24h | 7d | 30d

Overview

  • HAProxy
  • HAProxy

13 Apr 2026
Published
14 Apr 2026
Updated

CVSS v3.1
MEDIUM (4.0)
EPSS
0.01%

KEV

Description

An issue was discovered in HAProxy before 3.3.6. The HTTP/3 parser does not check that the received body length matches a previously announced content-length when the stream is closed via a frame with an empty payload. This can cause desynchronization issues with the backend server and could be used for request smuggling. The earliest affected version is 2.6.

Statistics

  • 1 Post

Last activity: 3 hours ago

Bluesky

Profile picture fallback
HAProxy HTTP/3 -> HTTP/1 Desync: Cross-Protocol Smuggling via a Standalone QUIC FIN (CVE-2026-33555)
  • 0
  • 0
  • 0
  • 3h ago

Overview

  • imprintnext
  • Riaxe Product Customizer

16 Apr 2026
Published
16 Apr 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.04%

KEV

Description

The Riaxe Product Customizer plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.2. The plugin registers an unauthenticated AJAX action ('wp_ajax_nopriv_install-imprint') that maps to the ink_pd_add_option() function. This function reads 'option' and 'opt_value' from $_POST, then calls delete_option() followed by add_option() using these attacker-controlled values without any nonce verification, capability checks, or option name allowlist. This makes it possible for unauthenticated attackers to update arbitrary WordPress options, which can be leveraged for privilege escalation by enabling user registration and setting the default user role to administrator.

Statistics

  • 1 Post

Last activity: 18 hours ago

Fediverse

Profile picture fallback

🚨 CVE-2026-3596 (CRITICAL): imprintnext Riaxe Product Customizer ≀2.1.2 lets unauthenticated users update WordPress options, enabling privilege escalation (admin creation). Disable or update plugin ASAP! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 18h ago

Overview

  • @fastify/static
  • @fastify/static

16 Apr 2026
Published
16 Apr 2026
Updated

CVSS v3.1
MEDIUM (5.9)
EPSS
Pending

KEV

Description

@fastify/static versions 8.0.0 through 9.1.0 decode percent-encoded path separators (%2F) before filesystem resolution, while Fastify's router treats them as literal characters. This mismatch allows attackers to bypass route-based middleware or guards that protect files served by @fastify/static. For example, a route guard on a protected path can be circumvented by encoding the path separator in the URL. Upgrade to @fastify/static 9.1.1 to fix this issue. There are no workarounds.

Statistics

  • 3 Posts

Last activity: 10 hours ago

Fediverse

Profile picture fallback

🚨 Medium-severity security fix in @fastify/static@9.1.1 just released!

Patches CVE-2026-6414 β€” route guard bypass via encoded path separators

github.com/fastify/fastify-sta

  • 0
  • 0
  • 2
  • 10h ago

Overview

  • Fortinet
  • FortiSandbox

14 Apr 2026
Published
15 Apr 2026
Updated

CVSS v3.1
CRITICAL (9.1)
EPSS
0.29%

KEV

Description

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code or commands via <insert attack vector here>

Statistics

  • 2 Posts

Last activity: 3 hours ago

Fediverse

Profile picture fallback

πŸ“° Fortinet Patches Critical Authentication Bypass and RCE Flaws in FortiSandbox

Fortinet patches two critical (CVSS 9.1) flaws in FortiSandbox. 🚨 CVE-2026-39813 (auth bypass) & CVE-2026-39808 (RCE) can be exploited by an unauthenticated attacker. Patch immediately! #Fortinet #Vulnerability #CyberSecurity

πŸ”— cyber.netsecops.io/articles/fo

  • 0
  • 0
  • 0
  • 3h ago

Bluesky

Profile picture fallback
Fortinet fixes critical FortiSandbox vulnerabilities (CVE-2026-39813, CVE-2026-39808) πŸ“– Read more: www.helpnetsecurity.com/2026/04/16/f... #cybersecurity #cybersecuritynews #sandbox #securityupdate #vulnerability
  • 0
  • 0
  • 0
  • 10h ago

Overview

  • Pending

07 Jun 2023
Published
20 Dec 2025
Updated

CVSS
Pending
EPSS
91.47%

Description

TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm .

Statistics

  • 1 Post

Last activity: 1 hour ago

Bluesky

Profile picture fallback
A Deep Dive Into Attempted Exploitation of CVE-2023-33538 https://unit42.paloaltonetworks.com/exploitation-of-cve-2023-33538/
  • 0
  • 0
  • 0
  • 1h ago

Overview

  • Meta
  • react-server-dom-turbopack

08 Apr 2026
Published
08 Apr 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.69%

KEV

Description

A denial of service vulnerability exists in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack and react-server-dom-webpack (versions 19.0.0 through 19.0.4, 19.1.0 through 19.1.5, and 19.2.0 through 19.2.4). The vulnerability is triggered by sending specially crafted HTTP requests to Server Function endpoints.The payload of the HTTP request causes excessive CPU usage for up to a minute ending in a thrown error that is catchable.

Statistics

  • 1 Post

Last activity: 8 hours ago

Bluesky

Profile picture fallback
The latest update for #CyCognito includes "Emerging Threat: (CVE-2026-23869) React Server Components Denial of Service" and "Mythos, MOAK, CTEM and the End of CVE Chasing". #cybersecurity #AttackSurfaceManagement #EASM https://opsmtrs.com/44Srq0X
  • 0
  • 0
  • 0
  • 8h ago

Overview

  • TrueConf
  • TrueConf Client

30 Mar 2026
Published
03 Apr 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
1.48%

Description

TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code execution in the context of the updating process or user.

Statistics

  • 1 Post

Last activity: 5 hours ago

Bluesky

Profile picture fallback
Zero-Day Flaw in TrueConf Servers Exploited to Deliver Malicious Updates Across Networks #CheckPointresearch #CVE20263502 #cybersecuritythreat
  • 0
  • 0
  • 0
  • 5h ago

Overview

  • axios
  • axios

10 Apr 2026
Published
16 Apr 2026
Updated

CVSS v3.1
MEDIUM (4.8)
EPSS
0.53%

KEV

Description

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.3.1, the Axios library is vulnerable to a specific "Gadget" attack chain that allows Prototype Pollution in any third-party dependency to be escalated into Remote Code Execution (RCE) or Full Cloud Compromise (via AWS IMDSv2 bypass). This vulnerability is fixed in 1.15.0 and 0.3.1.

Statistics

  • 1 Post

Last activity: 3 hours ago

Fediverse

Profile picture fallback

πŸ“° Critical Flaw in Axios Library Puts Countless Web Apps at Risk of RCE

🚨 CRITICAL VULNERABILITY (CVSS 10.0) in Axios JS library! CVE-2026-40175 is an SSRF flaw that can lead to RCE and full cloud compromise. PoC is public. If you use Axios, update to v1.13.2 NOW! 🌐 #SupplyChain #RCE #SSRF

πŸ”— cyber.netsecops.io/articles/cr

  • 0
  • 0
  • 0
  • 3h ago

Overview

  • Simopro Technology
  • WinMatrix

16 Apr 2026
Published
16 Apr 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.01%

KEV

Description

WinMatrix agent developed by Simopro Technology has a Missing Authentication vulnerability, allowing authenticated local attackers to execute arbitrary code with SYSTEM privileges on the local machine as well as on all hosts within the environment where the agent is installed.

Statistics

  • 1 Post

Last activity: 16 hours ago

Fediverse

Profile picture fallback

πŸ”΄ CRITICAL: CVE-2026-6348 in Simopro WinMatrix 3.5.13 lets local authenticated users execute code as SYSTEM. No patch yet β€” restrict access & monitor usage. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 16h ago

Overview

  • Microsoft
  • Windows 10 Version 1507

08 Jul 2025
Published
13 Feb 2026
Updated

CVSS v3.1
LOW (3.5)
EPSS
0.44%

KEV

Description

External control of file name or path in Windows Storage allows an authorized attacker to perform spoofing over a network.

Statistics

  • 1 Post

Last activity: 18 hours ago

Bluesky

Profile picture fallback
CVE-2025-49760 & CVE-2025-49716: Windows RPC Poisoning and Netlogon Hardening – The Active Directory Takeover Threat +Β Video Introduction: Remote Procedure Call (RPC) is the backbone of inter-process communication in Windows environments, widely used for everything from file sharing to…
  • 0
  • 0
  • 0
  • 18h ago
Showing 31 to 40 of 47 CVEs