home.social

#cve β€” Public Fediverse posts

Live and recent posts from across the Fediverse tagged #cve, aggregated by home.social.

  1. Security Tip: Don't let CVSS scores be your only guide. πŸ›‘οΈ While a high severity score is important, real-world risk is driven by active exploitation. Integrate the CISA Known Exploited Vulnerabilities (KEV) catalog into your patch management workflow. If an attacker is already using it, it should be at the top of your list, regardless of the score. Track active threats at cvedatabase.com

  2. 🚨 EUVD-2026-33030

    πŸ“Š Score: 6.5/10 (CVSS v3.1)
    πŸ“¦ Product: Kibana, Kibana, Kibana
    🏒 Vendor: Elastic
    πŸ“… Updated: 2026-05-28

    πŸ“ Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive Allocation (CAPEC-130). An authenticated user can send a specially crafted compressed request payload that is processed prior to authorization ch...

    πŸ”— euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  3. 🚨 EUVD-2026-33031

    πŸ“Š Score: 6.5/10 (CVSS v3.1)
    πŸ“¦ Product: Kibana, Kibana
    🏒 Vendor: Elastic
    πŸ“… Updated: 2026-05-28

    πŸ“ Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive Allocation (CAPEC-130). An authenticated low-privileged user can cause Kibana to consume exponentially increasing amounts of memory by submitting a speci...

    πŸ”— euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  4. 🚨 EUVD-2026-33032

    πŸ“Š Score: 7.7/10 (CVSS v3.1)
    πŸ“¦ Product: Kibana, Kibana
    🏒 Vendor: Elastic
    πŸ“… Updated: 2026-05-28

    πŸ“ Server-Side Request Forgery (CWE-918) in Kibana allows authenticated users with connector management privileges to bypass the operator-configured connection allowlist. By configuring a Webhook connector with a crafted target, an attacker can cause Kib...

    πŸ”— euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  5. 🚨 EUVD-2026-33033

    πŸ“Š Score: 7.2/10 (CVSS v3.1)
    πŸ“¦ Product: Kibana, Kibana, Kibana
    🏒 Vendor: Elastic
    πŸ“… Updated: 2026-05-28

    πŸ“ Improper Input Validation (CWE-20) in the Kibana Fleet agent policy management feature can lead to privilege escalation. An authenticated user with Fleet management privileges can manipulate agent policy configuration by injecting values into ...

    πŸ”— euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  6. 🚨 EUVD-2026-33034

    πŸ“Š Score: 6.5/10 (CVSS v3.1)
    πŸ“¦ Product: Kibana
    🏒 Vendor: Elastic
    πŸ“… Updated: 2026-05-28

    πŸ“ Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive Allocation (CAPEC-130). An authenticated user with viewer-level access can submit a request containing an oversized input value to an analytics collections manag...

    πŸ”— euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  7. 🚨 EUVD-2026-33035

    πŸ“Š Score: 6.3/10 (CVSS v3.1)
    πŸ“¦ Product: Kibana
    🏒 Vendor: Elastic
    πŸ“… Updated: 2026-05-28

    πŸ“ Server-Side Request Forgery (CWE-918) in Kibana can allow an authenticated user with connector management privileges to bypass the operator-configured connector allowlist, causing the Kibana server to issue outbound requests to destinations the egress control...

    πŸ”— euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  8. 🚨 EUVD-2026-33036

    πŸ“Š Score: 9.8/10 (CVSS v3.1)
    πŸ“¦ Product: Oracle Hospitality OPERA 5 Property Services, Oracle Hospitality OPERA 5 Property Services, Oracle Hospitality OPERA 5 Property Services (+2 more)
    🏒 Vendor: Oracle Corporation
    πŸ“… Updated: 2026-05-28

    πŸ“ Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications...

    πŸ”— euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  9. 🚨 EUVD-2026-33037

    πŸ“Š Score: 7.9/10 (CVSS v3.1)
    πŸ“¦ Product: Oracle REST Data Services
    🏒 Vendor: Oracle Corporation
    πŸ“… Updated: 2026-05-28

    πŸ“ Vulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected are 24.2.0-26.1.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTPS to compromise ...

