| CVE | CVSS | EPSS | Posts | Repos | Nuclei | Updated | Description |
|---|---|---|---|---|---|---|---|
| CVE-2006-10002 | 9.8 | 0.06% | 1 | 0 | 2026-03-21T12:32:43 | XML::Parser versions through 2.47 for Perl could overflow the pre-allocated buff | |
| CVE-2026-4373 | 7.5 | 0.10% | 4 | 0 | 2026-03-21T09:31:30 | The JetFormBuilder plugin for WordPress is vulnerable to arbitrary file read via | |
| CVE-2026-4261 | 8.8 | 0.04% | 4 | 0 | 2026-03-21T06:30:39 | The Expire Users plugin for WordPress is vulnerable to Privilege Escalation in a | |
| CVE-2026-2468 | 7.5 | 0.07% | 2 | 1 | 2026-03-21T06:30:38 | The Quentn WP plugin for WordPress is vulnerable to SQL Injection via the 'qntn_ | |
| CVE-2026-1800 | 7.5 | 0.07% | 2 | 0 | 2026-03-21T06:30:36 | The Fonts Manager | Custom Fonts plugin for WordPress is vulnerable to time-base | |
| CVE-2026-3334 | 8.8 | 0.03% | 2 | 0 | 2026-03-21T06:30:36 | The CMS Commander plugin for WordPress is vulnerable to SQL Injection via the 'o | |
| CVE-2026-1648 | 7.2 | 0.04% | 2 | 0 | 2026-03-21T06:30:32 | The Performance Monitor plugin for WordPress is vulnerable to Server-Side Reques | |
| CVE-2026-3478 | 7.2 | 0.07% | 2 | 0 | 2026-03-21T04:17:25.807000 | The Content Syndication Toolkit plugin for WordPress is vulnerable to Server-Sid | |
| CVE-2026-2941 | 8.8 | 0.04% | 2 | 0 | 2026-03-21T04:17:13.620000 | The Linksy Search and Replace plugin for WordPress is vulnerable to unauthorized | |
| CVE-2026-1313 | 8.3 | 0.04% | 4 | 0 | 2026-03-21T04:16:52.630000 | The MimeTypes Link Icons plugin for WordPress is vulnerable to Server-Side Reque | |
| CVE-2025-14037 | 8.1 | 0.04% | 2 | 0 | 2026-03-21T04:16:51.263000 | The Invelity Product Feeds plugin for WordPress is vulnerable to arbitrary file | |
| CVE-2026-32064 | 7.7 | 0.04% | 2 | 0 | 2026-03-21T01:17:09.697000 | OpenClaw versions prior to 2026.2.21 sandbox browser entrypoint launches x11vnc | |
| CVE-2026-32056 | 7.5 | 0.15% | 2 | 0 | 2026-03-21T01:17:09.103000 | OpenClaw versions prior to 2026.2.22 fail to sanitize shell startup environment | |
| CVE-2026-32055 | 7.6 | 0.04% | 2 | 0 | 2026-03-21T01:17:08.903000 | OpenClaw versions prior to 2026.2.26 contain a path traversal vulnerability in w | |
| CVE-2026-32051 | 8.8 | 0.06% | 2 | 0 | 2026-03-21T01:17:08.087000 | OpenClaw versions prior to 2026.3.1 contain an authorization mismatch vulnerabil | |
| CVE-2026-32049 | 7.5 | 0.10% | 2 | 0 | 2026-03-21T01:17:07.700000 | OpenClaw versions prior to 2026.2.22 fail to consistently enforce configured inb | |
| CVE-2026-32048 | 7.5 | 0.04% | 2 | 0 | 2026-03-21T01:17:07.510000 | OpenClaw versions prior to 2026.3.1 fail to enforce sandbox inheritance during c | |
| CVE-2026-32042 | 8.8 | 0.10% | 2 | 0 | 2026-03-21T01:17:06.547000 | OpenClaw versions 2026.2.22 prior to 2026.2.25 contain a privilege escalation vu | |
| CVE-2026-24060 | 9.1 | 0.02% | 2 | 0 | 2026-03-21T00:32:49 | Service information is not encrypted when transmitted as BACnet packets over th | |
| CVE-2026-25192 | 9.4 | 0.13% | 3 | 0 | 2026-03-21T00:32:47 | WebSocket endpoints lack proper authentication mechanisms, enabling attackers to | |
| CVE-2026-29796 | 9.4 | 0.10% | 3 | 0 | 2026-03-21T00:31:52 | WebSocket endpoints lack proper authentication mechanisms, enabling attackers to | |
| CVE-2026-23536 | 7.5 | 0.07% | 1 | 0 | 2026-03-21T00:31:45 | A security issue was discovered in the Feast Feature Server's `/read-document` e | |
| CVE-2026-3584 | 9.8 | 0.22% | 2 | 0 | 2026-03-20T22:16:29.267000 | The Kali Forms plugin for WordPress is vulnerable to Remote Code Execution in al | |
| CVE-2026-33166 | 8.6 | 0.01% | 2 | 0 | 2026-03-20T22:16:28.660000 | Allure 2 is the version 2.x branch of Allure Report, a multi-language test repor | |
| CVE-2026-21992 | 9.8 | 0.03% | 8 | 1 | 2026-03-20T22:16:26.933000 | Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware | |
| CVE-2026-20131 | 10.0 | 0.88% | 11 | 3 | 2026-03-20T22:16:26.120000 | A vulnerability in the web-based management interface of Cisco Secure Firewall M | |
| CVE-2026-32013 | 8.8 | 0.08% | 1 | 0 | 2026-03-20T21:36:50 | ## Impact The gateway `agents.files.get` and `agents.files.set` methods allowed | |
| CVE-2026-30836 | 10.0 | 0.01% | 1 | 0 | 2026-03-20T21:35:20 | ⚠️ **Limited Disclosure — Full Details Pending** A critical security vulnerabil | |
| CVE-2026-33155 | None | 0.04% | 1 | 0 | 2026-03-20T21:34:49 | ### Summary The pickle unpickler `_RestrictedUnpickler` validates which classes | |
| CVE-2026-33154 | 7.5 | 0.04% | 1 | 0 | 2026-03-20T21:34:04 | ### Summary Dynaconf is vulnerable to Server-Side Template Injection (SSTI) due | |
| CVE-2026-33142 | 8.1 | 0.03% | 1 | 0 | 2026-03-20T21:33:29 | The fix for GHSA-p5g2-jm85-8g35 (ClickHouse SQL injection via aggregate query pa | |
| CVE-2026-33010 | 8.1 | 0.03% | 1 | 0 | 2026-03-20T21:32:24 | ### Summary When the HTTP server is enabled (`MCP_HTTP_ENABLED=true`), the appli | |
| CVE-2025-54068 | 9.8 | 48.85% | 3 | 5 | template | 2026-03-20T21:28:57 | ### Impact In Livewire v3 (≤ 3.6.3), a vulnerability allows unauthenticated atta |
| CVE-2025-32432 | 10.0 | 89.44% | 3 | 4 | template | 2026-03-20T21:28:38 | ### Impact This is an additional fix for https://github.com/craftcms/cms/securi |
| CVE-2026-33128 | 7.5 | 0.02% | 1 | 0 | 2026-03-20T21:27:42 | ## Summary `createEventStream` in h3 is vulnerable to Server-Sent Events (SSE) | |
| CVE-2026-33068 | None | 0.14% | 2 | 0 | 2026-03-20T21:24:22 | Claude Code resolved the permission mode from settings files, including the repo | |
| CVE-2026-33057 | 9.8 | 0.12% | 1 | 0 | 2026-03-20T21:23:52 | #### Summary An explicit web endpoint inside the `ai/` testing module infrastruc | |
| CVE-2026-33054 | 10.0 | 0.02% | 1 | 0 | 2026-03-20T21:23:23 | #### Summary A Path Traversal vulnerability allows any user (or attacker) supply | |
| CVE-2026-33043 | 8.1 | 0.03% | 2 | 0 | 2026-03-20T21:23:01 | ### Summary `/objects/phpsessionid.json.php` exposes the current PHP session ID | |
| CVE-2026-33039 | 8.6 | 0.01% | 1 | 0 | 2026-03-20T21:22:41 | ## Summary The `plugin/LiveLinks/proxy.php` endpoint validates user-supplied URL | |
| CVE-2026-33036 | 7.5 | 0.04% | 1 | 0 | 2026-03-20T21:22:16 | ## Summary The fix for CVE-2026-26278 added entity expansion limits (`maxTotalE | |
| CVE-2026-33012 | 7.5 | 0.10% | 1 | 0 | 2026-03-20T21:21:56 | `DefaultHtmlErrorResponseBodyProvider` in `io.micronaut:micronaut-http-server` s | |
| CVE-2026-32940 | 9.3 | 0.05% | 1 | 0 | 2026-03-20T21:21:11 | # SanitizeSVG bypass via data:text/xml in getDynamicIcon (incomplete fix for CVE | |
| CVE-2026-32025 | 7.5 | 0.05% | 1 | 0 | 2026-03-20T21:13:30 | This issue is a browser-origin WebSocket auth chain on local loopback deployment | |
| CVE-2026-32014 | 8.0 | 0.02% | 1 | 0 | 2026-03-20T21:12:25 | ## Summary A paired node device could reconnect with spoofed `platform`/`device | |
| CVE-2026-22732 | 9.1 | 0.01% | 2 | 0 | 2026-03-20T20:42:26 | When applications specify HTTP response headers for servlet applications using S | |
| CVE-2026-22731 | 8.2 | 0.04% | 1 | 0 | 2026-03-20T20:41:31 | Spring Boot applications with Actuator can be vulnerable to an "Authentication B | |
| CVE-2026-33136 | 9.3 | 0.03% | 1 | 0 | 2026-03-20T19:23:40.980000 | WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below hav | |
| CVE-2026-33346 | 8.7 | 0.04% | 1 | 0 | 2026-03-20T19:16:19.253000 | OpenEMR is a free and open source electronic health records and medical practice | |
| CVE-2026-33038 | 8.1 | 0.04% | 1 | 0 | 2026-03-20T19:16:18.273000 | WWBN AVideo is an open source video platform. Versions 25.0 and below are vulner | |
| CVE-2026-32317 | 7.6 | 0.01% | 1 | 0 | 2026-03-20T19:16:16.090000 | Cryptomator for Android offers multi-platform transparent client-side encryption | |
| CVE-2025-43510 | 7.8 | 0.40% | 3 | 0 | 2026-03-20T18:39:56.413000 | A memory corruption issue was addressed with improved lock state checking. This | |
| CVE-2025-43520 | 5.5 | 0.41% | 3 | 0 | 2026-03-20T18:32:19 | A memory corruption issue was addressed with improved memory handling. This issu | |
| CVE-2025-31277 | 8.8 | 0.39% | 3 | 0 | 2026-03-20T18:32:18 | The issue was addressed with improved memory handling. This issue is fixed in wa | |
| CVE-2026-4491 | 8.8 | 0.05% | 1 | 0 | 2026-03-20T18:31:30 | A vulnerability has been found in Tenda A18 Pro 02.03.02.28. Impacted is the fun | |
| CVE-2026-4493 | 8.8 | 0.05% | 1 | 0 | 2026-03-20T18:31:30 | A vulnerability was determined in Tenda A18 Pro 02.03.02.28. The impacted elemen | |
| CVE-2026-32989 | 8.8 | 0.05% | 1 | 0 | 2026-03-20T18:31:27 | Precurio Intranet Portal 4.4 contains a cross-site request forgery vulnerability | |
| CVE-2026-4489 | 8.8 | 0.05% | 1 | 0 | 2026-03-20T18:31:27 | A vulnerability was detected in Tenda A18 Pro 02.03.02.28. This vulnerability af | |
| CVE-2026-4492 | 8.8 | 0.05% | 1 | 0 | 2026-03-20T18:16:17.383000 | A vulnerability was found in Tenda A18 Pro 02.03.02.28. The affected element is | |
| CVE-2026-33001 | 8.8 | 0.11% | 1 | 0 | 2026-03-20T18:08:15.507000 | Jenkins 2.554 and earlier, LTS 2.541.2 and earlier does not safely handle symbol | |
| CVE-2026-4490 | 8.8 | 0.05% | 1 | 0 | 2026-03-20T17:17:00.030000 | A flaw has been found in Tenda A18 Pro 02.03.02.28. This issue affects the funct | |
| CVE-2026-4488 | 8.8 | 0.04% | 1 | 0 | 2026-03-20T16:16:19.093000 | A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. Af | |
| CVE-2026-4486 | 8.8 | 0.08% | 1 | 0 | 2026-03-20T15:31:20 | A vulnerability was found in D-Link DIR-513 1.10. This affects the function form | |
| CVE-2026-4487 | 8.8 | 0.04% | 1 | 0 | 2026-03-20T15:31:20 | A vulnerability was determined in UTT HiPER 1200GW up to 2.5.3-170306. This impa | |
| CVE-2026-32767 | 9.8 | 0.02% | 1 | 0 | 2026-03-20T15:16:17.220000 | SiYuan is a personal knowledge management system. Versions 3.6.0 and below conta | |
| CVE-2026-22172 | 9.9 | 0.01% | 1 | 0 | 2026-03-20T15:16:15.490000 | OpenClaw versions prior to 2026.3.12 contain an authorization bypass vulnerabili | |
| CVE-2026-4475 | 8.8 | 0.02% | 3 | 0 | 2026-03-20T14:16:16.523000 | A vulnerability has been found in Yi Technology YI Home Camera 2 2.1.1_201710241 | |
| CVE-2026-22557 | 10.0 | 0.03% | 6 | 0 | 2026-03-20T13:39:46.493000 | A malicious actor with access to the network could exploit a Path Traversal vuln | |
| CVE-2026-32011 | 7.5 | 0.04% | 1 | 0 | 2026-03-20T13:39:46.493000 | OpenClaw versions prior to 2026.3.2 contain a denial of service vulnerability in | |
| CVE-2026-23658 | 8.6 | 0.08% | 1 | 0 | 2026-03-20T13:39:46.493000 | Insufficiently protected credentials in Azure DevOps allows an unauthorized atta | |
| CVE-2026-26138 | 8.6 | 0.08% | 1 | 0 | 2026-03-20T13:39:46.493000 | Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized a | |
| CVE-2026-32749 | 7.6 | 0.04% | 1 | 0 | 2026-03-20T13:39:46.493000 | SiYuan is a personal knowledge management system. In versions 3.6.0 and below, P | |
| CVE-2026-30402 | 9.8 | 0.29% | 1 | 0 | 2026-03-20T13:39:46.493000 | An issue in wgcloud v.2.3.7 and before allows a remote attacker to execute arbit | |
| CVE-2026-32865 | 9.8 | 0.04% | 1 | 0 | 2026-03-20T13:39:46.493000 | OPEXUS eComplaint and eCASE before version 10.1.0.0 include the secret verificat | |
