24h | 7d | 30d

CVE-2026-41679

Overview

  • paperclipai
  • paperclip
23 Apr 2026
Published
23 Apr 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
0.17%
KEV

Description

Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Prior to version 2026.416.0, an unauthenticated attacker can achieve full remote code execution on any network-accessible Paperclip instance running in `authenticated` mode with default configuration. No user interaction, no credentials, just the target's address. The chain consists of six API calls. The attack is fully automated, requires no user interaction, and works against the default deployment configuration. Version 2026.416.0 patches the issue.

Statistics

  • 1 Post
Last activity: 17 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🚨 CRITICAL: CVE-2026-41679 in Paperclip (<2026.416.0) enables unauthenticated remote code execution via API chain — no user creds needed. Upgrade to 2026.416.0+ ASAP! Full details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 17h ago

CVE-2026-6235

Overview

  • sendmachine
  • Sendmachine for WordPress
22 Apr 2026
Published
23 Apr 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.02%
KEV

Description

The Sendmachine for WordPress plugin for WordPress is vulnerable to authorization bypass via the 'manage_admin_requests' function in all versions up to, and including, 1.0.20. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrite the plugin's SMTP configuration, which can be leveraged to intercept all outbound emails from the site (including password reset emails).

Statistics

  • 1 Post
Last activity: 7 hours ago

Bluesky

Profile picture fallback
ケイ | 副業Webライター📖 @keiwork35.bsky.social
【脆弱性情報】 CVE-2026-6235 Sendmachine for WordPress の脆弱性について WordPress向けの Sendmachine for WordPress plugin には、'manage_admin_requests' 関数に起因する認可バイパスの脆弱性があります。
  • 0
  • 0
  • 0
  • 7h ago

CVE-2026-5752

Overview

  • Cohere
  • cohere-terrarium
14 Apr 2026
Published
23 Apr 2026
Updated
CVSS
Pending
EPSS
0.02%
KEV

Description

Sandbox Escape Vulnerability in Terrarium allows arbitrary code execution with root privileges on a host process via JavaScript prototype chain traversal.

Statistics

  • 1 Post
Last activity: Last hour

Fediverse

Profile picture fallback
AI Sight @aisight

Projekt Terrarium, który miał uruchamiać kod generowany przez modele AI w bezpiecznej piaskownicy, okazał się śmiertelną pułapką. Luka CVE-2026-5752 pozwala napastnikom na przejęcie pełnej kontroli nad systemem, a najgorsze jest to, że projekt nie jest już rozwijany.

#si #ai #sztucznainteligencja #wiadomości #informacje #technologia

aisight.pl/cyberbezpieczenstwo

  • 0
  • 0
  • 0
  • Last hour

CVE-2026-41197

Overview

  • noir-lang
  • noir
23 Apr 2026
Published
23 Apr 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.04%
KEV

Description

Noir is a Domain Specific Language for SNARK proving systems that is designed to use any ACIR compatible proving system, and Brillig is the bytecode ACIR uses for non-determinism. Noir programs can invoke external functions through foreign calls. When compiling to Brillig bytecode, the SSA instructions are processed block-by-block in `BrilligBlock::compile_block()`. When the compiler encounters an `Instruction::Call` with a `Value::ForeignFunction` target, it invokes `codegen_call()` in `brillig_call/code_gen_call.rs`, which dispatches to `convert_ssa_foreign_call()`. Before emitting the foreign call opcode, the compiler must pre-allocate memory for any array results the call will return. This happens through `allocate_external_call_results()`, which iterates over the result types. For `Type::Array` results, it delegates to `allocate_foreign_call_result_array()` to recursively allocate memory on the heap for nested arrays. The `BrilligArray` struct is the internal representation of a Noir array in Brillig IR. Its `size` field represents the semi-flattened size, the total number of memory slots the array occupies, accounting for the fact that composite types like tuples consume multiple slots per element. This size is computed by `compute_array_length()` in `brillig_block_variables.rs`. For the outer array, `allocate_external_call_results()` correctly uses `define_variable()`, which internally calls `allocate_value_with_type()`. This function applies the formula above, producing the correct semi-flattened size. However, for nested arrays, `allocate_foreign_call_result_array()` contains a bug. The pattern `Type::Array(_, nested_size)` discards the inner types with `_` and uses only `nested_size`, the semantic length of the nested array (the number of logical elements), not the semi-flattened size. For simple element types this works correctly, but for composite element types it under-allocates. Foreign calls returning nested arrays of tuples or other composite types corrupt the Brillig VM heap. Version 1.0.0-beta.19 fixes this issue.

Statistics

  • 1 Post
Last activity: 14 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🚩 CRITICAL: CVE-2026-41197 in noir-lang noir (<1.0.0-beta.19). Incorrect buffer allocation for nested arrays can corrupt Brillig VM heap. Memory safety risk! Upgrade to 1.0.0-beta.19+ ASAP. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 14h ago

CVE-2026-34415

Overview

  • thexerteproject
  • xerteonlinetoolkits
22 Apr 2026
Published
22 Apr 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.19%
KEV

Description

Xerte Online Toolkits versions 3.15 and earlier contain an incomplete input validation vulnerability in the elFinder connector endpoint that fails to block PHP-executable extensions .php4 due to an incorrect regex pattern. Unauthenticated attackers can exploit this flaw combined with authentication bypass and path traversal vulnerabilities to upload malicious PHP code, rename it with a .php4 extension, and execute arbitrary operating system commands on the server.

