24h | 7d | 30d

Overview

  • essentialplugin
  • Accordion and Accordion Slider

17 Apr 2026
Published
17 Apr 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
Pending

KEV

Description

The Accordion and Accordion Slider plugin for WordPress is vulnerable to an injected backdoor in version 1.4.6. This is due to the plugin being sold to a malicious threat actor that embedded a backdoor in all of the plugin's they acquired. This makes it possible for the threat actor to maintain a persistent backdoor and inject spam into the affected sites.

Statistics

  • 1 Post

Last activity: 5 hours ago

Fediverse

Profile picture fallback

🚨 CVE-2026-6443 (CRITICAL): WordPress Accordion & Accordion Slider v1.4.6 embeds a backdoor (CWE-506), enabling persistent unauthorized access & spam. No patch — remove or disable plugin now! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 5h ago

Overview

  • TrueConf
  • TrueConf Client

30 Mar 2026
Published
03 Apr 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
1.48%

Description

TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code execution in the context of the updating process or user.

Statistics

  • 1 Post

Last activity: 18 hours ago

Bluesky

Profile picture fallback
Zero-Day Flaw in TrueConf Servers Exploited to Deliver Malicious Updates Across Networks #CheckPointresearch #CVE20263502 #cybersecuritythreat
  • 0
  • 0
  • 0
  • 18h ago

Overview

  • axios
  • axios

10 Apr 2026
Published
16 Apr 2026
Updated

CVSS v3.1
MEDIUM (4.8)
EPSS
0.53%

KEV

Description

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.3.1, the Axios library is vulnerable to a specific "Gadget" attack chain that allows Prototype Pollution in any third-party dependency to be escalated into Remote Code Execution (RCE) or Full Cloud Compromise (via AWS IMDSv2 bypass). This vulnerability is fixed in 1.15.0 and 0.3.1.

Statistics

  • 1 Post

Last activity: 16 hours ago

Fediverse

Profile picture fallback

📰 Critical Flaw in Axios Library Puts Countless Web Apps at Risk of RCE

🚨 CRITICAL VULNERABILITY (CVSS 10.0) in Axios JS library! CVE-2026-40175 is an SSRF flaw that can lead to RCE and full cloud compromise. PoC is public. If you use Axios, update to v1.13.2 NOW! 🌐 #SupplyChain #RCE #SSRF

🔗 cyber.netsecops.io/articles/cr

  • 0
  • 0
  • 0
  • 16h ago

Overview

  • sooperset
  • mcp-atlassian

10 Mar 2026
Published
10 Mar 2026
Updated

CVSS v3.1
CRITICAL (9.1)
EPSS
0.05%

KEV

Description

MCP Atlassian is a Model Context Protocol (MCP) server for Atlassian products (Confluence and Jira). Prior to version 0.17.0, the `confluence_download_attachment` MCP tool accepts a `download_path` parameter that is written to without any directory boundary enforcement. An attacker who can call this tool and supply or access a Confluence attachment with malicious content can write arbitrary content to any path the server process has write access to. Because the attacker controls both the write destination and the written content (via an uploaded Confluence attachment), this constitutes for arbitrary code execution (for example, writing a valid cron entry to `/etc/cron.d/` achieves code execution within one scheduler cycle with no server restart required). Version 0.17.0 fixes the issue.

Statistics

  • 1 Post

Last activity: 6 hours ago

Bluesky

Profile picture fallback
Critical Unauthenticated RCE and Server Takeover (CVE-2026-33032, CVE-2026-27825) #appsec
  • 0
  • 0
  • 0
  • 6h ago

Overview

  • LibRaw
  • LibRaw

07 Apr 2026
Published
08 Apr 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.05%

KEV

Description

A heap-based buffer overflow vulnerability exists in the HuffTable::initval functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 17 hours ago