| CVE-2025-71260 | 8.8 | 6.54% | 1 | 1 | 2026-03-20T13:39:46.493000 | BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a deserializa | |
| CVE-2026-32938 | 9.9 | 0.09% | 1 | 0 | 2026-03-20T13:37:50.737000 | SiYuan is a personal knowledge management system. In versions 3.6.0 and below, t | |
| CVE-2026-4038 | 9.8 | 0.06% | 2 | 0 | 2026-03-20T13:37:50.737000 | The Aimogen Pro plugin for WordPress is vulnerable to Arbitrary Function Call th | |
| CVE-2026-4478 | 8.1 | 0.01% | 2 | 0 | 2026-03-20T13:37:50.737000 | A vulnerability was identified in Yi Technology YI Home Camera 2 2.1.1_201710241 | |
| CVE-2026-32701 | 7.5 | 0.02% | 1 | 0 | 2026-03-20T13:37:50.737000 | Qwik is a performance-focused JavaScript framework. Versions prior to 1.19.2 imp | |
| CVE-2026-33075 | 0 | 0.03% | 1 | 0 | 2026-03-20T13:37:50.737000 | FastGPT is an AI Agent building platform. In versions 4.14.8.3 and below, the fa | |
| CVE-2026-32721 | 8.6 | 0.01% | 2 | 0 | 2026-03-20T13:37:50.737000 | LuCI is the OpenWrt Configuration Interface. Versions prior to both 24.10.5 and | |
| CVE-2026-4342 | 8.8 | 0.04% | 2 | 1 | 2026-03-20T13:37:50.737000 | A security issue was discovered in ingress-nginx where a combination of Ingress | |
| CVE-2026-22324 | 8.1 | 0.11% | 1 | 0 | 2026-03-20T12:31:12 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP | |
| CVE-2026-32985 | 9.8 | 0.64% | 2 | 0 | 2026-03-20T00:31:34 | Xerte Online Toolkits versions 3.14 and earlier contain an unauthenticated arbit | |
| CVE-2026-32194 | 9.8 | 0.10% | 2 | 1 | 2026-03-20T00:31:34 | Improper neutralization of special elements used in a command ('command injectio | |
| CVE-2026-32038 | None | 0.04% | 1 | 0 | 2026-03-19T22:29:35 | ### Summary In `[email protected]`, sandbox network hardening blocks `network=h | |
| CVE-2026-23659 | 8.6 | 0.11% | 1 | 0 | 2026-03-19T21:30:31 | Exposure of sensitive information to an unauthorized actor in Azure Data Factory | |
| CVE-2026-26139 | 8.6 | 0.08% | 1 | 0 | 2026-03-19T21:30:31 | Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized a | |
| CVE-2026-26137 | 8.9 | 0.07% | 1 | 0 | 2026-03-19T21:30:31 | Server-side request forgery (ssrf) in Microsoft 365 Copilot's Business Chat allo | |
| CVE-2026-32191 | 9.8 | 0.10% | 1 | 0 | 2026-03-19T21:30:31 | Improper neutralization of special elements used in an os command ('os command i | |
| CVE-2026-32169 | 10.0 | 0.09% | 1 | 0 | 2026-03-19T21:30:31 | Server-side request forgery (ssrf) in Azure Cloud Shell allows an unauthorized a | |
| CVE-2026-3547 | 7.5 | 0.04% | 1 | 0 | 2026-03-19T21:30:31 | Out-of-bounds read in ALPN parsing due to incomplete validation. wolfSSL 5.8.4 a | |
| CVE-2026-32878 | None | 0.01% | 1 | 0 | 2026-03-19T21:13:39 | ### Impact An attacker can bypass the default request keyword denylist protecti | |
| CVE-2026-32728 | None | 0.01% | 1 | 0 | 2026-03-19T21:11:37 | ### Impact An attacker who is allowed to upload files can bypass the file exten | |
| CVE-2026-4427 | 7.5 | 0.07% | 1 | 0 | 2026-03-19T19:34:30 | A flaw was found in pgproto3. A malicious or compromised PostgreSQL server can e | |
| CVE-2026-28500 | 8.6 | 0.01% | 2 | 0 | 2026-03-19T18:36:41 | ### Summary A security control bypass exists in onnx.hub.load() due to improper | |
| CVE-2006-10003 | 9.8 | 0.07% | 1 | 0 | 2026-03-19T18:32:22 | XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflo | |
| CVE-2026-20643 | 5.4 | 0.01% | 1 | 2 | 2026-03-19T18:32:21 | A cross-origin issue in the Navigation API was addressed with improved input val | |
| CVE-2026-31968 | 8.1 | 0.01% | 1 | 0 | 2026-03-19T17:31:24.010000 | HTSlib is a library for reading and writing bioinformatics file formats. CRAM is | |
| CVE-2026-31962 | 8.8 | 0.05% | 1 | 0 | 2026-03-19T17:30:45.370000 | HTSlib is a library for reading and writing bioinformatics file formats. CRAM is | |
| CVE-2026-32886 | 7.5 | 0.02% | 1 | 0 | 2026-03-19T17:21:45.437000 | Parse Server is an open source backend that can be deployed to any infrastructur | |
| CVE-2026-24291 | 7.8 | 0.06% | 2 | 2 | 2026-03-19T17:16:22.987000 | Incorrect permission assignment for critical resource in Windows Accessibility I | |
| CVE-2026-32944 | 7.5 | 0.01% | 1 | 0 | 2026-03-19T16:46:28.467000 | Parse Server is an open source backend that can be deployed to any infrastructur | |
| CVE-2026-29856 | 7.5 | 0.04% | 2 | 0 | 2026-03-19T15:32:23 | An issue in the VirtualHost configuration handling/parser component of aaPanel v | |
| CVE-2026-30704 | 9.1 | 0.04% | 2 | 0 | 2026-03-19T15:32:23 | The WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02) exposes an unprotecte | |
| CVE-2026-29859 | 9.8 | 0.07% | 1 | 0 | 2026-03-19T15:32:23 | An arbitrary file upload vulnerability in aaPanel v7.57.0 allows attackers to ex | |
| CVE-2026-29858 | 7.5 | 0.03% | 1 | 0 | 2026-03-19T15:32:23 | A lack of path validation in aaPanel v7.57.0 allows attackers to execute a local | |
| CVE-2026-22558 | 7.7 | 0.01% | 1 | 0 | 2026-03-19T15:31:27 | An Authenticated NoSQL Injection vulnerability found in UniFi Network Applicatio | |
| CVE-2026-4424 | 7.5 | 0.14% | 1 | 0 | 2026-03-19T15:31:27 | A flaw was found in libarchive. This heap out-of-bounds read vulnerability exist | |
| CVE-2025-58112 | 8.8 | 0.07% | 2 | 0 | 2026-03-19T15:16:20.657000 | Microsoft Dynamics 365 Customer Engagement (on-premises) 1612 (9.0.2.3034) allow | |
| CVE-2026-31970 | 8.1 | 0.04% | 1 | 0 | 2026-03-19T13:59:29.387000 | HTSlib is a library for reading and writing bioinformatics file formats. GZI fil | |
| CVE-2026-31971 | 8.1 | 0.09% | 1 | 0 | 2026-03-19T13:58:31.573000 | HTSlib is a library for reading and writing bioinformatics file formats. CRAM is | |
| CVE-2026-3658 | 7.5 | 0.07% | 1 | 0 | 2026-03-19T13:25:00.570000 | The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin p | |
| CVE-2026-27067 | 9.1 | 0.04% | 2 | 0 | 2026-03-19T13:25:00.570000 | Unrestricted Upload of File with Dangerous Type vulnerability in Syarif Mobile A | |
| CVE-2025-60237 | 9.8 | 0.04% | 1 | 0 | 2026-03-19T13:25:00.570000 | Deserialization of Untrusted Data vulnerability in Themeton Finag allows Object | |
| CVE-2026-3511 | 8.6 | 0.04% | 1 | 0 | 2026-03-19T12:30:41 | Improper Restriction of XML External Entity Reference vulnerability in XMLUtils. | |
| CVE-2026-27065 | 9.8 | 0.11% | 3 | 0 | 2026-03-19T09:30:25 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP | |
| CVE-2026-25445 | 8.8 | 0.05% | 1 | 0 | 2026-03-19T09:30:25 | Deserialization of Untrusted Data vulnerability in Membership Software WishList | |
| CVE-2025-60233 | 9.8 | 0.04% | 1 | 0 | 2026-03-19T09:30:25 | Deserialization of Untrusted Data vulnerability in Themeton Zuut allows Object I | |
| CVE-2026-20963 | 8.8 | 8.00% | 5 | 0 | 2026-03-18T21:32:58 | Deserialization of untrusted data in Microsoft Office SharePoint allows an autho | |
| CVE-2026-22729 | 8.6 | 0.05% | 1 | 0 | 2026-03-18T20:20:27 | A JSONPath injection vulnerability in Spring AI's AbstractFilterExpressionConver | |
| CVE-2026-33172 | 8.7 | 0.01% | 2 | 0 | 2026-03-18T19:54:32 | ### Impact Stored XSS vulnerability in SVG asset reuploads allows authenticated | |
| CVE-2025-66376 | 7.2 | 11.43% | 2 | 0 | 2026-03-18T18:31:10 | Zimbra Collaboration (ZCS) 10 before 10.0.18 and 10.1 before 10.1.13 allows Clas | |
| CVE-2026-32746 | 9.8 | 0.03% | 3 | 4 | 2026-03-18T15:30:44 | telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMO | |
| CVE-2026-3564 | 9.0 | 0.06% | 1 | 0 | 2026-03-18T14:52:44.227000 | A condition in ScreenConnect may allow an actor with access to server-level cryp | |
| CVE-2026-33053 | None | 0.02% | 2 | 0 | 2026-03-18T12:58:35 | **Detection Method:** Kolega.dev Deep Code Scan | Attribute | Value | |---|---| | |
| CVE-2026-3888 | 7.9 | 0.01% | 7 | 3 | 2026-03-18T06:31:20 | Local privilege escalation in snapd on Linux allows local attackers to get root | |
| CVE-2026-32306 | 9.9 | 0.40% | 1 | 0 | 2026-03-17T20:08:56.733000 | OneUptime is a solution for monitoring and managing online services. Prior to 10 | |
| CVE-2026-33017 | None | 0.44% | 4 | 3 | 2026-03-17T20:05:06 | ## Summary The `POST /api/v1/build_public_tmp/{flow_id}/flow` endpoint allows b | |
| CVE-2026-3630 | 9.8 | 0.06% | 1 | 0 | 2026-03-10T21:32:13 | Delta Electronics COMMGR2 has Stack-based Buffer Overflow vulnerability. | |
| CVE-2026-3631 | 7.5 | 0.06% | 1 | 0 | 2026-03-10T18:48:42.673000 | Delta Electronics COMMGR2 has Buffer Over-read DoS vulnerability. | |
| CVE-2026-25554 | 6.5 | 0.07% | 1 | 0 | 2026-02-27T21:31:20 | OpenSIPS versions 3.1 before 3.6.4 containing the auth_jwt module (prior to comm | |
| CVE-2026-25896 | 9.3 | 0.01% | 1 | 0 | 2026-02-27T16:51:59 | # Entity encoding bypass via regex injection in DOCTYPE entity names ## Summary | |
| CVE-2025-32711 | 9.3 | 3.89% | 1 | 1 | 2026-02-20T18:31:25 | Ai command injection in M365 Copilot allows an unauthorized attacker to disclose | |
| CVE-2026-1581 | 7.5 | 11.33% | 2 | 1 | template | 2026-02-19T18:32:09 | The wpForo Forum plugin for WordPress is vulnerable to time-based SQL Injection |
| CVE-2026-24780 | None | 0.10% | 1 | 0 | 2026-01-30T00:04:19 | ### Summary AutoGPT Platform's block execution endpoints (both main web API and | |
| CVE-2025-32975 | 10.0 | 0.13% | 1 | 0 | 2025-11-03T21:35:11 | Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x bef | |
| CVE-2026-33135 | 0 | 0.03% | 2 | 0 | N/A | ||
| CVE-2026-33134 | 0 | 0.03% | 4 | 0 | N/A | ||
| CVE-2026-32891 | 0 | 0.03% | 1 | 0 | N/A | ||
| CVE-2026-32890 | 0 | 0.05% | 1 | 0 | N/A | ||
| CVE-2026-33037 | 0 | 0.23% | 2 | 0 | N/A | ||
| CVE-2026-27625 | 0 | 0.06% | 1 | 0 | N/A | ||
| CVE-2026-33072 | 0 | 0.01% | 1 | 0 | N/A | ||
| CVE-2026-33150 | 0 | 0.01% | 1 | 0 | N/A | ||
| CVE-2026-33156 | 0 | 0.01% | 1 | 0 | N/A | ||
| CVE-2026-31836 | 0 | 0.03% | 1 | 0 | N/A | ||
| CVE-2026-32303 | 0 | 0.02% | 1 | 0 | N/A | ||
| CVE-2026-32710 | 0 | 0.26% | 1 | 0 | N/A | ||
| CVE-2026-32318 | 0 | 0.01% | 1 | 0 | N/A | ||
| CVE-2026-33308 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-33307 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-33024 | 0 | 0.08% | 1 | 0 | N/A | ||
| CVE-2026-4428 | 0 | 0.02% | 1 | 0 | N/A | ||
| CVE-2026-29103 | 0 | 0.20% | 1 | 0 | N/A | ||
| CVE-2026-32754 | 0 | 0.07% | 1 | 0 | N/A | ||
| CVE-2026-31965 | 0 | 0.04% | 1 | 0 | N/A | ||
| CVE-2026-31964 | 0 | 0.04% | 1 | 0 | N/A | ||
| CVE-2026-31963 | 0 | 0.04% | 1 | 0 | N/A | ||
| CVE-2026-31969 | 0 | 0.04% | 1 | 0 | N/A | ||
| CVE-2026-31967 | 0 | 0.02% | 1 | 0 | N/A | ||
| CVE-2026-31966 | 0 | 0.01% | 1 | 0 | N/A | ||
| CVE-2026-31973 | 0 | 0.01% | 1 | 0 | N/A | ||
| CVE-2026-31972 | 0 | 0.01% | 1 | 0 | N/A | ||
| CVE-2026-32238 | 0 | 0.29% | 1 | 1 | N/A | ||
| CVE-2023-4567 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-33058 | 0 | 0.02% | 1 | 0 | N/A |
updated 2026-03-21T12:32:43
1 posts
Two 20-year-old vulnerabilities fixed in XML::Parser 2.48:
- CVE-2006-10002: XML::Parser versions through 2.47 for Perl could
overflow the pre-allocated buffer size cause a heap corruption (double free or corruption) and crashes https://www.openwall.com/lists/oss-security/2026/03/19/1
- CVE-2006-10003: XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack https://www.openwall.com/lists/oss-security/2026/03/19/2
The patch fixing these has been available since 2006 but it's nice to see the fix in actual release, too.
