24h | 7d | 30d

CVE-2026-9065

Overview

  • brainstormforce
  • Surecart
20 May 2026
Published
20 May 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.03%
KEV

Description

SureCart version prior to 4.2.1 are vulnerable to authenticated SQL injection via multiple parameters ('model_name', 'model_id', 'integration_id', 'provider') on the REST API endpoint '/surecart/v1/integrations/{id}'. The root cause is a flawed escaping bypass in the query builder ('wp-query-builder'). Values passed to the 'where()' method are only sanitized via '$wpdb->prepare()' when they do **not** contain a dot ('.') or the WordPress table prefix ('wp_'). By including a dot anywhere in the payload, an attacker completely bypasses the escaping logic and injects arbitrary SQL into the 'WHERE' clause, allowing full UNION-based extraction of the database.

Statistics

  • 1 Post
Last activity: 19 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🚨 CRITICAL: CVE-2026-9065 in brainstormforce SureCart <4.2.1 allows authenticated SQL injection via REST API ('/surecart/v1/integrations/{id}'). Exploit bypasses escaping with a dot in payloads — full DB extraction possible. Patch now! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 19h ago

CVE-2026-9139

Overview

  • Taiko Network Communications Pte Ltd.
  • AG1000-01A SMS Alert Gateway
20 May 2026
Published
20 May 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
Pending
KEV

Description

Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded credential vulnerability in the embedded web configuration interface where authentication is implemented entirely in client-side JavaScript in login.zhtml, exposing static plaintext credentials in the page source. Unauthenticated attackers with network access can recover administrative credentials directly from the client-side validate() function to obtain full administrative access to the device.

Statistics

  • 1 Post
Last activity: 1 hour ago

Fediverse

Profile picture fallback
OffSequence @offseq

🔐 CVE-2026-9139: Taiko AG1000-01A SMS Alert Gateway (Revs 7.3, 8, UM-AG1000_R7.2) has a CRITICAL flaw (CVSS 9.8) — hard-coded admin creds in client JS. No patch yet. Restrict access, isolate device, monitor closely. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 1h ago

CVE-2026-0257

Overview

  • Palo Alto Networks
  • Cloud NGFW
13 May 2026
Published
13 May 2026
Updated
CVSS v4.0
MEDIUM (4.7)
EPSS
0.06%
KEV

Description

Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection. Panorama and Cloud NGFW are not impacted by these issues.

Statistics

  • 1 Post
Last activity: 1 hour ago

Bluesky

Profile picture fallback
ripjyr.bsky.social @ripjyr.bsky.social
Paloaltoの脆弱性情報 「CVE-2026-0257 PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities (Severity: MEDIUM)」が公開されました。 → https://security.paloaltonetworks.com/CVE-2026-0257
  • 0
  • 0
  • 0
  • 1h ago

CVE-2026-42897

Overview

  • Microsoft
  • Microsoft Exchange Server 2016 Cumulative Update 23
14 May 2026
Published
20 May 2026
Updated
CVSS v3.1
HIGH (8.1)
EPSS
10.03%
KEV

Description

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

Statistics

  • 1 Post
Last activity: 3 hours ago

Bluesky

Profile picture fallback
NEWSTECNICAS | Tecnología , IA y Gaming @newstecnicas.com
🛡️ CVE-2026-42897: CISA advierte hackeo masivo activo en Microsoft Exchange Server (OWA) (+MITIGACIÓN) www.newstecnicas.com/2026/05/cve-...
  • 0
  • 0
  • 0
  • 3h ago

CVE-2026-0264

Overview

  • Palo Alto Networks
  • Cloud NGFW
13 May 2026
Published
14 May 2026
Updated
CVSS v4.0
HIGH (7.2)
EPSS
0.10%
KEV

Description

A buffer overflow vulnerability in the DNS proxy and DNS Server features of Palo Alto Networks PAN-OS® Software allows an unauthenticated attacker with network access to cause a denial of service (DoS) condition (all PAN-OS platforms except Cloud NGFW and Prisma Access) or potentially execute arbitrary code by sending specially crafted network traffic (PA-Series hardware only). Panorama, Cloud NGFW, and Prisma® Access are not impacted by this vulnerability.

