#offseq — Public Fediverse posts

🚨 CRITICAL: CVE-2026-4408 in Red Hat Enterprise Linux 10 via Samba misconfig enables remote command execution if "check password script" uses %u. Audit your configs now! Details: https://radar.offseq.com/threat/cve-2026-4408-improper-neutralization-of-special-e-ffcecb34 #OffSeq #Linux #Samba #Infosec

🚨 CRITICAL: CVE-2026-4408 in Red Hat Enterprise Linux 10 via Samba misconfig enables remote command execution if "check password script" uses %u. Audit your configs now! Details: https://radar.offseq.com/threat/cve-2026-4408-improper-neutralization-of-special-e-ffcecb34 #OffSeq #Linux #Samba #Infosec

🚨 CRITICAL: CVE-2026-4408 in Red Hat Enterprise Linux 10 via Samba misconfig enables remote command execution if "check password script" uses %u. Audit your configs now! Details: https://radar.offseq.com/threat/cve-2026-4408-improper-neutralization-of-special-e-ffcecb34 #OffSeq #Linux #Samba #Infosec

🚨 CRITICAL: CVE-2026-4408 in Red Hat Enterprise Linux 10 via Samba misconfig enables remote command execution if "check password script" uses %u. Audit your configs now! Details: https://radar.offseq.com/threat/cve-2026-4408-improper-neutralization-of-special-e-ffcecb34 #OffSeq #Linux #Samba #Infosec

CVE-2026-49017: HIGH-severity in OpenStack Swift 2.36.0 & 2.37.0. Infinite loop in s3api lets authenticated attackers exhaust proxy workers → DoS risk. Patch to 2.36.2 or 2.37.2+ now! 🔄 https://radar.offseq.com/threat/cve-2026-49017-cwe-835-loop-with-unreachable-exit--0557d1bf #OffSeq #OpenStack #Vuln #DoS

CVE-2026-49017: HIGH-severity in OpenStack Swift 2.36.0 & 2.37.0. Infinite loop in s3api lets authenticated attackers exhaust proxy workers → DoS risk. Patch to 2.36.2 or 2.37.2+ now! 🔄 https://radar.offseq.com/threat/cve-2026-49017-cwe-835-loop-with-unreachable-exit--0557d1bf #OffSeq #OpenStack #Vuln #DoS

CVE-2026-49017: HIGH-severity in OpenStack Swift 2.36.0 & 2.37.0. Infinite loop in s3api lets authenticated attackers exhaust proxy workers → DoS risk. Patch to 2.36.2 or 2.37.2+ now! 🔄 https://radar.offseq.com/threat/cve-2026-49017-cwe-835-loop-with-unreachable-exit--0557d1bf #OffSeq #OpenStack #Vuln #DoS

CVE-2026-49017: HIGH-severity in OpenStack Swift 2.36.0 & 2.37.0. Infinite loop in s3api lets authenticated attackers exhaust proxy workers → DoS risk. Patch to 2.36.2 or 2.37.2+ now! 🔄 https://radar.offseq.com/threat/cve-2026-49017-cwe-835-loop-with-unreachable-exit--0557d1bf #OffSeq #OpenStack #Vuln #DoS

🚨 CRITICAL: CVE-2026-9312 (SSRF) in GitHub Enterprise Server 3.16.0 – 3.21.0 lets unauth attackers access internal services via crafted uploads. Patch to 3.16.20+ ASAP! Details: https://radar.offseq.com/threat/cve-2026-9312-cwe-918-server-side-request-forgery--b1f49fcb #OffSeq #SSRF #GitHub #Vuln

🚨 CRITICAL: CVE-2026-9312 (SSRF) in GitHub Enterprise Server 3.16.0 – 3.21.0 lets unauth attackers access internal services via crafted uploads. Patch to 3.16.20+ ASAP! Details: https://radar.offseq.com/threat/cve-2026-9312-cwe-918-server-side-request-forgery--b1f49fcb #OffSeq #SSRF #GitHub #Vuln

