24h | 7d | 30d

CVE-2026-33829

Overview

  • Microsoft
  • Windows 10 Version 1607
14 Apr 2026
Published
17 Apr 2026
Updated
CVSS v3.1
MEDIUM (4.3)
EPSS
0.06%
KEV

Description

Exposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauthorized attacker to perform spoofing over a network.

Statistics

  • 2 Posts
  • 7 Interactions
Last activity: 2 hours ago

Fediverse

Profile picture fallback
Bezpieka Nadaje @bezpieka

CVE-2026-33829 - kolejny ciekawy błąd w Windowsie.
Jeżeli masz zainstalowane "Narzędzie Wycinanie" (a najprawdopodobniej masz) - wystarczy, że wejdziesz na spreparowaną stronę internetową, żeby Twoje hasło do Windowsa (hash NTLM) popłynęło na serwer atakującego.

  • 5
  • 2
  • 0
  • 8h ago

Bluesky

Profile picture fallback
Undercode Testing @undercode.bsky.social
CVE-2026-33829: “One Click to Own the Domain” — How a Built‑In Windows Tool Leaks Your NTLMv2 Hash + Video Introduction A newly disclosed vulnerability (CVE‑2026‑33829) in the Windows Snipping Tool allows an attacker to silently steal a user’s NTLMv2 password hash over a network using a single…
  • 0
  • 0
  • 0
  • 2h ago

CVE-2024-3721

Overview

  • TBK
  • DVR-4104
13 Apr 2024
Published
01 Aug 2024
Updated
CVSS v3.1
MEDIUM (6.3)
EPSS
83.86%
KEV

Description

A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing of the file /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___. The manipulation of the argument mdb/mdc leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260573 was assigned to this vulnerability.

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 8 hours ago

Fediverse

Profile picture fallback
tomcat @tomcat

Attackers are exploiting CVE-2024-3721 in TBK DVRs to deploy Mirai variant Nexcorium.

It spreads via old exploits and default creds, persists on devices, and launches DDoS attacks. EoL TP-Link routers are also being targeted via known flaws.

🔗 Read → thehackernews.com/2026/04/mira

  • 0
  • 1
  • 0
  • 9h ago

Bluesky

Profile picture fallback
Sami Laiho @samilaiho.com
Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet thehackernews.com/2026/04/mira...
  • 0
  • 0
  • 0
  • 8h ago

CVE-2026-34197

Overview

  • Apache Software Foundation
  • Apache ActiveMQ Broker
  • org.apache.activemq:activemq-broker
07 Apr 2026
Published
17 Apr 2026
Updated
CVSS
Pending
EPSS
46.64%
KEV

Description

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations on all ActiveMQ MBeans (org.apache.activemq:*), including BrokerService.addNetworkConnector(String) and BrokerService.addConnector(String). An authenticated attacker can invoke these operations with a crafted discovery URI that triggers the VM transport's brokerConfig parameter to load a remote Spring XML application context using ResourceXmlApplicationContext. Because Spring's ResourceXmlApplicationContext instantiates all singleton beans before the BrokerService validates the configuration, arbitrary code execution occurs on the broker's JVM through bean factory methods such as Runtime.exec(). This issue affects Apache ActiveMQ Broker: before 5.19.4, from 6.0.0 before 6.2.3; Apache ActiveMQ All: before 5.19.4, from 6.0.0 before 6.2.3; Apache ActiveMQ: before 5.19.4, from 6.0.0 before 6.2.3. Users are recommended to upgrade to version 5.19.4 or 6.2.3, which fixes the issue

Statistics

  • 2 Posts
Last activity: 3 hours ago

Fediverse

Profile picture fallback
Can Artuc @canartuc

CISA added Apache ActiveMQ CVE-2026-34197 to the Known Exploited Vulnerabilities list on April 17 with a federal deadline of April 30. Horizon3's Naveen Sunkavally found the bug by running Claude over the Jolokia code. The flaw has sat in the codebase for 13 years. 8,000+ brokers on the open internet, admin:admin still the common credential. I have watched every real incident start with an unrotated credential, not a zero-day.

#InfoSec #OpenSource #CyberSecurity

  • 0
  • 0
  • 0
  • 10h ago

Bluesky

Profile picture fallback
Philippe Vynckier @pvynckier.bsky.social
Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation thehackernews.com/2026/04/apac...
  • 0
  • 0
  • 0
  • 3h ago

CVE-2026-4440

Overview

  • Google
  • Chrome
20 Mar 2026
Published
21 Mar 2026
Updated
CVSS
Pending
EPSS
0.07%
KEV

Description

Out of bounds read and write in WebGL in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Critical)

Statistics

  • 1 Post
  • 17 Interactions
Last activity: 8 hours ago

Fediverse

Profile picture fallback
Catalin Cimpanu @campuscodi

Exploit code for a recently patched Chrome vulnerability has leaked online via a misconfigured server.

