24h | 7d | 30d

CVE-2026-50751

Overview

  • checkpoint
  • Quantum Security Gateway
08 Jun 2026
Published
08 Jun 2026
Updated
CVSS
Pending
EPSS
0.01%
KEV

Description

A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.

Statistics

  • 17 Posts
  • 6 Interactions
Last activity: 2 hours ago

Fediverse

Profile picture fallback
circl @circl

Checkpoint - User Authentication Bypass in VPN Remote Access and Mobile Access

#checkpoint #vulnerabilitymanagement #vulnerability

vulnerability.circl.lu/vuln/CV

  • 2
  • 1
  • 0
  • 11h ago
Profile picture fallback
Günter Born @gborn

In Check Point Firewalls und Gateways gibt es zwei Schwachstellen, von denen eine angegriffen wird (Qilin). Es gibt aber Patches und Gegenmaßnahmen.

borncity.com/blog/2026/06/08/s

  • 1
  • 0
  • 0
  • 3h ago
Profile picture fallback
ThreatNoir @threatnoir

⚠️ CRITICAL: Check Point links VPN zero-day attacks to Qilin ransomware gang

Check Point VPN authentication bypass vulnerability (CVE-2026-50751) in IKEv1 deployments is actively exploited by Qilin ransomware operators since May 7. A few dozen organizations are affected globally with confirmed ransomware incidents tied to this flaw. Organizations running deprecated IKEv1 ke…

threatnoir.com/focus

  • 0
  • 0
  • 0
  • 12h ago
Profile picture fallback
🔒 Security Cyber @securitycyber

🚨 [CRITICAL INFRASTRUCTURE ALERT]: CVE-2026-50751

• CVE ID: CVE-2026-50751
• CVSS Score: 9.3 (Critical)
• Affected: IKEv1 Setups

What it is:

securitycyber.uk

  • 0
  • 0
  • 0
  • 8h ago

Bluesky

Profile picture fallback
Help Net Security @helpnetsecurity.com
Qilin ransomware affiliate exploited Check Point VPN zero-day (CVE-2026-50751) 📖 Read more: www.helpnetsecurity.com/2026/06/08/c... #cybersecurity #cybersecuritynews #0day #datatheft #ransomware #secureaccess #VPN #vulnerability
  • 1
  • 0
  • 0
  • 14h ago
Profile picture fallback
Information Security Briefly @infosecbriefly.bsky.social
CVE-2026-50751 in Check Point Remote Access VPN and Mobile Access was exploited by a Qilin affiliate to bypass authentication and create VPN sessions, now patched.
  • 1
  • 0
  • 0
  • 8h ago
Profile picture fallback
Information Security Briefly @infosecbriefly.bsky.social
CVE-2026-50751 in Check Point Remote Access/Mobile Access VPNs using IKEv1 lets attackers bypass password checks via a certificate validation flaw, with Qilin-linked activity observed.
  • 0
  • 0
  • 0
  • 11h ago
Profile picture fallback
Information Security Briefly @infosecbriefly.bsky.social
CVE-2026-50751 enables unauthenticated attackers to bypass user authentication and establish VPN sessions on IKEv1-based Remote Access/Mobile Access deployments.
  • 0
  • 0
  • 0
  • 11h ago
Profile picture fallback
boredchilada @boredchilada.bsky.social
~Cybergcca~ Check Point VPN authentication bypass (CVE-2026-50751) is under active exploitation. - IOCs: CVE-2026-50751 - #CVE202650751 #CheckPoint #ThreatIntel
  • 0
  • 0
  • 0
  • 10h ago
Profile picture fallback
Bitnewsbot @bitnewsbot.bsky.social
Check Point warns of active exploitation of CVE-2026-50751, a critical VPN authentication bypass vulnerability. The flaw affects Remote Access VPN […]
  • 0
  • 0
  • 0
  • 9h ago
Profile picture fallback
Rapid7 @rapid7.com
🚨 On 6/8/26, #CheckPoint published a security advisory for a critical vuln. affecting its Remote Access VPN, Mobile Access, and Spark Firewall products. CVE-2026-50751 allows an unauth. attacker to establish a VPN session without providing valid credentials. More: r-7.co/4fyoJJc
  • 0
  • 0
  • 0
  • 9h ago
Profile picture fallback
Information Security Briefly @infosecbriefly.bsky.social
A critical authentication-bypass VPN flaw (CVE-2026-50751) was exploited starting May 7, prompting an emergency fix and revealing Qilin ransomware activity.
  • 0
  • 0
  • 0
  • 6h ago
Profile picture fallback
Undercode Testing @undercode.bsky.social
Check Point VPN Zero-Day (CVE-2026-50751): Hackers Bypass IKEv1 Passwords in Active Ransomware Campaign Introduction: The legacy IKEv1 key exchange protocol, still active in many enterprise remote-access VPNs, harbors a critical logic flow weakness. Tracked as CVE-2026-50751 with a near-maximum…
  • 0
  • 0
  • 0
  • 5h ago
Profile picture fallback
キタきつね @kitafox.bsky.social
Qilinランサムウェア関連組織がCheck Point VPNのゼロデイ脆弱性(CVE-2026-50751)を悪用 Qilin ransomware affiliate exploited Check Point VPN zero-day (CVE-2026-50751) #HelpNetSecurity (Jun 8) www.helpnetsecurity.com/2026/06/08/c...
  • 0
  • 0
  • 0
  • 2h ago
Profile picture fallback
Cybersecurity News Everyday @hendryadrian.bsky.social
Check Point patched CVE-2026-50751, a critical VPN auth bypass used in zero-day attacks, and found CVE-2026-50752, an IKEv1 flaw tied to Qilin ransomware activity. #CheckPoint #Qilin #VPN
  • 0
  • 0
  • 0
  • 11h ago
Profile picture fallback
Cybersecurity News Everyday @hendryadrian.bsky.social
Check Point says CVE-2026-50751 is actively exploited to bypass auth in deprecated IKEv1 VPN setups, affecting Remote Access and Mobile Access deployments. CVE-2026-50752 may enable AitM attacks. #CheckPoint #Qilin #VPN
  • 0
  • 0
  • 0
  • 3h ago
Profile picture fallback
キタきつね @kitafox.bsky.social
CISAが既知の悪用された脆弱性2件をカタログに追加 CISA Adds Two Known Exploited Vulnerabilities to Catalog #CISA (Jun 8) CVE-2026-42271 BerriAI LiteLLM コマンドインジェクションの脆弱性 CVE-2026-50751 Check Point Security Gatewayの認証エラーの脆弱性 www.cisa.gov/news-events/...
  • 0
  • 0
  • 0
  • 2h ago

CVE-2026-28318

Overview

  • SolarWinds
  • Serv-U
04 Jun 2026
Published
06 Jun 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
6.68%
KEV

Description

SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure customer environments in the SolarWinds Trust Center if you are unable to deploy the update

Statistics

  • 7 Posts
  • 6 Interactions
Last activity: 2 hours ago

Fediverse

Profile picture fallback
N_{Dario Fadda} @nuke

CISA Warns: SolarWinds Serv-U CVE-2026-28318 Actively Exploited — Zero-Auth DoS Attack Hits File Transfer Platform
#CyberSecurity
securebulletin.com/cisa-warns-

  • 5
  • 0
  • 0
  • 6h ago
Profile picture fallback
𝔸𝕟𝕠𝕟𝕪𝕞𝕠𝕦𝕤 :verified: @youranonnewsirc

Geopolitical tensions escalated with Israel and Iran conducting mutual airstrikes (June 8, 2026). In technology, Apple's WWDC unveiled a Gemini-powered Siri (June 7, 2026). Cybersecurity faces immediate threats as CISA warns of active exploitation of a critical SolarWinds Serv-U vulnerability (CVE-2026-28318), urging urgent patching (June 8, 2026). Additionally, phishing now surpasses the Dark Web for stolen personal data.

