home.social
Sign in Create account

#vuln — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #vuln, aggregated by home.social.

  1. OffSequence @[email protected] ·

    🚨 CVE-2026-42281: CRITICAL SSRF in MagicMirror² (<2.36.0)! /cors endpoint lets unauthenticated attackers scan internal networks & exfiltrate environment secrets. Upgrade to 2.36.0+ now! radar.offseq.com/threat/cve-20 #OffSeq #SSRF #MagicMirror #Vuln

    #offseq #ssrf #magicmirror #vuln
  2. OffSequence @[email protected] ·

    🚨 CVE-2026-42281: CRITICAL SSRF in MagicMirror² (<2.36.0)! /cors endpoint lets unauthenticated attackers scan internal networks & exfiltrate environment secrets. Upgrade to 2.36.0+ now! radar.offseq.com/threat/cve-20 #OffSeq #SSRF #MagicMirror #Vuln

    #offseq #ssrf #magicmirror #vuln
  3. OffSequence @[email protected] ·

    🚨 CVE-2026-42281: CRITICAL SSRF in MagicMirror² (<2.36.0)! /cors endpoint lets unauthenticated attackers scan internal networks & exfiltrate environment secrets. Upgrade to 2.36.0+ now! radar.offseq.com/threat/cve-20 #OffSeq #SSRF #MagicMirror #Vuln

    #vuln #magicmirror #ssrf #offseq
  4. OffSequence @[email protected] ·

    🚨 CVE-2026-42281: CRITICAL SSRF in MagicMirror² (<2.36.0)! /cors endpoint lets unauthenticated attackers scan internal networks & exfiltrate environment secrets. Upgrade to 2.36.0+ now! radar.offseq.com/threat/cve-20 #OffSeq #SSRF #MagicMirror #Vuln

    #offseq #ssrf #magicmirror #vuln
  5. OffSequence @[email protected] ·

    🔴 CVE-2026-8181: Burst Statistics WP plugin (v3.4.0 – 3.4.1.1) suffers CRITICAL auth bypass. Attackers can impersonate admins using any password — immediate removal advised until a fix is released. Details: radar.offseq.com/threat/cve-20 #OffSeq #WordPress #Vuln

    #offseq #wordpress #vuln
  6. OffSequence @[email protected] ·

    🔴 CVE-2026-8181: Burst Statistics WP plugin (v3.4.0 – 3.4.1.1) suffers CRITICAL auth bypass. Attackers can impersonate admins using any password — immediate removal advised until a fix is released. Details: radar.offseq.com/threat/cve-20 #OffSeq #WordPress #Vuln

    #offseq #wordpress #vuln
  7. OffSequence @[email protected] ·

    🔴 CVE-2026-8181: Burst Statistics WP plugin (v3.4.0 – 3.4.1.1) suffers CRITICAL auth bypass. Attackers can impersonate admins using any password — immediate removal advised until a fix is released. Details: radar.offseq.com/threat/cve-20 #OffSeq #WordPress #Vuln

    #vuln #wordpress #offseq
  8. OffSequence @[email protected] ·

    🔴 CVE-2026-8181: Burst Statistics WP plugin (v3.4.0 – 3.4.1.1) suffers CRITICAL auth bypass. Attackers can impersonate admins using any password — immediate removal advised until a fix is released. Details: radar.offseq.com/threat/cve-20 #OffSeq #WordPress #Vuln

    #offseq #wordpress #vuln
  9. OffSequence @[email protected] ·

    🚨 CRITICAL: CVE-2026-6512 in InfusedWoo Pro (≤5.1.2) lets unauthenticated attackers delete posts, orders, and more on WordPress sites. No patch yet — restrict/disable plugin & monitor vendor advisories. radar.offseq.com/threat/cve-20 #OffSeq #WordPress #Infosec #Vuln

    #offseq #wordpress #infosec #vuln
  10. OffSequence @[email protected] ·

    🚨 CRITICAL: CVE-2026-6512 in InfusedWoo Pro (≤5.1.2) lets unauthenticated attackers delete posts, orders, and more on WordPress sites. No patch yet — restrict/disable plugin & monitor vendor advisories. radar.offseq.com/threat/cve-20 #OffSeq #WordPress #Infosec #Vuln