🚨 CRITICAL: CVE-2026-9312 (SSRF) in GitHub Enterprise Server 3.16.0 – 3.21.0 lets unauth attackers access internal services via crafted uploads. Patch to 3.16.20+ ASAP! Details: https://radar.offseq.com/threat/cve-2026-9312-cwe-918-server-side-request-forgery--b1f49fcb #OffSeq #SSRF #GitHub #Vuln

🚨 CRITICAL: CVE-2026-9312 (SSRF) in GitHub Enterprise Server 3.16.0 – 3.21.0 lets unauth attackers access internal services via crafted uploads. Patch to 3.16.20+ ASAP! Details: https://radar.offseq.com/threat/cve-2026-9312-cwe-918-server-side-request-forgery--b1f49fcb #OffSeq #SSRF #GitHub #Vuln

🚨 CRITICAL: CVE-2026-44895 in yoda-digital mcp-gitlab-server (<0.6.0) allows unauthenticated access to a mutation-capable RPC endpoint, risking full GitLab resource compromise. Upgrade to 0.6.0+ ASAP. https://radar.offseq.com/threat/cve-2026-44895-cwe-306-missing-authentication-for--bc836ac6 #OffSeq #Vuln #GitLab #CVE202644895

🚨 CRITICAL: CVE-2026-44895 in yoda-digital mcp-gitlab-server (<0.6.0) allows unauthenticated access to a mutation-capable RPC endpoint, risking full GitLab resource compromise. Upgrade to 0.6.0+ ASAP. https://radar.offseq.com/threat/cve-2026-44895-cwe-306-missing-authentication-for--bc836ac6 #OffSeq #Vuln #GitLab #CVE202644895

🚨 CRITICAL: CVE-2026-44895 in yoda-digital mcp-gitlab-server (<0.6.0) allows unauthenticated access to a mutation-capable RPC endpoint, risking full GitLab resource compromise. Upgrade to 0.6.0+ ASAP. https://radar.offseq.com/threat/cve-2026-44895-cwe-306-missing-authentication-for--bc836ac6 #OffSeq #Vuln #GitLab #CVE202644895

🚨 CRITICAL: CVE-2026-44895 in yoda-digital mcp-gitlab-server (<0.6.0) allows unauthenticated access to a mutation-capable RPC endpoint, risking full GitLab resource compromise. Upgrade to 0.6.0+ ASAP. https://radar.offseq.com/threat/cve-2026-44895-cwe-306-missing-authentication-for--bc836ac6 #OffSeq #Vuln #GitLab #CVE202644895

⚠️ HIGH severity: CVE-2026-9496 impacts pacote 11.2.7 in cloud-hosted setups. Crafted spec.rawSpec can trigger DoS via CPU exhaustion. Vendor patches are rolling out — verify your service is updated. No active exploitation seen. https://radar.offseq.com/threat/cve-2026-9496-denial-of-service-dos-in-pacote-27dd65a5 #OffSeq #DoS #CloudSec

⚠️ HIGH severity: CVE-2026-9496 impacts pacote 11.2.7 in cloud-hosted setups. Crafted spec.rawSpec can trigger DoS via CPU exhaustion. Vendor patches are rolling out — verify your service is updated. No active exploitation seen. https://radar.offseq.com/threat/cve-2026-9496-denial-of-service-dos-in-pacote-27dd65a5 #OffSeq #DoS #CloudSec

⚠️ HIGH severity: CVE-2026-9496 impacts pacote 11.2.7 in cloud-hosted setups. Crafted spec.rawSpec can trigger DoS via CPU exhaustion. Vendor patches are rolling out — verify your service is updated. No active exploitation seen. https://radar.offseq.com/threat/cve-2026-9496-denial-of-service-dos-in-pacote-27dd65a5 #OffSeq #DoS #CloudSec

⚠️ HIGH severity: CVE-2026-9496 impacts pacote 11.2.7 in cloud-hosted setups. Crafted spec.rawSpec can trigger DoS via CPU exhaustion. Vendor patches are rolling out — verify your service is updated. No active exploitation seen. https://radar.offseq.com/threat/cve-2026-9496-denial-of-service-dos-in-pacote-27dd65a5 #OffSeq #DoS #CloudSec