Statistics

  • 1 Post
Last activity: 11 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

⚠️ CRITICAL: xerteonlinetoolkits ≤3.15 has incomplete input validation in elFinder — .php4 files can be uploaded & executed, enabling unauth RCE. Restrict endpoint, monitor uploads, apply custom filters. Patch status unknown. CVE-2026-34415 radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 11h ago

CVE-2025-40739

Overview

  • Siemens
  • Solid Edge SE2025
08 Jul 2025
Published
08 Jul 2025
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.02%
KEV

Description

A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 5). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

Statistics

  • 2 Posts
Last activity: 20 hours ago

Fediverse

Profile picture fallback
datatofu @drmorrisj

Warning: CVE-2025-40739 (CWEs: ['CWE-125']) found no CAPEC relationships.
Warning: CVE-2025-40741 (CWEs: ['CWE-121']) found no CAPEC relationships.

#SoftwareSecurity #MemorySafety #CWE #ADBE
2/2

  • 0
  • 0
  • 0
  • 20h ago
Profile picture fallback
datatofu @drmorrisj

Adobe’s 95% VaR is driven by CVE-2025-40739 and CVE-2025-40740. These are CWE-125 (Out-of-bounds Read) and CWE-121 (Stack-based Buffer Overflow) flaws. In a modern stack, these should be legacy ghosts.

Instead, they remain the primary drivers of execution mass. When combined with the P5 Execution vector of 1.44, it reveals that the Adobe consumer is still vulnerable to the most fundamental classes of memory corruption.

Artifacts:
1/2

  • 0
  • 0
  • 0
  • 20h ago

CVE-2025-40741

Overview

  • Siemens
  • Solid Edge SE2025
08 Jul 2025
Published
08 Jul 2025
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.02%
KEV

Description

A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 5). The affected applications contain a stack based overflow vulnerability while parsing specially crafted CFG files. This could allow an attacker to execute code in the context of the current process.

Statistics

  • 1 Post
Last activity: 20 hours ago

Fediverse

Profile picture fallback
datatofu @drmorrisj

Warning: CVE-2025-40739 (CWEs: ['CWE-125']) found no CAPEC relationships.
Warning: CVE-2025-40741 (CWEs: ['CWE-121']) found no CAPEC relationships.

#SoftwareSecurity #MemorySafety #CWE #ADBE
2/2

  • 0
  • 0
  • 0
  • 20h ago

CVE-2026-39987

Overview

  • marimo-team
  • marimo
09 Apr 2026
Published
23 Apr 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
6.99%
KEV

Description

marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSocket endpoints (e.g., /ws) that correctly call validate_auth() for authentication, the /terminal/ws endpoint only checks the running mode and platform support before accepting connections, completely skipping authentication verification. This vulnerability is fixed in 0.23.0.

Statistics

  • 1 Post
Last activity: 3 hours ago

Fediverse

Profile picture fallback
Can Artuc @canartuc

Five critical self-hosted flaws landed April 20-22. Marimo pre-auth remote takeover (CVE-2026-39987, CVSS 9.3), exploited in 10 hours. Apache Airflow XCom. Spinnaker Echo. Jellystat SQL injection to takeover (CVE-2026-41167, 9.1). OpenVPN 2.7.2 fixed two. Three trace to injection. Across 14 compliant platforms I have architected, the audit finding is patch cadence, not availability. A 10-hour window makes quarterly cadence a breach timeline.

#CyberSecurity #SelfHosted #OpenSource #InfoSec

  • 0
  • 0
  • 0
  • 3h ago

CVE-2025-40740

Overview

  • Siemens
  • Solid Edge SE2025
08 Jul 2025
Published
08 Jul 2025
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.02%
KEV

Description

A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 5). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

Statistics

  • 1 Post
Last activity: 20 hours ago

Fediverse

Profile picture fallback
datatofu @drmorrisj

Adobe’s 95% VaR is driven by CVE-2025-40739 and CVE-2025-40740. These are CWE-125 (Out-of-bounds Read) and CWE-121 (Stack-based Buffer Overflow) flaws. In a modern stack, these should be legacy ghosts.

Instead, they remain the primary drivers of execution mass. When combined with the P5 Execution vector of 1.44, it reveals that the Adobe consumer is still vulnerable to the most fundamental classes of memory corruption.

Artifacts:
1/2

  • 0
  • 0
  • 0
  • 20h ago

CVE-2026-6784

Overview

  • Mozilla
  • Firefox
21 Apr 2026
Published
22 Apr 2026
Updated
CVSS
Pending
EPSS
0.04%
KEV

Description

Memory safety bugs present in Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Statistics

  • 1 Post
  • 8 Interactions
Last activity: 20 hours ago

Fediverse

Profile picture fallback
Dan Goodin @dangoodin

@paco

I just asked Mozilla about this. Someone responded that internally found bugs like the 271 go into “roll-up” advisories with, each rollup providing a link to the bug list covered.

The 3 rollups are:

mozilla.org/en-US/security/adv

mozilla.org/en-US/security/adv

mozilla.org/en-US/security/adv

When you look at these rollups they say that "Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code."

With no way of knowing how many vulnerabilities were truly severe and exploitable, I think Mozilla, like others gushing ab out LLM-assisted vuln finding, is denying us the data to assess the true value of Mythos.

  • 1
  • 7
  • 0
  • 20h ago
Showing 31 to 40 of 48 CVEs