24h | 7d | 30d

Overview

  • ukrsolution
  • Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale)

15 Apr 2026
Published
15 Apr 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
Pending

KEV

Description

The Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale) plugin for WordPress is vulnerable to privilege escalation via insecure token-based authentication in all versions up to, and including, 1.11.0. This is due to the plugin trusting a user-supplied Base64-encoded user ID in the token parameter to identify users, leaking valid authentication tokens through the 'barcodeScannerConfigs' action, and lacking meta-key restrictions on the 'setUserMeta' action. This makes it possible for unauthenticated attackers to escalate their privileges to that of an administrator by first spoofing the admin user ID to leak their authentication token, then using that token to update any user's 'wp_capabilities' meta to gain full administrative access.

Statistics

  • 1 Post

Last activity: 2 hours ago

Fediverse

Profile picture fallback

🚨 CVE-2026-4880 (CRITICAL, CVSS 9.8): ukrsolution Barcode Scanner (+Mobile App) plugin for WordPress lets unauthenticated attackers gain admin access via insecure Base64 token handling. Remove or disable plugin until patched. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 2h ago

Overview

  • Python Software Foundation
  • CPython

20 Mar 2026
Published
13 Apr 2026
Updated

CVSS v4.0
HIGH (7.0)
EPSS
0.03%

KEV

Description

The webbrowser.open() API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open().

Statistics

  • 1 Post

Last activity: 14 hours ago

Bluesky

Profile picture fallback
🚨 New HIGH CVE detected in AWS Lambda 🚨 CVE-2026-4519 impacts python in 6 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/477 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 0
  • 0
  • 14h ago

Overview

  • Microsoft
  • Windows Server 2012 R2

14 Apr 2026
Published
15 Apr 2026
Updated

CVSS v3.1
HIGH (8.0)
EPSS
0.36%

KEV

Description

Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network.

Statistics

  • 1 Post

Last activity: 13 hours ago

Bluesky

Profile picture fallback
CVE-2026-33826: Unpatched Active Directory RPC Flaw Puts Enterprise Domains at Immediate Risk of Total Compromise + Video Introduction: A recently disclosed critical vulnerability in Microsoft Windows Active Directory (CVE-2026-33826) allows an authenticated attacker to execute arbitrary code…
  • 0
  • 0
  • 0
  • 13h ago

Overview

  • Palo Alto Networks
  • PAN-OS

12 Apr 2024
Published
21 Oct 2025
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
94.30%

Description

A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.

Statistics

  • 1 Post

Last activity: 13 hours ago

Fediverse

Profile picture fallback

📰 Black Shrantac Ransomware Targets Industrial Sector with Double Extortion and Living-off-the-Land Tactics

New ransomware threat: Black Shrantac uses double extortion & LOTL tactics. They exploit flaws like CVE-2024-3400 (PAN-OS) for access then use legit tools to hide. Industrial sector at high risk. 🏭 #Ransomware #CyberSecurity #BlackShrantac

🔗 cyber.netsecops.io/articles/bl

  • 0
  • 0
  • 0
  • 13h ago

Overview

  • @fastify/reply-from
  • @fastify/reply-from

15 Apr 2026
Published
15 Apr 2026
Updated

CVSS v4.0
CRITICAL (9.0)
EPSS
0.04%

KEV

Description

@fastify/reply-from v12.6.1 and earlier and @fastify/http-proxy v11.4.3 and earlier process the client's Connection header after the proxy has added its own headers via rewriteRequestHeaders. This allows attackers to retroactively strip proxy-added headers from upstream requests by listing them in the Connection header value. Any header added by the proxy for routing, access control, or security purposes can be selectively removed by a client. @fastify/http-proxy is also affected as it delegates to @fastify/reply-from. Upgrade to @fastify/reply-from v12.6.2 or @fastify/http-proxy v11.4.4 or later.

Statistics

  • 2 Posts

Last activity: 16 hours ago

Fediverse

Profile picture fallback

🚨 Critical-severity security fix in @fastify/reply-from@12.6.2 and @fastify/http-proxy@11.4.4 just released!