    πŸ”— euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  10. 🚨 EUVD-2026-33038

    πŸ“Š Score: 8.1/10 (CVSS v3.1)
    πŸ“¦ Product: Oracle REST Data Services
    🏒 Vendor: Oracle Corporation
    πŸ“… Updated: 2026-05-28

    πŸ“ Vulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Or...

    πŸ”— euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  11. 🚨 EUVD-2026-33039

    πŸ“Š Score: 9.9/10 (CVSS v3.1)
    πŸ“¦ Product: Oracle REST Data Services
    🏒 Vendor: Oracle Corporation
    πŸ“… Updated: 2026-05-28

    πŸ“ Vulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Or...

    πŸ”— euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  12. 🚨 EUVD-2026-33040

    πŸ“Š Score: 9.8/10 (CVSS v3.1)
    πŸ“¦ Product: Oracle Payments
    🏒 Vendor: Oracle Corporation
    πŸ“… Updated: 2026-05-28

    πŸ“ Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network...

    πŸ”— euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  13. 🚨 EUVD-2026-33041

    πŸ“Š Score: 7.4/10 (CVSS v3.1)
    πŸ“¦ Product: Oracle Payments
    🏒 Vendor: Oracle Corporation
    πŸ“… Updated: 2026-05-28

    πŸ“ Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows unauthenticated attacker with netwo...

    πŸ”— euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  14. 🚨 EUVD-2026-33042

    πŸ“Š Score: 9.1/10 (CVSS v3.1)
    πŸ“¦ Product: Oracle Internet Procurement Connector
    🏒 Vendor: Oracle Corporation
    πŸ“… Updated: 2026-05-28

    πŸ“ Vulnerability in the Oracle Internet Procurement Connector product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerabilit...

    πŸ”— euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  15. 🚨 EUVD-2026-33043

    πŸ“Š Score: 8.5/10 (CVSS v3.1)
    πŸ“¦ Product: Oracle Financials Common Modules
    🏒 Vendor: Oracle Corporation
    πŸ“… Updated: 2026-05-28

    πŸ“ Vulnerability in the Oracle Financials Common Modules product of Oracle E-Business Suite (component: Common Components). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low...

    πŸ”— euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  16. 🚨 EUVD-2026-33044

    πŸ“Š Score: 7.7/10 (CVSS v3.1)
    πŸ“¦ Product: Oracle Financials Common Modules
    🏒 Vendor: Oracle Corporation
    πŸ“… Updated: 2026-05-28

    πŸ“ Vulnerability in the Oracle Financials Common Modules product of Oracle E-Business Suite (component: Common Components). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low...

    πŸ”— euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  17. 🚨 EUVD-2026-33045

    πŸ“Š Score: 9.9/10 (CVSS v3.1)
    πŸ“¦ Product: Oracle iAssets
    🏒 Vendor: Oracle Corporation
    πŸ“… Updated: 2026-05-28

    πŸ“ Vulnerability in the Oracle iAssets product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network ...

    πŸ”— euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  18. 🚨 EUVD-2026-33046

    πŸ“Š Score: 7.7/10 (CVSS v3.1)
    πŸ“¦ Product: Oracle Public Sector Financials (International)
    🏒 Vendor: Oracle Corporation
    πŸ“… Updated: 2026-05-28

    πŸ“ Vulnerability in the Oracle Public Sector Financials (International) product of Oracle E-Business Suite (component: Authorization). Supported versions that are affected are 12.2.6-12.2.15. Easily exploitabl...

    πŸ”— euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  19. 🚨 EUVD-2026-33047

    πŸ“Š Score: 9.9/10 (CVSS v3.1)
    πŸ“¦ Product: Oracle Universal Work Queue
    🏒 Vendor: Oracle Corporation
    πŸ“… Updated: 2026-05-28

    πŸ“ Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Site Level Administration). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerabilit...