#AnonNews_irc #Cybersecurity #News

  • 0
  • 1
  • 0
  • 20h ago
Profile picture fallback
Dave Ward @ExileDev8668

CISA adds SolarWinds Serv-U DoS flaw to KEV (CVE-2026-28318, CVSS 7.5, actively exploited). Patch it. But also ask the question most teams skip: what privileged accounts are attached to that server, and when did anyone last review them?

  • 0
  • 0
  • 0
  • 15h ago
Profile picture fallback
CyberNetsecIO @netsecio

📰 CISA Mandates Patch for Actively Exploited SolarWinds DoS Flaw Added to KEV Catalog

📢 CISA KEV ALERT! An actively exploited DoS flaw (CVE-2026-28318) in SolarWinds Serv-U is on the loose. Federal agencies must patch by June 19. All orgs using Serv-U are urged to update immediately! 🚨 #CVE #SolarWinds #Infosec #PatchNow

🌐 cyber[.]netsecops[.]io

🔗 cyber.netsecops.io/articles/ci

  • 0
  • 0
  • 0
  • 10h ago

Bluesky

Profile picture fallback
Cybersecurity News Everyday @hendryadrian.bsky.social
CISA says attackers are exploiting a patched SolarWinds Serv-U flaw, CVE-2026-28318, via crafted POST requests that can crash the service. SolarWinds urges immediate upgrades. #SolarWinds #ServU #CISA
  • 0
  • 0
  • 0
  • 17h ago
Profile picture fallback
Help Net Security @helpnetsecurity.com
CISA: Patch actively exploited SolarWinds Serv-U DoS vulnerability (CVE-2026-28318) 📖 REad more: www.helpnetsecurity.com/2026/06/08/c... #enterprise #filetransfer #government #vulnerability #cybersecurity #cybersecuritynews
  • 0
  • 0
  • 0
  • 16h ago
Profile picture fallback
キタきつね @kitafox.bsky.social
CISA:パッチによりSolarWinds Serv-UのDoS脆弱性(CVE-2026-28318)が悪用されました CISA: Patch actively exploited SolarWinds Serv-U DoS vulnerability (CVE-2026-28318) #HelpNetSecurity (Jun 8) www.helpnetsecurity.com/2026/06/08/c...
  • 0
  • 0
  • 0
  • 2h ago

CVE-2026-3300

Overview

  • WPEverest
  • Everest Forms Pro
31 Mar 2026
Published
08 Apr 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.33%
KEV

Description

The Everest Forms Pro plugin for WordPress is vulnerable to Remote Code Execution via PHP Code Injection in all versions up to, and including, 1.9.12. This is due to the Calculation Addon's process_filter() function concatenating user-submitted form field values into a PHP code string without proper escaping before passing it to eval(). The sanitize_text_field() function applied to input does not escape single quotes or other PHP code context characters. This makes it possible for unauthenticated attackers to inject and execute arbitrary PHP code on the server by submitting a crafted value in any string-type form field (text, email, URL, select, radio) when a form uses the "Complex Calculation" feature.