Bluesky

Profile picture fallback
~Talos~ Cisco Talos disclosed patched code execution and buffer overflow flaws in Foxit Reader and LibRaw. - IOCs: CVE-2026-3779, CVE-2026-20911, CVE-2026-21413 - #Foxit #ThreatIntel #Vulnerability
  • 1
  • 0
  • 0
  • 17h ago

Overview

  • Foxit Software Inc.
  • Foxit PDF Editor

01 Apr 2026
Published
02 Apr 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.02%

KEV

Description

The application's list box calculate array logic keeps stale references to page or form objects after they are deleted or re-created, which allows crafted documents to trigger a use-after-free when the calculation runs and can potentially lead to arbitrary code execution.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 17 hours ago

Bluesky

Profile picture fallback
~Talos~ Cisco Talos disclosed patched code execution and buffer overflow flaws in Foxit Reader and LibRaw. - IOCs: CVE-2026-3779, CVE-2026-20911, CVE-2026-21413 - #Foxit #ThreatIntel #Vulnerability
  • 1
  • 0
  • 0
  • 17h ago

Overview

  • LibRaw
  • LibRaw

07 Apr 2026
Published
08 Apr 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.05%

KEV

Description

A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 17 hours ago

Bluesky

Profile picture fallback
~Talos~ Cisco Talos disclosed patched code execution and buffer overflow flaws in Foxit Reader and LibRaw. - IOCs: CVE-2026-3779, CVE-2026-20911, CVE-2026-21413 - #Foxit #ThreatIntel #Vulnerability
  • 1
  • 0
  • 0
  • 17h ago

Overview

  • NetScaler
  • ADC

23 Mar 2026
Published
31 Mar 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
53.80%

Description

Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread

Statistics

  • 1 Post

Last activity: 9 hours ago

Bluesky

Profile picture fallback
📢 CitrixBleed 3 : CVE-2026-3055 et CVE-2026-4368 — Fuite mémoire critique sur NetScaler 📝 ## 🔍 Contexte Article publié le 16 avril 2026 par Picus S… https://cyberveille.ch/posts/2026-04-16-citrixbleed-3-cve-2026-3055-et-cve-2026-4368-fuite-memoire-critique-sur-netscaler/ #CVE_2023_4966 #Cyberveille
  • 0
  • 0
  • 0
  • 9h ago

Overview

  • NetScaler
  • ADC

23 Mar 2026
Published
24 Mar 2026
Updated

CVSS v4.0
HIGH (7.7)
EPSS
0.02%

KEV

Description

Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configured as Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server leading to User Session Mixup

Statistics

  • 1 Post

Last activity: 9 hours ago

Bluesky

Profile picture fallback
📢 CitrixBleed 3 : CVE-2026-3055 et CVE-2026-4368 — Fuite mémoire critique sur NetScaler 📝 ## 🔍 Contexte Article publié le 16 avril 2026 par Picus S… https://cyberveille.ch/posts/2026-04-16-citrixbleed-3-cve-2026-3055-et-cve-2026-4368-fuite-memoire-critique-sur-netscaler/ #CVE_2023_4966 #Cyberveille
  • 0
  • 0
  • 0
  • 9h ago

Overview

  • Citrix
  • NetScaler ADC

10 Oct 2023
Published
21 Oct 2025
Updated

CVSS v3.1
CRITICAL (9.4)
EPSS
94.35%

Description

Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA  virtual server.

Statistics

  • 1 Post

Last activity: 9 hours ago

Bluesky

Profile picture fallback
📢 CitrixBleed 3 : CVE-2026-3055 et CVE-2026-4368 — Fuite mémoire critique sur NetScaler 📝 ## 🔍 Contexte Article publié le 16 avril 2026 par Picus S… https://cyberveille.ch/posts/2026-04-16-citrixbleed-3-cve-2026-3055-et-cve-2026-4368-fuite-memoire-critique-sur-netscaler/ #CVE_2023_4966 #Cyberveille
  • 0
  • 0
  • 0
  • 9h ago
Showing 41 to 50 of 50 CVEs