24h | 7d | 30d

Overview

  • Totolink
  • WA300

04 May 2026
Published
04 May 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.08%

KEV

Description

A security flaw has been discovered in Totolink WA300 5.2cu.7112_B20190227. The affected element is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument http_host results in buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.

Statistics

  • 1 Post

Last activity: 12 hours ago

Fediverse

Profile picture fallback

Totolink WA300 (5.2cu.7112_B20190227) faces a CRITICAL buffer overflow (CVE-2026-7719) via http_host in /cgi-bin/cstecgi.cgi. Public exploit out, no patch yet. Limit exposure, monitor closely. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 12h ago

Overview

  • Sudo project
  • Sudo

03 Apr 2026
Published
04 Apr 2026
Updated

CVSS v3.1
HIGH (7.4)
EPSS
0.00%

KEV

Description

In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation.

Statistics

  • 1 Post

Last activity: 21 hours ago

Bluesky

Profile picture fallback
A sudo vulnerability (CVE-2026-35535) could let any local user gain root on Rocky Linux. Here's how to check, patch, and automate updates: Read more -> tinyurl.com/2kd8ztbp #Security
  • 0
  • 0
  • 0
  • 21h ago

Overview

  • VEGA Grieshaber
  • VEGAPULS 6X Two-wire PROFINET, Modbus TCP, OPC UA (Ethernet-APL)

28 Apr 2026
Published
28 Apr 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.02%

KEV

Description

An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes.

Statistics

  • 3 Posts

Last activity: 7 hours ago

Fediverse

Profile picture fallback

VDE-2026-046
VEGA: Unsecured Configuration Interface Allows Unauthorized Access Leading to Privilege Escalation

Vulnerable components expose sensitive information to unauthorized actors through an unsecured configuration interface. Vulnerable firmware releases contain an unsecured configuration interface that allows retrieval of sensitive information such as hashed credentials.
CVE-2026-3323

certvde.com/en/advisories/vde-

vega.csaf-tp.certvde.com/.well

  • 0
  • 0
  • 2
  • 7h ago

Overview

  • Spring
  • Spring Boot

27 Apr 2026
Published
29 Apr 2026
Updated

CVSS v3.1
CRITICAL (9.1)
EPSS
0.06%

KEV

Description

In certain circumstances, Spring Boot's default web security is ineffective allowing unauthorized access to all endpoints. For an application to be vulnerable, it must: be a servlet-based web application; have no Spring Security configuration of its own and rely on the default web security filter chain; depend on spring-boot-actuator-autoconfigure; not depend on spring-boot-health. If any of the above does not apply, the application is not vulnerable. Affected: Spring Boot 4.0.0–4.0.5; upgrade to 4.0.6 or later per vendor advisory.

Statistics

  • 1 Post

Last activity: 20 hours ago

Bluesky

Profile picture fallback
【脆弱性情報】 CVE-2026-40976 vmwareのspring bootの脆弱性について Spring Boot において、特定の条件下で既定の Web セキュリティが有効に機能せず、認証されていない利用者がすべてのエンドポイントへアクセスできる脆弱性です。
  • 0
  • 0
  • 0
  • 20h ago

Overview

  • GeoVision Inc.
  • GV-VMS V20.0.2

04 May 2026
Published
04 May 2026
Updated

CVSS v3.1
CRITICAL (9.0)
EPSS
0.12%

KEV

Description

A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.

Statistics

  • 1 Post

Last activity: 14 hours ago

Fediverse

Profile picture fallback

🚨 CRITICAL: CVE-2026-42370 affects GeoVision GV-VMS V20.0.2. Stack overflow in WebCam Server Login allows unauthenticated remote code execution via crafted HTTP requests. Patch urgently! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 14h ago

Overview

  • Totolink
  • N300RH

04 May 2026
Published
04 May 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.08%

KEV

Description

A security flaw has been discovered in Totolink N300RH 3.2.4-B20220812. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. Performing a manipulation of the argument Password results in buffer overflow. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.

Statistics

  • 1 Post

Last activity: 6 hours ago

Fediverse

Profile picture fallback

🔴 CRITICAL: CVE-2026-7747 in Totolink N300RH (v3.2.4-B20220812) — remote, unauthenticated buffer overflow via /cgi-bin/cstecgi.cgi Password param. Exploit is public; no patch yet. Restrict mgmt access! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 6h ago

Overview

  • Microsoft
  • Microsoft 365 Copilot

19 Mar 2026
Published
23 Mar 2026
Updated

CVSS v3.1
MEDIUM (5.3)
EPSS
0.04%

KEV

Description

Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.

Statistics

  • 1 Post

Last activity: Last hour

Fediverse

Profile picture fallback

Copirate 365 at DEF CON: Plundering in the Depths of Microsoft Copilot (CVE-2026-24299) embracethered.com/blog/posts/2

  • 0
  • 0
  • 0
  • Last hour

Overview

  • Dell
  • AppSync

21 Apr 2022
Published
16 Sep 2024
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.67%

KEV

Description

Dell EMC AppSync versions from 3.9 to 4.3 contain a path traversal vulnerability in AppSync server. A remote unauthenticated attacker may potentially exploit this vulnerability to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application.

Statistics

  • 1 Post

Last activity: 17 hours ago

Bluesky

Profile picture fallback
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about an actively exploited vulnerability in a popular Linux web application. The vulnerability, identified as CVE-2022-24424, affects Exim Mail Transfer Agent version 4.91.11 and older..
  • 0
  • 0
  • 0
  • 17h ago

Overview

  • argoproj
  • Argo CD

02 May 2026
Published
04 May 2026
Updated

CVSS v3.1
HIGH (7.7)
EPSS
0.01%

KEV

Description

In Argo CD 3.2.0 before 3.2.11 and 3.3.0 before 3.3.9, ServerSideDiff allows reading cleartext Kubernetes Secret data.

Statistics

  • 1 Post

Last activity: 3 hours ago

Fediverse

Profile picture fallback

Read-only ArgoCD access + one annotation = every Kubernetes secret in the cluster, plaintext. CVE-2026-43824. Fixed in 3.2.11 and 3.3.9. If you're running 3.2.x or 3.3.x, upgrade today.

  • 0
  • 0
  • 0
  • 3h ago

Overview

  • Red Hat
  • Red Hat Enterprise Linux 10
  • binutils

22 Apr 2026
Published
23 Apr 2026
Updated

CVSS
Pending
EPSS
0.02%

KEV

Description

A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF (Extended Common Object File Format) object file during linking. A local attacker could trick a user into processing this malicious file, which could lead to arbitrary code execution, allowing the attacker to run unauthorized commands, or cause a denial of service, making the system unavailable.

Statistics

  • 1 Post

Last activity: 23 hours ago

Bluesky

Profile picture fallback
Fedora sysadmins: A code execution flaw (CVE-2026-6846) affects the Insight debugger. Read more-> tinyurl.com/yeymucyb #Fedora #Security
  • 0
  • 0
  • 0
  • 23h ago
Showing 11 to 20 of 29 CVEs