Statistics

  • 4 Posts
  • 1 Interaction
Last activity: 4 hours ago

Bluesky

Profile picture fallback
365tipu @365tipu.cz
Defiant varuje před kritickou zranitelností CVE-2026-3300 v pluginu Everest Forms Pro pro WordPress
  • 0
  • 1
  • 0
  • 12h ago
Profile picture fallback
Information Security Briefly @infosecbriefly.bsky.social
Unauthenticated attackers can exploit CVE-2026-3300 in Everest Forms Pro to inject and execute arbitrary PHP via Complex Calculation, enabling site takeover.
  • 0
  • 0
  • 0
  • 14h ago
Profile picture fallback
Cybersecurity News Everyday @hendryadrian.bsky.social
Critical Everest Forms Pro flaw (CVE-2026-3300) has been exploited for months to inject PHP, create admin accounts, and deploy web shells on WordPress sites. #EverestForms #CVE2026 #WordPress
  • 0
  • 0
  • 0
  • 10h ago
Profile picture fallback
CyberVeille @cyberveille-ch.bsky.social
📢 Exploitation active de CVE-2026-3300 dans Everest Forms Pro pour compromettre des sites WordPress 📝 📰 **Source** : BleepingCompute… https://cyberveille.ch/posts/2026-06-08-exploitation-active-de-cve-2026-3300-dans-everest-forms-pro-pour-compromettre-des-sites-wordpress/ #CVE_2026_3300 #Cyberveille
  • 0
  • 0
  • 0
  • 4h ago

CVE-2025-8088

Overview

  • win.rar GmbH
  • WinRAR
08 Aug 2025
Published
26 Feb 2026
Updated
CVSS v4.0
HIGH (8.4)
EPSS
10.20%
KEV

Description

A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.

Statistics

  • 3 Posts
  • 3 Interactions
Last activity: 5 hours ago

Bluesky

Profile picture fallback
780th Military Intelligence Brigade (Cyber) @780thmibdecyber.bsky.social
Two separate Russia-aligned campaigns are still exploiting the WinRAR flaw CVE-2025-8088 against Ukrainian organizations nearly a year after it was patched Trend Micro www.trendmicro.com/en_us/resear...
  • 1
  • 2
  • 0
  • 14h ago
Profile picture fallback
boredchilada @boredchilada.bsky.social
~Trendmicro~ Threat actors SHADOW-EARTH-066 and Earth Dahu are exploiting WinRAR flaw CVE-2025-8088 to target Ukraine with GIFTEDCROOK stealer and espionage tools. - IOCs: 166[. ]0[. ]132[. ]237, 136[. ]0[. ]141[. ]41, 136[. ]0[. ]141[. ]138 - ...
  • 0
  • 0
  • 0
  • 6h ago
Profile picture fallback
Undercode Testing @undercode.bsky.social
CVE-2025-8088: The WinRAR Path Traversal That Won’t Die – APT Groups Still Weaponizing After 1 Year + Video Introduction: Nearly a year after WinRAR patched CVE-2025-8088, Russia-aligned intrusion sets including SHADOW-EARTH-066 (UAC-0226) and Earth Dahu (Gamaredon) continue to weaponize the path…
  • 0
  • 0
  • 0
  • 5h ago

CVE-2026-23111

Overview

  • Linux
  • Linux
13 Feb 2026
Published
02 Jun 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.02%
KEV

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() nft_map_catchall_activate() has an inverted element activity check compared to its non-catchall counterpart nft_mapelem_activate() and compared to what is logically required. nft_map_catchall_activate() is called from the abort path to re-activate catchall map elements that were deactivated during a failed transaction. It should skip elements that are already active (they don't need re-activation) and process elements that are inactive (they need to be restored). Instead, the current code does the opposite: it skips inactive elements and processes active ones. Compare the non-catchall activate callback, which is correct: nft_mapelem_activate(): if (nft_set_elem_active(ext, iter->genmask)) return 0; /* skip active, process inactive */ With the buggy catchall version: nft_map_catchall_activate(): if (!nft_set_elem_active(ext, genmask)) continue; /* skip inactive, process active */ The consequence is that when a DELSET operation is aborted, nft_setelem_data_activate() is never called for the catchall element. For NFT_GOTO verdict elements, this means nft_data_hold() is never called to restore the chain->use reference count. Each abort cycle permanently decrements chain->use. Once chain->use reaches zero, DELCHAIN succeeds and frees the chain while catchall verdict elements still reference it, resulting in a use-after-free. This is exploitable for local privilege escalation from an unprivileged user via user namespaces + nftables on distributions that enable CONFIG_USER_NS and CONFIG_NF_TABLES. Fix by removing the negation so the check matches nft_mapelem_activate(): skip active elements, process inactive ones.

