24h | 7d | 30d

Overview

  • Linux
  • Linux

12 Apr 2026
Published
12 Apr 2026
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix unsound scalar forking in maybe_fork_scalars() for BPF_OR maybe_fork_scalars() is called for both BPF_AND and BPF_OR when the source operand is a constant. When dst has signed range [-1, 0], it forks the verifier state: the pushed path gets dst = 0, the current path gets dst = -1. For BPF_AND this is correct: 0 & K == 0. For BPF_OR this is wrong: 0 | K == K, not 0. The pushed path therefore tracks dst as 0 when the runtime value is K, producing an exploitable verifier/runtime divergence that allows out-of-bounds map access. Fix this by passing env->insn_idx (instead of env->insn_idx + 1) to push_stack(), so the pushed path re-executes the ALU instruction with dst = 0 and naturally computes the correct result for any opcode.

Statistics

  • 2 Posts

Last activity: Last hour

Fediverse

Profile picture fallback

CVE-2026-31413

Found a 1-char bug in the Linux BPF verifier. A + 1 that should've been + 0 in maybe_fork_scalars() gives you OOB map access and full container escape from any pod with CAP_BPF. Fix in 7.0-rc5.
-Technical writeup with POC dropping soon.

cve.org/CVERecord?id=CVE-2026-

  • 0
  • 0
  • 1
  • Last hour

Overview

  • Rukovoditel
  • Rukovoditel CRM

11 Apr 2026
Published
11 Apr 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
Pending

KEV

Description

A reflected cross-site scripting (XSS) vulnerability exists in Rukovoditel CRM version 3.6.4 and earlier in the Zadarma telephony API endpoint (/api/tel/zadarma.php). The application directly reflects user-supplied input from the 'zd_echo' GET parameter into the HTTP response without proper sanitization, output encoding, or content-type restrictions. The vulnerable code is: if (isset($_GET['zd_echo'])) exit($_GET['zd_echo']); An unauthenticated attacker can exploit this issue by crafting a malicious URL containing JavaScript payloads. When a victim visits the link, the payload executes in the context of the application within the victim's browser, potentially leading to session hijacking, credential theft, phishing, or account takeover. The issue is fixed in version 3.7, which introduces proper input validation and output encoding to prevent script injection.

Statistics

  • 1 Post

Last activity: 13 hours ago

Fediverse

Profile picture fallback

🚨 CRITICAL XSS in Rukovoditel CRM 3.6.4 (CVE-2026-31845): Pre-auth reflected XSS in the Zadarma API (/api/tel/zadarma.php) lets attackers inject JS via 'zd_echo'. Patch or restrict access! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 13h ago

Overview

  • Elastic
  • Logstash

08 Apr 2026
Published
10 Apr 2026
Updated

CVSS v3.1
HIGH (8.1)
EPSS
0.28%

KEV

Description

Improper Limitation of a Pathname to a Restricted Directory (CWE-22) in Logstash can lead to arbitrary file write and potentially remote code execution via Relative Path Traversal (CAPEC-139). The archive extraction utilities used by Logstash do not properly validate file paths within compressed archives. An attacker who can serve a specially crafted archive to Logstash through a compromised or attacker-controlled update endpoint can write arbitrary files to the host filesystem with the privileges of the Logstash process. In certain configurations where automatic pipeline reloading is enabled, this can be escalated to remote code execution.

Statistics

  • 2 Posts

Last activity: 14 hours ago

Fediverse

Profile picture fallback

I'm the original reporter of the Logstash CVE-2026-33466 bug. 😎

discuss.elastic.co/t/logstash-

  • 0
  • 0
  • 1
  • 14h ago

Overview

  • parisneo
  • parisneo/lollms

12 Apr 2026
Published
12 Apr 2026
Updated

CVSS v3.0
HIGH (8.2)
EPSS
Pending

KEV

Description

A Cross-site Scripting (XSS) vulnerability was identified in the `from_dict` method of the `AppLollmsMessage` class in parisneo/lollms prior to version 2.2.0. The vulnerability arises from the lack of sanitization or HTML encoding of the `content` field when deserializing user-provided data. This allows an attacker to inject malicious HTML or JavaScript payloads, which can be executed in the context of another user's browser. Exploitation of this vulnerability can lead to account takeover, session hijacking, or wormable attacks.

Statistics

  • 1 Post

Last activity: 5 hours ago

Fediverse

Profile picture fallback

🚨 HIGH severity XSS (CVE-2026-1116) in parisneo/lollms pre-2.2.0: Improper input sanitization in from_dict allows attackers to inject malicious scripts. Update ASAP! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 5h ago

Overview

  • Apache Software Foundation
  • Apache ActiveMQ Broker
  • org.apache.activemq:activemq-broker

