CVE-2026-33626

Overview

InternLM
lmdeploy

20 Apr 2026

Published

21 Apr 2026

Updated

CVSS v3.1

HIGH (7.5)

EPSS

0.03%

MITRE

KEV

Description

LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-Side Request Forgery (SSRF) vulnerability in LMDeploy's vision-language module. The `load_image()` function in `lmdeploy/vl/utils.py` fetches arbitrary URLs without validating internal/private IP addresses, allowing attackers to access cloud metadata services, internal networks, and sensitive resources. Version 0.12.3 patches the issue.

Statistics

1 Post

Last activity: 10 hours ago

Bluesky

CyberVeille @cyberveille-ch.bsky.social

📢 CVE-2026-33626 : exploitation de LMDeploy en 12h via SSRF sur endpoint vision-LLM 📝 ## 🗓️ Contexte Le 22 avril 2026, la Sysdig Threat Research T… https://cyberveille.ch/posts/2026-04-22-cve-2026-33626-exploitation-de-lmdeploy-en-12h-via-ssrf-sur-endpoint-vision-llm/ #AI_infrastructure #Cyberveille

0
0
0
10h ago

CVE-2026-41679

Overview

paperclipai
paperclip

23 Apr 2026

Published

23 Apr 2026

Updated

CVSS v3.1

CRITICAL (10.0)

EPSS

Pending

MITRE

KEV

Description

Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Prior to version 2026.416.0, an unauthenticated attacker can achieve full remote code execution on any network-accessible Paperclip instance running in `authenticated` mode with default configuration. No user interaction, no credentials, just the target's address. The chain consists of six API calls. The attack is fully automated, requires no user interaction, and works against the default deployment configuration. Version 2026.416.0 patches the issue.

Statistics

1 Post

Last activity: 3 hours ago

Fediverse

OffSequence @offseq

🚨 CRITICAL: CVE-2026-41679 in Paperclip (<2026.416.0) enables unauthenticated remote code execution via API chain — no user creds needed. Upgrade to 2026.416.0+ ASAP! Full details: https://radar.offseq.com/threat/cve-2026-41679-cwe-287-improper-authentication-in--09e9d7e4 #OffSeq #CVE202641679 #infosec #rce

0
0
0
3h ago

CVE-2024-10924

Overview

Really Simple Plugins
Really Simple Security Pro multisite

15 Nov 2024

Published

23 Jan 2026

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

93.89%

MITRE

KEV

Description

The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the 'check_login_and_get_user' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, when the "Two-Factor Authentication" setting is enabled (disabled by default).

Statistics

1 Post

Last activity: 21 hours ago

Fediverse

Analis Siber Purwakarta @analis_siber_purwakarta

CW: Cybersecurity Technical Analysis

WordPress kembali menghadapi tantangan keamanan kritis. Kali ini menyerang plugin "Really Simple Security" (CVE-2024-10924) yang memungkinkan bypass autentikasi 2FA.

Baca selengkapnya di sini: https://analis-siber-purwakarta.blogspot.com/2026/04/analisis-cve-2024-10924-really-simple-security.html

#Infosec #CyberSecurity #WordPress #Pentest #BlueTeam #AnalisSiber #WebSecurity

0
0
0
21h ago

CVE-2026-41197

Overview

noir-lang
noir

23 Apr 2026

Published

23 Apr 2026

Updated

CVSS v4.0

CRITICAL (9.3)