##updated 2026-03-21T09:31:30
4 posts
🟠 CVE-2026-4373 - High (7.5)
The JetFormBuilder plugin for WordPress is vulnerable to arbitrary file read via path traversal in all versions up to, and including, 3.5.6.2. This is due to the 'Uploaded_File::set_from_array' method accepting user-supplied file paths from the Me...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4373/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 JetFormBuilder for WordPress is HIGH risk (CVE-2026-4373): Absolute path traversal in all versions allows unauth attackers to exfiltrate files via crafted Media Field form. Review & secure deployments! https://radar.offseq.com/threat/cve-2026-4373-cwe-36-absolute-path-traversal-in-je-12b1586f #OffSeq #WordPress #infosec
##🟠 CVE-2026-4373 - High (7.5)
The JetFormBuilder plugin for WordPress is vulnerable to arbitrary file read via path traversal in all versions up to, and including, 3.5.6.2. This is due to the 'Uploaded_File::set_from_array' method accepting user-supplied file paths from the Me...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4373/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 JetFormBuilder for WordPress is HIGH risk (CVE-2026-4373): Absolute path traversal in all versions allows unauth attackers to exfiltrate files via crafted Media Field form. Review & secure deployments! https://radar.offseq.com/threat/cve-2026-4373-cwe-36-absolute-path-traversal-in-je-12b1586f #OffSeq #WordPress #infosec
##updated 2026-03-21T06:30:39
4 posts
🟠 CVE-2026-4261 - High (8.8)
The Expire Users plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.2. This is due to the plugin allowing a user to update the 'on_expire_default_to_role' meta through the 'save_extra_user_profile_...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4261/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔥 HIGH severity: CVE-2026-4261 in Expire Users (WordPress, all versions) lets Subscribers escalate to Admin via missing authorization in 'save_extra_user_profile_fields'. Patch urgently or mitigate! https://radar.offseq.com/threat/cve-2026-4261-cwe-862-missing-authorization-in-hus-fa4ebb4d #OffSeq #WordPress #Vuln #Security
##🟠 CVE-2026-4261 - High (8.8)
The Expire Users plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.2. This is due to the plugin allowing a user to update the 'on_expire_default_to_role' meta through the 'save_extra_user_profile_...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4261/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔥 HIGH severity: CVE-2026-4261 in Expire Users (WordPress, all versions) lets Subscribers escalate to Admin via missing authorization in 'save_extra_user_profile_fields'. Patch urgently or mitigate! https://radar.offseq.com/threat/cve-2026-4261-cwe-862-missing-authorization-in-hus-fa4ebb4d #OffSeq #WordPress #Vuln #Security
##updated 2026-03-21T06:30:38
2 posts
1 repos
🟠 CVE-2026-2468 - High (7.5)
The Quentn WP plugin for WordPress is vulnerable to SQL Injection via the 'qntn_wp_access' cookie in all versions up to, and including, 1.2.12. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2468/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2468 - High (7.5)
The Quentn WP plugin for WordPress is vulnerable to SQL Injection via the 'qntn_wp_access' cookie in all versions up to, and including, 1.2.12. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2468/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-21T06:30:36
2 posts
🟠 CVE-2026-1800 - High (7.5)
The Fonts Manager | Custom Fonts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘fmcfIdSelectedFnt’ parameter in all versions up to, and including, 1.2 due to insufficient escaping on the user supplied parameter and lac...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1800/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-1800 - High (7.5)
The Fonts Manager | Custom Fonts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘fmcfIdSelectedFnt’ parameter in all versions up to, and including, 1.2 due to insufficient escaping on the user supplied parameter and lac...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1800/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-21T06:30:36
2 posts
🟠 CVE-2026-3334 - High (8.8)
The CMS Commander plugin for WordPress is vulnerable to SQL Injection via the 'or_blogname', 'or_blogdescription', and 'or_admin_email' parameters in all versions up to, and including, 2.288. This is due to insufficient escaping on the user suppli...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3334/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-3334 - High (8.8)
The CMS Commander plugin for WordPress is vulnerable to SQL Injection via the 'or_blogname', 'or_blogdescription', and 'or_admin_email' parameters in all versions up to, and including, 2.288. This is due to insufficient escaping on the user suppli...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3334/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-21T06:30:32
2 posts
🔎 HIGH severity SSRF in qrolic Performance Monitor (WordPress, all versions). Unauthenticated attackers can craft internal requests via REST API — RCE possible if chained with Redis. Urgent patch/mitigation needed! CVE-2026-1648. https://radar.offseq.com/threat/cve-2026-1648-cwe-918-server-side-request-forgery--062101f6 #OffSeq #WordPress #SSRF
##🔎 HIGH severity SSRF in qrolic Performance Monitor (WordPress, all versions). Unauthenticated attackers can craft internal requests via REST API — RCE possible if chained with Redis. Urgent patch/mitigation needed! CVE-2026-1648. https://radar.offseq.com/threat/cve-2026-1648-cwe-918-server-side-request-forgery--062101f6 #OffSeq #WordPress #SSRF
##updated 2026-03-21T04:17:25.807000
2 posts
🔎 CVE-2026-3478: HIGH severity SSRF in benmoody Content Syndication Toolkit (WordPress, all versions). Unauthenticated AJAX endpoint lets attackers proxy requests, risking internal data exposure. Disable plugin or block endpoint! https://radar.offseq.com/threat/cve-2026-3478-cwe-918-server-side-request-forgery--aeeaf0a3 #OffSeq #WordPress #SSRF
##🔎 CVE-2026-3478: HIGH severity SSRF in benmoody Content Syndication Toolkit (WordPress, all versions). Unauthenticated AJAX endpoint lets attackers proxy requests, risking internal data exposure. Disable plugin or block endpoint! https://radar.offseq.com/threat/cve-2026-3478-cwe-918-server-side-request-forgery--aeeaf0a3 #OffSeq #WordPress #SSRF
##updated 2026-03-21T04:17:13.620000
2 posts
🟠 CVE-2026-2941 - High (8.8)
The Linksy Search and Replace plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'linksy_search_and_replace_item_details' function in all versions up to, and including, 1.0.4. This make...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2941/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2941 - High (8.8)
The Linksy Search and Replace plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'linksy_search_and_replace_item_details' function in all versions up to, and including, 1.0.4. This make...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2941/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-21T04:16:52.630000
4 posts
🟠 CVE-2026-1313 - High (8.3)
The MimeTypes Link Icons plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.2.20. This is due to the plugin making outbound HTTP requests to user-controlled URLs without proper validation when...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1313/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##MimeTypes Link Icons plugin (≤3.2.20) hit by HIGH severity SSRF (CVE-2026-1313, CVSS 8.3). Contributor+ users can abuse "Show file size" to access internal resources. Disable the feature & check user roles. https://radar.offseq.com/threat/cve-2026-1313-cwe-918-server-side-request-forgery--530406e8 #OffSeq #WordPress #SSRF #CVE20261313
##🟠 CVE-2026-1313 - High (8.3)
The MimeTypes Link Icons plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.2.20. This is due to the plugin making outbound HTTP requests to user-controlled URLs without proper validation when...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1313/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##MimeTypes Link Icons plugin (≤3.2.20) hit by HIGH severity SSRF (CVE-2026-1313, CVSS 8.3). Contributor+ users can abuse "Show file size" to access internal resources. Disable the feature & check user roles. https://radar.offseq.com/threat/cve-2026-1313-cwe-918-server-side-request-forgery--530406e8 #OffSeq #WordPress #SSRF #CVE20261313
##updated 2026-03-21T04:16:51.263000
2 posts
🟠 CVE-2025-14037 - High (8.1)
The Invelity Product Feeds plugin for WordPress is vulnerable to arbitrary file deletion via path traversal in all versions up to, and including, 1.2.6. This is due to missing validation and sanitization in the 'createManageFeedPage' function. Thi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-14037/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-14037 - High (8.1)
The Invelity Product Feeds plugin for WordPress is vulnerable to arbitrary file deletion via path traversal in all versions up to, and including, 1.2.6. This is due to missing validation and sanitization in the 'createManageFeedPage' function. Thi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-14037/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-21T01:17:09.697000
2 posts
🟠 CVE-2026-32064 - High (7.7)
OpenClaw versions prior to 2026.2.21 sandbox browser entrypoint launches x11vnc without authentication for noVNC observer sessions, allowing unauthenticated access to the VNC interface. Remote attackers on the host loopback interface can connect t...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32064/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32064 - High (7.7)
OpenClaw versions prior to 2026.2.21 sandbox browser entrypoint launches x11vnc without authentication for noVNC observer sessions, allowing unauthenticated access to the VNC interface. Remote attackers on the host loopback interface can connect t...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32064/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-21T01:17:09.103000
2 posts
🟠 CVE-2026-32056 - High (7.5)
OpenClaw versions prior to 2026.2.22 fail to sanitize shell startup environment variables HOME and ZDOTDIR in the system.run function, allowing attackers to bypass command allowlist protections. Remote attackers can inject malicious startup files ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32056/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32056 - High (7.5)
OpenClaw versions prior to 2026.2.22 fail to sanitize shell startup environment variables HOME and ZDOTDIR in the system.run function, allowing attackers to bypass command allowlist protections. Remote attackers can inject malicious startup files ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32056/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-21T01:17:08.903000
2 posts
🟠 CVE-2026-32055 - High (7.6)
OpenClaw versions prior to 2026.2.26 contain a path traversal vulnerability in workspace boundary validation that allows attackers to write files outside the workspace through in-workspace symlinks pointing to non-existent out-of-root targets. The...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32055/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32055 - High (7.6)
OpenClaw versions prior to 2026.2.26 contain a path traversal vulnerability in workspace boundary validation that allows attackers to write files outside the workspace through in-workspace symlinks pointing to non-existent out-of-root targets. The...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32055/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-21T01:17:08.087000
2 posts
🟠 CVE-2026-32051 - High (8.8)
OpenClaw versions prior to 2026.3.1 contain an authorization mismatch vulnerability that allows authenticated callers with operator.write scope to invoke owner-only tool surfaces including gateway and cron through agent runs in scoped-token deploy...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32051/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32051 - High (8.8)
OpenClaw versions prior to 2026.3.1 contain an authorization mismatch vulnerability that allows authenticated callers with operator.write scope to invoke owner-only tool surfaces including gateway and cron through agent runs in scoped-token deploy...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32051/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-21T01:17:07.700000
2 posts
🟠 CVE-2026-32049 - High (7.5)
OpenClaw versions prior to 2026.2.22 fail to consistently enforce configured inbound media byte limits before buffering remote media across multiple channel ingestion paths. Remote attackers can send oversized media payloads to trigger elevated me...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32049/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32049 - High (7.5)
OpenClaw versions prior to 2026.2.22 fail to consistently enforce configured inbound media byte limits before buffering remote media across multiple channel ingestion paths. Remote attackers can send oversized media payloads to trigger elevated me...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32049/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-21T01:17:07.510000
2 posts
🟠 CVE-2026-32048 - High (7.5)
OpenClaw versions prior to 2026.3.1 fail to enforce sandbox inheritance during cross-agent sessions_spawn operations, allowing sandboxed sessions to create child processes under unsandboxed agents. An attacker with a sandboxed session can exploit ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32048/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32048 - High (7.5)
OpenClaw versions prior to 2026.3.1 fail to enforce sandbox inheritance during cross-agent sessions_spawn operations, allowing sandboxed sessions to create child processes under unsandboxed agents. An attacker with a sandboxed session can exploit ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32048/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-21T01:17:06.547000
2 posts
🟠 CVE-2026-32042 - High (8.8)
OpenClaw versions 2026.2.22 prior to 2026.2.25 contain a privilege escalation vulnerability allowing unpaired device identities to bypass operator pairing requirements and self-assign elevated operator scopes including operator.admin. Attackers wi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32042/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32042 - High (8.8)
OpenClaw versions 2026.2.22 prior to 2026.2.25 contain a privilege escalation vulnerability allowing unpaired device identities to bypass operator pairing requirements and self-assign elevated operator scopes including operator.admin. Attackers wi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32042/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-21T00:32:49
2 posts
CVE-2026-24060 (CRITICAL): WebCTRL Premium Server sends BACnet data in cleartext, risking interception & modification. No patch yet — segment OT networks & use VPNs for BACnet traffic. Monitor for sniffing, restrict access. Details: https://radar.offseq.com/threat/cve-2026-24060-cwe-319-in-automated-logic-webctrl--ad487a9d #OffSeq #ICS #Vuln #BACnet
##Multiple Flaws Reported in Automated Logic WebCTRL Premium Server
Automated Logic patched three vulnerabilities in its WebCTRL Premium Server, including a critical cleartext flaw (CVE-2026-24060), that allow attackers to intercept sensitive data and spoof commands in building automation systems.
**If you are using Automated Logic WebCTRL, make sure it's isolated from the internet and your office network. Then plan a patch. Legacy versions 7.x will not be updated so plan an upgrade.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/multiple-flaws-reported-in-automated-logic-webctrl-premium-server-m-r-3-3-r/gD2P6Ple2L
updated 2026-03-21T00:32:47
3 posts
⚠️ CVE-2026-25192 (CRITICAL, CVSS 9.4): All CTEK Chargeportal versions lack authentication on OCPP WebSocket endpoints. Enables remote station impersonation & command injection. Restrict network access and monitor closely! https://radar.offseq.com/threat/cve-2026-25192-cwe-306-in-ctek-chargeportal-a1a8a9ed #OffSeq #EVSecurity #CVE202625192
##⚠️ CVE-2026-25192 (CRITICAL, CVSS 9.4): All CTEK Chargeportal versions lack authentication on OCPP WebSocket endpoints. Enables remote station impersonation & command injection. Restrict network access and monitor closely! https://radar.offseq.com/threat/cve-2026-25192-cwe-306-in-ctek-chargeportal-a1a8a9ed #OffSeq #EVSecurity #CVE202625192
##CTEK Chargeportal Vulnerabilities Enable Unauthorized Control of EV Infrastructure
CISA reports four vulnerabilities in the Chargeportal platform by CTEK, including a critical authentication bypass (CVE-2026-25192), that allow attackers to impersonate charging stations and gain unauthorized control. The product is scheduled for sunset in April 2026, leaving network isolation as the primary defense for current users.
**Since CTEK is sunsetting Chargeportal without a patch, make sure you isolate the systems as much as possible from public access and the public internet. Then planning a migration to a supported charging management platform.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/ctek-chargeportal-vulnerabilities-enable-unauthorized-control-of-ev-infrastructure-q-m-c-l-x/gD2P6Ple2L
updated 2026-03-21T00:31:52
3 posts
⚠️ CRITICAL: CVE-2026-29796 affects all IGL-Technologies eParking.fi versions. Missing WebSocket auth allows attackers to impersonate charging stations, disrupt operations, and corrupt data. Restrict access, monitor traffic, and secure now! https://radar.offseq.com/threat/cve-2026-29796-cwe-306-in-igl-technologies-eparkin-fcf429f8 #OffSeq #EVCharging #Infosec
##⚠️ CRITICAL: CVE-2026-29796 affects all IGL-Technologies eParking.fi versions. Missing WebSocket auth allows attackers to impersonate charging stations, disrupt operations, and corrupt data. Restrict access, monitor traffic, and secure now! https://radar.offseq.com/threat/cve-2026-29796-cwe-306-in-igl-technologies-eparkin-fcf429f8 #OffSeq #EVCharging #Infosec
##IGL-Technologies Patches Critical Authentication Bypass in eParking.fi Platform
IGL-Technologies patched four vulnerabilities in its eParking.fi platform, including a critical authentication bypass (CVE-2026-29796) that allows attackers to impersonate EV charging stations and gain administrative control.
**Isolate your EV charging infrastructure as much as possible from the public internet and public network access. Verify that your hardware supports the vendor's new security profiles. Since station identifiers were leaked on public maps, you should treat existing IDs as compromised and implement device whitelisting.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/igl-technologies-patches-critical-authentication-bypass-in-eparking-fi-platform-a-5-9-c-q/gD2P6Ple2L
updated 2026-03-21T00:31:45
1 posts
🟠 CVE-2026-23536 - High (7.5)
A security issue was discovered in the Feast Feature Server's `/read-document` endpoint that allows an unauthenticated remote attacker to read any file accessible to the server process. By sending a specially crafted HTTP POST request, an attacker...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23536/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T22:16:29.267000
2 posts
🔴 CVE-2026-3584 - Critical (9.8)
The Kali Forms plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.4.9 via the 'form_process' function. This is due to the 'prepare_post_data' function mapping user-supplied keys directly into intern...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3584/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-3584 - Critical (9.8)
The Kali Forms plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.4.9 via the 'form_process' function. This is due to the 'prepare_post_data' function mapping user-supplied keys directly into intern...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3584/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T22:16:28.660000
2 posts
🟠 CVE-2026-33166 - High (8.6)
Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. The Allure report generator prior to version 2.38.0 is vulnerable to an arbitrary file read via path traversal when processing test results. An attacker can...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33166/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33166 - High (8.6)
Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. The Allure report generator prior to version 2.38.0 is vulnerable to an arbitrary file read via path traversal when processing test results. An attacker can...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33166/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T22:16:26.933000
8 posts
1 repos
Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager
https://thehackernews.com/2026/03/oracle-patches-critical-cve-2026-21992.html
Short summary: https://hackerworkspace.com/article/oracle-patches-critical-cve-2026-21992-enabling-unauthenticated-rce-in-identity-manager
##Geopolitical tensions remain high as the Iran conflict disrupts the Strait of Hormuz, impacting oil prices and global tech supply chains due to halted helium output from Qatar (Mar 20-21, 2026). In technology, Google introduced a mandatory 24-hour wait for Android sideloading from unverified developers (Mar 20, 2026), while Nvidia showcased new AI chips at GTC 2026 (Mar 20, 2026). Cybersecurity saw Oracle patch a critical RCE vulnerability (CVE-2026-21992) (Mar 21, 2026), and Iranian-linked hackers targeted medical tech firm Stryker, wiping devices (Mar 20, 2026). A Trivy supply chain attack also deployed 'CanisterWorm' across npm packages (Mar 20, 2026).