Statistics

  • 1 Post
Last activity: 1 hour ago

Bluesky

Profile picture fallback
ripjyr.bsky.social @ripjyr.bsky.social
Paloaltoの脆弱性情報 「CVE-2026-0264 PAN-OS: Heap-Based Buffer Overflow in DNS Proxy and DNS Server Allows Unauthenticated Remote Code Execution (Severity: HIGH)」が公開されました。 → https://security.paloaltonetworks.com/CVE-2026-0264
  • 0
  • 0
  • 0
  • 1h ago

CVE-2026-5947

Overview

  • ISC
  • BIND 9
20 May 2026
Published
20 May 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
Pending
KEV

Description

Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG(0), it begins work to validate that signature. If, during that validation, the "recursive-clients" limit is reached (as would occur during a query flood), and that same DNS message is discarded per the limit, there is a brief window of time while the SIG(0) validation may attempt to read the now-discarded DNS message. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BIND 9 versions 9.18.28 through 9.18.49 and 9.18.28-S1 through 9.18.49-S1 are NOT affected.

Statistics

  • 2 Posts
  • 18 Interactions
Last activity: 14 hours ago

Fediverse

Profile picture fallback
ISC.org @iscdotorg

Our May 2026 maintenance releases of BIND 9 are available at isc.org/download : 9.18.49 and 9.20.23 (stable) and 9.21.22 (development). Packages and container images provided by ISC will be updated later today.

In addition to bug fixes and feature improvements, these releases also contain fixes for security vulnerabilities:

- kb.isc.org/docs/cve-2026-3039
- kb.isc.org/docs/cve-2026-3592
- kb.isc.org/docs/cve-2026-3593
- kb.isc.org/docs/cve-2026-5946
- kb.isc.org/docs/cve-2026-5947
- kb.isc.org/docs/cve-2026-5950

  • 11
  • 7
  • 0
  • 16h ago

Bluesky

Profile picture fallback
OMO @omo.bsky.social
BIND9の脆弱性(High: CVE-2026-3039, CVE-2026-3593, CVE-2026-5946, CVE-2026-5947, Medium: CVE-206-3592, CVE-206-5950)と9.18.49, 9.20.23, 9.21.22公開 #sios_tech #security #vulnerability #セキュリティ #脆弱性 #dns #bind security.sios.jp/vulnerabilit...
  • 0
  • 0
  • 0
  • 14h ago

CVE-2026-3593

Overview

  • ISC
  • BIND 9
20 May 2026
Published
20 May 2026
Updated
CVSS v3.1
HIGH (7.4)
EPSS
Pending
KEV

Description

A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BIND 9 versions 9.18.0 through 9.18.48 and 9.18.11-S1 through 9.18.48-S1 are NOT affected.

Statistics

  • 2 Posts
  • 18 Interactions
Last activity: 14 hours ago

Fediverse

Profile picture fallback
ISC.org @iscdotorg

Our May 2026 maintenance releases of BIND 9 are available at isc.org/download : 9.18.49 and 9.20.23 (stable) and 9.21.22 (development). Packages and container images provided by ISC will be updated later today.

In addition to bug fixes and feature improvements, these releases also contain fixes for security vulnerabilities:

- kb.isc.org/docs/cve-2026-3039
- kb.isc.org/docs/cve-2026-3592
- kb.isc.org/docs/cve-2026-3593
- kb.isc.org/docs/cve-2026-5946
- kb.isc.org/docs/cve-2026-5947
- kb.isc.org/docs/cve-2026-5950

  • 11
  • 7
  • 0
  • 16h ago

Bluesky

Profile picture fallback
OMO @omo.bsky.social
BIND9の脆弱性(High: CVE-2026-3039, CVE-2026-3593, CVE-2026-5946, CVE-2026-5947, Medium: CVE-206-3592, CVE-206-5950)と9.18.49, 9.20.23, 9.21.22公開 #sios_tech #security #vulnerability #セキュリティ #脆弱性 #dns #bind security.sios.jp/vulnerabilit...
  • 0
  • 0
  • 0
  • 14h ago

CVE-2026-3039

Overview

  • ISC
  • BIND 9
20 May 2026
Published
20 May 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
Pending
KEV

Description

BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets. Typically these servers will be found in Active Directory integrated DNS deployments and/or Kerberos-secured DNS environments. This issue affects BIND 9 versions 9.0.0 through 9.16.50, 9.18.0 through 9.18.48, 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, 9.9.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.48-S1, and 9.20.9-S1 through 9.20.22-S1.