    πŸ”— euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  20. 🚨 EUVD-2026-33048

    πŸ“Š Score: 8.8/10 (CVSS v3.1)
    πŸ“¦ Product: Oracle Payroll
    🏒 Vendor: Oracle Corporation
    πŸ“… Updated: 2026-05-28

    πŸ“ Vulnerability in the Oracle Payroll product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network ...

    πŸ”— euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  21. 🚨 EUVD-2026-33049

    πŸ“Š Score: 8.8/10 (CVSS v3.1)
    πŸ“¦ Product: Oracle Payroll
    🏒 Vendor: Oracle Corporation
    πŸ“… Updated: 2026-05-28

    πŸ“ Vulnerability in the Oracle Payroll product of Oracle E-Business Suite (component: Self Service Manager). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network...

    πŸ”— euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  22. 🚨 EUVD-2026-33050

    πŸ“Š Score: 8.1/10 (CVSS v3.1)
    πŸ“¦ Product: Oracle Payroll
    🏒 Vendor: Oracle Corporation
    πŸ“… Updated: 2026-05-28

    πŸ“ Vulnerability in the Oracle Payroll product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network ...

    πŸ”— euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  23. 🚨 EUVD-2026-33051

    πŸ“Š Score: 7.5/10 (CVSS v3.1)
    πŸ“¦ Product: Oracle REST Data Services
    🏒 Vendor: Oracle Corporation
    πŸ“… Updated: 2026-05-28

    πŸ“ Vulnerability in Oracle REST Data Services (component: Mongoapi). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromi...

    πŸ”— euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  24. 🚨 EUVD-2026-33052

    πŸ“Š Score: 5.3/10 (CVSS v3.1)
    πŸ“¦ Product: Oracle REST Data Services
    🏒 Vendor: Oracle Corporation
    πŸ“… Updated: 2026-05-28

    πŸ“ Vulnerability in Oracle REST Data Services (component: Mongoapi). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromi...

    πŸ”— euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  25. 🚨 EUVD-2026-33013

    πŸ“Š Score: 9.0/10 (CVSS v3.1)
    πŸ“¦ Product: Oracle Database Server
    🏒 Vendor: Oracle Corporation
    πŸ“… Updated: 2026-05-28

    πŸ“ Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compro...

    πŸ”— euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  26. 🚨 EUVD-2026-33015

    πŸ“Š Score: 7.5/10 (CVSS v3.1)
    πŸ“¦ Product: Oracle Database Server
    🏒 Vendor: Oracle Corporation
    πŸ“… Updated: 2026-05-28

    πŸ“ Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromi...

    πŸ”— euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  27. 🚨 EUVD-2026-33014

    πŸ“Š Score: 7.5/10 (CVSS v3.1)
    πŸ“¦ Product: Oracle Database Server
    🏒 Vendor: Oracle Corporation
    πŸ“… Updated: 2026-05-28

    πŸ“ Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromi...

    πŸ”— euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  28. 🟠 CVE-2026-45047 - High (7.5)

    bird-lg-go is a BIRD looking glass in Go. Prior to 1.4.5, the apiHandler (and similarly webHandlerTelegramBot) processes user-provided JSON payloads by directly using json.NewDecoder(r.Body).Decode(&request) without restricting the maximum read si...

    πŸ”— thehackerwire.com/vulnerabilit

    #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  29. UPDATE - I've updated my entry on the status of Ubuntu and CVE-2026-46333. The official Ubuntu security bulletin presents conflicting information, which also conflicts with Canonical's own Luci Stanescu about the subject.

    My recommendation: set `kernel.yama.ptrace_scope` to at least 2 anyway unless you *need* unprivileged users to have ptrace access. Better to be safe than sorry.

    Β Β Β Β 

  30. UPDATE - I've updated my entry on the status of Ubuntu and CVE-2026-46333. The official Ubuntu security bulletin presents conflicting information, which also conflicts with Canonical's own Luci Stanescu about the subject.

    My recommendation: set `kernel.yama.ptrace_scope` to at least 2 anyway unless you *need* unprivileged users to have ptrace access. Better to be safe than sorry.