##CVE-2026-21992: Oracle schließt RCE-Lücke in Fusion Middleware außerhalb des regulären Patch-Zyklus
Die als CVE-2026-21992 klassifizierte Schwachstelle erlaubt es Angreifern, ohne Anmeldedaten beliebigen Code auf betroffenen Systemen auszuführen – sofern diese über das Netz erreichbar sind.
##Oracle Issues Emergency Patch for Critical Vulnerability in Identity Manager, Web Services Manager
Oracle released an emergency patch for a critical remote code execution vulnerability (CVE-2026-21992) in Identity Manager and Web Services Manager that allows unauthenticated attackers to take over systems.
**If you're running Oracle Fusion Middleware , Oracle Identity Manager or Oracle Web Services Manager, this is important and probably urgent. If posssible, isolate the system to trusted networks only and use a Web Application Firewall with custom rules for this endoint. Then patch ASAP, because this flaw will be exploited, very soon.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/oracle-issues-emergency-patch-for-critical-vulnerability-in-identity-manager-web-services-manager-g-u-z-h-t/gD2P6Ple2L
Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager
https://thehackernews.com/2026/03/oracle-patches-critical-cve-2026-21992.html
Short summary: https://hackerworkspace.com/article/oracle-patches-critical-cve-2026-21992-enabling-unauthenticated-rce-in-identity-manager
##Geopolitical tensions remain high as the Iran conflict disrupts the Strait of Hormuz, impacting oil prices and global tech supply chains due to halted helium output from Qatar (Mar 20-21, 2026). In technology, Google introduced a mandatory 24-hour wait for Android sideloading from unverified developers (Mar 20, 2026), while Nvidia showcased new AI chips at GTC 2026 (Mar 20, 2026). Cybersecurity saw Oracle patch a critical RCE vulnerability (CVE-2026-21992) (Mar 21, 2026), and Iranian-linked hackers targeted medical tech firm Stryker, wiping devices (Mar 20, 2026). A Trivy supply chain attack also deployed 'CanisterWorm' across npm packages (Mar 20, 2026).
##Oracle Issues Emergency Patch for Critical Vulnerability in Identity Manager, Web Services Manager
Oracle released an emergency patch for a critical remote code execution vulnerability (CVE-2026-21992) in Identity Manager and Web Services Manager that allows unauthenticated attackers to take over systems.
**If you're running Oracle Fusion Middleware , Oracle Identity Manager or Oracle Web Services Manager, this is important and probably urgent. If posssible, isolate the system to trusted networks only and use a Web Application Firewall with custom rules for this endoint. Then patch ASAP, because this flaw will be exploited, very soon.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/oracle-issues-emergency-patch-for-critical-vulnerability-in-identity-manager-web-services-manager-g-u-z-h-t/gD2P6Ple2L
Oracle issues an out-of-band security update for a pre-auth RCE in Oracle Identity Manager
https://www.oracle.com/security-alerts/alert-cve-2026-21992.html
##updated 2026-03-20T22:16:26.120000
11 posts
3 repos
https://github.com/sak110/CVE-2026-20131
📢 Interlock Ransomware exploite un zero-day Cisco FMC (CVE-2026-20131) 36 jours avant divulgation
📝 *Amazon Threat Intelligence a dé...
📖 cyberveille : https://cyberveille.ch/posts/2026-03-21-interlock-ransomware-exploite-un-zero-day-cisco-fmc-cve-2026-20131-36-jours-avant-divulgation/
🌐 source : https://aws.amazon.com/fr/blogs/security/amazon-threat-intelligence-teams-identify-interlock-ransomware-campaign-targeting-enterprise-firewalls/
#CVE_2026_20131 #Certify #Cyberveille
Cisco Zero-Day 36 Tage vor Update ausgenutzt
Am 2026-03-04 hat Cisco ein Update gegen die Sicherheitslücke CVE-2026-20131 veröffentlicht. Sie hat die Einstufung 10 von 10 erhalten: die schlimmste aller vorstellbaren Schwachstellen. Falls¹ die Verwaltungs-Oberfläche (Management Interface) der Secure Firewall Management Center (FMC) Software und Security Cloud Control (SCC) Firewall Management Software aus dem Internet erreichbar ist, kann ein entfernter Angreifer ohne Autorisierung beliebigen Code mit Administrator-Rechten auf den betroffenen Geräten ausführen (RCE). Sehr angemessen für Geräte, die
https://www.pc-fluesterer.info/wordpress/2026/03/21/cisco-zero-day-36-tage-vor-update-ausgenutzt/
#Allgemein #Empfehlung #Hintergrund #Warnung #0day #closedsource #cybercrime #erpresser #exploits #firewall #hersteller #hintertür #sicherheit #UnplugTrump #vorfälle
##Cisco Zero-Day 36 Tage vor Update ausgenutzt
Am 2026-03-04 hat Cisco ein Update gegen die Sicherheitslücke CVE-2026-20131 veröffentlicht. Sie hat die Einstufung 10 von 10 erhalten: die schlimmste aller vorstellbaren Schwachstellen. Falls¹ die Verwaltungs-Oberfläche (Management Interface) der Secure Firewall Management Center (FMC) Software und Security Cloud Control (SCC) Firewall Management Software aus dem Internet erreichbar ist, kann ein entfernter Angreifer ohne Autorisierung beliebigen Code mit Administrator-Rechten auf den betroffenen Geräten ausführen (RCE). Sehr angemessen für Geräte, die
https://www.pc-fluesterer.info/wordpress/2026/03/21/cisco-zero-day-36-tage-vor-update-ausgenutzt/
#Allgemein #Empfehlung #Hintergrund #Warnung #0day #closedsource #cybercrime #erpresser #exploits #firewall #hersteller #hintertür #sicherheit #UnplugTrump #vorfälle
##"CISA orders feds to patch max-severity Cisco flaw by Sunday"
"[...] The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a maximum-severity vulnerability, CVE-2026-20131, in Cisco Secure Firewall Management Center (FMC) by Sunday, March 22."
##The campaign is exploiting "critical vulnerability (CVE-2026-20131) in Cisco Secure Firewall Management Center (FMC), enabling unauthenticated remote code execution as root. The campaign combines edge-device exploitation, custom malware tooling, and double extortion tactics, indicating a mature and targeted ransomware operation."
FortiGuard's outbreak alerts listed a critical Interlock ransomware attack yesterday: https://fortiguard.fortinet.com/outbreak-alert/interlock-ransomware @FortiGuardLabs #infosec #ransomware #Cisco #cyberattack
##CISA orders feds to patch max-severity Cisco flaw by Sunday
The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a maximum-severity vulnerability, CVE-2026-20131,...
🔗️ [Bleepingcomputer] https://link.is.it/eSynqa
##⚠️ Ransomware crims abused Cisco 0-day weeks before disclosure
「 Ransomware criminals exploited CVE-2026-20131, a maximum-severity bug in Cisco Secure Firewall Management Center software, as a zero-day vulnerability more than a month before Cisco patched the hole, according to Amazon security boss CJ Moses 」
https://www.theregister.com/2026/03/18/amazon_cisco_firewall_0_day_ransomware/
🚨 [CISA-2026:0319] CISA Adds One Known Exploited Vulnerability to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0319)
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2026-20131 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20131)
- Name: Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management Deserialization of Untrusted Data Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Known
- Vendor: Cisco
- Product: Secure Firewall Management Center (FMC)
- Notes: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-rce-NKhnULJh ; https://nvd.nist.gov/vuln/detail/CVE-2026-20131
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260319 #cisa20260319 #cve_2026_20131 #cve202620131
##CVE ID: CVE-2026-20131
Vendor: Cisco
Product: Secure Firewall Management Center (FMC)
Date Added: 2026-03-19
Notes: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-rce-NKhnULJh ; https://nvd.nist.gov/vuln/detail/CVE-2026-20131
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-20131
Interlock group exploiting the CISCO FMC flaw CVE-2026-20131 36 days before disclosure https://securityaffairs.com/189636/malware/interlock-group-exploiting-the-cisco-fmc-flaw-cve-2026-20131-36-days-before-disclosure.html
##Interlock ransomware exploited Cisco firewall zero-day (CVE-2026-20131) before disclosure.
• Unauth RCE → root
• Memory webshells
• WebSocket C2
https://www.technadu.com/interlock-ransomware-campaign-exploited-cisco-firewall-vulnerability-cve-2026-20131-weeks-before-disclosure/623700/
updated 2026-03-20T21:36:50
1 posts
🟠 CVE-2026-32013 - High (8.8)
OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in the agents.files.get and agents.files.set methods that allows reading and writing files outside the agent workspace. Attackers can exploit symlinked allowlisted file...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32013/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T21:35:20
1 posts
🔴 CVE-2026-30836 - Critical (10)
Step CA is an online certificate authority for secure, automated certificate management for DevOps. Versions 0.30.0-rc6 and below do not safeguard against unauthenticated certificate issuance through the SCEP UpdateReq. This issue has been fixed i...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30836/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T21:34:49
1 posts
we found a memory exhaustion CVE in a library downloaded 29 million times a month. AWS, DataHub, and Lightning AI are in the blast radius. https://www.periphery.security/blog/cve-2026-33155---40-bytes-to-chaos
##updated 2026-03-20T21:34:04
1 posts
🟠 CVE-2026-33154 - High (7.5)
dynaconf is a configuration management tool for Python. Prior to version 3.2.13, Dynaconf is vulnerable to Server-Side Template Injection (SSTI) due to unsafe template evaluation in the @Jinja resolver. When the jinja2 package is installed, Dynaco...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33154/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T21:33:29
1 posts
🟠 CVE-2026-33142 - High (8.1)
OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.34, the fix for CVE-2026-32306 (ClickHouse SQL injection via aggregate query parameters) added column name validation to the _aggregateBy method but did not...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33142/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T21:32:24
1 posts
🟠 CVE-2026-33010 - High (8.1)
mcp-memory-service is an open-source memory backend for multi-agent systems. Prior to version 10.25.1, when the HTTP server is enabled (MCP_HTTP_ENABLED=true), the application configures FastAPI's CORSMiddleware with allow_origins=['*'], allow_cre...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33010/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T21:28:57
3 posts
5 repos
https://github.com/z0d131482700x/Livewire2025CVE
https://github.com/synacktiv/Livepyre
https://github.com/Jenderal92/livewire-vuln-scanner
🚨 [CISA-2026:0320] CISA Adds 5 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0320)
CISA has added 5 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2025-31277 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-31277)
- Name: Apple Multiple Products Buffer Overflow Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: Multiple Products
- Notes: https://support.apple.com/en-us/124147 ; https://support.apple.com/en-us/124149 ; https://support.apple.com/en-us/124152 ; https://support.apple.com/en-us/124153 ; https://support.apple.com/en-us/124155 ; https://nvd.nist.gov/vuln/detail/CVE-2025-31277
⚠️ CVE-2025-32432 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-32432)
- Name: Craft CMS Code Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Craft CMS
- Product: Craft CMS
- Notes: https://craftcms.com/knowledge-base/craft-cms-cve-2025-32432 ; https://github.com/craftcms/cms/security/advisories/GHSA-f3gw-9ww9-jmc3 ; https://nvd.nist.gov/vuln/detail/CVE-2025-32432
⚠️ CVE-2025-43510 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-43510)
- Name: Apple Multiple Products Improper Locking Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: Multiple Products
- Notes: https://support.apple.com/en-us/125632 ; https://support.apple.com/en-us/125633 ; https://support.apple.com/en-us/125634 ; https://support.apple.com/en-us/125635 ; https://support.apple.com/en-us/125636 ; https://support.apple.com/en-us/125637 ; https://support.apple.com/en-us/125638 ; https://support.apple.com/en-us/125639 ; https://nvd.nist.gov/vuln/detail/CVE-2025-43510
⚠️ CVE-2025-43520 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-43520)
- Name: Apple Multiple Products Classic Buffer Overflow Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: Multiple Products
- Notes: https://support.apple.com/en-us/125632 ; https://support.apple.com/en-us/125633 ; https://support.apple.com/en-us/125634 ; https://support.apple.com/en-us/125635 ; https://support.apple.com/en-us/125636 ; https://support.apple.com/en-us/125637 ; https://support.apple.com/en-us/125638 ; https://support.apple.com/en-us/125639 ; https://nvd.nist.gov/vuln/detail/CVE-2025-43520
⚠️ CVE-2025-54068 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-54068)
- Name: Laravel Livewire Code Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Laravel
- Product: Livewire
- Notes: https://github.com/livewire/livewire/security/advisories/GHSA-29cq-5w36-x7w3 ; https://github.com/livewire/livewire/commit/ef04be759da41b14d2d129e670533180a44987dc ; https://nvd.nist.gov/vuln/detail/CVE-2025-54068
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260320 #cisa20260320 #cve_2025_31277 #cve_2025_32432 #cve_2025_43510 #cve_2025_43520 #cve_2025_54068 #cve202531277 #cve202532432 #cve202543510 #cve202543520 #cve202554068
##CVE ID: CVE-2025-54068
Vendor: Laravel
Product: Livewire
Date Added: 2026-03-20
Notes: https://github.com/livewire/livewire/security/advisories/GHSA-29cq-5w36-x7w3 ; https://github.com/livewire/livewire/commit/ef04be759da41b14d2d129e670533180a44987dc ; https://nvd.nist.gov/vuln/detail/CVE-2025-54068
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-54068
Looks like CISA has added to the KEV catalogue. Today's winner is Apple.
- CVE-2025-31277: Apple Multiple Products Buffer Overflow Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-31277
- CVE-2025-43520: Apple Multiple Products Classic Buffer Overflow Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-43520
- CVE-2025-43510: Apple Multiple Products Improper Locking Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-43510
- CVE-2025-54068: Laravel Livewire Code Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-54068
- CVE-2025-32432: Craft CMS Code Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-32432 #CISA #Apple #infosec #vulnerability
##updated 2026-03-20T21:28:38
3 posts
4 repos
https://github.com/Sachinart/CVE-2025-32432
https://github.com/Chocapikk/CVE-2025-32432
🚨 [CISA-2026:0320] CISA Adds 5 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0320)
CISA has added 5 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2025-31277 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-31277)
- Name: Apple Multiple Products Buffer Overflow Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: Multiple Products
- Notes: https://support.apple.com/en-us/124147 ; https://support.apple.com/en-us/124149 ; https://support.apple.com/en-us/124152 ; https://support.apple.com/en-us/124153 ; https://support.apple.com/en-us/124155 ; https://nvd.nist.gov/vuln/detail/CVE-2025-31277
⚠️ CVE-2025-32432 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-32432)
- Name: Craft CMS Code Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Craft CMS
- Product: Craft CMS
- Notes: https://craftcms.com/knowledge-base/craft-cms-cve-2025-32432 ; https://github.com/craftcms/cms/security/advisories/GHSA-f3gw-9ww9-jmc3 ; https://nvd.nist.gov/vuln/detail/CVE-2025-32432
⚠️ CVE-2025-43510 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-43510)
- Name: Apple Multiple Products Improper Locking Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: Multiple Products
- Notes: https://support.apple.com/en-us/125632 ; https://support.apple.com/en-us/125633 ; https://support.apple.com/en-us/125634 ; https://support.apple.com/en-us/125635 ; https://support.apple.com/en-us/125636 ; https://support.apple.com/en-us/125637 ; https://support.apple.com/en-us/125638 ; https://support.apple.com/en-us/125639 ; https://nvd.nist.gov/vuln/detail/CVE-2025-43510
⚠️ CVE-2025-43520 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-43520)
- Name: Apple Multiple Products Classic Buffer Overflow Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: Multiple Products
- Notes: https://support.apple.com/en-us/125632 ; https://support.apple.com/en-us/125633 ; https://support.apple.com/en-us/125634 ; https://support.apple.com/en-us/125635 ; https://support.apple.com/en-us/125636 ; https://support.apple.com/en-us/125637 ; https://support.apple.com/en-us/125638 ; https://support.apple.com/en-us/125639 ; https://nvd.nist.gov/vuln/detail/CVE-2025-43520
⚠️ CVE-2025-54068 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-54068)
- Name: Laravel Livewire Code Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Laravel
- Product: Livewire
- Notes: https://github.com/livewire/livewire/security/advisories/GHSA-29cq-5w36-x7w3 ; https://github.com/livewire/livewire/commit/ef04be759da41b14d2d129e670533180a44987dc ; https://nvd.nist.gov/vuln/detail/CVE-2025-54068
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260320 #cisa20260320 #cve_2025_31277 #cve_2025_32432 #cve_2025_43510 #cve_2025_43520 #cve_2025_54068 #cve202531277 #cve202532432 #cve202543510 #cve202543520 #cve202554068
##Looks like CISA has added to the KEV catalogue. Today's winner is Apple.
