24h | 7d | 30d

CVE-2026-5614

Overview

  • Belkin
  • F9K1015
06 Apr 2026
Published
06 Apr 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.04%
KEV

Description

A security flaw has been discovered in Belkin F9K1015 1.00.10. Impacted is the function formSetPassword of the file /goform/formSetPassword. The manipulation of the argument webpage results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post
Last activity: 18 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🔒 HIGH-severity stack buffer overflow in Belkin F9K1015 (v1.00.10) — CVE-2026-5614. Public exploit, no patch, vendor silent. Disable remote access, restrict device exposure. Stay vigilant! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 18h ago

CVE-2026-5629

Overview

  • Belkin
  • F9K1015
06 Apr 2026
Published
06 Apr 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.04%
KEV

Description

A vulnerability was detected in Belkin F9K1015 1.00.10. The affected element is the function formSetFirewall of the file /goform/formSetFirewall. The manipulation of the argument webpage results in stack-based buffer overflow. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post
Last activity: 15 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

⚠️ CVE-2026-5629: High-severity stack buffer overflow in Belkin F9K1015 (v1.00.10). Remote exploit possible — public code out, no patch yet. Restrict device access & monitor vendor updates. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 15h ago

CVE-2025-55182

Overview

  • Meta
  • react-server-dom-webpack
03 Dec 2025
Published
26 Feb 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
66.27%
KEV

Description

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

Statistics

  • 1 Post
Last activity: 3 hours ago

Fediverse

Profile picture fallback
Patrick C Miller :donor: @patrickcmiller

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials thehackernews.com/2026/04/hack

  • 0
  • 0
  • 0
  • 3h ago

CVE-2026-5605

Overview

  • Tenda
  • CH22
05 Apr 2026
Published
06 Apr 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.02%
KEV

Description

A weakness has been identified in Tenda CH22 1.0.0.1. This affects the function formWrlExtraSet of the file /goform/WrlExtraSet. Executing a manipulation of the argument GO can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.

Statistics

  • 1 Post
Last activity: 22 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🚨 HIGH severity: CVE-2026-5605 in Tenda CH22 v1.0.0.1 — stack-based buffer overflow in /goform/WrlExtraSet. No patch yet. Restrict remote access & monitor for threats. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 22h ago

CVE-2025-26817

Overview

  • Pending
03 Apr 2025
Published
29 May 2025
Updated
CVSS
Pending
EPSS
2.73%
KEV

Description

Netwrix Password Secure 9.2.0.32454 allows OS command injection.

Statistics

  • 1 Post
Last activity: 9 hours ago

Bluesky

Profile picture fallback
/r/netsec @r-netsec-bot.bsky.social
Authenticated Remote Code Execution in Netwrix Password Secure (CVE-2025-26817)
  • 0
  • 0
  • 0
  • 9h ago

CVE-2026-0740

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
Last activity: 5 hours ago

Fediverse

Profile picture fallback
Wordfence @wordfence

50,000 WordPress Sites Affected by Arbitrary File Upload Vulnerability in Ninja Forms - File Upload WordPress Plugin

CVE-2026-0740 | CVSS 9.8 (Critical) | Unauthenticated attackers can upload arbitrary files and achieve remote code execution. Update to version 3.3.27.

Discovered by SĂ©lim Lanouar (whattheslime).

Review the report to ensure your site is not affected.

wordfence.com/blog/2026/04/500

#WordPress #WebSecurity #Wordfence

  • 0
  • 0
  • 0
  • 5h ago

CVE-2026-5608

Overview

  • Belkin
  • F9K1122
06 Apr 2026
Published
06 Apr 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.04%
KEV

Description

A vulnerability was detected in Belkin F9K1122 1.00.33. Affected is the function formWlanSetup of the file /goform/formWlanSetup. The manipulation of the argument webpage results in stack-based buffer overflow. The attack may be performed from remote. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post
Last activity: 21 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

⚠️ HIGH severity: CVE-2026-5608 in Belkin F9K1122 v1.00.33 enables remote buffer overflow via the /goform/formWlanSetup endpoint. Exploit code is public; no patch from vendor. Restrict remote mgmt access now. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 21h ago

CVE-2024-45332

Overview

  • Intel(R) Processors
13 May 2025
Published
03 Nov 2025
Updated
CVSS v4.0
MEDIUM (5.7)
EPSS
0.10%
KEV

Description

Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Statistics

  • 1 Post
Last activity: 9 hours ago

Bluesky

Profile picture fallback
/r/netsec @r-netsec-bot.bsky.social
CVE-2024-45332 brings back branch target injection attacks on Intel
  • 0
  • 0
  • 0
  • 9h ago

CVE-2026-5612

Overview

  • Belkin
  • F9K1015
06 Apr 2026
Published
06 Apr 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.04%
KEV

Description

A vulnerability was determined in Belkin F9K1015 1.00.10. This vulnerability affects the function formWlEncrypt of the file /goform/formWlEncrypt. Executing a manipulation of the argument webpage can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post
Last activity: 12 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

⚠️ HIGH severity: Stack buffer overflow in Belkin F9K1015 v1.00.10 (/goform/formWlEncrypt, CVE-2026-5612). Remote code exec/DoS possible. No vendor patch. Restrict remote access & monitor advisories. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 12h ago

CVE-2026-23760

Overview

  • SmarterTools
  • SmarterMail
22 Jan 2026
Published
05 Mar 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
77.92%
KEV

Description

SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and fails to verify the existing password or a reset token when resetting system administrator accounts. An unauthenticated attacker can supply a target administrator username and a new password to reset the account, resulting in full administrative compromise of the SmarterMail instance. NOTE: SmarterMail system administrator privileges grant the ability to execute operating system commands via built-in management functionality, effectively providing administrative (SYSTEM or root) access on the underlying host.

Statistics

  • 1 Post
Last activity: 6 hours ago

Bluesky

Profile picture fallback
piggo @pigondrugs.bsky.social
~Microsoft~ Storm-1175 rapidly exploits web-facing N-days and zero-days to deploy Medusa ransomware, often within 24 hours. - IOCs: CVE-2026-23760, CVE-2025-10035, Medusa - #MedusaRansomware #Storm1175 #ThreatIntel
  • 0
  • 0
  • 0
  • 6h ago
Showing 11 to 20 of 28 CVEs