    #cve #cve_2026_46333 #linux #security #ssh_keysign_pwn

  31. Π‘ΠΎΠ»ΡŒΡˆΠ΅, Ρ‡Π΅ΠΌ просто Π±Π΅Π·ΠΎΠΏΠ°ΡΠ½ΠΎΡΡ‚ΡŒ, ΠΈΠ»ΠΈ Π—Π°Ρ‡Π΅ΠΌ ΠΊΠΎΠ½Ρ‚Ρ€ΠΎΠ»ΠΈΡ€ΠΎΠ²Π°Ρ‚ΡŒ зависимости

    ΠŸΡ€ΠΈΠ²Π΅Ρ‚, Π₯Π°Π±Ρ€! МСня Π·ΠΎΠ²ΡƒΡ‚ Артём Π‘Π΅Ρ€Π΄Π°ΡˆΠΊΠ΅Π²ΠΈΡ‡, Π² Positive Technologies Ρ€ΡƒΠΊΠΎΠ²ΠΎΠΆΡƒ направлСния DevSecOps. БСгодня Ρ…ΠΎΡ‡Ρƒ ΠΏΠΎΠ³ΠΎΠ²ΠΎΡ€ΠΈΡ‚ΡŒ ΠΎ Ρ‚Π΅ΠΌΠ΅, которая с Π³ΠΎΠ΄Π°ΠΌΠΈ становится Ρ‚ΠΎΠ»ΡŒΠΊΠΎ острСС β€” ΠΎ ΠΊΠΎΠ½Ρ‚Ρ€ΠΎΠ»Π΅ зависимостСй ΠΈ ΠΎ Ρ‚ΠΎΠΌ, ΠΏΠΎΡ‡Π΅ΠΌΡƒ ΠΏΡ€ΠΈΠ²Ρ‹Ρ‡Π½Ρ‹Ρ… ΠΏΠΎΠ΄Ρ…ΠΎΠ΄ΠΎΠ² ΠΊ Π½Π΅ΠΌΡƒ ΡƒΠΆΠ΅ катастрофичСски Π½Π΅ Ρ…Π²Π°Ρ‚Π°Π΅Ρ‚. БоврСмСнная Ρ€Π°Π·Ρ€Π°Π±ΠΎΡ‚ΠΊΠ° Π΄Π°Π²Π½ΠΎ ΠΏΡ€Π΅Π²Ρ€Π°Ρ‚ΠΈΠ»Π°ΡΡŒ Π² сборку ΠΈΠ· Π³ΠΎΡ‚ΠΎΠ²Ρ‹Ρ… ΠΊΠΎΠΌΠΏΠΎΠ½Π΅Π½Ρ‚ΠΎΠ², Π³Π΄Π΅ ΠΌΡ‹ ΠΏΠΎΡ‡Ρ‚ΠΈ Π½Π΅ пишСм ΠΊΠΎΠ΄ с нуля, Π° ΠΊΠΎΠΌΠ±ΠΈΠ½ΠΈΡ€ΡƒΠ΅ΠΌ Ρ„Ρ€Π΅ΠΉΠΌΠ²ΠΎΡ€ΠΊΠΈ, Π±ΠΈΠ±Π»ΠΈΠΎΡ‚Π΅ΠΊΠΈ ΠΈ ΠΌΠΎΠ΄ΡƒΠ»ΠΈ с ΠΎΡ‚ΠΊΡ€Ρ‹Ρ‚Ρ‹ΠΌ исходным ΠΊΠΎΠ΄ΠΎΠΌ. Π’Π°ΠΊΠΎΠΉ ΠΏΠΎΠ΄Ρ…ΠΎΠ΄ Ρ€Π°Π΄ΠΈΠΊΠ°Π»ΡŒΠ½ΠΎ ускоряСт Π²Ρ‹Π²ΠΎΠ΄ ΠΏΡ€ΠΎΠ΄ΡƒΠΊΡ‚ΠΎΠ² Π½Π° Ρ€Ρ‹Π½ΠΎΠΊ, Π½ΠΎ Π·Π° ΡΠΊΠΎΡ€ΠΎΡΡ‚ΡŒ приходится ΠΏΠ»Π°Ρ‚ΠΈΡ‚ΡŒ ΠΏΡ€ΠΎΠ·Ρ€Π°Ρ‡Π½ΠΎΡΡ‚ΡŒΡŽ. Команда часто Π½Π΅ Π·Π½Π°Π΅Ρ‚ Ρ‚ΠΎΡ‡Π½Ρ‹ΠΉ состав своСго прилоТСния Π΄ΠΎ Ρ„ΠΈΠ½Π°Π»ΡŒΠ½ΠΎΠΉ сборки. ΠŸΠΎΡ‡Π΅ΠΌΡƒ это стало большой ΠΏΡ€ΠΎΠ±Π»Π΅ΠΌΠΎΠΉ ΠΈ Ρ‡Ρ‚ΠΎ с Π½Π΅ΠΉ Π΄Π΅Π»Π°Ρ‚ΡŒ β€” Ρ‡ΠΈΡ‚Π°ΠΉΡ‚Π΅ ΠΏΠΎΠ΄ ΠΊΠ°Ρ‚ΠΎΠΌ.