- CVE-2025-31277: Apple Multiple Products Buffer Overflow Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-31277
- CVE-2025-43520: Apple Multiple Products Classic Buffer Overflow Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-43520
- CVE-2025-43510: Apple Multiple Products Improper Locking Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-43510
- CVE-2025-54068: Laravel Livewire Code Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-54068
- CVE-2025-32432: Craft CMS Code Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-32432 #CISA #Apple #infosec #vulnerability
##CVE ID: CVE-2025-32432
Vendor: Craft CMS
Product: Craft CMS
Date Added: 2026-03-20
Notes: https://craftcms.com/knowledge-base/craft-cms-cve-2025-32432 ; https://github.com/craftcms/cms/security/advisories/GHSA-f3gw-9ww9-jmc3 ; https://nvd.nist.gov/vuln/detail/CVE-2025-32432
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-32432
updated 2026-03-20T21:27:42
1 posts
🟠 CVE-2026-33128 - High (7.5)
H3 is a minimal H(TTP) framework. In versions prior to 1.15.6 and between 2.0.0 through 2.0.1-rc.14, createEventStream is vulnerable to Server-Sent Events (SSE) injection due to missing newline sanitization in formatEventStreamMessage() and format...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33128/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T21:24:22
2 posts
RAXE-2026-040: Claude Code Workspace Trust Dialog Bypass via Repository Settings (CVE-2026-33068) | RAXE Labs
##Claude Code workspace trust dialog bypass via repository settings loading order [CVE-2026-33068, CVSS 7.7]. Settings resolved before trust dialog shown. https://raxe.ai/labs/advisories/RAXE-2026-040
##updated 2026-03-20T21:23:52
1 posts
🔴 CVE-2026-33057 - Critical (9.8)
Mesop is a Python-based UI framework that allows users to build web applications. In versions 1.2.2 and below, an explicit web endpoint inside the ai/ testing module infrastructure directly ingests untrusted Python code strings unconditionally wit...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33057/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T21:23:23
1 posts
🔴 CVE-2026-33054 - Critical (10)
Mesop is a Python-based UI framework that allows users to build web applications. Versions 1.2.2 and below contain a Path Traversal vulnerability that allows any user supplying an untrusted state_token through the UI stream payload to arbitrarily ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33054/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T21:23:01
2 posts
🟠 CVE-2026-33043 - High (8.1)
WWBN AVideo is an open source video platform. In versions 25.0 and below, /objects/phpsessionid.json.php exposes the current PHP session ID to any unauthenticated request. The allowOrigin() function reflects any Origin header back in Access-Contro...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33043/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33043 - High (8.1)
WWBN AVideo is an open source video platform. In versions 25.0 and below, /objects/phpsessionid.json.php exposes the current PHP session ID to any unauthenticated request. The allowOrigin() function reflects any Origin header back in Access-Contro...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33043/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T21:22:41
1 posts
🟠 CVE-2026-33039 - High (8.6)
WWBN AVideo is an open source video platform. In versions 25.0 and below, the plugin/LiveLinks/proxy.php endpoint validates user-supplied URLs against internal/private networks using isSSRFSafeURL(), but only checks the initial URL. When the initi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33039/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T21:22:16
1 posts
🟠 CVE-2026-33036 - High (7.5)
fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Versions 4.0.0-beta.3 through 5.5.5 contain a bypass vulnerability where numeric character references (&#NNN;, &#xHH;) and standard XML entities...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33036/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T21:21:56
1 posts
🟠 CVE-2026-33012 - High (7.5)
Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. Versions 4.7.0 through 4.10.16 used an unbounded ConcurrentHashMap cache with no eviction policy in its DefaultHtmlError...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33012/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T21:21:11
1 posts
🔴 CVE-2026-32940 - Critical (9.3)
SiYuan is a personal knowledge management system. In versions 3.6.0 and below, SanitizeSVG has an incomplete blocklist — it blocks data:text/html and data:image/svg+xml in href attributes but misses data:text/xml and data:application/xml, both o...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32940/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T21:13:30
1 posts
🟠 CVE-2026-32025 - High (7.5)
OpenClaw versions prior to 2026.2.25 contain an authentication hardening gap in browser-origin WebSocket clients that allows attackers to bypass origin checks and auth throttling on loopback deployments. An attacker can trick a user into opening a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32025/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T21:12:25
1 posts
🟠 CVE-2026-32014 - High (8)
OpenClaw versions prior to 2026.2.26 contain a metadata spoofing vulnerability where reconnect platform and deviceFamily fields are accepted from the client without being bound into the device-auth signature. An attacker with a paired node identit...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32014/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T20:42:26
2 posts
🚨 CVE-2026-22732 (CRITICAL, CVSS 9.1): Spring Security 5.7.0 – 7.0.3 vulnerability lets HTTP headers go unwritten, risking CSP/HSTS bypass. No auth needed, remote exploit possible. Upgrade urgently & enforce headers via WAF/CDN! https://radar.offseq.com/threat/cve-2026-22732-vulnerability-in-spring-spring-secu-2c8fbdd8 #OffSeq #SpringSecurity #CVE202622732
##🔴 CVE-2026-22732 - Critical (9.1)
When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written.
This issue affects Spring Security: from 5.7.0 through 5.7.21, from 5.8.0 through...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22732/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T20:41:31
1 posts
🟠 CVE-2026-22731 - High (8.2)
Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under a specific path, already configured for a Health Group additional path...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22731/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T19:23:40.980000
1 posts
🔴 CVE-2026-33136 - Critical (9.3)
WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting (XSS) vulnerability in the listar_memorandos_ativos.php endpoint. An attacker can inject arbitrary JavaScript or HTML tags into the ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33136/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T19:16:19.253000
1 posts
🟠 CVE-2026-33346 - High (8.7)
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, a stored cross-site scripting (XSS) vulnerability in the patient portal payment flow allows a patient portal user to persist...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33346/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T19:16:18.273000
1 posts
🟠 CVE-2026-33038 - High (8.1)
WWBN AVideo is an open source video platform. Versions 25.0 and below are vulnerable to unauthenticated application takeover through the install/checkConfiguration.php endpoint. install/checkConfiguration.php performs full application initializati...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33038/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T19:16:16.090000
1 posts
🟠 CVE-2026-32317 - High (7.6)
Cryptomator for Android offers multi-platform transparent client-side encryption for files in the cloud. Prior to version 1.12.3, an integrity check vulnerability allows an attacker tamper with the vault configuration file leading to a man-in-the-...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32317/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T18:39:56.413000
3 posts
🚨 [CISA-2026:0320] CISA Adds 5 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0320)
CISA has added 5 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2025-31277 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-31277)
- Name: Apple Multiple Products Buffer Overflow Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: Multiple Products
- Notes: https://support.apple.com/en-us/124147 ; https://support.apple.com/en-us/124149 ; https://support.apple.com/en-us/124152 ; https://support.apple.com/en-us/124153 ; https://support.apple.com/en-us/124155 ; https://nvd.nist.gov/vuln/detail/CVE-2025-31277
⚠️ CVE-2025-32432 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-32432)
- Name: Craft CMS Code Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Craft CMS
- Product: Craft CMS
- Notes: https://craftcms.com/knowledge-base/craft-cms-cve-2025-32432 ; https://github.com/craftcms/cms/security/advisories/GHSA-f3gw-9ww9-jmc3 ; https://nvd.nist.gov/vuln/detail/CVE-2025-32432
⚠️ CVE-2025-43510 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-43510)
- Name: Apple Multiple Products Improper Locking Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: Multiple Products
- Notes: https://support.apple.com/en-us/125632 ; https://support.apple.com/en-us/125633 ; https://support.apple.com/en-us/125634 ; https://support.apple.com/en-us/125635 ; https://support.apple.com/en-us/125636 ; https://support.apple.com/en-us/125637 ; https://support.apple.com/en-us/125638 ; https://support.apple.com/en-us/125639 ; https://nvd.nist.gov/vuln/detail/CVE-2025-43510
⚠️ CVE-2025-43520 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-43520)
- Name: Apple Multiple Products Classic Buffer Overflow Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: Multiple Products
- Notes: https://support.apple.com/en-us/125632 ; https://support.apple.com/en-us/125633 ; https://support.apple.com/en-us/125634 ; https://support.apple.com/en-us/125635 ; https://support.apple.com/en-us/125636 ; https://support.apple.com/en-us/125637 ; https://support.apple.com/en-us/125638 ; https://support.apple.com/en-us/125639 ; https://nvd.nist.gov/vuln/detail/CVE-2025-43520
⚠️ CVE-2025-54068 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-54068)
- Name: Laravel Livewire Code Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Laravel
- Product: Livewire
- Notes: https://github.com/livewire/livewire/security/advisories/GHSA-29cq-5w36-x7w3 ; https://github.com/livewire/livewire/commit/ef04be759da41b14d2d129e670533180a44987dc ; https://nvd.nist.gov/vuln/detail/CVE-2025-54068
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260320 #cisa20260320 #cve_2025_31277 #cve_2025_32432 #cve_2025_43510 #cve_2025_43520 #cve_2025_54068 #cve202531277 #cve202532432 #cve202543510 #cve202543520 #cve202554068
##CVE ID: CVE-2025-43510
Vendor: Apple
Product: Multiple Products
Date Added: 2026-03-20
Notes: https://support.apple.com/en-us/125632 ; https://support.apple.com/en-us/125633 ; https://support.apple.com/en-us/125634 ; https://support.apple.com/en-us/125635 ; https://support.apple.com/en-us/125636 ; https://support.apple.com/en-us/125637 ; https://support.apple.com/en-us/125638 ; https://support.apple.com/en-us/125639 ; https://nvd.nist.gov/vuln/detail/CVE-2025-43510
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-43510
Looks like CISA has added to the KEV catalogue. Today's winner is Apple.
- CVE-2025-31277: Apple Multiple Products Buffer Overflow Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-31277
- CVE-2025-43520: Apple Multiple Products Classic Buffer Overflow Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-43520
- CVE-2025-43510: Apple Multiple Products Improper Locking Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-43510
- CVE-2025-54068: Laravel Livewire Code Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-54068
- CVE-2025-32432: Craft CMS Code Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-32432 #CISA #Apple #infosec #vulnerability
##updated 2026-03-20T18:32:19
3 posts
🚨 [CISA-2026:0320] CISA Adds 5 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0320)
CISA has added 5 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2025-31277 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-31277)
- Name: Apple Multiple Products Buffer Overflow Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: Multiple Products
- Notes: https://support.apple.com/en-us/124147 ; https://support.apple.com/en-us/124149 ; https://support.apple.com/en-us/124152 ; https://support.apple.com/en-us/124153 ; https://support.apple.com/en-us/124155 ; https://nvd.nist.gov/vuln/detail/CVE-2025-31277
⚠️ CVE-2025-32432 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-32432)
- Name: Craft CMS Code Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Craft CMS
- Product: Craft CMS
- Notes: https://craftcms.com/knowledge-base/craft-cms-cve-2025-32432 ; https://github.com/craftcms/cms/security/advisories/GHSA-f3gw-9ww9-jmc3 ; https://nvd.nist.gov/vuln/detail/CVE-2025-32432
⚠️ CVE-2025-43510 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-43510)
- Name: Apple Multiple Products Improper Locking Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: Multiple Products
- Notes: https://support.apple.com/en-us/125632 ; https://support.apple.com/en-us/125633 ; https://support.apple.com/en-us/125634 ; https://support.apple.com/en-us/125635 ; https://support.apple.com/en-us/125636 ; https://support.apple.com/en-us/125637 ; https://support.apple.com/en-us/125638 ; https://support.apple.com/en-us/125639 ; https://nvd.nist.gov/vuln/detail/CVE-2025-43510
⚠️ CVE-2025-43520 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-43520)
- Name: Apple Multiple Products Classic Buffer Overflow Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: Multiple Products
- Notes: https://support.apple.com/en-us/125632 ; https://support.apple.com/en-us/125633 ; https://support.apple.com/en-us/125634 ; https://support.apple.com/en-us/125635 ; https://support.apple.com/en-us/125636 ; https://support.apple.com/en-us/125637 ; https://support.apple.com/en-us/125638 ; https://support.apple.com/en-us/125639 ; https://nvd.nist.gov/vuln/detail/CVE-2025-43520
⚠️ CVE-2025-54068 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-54068)
- Name: Laravel Livewire Code Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Laravel
- Product: Livewire
- Notes: https://github.com/livewire/livewire/security/advisories/GHSA-29cq-5w36-x7w3 ; https://github.com/livewire/livewire/commit/ef04be759da41b14d2d129e670533180a44987dc ; https://nvd.nist.gov/vuln/detail/CVE-2025-54068
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260320 #cisa20260320 #cve_2025_31277 #cve_2025_32432 #cve_2025_43510 #cve_2025_43520 #cve_2025_54068 #cve202531277 #cve202532432 #cve202543510 #cve202543520 #cve202554068
##CVE ID: CVE-2025-43520
Vendor: Apple
Product: Multiple Products
Date Added: 2026-03-20
Notes: https://support.apple.com/en-us/125632 ; https://support.apple.com/en-us/125633 ; https://support.apple.com/en-us/125634 ; https://support.apple.com/en-us/125635 ; https://support.apple.com/en-us/125636 ; https://support.apple.com/en-us/125637 ; https://support.apple.com/en-us/125638 ; https://support.apple.com/en-us/125639 ; https://nvd.nist.gov/vuln/detail/CVE-2025-43520
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-43520
Looks like CISA has added to the KEV catalogue. Today's winner is Apple.
- CVE-2025-31277: Apple Multiple Products Buffer Overflow Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-31277
- CVE-2025-43520: Apple Multiple Products Classic Buffer Overflow Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-43520
- CVE-2025-43510: Apple Multiple Products Improper Locking Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-43510
- CVE-2025-54068: Laravel Livewire Code Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-54068
- CVE-2025-32432: Craft CMS Code Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-32432 #CISA #Apple #infosec #vulnerability
##updated 2026-03-20T18:32:18
3 posts
🚨 [CISA-2026:0320] CISA Adds 5 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0320)
CISA has added 5 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2025-31277 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-31277)
- Name: Apple Multiple Products Buffer Overflow Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: Multiple Products
- Notes: https://support.apple.com/en-us/124147 ; https://support.apple.com/en-us/124149 ; https://support.apple.com/en-us/124152 ; https://support.apple.com/en-us/124153 ; https://support.apple.com/en-us/124155 ; https://nvd.nist.gov/vuln/detail/CVE-2025-31277
⚠️ CVE-2025-32432 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-32432)
- Name: Craft CMS Code Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Craft CMS
- Product: Craft CMS
- Notes: https://craftcms.com/knowledge-base/craft-cms-cve-2025-32432 ; https://github.com/craftcms/cms/security/advisories/GHSA-f3gw-9ww9-jmc3 ; https://nvd.nist.gov/vuln/detail/CVE-2025-32432
⚠️ CVE-2025-43510 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-43510)
- Name: Apple Multiple Products Improper Locking Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: Multiple Products
- Notes: https://support.apple.com/en-us/125632 ; https://support.apple.com/en-us/125633 ; https://support.apple.com/en-us/125634 ; https://support.apple.com/en-us/125635 ; https://support.apple.com/en-us/125636 ; https://support.apple.com/en-us/125637 ; https://support.apple.com/en-us/125638 ; https://support.apple.com/en-us/125639 ; https://nvd.nist.gov/vuln/detail/CVE-2025-43510
⚠️ CVE-2025-43520 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-43520)
- Name: Apple Multiple Products Classic Buffer Overflow Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: Multiple Products
- Notes: https://support.apple.com/en-us/125632 ; https://support.apple.com/en-us/125633 ; https://support.apple.com/en-us/125634 ; https://support.apple.com/en-us/125635 ; https://support.apple.com/en-us/125636 ; https://support.apple.com/en-us/125637 ; https://support.apple.com/en-us/125638 ; https://support.apple.com/en-us/125639 ; https://nvd.nist.gov/vuln/detail/CVE-2025-43520
⚠️ CVE-2025-54068 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-54068)
- Name: Laravel Livewire Code Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Laravel
- Product: Livewire
- Notes: https://github.com/livewire/livewire/security/advisories/GHSA-29cq-5w36-x7w3 ; https://github.com/livewire/livewire/commit/ef04be759da41b14d2d129e670533180a44987dc ; https://nvd.nist.gov/vuln/detail/CVE-2025-54068
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260320 #cisa20260320 #cve_2025_31277 #cve_2025_32432 #cve_2025_43510 #cve_2025_43520 #cve_2025_54068 #cve202531277 #cve202532432 #cve202543510 #cve202543520 #cve202554068
##CVE ID: CVE-2025-31277
Vendor: Apple
Product: Multiple Products
Date Added: 2026-03-20
Notes: https://support.apple.com/en-us/124147 ; https://support.apple.com/en-us/124149 ; https://support.apple.com/en-us/124152 ; https://support.apple.com/en-us/124153 ; https://support.apple.com/en-us/124155 ; https://nvd.nist.gov/vuln/detail/CVE-2025-31277
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-31277
Looks like CISA has added to the KEV catalogue. Today's winner is Apple.