EPSS

Pending

MITRE

KEV

Description

Noir is a Domain Specific Language for SNARK proving systems that is designed to use any ACIR compatible proving system, and Brillig is the bytecode ACIR uses for non-determinism. Noir programs can invoke external functions through foreign calls. When compiling to Brillig bytecode, the SSA instructions are processed block-by-block in `BrilligBlock::compile_block()`. When the compiler encounters an `Instruction::Call` with a `Value::ForeignFunction` target, it invokes `codegen_call()` in `brillig_call/code_gen_call.rs`, which dispatches to `convert_ssa_foreign_call()`. Before emitting the foreign call opcode, the compiler must pre-allocate memory for any array results the call will return. This happens through `allocate_external_call_results()`, which iterates over the result types. For `Type::Array` results, it delegates to `allocate_foreign_call_result_array()` to recursively allocate memory on the heap for nested arrays. The `BrilligArray` struct is the internal representation of a Noir array in Brillig IR. Its `size` field represents the semi-flattened size, the total number of memory slots the array occupies, accounting for the fact that composite types like tuples consume multiple slots per element. This size is computed by `compute_array_length()` in `brillig_block_variables.rs`. For the outer array, `allocate_external_call_results()` correctly uses `define_variable()`, which internally calls `allocate_value_with_type()`. This function applies the formula above, producing the correct semi-flattened size. However, for nested arrays, `allocate_foreign_call_result_array()` contains a bug. The pattern `Type::Array(_, nested_size)` discards the inner types with `_` and uses only `nested_size`, the semantic length of the nested array (the number of logical elements), not the semi-flattened size. For simple element types this works correctly, but for composite element types it under-allocates. Foreign calls returning nested arrays of tuples or other composite types corrupt the Brillig VM heap. Version 1.0.0-beta.19 fixes this issue.

Statistics

1 Post

Last activity: Last hour

Fediverse

OffSequence @offseq

🚩 CRITICAL: CVE-2026-41197 in noir-lang noir (<1.0.0-beta.19). Incorrect buffer allocation for nested arrays can corrupt Brillig VM heap. Memory safety risk! Upgrade to 1.0.0-beta.19+ ASAP. https://radar.offseq.com/threat/cve-2026-41197-cwe-131-incorrect-calculation-of-bu-282b810c #OffSeq #NoirLang #CVE202641197 #AppSec

0
0
0
Last hour

CVE-2026-6299

Overview

Google
Chrome

15 Apr 2026

Published

16 Apr 2026

Updated

CVSS

Pending

EPSS

0.05%

MITRE

KEV

Description

Use after free in Prerender in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

Statistics

1 Post

Last activity: 17 hours ago

Bluesky

ケイ | 副業Webライター📖 @keiwork35.bsky.social

【脆弱性情報】 CVE-2026-6299 chromeの脆弱性について Google Chrome の 147.0.7727.101 より前のバージョンにおいて、Prerender に解放後使用の脆弱性が存在します。細工された HTML ページを介して、遠隔の攻撃者が任意のコードを実行できる可能性があります。

0
0
0
17h ago

CVE-2025-40739

Overview

Siemens
Solid Edge SE2025

08 Jul 2025

Published

08 Jul 2025

Updated

CVSS v3.1

HIGH (7.8)

EPSS

0.02%

MITRE

KEV

Description

A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 5). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

Statistics

2 Posts

Last activity: 6 hours ago

Fediverse

datatofu @drmorrisj

Warning: CVE-2025-40739 (CWEs: ['CWE-125']) found no CAPEC relationships.
Warning: CVE-2025-40741 (CWEs: ['CWE-121']) found no CAPEC relationships.

#SoftwareSecurity #MemorySafety #CWE #ADBE
2/2

0
0
0
6h ago

datatofu @drmorrisj

Adobe’s 95% VaR is driven by CVE-2025-40739 and CVE-2025-40740. These are CWE-125 (Out-of-bounds Read) and CWE-121 (Stack-based Buffer Overflow) flaws. In a modern stack, these should be legacy ghosts.

Instead, they remain the primary drivers of execution mass. When combined with the P5 Execution vector of 1.44, it reveals that the Adobe consumer is still vulnerable to the most fundamental classes of memory corruption.

Artifacts:
1/2

0
0
0
6h ago

CVE-2025-40741

Overview

Siemens
Solid Edge SE2025

08 Jul 2025

Published

08 Jul 2025

Updated

CVSS v3.1

HIGH (7.8)

EPSS

0.02%

MITRE

KEV

Description

A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 5). The affected applications contain a stack based overflow vulnerability while parsing specially crafted CFG files. This could allow an attacker to execute code in the context of the current process.