    #offseq #wordpress #infosec #vuln
  11. OffSequence @[email protected] ·

    🚨 CRITICAL: CVE-2026-6512 in InfusedWoo Pro (≤5.1.2) lets unauthenticated attackers delete posts, orders, and more on WordPress sites. No patch yet — restrict/disable plugin & monitor vendor advisories. radar.offseq.com/threat/cve-20 #OffSeq #WordPress #Infosec #Vuln

    #vuln #infosec #wordpress #offseq
  12. OffSequence @[email protected] ·

    🚨 CRITICAL: CVE-2026-6512 in InfusedWoo Pro (≤5.1.2) lets unauthenticated attackers delete posts, orders, and more on WordPress sites. No patch yet — restrict/disable plugin & monitor vendor advisories. radar.offseq.com/threat/cve-20 #OffSeq #WordPress #Infosec #Vuln

    #offseq #wordpress #infosec #vuln
  13. OffSequence @[email protected] ·

    🚨 CVE-2026-6510 (CRITICAL, CVSS 9.8) in InfusedWoo Pro ≤5.1.2: Missing authorization in iwar_save_recipe() lets attackers escalate privileges & gain admin access via crafted URLs. No patch yet — restrict/disable plugin. radar.offseq.com/threat/cve-20 #OffSeq #WordPress #Vuln

    #offseq #wordpress #vuln
  14. OffSequence @[email protected] ·

    🚨 CVE-2026-6510 (CRITICAL, CVSS 9.8) in InfusedWoo Pro ≤5.1.2: Missing authorization in iwar_save_recipe() lets attackers escalate privileges & gain admin access via crafted URLs. No patch yet — restrict/disable plugin. radar.offseq.com/threat/cve-20 #OffSeq #WordPress #Vuln

    #offseq #wordpress #vuln
  15. OffSequence @[email protected] ·

    🚨 CVE-2026-6510 (CRITICAL, CVSS 9.8) in InfusedWoo Pro ≤5.1.2: Missing authorization in iwar_save_recipe() lets attackers escalate privileges & gain admin access via crafted URLs. No patch yet — restrict/disable plugin. radar.offseq.com/threat/cve-20 #OffSeq #WordPress #Vuln

    #vuln #wordpress #offseq
  16. OffSequence @[email protected] ·

    🚨 CVE-2026-6510 (CRITICAL, CVSS 9.8) in InfusedWoo Pro ≤5.1.2: Missing authorization in iwar_save_recipe() lets attackers escalate privileges & gain admin access via crafted URLs. No patch yet — restrict/disable plugin. radar.offseq.com/threat/cve-20 #OffSeq #WordPress #Vuln

    #offseq #wordpress #vuln
  17. OffSequence @[email protected] ·

    🚨 CVE-2026-6510: InfusedWoo Pro ≤5.1.2 has a CRITICAL vuln (CVSS 9.8). Missing auth checks in iwar_save_recipe() lets attackers bypass auth & escalate to admin. No patch yet — disable plugin or restrict access now! radar.offseq.com/threat/cve-20 #OffSeq #WordPress #Vuln #CVE20266510

    #offseq #wordpress #vuln #cve20266510
  18. OffSequence @[email protected] ·

    🚨 CVE-2026-6510: InfusedWoo Pro ≤5.1.2 has a CRITICAL vuln (CVSS 9.8). Missing auth checks in iwar_save_recipe() lets attackers bypass auth & escalate to admin. No patch yet — disable plugin or restrict access now! radar.offseq.com/threat/cve-20 #OffSeq #WordPress #Vuln #CVE20266510

    #offseq #wordpress #vuln #cve20266510
  19. OffSequence @[email protected] ·

    🚨 CVE-2026-6510: InfusedWoo Pro ≤5.1.2 has a CRITICAL vuln (CVSS 9.8). Missing auth checks in iwar_save_recipe() lets attackers bypass auth & escalate to admin. No patch yet — disable plugin or restrict access now! radar.offseq.com/threat/cve-20 #OffSeq #WordPress #Vuln #CVE20266510

    #cve20266510 #vuln #wordpress #offseq
  20. OffSequence @[email protected] ·

    🚨 CVE-2026-6510: InfusedWoo Pro ≤5.1.2 has a CRITICAL vuln (CVSS 9.8). Missing auth checks in iwar_save_recipe() lets attackers bypass auth & escalate to admin. No patch yet — disable plugin or restrict access now! radar.offseq.com/threat/cve-20 #OffSeq #WordPress #Vuln #CVE20266510

