24h | 7d | 30d

CVE-2026-40630

Overview

  • SenseLive
  • X3050
23 Apr 2026
Published
24 Apr 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.09%
KEV

Description

A vulnerability in  SenseLive X3050’s web management interface allows unauthorized access to certain configuration endpoints due to improper access control enforcement. An attacker with network access to the device may be able to bypass the intended authentication mechanism and directly interact with sensitive configuration functions.

Statistics

  • 1 Post
Last activity: 20 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🚨 CRITICAL: SenseLive X3050 v1.523 is vulnerable to authentication bypass (CVE-2026-40630) via alternate paths. No fix yet — restrict device network access and monitor closely. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 20h ago

CVE-2026-25172

Overview

  • Microsoft
  • Windows 10 Version 1607
10 Mar 2026
Published
14 Apr 2026
Updated
CVSS v3.1
HIGH (8.0)
EPSS
0.04%
KEV

Description

Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.

Statistics

  • 1 Post
Last activity: 23 hours ago

Bluesky

Profile picture fallback
NEWSTECNICAS | Tecnología , IA y Gaming @newstecnicas.info.ve
🛡️ CVE-2026-25172: El 'Hotpatch' urgente de Microsoft para Windows 11 que debes aplicar ya (Sin reiniciar) www.newstecnicas.info.ve/2026/04/cve-...
  • 0
  • 0
  • 0
  • 23h ago

CVE-2026-39462

Overview

  • SenseLive
  • X3050
23 Apr 2026
Published
24 Apr 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.04%
KEV

Description

A vulnerability exists in SenseLive X3050’s web management interface in which password updates are not reliably applied due to improper handling of credential changes on the backend. After the device undergoes a factory restore using the SenseLive Config 2.0 tool, the interface may indicate that the password update was successful; however, the system may continue to accept the previous or default credentials, demonstrating that the password-change process is not consistently enforced. Even after a factory reset, attempted password changes may fail to propagate correctly.

Statistics

  • 1 Post
Last activity: 14 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

CVE-2026-39462 (CRITICAL): SenseLive X3050 V1.523 lets attackers bypass password changes after factory reset — device may accept old or default creds. No fix yet. Limit reliance on resets and monitor for updates. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 14h ago

CVE-2026-32201

Overview

  • Microsoft
  • Microsoft SharePoint Enterprise Server 2016
14 Apr 2026
Published
24 Apr 2026
Updated
CVSS v3.1
MEDIUM (6.5)
EPSS
7.94%
KEV

Description

Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

Statistics

  • 2 Posts
Last activity: 2 hours ago

Bluesky

Profile picture fallback
Dragster Systems @dragstersystems.bsky.social
Más de 1,300 servidores SharePoint expuestos a la vulnerabilidad CVE-2026-32201 de abril Vía: @seguinfo.bsky.social
  • 0
  • 0
  • 1
  • 2h ago

CVE-2026-1952

Overview

  • DeltaWW
  • AS320T
24 Apr 2026
Published
24 Apr 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.04%
KEV

Description

Delta Electronics AS320T has denial of service via the undocumented subfunction vulnerability.

Statistics

  • 1 Post
Last activity: 11 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

⚠️ CRITICAL: CVE-2026-1952 in DeltaWW AS320T (CVSS 9.8) enables denial of service via hidden subfunction (CWE-912). Vendor patch is available for this cloud-hosted service — confirm your instance is protected. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 11h ago

CVE-2026-39987

Overview

  • marimo-team
  • marimo
09 Apr 2026
Published
24 Apr 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
45.53%
KEV

Description

marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSocket endpoints (e.g., /ws) that correctly call validate_auth() for authentication, the /terminal/ws endpoint only checks the running mode and platform support before accepting connections, completely skipping authentication verification. This vulnerability is fixed in 0.23.0.

