CVE-2026-42994

Overview

Bitwarden
Bitwarden CLI

01 May 2026

Published

01 May 2026

Updated

CVSS v4.0

HIGH (8.8)

EPSS

0.05%

MITRE

KEV

Description

Bitwarden CLI 2026.4.0 from 2026-04-22T21:57Z to 2026-04-22T23:30Z, when obtained from npm, had embedded malicious code. This is related to a Checkmarx supply chain incident.

Statistics

1 Post

Last activity: 19 hours ago

Fediverse

OffSequence @offseq

🚩 CVE-2026-42994: Bitwarden CLI v2026.4.0 (npm, Apr 2026) has a HIGH severity OS Command Injection (CVSS 8.8) due to a supply chain compromise. No patch yet. Avoid this version & verify installs. More info: https://radar.offseq.com/threat/cve-2026-42994-cwe-78-improper-neutralization-of-s-70529260 #OffSeq #Bitwarden #AppSec

0
0
0
19h ago

CVE-2025-14917

Overview

IBM
WebSphere Application Server - Liberty

25 Mar 2026

Published

27 Mar 2026

Updated

CVSS v3.1

MEDIUM (6.7)

EPSS

0.01%

MITRE

KEV

Description

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty could provide weaker than expected security when administering security settings.

Statistics

1 Post

Last activity: 8 hours ago

Bluesky

knaepp.bsky.social @knaepp.bsky.social

PH70078:IBM WebSphere Application Server Liberty could provide weaker than expected security (CVE-2025-14917 CVSS 6.7) https://tinyurl.com/22aozekr

0
0
0
8h ago

CVE-2026-7538

Overview

Totolink
A8000RU

01 May 2026

Published

01 May 2026

Updated

CVSS v4.0

CRITICAL (9.3)

EPSS

0.89%

MITRE

KEV

Description

A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function Vulnerability of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument proto leads to os command injection. The attack may be initiated remotely. The exploit is publicly available and might be used.

Statistics

1 Post

Last activity: 22 hours ago

Fediverse

OffSequence @offseq

🚨 CVE-2026-7538 (CRITICAL, CVSS 9.3): Totolink A8000RU 7.1cu.643_b20200521 OS command injection in CGI handler allows unauthenticated remote code execution. No patch — restrict access & monitor vendor updates. https://radar.offseq.com/threat/cve-2026-7538-os-command-injection-in-totolink-a80-28438d15 #OffSeq #CVE20267538 #IoTSecurity #Vuln

0
0
0
22h ago

CVE-2026-5174

Overview

Progress Software
MOVEit Automation

30 Apr 2026

Published

01 May 2026

Updated

CVSS v3.1

HIGH (7.7)

EPSS

0.06%

MITRE

KEV

Description

Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation. This issue affects MOVEit Automation: from 2025.1.0 before 2025.1.5, from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0.

Statistics

1 Post

Last activity: 19 hours ago

Bluesky

Sami Laiho @samilaiho.com

MOVEit Automation Critical Security Alert Bulletin – April 2026 – (CVE-2026-4670, CVE-2026-5174) URL: community.progress.com/s/article/MO... Classification: Critical, Solution: Official Fix, Exploit Maturity: Not Defined, CVSSv3.1: 9.8

0
0
0
19h ago