24h | 7d | 30d

Overview

  • TBK
  • DVR-4104

13 Apr 2024
Published
01 Aug 2024
Updated

CVSS v3.1
MEDIUM (6.3)
EPSS
83.86%

KEV

Description

A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing of the file /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___. The manipulation of the argument mdb/mdc leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260573 was assigned to this vulnerability.

Statistics

  • 7 Posts
  • 5 Interactions

Last activity: 1 hour ago

Fediverse

Profile picture fallback

☣️ Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet

「 The attack activity outlined by Fortinet involves the exploitation of CVE-2024-3721 to obtain and drop a downloader script, which then launches the botnet payload based on the Linux system's architecture. Once the malware is executed, it displays a message stating "nexuscorp has taken control." 」

thehackernews.com/2026/04/mira

#iot #ddos #botnet #cybersecurity

  • 2
  • 0
  • 0
  • 17h ago
Profile picture fallback

Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet thehackernews.com/2026/04/mira

  • 1
  • 1
  • 1
  • 2h ago
Profile picture fallback

FortiGuard Labs tracks , a Mirai variant targeting TBK DVRs via CVE-2024-3721. It uses aggressive persistence (systemd, cron) and wide-ranging DDoS vectors. Check your IoT logs for "X-Hacked-By" headers.

Details: fortinet.com/blog/threat-resea

What’s your take?

  • 1
  • 0
  • 0
  • 1h ago

Bluesky

Profile picture fallback
Miraiの亜種NexcoriumがCVE-2024-3721を悪用し、TBK DVRを乗っ取ってDDoSボットネットを構築 Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet #HackerNews (Apr 18) thehackernews.com/2026/04/mira...
  • 0
  • 0
  • 0
  • 18h ago
Profile picture fallback
Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet reconbee.com/mirai-varian... #mirai #nexcorium #DDoSbotnet #botnet #TBK #DVR #hijack #cyberattack
  • 0
  • 0
  • 0
  • 11h ago
Profile picture fallback
Nexcorium, a new Mirai variant, is exploiting TBK DVRs (CVE-2024-3721). It features robust persistence and multi-architecture support for large-scale DDoS. Are we doing enough to secure the IoT edge? Comment your opinion. #CyberSecurity #IoT #Malware
  • 0
  • 0
  • 0
  • 1h ago

Overview

  • Fortinet
  • FortiClientEMS

04 Apr 2026
Published
07 Apr 2026
Updated

CVSS v3.1
CRITICAL (9.1)
EPSS
25.26%

Description

A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.

Statistics

  • 2 Posts
  • 11 Interactions

Last activity: 1 hour ago

Fediverse

Profile picture fallback

Fortinet FortiClientEMS Under Active Attack: Critical CVE-2026-35616 (CVSS 9.1) Added to CISA KEV Catalog
#CyberSecurity
securebulletin.com/fortinet-fo

  • 4
  • 0
  • 0
  • 5h ago

Bluesky

Profile picture fallback
We added CVE-2026-35616 scans based on the vulnerability detector developed by Bishop Fox bishopfox.com/blog/api-aut.... Over 60 IPs still assessed as vulnerable: dashboard.shadowserver.org/statistics/c... Data shared daily in our Vulnerable HTTP reporting: shadowserver.org/what-we-do/n...
  • 2
  • 5
  • 0
  • 1h ago

Overview

  • Dolibarr
  • dolibarr

17 Apr 2026
Published
18 Apr 2026
Updated

CVSS v4.0
CRITICAL (9.4)
EPSS
0.35%

KEV

Description

Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. In versions prior to 23.0.0 , the ODT to PDF conversion process in odf.php concatenates the MAIN_ODT_AS_PDF configuration constant directly into a shell command passed to exec() without sanitization. An authenticated administrator can inject arbitrary OS commands via this constant using command separators, achieving remote code execution as the web server user when any ODT template is generated. This issue has been fixed in version 23.0.0.

Statistics

  • 2 Posts

Last activity: 16 hours ago

Bluesky

Profile picture fallback
[25.11] dolibarr: add CVE-2026-23500 to knownVulnerabilities https://github.com/NixOS/nixpkgs/pull/511496 https://tracker.security.nixos.org/issues/NIXPKGS-2026-1156 #security
  • 0
  • 0
  • 0
  • 22h ago
Profile picture fallback
#511519 qwen-code: 0.14.3 -> 0.14.5 #511510 python3Packages.contourpy: fix cross #511504 plexamp: 4.13.0 -> 4.13.1 #511500 resterm: 0.26.2 -> 0.28.2 #511496 [25.11] dolibarr: add CVE-2026-23500 to knownVulnerabilities #511493 python3Packages.mhcflurry: 2.2.0 -> 2.2.1
  • 0
  • 0
  • 0
  • 16h ago

Overview

  • Microsoft
  • Windows 10 Version 1607

14 Apr 2026
Published
17 Apr 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.10%

KEV

Description

Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network.