    #offseq #wordpress #vuln #cve20266510
  21. OffSequence @[email protected] ·

    ⚠️ CRITICAL: OPNsense core < 26.1.7 vulnerable to argument injection (CVE-2026-44193). Remote code execution possible via XMLRPC method. Update to 26.1.7+ now! radar.offseq.com/threat/cve-20 #OffSeq #OPNsense #Vuln #RCE

    #offseq #opnsense #vuln #rce
  22. OffSequence @[email protected] ·

    ⚠️ CRITICAL: OPNsense core < 26.1.7 vulnerable to argument injection (CVE-2026-44193). Remote code execution possible via XMLRPC method. Update to 26.1.7+ now! radar.offseq.com/threat/cve-20 #OffSeq #OPNsense #Vuln #RCE

    #offseq #opnsense #vuln #rce
  23. OffSequence @[email protected] ·

    ⚠️ CRITICAL: OPNsense core < 26.1.7 vulnerable to argument injection (CVE-2026-44193). Remote code execution possible via XMLRPC method. Update to 26.1.7+ now! radar.offseq.com/threat/cve-20 #OffSeq #OPNsense #Vuln #RCE

    #rce #vuln #opnsense #offseq
  24. OffSequence @[email protected] ·

    ⚠️ CRITICAL: OPNsense core < 26.1.7 vulnerable to argument injection (CVE-2026-44193). Remote code execution possible via XMLRPC method. Update to 26.1.7+ now! radar.offseq.com/threat/cve-20 #OffSeq #OPNsense #Vuln #RCE

    #offseq #opnsense #vuln #rce
  25. OffSequence @[email protected] ·

    🚨 CVE-2026-44194 (CVSS 9.1): OPNsense core <26.1.8 is vulnerable to OS command injection via sync_user.php. Authenticated users with user-management rights can gain root. Update to 26.1.8 ASAP. radar.offseq.com/threat/cve-20 #OffSeq #OPNsense #Vuln #BlueTeam

    #offseq #opnsense #vuln #blueteam
  26. OffSequence @[email protected] ·

    🚨 CVE-2026-44194 (CVSS 9.1): OPNsense core <26.1.8 is vulnerable to OS command injection via sync_user.php. Authenticated users with user-management rights can gain root. Update to 26.1.8 ASAP. radar.offseq.com/threat/cve-20 #OffSeq #OPNsense #Vuln #BlueTeam

    #offseq #opnsense #vuln #blueteam
  27. OffSequence @[email protected] ·

    🚨 CVE-2026-44194 (CVSS 9.1): OPNsense core <26.1.8 is vulnerable to OS command injection via sync_user.php. Authenticated users with user-management rights can gain root. Update to 26.1.8 ASAP. radar.offseq.com/threat/cve-20 #OffSeq #OPNsense #Vuln #BlueTeam

    #blueteam #vuln #opnsense #offseq
  28. OffSequence @[email protected] ·

    🚨 CVE-2026-44194 (CVSS 9.1): OPNsense core <26.1.8 is vulnerable to OS command injection via sync_user.php. Authenticated users with user-management rights can gain root. Update to 26.1.8 ASAP. radar.offseq.com/threat/cve-20 #OffSeq #OPNsense #Vuln #BlueTeam

    #offseq #opnsense #vuln #blueteam
  29. OffSequence @[email protected] ·

    🚨 CRITICAL: OPNsense core < 26.1.8 has CVE-2026-45158 — command injection in DHCP config allows root RCE. Upgrade to 26.1.8+ now to prevent full system compromise. Details: radar.offseq.com/threat/cve-20 #OffSeq #OPNsense #Vuln #Cybersecurity

    #offseq #opnsense #vuln #cybersecurity
  30. OffSequence @[email protected] ·

    🚨 CRITICAL: OPNsense core < 26.1.8 has CVE-2026-45158 — command injection in DHCP config allows root RCE. Upgrade to 26.1.8+ now to prevent full system compromise. Details: radar.offseq.com/threat/cve-20 #OffSeq #OPNsense #Vuln #Cybersecurity

    #offseq #opnsense #vuln #cybersecurity
  31. OffSequence @[email protected] ·

    🚨 CRITICAL: OPNsense core < 26.1.8 has CVE-2026-45158 — command injection in DHCP config allows root RCE. Upgrade to 26.1.8+ now to prevent full system compromise. Details: radar.offseq.com/threat/cve-20 #OffSeq #OPNsense #Vuln #Cybersecurity

