24h | 7d | 30d

CVE-2026-1555

Overview

  • Owen
  • WebStack
15 Apr 2026
Published
15 Apr 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
Pending
KEV

Description

The WebStack theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the io_img_upload() function in all versions up to, and including, 1.2024. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

Statistics

  • 1 Post
Last activity: Last hour

Fediverse

Profile picture fallback
OffSequence @offseq

⚠️ CRITICAL: Owen WebStack WordPress theme (CVE-2026-1555) lets unauthenticated attackers upload arbitrary files, risking RCE. No patch yet — restrict uploads & monitor activity! CVSS 9.8. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • Last hour

CVE-2025-61624

Overview

  • Fortinet
  • FortiOS
14 Apr 2026
Published
14 Apr 2026
Updated
CVSS v3.1
MEDIUM (5.4)
EPSS
Pending
KEV

Description

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') [CWE-22] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.7.0, FortiPAM 1.6 all versions, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.11, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiSwitchManager 7.2.0 through 7.2.7, FortiSwitchManager 7.0.0 through 7.0.6 may allow an authenticated attacker with admin profile and at least read-write permissions to write or delete arbitrary files via specific CLI commands.

Statistics

  • 1 Post
Last activity: 1 hour ago

Bluesky

Profile picture fallback
ohhara @shiojiri.com
Fortinet、悪用確認の脆弱性含む複数製品の脆弱性について注意喚起(CVE-2025-61624ほか) | Codebook|Security News https://codebook.machinarecord.com/threatreport/silobreaker-cyber-alert/45283/
  • 0
  • 0
  • 0
  • 1h ago

CVE-2026-33827

Overview

  • Microsoft
  • Windows 10 Version 1607
14 Apr 2026
Published
15 Apr 2026
Updated
CVSS v3.1
HIGH (8.1)
EPSS
Pending
KEV

Description

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over a network.

Statistics

  • 3 Posts
  • 2 Interactions
Last activity: 1 hour ago

Bluesky

Profile picture fallback
TrendAI Zero Day Initiative @thezdi.bsky.social
The April release is so large, it gets not one but TWO bugs of the month. Not surprisingly, they are the two wormable bugs in the release affecting TCP/IP and IKE. Enjoy CVE-2026-33824 and CVE-2026-33827. youtube.com/shorts/aC5tk...
  • 1
  • 1
  • 1
  • 7h ago
Profile picture fallback
piggo @pigondrugs.bsky.social
~Talos~ Microsoft patched 165 flaws, including 8 criticals and an actively exploited SharePoint spoofing bug (CVE-2026-32201). - IOCs: CVE-2026-32201, CVE-2026-33824, CVE-2026-33827 - #PatchTuesday #ThreatIntel #Vulnerability
  • 0
  • 0
  • 0
  • 1h ago

CVE-2026-33824

Overview

  • Microsoft
  • Windows 10 Version 1607
14 Apr 2026
Published
15 Apr 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
Pending
KEV

Description

Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network.

Statistics

  • 3 Posts
  • 2 Interactions
Last activity: 1 hour ago

Bluesky

Profile picture fallback
TrendAI Zero Day Initiative @thezdi.bsky.social
The April release is so large, it gets not one but TWO bugs of the month. Not surprisingly, they are the two wormable bugs in the release affecting TCP/IP and IKE. Enjoy CVE-2026-33824 and CVE-2026-33827. youtube.com/shorts/aC5tk...
  • 1
  • 1
  • 1
  • 7h ago
Profile picture fallback
piggo @pigondrugs.bsky.social
~Talos~ Microsoft patched 165 flaws, including 8 criticals and an actively exploited SharePoint spoofing bug (CVE-2026-32201). - IOCs: CVE-2026-32201, CVE-2026-33824, CVE-2026-33827 - #PatchTuesday #ThreatIntel #Vulnerability
  • 0
  • 0
  • 0
  • 1h ago

CVE-2026-34256

Overview

  • SAP_SE
  • SAP ERP and SAP S/4 HANA (Private Cloud and On-Premise)
14 Apr 2026
Published
14 Apr 2026
Updated
CVSS v3.1
HIGH (7.1)
EPSS
0.04%
KEV

Description

Due to a missing authorization check in SAP ERP and SAP S/4HANA (Private Cloud and On-Premise), an authenticated attacker could execute a particular ABAP report to overwrite any existing eight?character executable ABAP report without authorization. If the overwritten report is subsequently executed, the intended functionality could become unavailable. Successful exploitation impacts availability, with a limited impact on integrity confined to the affected report, while confidentiality remains unaffected.

