24h | 7d | 30d

CVE-2024-3721

Overview

  • TBK
  • DVR-4104
13 Apr 2024
Published
01 Aug 2024
Updated
CVSS v3.1
MEDIUM (6.3)
EPSS
83.86%
KEV

Description

A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing of the file /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___. The manipulation of the argument mdb/mdc leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260573 was assigned to this vulnerability.

Statistics

  • 4 Posts
  • 2 Interactions
Last activity: 5 hours ago

Fediverse

Profile picture fallback
jbz @jbz

☣️ Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet

「 The attack activity outlined by Fortinet involves the exploitation of CVE-2024-3721 to obtain and drop a downloader script, which then launches the botnet payload based on the Linux system's architecture. Once the malware is executed, it displays a message stating "nexuscorp has taken control." 」

thehackernews.com/2026/04/mira

#iot #ddos #botnet #cybersecurity

  • 2
  • 0
  • 0
  • 10h ago

Bluesky

Profile picture fallback
Sami Laiho @samilaiho.com
Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet thehackernews.com/2026/04/mira...
  • 0
  • 0
  • 0
  • 22h ago
Profile picture fallback
キタきつね @kitafox.bsky.social
Miraiの亜種NexcoriumがCVE-2024-3721を悪用し、TBK DVRを乗っ取ってDDoSボットネットを構築 Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet #HackerNews (Apr 18) thehackernews.com/2026/04/mira...
  • 0
  • 0
  • 0
  • 11h ago
Profile picture fallback
ReconBee @reconbee.bsky.social
Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet reconbee.com/mirai-varian... #mirai #nexcorium #DDoSbotnet #botnet #TBK #DVR #hijack #cyberattack
  • 0
  • 0
  • 0
  • 5h ago

CVE-2026-33829

Overview

  • Microsoft
  • Windows 10 Version 1607
14 Apr 2026
Published
17 Apr 2026
Updated
CVSS v3.1
MEDIUM (4.3)
EPSS
0.06%
KEV

Description

Exposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauthorized attacker to perform spoofing over a network.

Statistics

  • 2 Posts
  • 7 Interactions
Last activity: 17 hours ago

Fediverse

Profile picture fallback
Bezpieka Nadaje @bezpieka

CVE-2026-33829 - kolejny ciekawy błąd w Windowsie.
Jeżeli masz zainstalowane "Narzędzie Wycinanie" (a najprawdopodobniej masz) - wystarczy, że wejdziesz na spreparowaną stronę internetową, żeby Twoje hasło do Windowsa (hash NTLM) popłynęło na serwer atakującego.

  • 5
  • 2
  • 0
  • 23h ago

Bluesky

Profile picture fallback
Undercode Testing @undercode.bsky.social
CVE-2026-33829: “One Click to Own the Domain” — How a Built‑In Windows Tool Leaks Your NTLMv2 Hash + Video Introduction A newly disclosed vulnerability (CVE‑2026‑33829) in the Windows Snipping Tool allows an attacker to silently steal a user’s NTLMv2 password hash over a network using a single…
  • 0
  • 0
  • 0
  • 17h ago

CVE-2026-4440

Overview

  • Google
  • Chrome
20 Mar 2026
Published
21 Mar 2026
Updated
CVSS
Pending
EPSS
0.07%
KEV

Description

Out of bounds read and write in WebGL in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Critical)

Statistics

  • 1 Post
  • 18 Interactions
Last activity: 23 hours ago

Fediverse

Profile picture fallback
Catalin Cimpanu @campuscodi

Exploit code for a recently patched Chrome vulnerability has leaked online via a misconfigured server.

