CVE-2026-5760

Overview

SGLang
SGLang

20 Apr 2026

Published

20 Apr 2026

Updated

CVSS

Pending

EPSS

Pending

MITRE

KEV

Description

SGLang's reranking endpoint (/v1/rerank) achieves Remote Code Execution (RCE) when a model file containing a malcious tokenizer.chat_template is loaded, as the Jinja2 chat templates are rendered using an unsandboxed jinja2.Environment().

Statistics

4 Posts
2 Interactions

Last activity: 4 hours ago

Fediverse

HackerWorkspace @hackerworkspace

GitHub - Stuub/SGLang-0.5.9-RCE: Proof of Concept exploitation of CVE-2026-5760 - RCE in SGLang 0.5.9 via malicious GGUF

https://github.com/Stuub/SGLang-0.5.9-RCE

Read on HackerWorkspace: https://hackerworkspace.com/article/github-stuub-sglang-0-5-9-rce-proof-of-concept-exploitation-of-cve-2026-5760-rce-in-sglang-0-5-9-via-malicious-gguf

#cybersecurity #aisecurity #vulnerability

1
1
0
4h ago

Bluesky

Bitnewsbot @bitnewsbot.bsky.social

A critical vulnerability (CVE-2026-5760) with a CVSS score of 9.8 allows remote code execution in the SGLang framework. The flaw […]

0
0
0
14h ago

キタきつね @kitafox.bsky.social

SGLang CVE-2026-5760 (CVSS 9.8) 悪意のあるGGUFモデルファイルを介してリモートコード実行が可能になる SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files #HackerNews (Apr 20) thehackernews.com/2026/04/sgla...

0
0
0
9h ago

Cybersecurity News Everyday @hendryadrian.bsky.social

A critical command-injection vulnerability CVE-2026-5760 (CVSS 9.8) in SGLang’s /v1/rerank allows RCE via malicious GGUF models using Jinja2 SSTI payloads. Mitigation: use ImmutableSandboxedEnvironment. #SGLangFlaw #RemoteExecution #CERT

0
0
0
6h ago

CVE-2024-3721

Overview

TBK
DVR-4104

13 Apr 2024

Published

01 Aug 2024

Updated

CVSS v3.1

MEDIUM (6.3)

EPSS

83.86%

MITRE

KEV

Description

A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing of the file /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___. The manipulation of the argument mdb/mdc leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260573 was assigned to this vulnerability.

Statistics

4 Posts
3 Interactions

Last activity: 19 hours ago

Fediverse

Patrick C Miller :donor: @patrickcmiller

Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet https://thehackernews.com/2026/04/mirai-variant-nexcorium-exploits-cve.html

1
1
1
20h ago

TechNadu @technadu

FortiGuard Labs tracks #Nexcorium, a Mirai variant targeting TBK DVRs via CVE-2024-3721. It uses aggressive persistence (systemd, cron) and wide-ranging DDoS vectors. Check your IoT logs for "X-Hacked-By" headers.

Details: https://www.fortinet.com/blog/threat-research/tracking-mirai-variant-nexcorium

What’s your take?

#Botnet #IoT #DDoS #InfoSec

1
0
0
19h ago

Bluesky

TechNadu @technadu.com

Nexcorium, a new Mirai variant, is exploiting TBK DVRs (CVE-2024-3721). It features robust persistence and multi-architecture support for large-scale DDoS. Are we doing enough to secure the IoT edge? Comment your opinion. #CyberSecurity #IoT #Malware

0
0
0
19h ago

CVE-2026-34197

Overview

Apache Software Foundation
Apache ActiveMQ Broker
org.apache.activemq:activemq-broker

