🟠 CVE-2026-20418 - High (8.8)

In Thread, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR004...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20418/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🔴 CVE-2026-24071 - Critical (9.3)

It was found that the XPC service offered by the privileged helper of Native Access uses the PID of the connecting client to verify its code signature. This is considered insecure and can be exploited by PID reuse attacks. The connection handler...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24071/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2025-47398 - High (7.8)

Memory Corruption while deallocating graphics processing unit memory buffers due to improper handling of memory pointers.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-47398/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2025-47358 - High (7.8)

Memory Corruption when user space address is modified and passed to mem_free API, causing kernel memory to be freed inadvertently.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-47358/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-1530 - High (8.1)

A flaw was found in fog-kubevirt. This vulnerability allows a remote attacker to perform a Man-in-the-Middle (MITM) attack due to disabled certificate validation. This enables the attacker to intercept and potentially alter sensitive communication...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1530/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2025-9974 - High (8.8)

The unified WEBUI application of the ONT/Beacon device contains an input handling flaw that allows authenticated users to trigger unintended system-level command execution. Due to insufficient validation of user-supplied data, a low-privileged aut...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-9974/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-1531 - High (8.1)

A flaw was found in foreman_kubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority (CA) certificate is not explicitly set. This insecure default allows a remote attacker, capable of ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1531/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-20412 - High (7.8)

In cameraisp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20412/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🚨 This week’s CrowdSec Threat Alert article highlights CVE-2025-68645 (LFI) and CVE-2022-27926 (XSS), actively exploited in the wild against Zimbra Collaboration servers.

Explore attack details, threat trends, and mitigation steps in the article 👉 https://www.crowdsec.net/vulntracking-report/zimbra-collaboration-coordinated-attack

#CVE #threatalert #cybersecurity