://github.com/kaleth4/CVE-2026-33825

https://github.com/Bilal3755/Detecting_blue_hammer_vuln

Chris@mast.social at 2026-04-23T15:09:06.000Z ##

🛡️ Microsoft Defender Elevation of Privilege Vulnerability
Description

🛡️ Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.

cve.org/CVERecord?id=CVE-2026-

#Cybersecurity #CISA #Security #Microsoft

##

christopherkunz@chaos.social at 2026-04-23T12:19:48.000Z ##

Just in: CVE-2026-33825 "BlueHammer" just hit the CISA KEV. Meanwhile, I'm not near my Windows PC, so I'm not sure if the Red Sun still prevails.

##

secdb@infosec.exchange at 2026-04-22T22:00:14.000Z ##

🚨 [CISA-2026:0422] CISA Adds One Known Exploited Vulnerability to Catalog (secdb.nttzen.cloud/security-ad)

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2026-33825 (secdb.nttzen.cloud/cve/detail/)
- Name: Microsoft Defender Insufficient Granularity of Access Control Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Defender
- Notes: msrc.microsoft.com/update-guid ; nvd.nist.gov/vuln/detail/CVE-2

#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260422 #cisa20260422 #cve_2026_33825 #cve202633825

##

CVE-2026-41468
(8.7 HIGH)

EPSS: 0.07%

updated 2026-04-22T21:32:18

1 posts

Beghelli Sicuro24 SicuroWeb embeds AngularJS 1.5.2, an end-of-life component containing known sandbox escape primitives. When combined with template injection present in the same application, these primitives allow attackers to escape the AngularJS sandbox and achieve arbitrary JavaScript execution in operator browser sessions, enabling session hijacking, DOM manipulation, and persistent browser c

offseq@infosec.exchange at 2026-04-23T09:00:27.000Z ##

🛑 CVE-2026-41468: Beghelli SicuroWeb (Sicuro24) uses unmaintained AngularJS 1.5.2, allowing network-adjacent attackers to hijack sessions via MITM and template injection. Enforce HTTPS, monitor activity. No patch yet. More: radar.offseq.com/threat/cve-20 #OffSeq #CVE202641468 #infosec

##

CVE-2026-40372
(9.1 CRITICAL)

EPSS: 0.04%

updated 2026-04-22T21:24:26.997000

1 posts

Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-35231
(7.5 HIGH)

EPSS: 0.03%

updated 2026-04-22T21:24:26.997000

1 posts

Vulnerability in the Oracle Financial Services Transaction Filtering product of Oracle Financial Services Applications (component: User Interface). The supported version that is affected is 8.1.2.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Transaction Filtering. Successful attacks of this vulnerabilit

thehackerwire@mastodon.social at 2026-04-22T22:00:01.000Z ##

🟠 CVE-2026-35231 - High (7.5)

Vulnerability in the Oracle Financial Services Transaction Filtering product of Oracle Financial Services Applications (component: User Interface). The supported version that is affected is 8.1.2.8.0. Easily exploitable vulnerability allows unau...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-34065
(7.5 HIGH)

EPSS: 0.04%

updated 2026-04-22T19:19:28

1 posts

### Impact An untrusted p2p peer can cause a node to panic by announcing an election macro block whose `validators` set contains an invalid compressed BLS voting key. Hashing an election macro header hashes `validators` and reaches `Validators::voting_keys()`, which calls `validator.voting_key.uncompress().unwrap()` and panics on invalid bytes. ### Patches [The patch for this vulnerability](http

thehackerwire@mastodon.social at 2026-04-22T20:59:49.000Z ##

🟠 CVE-2026-34065 - High (7.5)

nimiq-primitives contains primitives (e.g., block, account, transaction) to be used in Nimiq's Rust implementation. Prior to version 1.3.0, an untrusted p2p peer can cause a node to panic by announcing an election macro block whose `validators` se...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-22754
(7.5 HIGH)

EPSS: 0.03%

updated 2026-04-22T18:32:53

1 posts

Vulnerability in Spring Spring Security. If an application uses <sec:intercept-url servlet-path="/servlet-path" pattern="/endpoint/**"/> to define the servlet path for computing a path matcher, then the servlet path is not included and the related authorization rules are not exercised. This can lead to an authorization bypass.This issue affects Spring Security: from 7.0.0 through 7.0.4.

thehackerwire@mastodon.social at 2026-04-22T21:14:06.000Z ##

🟠 CVE-2026-22754 - High (7.5)

Vulnerability in Spring Spring Security. If an application uses  to define the servlet path for computing a path matcher, then the servlet path is not included and the related authorization rules are not exercised. This can lead to an authorizat...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-35344
(3.3 LOW)

EPSS: 0.01%

updated 2026-04-22T18:31:54

1 posts

The dd utility in uutils coreutils suppresses errors during file truncation operations by unconditionally calling Result::ok() on truncation attempts. While intended to mimic GNU behavior for special files like /dev/null, the uutils implementation also hides failures on regular files and directories caused by full disks or read-only file systems. This can lead to silent data corruption in backup o

CVE-2026-34309
(8.1 HIGH)

EPSS: 0.03%

updated 2026-04-22T18:31:42

1 posts

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security). Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modifi

thehackerwire@mastodon.social at 2026-04-22T23:01:07.000Z ##

🟠 CVE-2026-34309 - High (8.1)

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security). Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows low privileged attacker with network access via...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-34291
(8.7 HIGH)

EPSS: 0.05%

updated 2026-04-22T15:32:43

1 posts

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. While the vulnerability is in Oracle HTTP Server, attacks may significantly impact additional products (

thehackerwire@mastodon.social at 2026-04-23T00:00:05.000Z ##

🟠 CVE-2026-34291 - High (8.7)

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network ac...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-34320
(7.5 HIGH)

EPSS: 0.03%

updated 2026-04-22T15:32:43

1 posts

Vulnerability in the Oracle Financial Services Customer Screening product of Oracle Financial Services Applications (component: User Interface). The supported version that is affected is 8.1.2.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Customer Screening. Successful attacks of this vulnerability can

thehackerwire@mastodon.social at 2026-04-22T22:00:12.000Z ##

🟠 CVE-2026-34320 - High (7.5)

Vulnerability in the Oracle Financial Services Customer Screening product of Oracle Financial Services Applications (component: User Interface). The supported version that is affected is 8.1.2.8.0. Easily exploitable vulnerability allows unauthe...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5398
(8.4 HIGH)

EPSS: 0.01%

updated 2026-04-22T15:32:43

1 posts

The implementation of TIOCNOTTY failed to clear a back-pointer from the structure representing the controlling terminal to the calling process' session. If the invoking process then exits, the terminal structure may end up containing a pointer to freed memory. A malicious process can abuse the dangling pointer to grant itself root privileges.