07 Apr 2026

Published

17 Apr 2026

Updated

CVSS

Pending

EPSS

46.64%

MITRE

KEV

Description

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations on all ActiveMQ MBeans (org.apache.activemq:*), including BrokerService.addNetworkConnector(String) and BrokerService.addConnector(String). An authenticated attacker can invoke these operations with a crafted discovery URI that triggers the VM transport's brokerConfig parameter to load a remote Spring XML application context using ResourceXmlApplicationContext. Because Spring's ResourceXmlApplicationContext instantiates all singleton beans before the BrokerService validates the configuration, arbitrary code execution occurs on the broker's JVM through bean factory methods such as Runtime.exec(). This issue affects Apache ActiveMQ Broker: before 5.19.4, from 6.0.0 before 6.2.3; Apache ActiveMQ All: before 5.19.4, from 6.0.0 before 6.2.3; Apache ActiveMQ: before 5.19.4, from 6.0.0 before 6.2.3. Users are recommended to upgrade to version 5.19.4 or 6.2.3, which fixes the issue

Statistics

3 Posts
7 Interactions

Last activity: 16 hours ago

Fediverse

ThreatNoir @threatnoir

⚠️ CRITICAL: CVE-2026-34197: 13-Year-Old Apache ActiveMQ RCE via Jolokia API Surfaces for In-the-Wild Attacks

Apache ActiveMQ Classic has a 13-year-old RCE vulnerability (CVE-2026-34197) in the Jolokia API that is actively exploited in the wild. Attackers chain vm:// URIs with remote Spring XML configs to execute arbitrary code as the broker process. Any organization running ActiveMQ Classic without the Ap…

https://threatnoir.com/focus

#infosec #cybersecurity

0
0
0
16h ago

Bluesky

The Shadowserver Foundation @shadowserver.bsky.social

We are now scanning daily for CVE-2026-34197 (Apache ActiveMQ Improper Input Validation Vulnerability) which has recently been added to US CISA KEV. 6364 IPs seen vulnerable on 2026-04-19 based on a version check. Dashboard Tree Map view: dashboard.shadowserver.org/statistics/c...

2
5
0
16h ago

The Shadowserver Foundation @shadowserver.bsky.social

IP data shared in our Accessible ActiveMQ reporting www.shadowserver.org/what-we-do/n... For Dashboard viewing, select sources 'activemq' and 'cve-2026-34197' ActiveMQ Security advisory: activemq.apache.org/security-adv... Background with details from Horizon3.ai horizon3.ai/attack-resea...

0
0
0
16h ago

CVE-2025-26399

Overview

SolarWinds
Web Help Desk

23 Sep 2025

Published

10 Mar 2026

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

31.17%

MITRE

KEV

Description

SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986.

Statistics

2 Posts
1 Interaction

Last activity: 3 hours ago

Fediverse

TechNadu @technadu

QEMU abuse rising 🚨
QEMU used for stealth VMs, SSH tunnels, persistence
CVE-2025-26399, CitrixBleed2 exploited
💬 Monitoring VM layer yet?

Source: https://www.securityweek.com/hackers-abuse-qemu-for-defense-evasion/

Follow TechNadu

#InfoSec #CyberSecurity

1
0
0
3h ago

Bluesky

Cybersecurity News Everyday @hendryadrian.bsky.social

Hackers are exploiting QEMU VMs to create reverse SSH tunnels for deploying ransomware and RATs. Campaigns STAC4713 and STAC3725 leveraged SonicWall VPNs, SolarWinds CVE-2025-26399, and CitrixBleed2 CVE-2025-5777. #GoldEncounter #QEMUAbuse #USA

0
0
0
10h ago

CVE-2026-33032

Overview

0xJacky
nginx-ui

30 Mar 2026

Published

16 Apr 2026

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

4.97%

MITRE

KEV

Description

Nginx UI is a web user interface for the Nginx web server. In versions 2.3.5 and prior, the nginx-ui MCP (Model Context Protocol) integration exposes two HTTP endpoints: /mcp and /mcp_message. While /mcp requires both IP whitelisting and authentication (AuthRequired() middleware), the /mcp_message endpoint only applies IP whitelisting - and the default IP whitelist is empty, which the middleware treats as "allow all". This means any network attacker can invoke all MCP tools without authentication, including restarting nginx, creating/modifying/deleting nginx configuration files, and triggering automatic config reloads - achieving complete nginx service takeover. At time of publication, there are no publicly available patches.

