24h | 7d | 30d

CVE-2026-6992

Overview

  • Linksys
  • MR9600
25 Apr 2026
Published
25 Apr 2026
Updated
CVSS v4.0
HIGH (8.6)
EPSS
0.12%
KEV

Description

A vulnerability was identified in Linksys MR9600 2.0.6.206937. This affects the function BTRequestGetSmartConnectStatus of the file /etc/init.d/run_central2.sh of the component JNAP Action Handler. The manipulation of the argument pin leads to os command injection. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post
Last activity: 21 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🚨 HIGH severity (CVSS 8.6) OS command injection in Linksys MR9600 (2.0.6.206937) — CVE-2026-6992. Remote attackers can gain control via the 'pin' argument. Exploit is public, no fix yet. Restrict remote access & monitor closely. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 21h ago

CVE-2025-3887

Overview

  • GStreamer
  • GStreamer
22 May 2025
Published
17 Jun 2025
Updated
CVSS v3.0
HIGH (8.8)
EPSS
1.62%
KEV

Description

GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of H265 slice headers. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26596.

Statistics

  • 2 Posts
Last activity: 3 hours ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
There is a buffer overflow in Ubuntu's H.265 parser (CVE-2025-3887). Yes, your video player can be hacked. Read more-> tinyurl.com/yjxk8wek #Ubuntu
  • 0
  • 0
  • 1
  • 3h ago

CVE-2026-23456

Overview

  • Linux
  • Linux
03 Apr 2026
Published
18 Apr 2026
Updated
CVSS
Pending
EPSS
0.03%
KEV

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_h323: fix OOB read in decode_int() CONS case In decode_int(), the CONS case calls get_bits(bs, 2) to read a length value, then calls get_uint(bs, len) without checking that len bytes remain in the buffer. The existing boundary check only validates the 2 bits for get_bits(), not the subsequent 1-4 bytes that get_uint() reads. This allows a malformed H.323/RAS packet to cause a 1-4 byte slab-out-of-bounds read. Add a boundary check for len bytes after get_bits() and before get_uint().

Statistics

  • 1 Post
Last activity: 5 hours ago

Fediverse

Profile picture fallback
CyberNetsecIO @netsecio

📰 Log4j Deja Vu: Critical RCE Flaw in 'LogSpresso' Library Averts Major Supply Chain Crisis

🚨 A Log4j-style crisis averted! A critical 10.0 CVSS RCE flaw, CVE-2026-23456, was found in the popular 'LogSpresso' Java library. 😱 Patch released before wild exploitation. Update to version 3.5.1 NOW! #LogSpresso #Vulnerability #SupplyChain #Java

🔗 cybernetsec.io

  • 0
  • 0
  • 0
  • 5h ago

CVE-2026-7101

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
Last activity: 10 hours ago

Fediverse

Profile picture fallback
DragonJAR @dragonjar

CISA revela vulnerabilidades críticas en SimpleHelp, Samsung, D-Link y router Tenda F456 que amenazan infraestructuras y redes; agencias internacionales alertan sobre redes encubiertas vinculadas al gobierno chino; riesgos de inteligencia artificial mal gestionada comprometen equipos; ataques físicos a criptoinversionistas exigen mayor protección. Descubre estos y más detalles en el siguiente listado de noticias sobre seguridad informática:

🗞️ ÚLTIMAS NOTICIAS EN SEGURIDAD INFORMÁTICA 🔒
====| 🔥 LO QUE DEBES SABER HOY 26/04/26 📆 |====

🔐 CISA INCLUYE VULNERABILIDADES CRÍTICAS DE SIMPLEHELP, SAMSUNG Y D-LINK

La Agencia de Ciberseguridad y Seguridad de Infraestructuras de Estados Unidos (CISA) ha actualizado su catálogo de vulnerabilidades explotadas con fallas identificadas en productos de SimpleHelp, Samsung y D-Link. Estas vulnerabilidades representan riesgos reales de intrusión y explotación activa, por lo que es crucial mantener actualizados los sistemas afectados y aplicar las medidas de mitigación recomendadas para proteger infraestructuras críticas y dispositivos personales. Conoce los detalles para fortalecer tu defensa. Descubre más sobre estas vulnerabilidades y cómo protegerte aquí 👉 djar.co/eh2JK

