‼️ CISA added one more vulnerability to the KEV Catalog today...

CVE-2025-40536: SolarWinds Web Help Desk Security Control Bypass Vulnerability: SolarWinds Web Help Desk contains a security control bypass vulnerability that could allow an unauthenticated attacker to gain access to certain restricted functionality.

🔎 CVE-2026-26234 (HIGH): JUNG Smart Visu Server (v1.0.830 – 1.1.1050) allows unauthenticated X-Forwarded-Host header injection — leads to cache poisoning, phishing, and redirects. Patch when available, restrict access, monitor logs. https://radar.offseq.com/threat/cve-2026-26234-improper-neutralization-of-http-hea-13dc0f5b #OffSeq #Vuln #IoT

Traefik v3.6.8 just dropped! Crucial security update fixing CVE-2026-25949 is LIVE. Plus, enjoy smoother ACME certs, stronger healthchecks, & better TLS stability. Upgrade now!

More info: https://github.com/traefik/traefik/releases/tag/v3.6.8

#selfhosted #homelab

🚨 CVE-2026-20617 (CRITICAL): Race condition lets malicious apps escalate to root on macOS & Apple OS. No exploits in the wild yet — patch to Sonoma 14.8.4, Tahoe 26.3 ASAP! https://radar.offseq.com/threat/cve-2026-20617-an-app-may-be-able-to-gain-root-pri-42394d40 #OffSeq #macOS #Apple #Infosec #CVE202620617

2026-01-14: The Day the telnet Died

"On January 14, 2026, global telnet traffic observed by GreyNoise sensors fell off a cliff. A 59% sustained reduction, eighteen ASNs going completely silent, five countries vanishing from our data entirely. Six days later, CVE-2026-24061 dropped. Coincidence is one explanation."

Link: https://www.labs.greynoise.io/grimoire/2026-02-10-telnet-falls-silent/

#linkdump #blogpost #filtering #internet #iso #security #telnet

CVE-2026-26215: CRITICAL RCE in zyddnys manga-image-translator (beta-0.3 & earlier). Unauthenticated attackers can exploit unsafe pickle.loads() in FastAPI endpoints to execute code. Disable endpoints & monitor for threats! https://radar.offseq.com/threat/cve-2026-26215-cwe-502-deserialization-of-untruste-e3572f04 #OffSeq #CVE202626215 #infosec

⚠️ CVE-2026-25676: HIGH-severity DLL search path vuln in M-Audio M-Track Duo HD v1.0.0 installer. Local attackers can hijack DLLs to run code as admin. Restrict installer use, monitor for patches! https://radar.offseq.com/threat/cve-2026-25676-uncontrolled-search-path-element-in-108bd32e #OffSeq #Vulnerability #Infosec #CVE2026_25676

⚠️ CRITICAL RCE (CVE-2026-26216) in Crawl4AI <0.8.0: /crawl endpoint allows unauthenticated Python code injection via exec(), enabling server takeover & lateral movement. Restrict access, monitor activity, upgrade ASAP. https://radar.offseq.com/threat/cve-2026-26216-cwe-94-improper-control-of-generati-09f71e54 #OffSeq #CVE202626216 #infosec #RCE

✨ #Cve-2020-37178: Denial-of-Service-Schwachstelle in #Keepass
Eine Code-Injection-Schwachstelle im Hilfesystem der Passwort-Manager-Software kann zu Anwendungsabstürzen führen, stellt jedoch ein moderates Risiko dar.

🔗 https://p4u.xyz/ID_N29YJ_DS/1 (🇩🇪🇺🇸🇫🇷)

#Cybersecurity #Security #Threatintel #Osint #Alert #Bot

✨ #Cve-2020-37178: A Denial-of-Service Threat to #Keepass
A high-severity code injection flaw in #Keepass's help system, while not actively exploited, presents a tangible risk of application crashes and workflow disruption through crafted HTML content.

🔗 https://p4u.xyz/ID_N29YJ_DS/1 (🇩🇪🇺🇸🇫🇷)

#Cybersecurity #Security #Threatintel #Osint #Alert #Bot