24h | 7d | 30d

Overview

  • Tenda
  • F453

25 Feb 2026
Published
25 Feb 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.08%

KEV

Description

A vulnerability was determined in Tenda F453 1.0.0.3. Impacted is the function fromSetWifiGusetBasic of the file /goform/AdvSetWrlsafeset of the component httpd. This manipulation of the argument mit_ssid causes buffer overflow. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 18 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-3165 - A vulnerability was determined in Tenda F453 1.0.0.3. Impacted is the function fromSetWifiGusetBasic of the file /goform/AdvSetWrlsafeset of the compo... https://www.cyberhub.blog/cves/CVE-2026-3165
  • 0
  • 1
  • 0
  • 18h ago

Overview

  • Microsoft
  • Microsoft 365 Apps for Enterprise

26 Jan 2026
Published
22 Feb 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
10.07%

Description

Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.

Statistics

  • 1 Post

Last activity: 14 hours ago

Bluesky

Profile picture fallback
Urgent: Microsoft Office Zero-Day CVE-2026-21509 Under Active Exploitation—APT28 Weaponizes Patched Flaw in Operation Neusploit + Video Introduction: A high-severity security feature bypass vulnerability, tracked as CVE-2026-21509, is currently being actively exploited in the wild, prompting an…
  • 0
  • 0
  • 0
  • 14h ago

Overview

  • ImageMagick
  • ImageMagick

24 Feb 2026
Published
26 Feb 2026
Updated

CVSS v3.1
HIGH (8.2)
EPSS
0.04%

KEV

Description

ImageMagick is free and open-source software used for editing and manipulating digital images. `WriteUHDRImage` in `coders/uhdr.c` uses `int` arithmetic to compute the pixel buffer size. Prior to version 7.1.2-15, when image dimensions are large, the multiplication overflows 32-bit `int`, causing an undersized heap allocation followed by an out-of-bounds write. This can crash the process or potentially lead to an out of bounds heap write. Version 7.1.2-15 contains a patch.

Statistics

  • 1 Post

Last activity: 3 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-25794 - ImageMagick is free and open-source software used for editing and manipulating digital images. `WriteUHDRImage` in `coders/uhdr.c` uses `int` arithmet... https://www.cyberhub.blog/cves/CVE-2026-25794
  • 0
  • 0
  • 0
  • 3h ago

Overview

  • Changing
  • IDExpert Windows Logon Agent

02 Mar 2026
Published
02 Mar 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
Pending

KEV

Description

IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated remote attackers to force the system to download arbitrary executable files from a remote source and execute them.

Statistics

  • 1 Post

Last activity: Last hour

Bluesky

Profile picture fallback
🚨 CVE-2026-2999 – CRITICAL (9.3) Remote Code Execution in IDExpert Windows Logon Agent. Unauthenticated attackers can force systems to download and execute arbitrary EXE files from a remote source. Full report: basefortify.eu/cve_reports/... #CVE #RCE #WindowsSecurity #CyberSecurity #InfoSec
  • 0
  • 0
  • 0
  • Last hour

Overview

  • e-Excellence
  • U-Office Force

02 Mar 2026
Published
02 Mar 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
Pending

KEV

Description

U-Office Force developed by e-Excellence has a Insecure Deserialization vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server by sending maliciously crafted serialized content.

Statistics

  • 1 Post

Last activity: 5 hours ago

Fediverse

Profile picture fallback

🚨 CRITICAL: CVE-2026-3422 in e-Excellence U-Office Force enables unauthenticated remote code execution via insecure deserialization (CWE-502). No patch — restrict access, monitor traffic, use WAF/RASP. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 5h ago

Overview

  • itsourcecode
  • University Management System

02 Mar 2026
Published
02 Mar 2026
Updated

CVSS v4.0
MEDIUM (5.3)
EPSS
Pending

KEV

Description

A vulnerability was detected in itsourcecode University Management System 1.0. This affects an unknown part of the file /att_single_view.php. The manipulation of the argument dt results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used.