Statistics

1 Post

Last activity: 6 hours ago

Fediverse

datatofu @drmorrisj

Warning: CVE-2025-40739 (CWEs: ['CWE-125']) found no CAPEC relationships.
Warning: CVE-2025-40741 (CWEs: ['CWE-121']) found no CAPEC relationships.

#SoftwareSecurity #MemorySafety #CWE #ADBE
2/2

0
0
0
6h ago

CVE-2025-40740

Overview

Siemens
Solid Edge SE2025

08 Jul 2025

Published

08 Jul 2025

Updated

CVSS v3.1

HIGH (7.8)

EPSS

0.02%

MITRE

KEV

Description

A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 5). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

Statistics

1 Post

Last activity: 6 hours ago

Fediverse

datatofu @drmorrisj

Adobe’s 95% VaR is driven by CVE-2025-40739 and CVE-2025-40740. These are CWE-125 (Out-of-bounds Read) and CWE-121 (Stack-based Buffer Overflow) flaws. In a modern stack, these should be legacy ghosts.

Instead, they remain the primary drivers of execution mass. When combined with the P5 Execution vector of 1.44, it reveals that the Adobe consumer is still vulnerable to the most fundamental classes of memory corruption.

Artifacts:
1/2

0
0
0
6h ago

CVE-2023-20198

Overview

Cisco
Cisco IOS XE Software

16 Oct 2023

Published

21 Oct 2025

Updated

CVSS v3.1

CRITICAL (10.0)

EPSS

94.05%

MITRE

KEV

Description

Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list of fixed releases and adding the Software Checker. Our investigation has determined that the actors exploited two previously unknown issues. The attacker first exploited CVE-2023-20198 to gain initial access and issued a privilege 15 command to create a local user and password combination. This allowed the user to log in with normal user access. The attacker then exploited another component of the web UI feature, leveraging the new local user to elevate privilege to root and write the implant to the file system. Cisco has assigned CVE-2023-20273 to this issue. CVE-2023-20198 has been assigned a CVSS Score of 10.0. CVE-2023-20273 has been assigned a CVSS Score of 7.2. Both of these CVEs are being tracked by CSCwh87343.

Statistics

1 Post

Last activity: 16 hours ago

Bluesky

piggo @pigondrugs.bsky.social

~Talos~ Phishing reemerges as the top initial access vector, with AI tools and valid accounts driving attacks against public admin and healthcare. - IOCs: CVE-2025-20393, CVE-2023-20198, MeowBackConn - #Phishing #Ransomware #ThreatIntel

0
0
0
16h ago

CVE-2025-69419

Overview

OpenSSL
OpenSSL

27 Jan 2026

Published

29 Jan 2026

Updated

CVSS

Pending

EPSS

0.06%

MITRE

KEV

Description

Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service. The OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12 BMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes, the helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16 source byte count as the destination buffer capacity to UTF8_putc(). For BMP code points above U+07FF, UTF-8 requires three bytes, but the forwarded capacity can be just two bytes. UTF8_putc() then returns -1, and this negative value is added to the output length without validation, causing the length to become negative. The subsequent trailing NUL byte is then written at a negative offset, causing write outside of heap allocated buffer. The vulnerability is reachable via the public PKCS12_get_friendlyname() API when parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a different code path that avoids this issue, PKCS12_get_friendlyname() directly invokes the vulnerable function. Exploitation requires an attacker to provide a malicious PKCS#12 file to be parsed by the application and the attacker can just trigger a one zero byte write before the allocated buffer. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.

Statistics

1 Post

Last activity: 20 hours ago

Fediverse

CERT@VDE @certvde

#OT #Advisory VDE-2026-023
Phoenix Contact: Several products are affected by vulnerabilities found in OpenSSL

Attacks are possible when installing key files and digitally signed objects. These attacks can only be carried out if these files are uploaded and installed by a logged-in user with high privileges.
#CVE CVE-2025-15467, CVE-2025-69419

https://certvde.com/en/advisories/vde-2026-023/

#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-023.json

0
0
0
20h ago