24h | 7d | 30d

CVE-2026-7243

Overview

  • Totolink
  • A8000RU
28 Apr 2026
Published
28 Apr 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.89%
KEV

Description

A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument maxRtrAdvInterval leads to os command injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.

Statistics

  • 1 Post
Last activity: 4 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

๐Ÿšจ CVE-2026-7243: Critical OS command injection in Totolink A8000RU (7.1cu.643_b20200521). Remote, unauthenticated RCE risk โ€” public exploit out, no patch yet. Lock down management access & monitor for updates. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 4h ago

CVE-2026-40050

Overview

  • CrowdStrike
  • LogScale Self-Hosted
21 Apr 2026
Published
21 Apr 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.32%
KEV

Description

CrowdStrike has released security updates to address a critical unauthenticated path traversal vulnerability (CVE-2026-40050) in LogScale. This vulnerability only requires mitigation by customers that host specific versions of LogScale and does not affect Next-Gen SIEM customers. The vulnerability exists in a specific cluster API endpoint that, if exposed, allows a remote attacker to read arbitrary files from the server filesystem without authentication. Next-Gen SIEM customers are not affected and do not need to take any action. CrowdStrike mitigated the vulnerability for LogScale SaaS customers by deploying network-layer blocks to all clusters on April 7, 2026. We have proactively reviewed all log data and there is no evidence of exploitation. LogScale Self-hosted customers should upgrade to a patched version immediately to remediate the vulnerability. CrowdStrike identified this vulnerability during continuous and ongoing product testing.

Statistics

  • 1 Post
Last activity: 21 hours ago

Fediverse

Profile picture fallback
CyberNetsecIO @netsecio

๐Ÿ“ฐ Critical Unauthenticated Path Traversal Flaw Found in CrowdStrike LogScale

๐Ÿšจ CRITICAL FLAW: CrowdStrike patches an unauthenticated path traversal vulnerability (CVE-2026-40050) in self-hosted LogScale. The bug could allow remote attackers to read any file on the server. Patch immediately! #CyberSecurity #Vulnerability

๐Ÿ”— cyber.netsecops.io

  • 0
  • 0
  • 0
  • 21h ago

CVE-2026-7204

Overview

  • Totolink
  • A8000RU
28 Apr 2026
Published
28 Apr 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.89%
KEV

Description

A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setPptpServerCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument enable causes os command injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.

Statistics

  • 2 Posts
Last activity: 15 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

๐Ÿšจ CRITICAL: Totolink A8000RU routers (7.1cu.643_b20200521) vulnerable to remote, unauthenticated OS command injection (CVE-2026-7204). No patch yet. Restrict access & monitor vendor channels. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 1
  • 15h ago

CVE-2026-7202

Overview

  • Totolink
  • A8000RU
27 Apr 2026
Published
27 Apr 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.89%
KEV

Description

A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setWiFiWpsStart of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument wscDisabled leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Statistics

  • 1 Post
Last activity: 11 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

๐Ÿ›‘ CRITICAL: Totolink A8000RU (7.1cu.643_b20200521) is vulnerable to OS command injection (CVE-2026-7202). Public exploit available. Restrict remote access & disable WPS until patched! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 11h ago

CVE-2022-24138

Overview

  • Pending
06 Jul 2022
Published
03 Aug 2024
Updated
CVSS
Pending
EPSS
0.28%
KEV

Description

IOBit Advanced System Care (Asc.exe) 15 and Action Download Center both download components of IOBit suite into ProgramData folder, ProgramData folder has "rwx" permissions for unprivileged users. Low privilege users can use SetOpLock to wait for CreateProcess and switch the genuine component with a malicious executable thus gaining code execution as a high privilege user (Low Privilege -> high integrity ADMIN).

Statistics

  • 1 Post
Last activity: 4 hours ago

Fediverse

Profile picture fallback
Ben L @usernameone101

Just an update on the IObit Advanced SystemCare zero-day I posted about a couple days ago. I mentioned in that post VulDB marked it as a duplicate of CVE-2022-24138 and while I agree with the root cause analysis being the same (ProgramData permission issues) the actual exploit chain is quite different. I found a named pipe that lets a low-priv user trigger a SYSTEM integrity file write on-demand. Since IObit has a concrete history of not replying to researchers and history repeats, here is the full write-up:

github.com/usernameone101/Writ

  • 0
  • 0
  • 0
  • 4h ago

CVE-2026-7244

Overview

  • Totolink
  • A8000RU
28 Apr 2026
Published
28 Apr 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.89%
KEV

Description

A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument merge results in os command injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.

Statistics

  • 1 Post
Last activity: 5 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

Totolink A8000RU (v7.1cu.643_b20200521) faces CRITICAL OS command injection (CVE-2026-7244, CVSS 9.3). Remote, unauthenticated exploit possible. No patch yet โ€” restrict mgmt access & monitor for updates. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 5h ago

CVE-2023-33538

Overview

  • Pending
07 Jun 2023
Published
20 Dec 2025
Updated
CVSS
Pending
EPSS
90.37%
KEV

Description

TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm .

Statistics

  • 1 Post
Last activity: 3 hours ago

Bluesky

Profile picture fallback
piyokango @piyokango.bsky.social
CVE-2023-33538ใฎๆ‚ช็”จๆœช้‚ใซ้–ขใ™ใ‚‹่ฉณ็ดฐๅˆ†ๆž #CybersecurityNews unit42.paloaltonetworks.com/exploitation...
  • 0
  • 0
  • 0
  • 3h ago

CVE-2024-21413

Overview

  • Microsoft
  • Microsoft Office 2019
13 Feb 2024
Published
21 Oct 2025
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
92.99%
KEV

Description

Microsoft Outlook Remote Code Execution Vulnerability

Statistics

  • 1 Post
Last activity: 7 hours ago

Fediverse

Profile picture fallback
Michael I Ransier @thecybermind

CVE-2024-21413 (CVSS 9.8) is actively exploited and bypasses Outlook Protected View to enable remote code execution and NTLM hash theft. Hereโ€™s the enterprise risk breakdown, detection strategy, and mitigation roadmap security leaders need now.

thecybermind.co/2026/04/28/bri

  • 0
  • 0
  • 0
  • 7h ago

CVE-2024-32498

Overview

  • Pending
05 Jul 2024
Published
04 Nov 2025
Updated
CVSS
Pending
EPSS
0.18%
KEV

Description

An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Cinder and Nova deployments are affected; only Glance deployments with image conversion enabled are affected.

Statistics

  • 1 Post
Last activity: 21 hours ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
This bash script fixes OpenStack Glance CVE-2024-32498. This book fixes ALL the CVEs you've never seen. tinyurl.com/5yxr9fn7 #ubuntu #Security
  • 0
  • 0
  • 0
  • 21h ago

CVE-2026-3844

Overview

  • cloudways
  • Breeze Cache
23 Apr 2026
Published
23 Apr 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.06%
KEV

Description

The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetch_gravatar_from_remote' function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. The vulnerability can only be exploited if "Host Files Locally - Gravatars" is enabled, which is disabled by default.

Statistics

  • 1 Post
Last activity: 1 hour ago

Bluesky

Profile picture fallback
Patrick C Miller @patrickcmiller.bsky.social
Over 400,000 sites at risk as hackers exploit Breeze Cache plugin flaw (CVE-2026-3844) securityaffairs.com/191267/uncat...
  • 0
  • 0
  • 0
  • 1h ago
Showing 11 to 20 of 133 CVEs