thehackerwire@mastodon.social at 2026-04-22T21:14:15.000Z ##

🟠 CVE-2026-5398 - High (8.4)

The implementation of TIOCNOTTY failed to clear a back-pointer from the structure representing the controlling terminal to the calling process' session. If the invoking process then exits, the terminal structure may end up containing a pointer to...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-34290
(7.5 HIGH)

EPSS: 0.04%

updated 2026-04-22T15:32:42

1 posts

Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Identity Manager Connector. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang

thehackerwire@mastodon.social at 2026-04-22T23:31:16.000Z ##

🟠 CVE-2026-34290 - High (7.5)

Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network acc...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-34305
(7.5 HIGH)

EPSS: 0.03%

updated 2026-04-22T15:31:41

2 posts

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0 and 15.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthoriz

thehackerwire@mastodon.social at 2026-04-22T23:46:34.000Z ##

🟠 CVE-2026-34305 - High (7.5)

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0 and 15.1.1.0.0. Easily exploitable vulnerability allows unauth...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-22T23:30:44.000Z ##

🟠 CVE-2026-34305 - High (7.5)

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0 and 15.1.1.0.0. Easily exploitable vulnerability allows unauth...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-34279
(9.1 CRITICAL)

EPSS: 0.04%

updated 2026-04-22T15:31:40

1 posts

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Event Management). Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Enterprise Manager Base Platform. While the vulnerability is in Oracle Enterprise Manager Base Pl

thehackerwire@mastodon.social at 2026-04-23T00:00:16.000Z ##

🔴 CVE-2026-34279 - Critical (9.1)

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Event Management). Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows high privileged atta...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-34297
(7.5 HIGH)

EPSS: 0.04%

updated 2026-04-22T15:31:40

2 posts

Vulnerability in the Oracle HCM Common Architecture product of Oracle E-Business Suite (component: Knowledge Integration). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HCM Common Architecture. Successful attacks of this vulnerability can result in unauthorized access to

thehackerwire@mastodon.social at 2026-04-22T23:46:44.000Z ##

🟠 CVE-2026-34297 - High (7.5)

Vulnerability in the Oracle HCM Common Architecture product of Oracle E-Business Suite (component: Knowledge Integration). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker w...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-22T23:30:54.000Z ##

🟠 CVE-2026-34297 - High (7.5)

Vulnerability in the Oracle HCM Common Architecture product of Oracle E-Business Suite (component: Knowledge Integration). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker w...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-34285
(9.1 CRITICAL)

EPSS: 0.05%

updated 2026-04-22T15:31:39

1 posts

Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Identity Manager Connector. Successful attacks of this vulnerability can result in unauthorized creation, deletion o

thehackerwire@mastodon.social at 2026-04-22T23:30:56.000Z ##

🔴 CVE-2026-34285 - Critical (9.1)

Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network acc...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6022
(7.5 HIGH)

EPSS: 0.04%

updated 2026-04-22T09:31:40

1 posts

In Progress® Telerik® UI for AJAX prior to 2026.1.421, RadAsyncUpload contains an uncontrolled resource consumption vulnerability that allows file uploads to exceed the configured maximum size due to missing cumulative size enforcement during chunk reassembly, leading to disk space exhaustion.

thehackerwire@mastodon.social at 2026-04-22T21:00:56.000Z ##

🟠 CVE-2026-6022 - High (7.5)

In Progress® Telerik® UI for AJAX prior to 2026.1.421, RadAsyncUpload contains an uncontrolled resource consumption vulnerability that allows file uploads to exceed the configured maximum size due to missing cumulative size enforcement during ch...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6023
(8.1 HIGH)

EPSS: 0.34%

updated 2026-04-22T09:31:40

1 posts

In Progress® Telerik® UI for AJAX versions 2024.4.1114 through 2026.1.421, the RadFilter control is vulnerable to insecure deserialization when restoring filter state if the state is exposed to the client. If an attacker tampers with this state, a server-side remote code execution is possible.

thehackerwire@mastodon.social at 2026-04-22T21:00:46.000Z ##

🟠 CVE-2026-6023 - High (8.1)

In Progress® Telerik® UI for AJAX versions 2024.4.1114 through 2026.1.421, the RadFilter control is vulnerable to insecure deserialization when restoring filter state if the state is exposed to the client. If an attacker tampers with this state,...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6784
(7.5 HIGH)

EPSS: 0.04%

updated 2026-04-22T00:32:48

1 posts

Memory safety bugs present in Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.

dangoodin@infosec.exchange at 2026-04-22T22:32:40.000Z ##

@paco

I just asked Mozilla about this. Someone responded that internally found bugs like the 271 go into “roll-up” advisories with, each rollup providing a link to the bug list covered.

The 3 rollups are:

mozilla.org/en-US/security/adv

mozilla.org/en-US/security/adv

mozilla.org/en-US/security/adv

When you look at these rollups they say that "Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code."

With no way of knowing how many vulnerabilities were truly severe and exploitable, I think Mozilla, like others gushing ab out LLM-assisted vuln finding, is denying us the data to assess the true value of Mythos.

##

CVE-2026-41197(CVSS UNKNOWN)

EPSS: 0.04%

updated 2026-04-21T20:16:10

1 posts

## Description Noir programs can invoke external functions through foreign calls. When compiling to Brillig bytecode, the SSA instructions are processed block-by-block in `BrilligBlock::compile_block()`. When the compiler encounters an `Instruction::Call` with a `Value::ForeignFunction` target, it invokes `codegen_call()` in `brillig_call/code_gen_call.rs`, which dispatches to `convert_ssa_foreig

offseq@infosec.exchange at 2026-04-23T04:30:27.000Z ##

🚩 CRITICAL: CVE-2026-41197 in noir-lang noir (<1.0.0-beta.19). Incorrect buffer allocation for nested arrays can corrupt Brillig VM heap. Memory safety risk! Upgrade to 1.0.0-beta.19+ ASAP. radar.offseq.com/threat/cve-20 #OffSeq #NoirLang #CVE202641197 #AppSec

##

CVE-2026-40050
(9.8 CRITICAL)

EPSS: 0.27%

updated 2026-04-21T18:32:04

4 posts

CrowdStrike has released security updates to address a critical unauthenticated path traversal vulnerability (CVE-2026-40050) in LogScale. This vulnerability only requires mitigation by customers that host specific versions of LogScale and does not affect Next-Gen SIEM customers. The vulnerability exists in a specific cluster API endpoint that, if exposed, allows a remote attacker to read arbitrar

beyondmachines1 at 2026-04-24T20:01:09.479Z ##

CrowdStrike Patches Critical Path Traversal Vulnerability in LogScale

CrowdStrike patched a critical unauthenticated path traversal vulnerability (CVE-2026-40050) in LogScale that allows remote attackers to read arbitrary files from self-hosted server filesystems.