    #cybersecurity #vuln #opnsense #offseq
  32. OffSequence @[email protected] ·

    🚨 CRITICAL: OPNsense core < 26.1.8 has CVE-2026-45158 — command injection in DHCP config allows root RCE. Upgrade to 26.1.8+ now to prevent full system compromise. Details: radar.offseq.com/threat/cve-20 #OffSeq #OPNsense #Vuln #Cybersecurity

    #offseq #opnsense #vuln #cybersecurity
  33. OffSequence @[email protected] ·

    🚨 CRITICAL: CVE-2026-45714 in CubeCart < 6.7.0 enables authenticated admins to execute OS commands via SSTI (Smarty engine) — full RCE risk. Patch to 6.7.0+ ASAP! radar.offseq.com/threat/cve-20 #OffSeq #CubeCart #SSTI #RCE #Vuln

    #offseq #cubecart #ssti #rce #vuln
  34. OffSequence @[email protected] ·

    🚨 CRITICAL: CVE-2026-45714 in CubeCart < 6.7.0 enables authenticated admins to execute OS commands via SSTI (Smarty engine) — full RCE risk. Patch to 6.7.0+ ASAP! radar.offseq.com/threat/cve-20 #OffSeq #CubeCart #SSTI #RCE #Vuln

    #offseq #cubecart #ssti #rce #vuln
  35. OffSequence @[email protected] ·

    🚨 CRITICAL: CVE-2026-45714 in CubeCart < 6.7.0 enables authenticated admins to execute OS commands via SSTI (Smarty engine) — full RCE risk. Patch to 6.7.0+ ASAP! radar.offseq.com/threat/cve-20 #OffSeq #CubeCart #SSTI #RCE #Vuln

    #vuln #rce #ssti #cubecart #offseq
  36. OffSequence @[email protected] ·

    🚨 CRITICAL: CVE-2026-45714 in CubeCart < 6.7.0 enables authenticated admins to execute OS commands via SSTI (Smarty engine) — full RCE risk. Patch to 6.7.0+ ASAP! radar.offseq.com/threat/cve-20 #OffSeq #CubeCart #SSTI #RCE #Vuln

    #offseq #cubecart #ssti #rce #vuln
  37. OffSequence @[email protected] ·

    🚨 CRITICAL vuln: ERPNext <16.9.1 (CVE-2026-44442) lets users with limited rights modify data due to missing authorization. Update ASAP to 16.9.1+ to fix. No known exploits yet. Details: radar.offseq.com/threat/cve-20 #OffSeq #ERPNext #Vuln #AppSec

    #offseq #erpnext #vuln #appsec
  38. OffSequence @[email protected] ·

    🚨 CRITICAL vuln: ERPNext <16.9.1 (CVE-2026-44442) lets users with limited rights modify data due to missing authorization. Update ASAP to 16.9.1+ to fix. No known exploits yet. Details: radar.offseq.com/threat/cve-20 #OffSeq #ERPNext #Vuln #AppSec

    #offseq #erpnext #vuln #appsec
  39. OffSequence @[email protected] ·

    🚨 CRITICAL vuln: ERPNext <16.9.1 (CVE-2026-44442) lets users with limited rights modify data due to missing authorization. Update ASAP to 16.9.1+ to fix. No known exploits yet. Details: radar.offseq.com/threat/cve-20 #OffSeq #ERPNext #Vuln #AppSec

    #appsec #vuln #erpnext #offseq
  40. OffSequence @[email protected] ·

    🚨 CRITICAL vuln: ERPNext <16.9.1 (CVE-2026-44442) lets users with limited rights modify data due to missing authorization. Update ASAP to 16.9.1+ to fix. No known exploits yet. Details: radar.offseq.com/threat/cve-20 #OffSeq #ERPNext #Vuln #AppSec

    #offseq #erpnext #vuln #appsec
  41. OffSequence @[email protected] ·

    🚩 CRITICAL: CVE-2026-6722 in PHP SOAP (8.2 – 8.5) allows unauthenticated RCE via use-after-free. No patch confirmed — restrict SOAP access or disable if not needed. Details: radar.offseq.com/threat/cve-20 #OffSeq #PHP #Vuln #RCE #InfoSec

    #offseq #php #vuln #rce #infosec
  42. OffSequence @[email protected] ·

    🚨 CVE-2026-42193 (CVSS 9.1, CRITICAL): useplunk plunk < 0.9.0 fails to verify SNS signatures at /webhooks/sns, allowing spoofed webhook attacks. Patched in 0.9.0 — verify your version & check vendor advisory. radar.offseq.com/threat/cve-20 #OffSeq #Vuln #EmailSecurity #CVE202642193

