24h | 7d | 30d

CVE-2026-43824

Overview

  • argoproj
  • Argo CD
02 May 2026
Published
02 May 2026
Updated
CVSS v3.1
HIGH (7.7)
EPSS
0.01%
KEV

Description

In Argo CD 3.2.0 before 3.2.11 and 3.3.0 before 3.3.9, ServerSideDiff allows reading cleartext Kubernetes Secret data.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 11 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

⚠️ HIGH-severity vuln (CVE-2026-43824) in Argo CD 3.2.0 – 3.2.10 & 3.3.0 – 3.3.8: ServerSideDiff leaks cleartext Kubernetes Secrets. Restrict feature use & monitor for patches. Details: radar.offseq.com/threat/cve-20

  • 0
  • 1
  • 0
  • 11h ago

CVE-2023-4966

Overview

  • Citrix
  • NetScaler ADC
10 Oct 2023
Published
21 Oct 2025
Updated
CVSS v3.1
CRITICAL (9.4)
EPSS
94.35%
KEV

Description

Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA  virtual server.

Statistics

  • 1 Post
Last activity: 17 hours ago

Fediverse

Profile picture fallback
Michael I Ransier @thecybermind

CVE‑2023‑4966 remains actively exploited in Citrix NetScaler ADC environments. This critical session hijacking vulnerability enables unauthenticated attackers to obtain authenticated access. Our latest Threat Brief outlines risk impact, exploitation context, and required mitigation actions.

thecybermind.co/2026/05/01/cit

  • 0
  • 0
  • 0
  • 17h ago

CVE-2026-42779

Overview

  • Apache Software Foundation
  • Apache MINA
  • org.apache.mina:mina-core
01 May 2026
Published
02 May 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.14%
KEV

Description

The fix for CVE-2026-41635 was not applied to the 2.1.X and 2.2.X branches. Here was the original issue description: Apache MINA's AbstractIoBuffer.resolveClass() contains two branches, one of them (for static classes or primitive types) does not check the class at all, bypassing the classname allowlist and allowing arbitrary code to be executed. The fix checks if the class is present in the accepted class filter before calling Class.forName(). Affected versions are Apache MINA 2.1.0 <= 2.1.11, and 2.2.0 <= 2.2.6. The problem is resolved in Apache MINA 2.1.12, and 2.2.7 by applying the classname allowlist earlier. Affected are applications using Apache MINA that call IoBuffer.getObject(). Applications using Apache MINA are advised to upgrade.

Statistics

  • 1 Post
Last activity: 14 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🚨 CRITICAL: CVE-2026-42779 in Apache MINA (2.1.0 – 2.1.11 & 2.2.0 – 2.2.6) enables remote code execution via deserialization of untrusted data. Upgrade to 2.1.12/2.2.7 now! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 14h ago

CVE-2026-32201

Overview

  • Microsoft
  • Microsoft SharePoint Enterprise Server 2016
14 Apr 2026
Published
30 Apr 2026
Updated
CVSS v3.1
MEDIUM (6.5)
EPSS
7.94%
KEV

Description

Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

Statistics

  • 1 Post
Last activity: 18 hours ago

Bluesky

Profile picture fallback
NEWSTECNICAS | Tecnología , IA y Gaming @newstecnicas.info.ve
⚠️ SharePoint CVE-2026-32201 Alerta: Guía de mitigación para bloquear el exploit sin romper tu flujo de trabajo www.newstecnicas.info.ve/2026/04/shar...
  • 0
  • 0
  • 0
  • 18h ago

CVE-2026-42167

Overview

  • ProFTPD
  • ProFTPD
28 Apr 2026
Published
01 May 2026
Updated
CVSS v3.1
HIGH (8.1)
EPSS
5.46%
KEV

Description

mod_sql in ProFTPD before 1.3.9a allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands (e.g., COPY TO PROGRAM).

Statistics

  • 1 Post
Last activity: 22 hours ago

Bluesky

Profile picture fallback
r/blueteamsec bot @r-blueteamsec.bsky.social
CVE-2026-42167 Allows Auth Bypass And RCE In ProFTPD - in an extension, not core
  • 0
  • 0
  • 0
  • 22h ago

CVE-2026-4882

Overview

  • WPEverest
  • User Registration Advanced Fields
02 May 2026
Published
02 May 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.06%
KEV

Description

The User Registration Advanced Fields plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'URAF_AJAX::method_upload' function in all versions up to, and including, 1.6.20. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. Note: The vulnerability can only be exploited if a "Profile Picture" field is added to the form.