**If you use self-hosted LogScale, plan a quick update to a patched version ASAP. Always keep your cluster API endpoints behind a firewall or VPN to limit exposure to attackers.**

beyondmachines.net/event_detai

##

beyondmachines1@infosec.exchange at 2026-04-24T20:01:09.000Z ##

CrowdStrike Patches Critical Path Traversal Vulnerability in LogScale

CrowdStrike patched a critical unauthenticated path traversal vulnerability (CVE-2026-40050) in LogScale that allows remote attackers to read arbitrary files from self-hosted server filesystems.

**If you use self-hosted LogScale, plan a quick update to a patched version ASAP. Always keep your cluster API endpoints behind a firewall or VPN to limit exposure to attackers.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

offseq@infosec.exchange at 2026-04-24T10:30:39.000Z ##

🛡️ CrowdStrike LogScale CRITICAL vuln (CVE-2026-40050): unauth path traversal — remote file read risk for self-hosted users. Tenable Nessus for Windows: HIGH vuln (CVE-2026-33694), file deletion & privilege escalation. Patch ASAP! radar.offseq.com/threat/vulner #OffSeq #Vuln #CrowdStrike #Tenable

##

cR0w@infosec.exchange at 2026-04-22T21:47:11.000Z ##

@reverseics I went to the Crowdstrike site to see if there was a new advisory and found this instead. Obviously better than any advisory. Even a ../ in CVE-2026-40050.

##

CVE-2026-5752
(9.4 CRITICAL)

EPSS: 0.02%

updated 2026-04-21T15:33:24

2 posts

Sandbox Escape Vulnerability in Terrarium allows arbitrary code execution with root privileges on a host process via JavaScript prototype chain traversal.

_r_netsec@infosec.exchange at 2026-04-24T14:28:05.000Z ##

Cohere Terrarium (CVE-2026-5752) and OpenAI Codex CLI (CVE-2025-59532): a cross-CVE analysis of AI code sandbox escapes blog.barrack.ai/pyodide-sandbo

##

aisight@mastodon.social at 2026-04-23T18:35:36.000Z ##

Projekt Terrarium, który miał uruchamiać kod generowany przez modele AI w bezpiecznej piaskownicy, okazał się śmiertelną pułapką. Luka CVE-2026-5752 pozwala napastnikom na przejęcie pełnej kontroli nad systemem, a najgorsze jest to, że projekt nie jest już rozwijany.

#si #ai #sztucznainteligencja #wiadomości #informacje #technologia

aisight.pl/cyberbezpieczenstwo

##

CVE-2026-33626
(7.5 HIGH)

EPSS: 0.03%

updated 2026-04-21T15:04:13

6 posts

## Summary A Server-Side Request Forgery (SSRF) vulnerability exists in LMDeploy's vision-language module. The `load_image()` function in `lmdeploy/vl/utils.py` fetches arbitrary URLs without validating internal/private IP addresses, allowing attackers to access cloud metadata services, internal networks, and sensitive resources. ## Affected Versions - **Tested on:** main branch (2026-02-04) -

beyondmachines1 at 2026-04-24T19:01:09.904Z ##

LMDeploy AI Inference Engine Exploited Hours After SSRF Disclosure

LMDeploy's vision-language module contains a high-severity SSRF vulnerability (CVE-2026-33626) that attackers exploited within 13 hours to scan internal networks and target cloud metadata. The flaw allows unauthenticated users to bypass network restrictions by providing malicious image URLs to the inference server.

**If you're running LMDeploy, immediately update to version 0.12.3 or later to patch the SSRF vulnerability (CVE-2026-33626). Also, enforce IMDSv2 with required session tokens on your cloud instances and restrict outbound network traffic from inference servers to block credential theft and internal scanning.**

beyondmachines.net/event_detai

##

_r_netsec at 2026-04-24T16:28:05.058Z ##

Exploit su LMDeploy CVE-2026-33626: attacco SSRF immediato dopo disclosure deafnews.it/article/exploit-su

##

beyondmachines1@infosec.exchange at 2026-04-24T19:01:09.000Z ##

LMDeploy AI Inference Engine Exploited Hours After SSRF Disclosure

LMDeploy's vision-language module contains a high-severity SSRF vulnerability (CVE-2026-33626) that attackers exploited within 13 hours to scan internal networks and target cloud metadata. The flaw allows unauthenticated users to bypass network restrictions by providing malicious image URLs to the inference server.

**If you're running LMDeploy, immediately update to version 0.12.3 or later to patch the SSRF vulnerability (CVE-2026-33626). Also, enforce IMDSv2 with required session tokens on your cloud instances and restrict outbound network traffic from inference servers to block credential theft and internal scanning.**
#cybersecurity #infosec #attack #activeexploit
beyondmachines.net/event_detai

##

_r_netsec@infosec.exchange at 2026-04-24T16:28:05.000Z ##

Exploit su LMDeploy CVE-2026-33626: attacco SSRF immediato dopo disclosure deafnews.it/article/exploit-su

##

campuscodi@mastodon.social at 2026-04-23T20:29:56.000Z ##

An SSRF bug in an LLM deployment server got exploited 12 hours after it was patched

sysdig.com/blog/cve-2026-33626

##

LLMs@activitypub.awakari.com at 2026-04-22T00:00:00.000Z ## CVE-2026-33626: How attackers exploited LMDeploy LLM Inference Engines in 12 hours CVE-2026-33626 in LMDeploy was exploited within 12 hours of disclosure, enabling attackers to use a vision-LLM end...


Origin | Interest | Match ##

CVE-2025-48700
(6.1 MEDIUM)

EPSS: 20.00%

updated 2026-04-21T13:00:03.373000

1 posts

An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0 and 10.0 and 10.1. A Cross-Site Scripting (XSS) vulnerability in the Zimbra Classic UI allows attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to sensitive information. This issue arises from insufficient sanitization of HTML content, specifically involving crafted ta

undercodenews@mastodon.social at 2026-04-24T16:39:11.000Z ##

Zimbra Servers Still Exposed as APT28 and APT29 Exploit Critical XSS Flaw While AI Reshapes Global Cybersecurity Response

Introduction A major cybersecurity warning has emerged involving thousands of exposed Zimbra email servers still vulnerable to a critical cross site scripting flaw tracked as CVE-2025-48700. Security agencies confirm that advanced persistent threat groups, including APT28 and APT29, have already exploited the weakness in real world phishing…

undercodenews.com/zimbra-serve

##

CVE-2026-40897
(8.8 HIGH)

