24h | 7d | 30d

CVE-2024-3721

Overview

  • TBK
  • DVR-4104
13 Apr 2024
Published
01 Aug 2024
Updated
CVSS v3.1
MEDIUM (6.3)
EPSS
83.86%
KEV

Description

A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing of the file /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___. The manipulation of the argument mdb/mdc leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260573 was assigned to this vulnerability.

Statistics

  • 3 Posts
  • 1 Interaction
Last activity: Last hour

Fediverse

Profile picture fallback
tomcat @tomcat

Attackers are exploiting CVE-2024-3721 in TBK DVRs to deploy Mirai variant Nexcorium.

It spreads via old exploits and default creds, persists on devices, and launches DDoS attacks. EoL TP-Link routers are also being targeted via known flaws.

🔗 Read → thehackernews.com/2026/04/mira

  • 0
  • 1
  • 0
  • 13h ago

Bluesky

Profile picture fallback
Sami Laiho @samilaiho.com
Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet thehackernews.com/2026/04/mira...
  • 0
  • 0
  • 0
  • 11h ago
Profile picture fallback
キタきつね @kitafox.bsky.social
Miraiの亜種NexcoriumがCVE-2024-3721を悪用し、TBK DVRを乗っ取ってDDoSボットネットを構築 Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet #HackerNews (Apr 18) thehackernews.com/2026/04/mira...
  • 0
  • 0
  • 0
  • Last hour

CVE-2026-33829

Overview

  • Microsoft
  • Windows 10 Version 1607
14 Apr 2026
Published
17 Apr 2026
Updated
CVSS v3.1
MEDIUM (4.3)
EPSS
0.06%
KEV

Description

Exposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauthorized attacker to perform spoofing over a network.

Statistics

  • 2 Posts
  • 7 Interactions
Last activity: 6 hours ago

Fediverse

Profile picture fallback
Bezpieka Nadaje @bezpieka

CVE-2026-33829 - kolejny ciekawy błąd w Windowsie.
Jeżeli masz zainstalowane "Narzędzie Wycinanie" (a najprawdopodobniej masz) - wystarczy, że wejdziesz na spreparowaną stronę internetową, żeby Twoje hasło do Windowsa (hash NTLM) popłynęło na serwer atakującego.

  • 5
  • 2
  • 0
  • 12h ago

Bluesky

Profile picture fallback
Undercode Testing @undercode.bsky.social
CVE-2026-33829: “One Click to Own the Domain” — How a Built‑In Windows Tool Leaks Your NTLMv2 Hash + Video Introduction A newly disclosed vulnerability (CVE‑2026‑33829) in the Windows Snipping Tool allows an attacker to silently steal a user’s NTLMv2 password hash over a network using a single…
  • 0
  • 0
  • 0
  • 6h ago

CVE-2026-4440

Overview

  • Google
  • Chrome
20 Mar 2026
Published
21 Mar 2026
Updated
CVSS
Pending
EPSS
0.07%
KEV

Description

Out of bounds read and write in WebGL in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Critical)

Statistics

  • 1 Post
  • 18 Interactions
Last activity: 12 hours ago

Fediverse

Profile picture fallback
Catalin Cimpanu @campuscodi

Exploit code for a recently patched Chrome vulnerability has leaked online via a misconfigured server.

Security firm Breakglass believes the code is the work of a "professional exploit developer," and most intended for "sale or government use."

intel.breakglass.tech/post/cve

  • 10
  • 8
  • 0
  • 12h ago

CVE-2026-34197

Overview

  • Apache Software Foundation
  • Apache ActiveMQ Broker
  • org.apache.activemq:activemq-broker
07 Apr 2026
Published
17 Apr 2026
Updated
CVSS
Pending
EPSS
46.64%
KEV

Description

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations on all ActiveMQ MBeans (org.apache.activemq:*), including BrokerService.addNetworkConnector(String) and BrokerService.addConnector(String). An authenticated attacker can invoke these operations with a crafted discovery URI that triggers the VM transport's brokerConfig parameter to load a remote Spring XML application context using ResourceXmlApplicationContext. Because Spring's ResourceXmlApplicationContext instantiates all singleton beans before the BrokerService validates the configuration, arbitrary code execution occurs on the broker's JVM through bean factory methods such as Runtime.exec(). This issue affects Apache ActiveMQ Broker: before 5.19.4, from 6.0.0 before 6.2.3; Apache ActiveMQ All: before 5.19.4, from 6.0.0 before 6.2.3; Apache ActiveMQ: before 5.19.4, from 6.0.0 before 6.2.3. Users are recommended to upgrade to version 5.19.4 or 6.2.3, which fixes the issue

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 7 hours ago

Fediverse

Profile picture fallback
Can Artuc @canartuc

CISA added Apache ActiveMQ CVE-2026-34197 to the Known Exploited Vulnerabilities list on April 17 with a federal deadline of April 30. Horizon3's Naveen Sunkavally found the bug by running Claude over the Jolokia code. The flaw has sat in the codebase for 13 years. 8,000+ brokers on the open internet, admin:admin still the common credential. I have watched every real incident start with an unrotated credential, not a zero-day.