Security firm Breakglass believes the code is the work of a "professional exploit developer," and most intended for "sale or government use."

intel.breakglass.tech/post/cve

  • 9
  • 8
  • 0
  • 8h ago

CVE-2026-27681

Overview

  • SAP_SE
  • SAP Business Planning and Consolidation and SAP Business Warehouse
14 Apr 2026
Published
14 Apr 2026
Updated
CVSS v3.1
CRITICAL (9.9)
EPSS
0.05%
KEV

Description

Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business Warehouse, an authenticated user can execute crafted SQL statements to read, modify, and delete database data. This leads to a high impact on the confidentiality, integrity, and availability of the system.

Statistics

  • 1 Post
  • 4 Interactions
Last activity: 3 hours ago

Fediverse

Profile picture fallback
N_{Dario Fadda} @nuke

Critical SAP SQL Injection CVE-2026-27681 (CVSS 9.9) Exposes Financial Data in Business Planning and Warehouse Systems
#CyberSecurity
securebulletin.com/critical-sa

  • 4
  • 0
  • 0
  • 3h ago

CVE-2026-39973

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
  • 4 Interactions
Last activity: 6 hours ago

Fediverse

Profile picture fallback
iBotPeaches @iBotPeaches

apktool 3.0.2 is out!

- performance boosts
- CVE-2026-39973 fix
- bug fixes for splits & Meta apks

apktool.org/blog/apktool-3.0.2

  • 2
  • 2
  • 0
  • 6h ago

CVE-2026-40342

Overview

  • FirebirdSQL
  • firebird
17 Apr 2026
Published
17 Apr 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
0.08%
KEV

Description

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the external engine plugin loader concatenates a user-supplied engine name into a filesystem path without filtering path separators or .. components. An authenticated user with CREATE FUNCTION privileges can use a crafted ENGINE name to load an arbitrary shared library from anywhere on the filesystem via path traversal. The library's initialization code executes immediately during loading, before Firebird validates the module, achieving code execution as the server's OS account. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.

Statistics

  • 1 Post
  • 4 Interactions
Last activity: 23 hours ago

Fediverse

Profile picture fallback
Jernej Simončič � @jernej__s

Hey, @cR0w, another ../ for you: vuldb.com/cve/CVE-2026-40342

  • 1
  • 3
  • 0
  • 23h ago

CVE-2026-6570

Overview

  • kodcloud
  • KodExplorer
19 Apr 2026
Published
19 Apr 2026
Updated
CVSS v4.0
MEDIUM (5.1)
EPSS
0.02%
KEV

Description

A security flaw has been discovered in kodcloud KodExplorer up to 4.52. Affected is the function initInstall of the file /app/controller/systemMember.class.php. Performing a manipulation of the argument path results in authorization bypass. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 7 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

CVE-2026-6570 (MEDIUM): kodcloud KodExplorer (v4.0 – 4.52) suffers an auth bypass in initInstall, allowing remote unauthorized access. No fix yet — restrict access & monitor for updates. radar.offseq.com/threat/cve-20

  • 1
  • 1
  • 0
  • 7h ago

CVE-2026-2986

Overview

  • ajay
  • Contextual Related Posts
18 Apr 2026
Published
18 Apr 2026
Updated
CVSS v3.1
MEDIUM (6.4)
EPSS
0.01%
KEV

Description

The Contextual Related Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'other_attributes' parameter in versions up to, and including, 4.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 18 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🛡️ CVE-2026-2986: MEDIUM severity Stored XSS in Contextual Related Posts plugin (≤4.2.1) for WordPress. Contributor+ users can inject scripts — risk to all page viewers. Restrict access & monitor for patches. radar.offseq.com/threat/cve-20

  • 0
  • 1
  • 0
  • 18h ago

CVE-2026-26144

Overview

  • Microsoft
  • Microsoft 365 Apps for Enterprise
10 Mar 2026
Published
14 Apr 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.10%
KEV

Description

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 9 hours ago

Bluesky

Profile picture fallback
Cybersecurity News Everyday @hendryadrian.bsky.social
Microsoft patched CVE-2026-26144, an XSS flaw in Excel that exploits Copilot Agent to silently exfiltrate data. AI amplifies classic vulnerabilities, requiring new monitoring and egress controls. #AIExploits #DataLeak #USA
  • 0
  • 1
  • 0
  • 9h ago
Showing 1 to 10 of 36 CVEs