EPSS: 0.00%

updated 2026-04-16T22:38:44

2 posts

### Impact This security vulnerability allowed executing arbitrary JavaScript via the expression parser of mathjs. You can be affected when you have an application where users can evaluate arbitrary expressions using the mathjs expression parser. ### Patches The issue was introduced in mathjs `v13.1.1`, and patched in mathjs `v15.2.0`. ### Workarounds There is no workaround without upgrading to

thehackerwire@mastodon.social at 2026-04-24T19:42:32.000Z ##

🟠 CVE-2026-40897 - High (8.8)

Math.js is an extensive math library for JavaScript and Node.js. From 13.1.1 to before 15.2.0, a vulnerability allowed executing arbitrary JavaScript via the expression parser of mathjs. You can be affected when you have an application where users...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T19:42:32.000Z ##

🟠 CVE-2026-40897 - High (8.8)

Math.js is an extensive math library for JavaScript and Node.js. From 13.1.1 to before 15.2.0, a vulnerability allowed executing arbitrary JavaScript via the expression parser of mathjs. You can be affected when you have an application where users...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-34197
(8.8 HIGH)

EPSS: 59.42%

updated 2026-04-16T19:59:38.107000

2 posts

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations on all ActiveMQ MBeans (org.apache.activemq:*), including BrokerService.addNetworkConnector(String) a

Nuclei template

9 repos

https://github.com/xshysjhq/CVE-2026-34197-payload-Apache-ActiveMQ-

https://github.com/Catherines77/ActiveMQ-EXPtools

https://github.com/keraattin/CVE-2026-34197

https://github.com/0xBlackash/CVE-2026-34197

https://github.com/DEVSECURITYSPRO/CVE-2026-34197

https://github.com/KONDORDEVSECURITYCORP/CVE-2026-34197

https://github.com/dinosn/CVE-2026-34197

https://github.com/hg0434hongzh0/CVE-2026-34197

https://github.com/AtoposX-J/CVE-2026-34197-Apache-ActiveMQ-RCE

thehackerwire@mastodon.social at 2026-04-24T20:10:11.000Z ##

🟠 CVE-2026-40466 - High (8.8)

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ.

An authenticated attacker may bypass the fix in CVE-2026-34197 by adding a conne...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T20:10:11.000Z ##

🟠 CVE-2026-40466 - High (8.8)

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ.

An authenticated attacker may bypass the fix in CVE-2026-34197 by adding a conne...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40882
(7.6 HIGH)

EPSS: 0.06%

updated 2026-04-15T21:17:56

1 posts

### Summary The Velbus asset import path parses attacker-controlled XML without explicit XXE hardening. An authenticated user who can call the import endpoint may trigger XML external entity processing, which can lead to server-side file disclosure and SSRF. The target file must be less than 1023 characters. ### Details Velbus import uses `DocumentBuilderFactory.newInstance().newDocumentBuilder()

thehackerwire@mastodon.social at 2026-04-22T21:23:43.000Z ##

🟠 CVE-2026-40882 - High (7.6)

OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.0, the Velbus asset import path parses attacker-controlled XML without explicit XXE hardening. An authenticated user who can call the import endpoint may trigger XML e...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32201
(6.5 MEDIUM)

EPSS: 7.94%

updated 2026-04-14T18:30:55

1 posts

Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

1 repos

https://github.com/B1tBit/CVE-2026-32201-exploit

tierrasapiens@mastodon.social at 2026-04-24T21:48:22.000Z ##

🖲️ #Noticia de #CiberSeguridad #CiberGuerra #CiberAtaque #CiberNoticia
⚫ Más de 1.300 servidores SharePoint expuestos a la vulnerabilidad CVE-2026-32201 de abril
🔗 blog.segu-info.com.ar/2026/04/

Más de 1.370 servidores SharePoint con acceso a Internet siguen sin parchearse
contra la vulnerabilidad CVE-2026-32201, una falla de suplantación de
identidad que, según Microsoft, fue explotada como una vulnerabilidad de día
cero.

"Una

##

CVE-2026-33824
(9.8 CRITICAL)

EPSS: 0.10%

updated 2026-04-14T18:30:52

1 posts

Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network.

2 repos

https://github.com/kaleth4/CVE-2026-33824

https://github.com/z3r0h3ro/CVE-2026-33824

thezdi@infosec.exchange at 2026-04-23T15:44:41.000Z ##

CVE-2026-33824: Remote Code Execution in Windows IKEv2 - the folks from TrendAI Research break down this wormable bug that was patched last week. The show root cause & offer detection guidance. Read the details as zerodayinitiative.com/blog/202

##

CVE-2026-34621
(8.6 HIGH)

EPSS: 7.60%

updated 2026-04-13T21:23:27

1 posts

Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

5 repos

https://github.com/eduardorossi84/CVE-2026-34621-POC

https://github.com/ercihan/CVE-2026-34621

https://github.com/NULL200OK/cve_2026_34621_advanced

https://github.com/KeulenR01/Remediate-AdobeAcrobat-CVE-2026-34621

https://github.com/ercihan/CVE-2026-34621_PDF_SAMPLE

_r_netsec@infosec.exchange at 2026-04-23T18:28:05.000Z ##

CVE-2026-34621: Adobe Acrobat Reader zero-day was on VirusTotal for 136 days before Adobe named it a CVE nefariousplan.com/posts/adobe-

##

CVE-2026-39987(CVSS UNKNOWN)

EPSS: 45.53%

updated 2026-04-09T19:06:18

2 posts

## Summary Marimo (19.6k stars) has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint `/terminal/ws` lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSocket endpoints (e.g., `/ws`) that correctly call `validate_auth()` for authentication, the `/terminal/ws` endpoint only checks the

Nuclei template

5 repos

https://github.com/mki9/CVE-2026-39987_exploit

https://github.com/keraattin/CVE-2026-39987

https://github.com/Nxploited/CVE-2026-39987

https://github.com/0xBlackash/CVE-2026-39987

https://github.com/fevar54/marimo_CVE-2026-39987_RCE_PoC

secdb@infosec.exchange at 2026-04-23T20:00:16.000Z ##

🚨 [CISA-2026:0423] CISA Adds One Known Exploited Vulnerability to Catalog (secdb.nttzen.cloud/security-ad)

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2026-39987 (secdb.nttzen.cloud/cve/detail/)
- Name: Marimo Remote Code Execution Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Marimo
- Product: Marimo
- Notes: github.com/marimo-team/marimo/ ; nvd.nist.gov/vuln/detail/CVE-2

#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260423 #cisa20260423 #cve_2026_39987 #cve202639987

##

cisakevtracker@mastodon.social at 2026-04-23T18:00:51.000Z ##

CVE ID: CVE-2026-39987
Vendor: Marimo
Product: Marimo
Date Added: 2026-04-23
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-15467
(8.8 HIGH)