#InfoSec #OpenSource #CyberSecurity

  • 0
  • 0
  • 0
  • 14h ago

Bluesky

Profile picture fallback
Philippe Vynckier @pvynckier.bsky.social
Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation thehackernews.com/2026/04/apac...
  • 0
  • 1
  • 0
  • 7h ago

CVE-2026-33824

Overview

  • Microsoft
  • Windows 10 Version 1607
14 Apr 2026
Published
17 Apr 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.07%
KEV

Description

Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network.

Statistics

  • 2 Posts
Last activity: Last hour

Bluesky

Profile picture fallback
ケイ | 副業Webライター📖 @keiwork35.bsky.social
【脆弱性情報】 CVE-2026-33824 microsoftのwindows 10 1607の脆弱性について Windows IKE Extension における double free の脆弱性により、認証されていない攻撃者がネットワーク経由で任意のコードを実行できる可能性があります。
  • 0
  • 0
  • 0
  • 14h ago
Profile picture fallback
セキュリティ対策Lab @securitylab-jp.bsky.social
Microsoft、2026年4月の定例パッチを公開-CVE-2026-33824とCVE-2026-33827などの脆弱性を修正 rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #security #securitynews
  • 0
  • 0
  • 0
  • Last hour

CVE-2026-27681

Overview

  • SAP_SE
  • SAP Business Planning and Consolidation and SAP Business Warehouse
14 Apr 2026
Published
14 Apr 2026
Updated
CVSS v3.1
CRITICAL (9.9)
EPSS
0.05%
KEV

Description

Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business Warehouse, an authenticated user can execute crafted SQL statements to read, modify, and delete database data. This leads to a high impact on the confidentiality, integrity, and availability of the system.

Statistics

  • 1 Post
  • 4 Interactions
Last activity: 7 hours ago

Fediverse

Profile picture fallback
N_{Dario Fadda} @nuke

Critical SAP SQL Injection CVE-2026-27681 (CVSS 9.9) Exposes Financial Data in Business Planning and Warehouse Systems
#CyberSecurity
securebulletin.com/critical-sa

  • 4
  • 0
  • 0
  • 7h ago

CVE-2026-39973

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
  • 4 Interactions
Last activity: 10 hours ago

Fediverse

Profile picture fallback
iBotPeaches @iBotPeaches

apktool 3.0.2 is out!

- performance boosts
- CVE-2026-39973 fix
- bug fixes for splits & Meta apks

apktool.org/blog/apktool-3.0.2

  • 2
  • 2
  • 0
  • 10h ago

CVE-2026-6570

Overview

  • kodcloud
  • KodExplorer
19 Apr 2026
Published
19 Apr 2026
Updated
CVSS v4.0
MEDIUM (5.1)
EPSS
0.02%
KEV

Description

A security flaw has been discovered in kodcloud KodExplorer up to 4.52. Affected is the function initInstall of the file /app/controller/systemMember.class.php. Performing a manipulation of the argument path results in authorization bypass. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 11 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

CVE-2026-6570 (MEDIUM): kodcloud KodExplorer (v4.0 – 4.52) suffers an auth bypass in initInstall, allowing remote unauthorized access. No fix yet — restrict access & monitor for updates. radar.offseq.com/threat/cve-20

  • 1
  • 1
  • 0
  • 11h ago

CVE-2026-2986

Overview

  • ajay
  • Contextual Related Posts
18 Apr 2026
Published
18 Apr 2026
Updated
CVSS v3.1
MEDIUM (6.4)
EPSS
0.01%
KEV

Description

The Contextual Related Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'other_attributes' parameter in versions up to, and including, 4.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 21 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🛡️ CVE-2026-2986: MEDIUM severity Stored XSS in Contextual Related Posts plugin (≤4.2.1) for WordPress. Contributor+ users can inject scripts — risk to all page viewers. Restrict access & monitor for patches. radar.offseq.com/threat/cve-20

  • 0
  • 1
  • 0
  • 21h ago

CVE-2026-26144

Overview

  • Microsoft
  • Microsoft 365 Apps for Enterprise
10 Mar 2026
Published
14 Apr 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.10%
KEV

Description

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 12 hours ago

Bluesky

Profile picture fallback
Cybersecurity News Everyday @hendryadrian.bsky.social
Microsoft patched CVE-2026-26144, an XSS flaw in Excel that exploits Copilot Agent to silently exfiltrate data. AI amplifies classic vulnerabilities, requiring new monitoring and egress controls. #AIExploits #DataLeak #USA
  • 0
  • 1
  • 0
  • 12h ago
Showing 1 to 10 of 35 CVEs