Statistics

  • 3 Posts
Last activity: 3 hours ago

Bluesky

Profile picture fallback
Information Security Briefly @infosecbriefly.bsky.social
CVE-2026-23111 enables unprivileged local users to escalate to root and escape containers via a Linux nf_tables use-after-free.
  • 0
  • 0
  • 0
  • 5h ago
Profile picture fallback
Bitnewsbot @bitnewsbot.bsky.social
A critical Linux kernel vulnerability (CVE-2026-23111) allows local attackers to gain root access and break out of containers. The flaw […]
  • 0
  • 0
  • 0
  • 4h ago
Profile picture fallback
Cybersecurity News Everyday @hendryadrian.bsky.social
CVE-2026-23111, a Linux kernel nf_tables use-after-free, now has a public exploit that can let a local user gain root and escape containers. #CVE202623111 #LinuxKernel #nf_tables
  • 0
  • 0
  • 0
  • 3h ago

CVE-2026-50131

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 3 Posts
  • 11 Interactions
Last activity: 11 hours ago

Fediverse

Profile picture fallback
Fedify: ActivityPub server framework @fedify

Fedify security updates: 1.9.12, 1.10.11, 2.0.20, 2.1.16, and 2.2.5

If you use Fedify, update to a patched release now. CVE-2026-50131 affects Fedify's public URL validation for remote document and media loading. An attacker could use special-use IP address ranges to bypass Fedify's SSRF protections and cause a Fedify server to initiate requests to non-public or special-use network destinations, depending on the deployment environment and network routing.

Fedify validates remote ActivityPub document and media URLs before fetching them, including direct IP literals and hostnames resolved through DNS. The vulnerable path is validatePublicUrl(): affected versions rejected common private and local addresses, but still treated several special-use IPv4 ranges as public internet destinations. That gap could allow outbound requests to ranges such as carrier-grade NAT, benchmarking, multicast, reserved, and documentation networks.

The fix makes Fedify validate resolved addresses against public-network expectations instead of relying on the incomplete denylist. It rejects additional special-use IPv4 ranges and IPv6 translation or tunneling prefixes, including NAT64, Teredo, and 6to4 addresses, before remote document or media fetching proceeds.

Current patched releases are 1.9.12, 1.10.11, 2.0.20, 2.1.16, and 2.2.5. The GitHub Security Advisory is GHSA-xw9q-2mv6-9fr8, and the CVE ID is CVE-2026-50131.

Update @fedify/fedify:

npm  update  @fedify/fedify
yarn upgrade @fedify/fedify
pnpm update  @fedify/fedify
bun  update  @fedify/fedify
deno update  @fedify/fedify

If your project depends directly on @fedify/vocab-runtime, update that package too.

After updating, redeploy. If you run other Fedify-based servers, update those too.

Thanks to Chaitanya Vilas Garware for the report and responsible disclosure.

If anything is unclear, ask below.

  • 6
  • 2
  • 1
  • 11h ago
Profile picture fallback
Hollo :hollo: @hollo

Hollo security updates: 0.7.18, 0.8.7, and 0.9.4

If you run Hollo, update to a patched release now. CVE-2026-50131 affects Fedify's SSRF protection, and Hollo depends on Fedify for ActivityPub federation.