EPSS: 0.70%

updated 2026-03-19T19:16:19.230000

1 posts

Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encode

6 repos

https://github.com/materaj2/cve-2025-15467

https://github.com/balgan/CVE-2025-15467

https://github.com/WostGit/cve-2025-15467-crash

https://github.com/mr-r3b00t/CVE-2025-15467

https://github.com/x-stp/cves-2025-11187_15467_69418

https://github.com/guiimoraes/CVE-2025-15467

certvde@infosec.exchange at 2026-04-23T10:49:13.000Z ##

#OT #Advisory VDE-2026-029
METTLER TOLEDO: OpenSSL vulnerability in MX and MR balances

MX/MR firmware V2.0.0 or earlier is affected by the OpenSSL vulnerability CVE-2025-15467.
#CVE CVE-2025-15467

certvde.com/en/advisories/vde-
#oCSAF
#CSAF mettler-toledo.csaf-tp.certvde

##

CVE-2026-30869
(9.3 CRITICAL)

EPSS: 0.68%

updated 2026-03-10T18:43:20

1 posts

### Summary A path traversal vulnerability in the `/export` endpoint allows an attacker to read arbitrary files from the server filesystem. By exploiting double‑encoded traversal sequences, an attacker can access sensitive files such as `conf/conf.json`, which contains secrets including the API token, cookie signing key, and workspace access authentication code. Leaking these secrets may enable a

EUVD_Bot@mastodon.social at 2026-04-24T21:02:11.000Z ##

🚨 EUVD-2026-25626

📊 Score: 7.1/10 (CVSS v3.1)
📦 Product: SiYuan
🏢 Vendor: siyuan-note
📅 Updated: 2026-04-24

📝 SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, the fix for CVE-2026-30869 only added a denylist check (IsSensitivePath) but did not address the root cause — a redundant url.PathUnescape() call in serveExport(). An authentic...

🔗 euvd.enisa.europa.eu/vulnerabi

#cybersecurity #infosec #euvd #cve #vulnerability

##

CVE-2018-25193
(7.5 HIGH)

EPSS: 0.14%

updated 2026-03-06T15:31:37

1 posts

Mongoose Web Server 6.9 contains a denial of service vulnerability that allows remote attackers to crash the service by establishing multiple socket connections. Attackers can repeatedly create connections to the default port and send malformed data to exhaust server resources and cause service unavailability.

certvde@infosec.exchange at 2026-04-23T12:45:22.000Z ##

#OT #Advisory VDE-2026-019
Pilz: Vulnerability affecting PASvisu Runtime

The PASvisu Runtime is affected by a vulnerability in a third-party component which can be exploited by malicious web requests.
#CVE CVE-2018-25193

certvde.com/en/advisories/vde-

#CSAF pilz.csaf-tp.certvde.com/.well

##

CVE-2026-27966
(9.8 CRITICAL)

EPSS: 0.23%

updated 2026-02-27T15:47:29

2 posts

# 1. Summary The CSV Agent node in Langflow hardcodes `allow_dangerous_code=True`, which automatically exposes LangChain’s Python REPL tool (`python_repl_ast`). As a result, an attacker can execute arbitrary Python and OS commands on the server via prompt injection, leading to full Remote Code Execution (RCE). # 2. Description ## 2.1 Intended Functionality When building a flow such as *ChatIn

1 repos

https://github.com/Anon-Cyber-Team/CVE-2026-27966--RCE-in-Langflow

metasploit at 2026-04-24T20:35:01.274Z ##

The latest Metasploit Weekly Wrapup is here! Highlights include a new RCE exploit for Langflow (CVE-2026-27966), improved check method visibility with detailed reasoning, and updates for legacy SMB targets. Plus 3 other new modules!

Read more: rapid7.com/blog/post/pt-metasp

##

metasploit@infosec.exchange at 2026-04-24T20:35:01.000Z ##

The latest Metasploit Weekly Wrapup is here! Highlights include a new RCE exploit for Langflow (CVE-2026-27966), improved check method visibility with detailed reasoning, and updates for legacy SMB targets. Plus 3 other new modules!

Read more: rapid7.com/blog/post/pt-metasp

##

CVE-2026-22039
(10.0 CRITICAL)

EPSS: 0.02%

updated 2026-01-29T03:31:32

1 posts

### Summary A critical authorization boundary bypass in namespaced Kyverno Policy [apiCall](https://kyverno.io/docs/policy-types/cluster-policy/external-data-sources/#url-paths). The resolved `urlPath` is executed using the Kyverno admission controller ServiceAccount, with no enforcement that the request is limited to the policy’s namespace. As a result, any authenticated user with permission to

thehackerwire@mastodon.social at 2026-04-24T05:45:52.000Z ##

🟠 CVE-2026-41068 - High (7.7)

Kyverno is a policy engine designed for cloud native platform engineering teams. The patch for CVE-2026-22039 fixed cross-namespace privilege escalation in Kyverno's `apiCall` context by validating the `URLPath` field. However, the ConfigMap conte...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thecybermind@infosec.exchange at 2026-04-24T01:03:05.000Z ##

CVE-2023-46805 is actively exploited in Ivanti Connect Secure and Policy Secure gateways. When chained with CVE-2024-21887, attackers gain unauthenticated RCE and full VPN appliance compromise, posing critical enterprise perimeter risk.

Read the full threat brief:
thecybermind.co/i1n8

thecybermind.co/2026/04/23/iva

##

thecybermind@infosec.exchange at 2026-04-24T01:03:05.000Z ##

CVE-2023-46805 is actively exploited in Ivanti Connect Secure and Policy Secure gateways. When chained with CVE-2024-21887, attackers gain unauthenticated RCE and full VPN appliance compromise, posing critical enterprise perimeter risk.

Read the full threat brief:
thecybermind.co/i1n8

thecybermind.co/2026/04/23/iva

##

CVE-2025-59532(CVSS UNKNOWN)

EPSS: 0.05%

updated 2025-09-22T22:00:37

1 posts

Due to a bug in the sandbox configuration logic, Codex CLI could treat a model-generated `cwd` as the sandbox’s writable root, including paths outside of the folder where the user started their session. This logic bypassed the intended workspace boundary and enables arbitrary file writes and command execution where the Codex process has permissions - this did not impact the network-disabled sandb

1 repos

https://github.com/baktistr/cve-2025-59532-poc

_r_netsec@infosec.exchange at 2026-04-24T14:28:05.000Z ##

Cohere Terrarium (CVE-2026-5752) and OpenAI Codex CLI (CVE-2025-59532): a cross-CVE analysis of AI code sandbox escapes blog.barrack.ai/pyodide-sandbo

##

CVE-2023-20185
(7.4 HIGH)

EPSS: 0.17%

updated 2024-02-03T05:06:20

2 posts

A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, remote attacker to read or modify intersite encrypted traffic. This vulnerability is due to an issue with the implementation of the ciphers that are used by the CloudSec encryption feature on affected switches. An attacker with an on-path

