Overview
- WhatsApp for Android
01 May 2026
Published
01 May 2026
Updated
CVSS v3.1
MEDIUM (4.3)
EPSS
0.01%
KEV
Description
Incomplete validation of AI rich response messages for Instagram Reels in WhatsApp for iOS v2.25.8.0 to v2.26.15.72 and WhatsApp for Android v2.25.8.0 to v2.26.7.10 could have allowed a user to trigger processing of media content from an arbitrary URL on another user’s device, including triggering OS-controlled custom URL scheme handlers. We have not seen evidence of exploitation in the wild.
Statistics
- 2 Posts
- 5 Interactions
Last activity: 12 hours ago
Fediverse
#WhatsApp Vulnerability CVE-2026-23866 Lets Attackers Leverage Instagram Reels to Execute Malicious URLs:
👇
https://cybersecuritynews.com/whatsapp-vulnerability-leverage-instagram-reels/
Overview
Description
This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.
Statistics
- 2 Posts
- 3 Interactions
Last activity: 7 hours ago
Fediverse
Traefik v3.6.15 patches CVE-2026-41181 so update ASAP. Also includes ACME fixes, Kubernetes ExternalName service improvements, and an updated Errors middleware. Check the migration guide before upgrading. #selfhosted #homelab
Overview
Description
Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Statistics
- 1 Post
- 3 Interactions
Last activity: 3 hours ago
Fediverse
CVE-2026-34621: Una vulnerabilidad de tipo «zero-day» en Adobe Acrobat Reader permite la ejecución de código a través de archivos PDF maliciosos
https://blog.elhacker.net/2026/05/cve-2026-34621-una-vulnerabilidad-de.html
Overview
- GitHub
- Enterprise Server
10 Mar 2026
Published
29 Apr 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.30%
KEV
Description
An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an attacker with push access to a repository to achieve remote code execution on the instance. During a git push operation, user-supplied push option values were not properly sanitized before being included in internal service headers. Because the internal header format used a delimiter character that could also appear in user input, an attacker could inject additional metadata fields through crafted push option values. This vulnerability was reported via the GitHub Bug Bounty program and has been fixed in GitHub Enterprise Server versions 3.14.25, 3.15.20, 3.16.16, 3.17.13, 3.18.7 and 3.19.4.
Statistics
- 1 Post
- 2 Interactions
Last activity: 17 hours ago
Overview
- Oracle Corporation
- Oracle MCP Server Helper Tool product of Oracle Open Source Projects
05 May 2026
Published
05 May 2026
Updated
CVSS v3.1
HIGH (8.7)
EPSS
0.06%
KEV
Description
Vulnerability in the Oracle MCP Server Helper Tool product of Oracle Open Source Projects (component: helper tool). The supported versions that is affected is 1.0.1-1.0.156. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle MCP Server Helper Tool. Successful attacks of this vulnerability can result in Oracle MCP Server Helper Tool executing malicious SQL.
Statistics
- 1 Post
- 1 Interaction
Last activity: 13 hours ago
Overview
- cloudways
- Breeze Cache
23 Apr 2026
Published
23 Apr 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
13.13%
KEV
Description
The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetch_gravatar_from_remote' function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. The vulnerability can only be exploited if "Host Files Locally - Gravatars" is enabled, which is disabled by default.
Statistics
- 1 Post
- 1 Interaction
Last activity: 3 hours ago
Fediverse
Overview
Description
This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.
Statistics
- 1 Post
Last activity: 8 hours ago
Overview
Description
This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.
Statistics
- 1 Post
Last activity: Last hour
Overview
- Shenzhen Yipu Commercial and Trading Co., Ltd
- WDR201A WiFi Extender
04 May 2026
Published
04 May 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.21%
KEV
Description
WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the makeRequest.cgi binary that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the set_time or StartSniffer functions. Attackers can craft a POST request with specially crafted ampersand-delimited parameters to bypass input sanitization and execute commands with a maximum length of 31 bytes through the date command or channel parameter processing.
Statistics
- 1 Post
Last activity: 13 hours ago
Fediverse
🚨 CVE-2026-41924 (CRITICAL): OS command injection in WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) enables unauthenticated remote shell command execution. No patch yet — immediate isolation & monitoring advised. https://radar.offseq.com/threat/cve-2026-41924-improper-neutralization-of-special--62b0b2d6 #OffSeq #Vuln #IoTSecurity
Overview
- Microsoft
- Windows 10 Version 1607
10 Mar 2026
Published
14 Apr 2026
Updated
CVSS v3.1
HIGH (8.0)
EPSS
0.04%
KEV
Description
Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
Statistics
- 1 Post
Last activity: 6 hours ago