CVE-2024-3721

Overview

TBK
DVR-4104

13 Apr 2024

Published

01 Aug 2024

Updated

CVSS v3.1

MEDIUM (6.3)

EPSS

83.86%

MITRE

KEV

Description

A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing of the file /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___. The manipulation of the argument mdb/mdc leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260573 was assigned to this vulnerability.

Statistics

4 Posts
3 Interactions

Last activity: 13 hours ago

Fediverse

Patrick C Miller :donor: @patrickcmiller

Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet https://thehackernews.com/2026/04/mirai-variant-nexcorium-exploits-cve.html

1
1
1
15h ago

TechNadu @technadu

FortiGuard Labs tracks #Nexcorium, a Mirai variant targeting TBK DVRs via CVE-2024-3721. It uses aggressive persistence (systemd, cron) and wide-ranging DDoS vectors. Check your IoT logs for "X-Hacked-By" headers.

Details: https://www.fortinet.com/blog/threat-research/tracking-mirai-variant-nexcorium

What’s your take?

#Botnet #IoT #DDoS #InfoSec

1
0
0
13h ago

Bluesky

TechNadu @technadu.com

Nexcorium, a new Mirai variant, is exploiting TBK DVRs (CVE-2024-3721). It features robust persistence and multi-architecture support for large-scale DDoS. Are we doing enough to secure the IoT edge? Comment your opinion. #CyberSecurity #IoT #Malware

0
0
0
13h ago

CVE-2026-5760

Overview

SGLang
SGLang

20 Apr 2026

Published

20 Apr 2026

Updated

CVSS

Pending

EPSS

Pending

MITRE

KEV

Description

SGLang's reranking endpoint (/v1/rerank) achieves Remote Code Execution (RCE) when a model file containing a malcious tokenizer.chat_template is loaded, as the Jinja2 chat templates are rendered using an unsandboxed jinja2.Environment().

Statistics

3 Posts

Last activity: Last hour

Bluesky

Bitnewsbot @bitnewsbot.bsky.social

A critical vulnerability (CVE-2026-5760) with a CVSS score of 9.8 allows remote code execution in the SGLang framework. The flaw […]

0
0
0
8h ago

キタきつね @kitafox.bsky.social

SGLang CVE-2026-5760 (CVSS 9.8) 悪意のあるGGUFモデルファイルを介してリモートコード実行が可能になる SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files #HackerNews (Apr 20) thehackernews.com/2026/04/sgla...

0
0
0
4h ago

Cybersecurity News Everyday @hendryadrian.bsky.social

A critical command-injection vulnerability CVE-2026-5760 (CVSS 9.8) in SGLang’s /v1/rerank allows RCE via malicious GGUF models using Jinja2 SSTI payloads. Mitigation: use ImmutableSandboxedEnvironment. #SGLangFlaw #RemoteExecution #CERT

0
0
0
Last hour

CVE-2026-35616

Overview

Fortinet
FortiClientEMS

04 Apr 2026

Published

07 Apr 2026

Updated

CVSS v3.1

CRITICAL (9.1)

EPSS

25.26%

MITRE

KEV

Description

A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.

Statistics

2 Posts
13 Interactions

Last activity: 14 hours ago

Fediverse

N_{Dario Fadda} @nuke

Fortinet FortiClientEMS Under Active Attack: Critical CVE-2026-35616 (CVSS 9.1) Added to CISA KEV Catalog
#CyberSecurity
https://securebulletin.com/fortinet-forticlientems-under-active-attack-critical-cve-2026-35616-cvss-9-1-added-to-cisa-kev-catalog/

4
0
0
18h ago

Bluesky

The Shadowserver Foundation @shadowserver.bsky.social

We added CVE-2026-35616 scans based on the vulnerability detector developed by Bishop Fox bishopfox.com/blog/api-aut.... Over 60 IPs still assessed as vulnerable: dashboard.shadowserver.org/statistics/c... Data shared daily in our Vulnerable HTTP reporting: shadowserver.org/what-we-do/n...