AAKL at 2026-04-24T17:29:17.855Z ##

Broadcom has a new advisory for a critical vulnerability:

Common Components and Services for z/OS 15.0 Vulnerability in CCS Apache Tomcat support.broadcom.com/web/ecx/s

CISA has updated the KEV catalogue:

- CVE-2024-57726: SimpleHelp Missing Authorization Vulnerability cve.org/CVERecord?id=CVE-2024-

- CVE-2024-57728: SimpleHelp Path Traversal Vulnerability cve.org/CVERecord?id=CVE-2024-

- CVE-2024-7399: Samsung MagicINFO 9 Server Path Traversal Vulnerability cve.org/CVERecord?id=CVE-2024-

- CVE-2025-29635: D-Link DIR-823X Command Injection Vulnerability cve.org/CVERecord?id=CVE-2025-

Cisco has two advisories for high-severity vulnerabilities:

- CVE-2023-20185: Cisco ACI Multi-Site CloudSec Encryption Information Disclosure Vulnerability sec.cloudapps.cisco.com/securi

- Informational, updated today: Continued Evolution of Persistence Mechanism Against Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense sec.cloudapps.cisco.com/securi @TalosSecurity

##

AAKL@infosec.exchange at 2026-04-24T17:29:17.000Z ##

Broadcom has a new advisory for a critical vulnerability:

Common Components and Services for z/OS 15.0 Vulnerability in CCS Apache Tomcat support.broadcom.com/web/ecx/s #Broadcom #Apache

CISA has updated the KEV catalogue:

- CVE-2024-57726: SimpleHelp Missing Authorization Vulnerability cve.org/CVERecord?id=CVE-2024-

- CVE-2024-57728: SimpleHelp Path Traversal Vulnerability cve.org/CVERecord?id=CVE-2024-

- CVE-2024-7399: Samsung MagicINFO 9 Server Path Traversal Vulnerability cve.org/CVERecord?id=CVE-2024-

- CVE-2025-29635: D-Link DIR-823X Command Injection Vulnerability cve.org/CVERecord?id=CVE-2025- #CISA #Samsung #DLink

Cisco has two advisories for high-severity vulnerabilities:

- CVE-2023-20185: Cisco ACI Multi-Site CloudSec Encryption Information Disclosure Vulnerability sec.cloudapps.cisco.com/securi

- Informational, updated today: Continued Evolution of Persistence Mechanism Against Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense sec.cloudapps.cisco.com/securi @TalosSecurity #Cisco #infosec #vulnerability

##

CVE-2026-41248
(0 None)

EPSS: 0.00%

4 posts

N/A

offseq at 2026-04-25T00:00:40.068Z ##

🚨 CRITICAL: CVE-2026-41248 affects clerk astro, nextjs, nuxt — lets attackers bypass middleware in affected JS libs. Update to fixed versions ASAP to prevent unauthorized access. Patches available now. radar.offseq.com/threat/cve-20

##

thehackerwire@mastodon.social at 2026-04-24T22:00:01.000Z ##

🔴 CVE-2026-41248 - Critical (9.1)

Clerk JavaScript is the official JavaScript repository for Clerk authentication. createRouteMatcher in @clerk/nextjs, @clerk/nuxt, and @clerk/astro can be bypassed by certain crafted requests, allowing them to skip middleware gating and reach down...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-04-25T00:00:40.000Z ##

🚨 CRITICAL: CVE-2026-41248 affects clerk astro, nextjs, nuxt — lets attackers bypass middleware in affected JS libs. Update to fixed versions ASAP to prevent unauthorized access. Patches available now. radar.offseq.com/threat/cve-20 #OffSeq #Vulnerability #ClerkJS

##

thehackerwire@mastodon.social at 2026-04-24T22:00:01.000Z ##

🔴 CVE-2026-41248 - Critical (9.1)

Clerk JavaScript is the official JavaScript repository for Clerk authentication. createRouteMatcher in @clerk/nextjs, @clerk/nuxt, and @clerk/astro can be bypassed by certain crafted requests, allowing them to skip middleware gating and reach down...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-34078
(0 None)

EPSS: 0.04%

1 posts

N/A

cyberveille@mastobot.ping.moi at 2026-04-24T21:30:25.000Z ##

📢 CVE-2026-34078 : Sandbox escape dans Flatpak via injection de chemins non fiables
📝 ## 🗓️ Contexte

Article publié le 23 avril 2026 par Sebastian Wick (mainteneur de Flatpak) sur son blog personnel.
📖 cyberveille : cyberveille.ch/posts/2026-04-2
🌐 source : blog.sebastianwick.net/posts/h
#CVE_2026_34078 #Flatpak #Cyberveille

##

secdb at 2026-04-24T20:58:39.780Z ##

🚨 CVE-2026-41651 (Pack2TheRoot)

PackageKit vulnerable to TOCTOU Race on Transaction Flags leads to arbitrary package installation as root

PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between and including versions 1.0.2 and 1.3.4 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition on transaction flags that allows unprivileged users to install packages as root and thus leads to a local privilege escalation. This is patched in version 1.3.5.

ℹ️ Additional info on ZEN SecDB secdb.nttzen.cloud/cve/detail/


##

hackerworkspace at 2026-04-24T18:17:27.896Z ##

Pack2TheRoot (CVE-2026-41651): Cross-Distro Local Privilege Escalation Vulnerability

github.security.telekom.com/20

Read on HackerWorkspace: hackerworkspace.com/article/pa

##

secdb@infosec.exchange at 2026-04-24T20:58:39.000Z ##

🚨 CVE-2026-41651 (Pack2TheRoot)

PackageKit vulnerable to TOCTOU Race on Transaction Flags leads to arbitrary package installation as root

PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between and including versions 1.0.2 and 1.3.4 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition on transaction flags that allows unprivileged users to install packages as root and thus leads to a local privilege escalation. This is patched in version 1.3.5.

ℹ️ Additional info on ZEN SecDB secdb.nttzen.cloud/cve/detail/

#nttdata #zen #secdb #infosec
#pack2theroot #cve2026411651 #packagekit #toctou

##

linux@activitypub.awakari.com at 2026-04-24T19:46:15.000Z ## 12-year-old Pack2TheRoot bug lets Linux users gain root privileges ‘Pack2TheRoot’ flaw lets local Linux users gain root via PackageKit. CVE-2026-41651 (8.8) has existed for nearly 12 years. The...

