24h | 7d | 30d

CVE-2026-3165

Overview

  • Tenda
  • F453
25 Feb 2026
Published
25 Feb 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.08%
KEV

Description

A vulnerability was determined in Tenda F453 1.0.0.3. Impacted is the function fromSetWifiGusetBasic of the file /goform/AdvSetWrlsafeset of the component httpd. This manipulation of the argument mit_ssid causes buffer overflow. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 18 hours ago

Bluesky

Profile picture fallback
CyberHub @cyberhub.blog
📌 CVE-2026-3165 - A vulnerability was determined in Tenda F453 1.0.0.3. Impacted is the function fromSetWifiGusetBasic of the file /goform/AdvSetWrlsafeset of the compo... https://www.cyberhub.blog/cves/CVE-2026-3165
  • 0
  • 1
  • 0
  • 18h ago

CVE-2026-21509

Overview

  • Microsoft
  • Microsoft 365 Apps for Enterprise
26 Jan 2026
Published
22 Feb 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
10.07%
KEV

Description

Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.

Statistics

  • 1 Post
Last activity: 14 hours ago

Bluesky

Profile picture fallback
Undercode Testing @undercode.bsky.social
Urgent: Microsoft Office Zero-Day CVE-2026-21509 Under Active Exploitation—APT28 Weaponizes Patched Flaw in Operation Neusploit + Video Introduction: A high-severity security feature bypass vulnerability, tracked as CVE-2026-21509, is currently being actively exploited in the wild, prompting an…
  • 0
  • 0
  • 0
  • 14h ago

CVE-2026-25794

Overview

  • ImageMagick
  • ImageMagick
24 Feb 2026
Published
26 Feb 2026
Updated
CVSS v3.1
HIGH (8.2)
EPSS
0.04%
KEV

Description

ImageMagick is free and open-source software used for editing and manipulating digital images. `WriteUHDRImage` in `coders/uhdr.c` uses `int` arithmetic to compute the pixel buffer size. Prior to version 7.1.2-15, when image dimensions are large, the multiplication overflows 32-bit `int`, causing an undersized heap allocation followed by an out-of-bounds write. This can crash the process or potentially lead to an out of bounds heap write. Version 7.1.2-15 contains a patch.

Statistics

  • 1 Post
Last activity: 3 hours ago

Bluesky

Profile picture fallback
CyberHub @cyberhub.blog
📌 CVE-2026-25794 - ImageMagick is free and open-source software used for editing and manipulating digital images. `WriteUHDRImage` in `coders/uhdr.c` uses `int` arithmet... https://www.cyberhub.blog/cves/CVE-2026-25794
  • 0
  • 0
  • 0
  • 3h ago

CVE-2026-2999

Overview

  • Changing
  • IDExpert Windows Logon Agent
02 Mar 2026
Published
02 Mar 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
Pending
KEV

Description

IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated remote attackers to force the system to download arbitrary executable files from a remote source and execute them.

Statistics

  • 1 Post
Last activity: Last hour

Bluesky

Profile picture fallback
BaseFortify.eu @basefortify.bsky.social
🚨 CVE-2026-2999 – CRITICAL (9.3) Remote Code Execution in IDExpert Windows Logon Agent. Unauthenticated attackers can force systems to download and execute arbitrary EXE files from a remote source. Full report: basefortify.eu/cve_reports/... #CVE #RCE #WindowsSecurity #CyberSecurity #InfoSec
  • 0
  • 0
  • 0
  • Last hour

CVE-2026-3422

Overview

  • e-Excellence
  • U-Office Force
02 Mar 2026
Published
02 Mar 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
Pending
KEV

Description

U-Office Force developed by e-Excellence has a Insecure Deserialization vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server by sending maliciously crafted serialized content.

Statistics

  • 1 Post
Last activity: 5 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🚨 CRITICAL: CVE-2026-3422 in e-Excellence U-Office Force enables unauthenticated remote code execution via insecure deserialization (CWE-502). No patch — restrict access, monitor traffic, use WAF/RASP. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 5h ago

CVE-2026-3412

Overview

  • itsourcecode
  • University Management System
02 Mar 2026
Published
02 Mar 2026
Updated
CVSS v4.0
MEDIUM (5.3)
EPSS
Pending
KEV

Description

A vulnerability was detected in itsourcecode University Management System 1.0. This affects an unknown part of the file /att_single_view.php. The manipulation of the argument dt results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used.