🚨 CRITICAL: CVE-2026-41090 in Microsoft 365 Copilot for iOS enables remote command injection (CVSS 9.3). Microsoft has patched server-side — verify your service is up to date. More info: https://radar.offseq.com/threat/cve-2026-41090-cwe-77-improper-neutralization-of-s-c8e983a4 #OffSeq #Microsoft #Vuln #InfoSec

STER (Centralny Instytut Ochrony Pracy) faces a HIGH severity SQL Injection (CVE-2026-25606, CVSS 8.7). Authenticated attackers can access sensitive data via search filters. Patch by upgrading to v9.5. 🛡️ https://radar.offseq.com/threat/cve-2026-25606-cwe-89-improper-neutralization-of-s-41b4f04f #OffSeq #SQLInjection #Vuln #Infosec

STER (Centralny Instytut Ochrony Pracy) faces a HIGH severity SQL Injection (CVE-2026-25606, CVSS 8.7). Authenticated attackers can access sensitive data via search filters. Patch by upgrading to v9.5. 🛡️ https://radar.offseq.com/threat/cve-2026-25606-cwe-89-improper-neutralization-of-s-41b4f04f #OffSeq #SQLInjection #Vuln #Infosec

STER (Centralny Instytut Ochrony Pracy) faces a HIGH severity SQL Injection (CVE-2026-25606, CVSS 8.7). Authenticated attackers can access sensitive data via search filters. Patch by upgrading to v9.5. 🛡️ https://radar.offseq.com/threat/cve-2026-25606-cwe-89-improper-neutralization-of-s-41b4f04f #OffSeq #SQLInjection #Vuln #Infosec

STER (Centralny Instytut Ochrony Pracy) faces a HIGH severity SQL Injection (CVE-2026-25606, CVSS 8.7). Authenticated attackers can access sensitive data via search filters. Patch by upgrading to v9.5. 🛡️ https://radar.offseq.com/threat/cve-2026-25606-cwe-89-improper-neutralization-of-s-41b4f04f #OffSeq #SQLInjection #Vuln #Infosec

🚩 HIGH severity: CVE-2026-46473 in Authen::TOTP (<0.1.1, Perl) — secrets generated with rand are predictable, weakening TOTP security. Upgrade to 0.1.1+ when possible. More: https://radar.offseq.com/threat/cve-2026-46473-cwe-331-insufficient-entropy-in-tch-3d3628d8 #OffSeq #Vulnerability #Perl #MFA #CVE202646473

🚨 CRITICAL: Cisco Secure Workload REST API flaw (no CVE) lets remote attackers gain Site Admin access on SaaS & on-prem. Update to 3.10.8.3/4.0.3.17 now. No active exploitation, but patch ASAP! https://radar.offseq.com/threat/cisco-patches-critical-vulnerability-in-secure-wor-43a12a98 #OffSeq #Cisco #Vuln #PatchManagement

🚨 CRITICAL: Cisco Secure Workload REST API flaw (no CVE) lets remote attackers gain Site Admin access on SaaS & on-prem. Update to 3.10.8.3/4.0.3.17 now. No active exploitation, but patch ASAP! https://radar.offseq.com/threat/cisco-patches-critical-vulnerability-in-secure-wor-43a12a98 #OffSeq #Cisco #Vuln #PatchManagement

🚨 CRITICAL: Cisco Secure Workload REST API flaw (no CVE) lets remote attackers gain Site Admin access on SaaS & on-prem. Update to 3.10.8.3/4.0.3.17 now. No active exploitation, but patch ASAP! https://radar.offseq.com/threat/cisco-patches-critical-vulnerability-in-secure-wor-43a12a98 #OffSeq #Cisco #Vuln #PatchManagement

🚨 CRITICAL: Cisco Secure Workload REST API flaw (no CVE) lets remote attackers gain Site Admin access on SaaS & on-prem. Update to 3.10.8.3/4.0.3.17 now. No active exploitation, but patch ASAP! https://radar.offseq.com/threat/cisco-patches-critical-vulnerability-in-secure-wor-43a12a98 #OffSeq #Cisco #Vuln #PatchManagement