#Hacking #Security #CVE-2026-41651 #hacking #news #information #security #news #IT #Information #Security

Origin | Interest | Match ##

hackerworkspace@infosec.exchange at 2026-04-24T18:17:27.000Z ##

Pack2TheRoot (CVE-2026-41651): Cross-Distro Local Privilege Escalation Vulnerability

github.security.telekom.com/20

Read on HackerWorkspace: hackerworkspace.com/article/pa

#cybersecurity #vulnerability #exploit

##

hillu@infosec.exchange at 2026-04-23T17:04:36.000Z ##

Here's a harmless little #PoC for the #PackageKit LPE vulnerability (CVE-2026-41651), by @br3zel and myself: codeberg.org/hillu/cve-2026-41
It was a lot of fun to piece together.

##

cyberveille@mastobot.ping.moi at 2026-04-23T15:30:25.000Z ##

📢 CVE-2026-41651 : Élévation de privilèges locale cross-distro via PackageKit (Pack2TheRoot)
📝 ## 🔍 Contexte

Publié le 22 avril 2026 par l'équipe Red Team de Deutsche Telekom sur leur blog séc...
📖 cyberveille : cyberveille.ch/posts/2026-04-2
🌐 source : github.security.telekom.com/20
#CVE_2026_41651 #IOC #Cyberveille

##

_r_netsec@infosec.exchange at 2026-04-22T20:13:06.000Z ##

Pack2TheRoot (CVE-2026-41651): Cross-Distro Local Privilege Escalation Vulnerability github.security.telekom.com/20

##

CVE-2026-41429
(0 None)

EPSS: 0.00%

2 posts

N/A

thehackerwire@mastodon.social at 2026-04-24T20:41:39.000Z ##

🟠 CVE-2026-41429 - High (8.8)

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, there is a remotely reachable memory corruption issue in the NBNS packet handling path. When NetBIOS is enabled b...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T20:41:39.000Z ##

🟠 CVE-2026-41429 - High (8.8)

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, there is a remotely reachable memory corruption issue in the NBNS packet handling path. When NetBIOS is enabled b...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41477
(0 None)

EPSS: 0.00%

2 posts

N/A

thehackerwire@mastodon.social at 2026-04-24T20:41:18.000Z ##

🟠 CVE-2026-41477 - High (7.8)

Deskflow is a keyboard and mouse sharing app. In 1.20.0, 1.26.0.134, and earlier, Deskflow daemon runs as SYSTEM and exposes an IPC named pipe with WorldAccessOption enabled. The daemon processes privileged commands without authentication, allowi...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T20:41:18.000Z ##

🟠 CVE-2026-41477 - High (7.8)

Deskflow is a keyboard and mouse sharing app. In 1.20.0, 1.26.0.134, and earlier, Deskflow daemon runs as SYSTEM and exposes an IPC named pipe with WorldAccessOption enabled. The daemon processes privileged commands without authentication, allowi...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33662
(0 None)

EPSS: 0.00%

4 posts

N/A

thehackerwire@mastodon.social at 2026-04-24T19:44:30.000Z ##

🟠 CVE-2026-33662 - High (7.5)

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. From 3.8.0 to 4.10, in the function emsa_pkcs1_v1_5_encode() in core/drivers/crypto/c...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T19:43:08.000Z ##

🟠 CVE-2026-33662 - High (7.5)

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. From 3.8.0 to 4.10, in the function emsa_pkcs1_v1_5_encode() in core/drivers/crypto/c...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T19:44:30.000Z ##

🟠 CVE-2026-33662 - High (7.5)

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. From 3.8.0 to 4.10, in the function emsa_pkcs1_v1_5_encode() in core/drivers/crypto/c...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T19:43:08.000Z ##

🟠 CVE-2026-33662 - High (7.5)

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. From 3.8.0 to 4.10, in the function emsa_pkcs1_v1_5_encode() in core/drivers/crypto/c...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33666
(0 None)

EPSS: 0.00%

4 posts

N/A

thehackerwire@mastodon.social at 2026-04-24T19:44:21.000Z ##

🟠 CVE-2026-33666 - High (7.5)

Zserio is a framework for serializing structured data with a compact and efficient way with low overhead. Prior to 2.18.1, in BitStreamReader.h readBytes() / readString(), the setBitPosition() bounds check receives the overflowed value and is comp...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T19:41:45.000Z ##

🟠 CVE-2026-33666 - High (7.5)

Zserio is a framework for serializing structured data with a compact and efficient way with low overhead. Prior to 2.18.1, in BitStreamReader.h readBytes() / readString(), the setBitPosition() bounds check receives the overflowed value and is comp...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T19:44:21.000Z ##

🟠 CVE-2026-33666 - High (7.5)

Zserio is a framework for serializing structured data with a compact and efficient way with low overhead. Prior to 2.18.1, in BitStreamReader.h readBytes() / readString(), the setBitPosition() bounds check receives the overflowed value and is comp...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T19:41:45.000Z ##

🟠 CVE-2026-33666 - High (7.5)

Zserio is a framework for serializing structured data with a compact and efficient way with low overhead. Prior to 2.18.1, in BitStreamReader.h readBytes() / readString(), the setBitPosition() bounds check receives the overflowed value and is comp...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41421
(0 None)

EPSS: 0.00%

4 posts

N/A

thehackerwire@mastodon.social at 2026-04-24T19:42:13.000Z ##

🟠 CVE-2026-41421 - High (8.8)

SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, SiYuan desktop renders notification messages as raw HTML inside an Electron renderer. The notification route POST /api/notification/pushMsg accepts a user-controlled ms...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T19:41:22.000Z ##

🟠 CVE-2026-41421 - High (8.8)

SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, SiYuan desktop renders notification messages as raw HTML inside an Electron renderer. The notification route POST /api/notification/pushMsg accepts a user-controlled ms...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T19:42:13.000Z ##

🟠 CVE-2026-41421 - High (8.8)

SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, SiYuan desktop renders notification messages as raw HTML inside an Electron renderer. The notification route POST /api/notification/pushMsg accepts a user-controlled ms...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T19:41:22.000Z ##

🟠 CVE-2026-41421 - High (8.8)

SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, SiYuan desktop renders notification messages as raw HTML inside an Electron renderer. The notification route POST /api/notification/pushMsg accepts a user-controlled ms...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6911
(0 None)

EPSS: 0.00%

4 posts

N/A

thehackerwire@mastodon.social at 2026-04-24T19:41:56.000Z ##

🔴 CVE-2026-6911 - Critical (9.8)

Missing JWT signature verification in AWS Ops Wheel allows unauthenticated attackers to forge JWT tokens and gain unintended administrative access to the application, including the ability to read, modify, and delete all application data across te...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

awssecurityfeed at 2026-04-24T17:00:01.107Z ##

Issue with AWS Ops Wheel (CVE-2026-6911 and CVE-2026-6912

Bulletin ID: 2026-018-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/04/24 09:15 AM PDT
Description:
AWS Ops Wheel is an open-source tool that helps teams make random selections using a virtua...