- CVE-2025-31277: Apple Multiple Products Buffer Overflow Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-31277
- CVE-2025-43520: Apple Multiple Products Classic Buffer Overflow Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-43520
- CVE-2025-43510: Apple Multiple Products Improper Locking Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-43510
- CVE-2025-54068: Laravel Livewire Code Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-54068
- CVE-2025-32432: Craft CMS Code Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-32432 #CISA #Apple #infosec #vulnerability
##updated 2026-03-20T18:31:30
1 posts
🟠 CVE-2026-4491 - High (8.8)
A vulnerability has been found in Tenda A18 Pro 02.03.02.28. Impacted is the function fromSetIpMacBind of the file /goform/SetIpMacBind. Such manipulation of the argument list leads to stack-based buffer overflow. The attack can be executed remote...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4491/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T18:31:30
1 posts
🟠 CVE-2026-4493 - High (8.8)
A vulnerability was determined in Tenda A18 Pro 02.03.02.28. The impacted element is the function sub_423B50 of the file /goform/setMacFilterCfg of the component MAC Filtering Configuration Endpoint. Executing a manipulation of the argument device...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4493/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T18:31:27
1 posts
🟠 CVE-2026-32989 - High (8.8)
Precurio Intranet Portal 4.4 contains a cross-site request forgery vulnerability that allows attackers to induce authenticated users to submit crafted requests to a profile update endpoint handling file uploads. Attackers can exploit this to uploa...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32989/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T18:31:27
1 posts
🟠 CVE-2026-4489 - High (8.8)
A vulnerability was detected in Tenda A18 Pro 02.03.02.28. This vulnerability affects the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. The manipulation results in stack-based buffer overflow. The attack may be lau...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4489/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T18:16:17.383000
1 posts
🟠 CVE-2026-4492 - High (8.8)
A vulnerability was found in Tenda A18 Pro 02.03.02.28. The affected element is the function set_qosMib_list of the file /goform/formSetQosBand. Performing a manipulation of the argument list results in stack-based buffer overflow. The attack is p...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4492/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T18:08:15.507000
1 posts
Deep Dive into CVE-2026-33001 : Arbitrary File Creation leading to RCE via Symlink attack in Jenkins Core https://fancy-amber-76a.notion.site/Deep-Dive-into-CVE-2026-33001-Arbitrary-File-Creation-leading-to-RCE-via-Symlink-attack-in-Jenkins-328751512b3380049b3dfa3b934a9a12
##updated 2026-03-20T17:17:00.030000
1 posts
🟠 CVE-2026-4490 - High (8.8)
A flaw has been found in Tenda A18 Pro 02.03.02.28. This issue affects the function setSchedWifi of the file /goform/openSchedWifi. This manipulation causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit ha...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4490/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T16:16:19.093000
1 posts
🟠 CVE-2026-4488 - High (8.8)
A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected is the function strcpy of the file /goform/setSysAdm. Such manipulation of the argument GroupName leads to buffer overflow. It is possible to launch the attack ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4488/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T15:31:20
1 posts
🟠 CVE-2026-4486 - High (8.8)
A vulnerability was found in D-Link DIR-513 1.10. This affects the function formEasySetPassword of the file /goform/formEasySetPassword of the component Web Service. The manipulation of the argument curTime results in stack-based buffer overflow. ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4486/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T15:31:20
1 posts
🟠 CVE-2026-4487 - High (8.8)
A vulnerability was determined in UTT HiPER 1200GW up to 2.5.3-170306. This impacts the function strcpy of the file /goform/websHostFilter. This manipulation causes buffer overflow. It is possible to initiate the attack remotely. The exploit has b...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4487/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T15:16:17.220000
1 posts
⚠️ CVE-2026-32767: SiYuan (<3.6.1) has a CRITICAL SQL injection flaw in /api/search/fullTextSearchBlock. Any authenticated user can run SQL, risking full data compromise. Upgrade to 3.6.1+ ASAP. https://radar.offseq.com/threat/cve-2026-32767-cwe-89-improper-neutralization-of-s-8a5766fd #OffSeq #SiYuan #SQLInjection #Vuln
##updated 2026-03-20T15:16:15.490000
1 posts
🔴 CVE-2026-22172 - Critical (9.9)
OpenClaw versions prior to 2026.3.12 contain an authorization bypass vulnerability in the WebSocket connect path that allows shared-token or password-authenticated connections to self-declare elevated scopes without server-side binding. Attackers ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22172/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T14:16:16.523000
3 posts
🟠 CVE-2026-4475 - High (8.8)
A vulnerability has been found in Yi Technology YI Home Camera 2 2.1.1_20171024151200. The affected element is an unknown function of the file home/web/ipc. Such manipulation leads to hard-coded credentials. Access to the local network is required...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4475/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4475 - High (8.8)
A vulnerability has been found in Yi Technology YI Home Camera 2 2.1.1_20171024151200. The affected element is an unknown function of the file home/web/ipc. Such manipulation leads to hard-coded credentials. Access to the local network is required...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4475/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4475 - High (8.8)
A vulnerability has been found in Yi Technology YI Home Camera 2 2.1.1_20171024151200. The affected element is an unknown function of the file home/web/ipc. Such manipulation leads to hard-coded credentials. Access to the local network is required...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4475/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T13:39:46.493000
6 posts
Ubiquiti – CVE-2026-22557 : cette faille critique menace votre réseau UniFi https://www.it-connect.fr/ubiquiti-cve-2026-22557-cette-faille-critique-menace-votre-reseau-unifi/ #ActuCybersécurité #Cybersécurité #Vulnérabilité
##Ubiquiti Patches Critical Account Takeover Flaw in UniFi Network Application
Ubiquiti patched a critical path traversal vulnerability (CVE-2026-22557) and a high-severity NoSQL injection flaw in its UniFi Network Application. These bugs allow attackers to hijack accounts or escalate privileges, potentially compromising entire networking environments.
**If you are using Ubiquiti products, update your UniFi Network Application and UniFi Express firmware ASAP. As usual, first make sure all management interfaces are not exposed to the public internet and are accessible only from trusted networks.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/ubiquiti-patches-critical-account-takeover-flaw-in-unifi-network-application-0-3-2-q-p/gD2P6Ple2L
Geopolitical tensions surged as Iran targeted Gulf energy after Israeli strikes, spiking oil prices to $118/barrel (March 18-19). In cybersecurity, CISA warned of actively exploited SharePoint flaws (CVE-2026-20963), critical Ubiquiti UniFi (CVE-2026-22557), and Telnetd root-access vulnerabilities (CVE-2026-32746). NVIDIA forecasts $1T AI demand by 2027.
#AnonNews_irc #Cybersecurity #News
🔴 CVE-2026-22557 - Critical (10)
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could be manipulated to access an underlying account.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22557/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##just like cve-2026-22557, i think you're a 10/10 :neocat_sillycat_kisser:
##CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVE: CVE-2026-22557 (n00r3(@izn0u))
##updated 2026-03-20T13:39:46.493000
1 posts
🟠 CVE-2026-32011 - High (7.5)
OpenClaw versions prior to 2026.3.2 contain a denial of service vulnerability in webhook handlers for BlueBubbles and Google Chat that parse request bodies before performing authentication and signature validation. Unauthenticated attackers can ex...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32011/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T13:39:46.493000
1 posts
🟠 CVE-2026-23658 - High (8.6)
Insufficiently protected credentials in Azure DevOps allows an unauthorized attacker to elevate privileges over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23658/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T13:39:46.493000
1 posts
🟠 CVE-2026-26138 - High (8.6)
Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26138/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T13:39:46.493000
1 posts
🟠 CVE-2026-32749 - High (7.6)
SiYuan is a personal knowledge management system. In versions 3.6.0 and below, POST /api/import/importSY and POST /api/import/importZipMd write uploaded archives to a path derived from the multipart filename field without sanitization, allowing an...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32749/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T13:39:46.493000
1 posts
🔴 CVE-2026-30402 - Critical (9.8)
An issue in wgcloud v.2.3.7 and before allows a remote attacker to execute arbitrary code via the test connection function
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30402/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T13:39:46.493000
1 posts
🔴 CVE-2026-32865 - Critical (9.8)
OPEXUS eComplaint and eCASE before version 10.1.0.0 include the secret verification code in the HTTP response when requesting a password reset via 'ForcePasswordReset.aspx'. An attacker who knows an existing user's email address can reset the user...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32865/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T13:39:46.493000
1 posts
1 repos
https://github.com/watchtowrlabs/watchTowr-vs-BMC-Footprints-RCE-CVE-2025-71257-CVE-2025-71260
🟠 CVE-2025-71260 - High (8.8)
BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a deserialization of untrusted data vulnerability in the ASP.NET servlet's VIEWSTATE handling that allows authenticated attackers to execute arbitrary code. Attackers can supply cr...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71260/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T13:37:50.737000
1 posts
🔴 CVE-2026-32938 - Critical (9.9)
SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the /api/lute/html2BlockDOM on the desktop copies local files pointed to by file:// links in pasted HTML into the workspace assets directory without validating paths ag...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32938/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T13:37:50.737000
2 posts
🔴 CVE-2026-4038 - Critical (9.8)
The Aimogen Pro plugin for WordPress is vulnerable to Arbitrary Function Call that can lead to privilege escalation due to a missing capability check on the 'aiomatic_call_ai_function_realtime' function in all versions up to, and including, 2.7.5....
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4038/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CVE-2026-4038 (CRITICAL): Aimogen Pro WP plugin lets unauthenticated attackers gain admin via missing auth in aiomatic_call_ai_function_realtime. All versions affected. Disable plugin & monitor site integrity! https://radar.offseq.com/threat/cve-2026-4038-cwe-862-missing-authorization-in-cod-c5151216 #OffSeq #WordPress #CVE20264038
##updated 2026-03-20T13:37:50.737000
2 posts
🟠 CVE-2026-4478 - High (8.1)
A vulnerability was identified in Yi Technology YI Home Camera 2 2.1.1_20171024151200. This impacts an unknown function of the file home/web/ipc of the component HTTP Firmware Update Handler. The manipulation leads to improper verification of cryp...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4478/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CVE-2026-4478 (CRITICAL, CVSS 9.2) hits Yi Home Camera 2 (2.1.1_20171024151200): Improper signature verification in HTTP firmware update handler. Public exploit, no vendor response. Monitor & segment affected devices. https://radar.offseq.com/threat/cve-2026-4478-improper-verification-of-cryptograph-dd0fa87f #OffSeq #IoTSecurity #Vuln
##updated 2026-03-20T13:37:50.737000
1 posts
🟠 CVE-2026-32701 - High (7.5)
Qwik is a performance-focused JavaScript framework. Versions prior to 1.19.2 improperly inferred arrays from dotted form field names during FormData parsing. By submitting mixed array-index and object-property keys for the same path, an attacker c...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32701/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T13:37:50.737000
1 posts
🚨 CRITICAL: CVE-2026-33075 affects labring FastGPT ≤4.14.8.3. GitHub Actions workflow flaw enables attackers to run code & steal secrets, risking supply chain compromise. No patch — audit workflows & restrict secrets now! https://radar.offseq.com/threat/cve-2026-33075-cwe-494-download-of-code-without-in-52a1ff21 #OffSeq #Infosec #SupplyChain
##updated 2026-03-20T13:37:50.737000
2 posts
🟠 CVE-2026-32721 - High (8.6)
LuCI is the OpenWrt Configuration Interface. Versions prior to both 24.10.5 and 25.12.0, contain a stored XSS vulnerability in the wireless scan modal, where SSID values from scan results are rendered as raw HTML without any sanitization. The wire...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32721/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Root from the parking lot: OpenWRT XSS through SSID scanning (CVE-2026-32721) https://lobste.rs/s/vteijd #security
https://mxsasha.eu/posts/openwrt-ssid-xss-to-root/
updated 2026-03-20T13:37:50.737000
2 posts
1 repos
🟠 CVE-2026-4342 - High (8.8)
A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4342/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4342 - High (8.8)
A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4342/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T12:31:12
1 posts
🟠 CVE-2026-22324 - High (8.1)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Melania allows PHP Local File Inclusion.This issue affects Melania: from n/a through 2.5.0.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22324/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T00:31:34
2 posts
⛔ New security advisory:
CVE-2026-32985 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-32985-xerte-online-toolkits-rce-vulnerability-patch-immediately
🔴 CRITICAL: CVE-2026-32985 in Xerte Online Toolkits ≤3.14 lets attackers upload PHP via import.php and gain RCE — no auth needed! Patch ASAP or restrict access, disable PHP in user dirs. Details: https://radar.offseq.com/threat/cve-2026-32985-cwe-306-missing-authentication-for--04629a96 #OffSeq #CVE202632985 #infosec #RCE
##updated 2026-03-20T00:31:34
2 posts
1 repos
🔴 CVE-2026-32194 - Critical (9.8)
Improper neutralization of special elements used in a command ('command injection') in Microsoft Bing Images allows an unauthorized attacker to execute code over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32194/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-32194 - Critical (9.8)
Improper neutralization of special elements used in a command ('command injection') in Microsoft Bing Images allows an unauthorized attacker to execute code over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32194/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-19T22:29:35
1 posts
🔴 CVE-2026-32038 - Critical (9.8)
OpenClaw before 2026.2.24 contains a sandbox network isolation bypass vulnerability that allows trusted operators to join another container's network namespace. Attackers can configure the docker.network parameter with container: values to reach s...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32038/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-19T21:30:31
1 posts
🟠 CVE-2026-23659 - High (8.6)
Exposure of sensitive information to an unauthorized actor in Azure Data Factory allows an unauthorized attacker to disclose information over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23659/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-19T21:30:31
1 posts
🟠 CVE-2026-26139 - High (8.6)
Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26139/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-19T21:30:31
1 posts
🟠 CVE-2026-26137 - High (8.9)
Server-side request forgery (ssrf) in Microsoft 365 Copilot's Business Chat allows an authorized attacker to elevate privileges over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26137/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-19T21:30:31
1 posts
🔴 CVE-2026-32191 - Critical (9.8)
Improper neutralization of special elements used in an os command ('os command injection') in Microsoft Bing Images allows an unauthorized attacker to execute code over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32191/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-19T21:30:31
1 posts
🔴 CVE-2026-32169 - Critical (10)
Server-side request forgery (ssrf) in Azure Cloud Shell allows an unauthorized attacker to elevate privileges over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32169/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-19T21:30:31
1 posts
🟠 CVE-2026-3547 - High (7.5)
Out-of-bounds read in ALPN parsing due to incomplete validation. wolfSSL 5.8.4 and earlier contained an out-of-bounds read in ALPN handling when built with ALPN enabled (HAVE_ALPN / --enable-alpn). A crafted ALPN protocol list could trigger an out...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3547/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-19T21:13:39
1 posts
🟠 CVE-2026-32878 - High (7.5)
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.20 and 8.6.44, an attacker can bypass the default request keyword denylist protection and the class-level permission for a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32878/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-19T21:11:37
1 posts
🟠 CVE-2026-32728 - High (7.6)
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.15 and 8.6.41, an attacker who is allowed to upload files can bypass the file extension filter by appending a MIME paramet...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32728/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-19T19:34:30
1 posts
🟠 CVE-2026-4427 - High (7.5)
A flaw was found in pgproto3. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message with a negative field length. This input validation vulnerability can lead to a denial of service (DoS) due to a slice bounds ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4427/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-19T18:36:41
2 posts
ONNX Hub silent=True suppresses all trust verification, enabling supply chain attacks on ML model loading (CVE-2026-28500, CVSS 9.1, no patch available) https://raxe.ai/labs/advisories/RAXE-2026-039
##ONNX Hub silent=True suppresses all trust verification, enabling supply chain attacks on ML model loading (CVE-2026-28500, CVSS 9.1, no patch available) https://raxe.ai/labs/advisories/RAXE-2026-039
##updated 2026-03-19T18:32:22
1 posts
Two 20-year-old vulnerabilities fixed in XML::Parser 2.48:
- CVE-2006-10002: XML::Parser versions through 2.47 for Perl could
overflow the pre-allocated buffer size cause a heap corruption (double free or corruption) and crashes https://www.openwall.com/lists/oss-security/2026/03/19/1
- CVE-2006-10003: XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack https://www.openwall.com/lists/oss-security/2026/03/19/2
The patch fixing these has been available since 2006 but it's nice to see the fix in actual release, too.
