CVE-2024-7694

Overview

TeamT5
ThreatSonar Anti-Ransomware

12 Aug 2024

Published

18 Feb 2026

Updated

CVSS v3.1

HIGH (7.2)

EPSS

1.86%

MITRE

KEV

Description

ThreatSonar Anti-Ransomware from TeamT5 does not properly validate the content of uploaded files. Remote attackers with administrator privileges on the product platform can upload malicious files, which can be used to execute arbitrary system command on the server.

Statistics

2 Posts

Last activity: 9 hours ago

Bluesky

Information Security Briefly @infosecbriefly.bsky.social

A high-severity arbitrary file-upload vulnerability (CVE-2024-7694) in TeamT5's ThreatSonar Anti-Ransomware has been exploited in the wild and added to CISA's KEV catalog.

0
0
0
9h ago

piggo @pigondrugs.bsky.social

~Cisa~ CISA added four actively exploited vulnerabilities affecting Microsoft, Zimbra, TeamT5, and Chromium to its KEV catalog, requiring urgent remediation. - IOCs: CVE-2026-2441, CVE-2024-7694, CVE-2020-7796 - #CISA #KEV #PatchNow #ThreatIntel

0
0
0
15h ago

CVE-2025-41725

Overview

Pending

Pending

Published

Pending

Updated

CVSS

Pending

EPSS

Pending

MITRE

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

1 Post
2 Interactions

Last activity: 5 hours ago

Fediverse

CERT@VDE @certvde

#OT #Advisory VDE-2026-0001
JBL: DoS vulnerability in Flip 4

Any attacker in radio range can send malicious messages to cause the device to crash.
#CVE CVE-2025-41725

https://certvde.com/en/advisories/vde-2026-0001/

#CSAF https://harman.csaf-tp.certvde.com/.well-known/csaf/white/2026/hbsa-2025-0003.json #oCSAF

1
1
0
5h ago

CVE-2026-1405

Overview

Pending

Pending

Published

Pending

Updated

CVSS

Pending

EPSS

Pending

MITRE

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

1 Post
1 Interaction

Last activity: 19 hours ago

Fediverse

ZAST AI @zastai

Alert: Unauthenticated Arbitrary File Upload leading to RCE.
ZAST engine has identified a critical-severity vulnerability, CVE-2026-1405 (CVSS 9.8), in the Slider Future WordPress plugin. This flaw allows for Unrestricted Arbitrary File Upload, leading to full Remote Code Execution (RCE).

Key Technical Findings:
- Vulnerability: Unauthenticated Arbitrary File Upload to RCE
- Project Popularity: 1,000+ active installations.
- Verification: 100% verified via Autonomous PoC generation.

The vulnerability stems from a lack of authentication on the /wp-json/slider-future/v1/upload-image/ endpoint and a total absence of file type or content validation before writing to disk.

We have verified that an attacker can upload a malicious PHP script and gain control of the host server in seconds.

Check detail here:https://www.cve.org/CVERecord?id=CVE-2026-1405

@wordpress@lemmy.world @WordPress@mastodon.world @wordfence

#AppSec #ZAST #VulnerabilityResearch #WordPress #RCE

1
0
0
19h ago

CVE-2021-44228

Overview

Apache Software Foundation
Apache Log4j2

10 Dec 2021

Published

21 Oct 2025

Updated

CVSS

Pending

EPSS

94.45%

MITRE

KEV

Description

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

Statistics

1 Post
1 Interaction

Last activity: 23 hours ago

Bluesky

Undercode Testing @undercode.bsky.social

Exploiting and Mitigating the Log4Shell Vulnerability: A Hands-On Guide + Video Introduction: The Log4Shell vulnerability (CVE-2021-44228) in the popular Apache Log4j2 logging library sent shockwaves through the cybersecurity community due to its ease of exploitation and widespread impact. This…

0
1
0
23h ago

CVE-2025-70152

Overview

Pending

18 Feb 2026

Published

18 Feb 2026

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

Pending

MITRE

KEV

Description

code-projects Community Project Scholars Tracking System 1.0 is vulnerable to SQL Injection in the admin user management endpoints /admin/save_user.php and /admin/update_user.php. These endpoints lack authentication checks and directly concatenate user-supplied POST parameters (firstname, lastname, username, password, user_id) into SQL queries without validation or parameterization.