Security firm Breakglass believes the code is the work of a "professional exploit developer," and most intended for "sale or government use."

intel.breakglass.tech/post/cve

  • 10
  • 8
  • 0
  • 23h ago

CVE-2026-34197

Overview

  • Apache Software Foundation
  • Apache ActiveMQ Broker
  • org.apache.activemq:activemq-broker
07 Apr 2026
Published
17 Apr 2026
Updated
CVSS
Pending
EPSS
46.64%
KEV

Description

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations on all ActiveMQ MBeans (org.apache.activemq:*), including BrokerService.addNetworkConnector(String) and BrokerService.addConnector(String). An authenticated attacker can invoke these operations with a crafted discovery URI that triggers the VM transport's brokerConfig parameter to load a remote Spring XML application context using ResourceXmlApplicationContext. Because Spring's ResourceXmlApplicationContext instantiates all singleton beans before the BrokerService validates the configuration, arbitrary code execution occurs on the broker's JVM through bean factory methods such as Runtime.exec(). This issue affects Apache ActiveMQ Broker: before 5.19.4, from 6.0.0 before 6.2.3; Apache ActiveMQ All: before 5.19.4, from 6.0.0 before 6.2.3; Apache ActiveMQ: before 5.19.4, from 6.0.0 before 6.2.3. Users are recommended to upgrade to version 5.19.4 or 6.2.3, which fixes the issue

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 6 hours ago

Fediverse

Profile picture fallback
ThreatNoir @threatnoir

2026-W16 — Weekly Threat Roundup

🚨 Critical Apache ActiveMQ flaw (CVE-2026-34197) actively exploited after 13-year dormancy, now on CISA KEV catalog
🏛️ Operation PowerOFF dismantles 53 DDoS-for-hire domains, arrests 4, exposes 3M criminal accounts across 21 countries
🔍 Three Windows zero-days (BlueHammer, RedSun, UnDefend) acti…

threatnoir.com/weekly/2026-w16

  • 0
  • 0
  • 0
  • 6h ago

Bluesky

Profile picture fallback
Philippe Vynckier @pvynckier.bsky.social
Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation thehackernews.com/2026/04/apac...
  • 0
  • 1
  • 0
  • 18h ago

CVE-2026-23500

Overview

  • Dolibarr
  • dolibarr
17 Apr 2026
Published
18 Apr 2026
Updated
CVSS v4.0
CRITICAL (9.4)
EPSS
0.35%
KEV

Description

Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. In versions prior to 23.0.0 , the ODT to PDF conversion process in odf.php concatenates the MAIN_ODT_AS_PDF configuration constant directly into a shell command passed to exec() without sanitization. An authenticated administrator can inject arbitrary OS commands via this constant using command separators, achieving remote code execution as the web server user when any ODT template is generated. This issue has been fixed in version 23.0.0.

Statistics

  • 2 Posts
Last activity: 9 hours ago

Bluesky

Profile picture fallback
nixpkgs security changes @nixpkgssecuritychanges.gerbet.me
[25.11] dolibarr: add CVE-2026-23500 to knownVulnerabilities https://github.com/NixOS/nixpkgs/pull/511496 https://tracker.security.nixos.org/issues/NIXPKGS-2026-1156 #security
  • 0
  • 0
  • 0
  • 16h ago
Profile picture fallback
nixpkgs prs bot @nixpkgs-prs-bot.bsky.social
#511519 qwen-code: 0.14.3 -> 0.14.5 #511510 python3Packages.contourpy: fix cross #511504 plexamp: 4.13.0 -> 4.13.1 #511500 resterm: 0.26.2 -> 0.28.2 #511496 [25.11] dolibarr: add CVE-2026-23500 to knownVulnerabilities #511493 python3Packages.mhcflurry: 2.2.0 -> 2.2.1
  • 0
  • 0
  • 0
  • 9h ago

CVE-2026-40175

Overview

  • axios
  • axios
10 Apr 2026
Published
16 Apr 2026
Updated
CVSS v3.1
MEDIUM (4.8)
EPSS
0.14%
KEV

Description

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.3.1, the Axios library is vulnerable to a specific "Gadget" attack chain that allows Prototype Pollution in any third-party dependency to be escalated into Remote Code Execution (RCE) or Full Cloud Compromise (via AWS IMDSv2 bypass). This vulnerability is fixed in 1.15.0 and 0.3.1.