Patches CVE-2026-33805 — connection header abuse enables stripping of proxy-added headers

github.com/fastify/fastify-rep

  • 0
  • 0
  • 1
  • 16h ago

Overview

  • Fortinet
  • FortiSandbox

14 Apr 2026
Published
15 Apr 2026
Updated

CVSS v3.1
CRITICAL (9.1)
EPSS
0.29%

KEV

Description

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code or commands via <insert attack vector here>

Statistics

  • 2 Posts

Last activity: 15 hours ago

Bluesky

Profile picture fallback
Critical OS Command Injection in FortiSandbox (CVE-2026-39808): Unauthenticated RCE with CVSS 91 – Patch Now! + Video Introduction: Fortinet has just disclosed two critical vulnerabilities affecting its FortiSandbox platform: CVE-2026-39808, an unauthenticated OS command injection flaw, and…
  • 0
  • 0
  • 0
  • 20h ago
Profile picture fallback
FortiSandbox Under Fire: Unauthenticated RCE and Auth Bypass (CVE-2026-39808 & CVE-2026-39813) – Patch Now! + Video Introduction: Fortinet’s FortiSandbox, a cornerstone for advanced threat detection and zero-day analysis, is now exposed to two critical vulnerabilities: CVE-2026-39808 (CVSS 9.1)…
  • 0
  • 0
  • 0
  • 15h ago

Overview

  • Red Hat
  • Red Hat Enterprise Linux 10
  • NetworkManager

13 Mar 2026
Published
09 Apr 2026
Updated

CVSS
Pending
EPSS
0.02%

KEV

Description

A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.

Statistics

  • 1 Post

Last activity: 6 hours ago

Bluesky

Profile picture fallback
Stop chasing CVE dates. Here’s how to detect systemd D-Bus privilege escalation (CVE-2026-4105) on ANY distro – with a one-line test and an automation script. busctl call org.freedesktop.machine1 ... Read more: 👉 tinyurl.com/3fefnym8 #Security
  • 0
  • 0
  • 0
  • 6h ago

Overview

  • marimo-team
  • marimo

09 Apr 2026
Published
09 Apr 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
3.20%

KEV

Description

marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSocket endpoints (e.g., /ws) that correctly call validate_auth() for authentication, the /terminal/ws endpoint only checks the running mode and platform support before accepting connections, completely skipping authentication verification. This vulnerability is fixed in 0.23.0.

Statistics

  • 1 Post

Last activity: 11 hours ago

Bluesky

Profile picture fallback
Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure thehackernews.com/2026/04/mari...
  • 0
  • 0
  • 0
  • 11h ago

Overview

  • Fortinet
  • FortiOS

14 Apr 2026
Published
14 Apr 2026
Updated

CVSS v3.1
MEDIUM (5.4)
EPSS
0.02%

KEV

Description

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') [CWE-22] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.7.0, FortiPAM 1.6 all versions, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.11, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiSwitchManager 7.2.0 through 7.2.7, FortiSwitchManager 7.0.0 through 7.0.6 may allow an authenticated attacker with admin profile and at least read-write permissions to write or delete arbitrary files via specific CLI commands.

Statistics

  • 1 Post

Last activity: 22 hours ago

Bluesky

Profile picture fallback
Fortinet、悪用確認の脆弱性含む複数製品の脆弱性について注意喚起(CVE-2025-61624ほか) | Codebook|Security News https://codebook.machinarecord.com/threatreport/silobreaker-cyber-alert/45283/
  • 0
  • 0
  • 0
  • 22h ago

Overview

  • Python Software Foundation
  • CPython

12 Mar 2026
Published
07 Apr 2026
Updated

CVSS v4.0
LOW (2.0)
EPSS
0.01%

KEV

Description

The "tarfile" module would still apply normalization of AREGTYPE (\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations.

Statistics

  • 1 Post

Last activity: 14 hours ago

Bluesky

Profile picture fallback
🚨 New HIGH CVE detected in AWS Lambda 🚨 CVE-2025-13462 impacts python in 6 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/475 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 0
  • 0
  • 14h ago
Showing 31 to 40 of 64 CVEs