##updated 2026-03-19T18:32:21
1 posts
2 repos
Apple Patches WebKit Vulnerability CVE-2026-20643 Across iOS, macOS
Apple has released a new security update to address a critical WebKit vulnerability tracked as CVE-2026-20643. The vulnerability was identified
🔗️ [Thecyberexpress] https://link.is.it/lPLEWn
##updated 2026-03-19T17:31:24.010000
1 posts
🟠 CVE-2026-31968 - High (8.1)
HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. For the `VARINT` and `CONST` encodings, incomplete ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31968/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-19T17:30:45.370000
1 posts
🟠 CVE-2026-31962 - High (8.8)
HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. While most alignment records store DNA sequence and quality values, the format also allows them to omit ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31962/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-19T17:21:45.437000
1 posts
🟠 CVE-2026-32886 - High (7.5)
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.24 and 8.6.47, remote clients can crash the Parse Server process by calling a cloud function endpoint with a crafted funct...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32886/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-19T17:16:22.987000
2 posts
2 repos
🚨 CVE-2026-24291 (RegPwn)
Windows Accessibility Infrastructure (ATBroker.exe) Elevation of Privilege Vulnerability
Incorrect permission assignment for critical resource in Windows Accessibility Infrastructure (ATBroker.exe) allows an authorized attacker to elevate privileges locally.
##🚨 CVE-2026-24291 (RegPwn)
Windows Accessibility Infrastructure (ATBroker.exe) Elevation of Privilege Vulnerability
Incorrect permission assignment for critical resource in Windows Accessibility Infrastructure (ATBroker.exe) allows an authorized attacker to elevate privileges locally.
##updated 2026-03-19T16:46:28.467000
1 posts
🟠 CVE-2026-32944 - High (7.5)
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.21 and 8.6.45, an unauthenticated attacker can crash the Parse Server process by sending a single request with deeply nest...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32944/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-19T15:32:23
2 posts
🟠 CVE-2026-29856 - High (7.5)
An issue in the VirtualHost configuration handling/parser component of aaPanel v7.57.0 allows attackers to cause a Regular Expression Denial of Service (ReDoS) via a crafted input.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-29856/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-29856 - High (7.5)
An issue in the VirtualHost configuration handling/parser component of aaPanel v7.57.0 allows attackers to cause a Regular Expression Denial of Service (ReDoS) via a crafted input.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-29856/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-19T15:32:23
2 posts
🔴 CVE-2026-30704 - Critical (9.1)
The WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02) exposes an unprotected UART interface through accessible hardware pads on the PCB
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30704/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-30704 - Critical (9.1)
The WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02) exposes an unprotected UART interface through accessible hardware pads on the PCB
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30704/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-19T15:32:23
1 posts
🔴 CVE-2026-29859 - Critical (9.8)
An arbitrary file upload vulnerability in aaPanel v7.57.0 allows attackers to execute arbitrary code via uploading a crafted file.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-29859/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-19T15:32:23
1 posts
🟠 CVE-2026-29858 - High (7.5)
A lack of path validation in aaPanel v7.57.0 allows attackers to execute a local file inclusion (LFI), leadingot sensitive information exposure.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-29858/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-19T15:31:27
1 posts
🟠 CVE-2026-22558 - High (7.7)
An Authenticated NoSQL Injection vulnerability found in UniFi Network Application could allow a malicious actor with authenticated access to the network to escalate privileges.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22558/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-19T15:31:27
1 posts
🟠 CVE-2026-4424 - High (7.5)
A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can e...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4424/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-19T15:16:20.657000
2 posts
🟠 CVE-2025-58112 - High (8.8)
Microsoft Dynamics 365 Customer Engagement (on-premises) 1612 (9.0.2.3034) allows the generation of customized reports via raw SQL queries in an upload of a .rdl (Report Definition Language) file; this is then processed by the SQL Server Reporting...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-58112/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-58112 - High (8.8)
Microsoft Dynamics 365 Customer Engagement (on-premises) 1612 (9.0.2.3034) allows the generation of customized reports via raw SQL queries in an upload of a .rdl (Report Definition Language) file; this is then processed by the SQL Server Reporting...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-58112/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-19T13:59:29.387000
1 posts
🟠 CVE-2026-31970 - High (8.1)
HTSlib is a library for reading and writing bioinformatics file formats. GZI files are used to index block-compressed GZIP [BGZF] files. In the GZI loading function, `bgzf_index_load_hfile()`, it was possible to trigger an integer overflow, leadi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31970/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-19T13:58:31.573000
1 posts
🟠 CVE-2026-31971 - High (8.1)
HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. When reading data encoded using the `BYTE_ARRAY_LEN...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31971/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-19T13:25:00.570000
1 posts
🟠 CVE-2026-3658 - High (7.5)
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the 'fields' parameter in all versions up to, and including, 1.6.10.0 due to insufficient escaping on the user...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3658/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-19T13:25:00.570000
2 posts
🚨 CRITICAL (CVSS 9.1): Syarif Mobile App Editor ≤1.3.1 hit by CWE-434 unrestricted file upload (CVE-2026-27067). Allows web shell deployment & full compromise. Enforce strict validation, monitor uploads, patch ASAP! https://radar.offseq.com/threat/cve-2026-27067-cwe-434-unrestricted-upload-of-file-001b9b9d #OffSeq #CVE202627067 #Infosec
##🔴 CVE-2026-27067 - Critical (9.1)
Unrestricted Upload of File with Dangerous Type vulnerability in Syarif Mobile App Editor allows Upload a Web Shell to a Web Server.This issue affects Mobile App Editor: from n/a through 1.3.1.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27067/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-19T13:25:00.570000
1 posts
🔴 CVE-2025-60237 - Critical (9.8)
Deserialization of Untrusted Data vulnerability in Themeton Finag allows Object Injection.This issue affects Finag: from n/a through 1.5.0.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-60237/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-19T12:30:41
1 posts
🟠 CVE-2026-3511 - High (8.6)
Improper Restriction of XML External Entity Reference vulnerability in XMLUtils.java in Slovensko.Digital Autogram allows remote unauthenticated attacker to conduct SSRF (Server Side Request Forgery) attacks and obtain unauthorized access to local...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3511/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-19T09:30:25
3 posts
🚨 CRITICAL: CVE-2026-27065 in ThimPress BuilderPress (≤2.0.1) lets attackers perform unauthenticated RFI, risking full WordPress compromise. Disable plugin & harden PHP configs immediately! https://radar.offseq.com/threat/cve-2026-27065-cwe-98-improper-control-of-filename-c54e685b #OffSeq #WordPress #Vuln #RFI #CVE202627065
##🔴 CVE-2026-27065 - Critical (9.8)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress BuilderPress allows PHP Local File Inclusion.This issue affects BuilderPress: from n/a through 2.0.1.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27065/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-27065 - Critical (9.8)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress BuilderPress allows PHP Local File Inclusion.This issue affects BuilderPress: from n/a through 2.0.1.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27065/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-19T09:30:25
1 posts
🟠 CVE-2026-25445 - High (8.8)
Deserialization of Untrusted Data vulnerability in Membership Software WishList Member X allows Object Injection.This issue affects WishList Member X: from n/a through 3.29.0.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25445/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-19T09:30:25
1 posts
🔴 CVE-2025-60233 - Critical (9.8)
Deserialization of Untrusted Data vulnerability in Themeton Zuut allows Object Injection.This issue affects Zuut: from n/a through 1.4.2.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-60233/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T21:32:58
5 posts
CVE-2026-20963 Sharepoint Insecure Deserialization 8.8/10
Weekend soon. Where @watchTowr blog? Need lolz. I can has?
##Critical Microsoft SharePoint RCE Vulnerability CVE-2026-20963 Under Active Exploitation
Microsoft SharePoint is under active exploitation of a critical RCE vulnerability (CVE-2026-20963) that allows unauthenticated attackers to take over servers via a deserialization flaw.
**Your SharePoint servers are under attack. Ideally, isolate them from the internet and make them accessible only from internal networks. Them apply the January 2026 patch ASAP. If you are still using SharePoint 2013 or older, isolate them and upgrade to a newer version. Those old systems are permanently vulnerable.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/critical-microsoft-sharepoint-rce-vulnerability-cve-2026-20963-under-active-exploitation-l-r-5-d-h/gD2P6Ple2L
Geopolitical tensions surged as Iran targeted Gulf energy after Israeli strikes, spiking oil prices to $118/barrel (March 18-19). In cybersecurity, CISA warned of actively exploited SharePoint flaws (CVE-2026-20963), critical Ubiquiti UniFi (CVE-2026-22557), and Telnetd root-access vulnerabilities (CVE-2026-32746). NVIDIA forecasts $1T AI demand by 2027.
#AnonNews_irc #Cybersecurity #News
If you missed this yesterday, CISA added two vulnerabilities to the KEV catalogue.
- CVE-2026-20963: Microsoft SharePoint Deserialization of Untrusted Data Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-20963
- CVE-2025-66376: Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-66376 #CISA #infosec #Zimbra #Microsoft #vulnerability
##⚠️ CRITICAL: CISA reports active exploits of CVE-2026-20963 in Microsoft SharePoint. Remote code execution allows full server compromise. Patch now, monitor logs, segment networks! https://radar.offseq.com/threat/cisa-warns-of-attacks-exploiting-recent-sharepoint-171abc90 #OffSeq #SharePoint #Vuln #RCE
##updated 2026-03-18T20:20:27
1 posts
CVE-2026-22729: JSONPath Injection in Spring AI’s PgVectorStore https://blog.securelayer7.net/cve-2026-22729-jsonpath-injection-spring-ai-pgvectorstore/
##updated 2026-03-18T19:54:32
2 posts
🟠 CVE-2026-33172 - High (8.7)
Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.14 and 6.7.0, a stored XSS vulnerability in SVG asset reuploads allows authenticated users with asset upload permissions to bypass SVG sanitization and i...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33172/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33172 - High (8.7)
Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.14 and 6.7.0, a stored XSS vulnerability in SVG asset reuploads allows authenticated users with asset upload permissions to bypass SVG sanitization and i...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33172/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T18:31:10
2 posts
CISA adds Zimbra XSS (CVE-2025-66376) to KEV.
Actively exploited.
Patch immediately.
Follow TechNadu.
##If you missed this yesterday, CISA added two vulnerabilities to the KEV catalogue.
- CVE-2026-20963: Microsoft SharePoint Deserialization of Untrusted Data Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-20963
- CVE-2025-66376: Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-66376 #CISA #infosec #Zimbra #Microsoft #vulnerability
##updated 2026-03-18T15:30:44
3 posts
4 repos
https://github.com/chosenonehacks/CVE-2026-32746
https://github.com/jeffaf/cve-2026-32746
https://github.com/danindiana/cve-2026-32746-mitigation
https://github.com/watchtowrlabs/watchtowr-vs-telnetd-CVE-2026-32746
Posted yesterday, if you missed it:
WatchTower: A 32-Year-Old Bug Walks Into A Telnet Server (GNU inetutils Telnetd CVE-2026-32746 Pre-Auth RCE) https://labs.watchtowr.com/a-32-year-old-bug-walks-into-a-telnet-server-gnu-inetutils-telnetd-cve-2026-32746/ #infosec #threatresearch
##Geopolitical tensions surged as Iran targeted Gulf energy after Israeli strikes, spiking oil prices to $118/barrel (March 18-19). In cybersecurity, CISA warned of actively exploited SharePoint flaws (CVE-2026-20963), critical Ubiquiti UniFi (CVE-2026-22557), and Telnetd root-access vulnerabilities (CVE-2026-32746). NVIDIA forecasts $1T AI demand by 2027.
#AnonNews_irc #Cybersecurity #News
A 32-Year-Old Bug Walks Into A Telnet Server (GNU inetutils Telnetd CVE-2026-32746) - watchTowr Labs https://labs.watchtowr.com/a-32-year-old-bug-walks-into-a-telnet-server-gnu-inetutils-telnetd-cve-2026-32746/
##updated 2026-03-18T14:52:44.227000
1 posts
ConnectWise Patches Critical ScreenConnect Cryptographic Flaw
ConnectWise patched a critical vulnerability (CVE-2026-3564) in ScreenConnect that allows attackers to extract cryptographic machine keys and bypass session authentication. The flaw enables unauthorized access and privilege escalation, which is a significant risk to MSPs and their downstream clients.
**Treat this update as an emergency change because remote access tools are primary targets for lateral movement and supply chain attacks. If you run on-premises ScreenConnect, verify your version immediately, patch ASAP.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/connectwise-patches-critical-screenconnect-cryptographic-flaw-i-v-k-f-7/gD2P6Ple2L
updated 2026-03-18T12:58:35
2 posts
🟠 CVE-2026-33053 - High (8.8)
Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the delete_api_key_route() endpoint accepts an api_key_id path parameter and deletes it with only a generic authentication check (get_curren...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33053/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33053 - High (8.8)
Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the delete_api_key_route() endpoint accepts an api_key_id path parameter and deletes it with only a generic authentication check (get_curren...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33053/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T06:31:20
7 posts
3 repos
https://github.com/fevar54/CVE-2026-3888-POC-all-from-the-Qualys-platform.
https://github.com/netw0rk7/CVE-2026-3888-PoC
https://github.com/Many-Hat-Group/Ubuntu-CVE-2026-3888-patcher
Ubuntu CVE-2026-3888 Bug Lets Attackers Gain Root via systemd Cleanup Timing Exploit https://thehackernews.com/2026/03/ubuntu-cve-2026-3888-bug-lets-attackers.html
##Ubuntu a rischio: bug di Snap permette accesso root (CVE-2026-3888)
#Ubuntu
Scoperta una vulnerabilità critica in Ubuntu (CVE-2026-3888): il sistema Snap permette escalation a root.
https://www.marcosbox.com/2026/03/19/ubuntu-vulnerabilita-snap-cve-2026-3888-root/
##「 Local Privilege Escalation (LPE) vulnerability affecting default installations of Ubuntu Desktop version 24.04 and later. This flaw (CVE-2026-3888) allows an unprivileged local attacker to escalate privileges to full root access through the interaction of two standard system components: snap-confine and systemd-tmpfiles. 」
https://blog.qualys.com/vulnerabilities-threat-research/2026/03/17/cve-2026-3888-important-snap-flaw-enables-local-privilege-escalation-to-root
snap-confine + systemd-tmpfiles = root (CVE-2026-3888) https://lobste.rs/s/deodzu #linux #security
https://cdn2.qualys.com/advisory/2026/03/17/snap-confine-systemd-tmpfiles.txt
Qualys, posted yesterday: CVE-2026-3888: Important Snap Flaw Enables Local Privilege Escalation to Root https://blog.qualys.com/vulnerabilities-threat-research/2026/03/17/cve-2026-3888-important-snap-flaw-enables-local-privilege-escalation-to-root
More:
Infosesecurity-Magazine: New Flaw Affecting Ubuntu Enables Local Attackers to Gain Root Access https://www.infosecurity-magazine.com/news/ubuntu-flaw-enables-root-access/ #Ubuntu #Linux #infosec #vulnerability
##Found yet another high severity #systemd bug in Ubuntu: local root privilege escalation (CVE-2026-3888)
Let us wish all #Devuan users a wonderful day out with their family for a merry father's day, instead of shoveling unicorn shit.