Statistics

1 Post
5 Interactions

Last activity: 1 hour ago

Fediverse

N_{Dario Fadda} @nuke

Critical CVE-2026-33032 (MCPwn): Actively Exploited nginx-ui Flaw Enables Full Web Server Takeover in Two HTTP Requests
#CyberSecurity
https://securebulletin.com/critical-cve-2026-33032-mcpwn-actively-exploited-nginx-ui-flaw-enables-full-web-server-takeover-in-two-http-requests/

5
0
0
1h ago

CVE-2026-35616

Overview

Fortinet
FortiClientEMS

04 Apr 2026

Published

21 Apr 2026

Updated

CVSS v3.1

CRITICAL (9.1)

EPSS

25.26%

MITRE

KEV

Description

A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.

Statistics

1 Post
9 Interactions

Last activity: 19 hours ago

Bluesky

The Shadowserver Foundation @shadowserver.bsky.social

We added CVE-2026-35616 scans based on the vulnerability detector developed by Bishop Fox bishopfox.com/blog/api-aut.... Over 60 IPs still assessed as vulnerable: dashboard.shadowserver.org/statistics/c... Data shared daily in our Vulnerable HTTP reporting: shadowserver.org/what-we-do/n...

3
6
0
19h ago

CVE-2026-41316

Overview

Pending

Pending

Published

Pending

Updated

CVSS

Pending

EPSS

Pending

MITRE

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

1 Post
6 Interactions

Last activity: 1 hour ago

Fediverse

k0kubun @k0kubun

Ruby 4.0.3 has been released. It updates ERB to 6.0.1.1 for CVE-2026-41316.

If your application calls Marshal.load on untrusted data AND has both erb and activesupport loaded, please update your ERB version. You may update Ruby to 4.0.3 to do so.

https://www.ruby-lang.org/en/news/2026/04/21/ruby-4-0-3-released/

3
3
0
1h ago

CVE-2005-2541

Overview

Pending

10 Aug 2005

Published

07 Aug 2024

Updated

CVSS

Pending

EPSS

3.76%

MITRE

KEV

Description

Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.

Statistics

1 Post
9 Interactions

Last activity: 22 hours ago

Fediverse

Aadaliina :blobCat: @ada

CVE-2005-2541 feels like a good example for some of what is wrong with CVSS :blobCat_eyes:

2
7
0
22h ago

CVE-2026-21445

Overview

langflow-ai
langflow

02 Jan 2026

Published

26 Feb 2026

Updated

CVSS v4.0

HIGH (8.8)

EPSS

6.97%

MITRE

KEV

Description

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0.dev45, multiple critical API endpoints in Langflow are missing authentication controls. The issue allows any unauthenticated user to access sensitive user conversation data, transaction histories, and perform destructive operations including message deletion. This affects endpoints handling personal data and system operations that should require proper authorization. Version 1.7.0.dev45 contains a patch.

Statistics

2 Posts
2 Interactions

Last activity: 23 hours ago

Fediverse

CrowdSec @CrowdSec

🚨 In this week’s newsletter, we cover CVE-2026-21445, a Langflow authentication bypass now under active exploitation. We break down how PoCs turned into real attacks and what defenders should do next.

Read the full analysis and protect your systems 👉 https://www.crowdsec.net/vulntracking-report/cve-2026-21445-langflow-authentication-bypass-exploitation

1
1
1
23h ago

CVE-2026-41113

Overview

sagredo
qmail

16 Apr 2026

Published

18 Apr 2026

Updated

CVSS v3.1

HIGH (8.1)

EPSS

0.10%

MITRE

KEV

Description

sagredo qmail before 2026.04.07 allows tls_quit remote code execution because of popen in notlshosts_auto in qmail-remote.c.

Statistics

2 Posts
1 Interaction

Last activity: 21 hours ago

Fediverse

buherator @buherator

Command injection in a qmail fork (not the original!) - CVE-2026-41113:

"On the wire, a DNS label is just a length byte followed by up to 63 arbitrary bytes; RFC 1035 lets you put nearly anything in there, and most recursive resolvers will happily pass it through."

https://blog.calif.io/p/we-asked-claude-to-audit-sagredos

#LLM

1
0
1
21h ago