Fedify guards against SSRF (Server-Side Request Forgery) when fetching remote ActivityPub objects, documents, and media by validating that the resolved destination is a public IP address. The previous SSRF fix (GHSA-p9cg-vqcc-grcx) blocked common private and local ranges such as 10.0.0.0/8, 127.0.0.0/8, 169.254.0.0/16, 172.16.0.0/12, and 192.168.0.0/16, but the validation was incomplete—it still treated several special-use IPv4 ranges as public destinations that should have been rejected. These include carrier-grade NAT (100.64.0.0/10), benchmarking and internal testing networks (198.18.0.0/15), multicast (224.0.0.0/4), reserved (240.0.0.0/4), IETF protocol assignments (192.0.0.0/24), and documentation ranges (192.0.2.0/24, 198.51.100.0/24, 203.0.113.0/24).

An attacker who controls a remote ActivityPub object or media URL could therefore cause a Hollo instance to initiate outbound requests to non-public or special-use network ranges, depending on the deployment environment and network routing.

For full technical details of the underlying vulnerability, see the Fedify security advisory and the Fedify security announcement.

All Hollo versions up to and including 0.7.17, 0.8.6, and 0.9.3 are affected. Patched releases are 0.7.18 for the 0.7.x series, 0.8.7 for the 0.8.x series, and 0.9.4 for the 0.9.x series.

For 0.7.x deployments, update to 0.7.18:

docker pull ghcr.io/fedify-dev/hollo:0.7.18

For 0.8.x deployments, update to 0.8.7:

docker pull ghcr.io/fedify-dev/hollo:0.8.7

For 0.9.x deployments, update to 0.9.4:

docker pull ghcr.io/fedify-dev/hollo:0.9.4

After pulling the new image, restart your Hollo container. If you deploy from source, pull the corresponding release tag and restart.

Thanks to Chaitanya Vilas Garware for the report and responsible disclosure to the Fedify project.

If anything is unclear, ask below.

  • 3
  • 0
  • 0
  • 11h ago

CVE-2022-0492

Overview

  • kernel
03 Mar 2022
Published
03 Jun 2026
Updated
CVSS
Pending
EPSS
33.72%
KEV

Description

A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.

Statistics

  • 2 Posts
  • 5 Interactions
Last activity: 16 hours ago

Fediverse

Profile picture fallback
N_{Dario Fadda} @nuke

CISA Adds Actively Exploited Linux Kernel CVE-2022-0492 to KEV Catalog — Patch Now
#CyberSecurity
securebulletin.com/cisa-adds-a

  • 5
  • 0
  • 0
  • 16h ago

Bluesky

Profile picture fallback
guardian360.bsky.social @guardian360.bsky.social
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on June 2, 2026, added CVE-2022-0492 to its Known Exploited Vulnerabilities (KEV) catalog, formally confirming active in-the-wild exploitation of a high-severity Linux Kernel improper authentication flaw.
  • 0
  • 0
  • 0
  • 18h ago

CVE-2026-20245

Overview

  • Cisco
  • Cisco Catalyst SD-WAN Manager
04 Jun 2026
Published
06 Jun 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.08%
KEV

Description

A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by uploading a crafted file to the affected system. A successful exploit could allow the attacker to perform command injection attacks on an affected system and elevate their privileges as the root user. To exploit this vulnerability, the attacker must have netadmin privileges on the affected system. This would require valid credentials or exploitation of or . Cisco is not aware of successful exploitation by other methods. Cisco has observed limited cases where the exploitation of this bug resulted in a configuration change pushed to edge devices. Cisco recommends that customers upgrade to the fixed software that is documented in the that was published on May 14, 2026, and verify the configuration of the edge devices.