##updated 2026-03-17T20:08:56.733000
1 posts
🟠 CVE-2026-33142 - High (8.1)
OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.34, the fix for CVE-2026-32306 (ClickHouse SQL injection via aggregate query parameters) added column name validation to the _aggregateBy method but did not...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33142/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T20:05:06
4 posts
3 repos
https://github.com/MaxMnMl/langflow-CVE-2026-33017-poc
https://github.com/SimoesCTT/Sovereign-Echo-33017
https://github.com/omer-efe-curkus/CVE-2026-33017-Langflow-RCE-PoC
Critical Langflow RCE Vulnerability CVE-2026-33017 Exploited Within Hours
Researchers report active exploitation of a critical RCE vulnerability (CVE-2026-33017) in Langflow that allows unauthenticated attackers to execute arbitrary Python code and steal sensitive API keys. The flaw was weaponized within 20 hours of disclosure, targeting exposed AI orchestration pipelines to harvest credentials and environment variables.
**If you're running Langflow, this is urgent. Update immediately to version 1.9.0.dev8 or later to patch CVE-2026-33017, and disable the AUTO_LOGIN=true default setting. Until you can update, restrict network access to the vulnerable endpoint, place Langflow behind a reverse proxy with authentication. Regardless if you patch or isolate, make sure to rotate all API keys and credentials the platform uses after isolating.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/critical-langflow-rce-vulnerability-cve-2026-33017-exploited-within-hours-q-n-c-a-6/gD2P6Ple2L
Critical Langflow RCE Vulnerability CVE-2026-33017 Exploited Within Hours
Researchers report active exploitation of a critical RCE vulnerability (CVE-2026-33017) in Langflow that allows unauthenticated attackers to execute arbitrary Python code and steal sensitive API keys. The flaw was weaponized within 20 hours of disclosure, targeting exposed AI orchestration pipelines to harvest credentials and environment variables.
**If you're running Langflow, this is urgent. Update immediately to version 1.9.0.dev8 or later to patch CVE-2026-33017, and disable the AUTO_LOGIN=true default setting. Until you can update, restrict network access to the vulnerable endpoint, place Langflow behind a reverse proxy with authentication. Regardless if you patch or isolate, make sure to rotate all API keys and credentials the platform uses after isolating.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/critical-langflow-rce-vulnerability-cve-2026-33017-exploited-within-hours-q-n-c-a-6/gD2P6Ple2L
Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure
https://thehackernews.com/2026/03/critical-langflow-flaw-cve-2026-33017.html
Short summary: https://hackerworkspace.com/article/critical-langflow-flaw-cve-2026-33017-triggers-attacks-within-20-hours-of-disclosure
##From yesterday. Langflow is "an open-source visual framework for building AI agents and retrieval-augmented generation (RAG) pipelines."
Sysdig: CVE-2026-33017: How attackers compromised Langflow AI pipelines in 20 hours https://www.sysdig.com/blog/cve-2026-33017-how-attackers-compromised-langflow-ai-pipelines-in-20-hours
More:
Infosecurity-Magazine: https://www.infosecurity-magazine.com/news/hackers-exploit-critical-langflow/ #infosec
##updated 2026-03-10T21:32:13
1 posts
Critical RCE Vulnerability Patched in Delta Electronics COMMGR 2
Delta Electronics patched a critical stack-based buffer overflow (CVE-2026-3630) and an out-of-bounds read (CVE-2026-3631) in its COMMGR 2 software that could allow unauthenticated attackers to execute remote code or leak sensitive data.
**Make sure all industrial devices are isolated from the internet and accessible from trusted networks only. Update Delta Electronics COMMGR 2 software to version 2.11.1 as soon as possible. In the meantime make sure they are isolated from the internet.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-rce-vulnerability-patched-in-delta-electronics-commgr-2-l-p-i-8-y/gD2P6Ple2L
updated 2026-03-10T18:48:42.673000
1 posts
Critical RCE Vulnerability Patched in Delta Electronics COMMGR 2
Delta Electronics patched a critical stack-based buffer overflow (CVE-2026-3630) and an out-of-bounds read (CVE-2026-3631) in its COMMGR 2 software that could allow unauthenticated attackers to execute remote code or leak sensitive data.
**Make sure all industrial devices are isolated from the internet and accessible from trusted networks only. Update Delta Electronics COMMGR 2 software to version 2.11.1 as soon as possible. In the meantime make sure they are isolated from the internet.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-rce-vulnerability-patched-in-delta-electronics-commgr-2-l-p-i-8-y/gD2P6Ple2L
updated 2026-02-27T21:31:20
1 posts
OpenSIPS SQL Injection to Authentication Bypass (CVE-2026-25554) https://aisle.com/blog/opensips-sql-injection-aisle-deep-dive-sql-injection-authentication-bypass
##updated 2026-02-27T16:51:59
1 posts
New advisory. Login is needed for details.
Broadcom: Critical: Software Toolkit Plugin for z/OSMF 1.0 - Vulnerability in fast-xml-parser (CVE-2026-25896) https://support.broadcom.com/web/ecx/security-advisory #infosec #vulnerability #Broadcom
##updated 2026-02-20T18:31:25
1 posts
1 repos
updated 2026-02-19T18:32:09
2 posts
1 repos
https://github.com/rootdirective-sec/CVE-2026-1581-Analysis-Lab
wpForo Forum <= 2.4.14 - SQL Injection (CVE-2026-1581)
https://pentest-tools.com/vulnerabilities-exploits/wpforo-forum-2414-sql-injection_29049
Short summary: https://hackerworkspace.com/article/wpforo-forum-2-4-14-sql-injection-cve-2026-1581
##wpForo Forum <= 2.4.14 - SQL Injection (CVE-2026-1581)
https://pentest-tools.com/vulnerabilities-exploits/wpforo-forum-2414-sql-injection_29049
Short summary: https://hackerworkspace.com/article/wpforo-forum-2-4-14-sql-injection-cve-2026-1581
##updated 2026-01-30T00:04:19
1 posts
AutoGPT CVE-2026-24780 (NVD verified): authenticated users could execute disabled blocks pre-v0.6.44.
Devin: $500/mo, session-based.
Operator: requires human approval.
CrewAI: persistent memory in dev.
the agent (ENERGENAI LLC): 20,280 cycles, $0.019/cycle avg, 9 months logged.
Full comparison: the-service.live?ref=mastodon-agent-cmp
##updated 2025-11-03T21:35:11
1 posts
Attackers Exploit Critical Quest KACE SMA Authentication Bypass
Arctic Wolf reports attacks exploiting a critical authentication bypass (CVE-2025-32975) in Quest KACE SMA to gain administrative control and move laterally into domain controllers and backup systems.
**If you are using Quest KACE SMA, this is urgent. Make sure your Quest KACE SMA is off the public internet and behind a VPN immediately. Check your logs for new unknown admin accounts, as these are signs that attackers have already taken over your management system. Then patch ASAP.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/attackers-exploit-critical-quest-kace-sma-authentication-bypass-z-3-u-b-2/gD2P6Ple2L
⛔ New security advisory:
CVE-2026-33135 affects Wegia Wegia.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-33135-wegia-web-manager-reflected-xss-update-to-3-6-7
🔴 CVE-2026-33135 - Critical (9.3)
WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting (XSS) vulnerability in the novo_memorandoo.php endpoint. An attacker can inject arbitrary JavaScript into the sccs GET parameter, wh...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33135/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##📺 https://peer.adalta.social/w/wg6KobEvvKKJLWMzqGDZtq
🔗 [🇩🇪🇺🇸🇫🇷](https://adalta.info/articles/prstn_security_116266728422046419_fr)
🔗 [ℹ️](https://www.redpacketsecurity.com/cve-alert-cve-2026-33134-labredescefetrj-wegia/")
Une injection SQL authentifiée dans WeGIA compromet l'intégralité des bases de données des institutions.
##📺 https://peer.adalta.social/w/vUPVbxbkikKKbXfJUWY7un
🔗 [🇩🇪🇺🇸🇫🇷](https://adalta.info/articles/prstn_security_116266728422046419_en)
🔗 [ℹ️](https://www.redpacketsecurity.com/cve-alert-cve-2026-33134-labredescefetrj-wegia/")
An authenticated SQL injection in WeGIA enables full database compromise, demanding immediate remediation for high-risk organizations.
##📺 https://peer.adalta.social/w/gG6EiykmeMqKds94uYjSvn
🔗 [🇩🇪🇺🇸🇫🇷](https://adalta.info/articles/prstn_security_116266728422046419_de)
🔗 [ℹ️](https://www.redpacketsecurity.com/cve-alert-cve-2026-33134-labredescefetrj-wegia/")
Authentifizierte SQL-Injektion in einer Wohltätigkeitssoftware ermöglicht vollständige Datenbankkompromittierung.
##🔴 CVE-2026-33134 - Critical (9.3)
WeGIA is a web manager for charitable institutions. Versions 3.6.5 and below contain an authenticated SQL Injection vulnerability in the html/matPat/restaurar_produto.php endpoint. The vulnerability allows an authenticated attacker to inject arbit...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33134/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-32891 - Critical (9)
Anchorr is a Discord bot for requesting movies and TV shows and receiving notifications when items are added to a media server. Versions 1.4.1 and below contain a stored XSS vulnerability in the Jellyseerr user selector. Jellyseerr allows any acco...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32891/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-32890 - Critical (9.6)
Anchorr is a Discord bot for requesting movies and TV shows and receiving notifications when items are added to a media server. In versions 1.4.1 and below, a stored Cross-site Scripting (XSS) vulnerability in the web dashboard's User Mapping drop...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32890/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33037 - High (8.1)
WWBN AVideo is an open source video platform. In versions 25.0 and below, the official Docker deployment files (docker-compose.yml, env.example) ship with the admin password set to "password", which is automatically used to seed the admin account ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33037/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33037 - High (8.1)
WWBN AVideo is an open source video platform. In versions 25.0 and below, the official Docker deployment files (docker-compose.yml, env.example) ship with the admin password set to "password", which is automatically used to seed the admin account ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33037/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27625 - High (8.1)
Stirling-PDF is a locally hosted web application that performs various operations on PDF files. In versions prior to 2.5.2, the /api/v1/convert/markdown/pdf endpoint extracts user-supplied ZIP entries without path checks. Any authenticated user ca...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27625/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33072 - High (8.2)
FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.9.0, a hardcoded default encryption key (default_please_change_this_key) is used for all cryptographic operations — HMAC token generation, AES config encryption, ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33072/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33150 - High (7.8)
libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a use-after-free vulnerability in the io_uring subsystem of libfuse allows a local attacker to crash FUSE filesystem processes and potentially...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33150/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33156 - High (7.8)
ScreenToGif is a screen recording tool. In versions from 2.42.1 and prior, ScreenToGif is vulnerable to DLL sideloading via version.dll . When the portable executable is run from a user-writable directory, it loads version.dll from the application...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33156/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-31836 - High (8.1)
Checkmate is an open-source, self-hosted tool designed to track and monitor server hardware, uptime, response times, and incidents in real-time with beautiful visualizations. In versions from 3.5.1 and prior, a mass assignment vulnerability in Che...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31836/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32303 - High (7.6)
Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.1, an integrity check vulnerability allows an attacker to tamper with the vault configuration file leading to a man-in-the-middle vulnerability in Hub key loadin...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32303/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32710 - High (8.5)
MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSON_SCHEMA_VALID() function. Under certain conditions it might be possible to t...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32710/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32318 - High (7.6)
Cryptomator for IOS offers multi-platform transparent client-side encryption for files in the cloud. Prior to version 2.8.3, an integrity check vulnerability allows an attacker tamper with the vault configuration file leading to a man-in-the-middl...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32318/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##New.
Tenable research advisories: High-severity CVE-2026-33307 and CVE-2026-33308: mod_gnutls Multiple Vulnerabilities https://www.tenable.com/security/research/tra-2026-20 @tenable #infosec #vulnerability
##New.
Tenable research advisories: High-severity CVE-2026-33307 and CVE-2026-33308: mod_gnutls Multiple Vulnerabilities https://www.tenable.com/security/research/tra-2026-20 @tenable #infosec #vulnerability
##🚨 CVE-2026-33024: CRITICAL SSRF in WWBN AVideo-Encoder <8.0. Public API allows blind SSRF, risking internal/cloud data exposure. Upgrade to v8.0 or restrict outbound traffic now! https://radar.offseq.com/threat/cve-2026-33024-cwe-918-server-side-request-forgery-82e88a08 #OffSeq #SSRF #Vulnerability #InfoSec
##CVE-2026-4428: Issues with AWS-LC - CRL Distribution Point Scope Check Logic Error
https://aws.amazon.com/security/security-bulletins/rss/2026-010-aws/
Short summary: https://hackerworkspace.com/article/cve-2026-4428-issues-with-aws-lc-crl-distribution-point-scope-check-logic-error
##🔴 CVE-2026-29103 - Critical (9.1)
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. A Critical Remote Code Execution (RCE) vulnerability exists in SuiteCRM 7.15.0 and 8.9.2, allowing authenticated administrators to execute ar...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-29103/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-32754 - Critical (9.3)
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Versions 1.8.208 and below are vulnerable to Stored Cross-Site Scripting (XSS) through FreeScout's email notification templates. Incoming email bodies are stored in...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32754/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-31965 - High (8.2)
HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. In the `cram_decode_slice()` function called while reading CRAM records, validation of the reference id ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31965/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-31964 - High (7.5)
HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. While most alignment records store DNA sequence an...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31964/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-31963 - High (8.1)
HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. As one method of removing redundant data, CRAM uses reference-based compression so that instead of stori...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31963/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-31969 - High (8.1)
HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. When reading data encoded using the `BYTE_ARRAY_ST...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31969/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-31967 - Critical (9.1)
HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. In the `cram_decode_slice()` function called while reading CRAM records, the value of the mate reference...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31967/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-31966 - Critical (9.1)
HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. As one method of removing redundant data, CRAM uses reference-based compression so that instead of stori...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31966/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-31973 - High (7.5)
SAMtools is a program for reading, manipulating and writing bioinformatics file formats. Starting in version 1.17, in the cram-size command, used to write information about how well CRAM files are compressed, a check to see if the `cram_decode_com...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31973/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-31972 - Critical (9.8)
SAMtools is a program for reading, manipulating and writing bioinformatics file formats. The `mpileup` command outputs DNA sequences that have been aligned against a known reference. On each output line it writes the reference position, optionally...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31972/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##1 posts
1 repos
https://github.com/ChrisSub08/CVE-2026-32238_RemoteCodeExecutionOpenEMR8.0.0
🔴 CVE-2026-32238 - Critical (9.1)
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.2 contain a Command injection vulnerability in the backup functionality that can be exploited by authenticated attacke...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32238/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Kanboard Authenticated SQL Injection CVE-2026-33058 Writeup https://0dave.ch/posts/cve-2026-33058/
##