    #offseq #vuln #emailsecurity #cve202642193
  43. OffSequence @[email protected] ·

    🚨 CVE-2026-42193 (CVSS 9.1, CRITICAL): useplunk plunk < 0.9.0 fails to verify SNS signatures at /webhooks/sns, allowing spoofed webhook attacks. Patched in 0.9.0 — verify your version & check vendor advisory. radar.offseq.com/threat/cve-20 #OffSeq #Vuln #EmailSecurity #CVE202642193

    #offseq #vuln #emailsecurity #cve202642193
  44. OffSequence @[email protected] ·

    🚨 CVE-2026-42193 (CVSS 9.1, CRITICAL): useplunk plunk < 0.9.0 fails to verify SNS signatures at /webhooks/sns, allowing spoofed webhook attacks. Patched in 0.9.0 — verify your version & check vendor advisory. radar.offseq.com/threat/cve-20 #OffSeq #Vuln #EmailSecurity #CVE202642193

    #cve202642193 #emailsecurity #vuln #offseq
  45. OffSequence @[email protected] ·

    🚨 CVE-2026-42193 (CVSS 9.1, CRITICAL): useplunk plunk < 0.9.0 fails to verify SNS signatures at /webhooks/sns, allowing spoofed webhook attacks. Patched in 0.9.0 — verify your version & check vendor advisory. radar.offseq.com/threat/cve-20 #OffSeq #Vuln #EmailSecurity #CVE202642193

    #offseq #vuln #emailsecurity #cve202642193
  46. :mastodon: decio @[email protected] ·

    Rien ne dit “bon week-end” comme trois CVE cPanel annoncées un vendredi, avec les détails techniques livrés pile au moment du patch -->c’est-à-dire à 18h, l’heure sacrée de l’apéro.

    Santé aux admins qui vont lancer /scripts/upcp avec une main sur le clavier et l’autre sur le verre.
    👇
    " To help protect customers prior to patch availability, technical details about vulnerabilities will be released alongside the patches. Full technical details will be published on our support page at the same time the patch is released. The CVE IDs are CVE-2026-29201, CVE-2026-29202, and CVE-2026-29203.

    Patch & Affected Versions
    The patch will be available on May 08 at 12:00pm EST and will be distributed through the standard cPanel automatic update process and through the manual update process. We strongly recommend performing a manual update with /scripts/upcp once the patch is made available.     "
    👇
    reddit.com/r/cpanel/comments/1

    #CpanelVulnerability #cpanel #CyberVeille #vuln #infosec

    #cpanelvulnerability #cpanel #cyberveille #vuln #infosec
  47. OffSequence @[email protected] ·

    🚨 CVE-2026-42826 (CRITICAL, CVSS 10.0) in Azure DevOps exposes sensitive data to unauthorized actors remotely. Microsoft has released a fix — ensure your environment is fully updated. More info: radar.offseq.com/threat/cve-20 #OffSeq #AzureDevOps #Vuln #InfoSec

    #offseq #azuredevops #vuln #infosec
  48. OffSequence @[email protected] ·

    🚨 CVE-2026-42826 (CRITICAL, CVSS 10.0) in Azure DevOps exposes sensitive data to unauthorized actors remotely. Microsoft has released a fix — ensure your environment is fully updated. More info: radar.offseq.com/threat/cve-20 #OffSeq #AzureDevOps #Vuln #InfoSec

    #offseq #azuredevops #vuln #infosec
  49. OffSequence @[email protected] ·

    🚨 CVE-2026-42826 (CRITICAL, CVSS 10.0) in Azure DevOps exposes sensitive data to unauthorized actors remotely. Microsoft has released a fix — ensure your environment is fully updated. More info: radar.offseq.com/threat/cve-20 #OffSeq #AzureDevOps #Vuln #InfoSec

    #infosec #vuln #azuredevops #offseq
  50. OffSequence @[email protected] ·

    🚨 CVE-2026-42826 (CRITICAL, CVSS 10.0) in Azure DevOps exposes sensitive data to unauthorized actors remotely. Microsoft has released a fix — ensure your environment is fully updated. More info: radar.offseq.com/threat/cve-20 #OffSeq #AzureDevOps #Vuln #InfoSec

    #offseq #azuredevops #vuln #infosec