Overview
- paperclipai
- paperclip
Description
Statistics
- 1 Post
Fediverse
🚨 CRITICAL: CVE-2026-41679 in Paperclip (<2026.416.0) enables unauthenticated remote code execution via API chain — no user creds needed. Upgrade to 2026.416.0+ ASAP! Full details: https://radar.offseq.com/threat/cve-2026-41679-cwe-287-improper-authentication-in--09e9d7e4 #OffSeq #CVE202641679 #infosec #rce
Overview
- sendmachine
- Sendmachine for WordPress
Description
Statistics
- 1 Post
Overview
Description
Statistics
- 1 Post
Fediverse
Projekt Terrarium, który miał uruchamiać kod generowany przez modele AI w bezpiecznej piaskownicy, okazał się śmiertelną pułapką. Luka CVE-2026-5752 pozwala napastnikom na przejęcie pełnej kontroli nad systemem, a najgorsze jest to, że projekt nie jest już rozwijany.
#si #ai #sztucznainteligencja #wiadomości #informacje #technologia
Overview
- noir-lang
- noir
Description
Statistics
- 1 Post
Fediverse
🚩 CRITICAL: CVE-2026-41197 in noir-lang noir (<1.0.0-beta.19). Incorrect buffer allocation for nested arrays can corrupt Brillig VM heap. Memory safety risk! Upgrade to 1.0.0-beta.19+ ASAP. https://radar.offseq.com/threat/cve-2026-41197-cwe-131-incorrect-calculation-of-bu-282b810c #OffSeq #NoirLang #CVE202641197 #AppSec
Overview
- thexerteproject
- xerteonlinetoolkits
Description
Statistics
- 1 Post
Fediverse
⚠️ CRITICAL: xerteonlinetoolkits ≤3.15 has incomplete input validation in elFinder — .php4 files can be uploaded & executed, enabling unauth RCE. Restrict endpoint, monitor uploads, apply custom filters. Patch status unknown. CVE-2026-34415 https://radar.offseq.com/threat/cve-2026-34415-cwe-184-incomplete-list-of-disallow-f774ae94 #OffSeq #Vuln #RCE
Overview
- Siemens
- Solid Edge SE2025
Description
Statistics
- 2 Posts
Fediverse
Warning: CVE-2025-40739 (CWEs: ['CWE-125']) found no CAPEC relationships.
Warning: CVE-2025-40741 (CWEs: ['CWE-121']) found no CAPEC relationships.
Adobe’s 95% VaR is driven by CVE-2025-40739 and CVE-2025-40740. These are CWE-125 (Out-of-bounds Read) and CWE-121 (Stack-based Buffer Overflow) flaws. In a modern stack, these should be legacy ghosts.
Instead, they remain the primary drivers of execution mass. When combined with the P5 Execution vector of 1.44, it reveals that the Adobe consumer is still vulnerable to the most fundamental classes of memory corruption.
Artifacts:
1/2
Overview
- Siemens
- Solid Edge SE2025
Description
Statistics
- 1 Post
Overview
Description
Statistics
- 1 Post
Fediverse
Five critical self-hosted flaws landed April 20-22. Marimo pre-auth remote takeover (CVE-2026-39987, CVSS 9.3), exploited in 10 hours. Apache Airflow XCom. Spinnaker Echo. Jellystat SQL injection to takeover (CVE-2026-41167, 9.1). OpenVPN 2.7.2 fixed two. Three trace to injection. Across 14 compliant platforms I have architected, the audit finding is patch cadence, not availability. A 10-hour window makes quarterly cadence a breach timeline.
Overview
- Siemens
- Solid Edge SE2025
Description
Statistics
- 1 Post
Fediverse
Adobe’s 95% VaR is driven by CVE-2025-40739 and CVE-2025-40740. These are CWE-125 (Out-of-bounds Read) and CWE-121 (Stack-based Buffer Overflow) flaws. In a modern stack, these should be legacy ghosts.
Instead, they remain the primary drivers of execution mass. When combined with the P5 Execution vector of 1.44, it reveals that the Adobe consumer is still vulnerable to the most fundamental classes of memory corruption.
Artifacts:
1/2
Overview
Description
Statistics
- 1 Post
- 8 Interactions
Fediverse
I just asked Mozilla about this. Someone responded that internally found bugs like the 271 go into “roll-up” advisories with, each rollup providing a link to the bug list covered.
The 3 rollups are:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6784
https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6785
https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6786
When you look at these rollups they say that "Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code."
With no way of knowing how many vulnerabilities were truly severe and exploitable, I think Mozilla, like others gushing ab out LLM-assisted vuln finding, is denying us the data to assess the true value of Mythos.