07 Apr 2026
Published
08 Apr 2026
Updated

CVSS
Pending
EPSS
5.60%

KEV

Description

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations on all ActiveMQ MBeans (org.apache.activemq:*), including BrokerService.addNetworkConnector(String) and BrokerService.addConnector(String). An authenticated attacker can invoke these operations with a crafted discovery URI that triggers the VM transport's brokerConfig parameter to load a remote Spring XML application context using ResourceXmlApplicationContext. Because Spring's ResourceXmlApplicationContext instantiates all singleton beans before the BrokerService validates the configuration, arbitrary code execution occurs on the broker's JVM through bean factory methods such as Runtime.exec(). This issue affects Apache ActiveMQ Broker: before 5.19.4, from 6.0.0 before 6.2.3; Apache ActiveMQ All: before 5.19.4, from 6.0.0 before 6.2.3; Apache ActiveMQ: before 5.19.4, from 6.0.0 before 6.2.3. Users are recommended to upgrade to version 5.19.4 or 6.2.3, which fixes the issue

Statistics

  • 1 Post

Last activity: 1 hour ago

Bluesky

Profile picture fallback
Claude helps researcher dig up decade-old Apache ActiveMQ RCE vulnerability (CVE-2026-34197) - Help Net Security www.helpnetsecurity.com/2026/04/09/a...
  • 0
  • 0
  • 0
  • 1h ago

Overview

  • Totolink
  • A7100RU

12 Apr 2026
Published
12 Apr 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
Pending

KEV

Description

A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument ip leads to os command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.

Statistics

  • 1 Post

Last activity: 2 hours ago

Fediverse

Profile picture fallback

Totolink A7100RU (fw 7.4cu.2313_b20191024) suffers CRITICAL OS command injection (CVE-2026-6116, CVSS 9.3). Remote, unauthenticated RCE is possible. No patch yet — disable remote access or isolate device! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 2h ago

Overview

  • Meta
  • react-server-dom-webpack

03 Dec 2025
Published
26 Feb 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
84.89%

Description

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

Statistics

  • 1 Post

Last activity: 6 hours ago

Bluesky

Profile picture fallback
📢 Kubernetes : escalade de privilèges via vol de tokens et exploitation de CVE-2025-55182 📝 ## 🔍 Contexte Publié le 6 avril 2026 par Unit 42 (… https://cyberveille.ch/posts/2026-04-12-kubernetes-escalade-de-privileges-via-vol-de-tokens-et-exploitation-de-cve-2025-55182/ #CVE_2025_55182 #Cyberveille
  • 0
  • 0
  • 0
  • 6h ago

Overview

  • tomdever
  • wpForo Forum

11 Apr 2026
Published
11 Apr 2026
Updated

CVSS v3.1
HIGH (7.1)
EPSS
0.03%

KEV

Description

The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.2. This is due to a two-step logic flaw: the topic_add() and topic_edit() action handlers accept arbitrary user-supplied data[*] arrays from $_REQUEST and store them as postmeta without restricting which fields may contain array values. Because 'body' is included in the allowed topic fields list, an attacker can supply data[body][fileurl] with an arbitrary file path (e.g., wp-config.php or an absolute server path). This poisoned fileurl is persisted to the plugin's custom postmeta database table. Subsequently, when the attacker submits wpftcf_delete[]=body on a topic_edit request, the add_file() method retrieves the stored postmeta record, extracts the attacker-controlled fileurl, passes it through wpforo_fix_upload_dir() which only rewrites legitimate wpforo upload paths and returns all other paths unchanged, and then calls wp_delete_file() on the unvalidated path. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary files writable by the PHP process on the server, including critical files such as wp-config.

Statistics

  • 2 Posts

Last activity: 23 hours ago

Fediverse

Profile picture fallback

🛡️ CVE-2026-5809: HIGH severity vuln in wpForo Forum plugin ≤3.0.2 lets subscriber+ users delete arbitrary files (e.g., wp-config.php). No patch yet — restrict permissions & monitor topic edits for abuse. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 1
  • 23h ago

Overview

  • Microsoft
  • Windows Server 2025

12 Aug 2025
Published
26 Feb 2026
Updated

CVSS v3.1
HIGH (7.2)
EPSS
0.51%

KEV

Description

Relative path traversal in Windows Kerberos allows an authorized attacker to elevate privileges over a network.

Statistics

  • 2 Posts

Last activity: 17 hours ago

Fediverse

Profile picture fallback

Eighteen from HackTheBox is an assume breach Windows Server 2025 box featuring MSSQL impersonation, Werkzeug hash cracking, password spraying, and Bad Successor (CVE-2025-53779) to abuse dMSA migration for domain admin.

0xdf.gitlab.io/2026/04/11/htb-

  • 0
  • 0
  • 1
  • 17h ago

Overview

  • Sonos
  • Era 300

11 Apr 2026
Published
11 Apr 2026
Updated

CVSS v3.0
CRITICAL (10.0)
EPSS
1.27%

KEV

Description

Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sonos Era 300. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the DataOffset field within SMB responses. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the kernel. Was ZDI-CAN-28345.

Statistics

  • 1 Post

Last activity: 19 hours ago

Fediverse

Profile picture fallback

⚠️ CVE-2026-4149: Sonos Era 300 (v17.5) has a CRITICAL remote code execution vulnerability via SMB, allowing kernel-level compromise without auth. No patch yet — restrict SMB access! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 19h ago
Showing 11 to 20 of 25 CVEs