🛡️ PRINCIPALES AGENCIAS ALERTAN SOBRE REDES ENCUBIERTAS VINCULADAS AL GOBIERNO CHINO

Las autoridades de ciberseguridad internacionales, incluyendo la CISA de EE.UU. y el NCSC del Reino Unido, han emitido advertencias sobre redes encubiertas relacionadas con el gobierno chino que operan para comprometer sistemas y recopilar información sensible. Estas campañas sofisticadas representan una amenaza constante para gobiernos, empresas y usuarios particulares. Es fundamental conocer las tácticas usadas y aplicar las recomendaciones para detectar y defenderse de estas amenazas avanzadas. Infórmate aquí para blindar tus sistemas y datos 👉 djar.co/nUFGqe

🧠 CÓMO LA INTELIGENCIA ARTIFICIAL PUEDE PONER EN RIESGO TU EQUIPO

El creciente uso de la inteligencia artificial trae beneficios, pero también riesgos importantes para la seguridad informática. Esta guía revela cómo el abuso o mal uso de herramientas basadas en IA puede comprometer la estabilidad y seguridad de tu ordenador, desde la ejecución de código malicioso hasta la exposición de datos sensibles sin protección adecuada. Aprender a utilizar la IA de forma responsable es clave para evitar vulnerabilidades inadvertidas. Protege tu equipo con estos consejos esenciales 👉 djar.co/XfVu

📂 BASE DE DATOS COMPLETA DE ATAQUES FÍSICOS CONTRA TITULARES DE BITCOIN Y CRIPTOACTIVOS

Se ha compilado una base de datos exhaustiva que documenta ataques físicos conocidos contra poseedores de Bitcoin y otros activos digitales alrededor del mundo. Esta información es vital para entender las estrategias de los atacantes y reforzar las medidas de seguridad física y digital que protegen las inversiones en criptomonedas. Si manejas criptoactivos, conoce estas amenazas para anticiparte y minimizar riesgos. Explora la base de datos y eleva tu seguridad ahora 👉 djar.co/ZMPKVU

🚨 VULNERABILIDAD CRÍTICA EN ROUTER TENDA F456: DESBORDAMIENTO DE BÚFER DETECTADO

Se ha reportado la vulnerabilidad CVE-2026-7101 en el modelo Tenda F456 (versión 1.0.0.5), que permite un desbordamiento de búfer en el componente httpd WrlclientSet, poniendo en peligro la integridad del dispositivo y la red asociada. Este fallo puede ser explotado para comprometer el router y obtener acceso no autorizado. Se recomienda actualizar el firmware inmediatamente y revisar la configuración de seguridad. Consulta aquí los detalles técnicos y medidas de mitigación 👉 djar.co/yGAUh

📰 NUEVA EDICIÓN DEL BOLETÍN ‘SEGURIDAD EN ASUNTOS INTERNACIONALES’ CON LOS MEJORES ARTÍCULOS SEMANALES

Pierluigi Paganini presenta una nueva entrega semanal con análisis, informes y tendencias en seguridad informática, reuniendo las noticias más relevantes para mantenerte informado sobre las últimas amenazas, vulnerabilidades y soluciones en el mundo de la ciberseguridad. Leer este boletín te permitirá tomar decisiones mejor fundamentadas para proteger tus activos digitales. No te pierdas la selección exclusiva de esta semana 👉 djar.co/ZDeXt

  • 0
  • 0
  • 0
  • 10h ago

CVE-2026-33626

Overview

  • InternLM
  • lmdeploy
20 Apr 2026
Published
21 Apr 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.04%
KEV

Description

LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-Side Request Forgery (SSRF) vulnerability in LMDeploy's vision-language module. The `load_image()` function in `lmdeploy/vl/utils.py` fetches arbitrary URLs without validating internal/private IP addresses, allowing attackers to access cloud metadata services, internal networks, and sensitive resources. Version 0.12.3 patches the issue.

Statistics

  • 1 Post
Last activity: 14 hours ago

Bluesky

Profile picture fallback
Philippe Vynckier @pvynckier.bsky.social
LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure thehackernews.com/2026/04/lmde...
  • 0
  • 0
  • 0
  • 14h ago

CVE-2026-7026

Overview

  • D-Link
  • DGS-3420
26 Apr 2026
Published
26 Apr 2026
Updated
CVSS v4.0
MEDIUM (6.8)
EPSS
0.04%
KEV

Description

A vulnerability was determined in D-Link DGS-3420 1.50.018. This issue affects some unknown processing of the component System Information Settings Page. This manipulation of the argument System Name causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.