Statistics

  • 2 Posts
Last activity: 8 hours ago

Bluesky

Profile picture fallback
ひよどりBasist @visualbasist.bsky.social
あまりに高すぎたAxiosのCVE-2026-40175 CVSSが4.8に下げられてたv3.1で下げるとしたらACかなと思ってたけど影響も下げられてる
  • 0
  • 0
  • 0
  • 18h ago
Profile picture fallback
technews4869 @technews4869.bsky.social
www.aikido.dev/blog/axios-... Axios CVE-2026-40175: a critical bug that’s… not exploitable
  • 0
  • 0
  • 0
  • 8h ago

CVE-2026-33824

Overview

  • Microsoft
  • Windows 10 Version 1607
14 Apr 2026
Published
17 Apr 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.07%
KEV

Description

Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network.

Statistics

  • 2 Posts
Last activity: 4 hours ago

Bluesky

Profile picture fallback
OpsMatters @handle.invalid
The latest update for #Sentrium includes "#Windows IKE Service Extensions Vulnerability Enables Remote Code Execution (CVE-2026-33824)" and "How to prepare for SOC 2 #penetrationtesting". #Cybersecurity #PenTesting #infosec https://opsmtrs.com/3aPKkxS
  • 0
  • 0
  • 0
  • 4h ago
Profile picture fallback
セキュリティ対策Lab @securitylab-jp.bsky.social
Microsoft、2026年4月の定例パッチを公開-CVE-2026-33824とCVE-2026-33827などの脆弱性を修正 rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #security #securitynews
  • 0
  • 0
  • 0
  • 11h ago

CVE-2026-27681

Overview

  • SAP_SE
  • SAP Business Planning and Consolidation and SAP Business Warehouse
14 Apr 2026
Published
14 Apr 2026
Updated
CVSS v3.1
CRITICAL (9.9)
EPSS
0.05%
KEV

Description

Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business Warehouse, an authenticated user can execute crafted SQL statements to read, modify, and delete database data. This leads to a high impact on the confidentiality, integrity, and availability of the system.

Statistics

  • 1 Post
  • 4 Interactions
Last activity: 18 hours ago

Fediverse

Profile picture fallback
N_{Dario Fadda} @nuke

Critical SAP SQL Injection CVE-2026-27681 (CVSS 9.9) Exposes Financial Data in Business Planning and Warehouse Systems
#CyberSecurity
securebulletin.com/critical-sa

  • 4
  • 0
  • 0
  • 18h ago

CVE-2026-39973

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
  • 4 Interactions
Last activity: 21 hours ago

Fediverse

Profile picture fallback
iBotPeaches @iBotPeaches

apktool 3.0.2 is out!

- performance boosts
- CVE-2026-39973 fix
- bug fixes for splits & Meta apks

apktool.org/blog/apktool-3.0.2

  • 2
  • 2
  • 0
  • 21h ago

CVE-2026-6570

Overview

  • kodcloud
  • KodExplorer
19 Apr 2026
Published
19 Apr 2026
Updated
CVSS v4.0
MEDIUM (5.1)
EPSS
0.02%
KEV

Description

A security flaw has been discovered in kodcloud KodExplorer up to 4.52. Affected is the function initInstall of the file /app/controller/systemMember.class.php. Performing a manipulation of the argument path results in authorization bypass. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 21 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

CVE-2026-6570 (MEDIUM): kodcloud KodExplorer (v4.0 – 4.52) suffers an auth bypass in initInstall, allowing remote unauthorized access. No fix yet — restrict access & monitor for updates. radar.offseq.com/threat/cve-20

  • 1
  • 1
  • 0
  • 21h ago
Showing 1 to 10 of 43 CVEs