Overview
- wordpresschef
- Salon Booking System – Free Version
Description
Statistics
- 1 Post
Fediverse
🚨 CVE-2026-6320 (HIGH): Path traversal in Salon Booking System – Free (WordPress, ≤10.30.25) enables unauthenticated file reads via booking emails. No patch out yet — disable or restrict plugin use to reduce risk. https://radar.offseq.com/threat/cve-2026-6320-cwe-22-improper-limitation-of-a-path-85369388 #OffSeq #WordPress #Vuln
Overview
- InternLM
- lmdeploy
Description
Statistics
- 1 Post
Bluesky
Overview
- Shenzhen Libituo Technology
- LBT-T300-HW1
Description
Statistics
- 1 Post
Fediverse
🚨 HIGH-severity buffer overflow in Shenzhen Libituo LBT-T300-HW1 (v1.2.0 – 1.2.8). CVE-2026-7675 enables remote code execution — no patch yet. Limit network access & monitor for vendor updates. https://radar.offseq.com/threat/cve-2026-7675-buffer-overflow-in-shenzhen-libituo--9cc00f70 #OffSeq #CVE20267675 #IoTSecurity #Vulnerability
Overview
- unitecms
- Unlimited Elements For Elementor
Description
Statistics
- 1 Post
Fediverse
CVE-2026-4659: Unlimited Elements plugin <=2.0.6 allows any Author to read arbitrary files via path traversal in URLtoRelative(). No patch exists. Fix your own damn code or pull the plugin. #InfoSec #WordPress
Overview
- MIT
- Kerberos 5
Description
Statistics
- 1 Post
Overview
- Shenzhen Libituo Technology
- LBT-T300-HW1
Description
Statistics
- 1 Post
Fediverse
🔎 HIGH-severity (CVSS 8.7) buffer overflow in Shenzhen Libituo LBT-T300-HW1 (v1.2.0 – 1.2.8), CVE-2026-7674. Web Management Interface at risk, remote exploit possible. No patch yet — restrict access & stay alert. https://radar.offseq.com/threat/cve-2026-7674-buffer-overflow-in-shenzhen-libituo--817395ad #OffSeq #Vuln #IoTSec #Infosec
Overview
Description
Statistics
- 1 Post
Overview
- VetCoders
- mcp-server-semgrep
Description
Statistics
- 1 Post
Fediverse
Command injection in MCP servers. Not surprised. CVE-2026-7446 hits mcp-server-semgrep, and CVE-2026-7416 hits xcode-mcp-server.
Both let remote attackers inject OS commands with no auth needed. The attack surface on MCP servers keeps growing, and most of these community-built tools were never designed with security in mind. mcp-server-semgrep has a fix in v1.0.1, but who's checking their MCP server versions? Nobody. That's the problem.
Overview
- PolarVista
- xcode-mcp-server
Description
Statistics
- 1 Post
Fediverse
Command injection in MCP servers. Not surprised. CVE-2026-7446 hits mcp-server-semgrep, and CVE-2026-7416 hits xcode-mcp-server.
Both let remote attackers inject OS commands with no auth needed. The attack surface on MCP servers keeps growing, and most of these community-built tools were never designed with security in mind. mcp-server-semgrep has a fix in v1.0.1, but who's checking their MCP server versions? Nobody. That's the problem.