Overview
Description
A vulnerability was found in Tenda F453 1.0.0.3. This issue affects the function frmL7ImForm of the file /goform/L7Im. The manipulation of the argument page results in buffer overflow. The attack may be launched remotely. The exploit has been made public and could be used.
Statistics
- 1 Post
- 1 Interaction
Last activity: 15 hours ago
Fediverse
🚨 CVE-2026-3380: HIGH-severity buffer overflow in Tenda F453 (v1.0.0.3). Remotely exploitable, no auth needed — PoC public. Isolate devices, restrict WAN, monitor for /goform/L7Im traffic. Patch pending. https://radar.offseq.com/threat/cve-2026-3380-buffer-overflow-in-tenda-f453-54481f34 #OffSeq #Vulnerability #Tenda #InfoSec
Overview
Description
Plane is an an open-source project management tool. Prior to version 1.2.2, a Full Read Server-Side Request Forgery (SSRF) vulnerability has been identified in the "Add Link" feature. This flaw allows an authenticated attacker with general user privileges to send arbitrary GET requests to the internal network and exfiltrate the full response body. By exploiting this vulnerability, an attacker can steal sensitive data from internal services and cloud metadata endpoints. Version 1.2.2 fixes the issue.
Statistics
- 1 Post
- 1 Interaction
Last activity: 19 hours ago
Overview
Description
Out of bounds read in Media in Google Chrome prior to 145.0.7632.116 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
Statistics
- 1 Post
- 1 Interaction
Last activity: 2 hours ago
Overview
- statamic
- cms
24 Feb 2026
Published
27 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.3)
EPSS
0.01%
KEV
Description
Statmatic is a Laravel and Git powered content management system (CMS). Prior to versions 6.3.3 and 5.73.10, an attacker may leverage a vulnerability in the password reset feature to capture a user's token and reset the password on their behalf. The attacker must know the email address of a valid account on the site, and the actual user must blindly click the link in their email even though they didn't request the reset. This has been fixed in 6.3.3 and 5.73.10.
Statistics
- 1 Post
- 1 Interaction
Last activity: 2 hours ago
Overview
Description
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of the hardcoded credential could potentially exploit this vulnerability leading to unauthorized access to the underlying operating system and root-level persistence. Dell recommends that customers upgrade or apply one of the remediations as soon as possible.
Statistics
- 1 Post
- 1 Interaction
Last activity: 10 hours ago
Fediverse
Chinese hackers exploiting Dell zero-day flaw since mid-2024! #Cybersecurity #China
Overview
Description
This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.
Statistics
- 1 Post
- 1 Interaction
Last activity: 2 hours ago
Overview
- evershopcommerce
- evershop
26 Feb 2026
Published
27 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.04%
KEV
Description
EverShop is a TypeScript-first eCommerce platform. Versions prior to 2.1.1 have a vulnerability in the "Forgot Password" functionality. When specifying a target email address, the API response returns the password reset token. This allows an attacker to take over the associated account. Version 2.1.1 fixes the issue.
Statistics
- 1 Post
- 1 Interaction
Last activity: 23 hours ago
Overview
- hoppscotch
- hoppscotch
26 Feb 2026
Published
26 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.1)
EPSS
0.06%
KEV
Description
hoppscotch is an open source API development ecosystem. Prior to version 2026.2.0, an unauthenticated attacker can overwrite the entire infrastructure configuration of a self-hosted Hoppscotch instance including OAuth provider credentials and SMTP settings by sending a single HTTP POST request with no authentication. The endpoint POST /v1/onboarding/config has no authentication guard and performs no check on whether onboarding was already completed. A successful exploit allows the attacker to replace the instance's Google/GitHub/Microsoft OAuth application credentials with their own, causing all subsequent user logins via SSO to authenticate against the attacker's OAuth app. The attacker captures OAuth tokens and email addresses of every user who logs in after the exploit. Additionally, the endpoint returns a recovery token that can be used to read all stored secrets in plaintext, including SMTP passwords and any other configured credentials. Version 2026.2.0 fixes the issue.
Statistics
- 1 Post
- 1 Interaction
Last activity: 7 hours ago
Overview
- PHP Jabbers
- Taxi Booking
03 Aug 2023
Published
11 Oct 2024
Updated
CVSS v3.1
MEDIUM (4.3)
EPSS
25.35%
KEV
Description
A vulnerability classified as problematic was found in PHP Jabbers Taxi Booking 2.0. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-235963. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Statistics
- 1 Post
- 1 Interaction
Last activity: 7 hours ago
Fediverse
This week's biggest security fails include the emergence of Hot Dog Bots that can devour a 12-oz bun in under 8 minutes, but what's less funny is the alarming rate of exploited vulnerabilities like the recently patched CVE-2023-4116 in Windows Server.
Meanwhile,...
Read more: https://steelefortress.com/o629yr
Overview
Description
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an authorization bypass vulnerability in the patient portal signature endpoint allows authenticated portal users to upload and overwrite provider signatures by setting `type=admin-signature` and specifying any provider user ID. This could potentially lead to signature forgery on medical documents, legal compliance violations, and fraud. The issue occurs when portal users are allowed to modify provider signatures without proper authorization checks. Version 8.0.0 fixes the issue.
Statistics
- 1 Post
- 1 Interaction
Last activity: 17 hours ago