24h | 7d | 30d

Overview

  • TYPO3
  • Extension "E-Mail MFA Provider"
  • ralffreit/mfa-email

17 Mar 2026
Published
17 Mar 2026
Updated

CVSS v4.0
HIGH (7.7)
EPSS
0.05%

KEV

Description

The extension fails to properly reset the generated MFA code after successful authentication. This leads to a possible MFA bypass for future login attempts by providing an empty string as MFA code to the extensions MFA provider.

Statistics

  • 1 Post

Last activity: 12 hours ago

Fediverse

Profile picture fallback

⚠️ HIGH severity: CVE-2026-4208 in TYPO3 "E-Mail MFA Provider" lets attackers bypass MFA by reusing/omitting codes due to faulty state reset. Patch or disable the extension and monitor logs for abuse. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 12h ago

Overview

  • SolaX Power
  • Pocket WiFi 3.0

12 Feb 2026
Published
12 Feb 2026
Updated

CVSS
Pending
EPSS
0.03%

KEV

Description

The affected devices do not validate the server certificate when connecting to the SolaX Cloud MQTTS server hosted in the Alibaba Cloud (mqtt001.solaxcloud.com, TCP 8883). This allows attackers in a man-in-the-middle position to act as the legitimate MQTT server and issue arbitrary commands to devices.

Statistics

  • 1 Post

Last activity: 12 hours ago

Fediverse

Profile picture fallback

Dans mon expérimentation solaire à la maison, je découvre que mon onduleur SolaX X1-Micro 2 en 1 est une petite merguez :
- qui n'expose pas API (voila pourquoi l'app est bancale)
- les settings ne sont pas accessibles
- probablement incapable de ce mettre à jour
- force l'utilisation du cloud SolaX et son MQTT pas très sécurisé (CVE-2025-15573) et avec une métrique toutes les 5 minutes.

J'ai trouvé ces deux ressources pour le moment :
- github.com/squishykid/solax/is
- forum.hacf.fr/t/integration-po

  • 0
  • 0
  • 0
  • 12h ago

Overview

  • UTT
  • HiPER 810G

09 Mar 2026
Published
10 Mar 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.08%

KEV

Description

A security flaw has been discovered in UTT HiPER 810G up to 1.7.7-1711. Affected by this issue is the function strcpy of the file /goform/getOneApConfTempEntry. Performing a manipulation results in buffer overflow. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.

Statistics

  • 1 Post

Last activity: 20 hours ago

Bluesky

Profile picture fallback
CVE-2026-3814 - UTT HiPER 810G getOneApConfTempEntry strcpy buffer overflow scq.ms/3N8bDqk
  • 0
  • 0
  • 0
  • 20h ago

Overview

  • Mobatek
  • MobaXterm

09 Mar 2026
Published
11 Mar 2026
Updated

CVSS v4.0
HIGH (8.5)
EPSS
0.02%

KEV

Description

MobaXterm versions prior to 26.1 contain an uncontrolled search path element vulnerability. The application calls WinExec to execute Notepad++ without a fully qualified executable path when opening remote files. An attacker can exploit the search path behavior by placing a malicious executable earlier in the search order, resulting in arbitrary code execution in the context of the affected user.

Statistics

  • 1 Post

Last activity: 12 hours ago

Bluesky

Profile picture fallback
CVE-2026-25866 - MobaXterm < 26.1 Notepad++ Unquoted Service Path scq.ms/3Nuc1zv
  • 0
  • 0
  • 0
  • 12h ago

Overview

  • elemntor
  • Ally – Web Accessibility & Usability

11 Mar 2026
Published
11 Mar 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
14.93%

KEV

Description

The Ally – Web Accessibility & Usability plugin for WordPress is vulnerable to SQL Injection via the URL path in all versions up to, and including, 4.0.3. This is due to insufficient escaping on the user-supplied URL parameter in the `get_global_remediations()` method, where it is directly concatenated into an SQL JOIN clause without proper sanitization for SQL context. While `esc_url_raw()` is applied for URL safety, it does not prevent SQL metacharacters (single quotes, parentheses) from being injected. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database via time-based blind SQL injection techniques. The Remediation module must be active, which requires the plugin to be connected to an Elementor account.

Statistics

  • 1 Post

Last activity: 4 hours ago

Fediverse

Profile picture fallback

SQL Injection Vulnerability in Elementor Ally Plugin Affects Over 250,000 WordPress Websites #wordpress

A critical SQL injection vulnerability in the Elementor Ally plugin could affect over 250,000 WordPress sites. Upgrade to Ally 4.1.0 and update WordPress to 6.9.2 to mitigate CVE-2026-2413 and related risks. Learn more: ift.tt/VzNblEM

Source: ift.tt/VzNblEM | Image: ift.tt/ONFHV64

  • 0
  • 0
  • 0
  • 4h ago

Overview

  • LiteSpeed Technologies
  • OpenLiteSpeed

16 Mar 2026
Published
16 Mar 2026
Updated

CVSS v3.0
HIGH (7.2)
EPSS
0.16%

KEV

Description

OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain an OS command injection vulnerability. An arbitrary OS command may be executed by an attacker with the administrative privilege.

Statistics

  • 1 Post

Last activity: Last hour

Bluesky

Profile picture fallback
LiteSpeed Web Serverに高深刻度のOSコマンドインジェクションの脆弱性(CVE-2026-31386) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews
  • 0
  • 0
  • 0
  • Last hour

Overview

  • Sudo project
  • Sudo

30 Jun 2025
Published
26 Feb 2026
Updated

CVSS v3.1
CRITICAL (9.3)
EPSS
26.52%

Description

Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.

Statistics

  • 1 Post

Last activity: 4 hours ago

Fediverse

Profile picture fallback

Internal redteam, 8h, no tools except one exploit.
Result: VP account, full AD control. SOC: 0 alerts.

github.com/toxy4ny/semetsky---

Why it matters: PXE-boot Linux, unmonitored, unpatched since 2023.
CVE-2025-32463 → bash_history with plaintext creds → RDP hop →
custom AD delegation. All "legitimate" actions, no SOC triggers.

What's your "Yuri Semetsky" story? (obfuscated, of course)

#redteam #internalpentest #ad #soc #linux

  • 0
  • 0
  • 0
  • 4h ago
Showing 21 to 27 of 27 CVEs