CVE-2026-40484

Overview

ChurchCRM
CRM

17 Apr 2026

Published

17 Apr 2026

Updated

CVSS v3.1

CRITICAL (9.1)

EPSS

0.05%

MITRE

KEV

Description

ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the database backup restore functionality extracts uploaded archive contents and copies files from the Images/ directory into the web-accessible document root using recursiveCopyDirectory(), which performs no file extension filtering. An authenticated administrator can upload a crafted backup archive containing a PHP webshell inside the Images/ directory, which is then written to a publicly accessible path and executable via HTTP requests, resulting in remote code execution as the web server user. The restore endpoint also lacks CSRF token validation, enabling exploitation through cross-site request forgery targeting an authenticated administrator. This issue has been fixed in version 7.2.0.

Statistics

1 Post

Last activity: 19 hours ago

Fediverse

OffSequence @offseq

⚠️ CRITICAL: ChurchCRM <7.2.0 vulnerable to RCE (CVE-2026-40484). Crafted backup restores allow webshell upload; CSRF flaw increases risk. Patch to 7.2.0+ now. Details: https://radar.offseq.com/threat/cve-2026-40484-cwe-269-improper-privilege-manageme-9bb4be14 #OffSeq #CVE202640484 #ChurchCRM #RCE

0
0
0
19h ago

CVE-2026-32288

Overview

Go standard library
archive/tar
archive/tar

08 Apr 2026

Published

13 Apr 2026

Updated

CVSS

Pending

EPSS

0.00%

MITRE

KEV

Description

tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the "old GNU sparse map" format.

Statistics

1 Post

Last activity: 7 hours ago

Bluesky

Lambda Watchdog @lambdawatchdog.bsky.social

🔍 Lambda Watchdog detected that CVE-2026-32288 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/461 #AWS #Lambda #Security #CVE #DevOps #SecOps

0
0
0
7h ago

CVE-2026-40493

Overview

HappySeaFox
sail

18 Apr 2026

Published

18 Apr 2026

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

0.04%

MITRE

KEV

Description

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit c930284445ea3ff94451ccd7a57c999eca3bc979, the PSD codec computes bytes-per-pixel (`bpp`) from raw header fields `channels * depth`, but the pixel buffer is allocated based on the resolved pixel format. For LAB mode with `channels=3, depth=16`, `bpp = (3*16+7)/8 = 6`, but the format `BPP40_CIE_LAB` allocates only 5 bytes per pixel. Every pixel write overshoots, causing a deterministic heap buffer overflow on every row. Commit c930284445ea3ff94451ccd7a57c999eca3bc979 contains a patch.

Statistics

1 Post

Last activity: 14 hours ago

Fediverse

OffSequence @offseq

🚨 CVE-2026-40493: CRITICAL out-of-bounds write in HappySeaFox sail (<c930284445ea3ff94451ccd7a57c999eca3bc979) — Heap buffer overflow in PSD codec risks RCE & data loss. Patch ASAP: commit c930284445ea3ff94451ccd7a57c999eca3bc979. https://radar.offseq.com/threat/cve-2026-40493-cwe-787-out-of-bounds-write-in-happ-da0d28a1 #OffSeq #infosec #CVE202640493

0
0
0
14h ago

CVE-2025-64446

Overview

Fortinet
FortiWeb

14 Nov 2025

Published

26 Feb 2026

Updated

CVSS v3.1

CRITICAL (9.4)

EPSS

93.12%

MITRE

KEV

Description

A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.

Statistics

1 Post

Last activity: 13 hours ago

Bluesky

Undercode Testing @undercode.bsky.social

FortiWeb Impersonation Flaw: How CVE-2025-64446 Lets Attackers Become Any User – And How To Stop It + Video Introduction: Fortinet’s FortiWeb web application firewall (WAF) includes an “impersonation function” designed to help administrators troubleshoot user sessions. However, security…

0
0
0
13h ago

CVE-2025-61043

Overview

Pending

28 Oct 2025

Published

29 Oct 2025

Updated

CVSS

Pending

EPSS

0.06%

MITRE

KEV

Description

An out-of-bounds read vulnerability has been discovered in Monkey's Audio 11.31, specifically in the CAPECharacterHelper::GetUTF16FromUTF8 function. The issue arises from improper handling of the length of the input UTF-8 string, causing the function to read past the memory boundary. This vulnerability may result in a crash or expose sensitive data.

