24h | 7d | 30d

CVE-2026-7719

Overview

  • Totolink
  • WA300
04 May 2026
Published
04 May 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.08%
KEV

Description

A security flaw has been discovered in Totolink WA300 5.2cu.7112_B20190227. The affected element is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument http_host results in buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.

Statistics

  • 1 Post
Last activity: 12 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

Totolink WA300 (5.2cu.7112_B20190227) faces a CRITICAL buffer overflow (CVE-2026-7719) via http_host in /cgi-bin/cstecgi.cgi. Public exploit out, no patch yet. Limit exposure, monitor closely. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 12h ago

CVE-2026-35535

Overview

  • Sudo project
  • Sudo
03 Apr 2026
Published
04 Apr 2026
Updated
CVSS v3.1
HIGH (7.4)
EPSS
0.00%
KEV

Description

In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation.

Statistics

  • 1 Post
Last activity: 21 hours ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
A sudo vulnerability (CVE-2026-35535) could let any local user gain root on Rocky Linux. Here's how to check, patch, and automate updates: Read more -> tinyurl.com/2kd8ztbp #Security
  • 0
  • 0
  • 0
  • 21h ago

CVE-2026-3323

Overview

  • VEGA Grieshaber
  • VEGAPULS 6X Two-wire PROFINET, Modbus TCP, OPC UA (Ethernet-APL)
28 Apr 2026
Published
28 Apr 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.02%
KEV

Description

An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes.

Statistics

  • 3 Posts
Last activity: 7 hours ago

Fediverse

Profile picture fallback
CERT@VDE @certvde

VDE-2026-046
VEGA: Unsecured Configuration Interface Allows Unauthorized Access Leading to Privilege Escalation

Vulnerable components expose sensitive information to unauthorized actors through an unsecured configuration interface. Vulnerable firmware releases contain an unsecured configuration interface that allows retrieval of sensitive information such as hashed credentials.
CVE-2026-3323

certvde.com/en/advisories/vde-

vega.csaf-tp.certvde.com/.well

  • 0
  • 0
  • 2
  • 7h ago

CVE-2026-40976

Overview

  • Spring
  • Spring Boot
27 Apr 2026
Published
29 Apr 2026
Updated
CVSS v3.1
CRITICAL (9.1)
EPSS
0.06%
KEV

Description

In certain circumstances, Spring Boot's default web security is ineffective allowing unauthorized access to all endpoints. For an application to be vulnerable, it must: be a servlet-based web application; have no Spring Security configuration of its own and rely on the default web security filter chain; depend on spring-boot-actuator-autoconfigure; not depend on spring-boot-health. If any of the above does not apply, the application is not vulnerable. Affected: Spring Boot 4.0.0–4.0.5; upgrade to 4.0.6 or later per vendor advisory.

Statistics

  • 1 Post
Last activity: 20 hours ago

Bluesky

Profile picture fallback
ケイ | 副業Webライター📖 @keiwork35.bsky.social
【脆弱性情報】 CVE-2026-40976 vmwareのspring bootの脆弱性について Spring Boot において、特定の条件下で既定の Web セキュリティが有効に機能せず、認証されていない利用者がすべてのエンドポイントへアクセスできる脆弱性です。
  • 0
  • 0
  • 0
  • 20h ago

CVE-2026-42370

Overview

  • GeoVision Inc.
  • GV-VMS V20.0.2
04 May 2026
Published
04 May 2026
Updated
CVSS v3.1
CRITICAL (9.0)
EPSS
0.12%
KEV

Description

A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.

Statistics

  • 1 Post
Last activity: 14 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🚨 CRITICAL: CVE-2026-42370 affects GeoVision GV-VMS V20.0.2. Stack overflow in WebCam Server Login allows unauthenticated remote code execution via crafted HTTP requests. Patch urgently! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 14h ago

CVE-2026-7747

Overview

  • Totolink
  • N300RH
04 May 2026
Published
04 May 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.08%
KEV

Description

A security flaw has been discovered in Totolink N300RH 3.2.4-B20220812. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. Performing a manipulation of the argument Password results in buffer overflow. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.

Statistics

  • 1 Post
Last activity: 6 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🔴 CRITICAL: CVE-2026-7747 in Totolink N300RH (v3.2.4-B20220812) — remote, unauthenticated buffer overflow via /cgi-bin/cstecgi.cgi Password param. Exploit is public; no patch yet. Restrict mgmt access! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 6h ago

CVE-2026-24299

Overview

  • Microsoft
  • Microsoft 365 Copilot
19 Mar 2026
Published
23 Mar 2026
Updated
CVSS v3.1
MEDIUM (5.3)
EPSS
0.04%
KEV

Description

Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.

Statistics

  • 1 Post
Last activity: Last hour

Fediverse

Profile picture fallback
#GlitterSquad🛸 @glitterbean

Copirate 365 at DEF CON: Plundering in the Depths of Microsoft Copilot (CVE-2026-24299) embracethered.com/blog/posts/2

  • 0
  • 0
  • 0
  • Last hour

CVE-2022-24424

Overview

  • Dell
  • AppSync
21 Apr 2022
Published
16 Sep 2024
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.67%
KEV

Description

Dell EMC AppSync versions from 3.9 to 4.3 contain a path traversal vulnerability in AppSync server. A remote unauthenticated attacker may potentially exploit this vulnerability to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application.

Statistics

  • 1 Post
Last activity: 17 hours ago

Bluesky

Profile picture fallback
Lead Better Today @lbtoday1.bsky.social
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about an actively exploited vulnerability in a popular Linux web application. The vulnerability, identified as CVE-2022-24424, affects Exim Mail Transfer Agent version 4.91.11 and older..
  • 0
  • 0
  • 0
  • 17h ago

CVE-2026-43824

Overview

  • argoproj
  • Argo CD
02 May 2026
Published
04 May 2026
Updated
CVSS v3.1
HIGH (7.7)
EPSS
0.01%
KEV

Description

In Argo CD 3.2.0 before 3.2.11 and 3.3.0 before 3.3.9, ServerSideDiff allows reading cleartext Kubernetes Secret data.

Statistics

  • 1 Post
Last activity: 3 hours ago

Fediverse

Profile picture fallback
Vito Botta @vitobotta

Read-only ArgoCD access + one annotation = every Kubernetes secret in the cluster, plaintext. CVE-2026-43824. Fixed in 3.2.11 and 3.3.9. If you're running 3.2.x or 3.3.x, upgrade today.

  • 0
  • 0
  • 0
  • 3h ago

CVE-2026-6846

Overview

  • Red Hat
  • Red Hat Enterprise Linux 10
  • binutils
22 Apr 2026
Published
23 Apr 2026
Updated
CVSS
Pending
EPSS
0.02%
KEV

Description

A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF (Extended Common Object File Format) object file during linking. A local attacker could trick a user into processing this malicious file, which could lead to arbitrary code execution, allowing the attacker to run unauthorized commands, or cause a denial of service, making the system unavailable.

Statistics

  • 1 Post
Last activity: 23 hours ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
Fedora sysadmins: A code execution flaw (CVE-2026-6846) affects the Insight debugger. Read more-> tinyurl.com/yeymucyb #Fedora #Security
  • 0
  • 0
  • 0
  • 23h ago
Showing 11 to 20 of 29 CVEs