aws.amazon.com/security/securi

##

thehackerwire@mastodon.social at 2026-04-24T19:41:56.000Z ##

🔴 CVE-2026-6911 - Critical (9.8)

Missing JWT signature verification in AWS Ops Wheel allows unauthenticated attackers to forge JWT tokens and gain unintended administrative access to the application, including the ability to read, modify, and delete all application data across te...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

awssecurityfeed@infosec.exchange at 2026-04-24T17:00:01.000Z ##

Issue with AWS Ops Wheel (CVE-2026-6911 and CVE-2026-6912

Bulletin ID: 2026-018-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/04/24 09:15 AM PDT
Description:
AWS Ops Wheel is an open-source tool that helps teams make random selections using a virtua...

aws.amazon.com/security/securi

#aws #security

##

CVE-2026-41419
(0 None)

EPSS: 0.00%

2 posts

N/A

thehackerwire@mastodon.social at 2026-04-24T19:41:12.000Z ##

🟠 CVE-2026-41419 - High (7.6)

4ga Boards is a boards system for realtime project management. Prior to 3.3.5, a path traversal vulnerability allows an authenticated user with board import privileges to make the server ingest arbitrary host files as board attachments during BOAR...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T19:41:12.000Z ##

🟠 CVE-2026-41419 - High (7.6)

4ga Boards is a boards system for realtime project management. Prior to 3.3.5, a path traversal vulnerability allows an authenticated user with board import privileges to make the server ingest arbitrary host files as board attachments during BOAR...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41309
(0 None)

EPSS: 0.06%

1 posts

N/A

thehackerwire@mastodon.social at 2026-04-24T03:57:06.000Z ##

🟠 CVE-2026-41309 - High (8.2)

Open Source Social Network (OSSN) is open-source social networking software developed in PHP. Versions prior to 9.0 are vulnerable to resource exhaustion. An attacker can upload a specially crafted image with extreme pixel dimensions (e.g., $10000...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41564
(0 None)

EPSS: 0.03%

2 posts

N/A

thehackerwire@mastodon.social at 2026-04-23T19:43:32.000Z ##

🟠 CVE-2026-41564 - High (7.5)

CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking.

The Crypt::PK::RSA, Crypt::PK::DSA, Crypt::PK::DH, Crypt::PK::ECC, Crypt::PK::Ed25519 and Crypt::PK::X25519 modules seed a per-object PRNG state in their ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-23T19:42:54.000Z ##

🟠 CVE-2026-41564 - High (7.5)

CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking.

The Crypt::PK::RSA, Crypt::PK::DSA, Crypt::PK::DH, Crypt::PK::ECC, Crypt::PK::Ed25519 and Crypt::PK::X25519 modules seed a per-object PRNG state in their ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41196
(0 None)

EPSS: 0.07%

1 posts

N/A

offseq@infosec.exchange at 2026-04-23T06:00:29.000Z ##

🔴 CVE-2026-41196: luanti 5.0.0 – 5.15.1 has a CRITICAL code injection vuln (CVSS 9.0). Malicious mods can break Lua sandbox with LuaJIT, gaining full filesystem access. Patch: upgrade to 5.15.2 or mitigate via getfenv = nil. radar.offseq.com/threat/cve-20 #OffSeq #CVE202641196 #vuln

##

CVE-2026-34002
(0 None)

EPSS: 0.00%

1 posts

N/A

XLibreDev@mastodon.social at 2026-04-22T23:15:26.000Z ##

We released the #XLibre Xserver 25.0.0.22 and 25.1.4 on Apr 21 containing #security fixes for CVE-2026-33999, CVE-2026-34000, CVE-2026-34001, CVE-2026-34002, and CVE-2026-34003 of the X.Org Server. We recommend everyone update ASAP. #CVE github.com/X11Libre/xserver/re

##

CVE-2026-34000
(0 None)

EPSS: 0.00%

1 posts

N/A

XLibreDev@mastodon.social at 2026-04-22T23:15:26.000Z ##

We released the #XLibre Xserver 25.0.0.22 and 25.1.4 on Apr 21 containing #security fixes for CVE-2026-33999, CVE-2026-34000, CVE-2026-34001, CVE-2026-34002, and CVE-2026-34003 of the X.Org Server. We recommend everyone update ASAP. #CVE github.com/X11Libre/xserver/re

##

CVE-2026-6786
(0 None)

EPSS: 0.05%

1 posts

N/A

dangoodin@infosec.exchange at 2026-04-22T22:32:40.000Z ##

@paco

I just asked Mozilla about this. Someone responded that internally found bugs like the 271 go into “roll-up” advisories with, each rollup providing a link to the bug list covered.

The 3 rollups are:

mozilla.org/en-US/security/adv

mozilla.org/en-US/security/adv

mozilla.org/en-US/security/adv

When you look at these rollups they say that "Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code."

With no way of knowing how many vulnerabilities were truly severe and exploitable, I think Mozilla, like others gushing ab out LLM-assisted vuln finding, is denying us the data to assess the true value of Mythos.

##

CVE-2026-6785
(0 None)

EPSS: 0.06%

1 posts

N/A

dangoodin@infosec.exchange at 2026-04-22T22:32:40.000Z ##

@paco

I just asked Mozilla about this. Someone responded that internally found bugs like the 271 go into “roll-up” advisories with, each rollup providing a link to the bug list covered.

The 3 rollups are:

mozilla.org/en-US/security/adv

mozilla.org/en-US/security/adv

mozilla.org/en-US/security/adv

When you look at these rollups they say that "Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code."

With no way of knowing how many vulnerabilities were truly severe and exploitable, I think Mozilla, like others gushing ab out LLM-assisted vuln finding, is denying us the data to assess the true value of Mythos.

##

CVE-2026-41167
(0 None)

EPSS: 0.08%

2 posts

N/A

offseq@infosec.exchange at 2026-04-22T22:30:30.000Z ##

🚨 CRITICAL: CyferShepard Jellystat <1.1.10 vulnerable to SQL injection (CVE-2026-41167). Auth’d users can read any DB table & execute commands on the PostgreSQL host. Upgrade to 1.1.10 ASAP! radar.offseq.com/threat/cve-20 #OffSeq #Jellystat #SQLi #Infosec

##

thehackerwire@mastodon.social at 2026-04-22T21:23:33.000Z ##

🔴 CVE-2026-41167 - Critical (9.1)

Jellystat is a free and open source Statistics App for Jellyfin. Prior to version 1.1.10, multiple API endpoints in Jellystat build SQL queries by interpolating unsanitized request-body fields directly into raw SQL strings. An authenticated user c...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-22T21:24:21.000Z ##

🔴 CVE-2026-33656 - Critical (9.1)

EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, EspoCRM's built-in formula scripting engine allowing updating attachment's sourceId thus allowing an authenticated admin to overwrite the `sourceId` fi...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

Visit counter For Websites