24h | 7d | 30d

Overview

  • SenseLive
  • X3050

23 Apr 2026
Published
24 Apr 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.09%

KEV

Description

A vulnerability in  SenseLive X3050’s web management interface allows unauthorized access to certain configuration endpoints due to improper access control enforcement. An attacker with network access to the device may be able to bypass the intended authentication mechanism and directly interact with sensitive configuration functions.

Statistics

  • 1 Post

Last activity: 20 hours ago

Fediverse

Profile picture fallback

🚨 CRITICAL: SenseLive X3050 v1.523 is vulnerable to authentication bypass (CVE-2026-40630) via alternate paths. No fix yet — restrict device network access and monitor closely. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 20h ago

Overview

  • Microsoft
  • Windows 10 Version 1607

10 Mar 2026
Published
14 Apr 2026
Updated

CVSS v3.1
HIGH (8.0)
EPSS
0.04%

KEV

Description

Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.

Statistics

  • 1 Post

Last activity: 23 hours ago

Bluesky

Profile picture fallback
🛡️ CVE-2026-25172: El 'Hotpatch' urgente de Microsoft para Windows 11 que debes aplicar ya (Sin reiniciar) www.newstecnicas.info.ve/2026/04/cve-...
  • 0
  • 0
  • 0
  • 23h ago

Overview

  • SenseLive
  • X3050

23 Apr 2026
Published
24 Apr 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.04%

KEV

Description

A vulnerability exists in SenseLive X3050’s web management interface in which password updates are not reliably applied due to improper handling of credential changes on the backend. After the device undergoes a factory restore using the SenseLive Config 2.0 tool, the interface may indicate that the password update was successful; however, the system may continue to accept the previous or default credentials, demonstrating that the password-change process is not consistently enforced. Even after a factory reset, attempted password changes may fail to propagate correctly.

Statistics

  • 1 Post

Last activity: 14 hours ago

Fediverse

Profile picture fallback

CVE-2026-39462 (CRITICAL): SenseLive X3050 V1.523 lets attackers bypass password changes after factory reset — device may accept old or default creds. No fix yet. Limit reliance on resets and monitor for updates. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 14h ago

Overview

  • Microsoft
  • Microsoft SharePoint Enterprise Server 2016

14 Apr 2026
Published
24 Apr 2026
Updated

CVSS v3.1
MEDIUM (6.5)
EPSS
7.94%

Description

Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

Statistics

  • 2 Posts

Last activity: 2 hours ago

Bluesky

Profile picture fallback
Más de 1,300 servidores SharePoint expuestos a la vulnerabilidad CVE-2026-32201 de abril Vía: @seguinfo.bsky.social
  • 0
  • 0
  • 1
  • 2h ago

Overview

  • DeltaWW
  • AS320T

24 Apr 2026
Published
24 Apr 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.04%

KEV

Description

Delta Electronics AS320T has denial of service via the undocumented subfunction vulnerability.

Statistics

  • 1 Post

Last activity: 11 hours ago

Fediverse

Profile picture fallback

⚠️ CRITICAL: CVE-2026-1952 in DeltaWW AS320T (CVSS 9.8) enables denial of service via hidden subfunction (CWE-912). Vendor patch is available for this cloud-hosted service — confirm your instance is protected. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 11h ago

Overview

  • marimo-team
  • marimo

09 Apr 2026
Published
24 Apr 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
45.53%

Description

marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSocket endpoints (e.g., /ws) that correctly call validate_auth() for authentication, the /terminal/ws endpoint only checks the running mode and platform support before accepting connections, completely skipping authentication verification. This vulnerability is fixed in 0.23.0.

Statistics

  • 1 Post

Last activity: 16 hours ago

Bluesky

Profile picture fallback
CISAが既知の悪用された脆弱性を1件カタログに追加 CISA Adds One Known Exploited Vulnerability to Catalog #CISA (Apr 23) CVE-2026-39987 Marimoのリモートコード実行の脆弱性 www.cisa.gov/news-events/...
  • 0
  • 0
  • 0
  • 16h ago

Overview

  • langflow-ai
  • langflow

26 Feb 2026
Published
28 Feb 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.23%

KEV

Description

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.8.0, the CSV Agent node in Langflow hardcodes `allow_dangerous_code=True`, which automatically exposes LangChain’s Python REPL tool (`python_repl_ast`). As a result, an attacker can execute arbitrary Python and OS commands on the server via prompt injection, leading to full Remote Code Execution (RCE). Version 1.8.0 fixes the issue.

Statistics

  • 1 Post

Last activity: Last hour

Fediverse

Profile picture fallback

The latest Metasploit Weekly Wrapup is here! Highlights include a new RCE exploit for Langflow (CVE-2026-27966), improved check method visibility with detailed reasoning, and updates for legacy SMB targets. Plus 3 other new modules!

Read more: rapid7.com/blog/post/pt-metasp

  • 0
  • 0
  • 0
  • Last hour

Overview

  • cloudways
  • Breeze Cache

23 Apr 2026
Published
23 Apr 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.06%

KEV

Description

The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetch_gravatar_from_remote' function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. The vulnerability can only be exploited if "Host Files Locally - Gravatars" is enabled, which is disabled by default.

Statistics

  • 1 Post

Last activity: 2 hours ago

Fediverse

Profile picture fallback

Hackers Take Advantage of File Upload Vulnerability in Breeze Cache Plugin for WordPress #wordpress

Urgent security update: Hackers are exploiting a file upload vulnerability in Breeze Cache for WordPress (CVE-2026-3844), risking remote code execution. Upgrade to Breeze Cache 2.4.5 now or disable the Host Files Locally – Gravatars option to mitigate. Details: ift.tt/ZoIb1XJ

Source: ift.tt/ZoIb1XJ | Image: ift.tt/dtFh1AJ

  • 0
  • 0
  • 0
  • 2h ago

Overview

  • axios
  • axios

10 Apr 2026
Published
16 Apr 2026
Updated

CVSS v3.1
MEDIUM (4.8)
EPSS
0.03%

KEV

Description

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.3.1, the Axios library is vulnerable to a specific "Gadget" attack chain that allows Prototype Pollution in any third-party dependency to be escalated into Remote Code Execution (RCE) or Full Cloud Compromise (via AWS IMDSv2 bypass). This vulnerability is fixed in 1.15.0 and 0.3.1.

Statistics

  • 1 Post

Last activity: 8 hours ago

Bluesky

Profile picture fallback
🔍 Lambda Watchdog detected that CVE-2026-40175 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/466 #AWS #Lambda #Security #CVE #DevOps #SecOps
  • 0
  • 0
  • 0
  • 8h ago

Overview

  • Microsoft
  • Windows 10 Version 1607

14 Apr 2026
Published
24 Apr 2026
Updated

CVSS v3.1
HIGH (7.1)
EPSS
0.08%

KEV

Description

Insufficient ui warning of dangerous operations in Windows Remote Desktop allows an unauthorized attacker to perform spoofing over a network.

Statistics

  • 2 Posts

Last activity: 10 hours ago

Fediverse

Profile picture fallback

Windows 11-Update KB5083769 schließt CVE-2026-26151, verschiebt aber bei Multi-Monitor-Setups die neue RDP-Warnung. Bei 100-125 Prozent Skalierung sind Buttons teils unbedienbar. #Windows11 #Patchday winfuture.de/news,158294.html?

  • 0
  • 0
  • 1
  • 10h ago
Showing 11 to 20 of 45 CVEs