24h | 7d | 30d

Overview

  • Unisoc (Shanghai) Technologies Co., Ltd.
  • T8100/T9100/T8200/T8300

09 Mar 2026
Published
09 Mar 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.16%

KEV

Description

In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 14 hours ago

Bluesky

Profile picture fallback
📌 CVE-2025-61613 - In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional executi... https://www.cyberhub.blog/cves/CVE-2025-61613
  • 0
  • 1
  • 0
  • 14h ago

Overview

  • itsourcecode
  • University Management System

08 Mar 2026
Published
08 Mar 2026
Updated

CVSS v4.0
MEDIUM (6.9)
EPSS
0.02%

KEV

Description

A weakness has been identified in itsourcecode University Management System 1.0. Impacted is an unknown function of the file /admin_search_student.php. This manipulation of the argument admin_search_student causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 7 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-3740 - A weakness has been identified in itsourcecode University Management System 1.0. Impacted is an unknown function of the file /admin_search_student.php... https://www.cyberhub.blog/cves/CVE-2026-3740
  • 0
  • 1
  • 0
  • 7h ago

Overview

  • themeum
  • Tutor LMS Pro

10 Mar 2026
Published
10 Mar 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.04%

KEV

Description

The Tutor LMS Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.9.5 via the Social Login addon. This is due to the plugin failing to verify that the email provided in the authentication request matches the email from the validated OAuth token. This makes it possible for unauthenticated attackers to log in as any existing user, including administrators, by supplying a valid OAuth token from their own account along with the victim's email address.

Statistics

  • 1 Post

Last activity: 12 hours ago

Fediverse

Profile picture fallback

🚨 CRITICAL: CVE-2026-0953 impacts all versions of themeum Tutor LMS Pro for WordPress. Flawed Social Login lets attackers bypass authentication using valid OAuth tokens + victim’s email. Admin accounts at risk. Patch or restrict access! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 12h ago

Overview

  • chartbrew
  • chartbrew

06 Mar 2026
Published
06 Mar 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
0.23%

KEV

Description

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, there is a remote code execution vulnerability via a vulnerable API. This issue has been patched in version 4.8.1.

Statistics

  • 1 Post

Last activity: 3 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-25888 - Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1,... https://www.cyberhub.blog/cves/CVE-2026-25888
  • 0
  • 0
  • 0
  • 3h ago

Overview

  • Pending

18 Dec 2023
Published
04 Nov 2025
Updated

CVSS
Pending
EPSS
57.86%

KEV

Description

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.

Statistics

  • 1 Post

Last activity: 15 hours ago

Bluesky

Profile picture fallback
Paloaltoの脆弱性情報 「CVE-2023-48795 Impact of Terrapin SSH Attack (Severity: MEDIUM)」が公開されました。 → https://security.paloaltonetworks.com/CVE-2023-48795
  • 0
  • 0
  • 0
  • 15h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post

Last activity: 2 hours ago

Bluesky

Profile picture fallback
Zoomに、Highの脆弱性情報 ZSB-26002 が公開されました。 「CVE-2026-30900 : Zoom Workplace Clients for Windows - Improper Check」 CVSSv3: 7.8 → https://www.zoom.com/en/trust/security-bulletin/ZSB-26002/
  • 0
  • 0
  • 0
  • 2h ago

Overview

  • projectworlds
  • Online Art Gallery Shop

08 Mar 2026
Published
08 Mar 2026
Updated

CVSS v4.0
MEDIUM (6.9)
EPSS
0.02%

KEV

Description

A weakness has been identified in projectworlds Online Art Gallery Shop 1.0. Affected by this issue is some unknown functionality of the file /admin/adminHome.php. This manipulation of the argument Info causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.

Statistics

  • 1 Post

Last activity: 9 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-3758 - A weakness has been identified in projectworlds Online Art Gallery Shop 1.0. Affected by this issue is some unknown functionality of the file /admin/a... https://www.cyberhub.blog/cves/CVE-2026-3758
  • 0
  • 0
  • 0
  • 9h ago

Overview

  • Tenda
  • F453

08 Mar 2026
Published
08 Mar 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.08%

KEV

Description

A vulnerability was detected in Tenda F453 1.0.0.3. Affected by this issue is the function WrlclientSet of the file /goform/WrlclientSet. The manipulation of the argument GO results in stack-based buffer overflow. The attack can be executed remotely. The exploit is now public and may be used.

Statistics

  • 1 Post

Last activity: 21 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-3769 - A vulnerability was detected in Tenda F453 1.0.0.3. Affected by this issue is the function WrlclientSet of the file /goform/WrlclientSet. The manipula... https://www.cyberhub.blog/cves/CVE-2026-3769
  • 0
  • 0
  • 0
  • 21h ago

Overview

  • exiftool

24 Feb 2026
Published
27 Feb 2026
Updated

CVSS v4.0
MEDIUM (5.3)
EPSS
0.20%

KEV

Description

A vulnerability was determined in exiftool up to 13.49 on macOS. This issue affects the function SetMacOSTags of the file lib/Image/ExifTool/MacOS.pm of the component PNG File Parser. This manipulation of the argument DateTimeOriginal causes os command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 13.50 is capable of addressing this issue. Patch name: e9609a9bcc0d32bd252a709a562fb822d6dd86f7. Upgrading the affected component is recommended.

Statistics

  • 1 Post

Last activity: 20 hours ago

Fediverse

Profile picture fallback

La vulnerabilidad de ExifTool: cómo una imagen puede infectar los sistemas macOS

Vía: @kasperskyes

kaspersky.es/blog/exiftool-mac

  • 0
  • 0
  • 0
  • 20h ago

Overview

  • Unknown
  • Court Reservation

10 Mar 2026
Published
10 Mar 2026
Updated

CVSS
Pending
EPSS
0.00%

KEV

Description

The Court Reservation WordPress plugin before 1.10.9 does not have CSRF check in place when deleting events, which could allow attackers to make a logged in admin delete them via a CSRF attack

Statistics

  • 1 Post

Last activity: 10 hours ago

Fediverse

Profile picture fallback

🔒 CVE-2026-1508 (HIGH): Court Reservation WordPress plugin <1.10.9 has a CSRF flaw — admins can be tricked into deleting events via crafted requests. No live exploits yet. Update ASAP or add nonce checks! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 10h ago
Showing 11 to 20 of 119 CVEs