3
6
0
14h ago

CVE-2026-34197

Overview

Apache Software Foundation
Apache ActiveMQ Broker
org.apache.activemq:activemq-broker

07 Apr 2026

Published

17 Apr 2026

Updated

CVSS

Pending

EPSS

46.64%

MITRE

KEV

Description

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations on all ActiveMQ MBeans (org.apache.activemq:*), including BrokerService.addNetworkConnector(String) and BrokerService.addConnector(String). An authenticated attacker can invoke these operations with a crafted discovery URI that triggers the VM transport's brokerConfig parameter to load a remote Spring XML application context using ResourceXmlApplicationContext. Because Spring's ResourceXmlApplicationContext instantiates all singleton beans before the BrokerService validates the configuration, arbitrary code execution occurs on the broker's JVM through bean factory methods such as Runtime.exec(). This issue affects Apache ActiveMQ Broker: before 5.19.4, from 6.0.0 before 6.2.3; Apache ActiveMQ All: before 5.19.4, from 6.0.0 before 6.2.3; Apache ActiveMQ: before 5.19.4, from 6.0.0 before 6.2.3. Users are recommended to upgrade to version 5.19.4 or 6.2.3, which fixes the issue

Statistics

3 Posts
7 Interactions

Last activity: 10 hours ago

Fediverse

ThreatNoir @threatnoir

⚠️ CRITICAL: CVE-2026-34197: 13-Year-Old Apache ActiveMQ RCE via Jolokia API Surfaces for In-the-Wild Attacks

Apache ActiveMQ Classic has a 13-year-old RCE vulnerability (CVE-2026-34197) in the Jolokia API that is actively exploited in the wild. Attackers chain vm:// URIs with remote Spring XML configs to execute arbitrary code as the broker process. Any organization running ActiveMQ Classic without the Ap…

https://threatnoir.com/focus

#infosec #cybersecurity

0
0
0
10h ago

Bluesky

The Shadowserver Foundation @shadowserver.bsky.social

We are now scanning daily for CVE-2026-34197 (Apache ActiveMQ Improper Input Validation Vulnerability) which has recently been added to US CISA KEV. 6364 IPs seen vulnerable on 2026-04-19 based on a version check. Dashboard Tree Map view: dashboard.shadowserver.org/statistics/c...

2
5
0
11h ago

The Shadowserver Foundation @shadowserver.bsky.social

IP data shared in our Accessible ActiveMQ reporting www.shadowserver.org/what-we-do/n... For Dashboard viewing, select sources 'activemq' and 'cve-2026-34197' ActiveMQ Security advisory: activemq.apache.org/security-adv... Background with details from Horizon3.ai horizon3.ai/attack-resea...

0
0
0
11h ago

CVE-2026-20147

Overview

Cisco
Cisco Identity Services Engine Software

15 Apr 2026

Published

16 Apr 2026

Updated

CVSS v3.1

CRITICAL (9.9)

EPSS

0.23%

MITRE

KEV

Description

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. In single-node ISE deployments, successful exploitation of this vulnerability could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored.

Statistics

2 Posts

Last activity: 12 hours ago

Bluesky

CyberVeille @cyberveille-ch.bsky.social

📢 Cisco corrige des vulnérabilités critiques dans ISE et Webex permettant RCE et usurpation d'identité 📝 ## 🔍 Contexte Publié l… https://cyberveille.ch/posts/2026-04-20-cisco-corrige-des-vulnerabilites-critiques-dans-ise-et-webex-permettant-rce-et-usurpation-d-identite/ #CVE_2026_20147 #Cyberveille

0
0
0
12h ago

Cybersecurity News Everyday @hendryadrian.bsky.social

Cisco patches critical ISE vulnerabilities (CVE-2026-20147, CVE-2026-20180, CVE-2026-20186) enabling remote code execution, root access, and privilege escalation in Identity Services Engine and Webex Services. #CiscoISE #RemoteCode #USA

0
0
0
22h ago

CVE-2005-2541

Overview

Pending

10 Aug 2005

Published

07 Aug 2024

Updated

CVSS

Pending

EPSS

3.76%

MITRE

KEV

Description

Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.