Statistics

  • 2 Posts
  • 4 Interactions
Last activity: 13 hours ago

Fediverse

Profile picture fallback
Christoph Schmees @PC_Fluesterer

Cisco Murmeltier-Tag

Und (fast) täglich grüßt das Murmeltier ... Auf gefährliche #Zero-Day Sicherheitslücken in #Cisco Produkten zu wetten, ist eine ziemlich sichere Bank. Die neu entdeckte Lücke mit der Nummer CVE-2026-20245 (7,8 von 10) wird bereits für Angriffe ausgenutzt. Es gibt keine vorsorgliche Schutzmaßnahme und – Stand heute – auch noch keine Flicken von Cisco. Sämtliche Formen von SD-WAN sind verwundbar, von selber betrieben (on premise) bis Cloud. Die Schwachstelle ist, wie so oft, eine unzureichende Prüfung von Eingaben (insufficient validation of user-supplied input), eines der klassischen Merkmale von Hintertüren. Mit einer passend gedrechselten

pc-fluesterer.info/wordpress/2

#0day #closedsource #cybercrime #exploits #hersteller #hintertür #sicherheit #UnplugTrump #wissen

  • 2
  • 2
  • 0
  • 13h ago
Profile picture fallback
Dave Ward @ExileDev8668

Cisco Catalyst SD-WAN Manager CVE-2026-20245 is being actively exploited with no patch available. CVSS 7.8, affecting on-prem, cloud, and FedRAMP deployments. The CVE is the headline, but it's not the real problem.

  • 0
  • 0
  • 0
  • 15h ago

CVE-2026-8181

Overview

  • burstbv
  • Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Alternative)
14 May 2026
Published
14 May 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
4.73%
KEV

Description

The Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Alternative) plugin for WordPress is vulnerable to Authentication Bypass in versions 3.4.0 to 3.4.1.1. This is due to incorrect return-value handling in the `is_mainwp_authenticated()` function when validating application passwords from the Authorization header. This makes it possible for unauthenticated attackers, with knowledge of an administrator username, to impersonate that administrator for the duration of the request by supplying any random Basic Authentication password achieving privilege escalation.

Statistics

  • 3 Posts
  • 1 Interaction
Last activity: 4 hours ago

Fediverse

Profile picture fallback
CrowdSec @CrowdSec

🚨 In this week’s newsletter, we cover CVE-2026-8181, a critical authentication bypass vulnerability in the WordPress Burst Statistics plugin now under active exploitation.

We break down how attackers can obtain administrative privileges without valid credentials and what defenders should do next.

Read the full analysis and protect your systems 👉 crowdsec.net/vulntracking-repo

  • 1
  • 0
  • 1
  • 15h ago

Bluesky

Profile picture fallback
CyberVeille @cyberveille-ch.bsky.social
📢 CVE-2026-8181 : Bypass d'authentification critique dans le plugin WordPress Burst Statistics 📝 ## 🔍 Contexte Source : CrowdSec T… https://cyberveille.ch/posts/2026-06-08-cve-2026-8181-bypass-d-authentification-critique-dans-le-plugin-wordpress-burst-statistics/ #Authentication_Bypass #Cyberveille
  • 0
  • 0
  • 0
  • 4h ago

CVE-2026-11482

Overview

  • SourceCodester
  • Class and Exam Timetabling System
08 Jun 2026
Published
08 Jun 2026
Updated
CVSS v4.0
MEDIUM (6.9)
EPSS
0.03%
KEV

Description

A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. The impacted element is an unknown function of the file /archive5.php. The manipulation of the argument sy leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be used.

Statistics

  • 2 Posts
Last activity: 12 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

⚠️ CVE-2026-11482: MEDIUM severity SQL injection in SourceCodester Class and Exam Timetabling System 1.0 via 'sy' param in /archive5.php. No official patch yet — apply mitigations & monitor for attacks. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 22h ago
Profile picture fallback
Hugo | DevOps | Cybersecurity @hugovalters

CVE-2026-11482 - SQLi in Sourcecodester Class & Exam Timetabling System 1.0. Remote exploit via /archive5.php?sy. CVSS 7.3. No patch available. Apply WAF rules immediately. #CVE #infosec #cybersecurity

valtersit.com/cve/CVE-2026-114

  • 0
  • 0
  • 0
  • 12h ago
Showing 1 to 10 of 59 CVEs