Statistics

  • 1 Post
Last activity: 13 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

MEDIUM severity alert: CVE-2026-7026 in D-Link DGS-3420 v1.50.018 allows remote XSS via System Info Settings Page. Exploit is public. Assess your devices and monitor for abuse. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 13h ago

CVE-2026-42255

Overview

  • Technitium
  • DnsServer
26 Apr 2026
Published
26 Apr 2026
Updated
CVSS v3.1
HIGH (7.2)
EPSS
0.03%
KEV

Description

Technitium DNS Server before 15.0 allows DNS traffic amplification via cyclic name server delegation.

Statistics

  • 1 Post
Last activity: 16 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

⚠️ CVE-2026-42255 (HIGH): Technitium DNS Server <15.0 is vulnerable to DNS amplification via cyclic delegation (CWE-684). No patch yet — monitor DNS traffic & apply filtering. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 16h ago

CVE-2026-7015

Overview

  • MaxSite
  • CMS
26 Apr 2026
Published
26 Apr 2026
Updated
CVSS v4.0
MEDIUM (4.8)
EPSS
0.03%
KEV

Description

A vulnerability has been found in MaxSite CMS up to 109.3. This issue affects some unknown processing of the component Guestbook Plugin. Such manipulation of the argument f_text/f_slug/f_limit/f_email leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 109.4 is capable of addressing this issue. The name of the patch is 8a3946bd0a54bfb72a4d57179fcd253f2c550cd7. It is suggested to upgrade the affected component. The vendor was informed early about this issue. They classify it as a "Self-XSS". They deployed a countermeasure: "Nevertheless, we consider this a violation of secure coding standards. The lack of filtering via `htmlspecialchars()` has already been fixed in the latest patch to prevent incorrect data display."

Statistics

  • 1 Post
Last activity: 18 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

⚠️ CVE-2026-7015: MEDIUM XSS in MaxSite CMS (109.0 – 109.3) via Guestbook Plugin. Exploit public — remote attackers can target f_text/f_slug/f_limit/f_email. Patch in 109.4 (8a3946bd...). Upgrade now. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 18h ago

CVE-2026-7028

Overview

  • CodeAstro
  • Online Job Portal
26 Apr 2026
Published
26 Apr 2026
Updated
CVSS v4.0
MEDIUM (5.1)
EPSS
0.01%
KEV

Description

A security flaw has been discovered in CodeAstro Online Job Portal 1.0. The affected element is an unknown function of the file /admin/jobs-admins/delete-jobs.php of the component All Jobs Page. Performing a manipulation of the argument ID results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks.

Statistics

  • 1 Post
Last activity: 12 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

MEDIUM severity: CVE-2026-7028 impacts CodeAstro Online Job Portal 1.0. SQL injection possible via /admin/jobs-admins/delete-jobs.php (ID param). Exploit is public — monitor for attacks and restrict access! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 12h ago

CVE-2026-21876

Overview

  • coreruleset
  • coreruleset
08 Jan 2026
Published
09 Apr 2026
Updated
CVSS v3.1
CRITICAL (9.3)
EPSS
0.07%
KEV

Description

The OWASP core rule set (CRS) is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when processing multipart requests with multiple parts. When the first rule in a chain iterates over a collection (like `MULTIPART_PART_HEADERS`), the capture variables (`TX:0`, `TX:1`) get overwritten with each iteration. Only the last captured value is available to the chained rule, which means malicious charsets in earlier parts can be missed if a later part has a legitimate charset. Versions 4.22.0 and 3.3.8 patch the issue.

Statistics

  • 1 Post
Last activity: 13 hours ago

Bluesky

Profile picture fallback
r/blueteamsec bot @r-blueteamsec.bsky.social
MOVEit WAF Critical Security Bulletin – April 2026 – (CVE-2026-3517, CVE-2026-3518, CVE-2026-3519, CVE-2026-4048, CVE-2026-21876)
  • 0
  • 0
  • 0
  • 13h ago
Showing 11 to 20 of 24 CVEs