Statistics

2 Posts

Last activity: 5 hours ago

Bluesky

ferramentaslinux.bsky.social @ferramentaslinux.bsky.social

CVE-2025-61043 (out-of-bounds read in libMAC) affects Aqualung on #Fedora, #Ubuntu, #RockyLinux , #SUSE. Read more: 👉 tinyurl.com/2y579jrb

0
0
0
6h ago

ferramentaslinux.bsky.social @ferramentaslinux.bsky.social

Evergreen Linux security: Monkey's Audio out-of-bounds read (CVE-2025-61043) Not just #Fedora – check Ubuntu, Rocky Linux , SUSE. Read more: 👉 tinyurl.com/4zb2x7cm

0
0
0
5h ago

CVE-2026-32289

Overview

Go standard library
html/template
html/template

08 Apr 2026

Published

13 Apr 2026

Updated

CVSS

Pending

EPSS

0.01%

MITRE

KEV

Description

Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.

Statistics

1 Post

Last activity: 7 hours ago

Bluesky

Lambda Watchdog @lambdawatchdog.bsky.social

🔍 Lambda Watchdog detected that CVE-2026-32289 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/462 #AWS #Lambda #Security #CVE #DevOps #SecOps

0
0
0
7h ago

CVE-2026-40317

Overview

MinecAnton209
NovumOS

18 Apr 2026

Published

18 Apr 2026

Updated

CVSS v3.1

CRITICAL (9.4)

EPSS

0.02%

MITRE

KEV

Description

NovumOS is a custom 32-bit operating system written in Zig and x86 Assembly. In versions prior to 0.24, Syscall 12 (JumpToUser) accepts an arbitrary entry point address from user-space registers without validation, allowing any Ring 3 user-mode process to jump to kernel addresses and execute arbitrary code in Ring 0 context, resulting in local privilege escalation. This issue has been fixed in version 0.24. If developers are unable to immediately update, they should restrict syscall access by running the system in single-user mode without Ring 3, and disable user-mode processes by only running kernel shell with no user processes. This issue has been fixed in version 0.24.

Statistics

1 Post

Last activity: 11 hours ago

Fediverse

OffSequence @offseq

🔍 CVE-2026-40317 (CRITICAL, CVSS 9.4): NovumOS < 0.24 allows local privilege escalation via unchecked entry point in Syscall 12. Patch to 0.24 ASAP or restrict syscalls to mitigate. Full details: https://radar.offseq.com/threat/cve-2026-40317-cwe-269-improper-privilege-manageme-d4098dd0 #OffSeq #Vuln #NovumOS #InfoSec

0
0
0
11h ago

CVE-2026-32283

Overview

Go standard library
crypto/tls
crypto/tls

08 Apr 2026

Published

13 Apr 2026

Updated

CVSS

Pending

EPSS

0.02%

MITRE

KEV

Description

If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.

Statistics

1 Post

Last activity: 7 hours ago

Bluesky

Lambda Watchdog @lambdawatchdog.bsky.social

🔍 Lambda Watchdog detected that CVE-2026-32283 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/460 #AWS #Lambda #Security #CVE #DevOps #SecOps

0
0
0
7h ago

CVE-2026-40582

Overview

ChurchCRM
CRM

17 Apr 2026

Published

17 Apr 2026

Updated

CVSS v4.0

CRITICAL (9.1)

EPSS

0.11%

MITRE

KEV

Description

ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the /api/public/user/login endpoint validates only the username and password before returning the user's API key, bypassing the normal authentication flow that enforces account lockout and two-factor authentication checks. An attacker with knowledge of a user's password can obtain API access even when the account is locked or has 2FA enabled, granting direct access to all protected API endpoints with that user's privileges. This issue has been fixed in version 7.2.0. Note: this issue had a duplicate, GHSA-472m-p3gf-46xp, which has been closed.

Statistics

1 Post

Last activity: 10 hours ago

Fediverse

OffSequence @offseq

🚨 CVE-2026-40582: ChurchCRM < 7.2.0 has a CRITICAL auth bypass (CVSS 9.1). /api/public/user/login lets attackers with a password skip lockout & 2FA to get API access. Upgrade to 7.2.0+ ASAP. https://radar.offseq.com/threat/cve-2026-40582-cwe-288-authentication-bypass-using-58dc9576 #OffSeq #ChurchCRM #CVE202640582 #infosec

0
0
0
10h ago

CVE-2026-6284

Overview

Horner Automation
Cscape

17 Apr 2026

Published

17 Apr 2026

Updated

CVSS v4.0

CRITICAL (9.3)

EPSS

0.03%

MITRE

KEV

Description

An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity and no password input limiters makes brute force password enumeration possible.

Statistics

1 Post

Last activity: 2 hours ago

Fediverse

ThreatNoir @threatnoir

⚠️ CRITICAL: Horner Automation Cscape and XL4, XL7 PLC

Horner Automation Cscape v10.0, XL4 PLC v16.32.0, and XL7 PLC v15.60 contain a critical password brute-force vulnerability (CVE-2026-6284, CVSS 9.1) with no rate limiting. This affects manufacturing environments globally and allows unauthenticated network attackers to compromise PLCs controlling cr…

https://threatnoir.com/focus

#infosec #cybersecurity

0
0
0
2h ago