    habr.com/ru/companies/pt/artic

    #cybersecurity #devsecops #sca #лСгаси #зависимости #cve #бСзопасная_Ρ€Π°Π·Ρ€Π°Π±ΠΎΡ‚ΠΊΠ° #docker #sandbox #appsec

  32. 🟠 CVE-2026-42735 - High (8.2)

    Authentication Bypass Using an Alternate Path or Channel vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Password Recovery Exploitation.This issue affects KiviCare: from n/a through <= 4.3.0.

    πŸ”— thehackerwire.com/vulnerabilit

    #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  33. 🟠 CVE-2026-42735 - High (8.2)

    Authentication Bypass Using an Alternate Path or Channel vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Password Recovery Exploitation.This issue affects KiviCare: from n/a through <= 4.3.0.

    πŸ”— thehackerwire.com/vulnerabilit

    #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  34. 🟠 CVE-2026-42735 - High (8.2)

    Authentication Bypass Using an Alternate Path or Channel vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Password Recovery Exploitation.This issue affects KiviCare: from n/a through <= 4.3.0.

    πŸ”— thehackerwire.com/vulnerabilit

    #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  35. πŸ”΄ CVE-2026-42755 - Critical (9.3)

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 TableOn posts-table-filterable allows Blind SQL Injection.This issue affects TableOn: from n/a through <= 1.0.5.1.

    πŸ”— thehackerwire.com/vulnerabilit

    #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  36. πŸ”΄ CVE-2026-42755 - Critical (9.3)

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 TableOn posts-table-filterable allows Blind SQL Injection.This issue affects TableOn: from n/a through <= 1.0.5.1.

    πŸ”— thehackerwire.com/vulnerabilit

    #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  37. πŸ”΄ CVE-2026-42755 - Critical (9.3)

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 TableOn posts-table-filterable allows Blind SQL Injection.This issue affects TableOn: from n/a through <= 1.0.5.1.

    πŸ”— thehackerwire.com/vulnerabilit

    #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  38. πŸ”΄ CVE-2026-42748 - Critical (9.9)

    Unrestricted Upload of File with Dangerous Type vulnerability in WPify WPify Woo Czech wpify-woo allows Upload a Web Shell to a Web Server.This issue affects WPify Woo Czech: from n/a through <= 5.4.1.

    πŸ”— thehackerwire.com/vulnerabilit

    #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  39. πŸ”΄ CVE-2026-42748 - Critical (9.9)

    Unrestricted Upload of File with Dangerous Type vulnerability in WPify WPify Woo Czech wpify-woo allows Upload a Web Shell to a Web Server.This issue affects WPify Woo Czech: from n/a through <= 5.4.1.

    πŸ”— thehackerwire.com/vulnerabilit

    #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  40. πŸ”΄ CVE-2026-42748 - Critical (9.9)

    Unrestricted Upload of File with Dangerous Type vulnerability in WPify WPify Woo Czech wpify-woo allows Upload a Web Shell to a Web Server.This issue affects WPify Woo Czech: from n/a through <= 5.4.1.

