Overview
- ChurchCRM
- CRM
Description
Statistics
- 1 Post
Fediverse
⚠️ CRITICAL: ChurchCRM <7.2.0 vulnerable to RCE (CVE-2026-40484). Crafted backup restores allow webshell upload; CSRF flaw increases risk. Patch to 7.2.0+ now. Details: https://radar.offseq.com/threat/cve-2026-40484-cwe-269-improper-privilege-manageme-9bb4be14 #OffSeq #CVE202640484 #ChurchCRM #RCE
Overview
- Go standard library
- archive/tar
- archive/tar
Description
Statistics
- 1 Post
Overview
- HappySeaFox
- sail
Description
Statistics
- 1 Post
Fediverse
🚨 CVE-2026-40493: CRITICAL out-of-bounds write in HappySeaFox sail (<c930284445ea3ff94451ccd7a57c999eca3bc979) — Heap buffer overflow in PSD codec risks RCE & data loss. Patch ASAP: commit c930284445ea3ff94451ccd7a57c999eca3bc979. https://radar.offseq.com/threat/cve-2026-40493-cwe-787-out-of-bounds-write-in-happ-da0d28a1 #OffSeq #infosec #CVE202640493
Overview
Description
Statistics
- 1 Post
Overview
Description
Statistics
- 2 Posts
Bluesky
Overview
- Go standard library
- html/template
- html/template
Description
Statistics
- 1 Post
Overview
- MinecAnton209
- NovumOS
Description
Statistics
- 1 Post
Fediverse
🔍 CVE-2026-40317 (CRITICAL, CVSS 9.4): NovumOS < 0.24 allows local privilege escalation via unchecked entry point in Syscall 12. Patch to 0.24 ASAP or restrict syscalls to mitigate. Full details: https://radar.offseq.com/threat/cve-2026-40317-cwe-269-improper-privilege-manageme-d4098dd0 #OffSeq #Vuln #NovumOS #InfoSec
Overview
- Go standard library
- crypto/tls
- crypto/tls
Description
Statistics
- 1 Post
Overview
- ChurchCRM
- CRM
Description
Statistics
- 1 Post
Fediverse
🚨 CVE-2026-40582: ChurchCRM < 7.2.0 has a CRITICAL auth bypass (CVSS 9.1). /api/public/user/login lets attackers with a password skip lockout & 2FA to get API access. Upgrade to 7.2.0+ ASAP. https://radar.offseq.com/threat/cve-2026-40582-cwe-288-authentication-bypass-using-58dc9576 #OffSeq #ChurchCRM #CVE202640582 #infosec
Overview
- Horner Automation
- Cscape
Description
Statistics
- 1 Post
Fediverse
⚠️ CRITICAL: Horner Automation Cscape and XL4, XL7 PLC
Horner Automation Cscape v10.0, XL4 PLC v16.32.0, and XL7 PLC v15.60 contain a critical password brute-force vulnerability (CVE-2026-6284, CVSS 9.1) with no rate limiting. This affects manufacturing environments globally and allows unauthenticated network attackers to compromise PLCs controlling cr…