Statistics

  • 1 Post
Last activity: 15 hours ago

Bluesky

Profile picture fallback
Cybersecurity News Everyday @hendryadrian.bsky.social
SAP released 20 security notes in April 2026, including critical CVE-2026-27681 SQL injection in Business Planning & Consolidation and BW, plus high-severity CVE-2026-34256 in ERP & S/4 HANA. #SAPSecurity #ABAPPatch #Germany
  • 0
  • 0
  • 0
  • 15h ago

CVE-2026-39813

Overview

  • Fortinet
  • FortiSandbox
14 Apr 2026
Published
15 Apr 2026
Updated
CVSS v3.1
CRITICAL (9.1)
EPSS
Pending
KEV

Description

A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8 may allow attacker to escalation of privilege via <insert attack vector here>

Statistics

  • 1 Post
Last activity: 7 hours ago

Fediverse

Profile picture fallback
Rishi @rxerium

🚨 Fortinet just disclosed CVE-2026-39808 and CVE-2026-39813 - 2 critical vulnerabilities affecting FortiSandbox. No active exploitation itw reported as of yet.

Scan your infrastructure to find vulnerable instances:
CVE-2026-39808: github.com/rxerium/rxerium-tem
CVE-2026-39813: github.com/rxerium/rxerium-tem

CVE-2026-39808 (CVSS 9.1):
An Improper Neutralization of Special Elements used in an OS Command ('OS command injection') vulnerability [CWE-78] in FortiSandbox may allow an unauthenticated attacker to execute unauthorized code or commands via crafted HTTP requests.

CVE-2026-39813 (CVSS 9.1):
A Path Traversal vulnerability [CWE-24] in FortiSandbox JRPC API may allow an unauthenticated attacker to bypass authentication via specially crafted HTTP requests.

Patches are available as per vendor advisories:
fortiguard.fortinet.com/psirt/
fortiguard.fortinet.com/psirt/

  • 0
  • 0
  • 0
  • 7h ago

CVE-2026-27681

Overview

  • SAP_SE
  • SAP Business Planning and Consolidation and SAP Business Warehouse
14 Apr 2026
Published
14 Apr 2026
Updated
CVSS v3.1
CRITICAL (9.9)
EPSS
0.05%
KEV

Description

Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business Warehouse, an authenticated user can execute crafted SQL statements to read, modify, and delete database data. This leads to a high impact on the confidentiality, integrity, and availability of the system.

Statistics

  • 1 Post
Last activity: 15 hours ago

Bluesky

Profile picture fallback
Cybersecurity News Everyday @hendryadrian.bsky.social
SAP released 20 security notes in April 2026, including critical CVE-2026-27681 SQL injection in Business Planning & Consolidation and BW, plus high-severity CVE-2026-34256 in ERP & S/4 HANA. #SAPSecurity #ABAPPatch #Germany
  • 0
  • 0
  • 0
  • 15h ago

CVE-2026-39808

Overview

  • Fortinet
  • FortiSandbox
14 Apr 2026
Published
15 Apr 2026
Updated
CVSS v3.1
CRITICAL (9.1)
EPSS
Pending
KEV

Description

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code or commands via <insert attack vector here>

Statistics

  • 1 Post
Last activity: 7 hours ago

Fediverse

Profile picture fallback
Rishi @rxerium

🚨 Fortinet just disclosed CVE-2026-39808 and CVE-2026-39813 - 2 critical vulnerabilities affecting FortiSandbox. No active exploitation itw reported as of yet.

Scan your infrastructure to find vulnerable instances:
CVE-2026-39808: github.com/rxerium/rxerium-tem
CVE-2026-39813: github.com/rxerium/rxerium-tem

CVE-2026-39808 (CVSS 9.1):
An Improper Neutralization of Special Elements used in an OS Command ('OS command injection') vulnerability [CWE-78] in FortiSandbox may allow an unauthenticated attacker to execute unauthorized code or commands via crafted HTTP requests.

CVE-2026-39813 (CVSS 9.1):
A Path Traversal vulnerability [CWE-24] in FortiSandbox JRPC API may allow an unauthenticated attacker to bypass authentication via specially crafted HTTP requests.

Patches are available as per vendor advisories:
fortiguard.fortinet.com/psirt/
fortiguard.fortinet.com/psirt/

  • 0
  • 0
  • 0
  • 7h ago
Showing 41 to 48 of 48 CVEs