24h | 7d | 30d

CVE-2026-5614

Overview

  • Belkin
  • F9K1015
06 Apr 2026
Published
06 Apr 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
Pending
KEV

Description

A security flaw has been discovered in Belkin F9K1015 1.00.10. Impacted is the function formSetPassword of the file /goform/formSetPassword. The manipulation of the argument webpage results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post
Last activity: Last hour

Fediverse

Profile picture fallback
OffSequence @offseq

🔒 HIGH-severity stack buffer overflow in Belkin F9K1015 (v1.00.10) — CVE-2026-5614. Public exploit, no patch, vendor silent. Disable remote access, restrict device exposure. Stay vigilant! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • Last hour

CVE-2026-5605

Overview

  • Tenda
  • CH22
05 Apr 2026
Published
05 Apr 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
Pending
KEV

Description

A weakness has been identified in Tenda CH22 1.0.0.1. This affects the function formWrlExtraSet of the file /goform/WrlExtraSet. Executing a manipulation of the argument GO can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.

Statistics

  • 1 Post
Last activity: 4 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🚨 HIGH severity: CVE-2026-5605 in Tenda CH22 v1.0.0.1 — stack-based buffer overflow in /goform/WrlExtraSet. No patch yet. Restrict remote access & monitor for threats. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 4h ago

CVE-2026-5550

Overview

  • Tenda
  • AC10
05 Apr 2026
Published
05 Apr 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.05%
KEV

Description

A vulnerability was identified in Tenda AC10 16.03.10.10_multi_TDE01. This affects the function fromSysToolChangePwd of the file /bin/httpd. The manipulation leads to stack-based buffer overflow. The attack may be initiated remotely. Multiple endpoints might be affected.

Statistics

  • 1 Post
Last activity: 19 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🔎 HIGH severity: Tenda AC10 (v16.03.10.10_multi_TDE01) has a stack buffer overflow (CVE-2026-5550) in /bin/httpd. Remote code execution possible. No patch yet — restrict remote mgmt & monitor closely. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 19h ago

CVE-2026-5544

Overview

  • UTT
  • HiPER 1250GW
05 Apr 2026
Published
05 Apr 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.04%
KEV

Description

A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. The impacted element is an unknown function of the file /goform/formRemoteControl. The manipulation of the argument Profile results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.

Statistics

  • 1 Post
Last activity: 22 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🔎 CVE-2026-5544: HIGH severity stack overflow in UTT HiPER 1250GW (≤ v3.2.7-210907-180535). Remote, no auth needed. Public exploit code available — restrict network access & monitor vendor alerts. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 22h ago

CVE-2026-21858

Overview

  • n8n-io
  • n8n
07 Jan 2026
Published
12 Jan 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
5.75%
KEV

Description

n8n is an open source workflow automation platform. Versions starting with 1.65.0 and below 1.121.0 enable an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker, resulting in exposure of sensitive information stored on the system and may enable further compromise depending on deployment configuration and workflow usage. This issue is fixed in version 1.121.0.

Statistics

  • 1 Post
Last activity: 21 hours ago

Bluesky

Profile picture fallback
r/netsec bot @r-netsec.bsky.social
Ni8mare  -  Unauthenticated Remote Code Execution in n8n (CVE-2026-21858)
  • 0
  • 0
  • 0
  • 21h ago

CVE-2026-5558

Overview

  • PHPGurukul
  • PHPGurukul Online Shopping Portal Project
05 Apr 2026
Published
05 Apr 2026
Updated
CVSS v4.0
MEDIUM (5.3)
EPSS
0.03%
KEV

Description

A flaw has been found in PHPGurukul PHPGurukul Online Shopping Portal Project up to 2.1. Impacted is an unknown function of the file /pending-orders.php of the component Parameter Handler. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used.

Statistics

  • 1 Post
Last activity: 18 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

⚠️ MEDIUM risk: CVE-2026-5558 allows SQL injection in PHPGurukul Online Shopping Portal (v2.0, 2.1) via /pending-orders.php. Exploit is public. Review your instances & restrict access if needed. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 18h ago

CVE-2025-14847

Overview

  • MongoDB Inc.
  • MongoDB Server
19 Dec 2025
Published
26 Feb 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
75.00%
KEV

Description

Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3, MongoDB Server v6.0 versions prior to 6.0.27, MongoDB Server v5.0 versions prior to 5.0.32, MongoDB Server v4.4 versions prior to 4.4.30, MongoDB Server v4.2 versions greater than or equal to 4.2.0, MongoDB Server v4.0 versions greater than or equal to 4.0.0, and MongoDB Server v3.6 versions greater than or equal to 3.6.0.

Statistics

  • 1 Post
Last activity: 21 hours ago

Bluesky

Profile picture fallback
r/netsec bot @r-netsec.bsky.social
Mongobleed - CVE-2025-14847
  • 0
  • 0
  • 0
  • 21h ago

CVE-2024-47575

Overview

  • Fortinet
  • FortiManager
23 Oct 2024
Published
21 Oct 2025
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
93.85%
KEV

Description

A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.12, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests.

Statistics

  • 1 Post
Last activity: 12 hours ago

Bluesky

Profile picture fallback
Undercode Testing @undercode.bsky.social
Critical FortiManager Zero-Day (CVE-2024-47575): Unauthenticated RCE Exploit Exposes Enterprise Networks—Patch Now! + Video Introduction A critical zero-day vulnerability in Fortinet’s FortiManager, tracked as CVE-2024-47575 and nicknamed “FortiJump,” exposes enterprise networks to unauthenticated…
  • 0
  • 0
  • 0
  • 12h ago

CVE-2026-3502

Overview

  • TrueConf
  • TrueConf Client
30 Mar 2026
Published
03 Apr 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
1.32%
KEV

Description

TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code execution in the context of the updating process or user.

Statistics

  • 1 Post
Last activity: 16 hours ago

Bluesky

Profile picture fallback
Cybersecurity News Everyday @hendryadrian.bsky.social
CISA mandates federal agencies to patch high-severity TrueConf bug CVE-2026-3502 by April 16. TrueChaos campaign linked to Chinese hackers exploits video conferencing updates via compromised servers. #TrueConf #China #SoutheastAsia
  • 0
  • 0
  • 0
  • 16h ago

CVE-2026-5608

Overview

  • Belkin
  • F9K1122
06 Apr 2026
Published
06 Apr 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
Pending
KEV

Description

A vulnerability was detected in Belkin F9K1122 1.00.33. Affected is the function formWlanSetup of the file /goform/formWlanSetup. The manipulation of the argument webpage results in stack-based buffer overflow. The attack may be performed from remote. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post
Last activity: 3 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

⚠️ HIGH severity: CVE-2026-5608 in Belkin F9K1122 v1.00.33 enables remote buffer overflow via the /goform/formWlanSetup endpoint. Exploit code is public; no patch from vendor. Restrict remote mgmt access now. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 3h ago
Showing 11 to 20 of 23 CVEs