Statistics

  • 1 Post
Last activity: 7 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

CVE-2026-3412: Medium XSS in itsourcecode University Management System v1.0. 'dt' param in /att_single_view.php is vulnerable. Public exploit available — patch or mitigate to prevent session hijack & data theft. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 7h ago

CVE-2026-27479

Overview

  • ellite
  • Wallos
21 Feb 2026
Published
24 Feb 2026
Updated
CVSS v3.1
HIGH (7.7)
EPSS
0.03%
KEV

Description

Wallos is an open-source, self-hostable personal subscription tracker. Versions 4.6.0 and below contain a Server-Side Request Forgery (SSRF) vulnerability in the subscription and payment logo/icon upload functionality. The application validates the IP address of the provided URL before making the request, but allows HTTP redirects (CURLOPT_FOLLOWLOCATION = true), enabling an attacker to bypass the IP validation and access internal resources, including cloud instance metadata endpoints. The getLogoFromUrl() function validates the URL by resolving the hostname and checking if the resulting IP is in a private or reserved range using FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE. However, the subsequent cURL request is configured with CURLOPT_FOLLOWLOCATION = true and CURLOPT_MAXREDIRS = 3, which means the request will follow HTTP redirects without re-validating the destination IP. This issue has been fixed in version 4.6.1.

Statistics

  • 1 Post
Last activity: 2 hours ago

Bluesky

Profile picture fallback
CyberHub @cyberhub.blog
📌 CVE-2026-27479 - Wallos is an open-source, self-hostable personal subscription tracker. Versions 4.6.0 and below contain a Server-Side Request Forgery (SSRF) vulnerabi... https://www.cyberhub.blog/cves/CVE-2026-27479
  • 0
  • 0
  • 0
  • 2h ago

CVE-2023-41772

Overview

  • Microsoft
  • Windows 10 Version 1809
10 Oct 2023
Published
14 Apr 2025
Updated
CVSS v3.1
HIGH (7.8)
EPSS
19.53%
KEV

Description

Win32k Elevation of Privilege Vulnerability

Statistics

  • 1 Post
Last activity: 18 hours ago

Fediverse

Profile picture fallback
RandomEntropy @R41N3RZUF477

@tiraniddo Finally, the post I waited for. Back in 2023 I searched for a UAC bypass that is compatible with "always notify" and Windows 10 upwards to complete my chain for any Windows UAC bypass. I used your token reading UAC bypass as a base for older Windows systems. Then I just found CVE-2023-41772 by accident. So this route was burned or at least I thought it was. Then I tried to find a UIAccess bypass and it worked again. That was the moment where I knew not auto-elevate but UIAccess is (and will be) the biggest weakness of UAC. Even without GetProcessHandleFromHwnd there are more options like CSRSS activation cache poisoning, COM injection, abusing WER, ...

As far as I have seen the newest version of administrator protection still has at least one bug, that let's you bypass it, but after the chaos of the first "release", I will rather wait for the full release.

Anyway the PPL bypass might be fixed, but I have another PPL bypass that is "fixed" in 24H2 but still works on 25H2 and preview. The bug is simple, but (unique) exploitation is so dumb, I don't know what to say ... 😅

  • 0
  • 0
  • 0
  • 18h ago

CVE-2026-3400

Overview

  • Tenda
  • AC15
01 Mar 2026
Published
01 Mar 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
Pending
KEV

Description

A security flaw has been discovered in Tenda AC15 up to 15.13.07.13. Affected by this issue is some unknown functionality of the file /goform/TextEditingConversion. The manipulation of the argument wpapsk_crypto2_4g results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.

Statistics

  • 1 Post
Last activity: 13 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🛡️ CVE-2026-3400 (HIGH, CVSS 8.7): Stack-based buffer overflow in Tenda AC15 routers (≤v15.13.07.13) allows unauthenticated remote code execution. PoC code is public. Restrict access & monitor for patches! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 13h ago

CVE-2026-2584

Overview

  • Ciser System SL
  • CSIP firmware
02 Mar 2026
Published
02 Mar 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
Pending
KEV

Description

A critical SQL Injection (SQLi) vulnerability has been identified in the authentication module of the system. An unauthenticated, remote attacker (AV:N/PR:N) can exploit this flaw by sending specially crafted SQL queries through the login interface. Due to low attack complexity (AC:L) and the absence of specific requirements (AT:N), the vulnerability allows for a total compromise of the system's configuration data (VC:H/VI:H). While the availability of the service remains unaffected (VA:N), the breach may lead to a limited exposure of sensitive information regarding subsequent or interconnected systems (SC:L).

Statistics

  • 1 Post
Last activity: 2 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🚨 CRITICAL: CVE-2026-2584 in Ciser CSIP firmware 3.0 – 5.1 enables unauthenticated SQL injection via login interface. Config data at risk — patch not yet released. Restrict access & monitor now. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 2h ago
Showing 11 to 20 of 48 CVEs