🚨 Drupal sites using PostgreSQL face a highly critical SQL injection vuln (CVE-2026-9082), risking RCE & data exposure. Patch versions 11.3, 11.2, 10.6, 10.5.x ASAP. Update Symfony & Twig too. No active exploitation yet. https://radar.offseq.com/threat/drupal-patches-highly-critical-vulnerability-expos-a1486e66 #OffSeq #Drupal #SQLInjection #Infosec

🚨 Drupal sites using PostgreSQL face a highly critical SQL injection vuln (CVE-2026-9082), risking RCE & data exposure. Patch versions 11.3, 11.2, 10.6, 10.5.x ASAP. Update Symfony & Twig too. No active exploitation yet. https://radar.offseq.com/threat/drupal-patches-highly-critical-vulnerability-expos-a1486e66 #OffSeq #Drupal #SQLInjection #Infosec

🚨 Drupal sites using PostgreSQL face a highly critical SQL injection vuln (CVE-2026-9082), risking RCE & data exposure. Patch versions 11.3, 11.2, 10.6, 10.5.x ASAP. Update Symfony & Twig too. No active exploitation yet. https://radar.offseq.com/threat/drupal-patches-highly-critical-vulnerability-expos-a1486e66 #OffSeq #Drupal #SQLInjection #Infosec

🚨 Drupal sites using PostgreSQL face a highly critical SQL injection vuln (CVE-2026-9082), risking RCE & data exposure. Patch versions 11.3, 11.2, 10.6, 10.5.x ASAP. Update Symfony & Twig too. No active exploitation yet. https://radar.offseq.com/threat/drupal-patches-highly-critical-vulnerability-expos-a1486e66 #OffSeq #Drupal #SQLInjection #Infosec

🚨 CVE-2026-8631: Critical heap buffer overflow in HP Linux Imaging & Printing Software (CVSS 9.3). Remote, unauthenticated code execution possible. No patch yet — restrict print service access & monitor jobs. Details: https://radar.offseq.com/threat/cve-2026-8631-cwe-122-heap-based-buffer-overflow-i-d4679b19 #OffSeq #Vulnerability #HP

🔥 CVE-2026-33278: Critical use-after-free in NLnet Labs Unbound (1.19.1 – 1.25.0). DNSSEC validator flaw can lead to DoS or RCE if attacker controls DNS zone. Patch: upgrade to 1.25.1. https://radar.offseq.com/threat/cve-2026-33278-cwe-416-use-after-free-in-nlnet-lab-c0de645d #OffSeq #DNSSEC #Vuln #Infosec

🚨 CRITICAL: CVE-2026-9065 in brainstormforce SureCart <4.2.1 allows authenticated SQL injection via REST API ('/surecart/v1/integrations/{id}'). Exploit bypasses escaping with a dot in payloads — full DB extraction possible. Patch now! https://radar.offseq.com/threat/cve-2026-9065-cwe-89-improper-neutralization-of-sp-8901e797 #OffSeq #SQLInjection #WordPress

🚨 CRITICAL: CVE-2026-9065 in brainstormforce SureCart <4.2.1 allows authenticated SQL injection via REST API ('/surecart/v1/integrations/{id}'). Exploit bypasses escaping with a dot in payloads — full DB extraction possible. Patch now! https://radar.offseq.com/threat/cve-2026-9065-cwe-89-improper-neutralization-of-sp-8901e797 #OffSeq #SQLInjection #WordPress

🚨 CRITICAL: CVE-2026-9065 in brainstormforce SureCart <4.2.1 allows authenticated SQL injection via REST API ('/surecart/v1/integrations/{id}'). Exploit bypasses escaping with a dot in payloads — full DB extraction possible. Patch now! https://radar.offseq.com/threat/cve-2026-9065-cwe-89-improper-neutralization-of-sp-8901e797 #OffSeq #SQLInjection #WordPress

🚨 CRITICAL: CVE-2026-9065 in brainstormforce SureCart <4.2.1 allows authenticated SQL injection via REST API ('/surecart/v1/integrations/{id}'). Exploit bypasses escaping with a dot in payloads — full DB extraction possible. Patch now! https://radar.offseq.com/threat/cve-2026-9065-cwe-89-improper-neutralization-of-sp-8901e797 #OffSeq #SQLInjection #WordPress