Statistics

1 Post
9 Interactions

Last activity: 16 hours ago

Fediverse

Aadaliina :blobCat: @ada

CVE-2005-2541 feels like a good example for some of what is wrong with CVSS :blobCat_eyes:

2
7
0
16h ago

CVE-2026-21445

Overview

langflow-ai
langflow

02 Jan 2026

Published

26 Feb 2026

Updated

CVSS v4.0

HIGH (8.8)

EPSS

6.97%

MITRE

KEV

Description

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0.dev45, multiple critical API endpoints in Langflow are missing authentication controls. The issue allows any unauthenticated user to access sensitive user conversation data, transaction histories, and perform destructive operations including message deletion. This affects endpoints handling personal data and system operations that should require proper authorization. Version 1.7.0.dev45 contains a patch.

Statistics

2 Posts
2 Interactions

Last activity: 17 hours ago

Fediverse

CrowdSec @CrowdSec

🚨 In this week’s newsletter, we cover CVE-2026-21445, a Langflow authentication bypass now under active exploitation. We break down how PoCs turned into real attacks and what defenders should do next.

Read the full analysis and protect your systems 👉 https://www.crowdsec.net/vulntracking-report/cve-2026-21445-langflow-authentication-bypass-exploitation

1
1
1
17h ago

CVE-2026-41113

Overview

sagredo
qmail

16 Apr 2026

Published

18 Apr 2026

Updated

CVSS v3.1

HIGH (8.1)

EPSS

0.10%

MITRE

KEV

Description

sagredo qmail before 2026.04.07 allows tls_quit remote code execution because of popen in notlshosts_auto in qmail-remote.c.

Statistics

2 Posts
1 Interaction

Last activity: 16 hours ago

Fediverse

buherator @buherator

Command injection in a qmail fork (not the original!) - CVE-2026-41113:

"On the wire, a DNS label is just a length byte followed by up to 63 arbitrary bytes; RFC 1035 lets you put nearly anything in there, and most recursive resolvers will happily pass it through."

https://blog.calif.io/p/we-asked-claude-to-audit-sagredos

#LLM

1
0
1
16h ago

CVE-2026-6603

Overview

modelscope
agentscope

20 Apr 2026

Published

20 Apr 2026

Updated

CVSS v4.0

MEDIUM (6.9)

EPSS

0.04%

MITRE

KEV

Description

A vulnerability was determined in modelscope agentscope up to 1.0.18. Affected by this vulnerability is the function execute_python_code/execute_shell_command of the file src/AgentScope/tool/_coding/_python.py. This manipulation causes code injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

1 Post
1 Interaction

Last activity: 20 hours ago

Bluesky

BaseFortify.eu @basefortify.bsky.social

AI agents that can execute code introduce a new attack surface. CVE-2026-6603 shows how ModelScope AgentScope allows remote code injection via Python execution functions. 🔗 basefortify.eu/cve_reports/... #CyberSecurity #AI #CVE

0
1
0
20h ago

CVE-2026-5965

Overview

NewSoft
NewSoftOA

21 Apr 2026

Published

21 Apr 2026

Updated

CVSS v4.0

CRITICAL (9.3)

EPSS

Pending

MITRE

KEV

Description

NewSoftOA developed by NewSoft has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server.

Statistics

1 Post
1 Interaction

Last activity: Last hour

Fediverse

OffSequence @offseq

🚨 NewSoftOA faces a critical OS command injection (CVE-2026-5965, CVSS 9.3). Unauthenticated local attackers can run arbitrary OS commands. No patch yet — restrict access & monitor vendor updates! https://radar.offseq.com/threat/cve-2026-5965-cwe-78-improper-neutralization-of-sp-2ef8e92f #OffSeq #Infosec #Vuln

0
1
0
Last hour