Statistics

  • 2 Posts

Last activity: 11 hours ago

Bluesky

Profile picture fallback
The latest update for #Sentrium includes "#Windows IKE Service Extensions Vulnerability Enables Remote Code Execution (CVE-2026-33824)" and "How to prepare for SOC 2 #penetrationtesting". #Cybersecurity #PenTesting #infosec https://opsmtrs.com/3aPKkxS
  • 0
  • 0
  • 0
  • 11h ago
Profile picture fallback
Microsoft、2026年4月の定例パッチを公開-CVE-2026-33824とCVE-2026-33827などの脆弱性を修正 rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #security #securitynews
  • 0
  • 0
  • 0
  • 17h ago

Overview

  • Pending

10 Aug 2005
Published
07 Aug 2024
Updated

CVSS
Pending
EPSS
3.76%

KEV

Description

Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.

Statistics

  • 1 Post
  • 8 Interactions

Last activity: 3 hours ago

Fediverse

Profile picture fallback

CVE-2005-2541 feels like a good example for some of what is wrong with CVSS :blobCat_eyes:

  • 2
  • 6
  • 0
  • 3h ago

Overview

  • langflow-ai
  • langflow

02 Jan 2026
Published
26 Feb 2026
Updated

CVSS v4.0
HIGH (8.8)
EPSS
6.97%

KEV

Description

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0.dev45, multiple critical API endpoints in Langflow are missing authentication controls. The issue allows any unauthenticated user to access sensitive user conversation data, transaction histories, and perform destructive operations including message deletion. This affects endpoints handling personal data and system operations that should require proper authorization. Version 1.7.0.dev45 contains a patch.

Statistics

  • 2 Posts
  • 2 Interactions

Last activity: 5 hours ago

Fediverse

Profile picture fallback

🚨 In this week’s newsletter, we cover CVE-2026-21445, a Langflow authentication bypass now under active exploitation. We break down how PoCs turned into real attacks and what defenders should do next.

Read the full analysis and protect your systems 👉 crowdsec.net/vulntracking-repo

  • 1
  • 1
  • 1
  • 5h ago

Overview

  • sagredo
  • qmail

16 Apr 2026
Published
18 Apr 2026
Updated

CVSS v3.1
HIGH (8.1)
EPSS
0.10%

KEV

Description

sagredo qmail before 2026.04.07 allows tls_quit remote code execution because of popen in notlshosts_auto in qmail-remote.c.

Statistics

  • 2 Posts
  • 1 Interaction

Last activity: 3 hours ago

Fediverse

Profile picture fallback
Command injection in a qmail fork (not the original!) - CVE-2026-41113:

"On the wire, a DNS label is just a length byte followed by up to 63 arbitrary bytes; RFC 1035 lets you put nearly anything in there, and most recursive resolvers will happily pass it through."

https://blog.calif.io/p/we-asked-claude-to-audit-sagredos

#LLM
  • 1
  • 0
  • 1
  • 3h ago

Overview

  • modelscope
  • agentscope

20 Apr 2026
Published
20 Apr 2026
Updated

CVSS v4.0
MEDIUM (6.9)
EPSS
0.04%

KEV

Description

A vulnerability was determined in modelscope agentscope up to 1.0.18. Affected by this vulnerability is the function execute_python_code/execute_shell_command of the file src/AgentScope/tool/_coding/_python.py. This manipulation causes code injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 8 hours ago

Bluesky

Profile picture fallback
AI agents that can execute code introduce a new attack surface. CVE-2026-6603 shows how ModelScope AgentScope allows remote code injection via Python execution functions. 🔗 basefortify.eu/cve_reports/... #CyberSecurity #AI #CVE
  • 0
  • 1
  • 0
  • 8h ago

Overview

  • Microsoft
  • Windows 10 Version 1607

14 Apr 2026
Published
17 Apr 2026
Updated

CVSS v3.1
MEDIUM (4.3)
EPSS
0.07%

KEV

Description

Exposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauthorized attacker to perform spoofing over a network.

Statistics

  • 1 Post

Last activity: 23 hours ago

Bluesky

Profile picture fallback
CVE-2026-33829: “One Click to Own the Domain” — How a Built‑In Windows Tool Leaks Your NTLMv2 Hash + Video Introduction A newly disclosed vulnerability (CVE‑2026‑33829) in the Windows Snipping Tool allows an attacker to silently steal a user’s NTLMv2 password hash over a network using a single…
  • 0
  • 0
  • 0
  • 23h ago

Overview

  • Pending

17 Apr 2020
Published
05 May 2025
Updated

CVSS v3.0
MEDIUM (5.9)
EPSS
Pending

KEV

Description

ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp.

Statistics

  • 1 Post

Last activity: Last hour

Bluesky

Profile picture fallback
~Cybergcca~ CCCS issued 6 security advisories covering critical updates for IBM, Dell, Ubuntu, Red Hat, Moxa, and CISA ICS products. - IOCs: CVE-2020-11868 - #PatchNow #ThreatIntel #Vulnerability
  • 0
  • 0
  • 0
  • Last hour
Showing 1 to 10 of 38 CVEs