Statistics

  • 1 Post
Last activity: 8 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🚨 CRITICAL: CVE-2026-4882 in WPEverest User Registration Advanced Fields ≤1.6.20 lets unauthenticated attackers upload dangerous files via Profile Picture field — possible RCE. Disable this field until patched! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 8h ago

CVE-2026-5324

Overview

  • themefusecom
  • Brizy – Page Builder
02 May 2026
Published
02 May 2026
Updated
CVSS v3.1
HIGH (7.2)
EPSS
0.09%
KEV

Description

The Brizy – Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to, and including, 2.8.11 This is due to a combination of missing nonce verification for unauthenticated form submissions, insufficient handling of FileUpload fields when no file is uploaded, and the reversal of security encoding via html_entity_decode() followed by unescaped output in the admin view. The submit_form() function skips nonce verification for non-logged-in users (api.php:198). The handleFileTypeFields() function fails to overwrite user-supplied values when no file is attached. While htmlentities() is applied during storage, html_entity_decode() reverses this on display (form-entries.php:79). The form-data.php template outputs FileUpload values directly in href attributes without esc_url(). This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute when an administrator views the form Leads page.

Statistics

  • 1 Post
Last activity: 5 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🔎 CVE-2026-5324: HIGH (CVSS 7.2) XSS in Brizy – Page Builder (≤2.8.11) lets unauth'd attackers inject scripts into form data. Admins risk session hijack viewing Leads. Restrict access, monitor for patches. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 5h ago

CVE-2026-4670

Overview

  • Progress Software
  • MOVEit Automation
30 Apr 2026
Published
01 May 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.07%
KEV

Description

Authentication bypass by primary weakness vulnerability in Progress Software MOVEit Automation allows Authentication Bypass. This issue affects MOVEit Automation: from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0.

Statistics

  • 1 Post
Last activity: 22 hours ago

Fediverse

Profile picture fallback
CyberNetsecIO @netsecio

📰 MOVEit Automation Hit with Critical 9.8 CVSS Auth Bypass Flaw (CVE-2026-4670)

🚨 URGENT PATCH: A critical 9.8 CVSS auth bypass (CVE-2026-4670) is found in MOVEit Automation. Attacker could gain admin control. Given MOVEit's history, this is a major risk. Upgrade immediately! #MOVEit #CyberSecurity #Vulnerability #PatchNow

🔗 cyber.netsecops.io

  • 0
  • 0
  • 0
  • 22h ago

CVE-2026-7458

Overview

  • pickplugins
  • User Verification by PickPlugins
02 May 2026
Published
02 May 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.06%
KEV

Description

The User Verification by PickPlugins plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.0.46. This is due to the use of a loose PHP comparison operator to validate OTP codes in the "user_verification_form_wrap_process_otpLogin" function. This makes it possible for unauthenticated attackers to log in as any user with a verified email address, such as an administrator, by submitting a "true" OTP value.

Statistics

  • 1 Post
Last activity: 7 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🚨 CRITICAL: CVE-2026-7458 in User Verification by PickPlugins (≤2.0.46) enables auth bypass via weak OTP checks. Attackers can log in as any verified user, including admins. No patch yet — disable or restrict plugin! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 7h ago

CVE-2026-4539

Overview

  • pygments
22 Mar 2026
Published
23 Mar 2026
Updated
CVSS v4.0
MEDIUM (4.8)
EPSS
0.01%
KEV

Description

A security flaw has been discovered in pygments up to 2.19.2. The impacted element is the function AdlLexer of the file pygments/lexers/archetype.py. The manipulation results in inefficient regular expression complexity. The attack is only possible with local access. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

Statistics

  • 1 Post
Last activity: 22 hours ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
New guide: Understand & fix ReDoS in Pygments (CVE-2026-4539) on openSUSE. Includes verification commands, automation script, and 5 mitigation strategies when you can't patch. Read more-> tinyurl.com/muhbwmf5 #openSUSE
  • 0
  • 0
  • 0
  • 22h ago
Showing 11 to 20 of 27 CVEs