Statistics

  • 1 Post
Last activity: 16 hours ago

Bluesky

Profile picture fallback
キタきつね @kitafox.bsky.social
CISAが既知の悪用された脆弱性を1件カタログに追加 CISA Adds One Known Exploited Vulnerability to Catalog #CISA (Apr 23) CVE-2026-39987 Marimoのリモートコード実行の脆弱性 www.cisa.gov/news-events/...
  • 0
  • 0
  • 0
  • 16h ago

CVE-2026-27966

Overview

  • langflow-ai
  • langflow
26 Feb 2026
Published
28 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.23%
KEV

Description

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.8.0, the CSV Agent node in Langflow hardcodes `allow_dangerous_code=True`, which automatically exposes LangChain’s Python REPL tool (`python_repl_ast`). As a result, an attacker can execute arbitrary Python and OS commands on the server via prompt injection, leading to full Remote Code Execution (RCE). Version 1.8.0 fixes the issue.

Statistics

  • 1 Post
Last activity: Last hour

Fediverse

Profile picture fallback
Metasploit @metasploit

The latest Metasploit Weekly Wrapup is here! Highlights include a new RCE exploit for Langflow (CVE-2026-27966), improved check method visibility with detailed reasoning, and updates for legacy SMB targets. Plus 3 other new modules!

Read more: rapid7.com/blog/post/pt-metasp

  • 0
  • 0
  • 0
  • Last hour

CVE-2026-3844

Overview

  • cloudways
  • Breeze Cache
23 Apr 2026
Published
23 Apr 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.06%
KEV

Description

The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetch_gravatar_from_remote' function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. The vulnerability can only be exploited if "Host Files Locally - Gravatars" is enabled, which is disabled by default.

Statistics

  • 1 Post
Last activity: 2 hours ago

Fediverse

Profile picture fallback
RS Web Solutions (RSWEBSOLS) @rswebsols

Hackers Take Advantage of File Upload Vulnerability in Breeze Cache Plugin for WordPress #wordpress

Urgent security update: Hackers are exploiting a file upload vulnerability in Breeze Cache for WordPress (CVE-2026-3844), risking remote code execution. Upgrade to Breeze Cache 2.4.5 now or disable the Host Files Locally – Gravatars option to mitigate. Details: ift.tt/ZoIb1XJ

Source: ift.tt/ZoIb1XJ | Image: ift.tt/dtFh1AJ

  • 0
  • 0
  • 0
  • 2h ago

CVE-2026-40175

Overview

  • axios
  • axios
10 Apr 2026
Published
16 Apr 2026
Updated
CVSS v3.1
MEDIUM (4.8)
EPSS
0.03%
KEV

Description

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.3.1, the Axios library is vulnerable to a specific "Gadget" attack chain that allows Prototype Pollution in any third-party dependency to be escalated into Remote Code Execution (RCE) or Full Cloud Compromise (via AWS IMDSv2 bypass). This vulnerability is fixed in 1.15.0 and 0.3.1.

Statistics

  • 1 Post
Last activity: 8 hours ago

Bluesky

Profile picture fallback
Lambda Watchdog @lambdawatchdog.bsky.social
🔍 Lambda Watchdog detected that CVE-2026-40175 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/466 #AWS #Lambda #Security #CVE #DevOps #SecOps
  • 0
  • 0
  • 0
  • 8h ago

CVE-2026-26151

Overview

  • Microsoft
  • Windows 10 Version 1607
14 Apr 2026
Published
24 Apr 2026
Updated
CVSS v3.1
HIGH (7.1)
EPSS
0.08%
KEV

Description

Insufficient ui warning of dangerous operations in Windows Remote Desktop allows an unauthorized attacker to perform spoofing over a network.

Statistics

  • 2 Posts
Last activity: 10 hours ago

Fediverse

Profile picture fallback
WinFuture.de @WinFuture

Windows 11-Update KB5083769 schließt CVE-2026-26151, verschiebt aber bei Multi-Monitor-Setups die neue RDP-Warnung. Bei 100-125 Prozent Skalierung sind Buttons teils unbedienbar. #Windows11 #Patchday winfuture.de/news,158294.html?

  • 0
  • 0
  • 1
  • 10h ago
Showing 11 to 20 of 45 CVEs