Overview
- UTT
- HiPER 1250GW
05 Apr 2026
Published
05 Apr 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.04%
KEV
Description
A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. The impacted element is an unknown function of the file /goform/formRemoteControl. The manipulation of the argument Profile results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.
Statistics
- 1 Post
Last activity: 18 hours ago
Fediverse
🔎 CVE-2026-5544: HIGH severity stack overflow in UTT HiPER 1250GW (≤ v3.2.7-210907-180535). Remote, no auth needed. Public exploit code available — restrict network access & monitor vendor alerts. https://radar.offseq.com/threat/cve-2026-5544-stack-based-buffer-overflow-in-utt-h-45d31ae5 #OffSeq #Vulnerability #CyberSecurity #UTT
Overview
Description
n8n is an open source workflow automation platform. Versions starting with 1.65.0 and below 1.121.0 enable an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker, resulting in exposure of sensitive information stored on the system and may enable further compromise depending on deployment configuration and workflow usage. This issue is fixed in version 1.121.0.
Statistics
- 1 Post
Last activity: 16 hours ago
Overview
- PHPGurukul
- PHPGurukul Online Shopping Portal Project
05 Apr 2026
Published
05 Apr 2026
Updated
CVSS v4.0
MEDIUM (5.3)
EPSS
0.03%
KEV
Description
A flaw has been found in PHPGurukul PHPGurukul Online Shopping Portal Project up to 2.1. Impacted is an unknown function of the file /pending-orders.php of the component Parameter Handler. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used.
Statistics
- 1 Post
Last activity: 13 hours ago
Fediverse
⚠️ MEDIUM risk: CVE-2026-5558 allows SQL injection in PHPGurukul Online Shopping Portal (v2.0, 2.1) via /pending-orders.php. Exploit is public. Review your instances & restrict access if needed. Details: https://radar.offseq.com/threat/cve-2026-5558-sql-injection-in-phpgurukul-phpguruk-e94dae7f #OffSeq #SQLInjection #PHP #Vuln
Overview
Description
Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3, MongoDB Server v6.0 versions prior to 6.0.27, MongoDB Server v5.0 versions prior to 5.0.32, MongoDB Server v4.4 versions prior to 4.4.30, MongoDB Server v4.2 versions greater than or equal to 4.2.0, MongoDB Server v4.0 versions greater than or equal to 4.0.0, and MongoDB Server v3.6 versions greater than or equal to 3.6.0.
Statistics
- 1 Post
Last activity: 16 hours ago
Bluesky
Overview
- wp-buy
- Visitor Traffic Real Time Statistics
04 Apr 2026
Published
04 Apr 2026
Updated
CVSS v3.1
HIGH (7.2)
EPSS
0.02%
KEV
Description
The Visitor Traffic Real Time Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'page_title' parameter in all versions up to, and including, 8.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever an admin user accesses the Traffic by Title section.
Statistics
- 1 Post
Last activity: 22 hours ago
Fediverse
⚠️ HIGH severity XSS (CVE-2026-2936) in Visitor Traffic Real Time Statistics WP plugin ≤8.4. Unauth attackers can inject persistent scripts via 'page_title', executed by admins. No patch yet — restrict access or disable plugin. https://radar.offseq.com/threat/cve-2026-2936-cwe-79-improper-neutralization-of-in-422ba84b #OffSeq #WordPress #XSS
Overview
Description
A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.12, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests.
Statistics
- 1 Post
Last activity: 8 hours ago
Bluesky
Critical FortiManager Zero-Day (CVE-2024-47575): Unauthenticated RCE Exploit Exposes Enterprise Networks—Patch Now! + Video
Introduction A critical zero-day vulnerability in Fortinet’s FortiManager, tracked as CVE-2024-47575 and nicknamed “FortiJump,” exposes enterprise networks to unauthenticated…
Overview
Description
TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code execution in the context of the updating process or user.
Statistics
- 1 Post
Last activity: 11 hours ago
Overview
- mvirik
- Text to Speech – TTSWP
04 Apr 2026
Published
04 Apr 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.02%
KEV
Description
The Text to Speech for WP (AI Voices by Mementor) plugin for WordPress is vulnerable to sensitive information exposure in all versions up to, and including, 1.9.8. This is due to the plugin containing hardcoded MySQL database credentials for the vendor's external telemetry server in the `Mementor_TTS_Remote_Telemetry` class. This makes it possible for unauthenticated attackers to extract and decode these credentials, gaining unauthorized write access to the vendor's telemetry database.
Statistics
- 1 Post
Last activity: 21 hours ago
Fediverse
CVE-2026-1233 (HIGH): The Text to Speech for WP plugin (<=1.9.8) exposes hardcoded MySQL creds, risking unauthorized write access to telemetry DB. No patch yet — disable or restrict access. https://radar.offseq.com/threat/cve-2026-1233-cwe-798-use-of-hard-coded-credential-6c6e620c #OffSeq #WordPress #InfoSec #CVE
Overview
- Microsoft
- Windows 10 Version 1607
10 Mar 2026
Published
27 Mar 2026
Updated
CVSS v3.1
HIGH (8.0)
EPSS
0.07%
KEV
Description
Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
Statistics
- 1 Post
Last activity: 10 hours ago
Overview
- Fortinet
- FortiClientEMS
06 Feb 2026
Published
31 Mar 2026
Updated
CVSS v3.1
CRITICAL (9.1)
EPSS
0.07%
KEV
Description
An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
Statistics
- 2 Posts
- 6 Interactions
Last activity: 6 hours ago
Bluesky
Heads up FortiClient EMS users! CVE-2026-35616 (new) & CVE-2026-21643 - both unauthenticated RCE observed to be exploited in the wild! We fingerprint about 2000 instances globally, see public Dashboard: dashboard.shadowserver.org/statistics/i...
Top affected: US & Germany