Statistics

  • 2 Posts
  • 18 Interactions
Last activity: 14 hours ago

Fediverse

Profile picture fallback
ISC.org @iscdotorg

Our May 2026 maintenance releases of BIND 9 are available at isc.org/download : 9.18.49 and 9.20.23 (stable) and 9.21.22 (development). Packages and container images provided by ISC will be updated later today.

In addition to bug fixes and feature improvements, these releases also contain fixes for security vulnerabilities:

- kb.isc.org/docs/cve-2026-3039
- kb.isc.org/docs/cve-2026-3592
- kb.isc.org/docs/cve-2026-3593
- kb.isc.org/docs/cve-2026-5946
- kb.isc.org/docs/cve-2026-5947
- kb.isc.org/docs/cve-2026-5950

  • 11
  • 7
  • 0
  • 16h ago

Bluesky

Profile picture fallback
OMO @omo.bsky.social
BIND9の脆弱性(High: CVE-2026-3039, CVE-2026-3593, CVE-2026-5946, CVE-2026-5947, Medium: CVE-206-3592, CVE-206-5950)と9.18.49, 9.20.23, 9.21.22公開 #sios_tech #security #vulnerability #セキュリティ #脆弱性 #dns #bind security.sios.jp/vulnerabilit...
  • 0
  • 0
  • 0
  • 14h ago

CVE-2026-5946

Overview

  • ISC
  • BIND 9
20 May 2026
Published
20 May 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
Pending
KEV

Description

Multiple flaws have been identified in `named` related to the handling of DNS messages whose CLASS is not Internet (`IN`) — for example, `CHAOS` or `HESIOD`, or DNS messages that specify meta-classes (`ANY` or `NONE`) in the question section. Specially crafted requests reaching the affected code paths — recursion, dynamic updates (`UPDATE`), zone change notifications (`NOTIFY`), or processing of `IN`-specific record types in non-`IN` data — can cause assertion failures in `named`. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.48, 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.48-S1, and 9.20.9-S1 through 9.20.22-S1.

Statistics

  • 2 Posts
  • 18 Interactions
Last activity: 14 hours ago

Fediverse

Profile picture fallback
ISC.org @iscdotorg

Our May 2026 maintenance releases of BIND 9 are available at isc.org/download : 9.18.49 and 9.20.23 (stable) and 9.21.22 (development). Packages and container images provided by ISC will be updated later today.

In addition to bug fixes and feature improvements, these releases also contain fixes for security vulnerabilities:

- kb.isc.org/docs/cve-2026-3039
- kb.isc.org/docs/cve-2026-3592
- kb.isc.org/docs/cve-2026-3593
- kb.isc.org/docs/cve-2026-5946
- kb.isc.org/docs/cve-2026-5947
- kb.isc.org/docs/cve-2026-5950

  • 11
  • 7
  • 0
  • 16h ago

Bluesky

Profile picture fallback
OMO @omo.bsky.social
BIND9の脆弱性(High: CVE-2026-3039, CVE-2026-3593, CVE-2026-5946, CVE-2026-5947, Medium: CVE-206-3592, CVE-206-5950)と9.18.49, 9.20.23, 9.21.22公開 #sios_tech #security #vulnerability #セキュリティ #脆弱性 #dns #bind security.sios.jp/vulnerabilit...
  • 0
  • 0
  • 0
  • 14h ago

CVE-2024-45411

Overview

  • twigphp
  • Twig
09 Sep 2024
Published
16 Sep 2024
Updated
CVSS v3.1
HIGH (8.6)
EPSS
0.14%
KEV

Description

Twig is a template language for PHP. Under some circumstances, the sandbox security checks are not run which allows user-contributed templates to bypass the sandbox restrictions. This vulnerability is fixed in 1.44.8, 2.16.1, and 3.14.0.

Statistics

  • 2 Posts
  • 3 Interactions
Last activity: 18 hours ago

Fediverse

Profile picture fallback
Symfony @symfony

🔐 CVE-2026-46638: `{% sandbox %}{% include %}` skips checkSecurity() on cached templates (incomplete fix for CVE-2024-45411)
➡️ symfony.com/blog/cve-2026-4663

  • 1
  • 2
  • 1
  • 18h ago
Showing 71 to 80 of 103 CVEs