Statistics

1 Post

Last activity: 1 hour ago

Bluesky

CyberHub @cyberhub.blog

CVE Alert: CVE-2025-70152 - CVSS 9.8/10 code-projects Community Project Scholars Tracking System 1.0 is vulnerable to SQL Injection in the admin user management endpoints /admin/save_user.php and /admin/update_user.php. These end... https://www.cyberhub.blog/cves/CVE-2025-70152

0
0
0
1h ago

CVE-2025-70150

Overview

Pending

18 Feb 2026

Published

18 Feb 2026

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

Pending

MITRE

KEV

Description

CodeAstro Membership Management System 1.0 contains a missing authentication vulnerability in delete_members.php that allows unauthenticated attackers to delete arbitrary member records via the id parameter.

Statistics

1 Post

Last activity: 1 hour ago

Bluesky

CyberHub @cyberhub.blog

CVE Alert: CVE-2025-70150 - CVSS 9.8/10 CodeAstro Membership Management System 1.0 contains a missing authentication vulnerability in delete_members.php that allows unauthenticated attackers to delete arbitrary member records via... https://www.cyberhub.blog/cves/CVE-2025-70150

0
0
0
1h ago

CVE-2026-1731

Overview

BeyondTrust
Remote Support(RS) & Privileged Remote Access(PRA)

06 Feb 2026

Published

14 Feb 2026

Updated

CVSS v4.0

CRITICAL (9.9)

EPSS

49.74%

MITRE

KEV

Description

BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.

Statistics

1 Post

Last activity: 15 hours ago

Bluesky

OpsMatters @opsmatters.com

The latest update for #ArcticWolf includes "Human #RiskManagement and Security Awareness Training" and "Update: Arctic Wolf Observes Threat Campaign Targeting BeyondTrust Remote Support Following CVE-2026-1731 PoC Availability". #cybersecurity #infosec #networks https://opsmtrs.com/2ZFbaTl

0
0
0
15h ago

CVE-2026-22695

Overview

pnggroup
libpng

12 Jan 2026

Published

13 Jan 2026

Updated

CVSS v3.1

MEDIUM (6.1)

EPSS

0.02%

MITRE

KEV

Description

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API function png_image_finish_read when processing interlaced 16-bit PNGs with 8-bit output format and non-minimal row stride. This is a regression introduced by the fix for CVE-2025-65018. This vulnerability is fixed in 1.6.54.

Statistics

1 Post

Last activity: 6 hours ago

Bluesky

ferramentaslinux.bsky.social @ferramentaslinux.bsky.social

Heads up, #Debian 11 admins! A critical libpng update (DLA-4481-1) just dropped patching three CVEs (CVE-2026-22695, etc.). Read more: 👉 tinyurl.com/54nsbcjd #Security

0
0
0
6h ago

CVE-2025-70148

Overview

Pending

18 Feb 2026

Published

18 Feb 2026

Updated

CVSS v3.1

HIGH (7.5)

EPSS

Pending

MITRE

KEV

Description

Missing authentication and authorization in print_membership_card.php in CodeAstro Membership Management System 1.0 allows unauthenticated attackers to access membership card data of arbitrary users via direct requests with a manipulated id parameter, resulting in insecure direct object reference (IDOR).

Statistics

1 Post

Last activity: 1 hour ago

Bluesky

CyberHub @cyberhub.blog

CVE Alert: CVE-2025-70148 - CVSS 7.5/10 Missing authentication and authorization in print_membership_card.php in CodeAstro Membership Management System 1.0 allows unauthenticated attackers to access membership card data of arbitr... https://www.cyberhub.blog/cves/CVE-2025-70148

0
0
0
1h ago

CVE-2025-14178

Overview

PHP Group
PHP
php

27 Dec 2025

Published

24 Jan 2026

Updated

CVSS v3.1

MEDIUM (6.5)

EPSS

0.02%

MITRE

KEV

Description

In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, a heap buffer overflow occurs in array_merge() when the total element count of packed arrays exceeds 32-bit limits or HT_MAX_SIZE, due to an integer overflow in the precomputation of element counts using zend_hash_num_elements(). This may lead to memory corruption or crashes and affect the integrity and availability of the target server.

Statistics

1 Post

Last activity: 12 hours ago

Bluesky

Remi's RPM repository @remirepo.net

🛡️ Security updates: With 1 important security fix backported from 8.1.34 (CVE-2025-14178) Modules: - php-7.3.33-19 - php-7.2.34-26 Software Collections: - php73-php-7.3.33-19 - php72-php-7.2.34-26

0
0
0
12h ago