⚠️ CRITICAL: kitty terminal <0.47.0 vulnerable to integer overflow (CVE-2026-33642). Malicious escape sequences can cause heap memory corruption — no user action needed. Upgrade to 0.47.0+ now! https://radar.offseq.com/threat/cve-2026-33642-cwe-190-integer-overflow-or-wraparo-3fc58bfe #OffSeq #Vuln #KittyTerminal #Infosec

⚠️ CRITICAL: kitty terminal <0.47.0 vulnerable to integer overflow (CVE-2026-33642). Malicious escape sequences can cause heap memory corruption — no user action needed. Upgrade to 0.47.0+ now! https://radar.offseq.com/threat/cve-2026-33642-cwe-190-integer-overflow-or-wraparo-3fc58bfe #OffSeq #Vuln #KittyTerminal #Infosec

⚠️ CRITICAL: kitty terminal <0.47.0 vulnerable to integer overflow (CVE-2026-33642). Malicious escape sequences can cause heap memory corruption — no user action needed. Upgrade to 0.47.0+ now! https://radar.offseq.com/threat/cve-2026-33642-cwe-190-integer-overflow-or-wraparo-3fc58bfe #OffSeq #Vuln #KittyTerminal #Infosec

⚠️ CRITICAL: kitty terminal <0.47.0 vulnerable to integer overflow (CVE-2026-33642). Malicious escape sequences can cause heap memory corruption — no user action needed. Upgrade to 0.47.0+ now! https://radar.offseq.com/threat/cve-2026-33642-cwe-190-integer-overflow-or-wraparo-3fc58bfe #OffSeq #Vuln #KittyTerminal #Infosec

🚨 CRITICAL: CVE-2026-8838 in AWS Amazon Redshift connector for Python (<2.1.14) allows remote code execution via unsafe eval(). No exploits reported but upgrade ASAP! Full details: https://radar.offseq.com/threat/cve-2026-8838-cwe-94-improper-control-of-generatio-f0b2defe #OffSeq #AWS #Python #Infosec

🚨 CVE-2026-8507 (HIGH): Out-of-bounds write in Crypt::OpenSSL::PKCS12 <=1.94 for Perl. Parsing PKCS12 files with >=1GiB OCTET/BIT STRING may lead to RCE. Patch available for cloud-hosted service — update ASAP. No known exploits. https://radar.offseq.com/threat/cve-2026-8507-cwe-787-out-of-bounds-write-in-jonas-652bf5a8 #OffSeq #Vuln #Perl

MEDIUM severity: CVE-2026-8724 in Dataease 2.10.20 allows SQL injection via SqlparserUtils.transFilter. Exploit requires high-priv user. No patch yet — restrict access & monitor for suspicious queries. More: https://radar.offseq.com/threat/cve-2026-8724-sql-injection-in-dataease-6c315564 #OffSeq #SQLInjection #InfoSec

MEDIUM severity: CVE-2026-8724 in Dataease 2.10.20 allows SQL injection via SqlparserUtils.transFilter. Exploit requires high-priv user. No patch yet — restrict access & monitor for suspicious queries. More: https://radar.offseq.com/threat/cve-2026-8724-sql-injection-in-dataease-6c315564 #OffSeq #SQLInjection #InfoSec

MEDIUM severity: CVE-2026-8724 in Dataease 2.10.20 allows SQL injection via SqlparserUtils.transFilter. Exploit requires high-priv user. No patch yet — restrict access & monitor for suspicious queries. More: https://radar.offseq.com/threat/cve-2026-8724-sql-injection-in-dataease-6c315564 #OffSeq #SQLInjection #InfoSec

MEDIUM severity: CVE-2026-8724 in Dataease 2.10.20 allows SQL injection via SqlparserUtils.transFilter. Exploit requires high-priv user. No patch yet — restrict access & monitor for suspicious queries. More: https://radar.offseq.com/threat/cve-2026-8724-sql-injection-in-dataease-6c315564 #OffSeq #SQLInjection #InfoSec