24h | 7d | 30d

CVE-2026-40176

Overview

  • composer
  • composer
15 Apr 2026
Published
16 Apr 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.01%
KEV

Description

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::generateP4Command() method, which constructs shell commands by interpolating user-supplied Perforce connection parameters (port, user, client) without proper escaping. An attacker can inject arbitrary commands through these values in a malicious composer.json declaring a Perforce VCS repository, leading to command execution in the context of the user running Composer, even if Perforce is not installed. VCS repositories are only loaded from the root composer.json or the composer config directory, so this cannot be exploited through composer.json files of packages installed as dependencies. Users are at risk if they run Composer commands on untrusted projects with attacker-supplied composer.json files. This issue has been fixed in Composer 2.2.27 (2.2 LTS) and 2.9.6 (mainline).

Statistics

  • 1 Post
Last activity: 20 hours ago

Bluesky

Profile picture fallback
CyberVeille @cyberveille-ch.bsky.social
📢 PHP Composer : deux failles critiques permettent l'exécution de commandes via le pilote Perforce VCS 📝 ## 🗓️ Contexte Publié le … https://cyberveille.ch/posts/2026-04-19-php-composer-deux-failles-critiques-permettent-l-execution-de-commandes-via-le-pilote-perforce-vcs/ #CVE_2026_40176 #Cyberveille
  • 0
  • 0
  • 0
  • 20h ago

CVE-2026-32955

Overview

  • silex technology, Inc.
  • SD-330AC
20 Apr 2026
Published
20 Apr 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
0.04%
KEV

Description

SD-330AC and AMC Manager provided by silex technology, Inc. contain a stack-based buffer overflow vulnerability in processing the redirect URLs. Arbitrary code may be executed on the device.

Statistics

  • 1 Post
Last activity: 11 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

⚠️ CVE-2026-32955: HIGH severity stack-based buffer overflow in silex SD-330AC (≤v1.42). Attackers with low privileges can execute code via redirect URLs. Restrict access & monitor devices until patch is available. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 11h ago

CVE-2026-5963

Overview

  • Digiwin
  • EasyFlow .NET
20 Apr 2026
Published
20 Apr 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.08%
KEV

Description

EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

Statistics

  • 1 Post
Last activity: 6 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🚨 CRITICAL: SQL Injection (CVE-2026-5963) in Digiwin EasyFlow .NET (6.1.*, 6.6.*, 8.1.1) allows unauthenticated attackers DB access & control. No patch yet — restrict exposure & monitor closely. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 6h ago

CVE-2026-5964

Overview

  • Digiwin
  • EasyFlow .NET
20 Apr 2026
Published
20 Apr 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.08%
KEV

Description

EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

Statistics

  • 1 Post
Last activity: 8 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

⚠️ CVE-2026-5964: Digiwin EasyFlow .NET (6.1.*, 6.6.*, 8.1.1) has a CRITICAL SQL injection flaw. Unauthenticated attackers can access or alter DB data. Patch status unknown — check the vendor. Deploy WAFs & monitor activity! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 8h ago

CVE-2026-32956

Overview

  • silex technology, Inc.
  • SD-330AC
20 Apr 2026
Published
20 Apr 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.04%
KEV

Description

SD-330AC and AMC Manager provided by silex technology, Inc. contain a heap-based buffer overflow vulnerability in processing the redirect URLs. Arbitrary code may be executed on the device.

Statistics

  • 1 Post
Last activity: 12 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

⚠️ CRITICAL: CVE-2026-32956 — Heap buffer overflow in silex SD-330AC (≤v1.42) & AMC Manager. Remote code execution possible. No patch yet; restrict exposure, monitor advisories. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 12h ago

CVE-2019-1367

Overview

  • Microsoft
  • Internet Explorer 9
23 Sep 2019
Published
21 Oct 2025
Updated
CVSS
Pending
EPSS
89.25%
KEV

Description

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1221.

