24h | 7d | 30d

CVE-2026-7470

Overview

  • Tenda
  • 4G300
30 Apr 2026
Published
30 Apr 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
Pending
KEV

Description

A flaw has been found in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. Affected is the function sub_427C3C of the file /goform/SafeMacFilter. This manipulation of the argument page causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.

Statistics

  • 1 Post
Last activity: 7 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

⚠️ CVE-2026-7470: HIGH severity stack buffer overflow in Tenda 4G300 (US_4G300V1.0Mt_V1.01.42_CN_TDC01). Exploit public, no patch yet. Restrict access & monitor for activity. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 7h ago

CVE-2026-4412

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
Last activity: 1 hour ago

Bluesky

Profile picture fallback
NEWSTECNICAS | Tecnología , IA y Gaming @newstecnicas.info.ve
⚠️ #Vulnerabilidad 'Ghost-Print' (CVE-2026-4412): Fallo en la cola de impresión de #Windows que afecta a #redes corporativas (+MITIGACIÓN) www.newstecnicas.info.ve/2026/04/vuln...
  • 0
  • 0
  • 0
  • 1h ago

CVE-2025-20333

Overview

  • Cisco
  • Cisco Secure Firewall Adaptive Security Appliance (ASA) Software
25 Sep 2025
Published
26 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.9)
EPSS
24.78%
KEV

Description

A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper validation of user-supplied input in HTTP(S) requests. An attacker with valid VPN user credentials could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as root, possibly resulting in the complete compromise of the affected device.

Statistics

  • 2 Posts
Last activity: 16 hours ago

Bluesky

Profile picture fallback
キタきつね @kitafox.bsky.social
Cisco Secure Firewall ASAおよびCisco Secure FTDの脆弱性について (CVE-2025-20333等) #IPA (Apr 27) www.ipa.go.jp/security/sec...
  • 0
  • 0
  • 0
  • 16h ago
Profile picture fallback
キタきつね @kitafox.bsky.social
Cisco ASAおよびFTDにおける複数の脆弱性(CVE-2025-20333、CVE-2025-20362)に関する注意喚起 #JPCERTCC (Apr 27) www.jpcert.or.jp/at/2025/at25...
  • 0
  • 0
  • 0
  • 16h ago

CVE-2026-1659

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
Last activity: 19 hours ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
You can copy my openSUSE script for CVE-2026-1659. It works today. But next month? Next CVE? You'll be guessing again. Read more -> tinyurl.com/mnm844br #openSUSE
  • 0
  • 0
  • 0
  • 19h ago

CVE-2026-1643

Overview

  • ariagle
  • MP-Ukagaka
07 Feb 2026
Published
08 Apr 2026
Updated
CVSS v3.1
MEDIUM (6.1)
EPSS
0.05%
KEV

Description

The MP-Ukagaka plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Statistics

  • 1 Post
Last activity: 22 hours ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
You patched CVE-2026-1643? Good. Next month’s zero day won’t wait for an update -> tinyurl.com/2zvcj36z #openSUSE ->
  • 0
  • 0
  • 0
  • 22h ago

CVE-2026-0740

Overview

  • SaturdayDrive
  • Ninja Forms - File Uploads
07 Apr 2026
Published
08 Apr 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.09%
KEV

Description

The Ninja Forms - File Uploads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'NF_FU_AJAX_Controllers_Uploads::handle_upload' function in all versions up to, and including, 3.3.26. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. Note: The vulnerability was partially patched in version 3.3.25 and fully patched in version 3.3.27.

Statistics

  • 1 Post
Last activity: 20 hours ago

Fediverse

Profile picture fallback
Torsten Landsiedel @Zodiac1978

If you use Ninja Forms File Uploads in a version lower than 3.3.28, update IMMEDIATELY and check your website for malware!

CVE score 9.8 🚨
tenable.com/cve/CVE-2026-0740

  • 0
  • 0
  • 0
  • 20h ago

CVE-2026-40321

Overview

  • dnnsoftware
  • Dnn.Platform
17 Apr 2026
Published
22 Apr 2026
Updated
CVSS v3.1
HIGH (8.1)
EPSS
0.04%
KEV

Description

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.2.2, a user could upload a specially crafted SVG file that could include scripts that can target both authenticated and unauthenticated DNN users. The impact is increased if the scripts are run by a power user. Version 10.2.2 patches the issue.

Statistics

  • 1 Post
Last activity: 1 hour ago

Fediverse

Profile picture fallback
pentest-tools.com @pentesttools

CVE-2026-40321: stored XSS in DNN (DotNetNuke) prior to v10.2.2 chains to full RCE.

Any authenticated user can upload a crafted SVG with embedded JavaScript. If a power user opens it, the payload calls DNN's own config endpoint to drop an ASPX backdoor in the server root.

One file. One click. Full RCE. CVSS 8.1, patched, fully documented.

Write-up + PoC payloads: pentest-tools.com/blog/dotnetn

More research from our team: pentest-tools.com/research

  • 0
  • 0
  • 0
  • 1h ago

CVE-2026-25262

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
Last activity: 20 hours ago

Fediverse

Profile picture fallback
ari @ari

ooo its vulnerable to CVE-2026-25262

  • 0
  • 0
  • 0
  • 20h ago

CVE-2026-42523

Overview

  • Jenkins Project
  • Jenkins GitHub Plugin
29 Apr 2026
Published
29 Apr 2026
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

Jenkins GitHub Plugin 1.46.0 and earlier improperly processes the current job URL as part of JavaScript implementing validation of the feature "GitHub hook trigger for GITScm polling", resulting in a stored cross-site scripting (XSS) vulnerability exploitable by non-anonymous attackers with Overall/Read permission.

Statistics

  • 1 Post
Last activity: 9 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🚨 CRITICAL: Jenkins GitHub Plugin ≤1.46.0 has a stored XSS (CVE-2026-42523). Attackers with Overall/Read permission can run JS in users' browsers. Limit permissions & check vendor for patches. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 9h ago

CVE-2026-25710

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 2 Posts
Last activity: 20 hours ago

Bluesky

Profile picture fallback
Christine Hall @brideoflinux.bsky.social
The SUSE team finds security issues in Plasma's Login Manager and explain them here: plasma-login-manager: Weaknesses in plasmaloginauthhelper (CVE-2026-25710) buff.ly/r1Ys9k6
  • 0
  • 0
  • 1
  • 20h ago
Showing 21 to 30 of 45 CVEs