    πŸ”— thehackerwire.com/vulnerabilit

    #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  41. πŸ” Lambda Watchdog detected that CVE-2026-42264 is no longer present in latest AWS Lambda base image scans. github.com/aws/aws-lambda-base

  42. #OT #Advisory VDE-2026-059
    Helmholz: Multiple vulnerabilities in REX100/REX200/REX250

    Two command injection vulnerabilities have been discovered in Helmholz REX100/REX200/REX250.
    #CVE CVE-2026-40851, CVE-2026-40852

    certvde.com/en/advisories/vde-

    #CSAF helmholz.csaf-tp.certvde.com/.

  43. #OT #Advisory VDE-2026-059
    Helmholz: Multiple vulnerabilities in REX100/REX200/REX250

    Two command injection vulnerabilities have been discovered in Helmholz REX100/REX200/REX250.
    #CVE CVE-2026-40851, CVE-2026-40852

    certvde.com/en/advisories/vde-

    #CSAF helmholz.csaf-tp.certvde.com/.

  44. #OT #Advisory VDE-2026-059
    Helmholz: Multiple vulnerabilities in REX100/REX200/REX250

    Two command injection vulnerabilities have been discovered in Helmholz REX100/REX200/REX250.
    #CVE CVE-2026-40851, CVE-2026-40852

    certvde.com/en/advisories/vde-

    #CSAF helmholz.csaf-tp.certvde.com/.

  45. #OT #Advisory VDE-2026-054
    MB connect line: Multiple vulnerabilities in mbNET/mbNET.rokey/mbNET.mini

    Two command injection vulnerabilities have been discovered in MB connect line mbNET/mbNET.rokey/mbNET.mini.
    #CVE CVE-2026-40851, CVE-2026-40852

    certvde.com/en/advisories/vde-

    #CSAF mbconnectline.csaf-tp.certvde.

  46. #OT #Advisory VDE-2026-054
    MB connect line: Multiple vulnerabilities in mbNET/mbNET.rokey/mbNET.mini

    Two command injection vulnerabilities have been discovered in MB connect line mbNET/mbNET.rokey/mbNET.mini.
    #CVE CVE-2026-40851, CVE-2026-40852

    certvde.com/en/advisories/vde-

    #CSAF mbconnectline.csaf-tp.certvde.

  47. #OT #Advisory VDE-2026-054
    MB connect line: Multiple vulnerabilities in mbNET/mbNET.rokey/mbNET.mini

    Two command injection vulnerabilities have been discovered in MB connect line mbNET/mbNET.rokey/mbNET.mini.
    #CVE CVE-2026-40851, CVE-2026-40852

    certvde.com/en/advisories/vde-

    #CSAF mbconnectline.csaf-tp.certvde.

  48. #OT #Advisory VDE-2026-058
    Helmholz: Multiple SQLi vulnerabilities in myREX24V2/myREX24V2.virtual

    Multiple SQLi vulnerabilities have been discovered in Helmholz myREX24V2/myREX24V2.virtual
    #CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820

    certvde.com/en/advisories/vde-

    #CSAF helmholz.csaf-tp.certvde.com/.

  49. #OT #Advisory VDE-2026-058
    Helmholz: Multiple SQLi vulnerabilities in myREX24V2/myREX24V2.virtual

    Multiple SQLi vulnerabilities have been discovered in Helmholz myREX24V2/myREX24V2.virtual
    #CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820

    certvde.com/en/advisories/vde-

    #CSAF helmholz.csaf-tp.certvde.com/.

  50. #OT #Advisory VDE-2026-058
    Helmholz: Multiple SQLi vulnerabilities in myREX24V2/myREX24V2.virtual

    Multiple SQLi vulnerabilities have been discovered in Helmholz myREX24V2/myREX24V2.virtual
    #CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820

    certvde.com/en/advisories/vde-

    #CSAF helmholz.csaf-tp.certvde.com/.