Statistics

  • 1 Post

Last activity: 7 hours ago

Fediverse

Profile picture fallback

CVE-2026-3412: Medium XSS in itsourcecode University Management System v1.0. 'dt' param in /att_single_view.php is vulnerable. Public exploit available — patch or mitigate to prevent session hijack & data theft. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 7h ago

Overview

  • ellite
  • Wallos

21 Feb 2026
Published
24 Feb 2026
Updated

CVSS v3.1
HIGH (7.7)
EPSS
0.03%

KEV

Description

Wallos is an open-source, self-hostable personal subscription tracker. Versions 4.6.0 and below contain a Server-Side Request Forgery (SSRF) vulnerability in the subscription and payment logo/icon upload functionality. The application validates the IP address of the provided URL before making the request, but allows HTTP redirects (CURLOPT_FOLLOWLOCATION = true), enabling an attacker to bypass the IP validation and access internal resources, including cloud instance metadata endpoints. The getLogoFromUrl() function validates the URL by resolving the hostname and checking if the resulting IP is in a private or reserved range using FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE. However, the subsequent cURL request is configured with CURLOPT_FOLLOWLOCATION = true and CURLOPT_MAXREDIRS = 3, which means the request will follow HTTP redirects without re-validating the destination IP. This issue has been fixed in version 4.6.1.

Statistics

  • 1 Post

Last activity: 2 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-27479 - Wallos is an open-source, self-hostable personal subscription tracker. Versions 4.6.0 and below contain a Server-Side Request Forgery (SSRF) vulnerabi... https://www.cyberhub.blog/cves/CVE-2026-27479
  • 0
  • 0
  • 0
  • 2h ago

Overview

  • Microsoft
  • Windows 10 Version 1809

10 Oct 2023
Published
14 Apr 2025
Updated

CVSS v3.1
HIGH (7.8)
EPSS
19.53%

KEV

Description

Win32k Elevation of Privilege Vulnerability

Statistics

  • 1 Post

Last activity: 18 hours ago

Fediverse

Profile picture fallback

@tiraniddo Finally, the post I waited for. Back in 2023 I searched for a UAC bypass that is compatible with "always notify" and Windows 10 upwards to complete my chain for any Windows UAC bypass. I used your token reading UAC bypass as a base for older Windows systems. Then I just found CVE-2023-41772 by accident. So this route was burned or at least I thought it was. Then I tried to find a UIAccess bypass and it worked again. That was the moment where I knew not auto-elevate but UIAccess is (and will be) the biggest weakness of UAC. Even without GetProcessHandleFromHwnd there are more options like CSRSS activation cache poisoning, COM injection, abusing WER, ...

As far as I have seen the newest version of administrator protection still has at least one bug, that let's you bypass it, but after the chaos of the first "release", I will rather wait for the full release.

Anyway the PPL bypass might be fixed, but I have another PPL bypass that is "fixed" in 24H2 but still works on 25H2 and preview. The bug is simple, but (unique) exploitation is so dumb, I don't know what to say ... 😅

  • 0
  • 0
  • 0
  • 18h ago

Overview

  • Tenda
  • AC15

01 Mar 2026
Published
01 Mar 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
Pending

KEV

Description

A security flaw has been discovered in Tenda AC15 up to 15.13.07.13. Affected by this issue is some unknown functionality of the file /goform/TextEditingConversion. The manipulation of the argument wpapsk_crypto2_4g results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.

Statistics

  • 1 Post

Last activity: 13 hours ago

Fediverse

Profile picture fallback

🛡️ CVE-2026-3400 (HIGH, CVSS 8.7): Stack-based buffer overflow in Tenda AC15 routers (≤v15.13.07.13) allows unauthenticated remote code execution. PoC code is public. Restrict access & monitor for patches! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 13h ago

Overview

  • Ciser System SL
  • CSIP firmware

02 Mar 2026
Published
02 Mar 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
Pending

KEV

Description

A critical SQL Injection (SQLi) vulnerability has been identified in the authentication module of the system. An unauthenticated, remote attacker (AV:N/PR:N) can exploit this flaw by sending specially crafted SQL queries through the login interface. Due to low attack complexity (AC:L) and the absence of specific requirements (AT:N), the vulnerability allows for a total compromise of the system's configuration data (VC:H/VI:H). While the availability of the service remains unaffected (VA:N), the breach may lead to a limited exposure of sensitive information regarding subsequent or interconnected systems (SC:L).

Statistics

  • 1 Post

Last activity: 2 hours ago

Fediverse

Profile picture fallback

🚨 CRITICAL: CVE-2026-2584 in Ciser CSIP firmware 3.0 – 5.1 enables unauthenticated SQL injection via login interface. Config data at risk — patch not yet released. Restrict access & monitor now. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 2h ago
Showing 11 to 20 of 48 CVEs