Overview
- WHILL
- Model C2 Electric Wheelchair
05 Jan 2026
Published
05 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.12%
KEV
Description
WHILL Model C2 Electric Wheelchairs and Model F Power Chairs do not enforce authentication for Bluetooth connections. An attacker within range can pair with the device and issue movement commands, override speed restrictions, and manipulate configuration profiles without any credentials or user interaction.
Statistics
- 1 Post
- 1 Interaction
Last activity: 7 hours ago
Overview
Description
Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configured as Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server leading to User Session Mixup
Statistics
- 2 Posts
Last activity: 8 hours ago
Bluesky
Citrix has patched critical vulnerabilities CVE-2026-3055 and CVE-2026-4368 in NetScaler ADC and Gateway appliances, exposing risks of session token theft and session mix-ups. #NetScaler #SAML #USA
Overview
Description
This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.
Statistics
- 2 Posts
Last activity: 15 hours ago
Overview
- Unknown
- PeproDev Ultimate Invoice
25 Mar 2026
Published
25 Mar 2026
Updated
CVSS
Pending
EPSS
0.02%
KEV
Description
The PeproDev Ultimate Invoice WordPress plugin through 2.2.5 has a bulk download invoices action that generates ZIP archives containing exported invoice PDFs. The ZIP files are named predictably making it possible to brute force and retreive PII.
Statistics
- 1 Post
Last activity: 20 hours ago
Fediverse
⚠️ HIGH: CVE-2026-2343 in PeproDev Ultimate Invoice ≤2.2.5 exposes PII via predictable ZIP archive names in bulk downloads. No auth needed — risk of mass data leaks! Disable feature, restrict access, monitor logs. https://radar.offseq.com/threat/cve-2026-2343-cwe-200-information-exposure-in-pepr-b24bfe87 #OffSeq #WordPress #Vuln
Overview
Description
This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.
Statistics
- 2 Posts
Last activity: 18 hours ago
Overview
Description
A security flaw has been discovered in pygments up to 2.19.2. The impacted element is the function AdlLexer of the file pygments/lexers/archetype.py. The manipulation results in inefficient regular expression complexity. The attack is only possible with local access. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Statistics
- 2 Posts
Last activity: 4 hours ago
Overview
- PTC
- Windchill PDMLink
23 Mar 2026
Published
24 Mar 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.38%
KEV
Description
A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data.
This issue affects Windchill PDMLink: 11.0 M030, 11.1 M020, 11.2.1.0, 12.0.2.0, 12.1.2.0, 13.0.2.0, 13.1.0.0, 13.1.1.0, 13.1.2.0, 13.1.3.0; FlexPLM: 11.0 M030, 11.1 M020, 11.2.1.0, 12.0.0.0, 12.0.2.0, 12.0.3.0, 12.1.2.0, 12.1.3.0, 13.0.2.0, 13.0.3.0.
Statistics
- 1 Post
Last activity: 14 hours ago
Overview
- higuma
- web-audio-recorder-js
23 Feb 2026
Published
23 Feb 2026
Updated
CVSS v4.0
LOW (2.3)
EPSS
0.05%
KEV
Description
A vulnerability was identified in higuma web-audio-recorder-js 0.1/0.1.1. Impacted is the function extend in the library lib/WebAudioRecorder.js of the component Dynamic Config Handling. Such manipulation leads to improperly controlled modification of object prototype attributes. It is possible to launch the attack remotely. Attacks of this nature are highly complex. The exploitability is considered difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Statistics
- 1 Post
Last activity: 13 hours ago
Bluesky
Overview
- n8n-io
- n8n
25 Mar 2026
Published
25 Mar 2026
Updated
CVSS v4.0
CRITICAL (9.4)
EPSS
Pending
KEV
Description
n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with permission to create or modify workflows could exploit a prototype pollution vulnerability in the XML and the GSuiteAdmin nodes. By supplying a crafted parameters as part of node configuration, an attacker could write attacker-controlled values onto `Object.prototype`. An attacker could use this prototype pollution to achieve remote code execution on the n8n instance. The issue has been fixed in n8n versions 2.14.1, 2.13.3, and 1.123.27. Users should upgrade to one of these versions or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only, and/or disable the XML node by adding `n8n-nodes-base.xml` to the `NODES_EXCLUDE` environment variable. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.
Statistics
- 1 Post
Last activity: 4 hours ago
Fediverse
🚩 CRITICAL: CVE-2026-33696 in n8n-io n8n (CVSS 9.4) - Prototype pollution enables remote code execution via XML/GSuiteAdmin nodes. Patch to 2.14.1, 2.13.3, or 1.123.27+. Restrict permissions & disable XML node as temp fix. https://radar.offseq.com/threat/cve-2026-33696-cwe-1321-improperly-controlled-modi-9ddf2aba #OffSeq #n8n #CVE2026_33696
Overview
- AWS
- AWS API MCP Server
16 Mar 2026
Published
16 Mar 2026
Updated
CVSS v3.1
MEDIUM (5.5)
EPSS
0.01%
KEV
Description
Improper Protection of Alternate Path exists in the no-access and workdir feature of the AWS API MCP Server versions >= 0.2.14 and < 1.3.9 on all platforms may allow the bypass of intended file access restriction and expose arbitrary local file contents in the MCP client application context.
To remediate this issue, users should upgrade to version 1.3.9.
Statistics
- 1 Post
Last activity: 12 hours ago