Statistics

  • 1 Post
Last activity: 21 hours ago

Fediverse

Profile picture fallback
Anthony Powell @ajguides

Microsoft Update causing Print Spooler Problems - CVE-2019-1367 | techygeekshome.info/cve-2019-1 #Microsoft #News #security #Updates #Windows 
techygeekshome.info/cve-2019-1

  • 0
  • 0
  • 0
  • 21h ago

CVE-2026-6296

Overview

  • Google
  • Chrome
15 Apr 2026
Published
16 Apr 2026
Updated
CVSS
Pending
EPSS
0.02%
KEV

Description

Heap buffer overflow in ANGLE in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Statistics

  • 1 Post
Last activity: 5 hours ago

Bluesky

Profile picture fallback
ケイ | 副業Webライター📖 @keiwork35.bsky.social
【脆弱性情報】 CVE-2026-6296 googleのchromeの脆弱性について Google Chrome 147.0.7727.101 より前のバージョンにおいて、ANGLE にヒープバッファオーバーフローの脆弱性が存在します。
  • 0
  • 0
  • 0
  • 5h ago

CVE-2026-34197

Overview

  • Apache Software Foundation
  • Apache ActiveMQ Broker
  • org.apache.activemq:activemq-broker
07 Apr 2026
Published
17 Apr 2026
Updated
CVSS
Pending
EPSS
46.64%
KEV

Description

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations on all ActiveMQ MBeans (org.apache.activemq:*), including BrokerService.addNetworkConnector(String) and BrokerService.addConnector(String). An authenticated attacker can invoke these operations with a crafted discovery URI that triggers the VM transport's brokerConfig parameter to load a remote Spring XML application context using ResourceXmlApplicationContext. Because Spring's ResourceXmlApplicationContext instantiates all singleton beans before the BrokerService validates the configuration, arbitrary code execution occurs on the broker's JVM through bean factory methods such as Runtime.exec(). This issue affects Apache ActiveMQ Broker: before 5.19.4, from 6.0.0 before 6.2.3; Apache ActiveMQ All: before 5.19.4, from 6.0.0 before 6.2.3; Apache ActiveMQ: before 5.19.4, from 6.0.0 before 6.2.3. Users are recommended to upgrade to version 5.19.4 or 6.2.3, which fixes the issue

Statistics

  • 1 Post
Last activity: 13 hours ago

Fediverse

Profile picture fallback
ThreatNoir @threatnoir

2026-W16 — Weekly Threat Roundup

🚨 Critical Apache ActiveMQ flaw (CVE-2026-34197) actively exploited after 13-year dormancy, now on CISA KEV catalog
🏛️ Operation PowerOFF dismantles 53 DDoS-for-hire domains, arrests 4, exposes 3M criminal accounts across 21 countries
🔍 Three Windows zero-days (BlueHammer, RedSun, UnDefend) acti…

threatnoir.com/weekly/2026-w16

  • 0
  • 0
  • 0
  • 13h ago

CVE-2026-6597

Overview

  • langflow-ai
  • langflow
20 Apr 2026
Published
20 Apr 2026
Updated
CVSS v4.0
MEDIUM (5.1)
EPSS
0.02%
KEV

Description

A weakness has been identified in langflow-ai langflow up to 1.8.3. Impacted is the function remove_api_keys/has_api_terms of the file src/backend/base/langflow/api/utils/core.py of the component Flow Using API. This manipulation causes unprotected storage of credentials. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post
Last activity: 14 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🛡️ CVE-2026-6597 (CVSS 5.1, MEDIUM): langflow-ai langflow v1.8.0 – 1.8.3 stores credentials without protection in Flow Using API. Public exploit available. Restrict access & rotate credentials until patched. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 14h ago

CVE-2026-1731

Overview

  • BeyondTrust
  • Remote Support(RS) & Privileged Remote Access(PRA)
06 Feb 2026
Published
26 Feb 2026
Updated
CVSS v4.0
CRITICAL (9.9)
EPSS
80.06%
KEV

Description

BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.

Statistics

  • 1 Post
Last activity: 17 hours ago

Bluesky

Profile picture fallback
CyberVeille @cyberveille-ch.bsky.social
📢 Exploitation active de Bomgar RMM via CVE-2026-1731 : déploiement de LockBit et accès MSP 📝 ## 🔍 Contexte Publié le 19 avril 2026 par Huntress, c… https://cyberveille.ch/posts/2026-04-19-exploitation-active-de-bomgar-rmm-via-cve-2026-1731-deploiement-de-lockbit-et-acces-msp/ #AnyDesk #Cyberveille
  • 0
  • 0
  • 0
  • 17h ago
Showing 11 to 20 of 36 CVEs